diff --git a/deps/openssl/config/archs/BSD-x86/asm/configdata.pm b/deps/openssl/config/archs/BSD-x86/asm/configdata.pm index f7f8b5656dfcbc..667d9eb6c472cd 100644 --- a/deps/openssl/config/archs/BSD-x86/asm/configdata.pm +++ b/deps/openssl/config/archs/BSD-x86/asm/configdata.pm @@ -156,7 +156,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -203,7 +203,7 @@ our %config = ( "openssl_sys_defines" => [], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -255,11 +255,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned int", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "BSD-x86", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "ar", @@ -1596,6 +1596,7 @@ our %unified_info = ( "OPENSSL_IA32_SSE2", "PADLOCK_ASM", "POLY1305_ASM", + "RC4_ASM", "RMD160_ASM", "SHA1_ASM", "SHA256_ASM", @@ -1643,7 +1644,8 @@ our %unified_info = ( "VPAES_ASM" ], "providers/liblegacy.a" => [ - "MD5_ASM" + "MD5_ASM", + "RC4_ASM" ], "test/provider_internal_test" => [ "PROVIDER_INIT_FUNCTION_NAME=p_test_init" diff --git a/deps/openssl/config/archs/BSD-x86/asm/crypto/buildinf.h b/deps/openssl/config/archs/BSD-x86/asm/crypto/buildinf.h index a5c1149cf4ef69..c83c080bcb3ade 100644 --- a/deps/openssl/config/archs/BSD-x86/asm/crypto/buildinf.h +++ b/deps/openssl/config/archs/BSD-x86/asm/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: BSD-x86" -#define DATE "built on: Fri Jun 9 11:58:46 2023 UTC" +#define DATE "built on: Sun Aug 6 00:25:19 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/BSD-x86/asm/include/openssl/opensslv.h b/deps/openssl/config/archs/BSD-x86/asm/include/openssl/opensslv.h index 1b938a927c7d59..06ba6600ff29ce 100644 --- a/deps/openssl/config/archs/BSD-x86/asm/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/BSD-x86/asm/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/BSD-x86/asm/openssl-cl.gypi b/deps/openssl/config/archs/BSD-x86/asm/openssl-cl.gypi index aa119eb5fd57c9..4380305593acd1 100644 --- a/deps/openssl/config/archs/BSD-x86/asm/openssl-cl.gypi +++ b/deps/openssl/config/archs/BSD-x86/asm/openssl-cl.gypi @@ -17,6 +17,7 @@ 'OPENSSL_IA32_SSE2', 'PADLOCK_ASM', 'POLY1305_ASM', + 'RC4_ASM', 'RMD160_ASM', 'SHA1_ASM', 'SHA256_ASM', diff --git a/deps/openssl/config/archs/BSD-x86/asm/openssl.gypi b/deps/openssl/config/archs/BSD-x86/asm/openssl.gypi index 2a4a7ba93b93d2..c984f3e0f752ca 100644 --- a/deps/openssl/config/archs/BSD-x86/asm/openssl.gypi +++ b/deps/openssl/config/archs/BSD-x86/asm/openssl.gypi @@ -993,6 +993,7 @@ 'OPENSSL_IA32_SSE2', 'PADLOCK_ASM', 'POLY1305_ASM', + 'RC4_ASM', 'RMD160_ASM', 'SHA1_ASM', 'SHA256_ASM', diff --git a/deps/openssl/config/archs/BSD-x86/asm_avx2/configdata.pm b/deps/openssl/config/archs/BSD-x86/asm_avx2/configdata.pm index fe8c42f5c72614..d21a502b43b514 100644 --- a/deps/openssl/config/archs/BSD-x86/asm_avx2/configdata.pm +++ b/deps/openssl/config/archs/BSD-x86/asm_avx2/configdata.pm @@ -156,7 +156,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -203,7 +203,7 @@ our %config = ( "openssl_sys_defines" => [], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -255,11 +255,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned int", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "BSD-x86", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "ar", @@ -1596,6 +1596,7 @@ our %unified_info = ( "OPENSSL_IA32_SSE2", "PADLOCK_ASM", "POLY1305_ASM", + "RC4_ASM", "RMD160_ASM", "SHA1_ASM", "SHA256_ASM", @@ -1643,7 +1644,8 @@ our %unified_info = ( "VPAES_ASM" ], "providers/liblegacy.a" => [ - "MD5_ASM" + "MD5_ASM", + "RC4_ASM" ], "test/provider_internal_test" => [ "PROVIDER_INIT_FUNCTION_NAME=p_test_init" diff --git a/deps/openssl/config/archs/BSD-x86/asm_avx2/crypto/buildinf.h b/deps/openssl/config/archs/BSD-x86/asm_avx2/crypto/buildinf.h index bacd1f1db009eb..b3e839decc98ce 100644 --- a/deps/openssl/config/archs/BSD-x86/asm_avx2/crypto/buildinf.h +++ b/deps/openssl/config/archs/BSD-x86/asm_avx2/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: BSD-x86" -#define DATE "built on: Fri Jun 9 11:59:07 2023 UTC" +#define DATE "built on: Sun Aug 6 00:25:40 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/BSD-x86/asm_avx2/include/openssl/opensslv.h b/deps/openssl/config/archs/BSD-x86/asm_avx2/include/openssl/opensslv.h index 1b938a927c7d59..06ba6600ff29ce 100644 --- a/deps/openssl/config/archs/BSD-x86/asm_avx2/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/BSD-x86/asm_avx2/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/BSD-x86/asm_avx2/openssl-cl.gypi b/deps/openssl/config/archs/BSD-x86/asm_avx2/openssl-cl.gypi index 806e39e55f9863..dc324536e46ce0 100644 --- a/deps/openssl/config/archs/BSD-x86/asm_avx2/openssl-cl.gypi +++ b/deps/openssl/config/archs/BSD-x86/asm_avx2/openssl-cl.gypi @@ -17,6 +17,7 @@ 'OPENSSL_IA32_SSE2', 'PADLOCK_ASM', 'POLY1305_ASM', + 'RC4_ASM', 'RMD160_ASM', 'SHA1_ASM', 'SHA256_ASM', diff --git a/deps/openssl/config/archs/BSD-x86/asm_avx2/openssl.gypi b/deps/openssl/config/archs/BSD-x86/asm_avx2/openssl.gypi index f4392fdfa2727d..60512e2b588cfc 100644 --- a/deps/openssl/config/archs/BSD-x86/asm_avx2/openssl.gypi +++ b/deps/openssl/config/archs/BSD-x86/asm_avx2/openssl.gypi @@ -993,6 +993,7 @@ 'OPENSSL_IA32_SSE2', 'PADLOCK_ASM', 'POLY1305_ASM', + 'RC4_ASM', 'RMD160_ASM', 'SHA1_ASM', 'SHA256_ASM', diff --git a/deps/openssl/config/archs/BSD-x86/no-asm/configdata.pm b/deps/openssl/config/archs/BSD-x86/no-asm/configdata.pm index f304aeafc1f071..df06e22c5669e8 100644 --- a/deps/openssl/config/archs/BSD-x86/no-asm/configdata.pm +++ b/deps/openssl/config/archs/BSD-x86/no-asm/configdata.pm @@ -154,7 +154,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -202,7 +202,7 @@ our %config = ( "openssl_sys_defines" => [], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-asm no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -255,11 +255,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned int", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "BSD-x86", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "ar", diff --git a/deps/openssl/config/archs/BSD-x86/no-asm/crypto/buildinf.h b/deps/openssl/config/archs/BSD-x86/no-asm/crypto/buildinf.h index 0385ea99f117a7..0b2dc3af6c4db6 100644 --- a/deps/openssl/config/archs/BSD-x86/no-asm/crypto/buildinf.h +++ b/deps/openssl/config/archs/BSD-x86/no-asm/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: BSD-x86" -#define DATE "built on: Fri Jun 9 11:59:26 2023 UTC" +#define DATE "built on: Sun Aug 6 00:26:00 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/BSD-x86/no-asm/include/openssl/opensslv.h b/deps/openssl/config/archs/BSD-x86/no-asm/include/openssl/opensslv.h index 1b938a927c7d59..06ba6600ff29ce 100644 --- a/deps/openssl/config/archs/BSD-x86/no-asm/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/BSD-x86/no-asm/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/BSD-x86_64/asm/configdata.pm b/deps/openssl/config/archs/BSD-x86_64/asm/configdata.pm index 94053117f2bca1..f3476682006a8a 100644 --- a/deps/openssl/config/archs/BSD-x86_64/asm/configdata.pm +++ b/deps/openssl/config/archs/BSD-x86_64/asm/configdata.pm @@ -156,7 +156,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -203,7 +203,7 @@ our %config = ( "openssl_sys_defines" => [], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -255,11 +255,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned int", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "BSD-x86_64", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "ar", @@ -1598,6 +1598,7 @@ our %unified_info = ( "OPENSSL_IA32_SSE2", "PADLOCK_ASM", "POLY1305_ASM", + "RC4_ASM", "SHA1_ASM", "SHA256_ASM", "SHA512_ASM", @@ -1649,7 +1650,8 @@ our %unified_info = ( "X25519_ASM" ], "providers/liblegacy.a" => [ - "MD5_ASM" + "MD5_ASM", + "RC4_ASM" ], "test/provider_internal_test" => [ "PROVIDER_INIT_FUNCTION_NAME=p_test_init" diff --git a/deps/openssl/config/archs/BSD-x86_64/asm/crypto/buildinf.h b/deps/openssl/config/archs/BSD-x86_64/asm/crypto/buildinf.h index 030011ddd329d1..8220828c4d379e 100644 --- a/deps/openssl/config/archs/BSD-x86_64/asm/crypto/buildinf.h +++ b/deps/openssl/config/archs/BSD-x86_64/asm/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: BSD-x86_64" -#define DATE "built on: Fri Jun 9 11:59:45 2023 UTC" +#define DATE "built on: Sun Aug 6 00:26:19 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/BSD-x86_64/asm/include/openssl/opensslv.h b/deps/openssl/config/archs/BSD-x86_64/asm/include/openssl/opensslv.h index 1b938a927c7d59..06ba6600ff29ce 100644 --- a/deps/openssl/config/archs/BSD-x86_64/asm/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/BSD-x86_64/asm/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/BSD-x86_64/asm/openssl-cl.gypi b/deps/openssl/config/archs/BSD-x86_64/asm/openssl-cl.gypi index 7a4fc80cc44f5a..bfe296a44f604b 100644 --- a/deps/openssl/config/archs/BSD-x86_64/asm/openssl-cl.gypi +++ b/deps/openssl/config/archs/BSD-x86_64/asm/openssl-cl.gypi @@ -18,6 +18,7 @@ 'OPENSSL_IA32_SSE2', 'PADLOCK_ASM', 'POLY1305_ASM', + 'RC4_ASM', 'SHA1_ASM', 'SHA256_ASM', 'SHA512_ASM', diff --git a/deps/openssl/config/archs/BSD-x86_64/asm/openssl.gypi b/deps/openssl/config/archs/BSD-x86_64/asm/openssl.gypi index d666f1d87ab6ee..7a468bd82eca92 100644 --- a/deps/openssl/config/archs/BSD-x86_64/asm/openssl.gypi +++ b/deps/openssl/config/archs/BSD-x86_64/asm/openssl.gypi @@ -1007,6 +1007,7 @@ 'OPENSSL_IA32_SSE2', 'PADLOCK_ASM', 'POLY1305_ASM', + 'RC4_ASM', 'SHA1_ASM', 'SHA256_ASM', 'SHA512_ASM', diff --git a/deps/openssl/config/archs/BSD-x86_64/asm_avx2/configdata.pm b/deps/openssl/config/archs/BSD-x86_64/asm_avx2/configdata.pm index 8ee8ba6f5f209c..07333980e3d535 100644 --- a/deps/openssl/config/archs/BSD-x86_64/asm_avx2/configdata.pm +++ b/deps/openssl/config/archs/BSD-x86_64/asm_avx2/configdata.pm @@ -156,7 +156,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -203,7 +203,7 @@ our %config = ( "openssl_sys_defines" => [], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -255,11 +255,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned int", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "BSD-x86_64", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "ar", @@ -1598,6 +1598,7 @@ our %unified_info = ( "OPENSSL_IA32_SSE2", "PADLOCK_ASM", "POLY1305_ASM", + "RC4_ASM", "SHA1_ASM", "SHA256_ASM", "SHA512_ASM", @@ -1649,7 +1650,8 @@ our %unified_info = ( "X25519_ASM" ], "providers/liblegacy.a" => [ - "MD5_ASM" + "MD5_ASM", + "RC4_ASM" ], "test/provider_internal_test" => [ "PROVIDER_INIT_FUNCTION_NAME=p_test_init" diff --git a/deps/openssl/config/archs/BSD-x86_64/asm_avx2/crypto/buildinf.h b/deps/openssl/config/archs/BSD-x86_64/asm_avx2/crypto/buildinf.h index e51610d0ee444a..0141bc595c4669 100644 --- a/deps/openssl/config/archs/BSD-x86_64/asm_avx2/crypto/buildinf.h +++ b/deps/openssl/config/archs/BSD-x86_64/asm_avx2/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: BSD-x86_64" -#define DATE "built on: Fri Jun 9 12:00:09 2023 UTC" +#define DATE "built on: Sun Aug 6 00:26:43 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/BSD-x86_64/asm_avx2/include/openssl/opensslv.h b/deps/openssl/config/archs/BSD-x86_64/asm_avx2/include/openssl/opensslv.h index 1b938a927c7d59..06ba6600ff29ce 100644 --- a/deps/openssl/config/archs/BSD-x86_64/asm_avx2/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/BSD-x86_64/asm_avx2/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/BSD-x86_64/asm_avx2/openssl-cl.gypi b/deps/openssl/config/archs/BSD-x86_64/asm_avx2/openssl-cl.gypi index 42d807726ccf63..108012655aa24f 100644 --- a/deps/openssl/config/archs/BSD-x86_64/asm_avx2/openssl-cl.gypi +++ b/deps/openssl/config/archs/BSD-x86_64/asm_avx2/openssl-cl.gypi @@ -18,6 +18,7 @@ 'OPENSSL_IA32_SSE2', 'PADLOCK_ASM', 'POLY1305_ASM', + 'RC4_ASM', 'SHA1_ASM', 'SHA256_ASM', 'SHA512_ASM', diff --git a/deps/openssl/config/archs/BSD-x86_64/asm_avx2/openssl.gypi b/deps/openssl/config/archs/BSD-x86_64/asm_avx2/openssl.gypi index e5835b13683008..6de0252f4666f3 100644 --- a/deps/openssl/config/archs/BSD-x86_64/asm_avx2/openssl.gypi +++ b/deps/openssl/config/archs/BSD-x86_64/asm_avx2/openssl.gypi @@ -1007,6 +1007,7 @@ 'OPENSSL_IA32_SSE2', 'PADLOCK_ASM', 'POLY1305_ASM', + 'RC4_ASM', 'SHA1_ASM', 'SHA256_ASM', 'SHA512_ASM', diff --git a/deps/openssl/config/archs/BSD-x86_64/no-asm/configdata.pm b/deps/openssl/config/archs/BSD-x86_64/no-asm/configdata.pm index fe6faf48fe717b..daa479b8c190aa 100644 --- a/deps/openssl/config/archs/BSD-x86_64/no-asm/configdata.pm +++ b/deps/openssl/config/archs/BSD-x86_64/no-asm/configdata.pm @@ -154,7 +154,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -202,7 +202,7 @@ our %config = ( "openssl_sys_defines" => [], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-asm no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -255,11 +255,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned int", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "BSD-x86_64", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "ar", diff --git a/deps/openssl/config/archs/BSD-x86_64/no-asm/crypto/buildinf.h b/deps/openssl/config/archs/BSD-x86_64/no-asm/crypto/buildinf.h index 76c3d4c52a8c42..f1fbc792476400 100644 --- a/deps/openssl/config/archs/BSD-x86_64/no-asm/crypto/buildinf.h +++ b/deps/openssl/config/archs/BSD-x86_64/no-asm/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: BSD-x86_64" -#define DATE "built on: Fri Jun 9 12:00:34 2023 UTC" +#define DATE "built on: Sun Aug 6 00:27:07 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/BSD-x86_64/no-asm/include/openssl/opensslv.h b/deps/openssl/config/archs/BSD-x86_64/no-asm/include/openssl/opensslv.h index 1b938a927c7d59..06ba6600ff29ce 100644 --- a/deps/openssl/config/archs/BSD-x86_64/no-asm/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/BSD-x86_64/no-asm/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/VC-WIN32/asm/configdata.pm b/deps/openssl/config/archs/VC-WIN32/asm/configdata.pm index 5f342faf4fe565..ca62a99b20e7e9 100644 --- a/deps/openssl/config/archs/VC-WIN32/asm/configdata.pm +++ b/deps/openssl/config/archs/VC-WIN32/asm/configdata.pm @@ -165,7 +165,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -216,7 +216,7 @@ our %config = ( ], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -268,11 +268,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned int", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "VC-WIN32", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "lib", @@ -287,7 +287,7 @@ our %target = ( "LDFLAGS" => "/nologo /debug", "MT" => "mt", "MTFLAGS" => "-nologo", - "RANLIB" => "CODE(0x55fe658edb00)", + "RANLIB" => "CODE(0x55c06cf5ea80)", "RC" => "rc", "_conf_fname_int" => [ "Configurations/00-base-templates.conf", @@ -1644,6 +1644,7 @@ our %unified_info = ( "OPENSSL_IA32_SSE2", "PADLOCK_ASM", "POLY1305_ASM", + "RC4_ASM", "RMD160_ASM", "SHA1_ASM", "SHA256_ASM", @@ -1691,7 +1692,8 @@ our %unified_info = ( "VPAES_ASM" ], "providers/liblegacy.a" => [ - "MD5_ASM" + "MD5_ASM", + "RC4_ASM" ], "test/provider_internal_test" => [ "PROVIDER_INIT_FUNCTION_NAME=p_test_init" diff --git a/deps/openssl/config/archs/VC-WIN32/asm/crypto/buildinf.h b/deps/openssl/config/archs/VC-WIN32/asm/crypto/buildinf.h index db23ff982f9c84..b4978c23fed544 100644 --- a/deps/openssl/config/archs/VC-WIN32/asm/crypto/buildinf.h +++ b/deps/openssl/config/archs/VC-WIN32/asm/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: " -#define DATE "built on: Fri Jun 9 12:15:22 2023 UTC" +#define DATE "built on: Sun Aug 6 00:43:26 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/VC-WIN32/asm/include/openssl/opensslv.h b/deps/openssl/config/archs/VC-WIN32/asm/include/openssl/opensslv.h index 874d53c931fc8a..38b44f1054ad3d 100644 --- a/deps/openssl/config/archs/VC-WIN32/asm/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/VC-WIN32/asm/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/VC-WIN32/asm/openssl-cl.gypi b/deps/openssl/config/archs/VC-WIN32/asm/openssl-cl.gypi index 8f32c2e84d2e5e..b0f6b78e59e0d9 100644 --- a/deps/openssl/config/archs/VC-WIN32/asm/openssl-cl.gypi +++ b/deps/openssl/config/archs/VC-WIN32/asm/openssl-cl.gypi @@ -22,6 +22,7 @@ 'OPENSSL_IA32_SSE2', 'PADLOCK_ASM', 'POLY1305_ASM', + 'RC4_ASM', 'RMD160_ASM', 'SHA1_ASM', 'SHA256_ASM', diff --git a/deps/openssl/config/archs/VC-WIN32/asm/openssl.gypi b/deps/openssl/config/archs/VC-WIN32/asm/openssl.gypi index 07b539779f9fe1..7a415cb3da09cb 100644 --- a/deps/openssl/config/archs/VC-WIN32/asm/openssl.gypi +++ b/deps/openssl/config/archs/VC-WIN32/asm/openssl.gypi @@ -995,6 +995,7 @@ 'OPENSSL_IA32_SSE2', 'PADLOCK_ASM', 'POLY1305_ASM', + 'RC4_ASM', 'RMD160_ASM', 'SHA1_ASM', 'SHA256_ASM', diff --git a/deps/openssl/config/archs/VC-WIN32/asm_avx2/configdata.pm b/deps/openssl/config/archs/VC-WIN32/asm_avx2/configdata.pm index 489b9a56592a91..62ccddd60f494f 100644 --- a/deps/openssl/config/archs/VC-WIN32/asm_avx2/configdata.pm +++ b/deps/openssl/config/archs/VC-WIN32/asm_avx2/configdata.pm @@ -165,7 +165,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -216,7 +216,7 @@ our %config = ( ], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -268,11 +268,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned int", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "VC-WIN32", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "lib", @@ -287,7 +287,7 @@ our %target = ( "LDFLAGS" => "/nologo /debug", "MT" => "mt", "MTFLAGS" => "-nologo", - "RANLIB" => "CODE(0x55d85b90f3a0)", + "RANLIB" => "CODE(0x55b8a711a640)", "RC" => "rc", "_conf_fname_int" => [ "Configurations/00-base-templates.conf", @@ -1644,6 +1644,7 @@ our %unified_info = ( "OPENSSL_IA32_SSE2", "PADLOCK_ASM", "POLY1305_ASM", + "RC4_ASM", "RMD160_ASM", "SHA1_ASM", "SHA256_ASM", @@ -1691,7 +1692,8 @@ our %unified_info = ( "VPAES_ASM" ], "providers/liblegacy.a" => [ - "MD5_ASM" + "MD5_ASM", + "RC4_ASM" ], "test/provider_internal_test" => [ "PROVIDER_INIT_FUNCTION_NAME=p_test_init" diff --git a/deps/openssl/config/archs/VC-WIN32/asm_avx2/crypto/buildinf.h b/deps/openssl/config/archs/VC-WIN32/asm_avx2/crypto/buildinf.h index 81c4bb130a934e..00774a2a9b5c85 100644 --- a/deps/openssl/config/archs/VC-WIN32/asm_avx2/crypto/buildinf.h +++ b/deps/openssl/config/archs/VC-WIN32/asm_avx2/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: " -#define DATE "built on: Fri Jun 9 12:15:41 2023 UTC" +#define DATE "built on: Sun Aug 6 00:43:47 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/VC-WIN32/asm_avx2/include/openssl/opensslv.h b/deps/openssl/config/archs/VC-WIN32/asm_avx2/include/openssl/opensslv.h index 874d53c931fc8a..38b44f1054ad3d 100644 --- a/deps/openssl/config/archs/VC-WIN32/asm_avx2/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/VC-WIN32/asm_avx2/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/VC-WIN32/asm_avx2/openssl-cl.gypi b/deps/openssl/config/archs/VC-WIN32/asm_avx2/openssl-cl.gypi index adeaadc5e80a03..487571baf1b020 100644 --- a/deps/openssl/config/archs/VC-WIN32/asm_avx2/openssl-cl.gypi +++ b/deps/openssl/config/archs/VC-WIN32/asm_avx2/openssl-cl.gypi @@ -22,6 +22,7 @@ 'OPENSSL_IA32_SSE2', 'PADLOCK_ASM', 'POLY1305_ASM', + 'RC4_ASM', 'RMD160_ASM', 'SHA1_ASM', 'SHA256_ASM', diff --git a/deps/openssl/config/archs/VC-WIN32/asm_avx2/openssl.gypi b/deps/openssl/config/archs/VC-WIN32/asm_avx2/openssl.gypi index 607341683d0b56..0eb291c5b04f91 100644 --- a/deps/openssl/config/archs/VC-WIN32/asm_avx2/openssl.gypi +++ b/deps/openssl/config/archs/VC-WIN32/asm_avx2/openssl.gypi @@ -995,6 +995,7 @@ 'OPENSSL_IA32_SSE2', 'PADLOCK_ASM', 'POLY1305_ASM', + 'RC4_ASM', 'RMD160_ASM', 'SHA1_ASM', 'SHA256_ASM', diff --git a/deps/openssl/config/archs/VC-WIN32/no-asm/configdata.pm b/deps/openssl/config/archs/VC-WIN32/no-asm/configdata.pm index 95f445562af65d..9a5d93c30fa1ab 100644 --- a/deps/openssl/config/archs/VC-WIN32/no-asm/configdata.pm +++ b/deps/openssl/config/archs/VC-WIN32/no-asm/configdata.pm @@ -163,7 +163,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -215,7 +215,7 @@ our %config = ( ], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-asm no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -268,11 +268,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned int", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "VC-WIN32", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "lib", @@ -287,7 +287,7 @@ our %target = ( "LDFLAGS" => "/nologo /debug", "MT" => "mt", "MTFLAGS" => "-nologo", - "RANLIB" => "CODE(0x563faaebacb8)", + "RANLIB" => "CODE(0x55ac94d0db28)", "RC" => "rc", "_conf_fname_int" => [ "Configurations/00-base-templates.conf", diff --git a/deps/openssl/config/archs/VC-WIN32/no-asm/crypto/buildinf.h b/deps/openssl/config/archs/VC-WIN32/no-asm/crypto/buildinf.h index e5d99ffb1f85e4..b19b8b48b13928 100644 --- a/deps/openssl/config/archs/VC-WIN32/no-asm/crypto/buildinf.h +++ b/deps/openssl/config/archs/VC-WIN32/no-asm/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: " -#define DATE "built on: Fri Jun 9 12:16:00 2023 UTC" +#define DATE "built on: Sun Aug 6 00:44:09 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/VC-WIN32/no-asm/include/openssl/opensslv.h b/deps/openssl/config/archs/VC-WIN32/no-asm/include/openssl/opensslv.h index 874d53c931fc8a..38b44f1054ad3d 100644 --- a/deps/openssl/config/archs/VC-WIN32/no-asm/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/VC-WIN32/no-asm/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/VC-WIN64-ARM/no-asm/configdata.pm b/deps/openssl/config/archs/VC-WIN64-ARM/no-asm/configdata.pm index 326aee8a214bfc..4c747db9cfb5c7 100644 --- a/deps/openssl/config/archs/VC-WIN64-ARM/no-asm/configdata.pm +++ b/deps/openssl/config/archs/VC-WIN64-ARM/no-asm/configdata.pm @@ -163,7 +163,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -213,7 +213,7 @@ our %config = ( "openssl_sys_defines" => [], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-asm no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -266,11 +266,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned char", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "VC-WIN64-ARM", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "lib", @@ -283,7 +283,7 @@ our %target = ( "LDFLAGS" => "/nologo /debug", "MT" => "mt", "MTFLAGS" => "-nologo", - "RANLIB" => "CODE(0x556dc7ce0ba8)", + "RANLIB" => "CODE(0x56025ddf3078)", "RC" => "rc", "_conf_fname_int" => [ "Configurations/00-base-templates.conf", diff --git a/deps/openssl/config/archs/VC-WIN64-ARM/no-asm/crypto/buildinf.h b/deps/openssl/config/archs/VC-WIN64-ARM/no-asm/crypto/buildinf.h index 8d5b5a0265ca60..f32efe5d98eca3 100644 --- a/deps/openssl/config/archs/VC-WIN64-ARM/no-asm/crypto/buildinf.h +++ b/deps/openssl/config/archs/VC-WIN64-ARM/no-asm/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: VC-WIN64-ARM" -#define DATE "built on: Fri Jun 9 12:16:18 2023 UTC" +#define DATE "built on: Sun Aug 6 00:44:29 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/VC-WIN64-ARM/no-asm/include/openssl/opensslv.h b/deps/openssl/config/archs/VC-WIN64-ARM/no-asm/include/openssl/opensslv.h index 874d53c931fc8a..38b44f1054ad3d 100644 --- a/deps/openssl/config/archs/VC-WIN64-ARM/no-asm/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/VC-WIN64-ARM/no-asm/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/VC-WIN64A/asm/configdata.pm b/deps/openssl/config/archs/VC-WIN64A/asm/configdata.pm index 772e2a57e368e9..80443a734d38e4 100644 --- a/deps/openssl/config/archs/VC-WIN64A/asm/configdata.pm +++ b/deps/openssl/config/archs/VC-WIN64A/asm/configdata.pm @@ -168,7 +168,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -219,7 +219,7 @@ our %config = ( ], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -271,11 +271,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned int", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "VC-WIN64A", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "lib", @@ -290,7 +290,7 @@ our %target = ( "LDFLAGS" => "/nologo /debug", "MT" => "mt", "MTFLAGS" => "-nologo", - "RANLIB" => "CODE(0x55a5434b2770)", + "RANLIB" => "CODE(0x56532d60fad0)", "RC" => "rc", "_conf_fname_int" => [ "Configurations/00-base-templates.conf", @@ -1649,6 +1649,7 @@ our %unified_info = ( "OPENSSL_IA32_SSE2", "PADLOCK_ASM", "POLY1305_ASM", + "RC4_ASM", "SHA1_ASM", "SHA256_ASM", "SHA512_ASM", @@ -1700,7 +1701,8 @@ our %unified_info = ( "X25519_ASM" ], "providers/liblegacy.a" => [ - "MD5_ASM" + "MD5_ASM", + "RC4_ASM" ], "test/provider_internal_test" => [ "PROVIDER_INIT_FUNCTION_NAME=p_test_init" diff --git a/deps/openssl/config/archs/VC-WIN64A/asm/crypto/buildinf.h b/deps/openssl/config/archs/VC-WIN64A/asm/crypto/buildinf.h index 75f69ed990b56e..06a91884502b77 100644 --- a/deps/openssl/config/archs/VC-WIN64A/asm/crypto/buildinf.h +++ b/deps/openssl/config/archs/VC-WIN64A/asm/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: " -#define DATE "built on: Fri Jun 9 12:14:15 2023 UTC" +#define DATE "built on: Sun Aug 6 00:42:10 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/VC-WIN64A/asm/include/openssl/opensslv.h b/deps/openssl/config/archs/VC-WIN64A/asm/include/openssl/opensslv.h index 874d53c931fc8a..38b44f1054ad3d 100644 --- a/deps/openssl/config/archs/VC-WIN64A/asm/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/VC-WIN64A/asm/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/VC-WIN64A/asm/openssl-cl.gypi b/deps/openssl/config/archs/VC-WIN64A/asm/openssl-cl.gypi index dc54c7aa2c78fb..9b7e878e1c497d 100644 --- a/deps/openssl/config/archs/VC-WIN64A/asm/openssl-cl.gypi +++ b/deps/openssl/config/archs/VC-WIN64A/asm/openssl-cl.gypi @@ -23,6 +23,7 @@ 'OPENSSL_IA32_SSE2', 'PADLOCK_ASM', 'POLY1305_ASM', + 'RC4_ASM', 'SHA1_ASM', 'SHA256_ASM', 'SHA512_ASM', diff --git a/deps/openssl/config/archs/VC-WIN64A/asm/openssl.gypi b/deps/openssl/config/archs/VC-WIN64A/asm/openssl.gypi index c1fe444ecbef8d..5afa3d7541147c 100644 --- a/deps/openssl/config/archs/VC-WIN64A/asm/openssl.gypi +++ b/deps/openssl/config/archs/VC-WIN64A/asm/openssl.gypi @@ -1009,6 +1009,7 @@ 'OPENSSL_IA32_SSE2', 'PADLOCK_ASM', 'POLY1305_ASM', + 'RC4_ASM', 'SHA1_ASM', 'SHA256_ASM', 'SHA512_ASM', diff --git a/deps/openssl/config/archs/VC-WIN64A/asm_avx2/configdata.pm b/deps/openssl/config/archs/VC-WIN64A/asm_avx2/configdata.pm index cbc250155f4bd0..08fdeedbf613bf 100644 --- a/deps/openssl/config/archs/VC-WIN64A/asm_avx2/configdata.pm +++ b/deps/openssl/config/archs/VC-WIN64A/asm_avx2/configdata.pm @@ -168,7 +168,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -219,7 +219,7 @@ our %config = ( ], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -271,11 +271,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned int", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "VC-WIN64A", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "lib", @@ -290,7 +290,7 @@ our %target = ( "LDFLAGS" => "/nologo /debug", "MT" => "mt", "MTFLAGS" => "-nologo", - "RANLIB" => "CODE(0x5590b4594db0)", + "RANLIB" => "CODE(0x56478be29bd0)", "RC" => "rc", "_conf_fname_int" => [ "Configurations/00-base-templates.conf", @@ -1649,6 +1649,7 @@ our %unified_info = ( "OPENSSL_IA32_SSE2", "PADLOCK_ASM", "POLY1305_ASM", + "RC4_ASM", "SHA1_ASM", "SHA256_ASM", "SHA512_ASM", @@ -1700,7 +1701,8 @@ our %unified_info = ( "X25519_ASM" ], "providers/liblegacy.a" => [ - "MD5_ASM" + "MD5_ASM", + "RC4_ASM" ], "test/provider_internal_test" => [ "PROVIDER_INIT_FUNCTION_NAME=p_test_init" diff --git a/deps/openssl/config/archs/VC-WIN64A/asm_avx2/crypto/buildinf.h b/deps/openssl/config/archs/VC-WIN64A/asm_avx2/crypto/buildinf.h index c4f414e265d1f9..196661655556bf 100644 --- a/deps/openssl/config/archs/VC-WIN64A/asm_avx2/crypto/buildinf.h +++ b/deps/openssl/config/archs/VC-WIN64A/asm_avx2/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: " -#define DATE "built on: Fri Jun 9 12:14:40 2023 UTC" +#define DATE "built on: Sun Aug 6 00:42:38 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/VC-WIN64A/asm_avx2/include/openssl/opensslv.h b/deps/openssl/config/archs/VC-WIN64A/asm_avx2/include/openssl/opensslv.h index 874d53c931fc8a..38b44f1054ad3d 100644 --- a/deps/openssl/config/archs/VC-WIN64A/asm_avx2/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/VC-WIN64A/asm_avx2/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/VC-WIN64A/asm_avx2/openssl-cl.gypi b/deps/openssl/config/archs/VC-WIN64A/asm_avx2/openssl-cl.gypi index 1b37356b4c3fc7..5eafa74db33530 100644 --- a/deps/openssl/config/archs/VC-WIN64A/asm_avx2/openssl-cl.gypi +++ b/deps/openssl/config/archs/VC-WIN64A/asm_avx2/openssl-cl.gypi @@ -23,6 +23,7 @@ 'OPENSSL_IA32_SSE2', 'PADLOCK_ASM', 'POLY1305_ASM', + 'RC4_ASM', 'SHA1_ASM', 'SHA256_ASM', 'SHA512_ASM', diff --git a/deps/openssl/config/archs/VC-WIN64A/asm_avx2/openssl.gypi b/deps/openssl/config/archs/VC-WIN64A/asm_avx2/openssl.gypi index d7fd83a46e3910..582f8c93a5b10f 100644 --- a/deps/openssl/config/archs/VC-WIN64A/asm_avx2/openssl.gypi +++ b/deps/openssl/config/archs/VC-WIN64A/asm_avx2/openssl.gypi @@ -1009,6 +1009,7 @@ 'OPENSSL_IA32_SSE2', 'PADLOCK_ASM', 'POLY1305_ASM', + 'RC4_ASM', 'SHA1_ASM', 'SHA256_ASM', 'SHA512_ASM', diff --git a/deps/openssl/config/archs/VC-WIN64A/no-asm/configdata.pm b/deps/openssl/config/archs/VC-WIN64A/no-asm/configdata.pm index 5e12aa14fe94ad..37fe7ad1554464 100644 --- a/deps/openssl/config/archs/VC-WIN64A/no-asm/configdata.pm +++ b/deps/openssl/config/archs/VC-WIN64A/no-asm/configdata.pm @@ -166,7 +166,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -218,7 +218,7 @@ our %config = ( ], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-asm no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -271,11 +271,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned int", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "VC-WIN64A", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "lib", @@ -290,7 +290,7 @@ our %target = ( "LDFLAGS" => "/nologo /debug", "MT" => "mt", "MTFLAGS" => "-nologo", - "RANLIB" => "CODE(0x559ab9a64278)", + "RANLIB" => "CODE(0x55ad7db3afe8)", "RC" => "rc", "_conf_fname_int" => [ "Configurations/00-base-templates.conf", diff --git a/deps/openssl/config/archs/VC-WIN64A/no-asm/crypto/buildinf.h b/deps/openssl/config/archs/VC-WIN64A/no-asm/crypto/buildinf.h index 51a79f2842b4d2..f0e9d087e2267d 100644 --- a/deps/openssl/config/archs/VC-WIN64A/no-asm/crypto/buildinf.h +++ b/deps/openssl/config/archs/VC-WIN64A/no-asm/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: " -#define DATE "built on: Fri Jun 9 12:15:04 2023 UTC" +#define DATE "built on: Sun Aug 6 00:43:05 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/VC-WIN64A/no-asm/include/openssl/opensslv.h b/deps/openssl/config/archs/VC-WIN64A/no-asm/include/openssl/opensslv.h index 874d53c931fc8a..38b44f1054ad3d 100644 --- a/deps/openssl/config/archs/VC-WIN64A/no-asm/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/VC-WIN64A/no-asm/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/aix64-gcc-as/asm/configdata.pm b/deps/openssl/config/archs/aix64-gcc-as/asm/configdata.pm index 45f66d88bec8bd..ca05289b718d86 100644 --- a/deps/openssl/config/archs/aix64-gcc-as/asm/configdata.pm +++ b/deps/openssl/config/archs/aix64-gcc-as/asm/configdata.pm @@ -156,7 +156,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -206,7 +206,7 @@ our %config = ( ], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -258,11 +258,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned char", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "aix64-gcc-as", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "ar -X64", diff --git a/deps/openssl/config/archs/aix64-gcc-as/asm/crypto/buildinf.h b/deps/openssl/config/archs/aix64-gcc-as/asm/crypto/buildinf.h index d13a70519f2a29..3f01432e2b1840 100644 --- a/deps/openssl/config/archs/aix64-gcc-as/asm/crypto/buildinf.h +++ b/deps/openssl/config/archs/aix64-gcc-as/asm/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: aix64-gcc-as" -#define DATE "built on: Fri Jun 9 11:57:48 2023 UTC" +#define DATE "built on: Sun Aug 6 00:24:21 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/aix64-gcc-as/asm/include/openssl/opensslv.h b/deps/openssl/config/archs/aix64-gcc-as/asm/include/openssl/opensslv.h index 1b938a927c7d59..06ba6600ff29ce 100644 --- a/deps/openssl/config/archs/aix64-gcc-as/asm/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/aix64-gcc-as/asm/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/aix64-gcc-as/asm_avx2/configdata.pm b/deps/openssl/config/archs/aix64-gcc-as/asm_avx2/configdata.pm index 8b3a1f0ee5f0bb..a8d6fc77f0ac2d 100644 --- a/deps/openssl/config/archs/aix64-gcc-as/asm_avx2/configdata.pm +++ b/deps/openssl/config/archs/aix64-gcc-as/asm_avx2/configdata.pm @@ -156,7 +156,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -206,7 +206,7 @@ our %config = ( ], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -258,11 +258,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned char", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "aix64-gcc-as", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "ar -X64", diff --git a/deps/openssl/config/archs/aix64-gcc-as/asm_avx2/crypto/buildinf.h b/deps/openssl/config/archs/aix64-gcc-as/asm_avx2/crypto/buildinf.h index b49627c01c44a0..ec624a65971b4b 100644 --- a/deps/openssl/config/archs/aix64-gcc-as/asm_avx2/crypto/buildinf.h +++ b/deps/openssl/config/archs/aix64-gcc-as/asm_avx2/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: aix64-gcc-as" -#define DATE "built on: Fri Jun 9 11:58:08 2023 UTC" +#define DATE "built on: Sun Aug 6 00:24:41 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/aix64-gcc-as/asm_avx2/include/openssl/opensslv.h b/deps/openssl/config/archs/aix64-gcc-as/asm_avx2/include/openssl/opensslv.h index 1b938a927c7d59..06ba6600ff29ce 100644 --- a/deps/openssl/config/archs/aix64-gcc-as/asm_avx2/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/aix64-gcc-as/asm_avx2/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/aix64-gcc-as/no-asm/configdata.pm b/deps/openssl/config/archs/aix64-gcc-as/no-asm/configdata.pm index c43b955a97f1fa..fdfbcce8adc844 100644 --- a/deps/openssl/config/archs/aix64-gcc-as/no-asm/configdata.pm +++ b/deps/openssl/config/archs/aix64-gcc-as/no-asm/configdata.pm @@ -154,7 +154,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -205,7 +205,7 @@ our %config = ( ], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-asm no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -258,11 +258,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned char", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "aix64-gcc-as", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "ar -X64", diff --git a/deps/openssl/config/archs/aix64-gcc-as/no-asm/crypto/buildinf.h b/deps/openssl/config/archs/aix64-gcc-as/no-asm/crypto/buildinf.h index 087f6580773805..83233146a50c97 100644 --- a/deps/openssl/config/archs/aix64-gcc-as/no-asm/crypto/buildinf.h +++ b/deps/openssl/config/archs/aix64-gcc-as/no-asm/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: aix64-gcc-as" -#define DATE "built on: Fri Jun 9 11:58:27 2023 UTC" +#define DATE "built on: Sun Aug 6 00:25:01 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/aix64-gcc-as/no-asm/include/openssl/opensslv.h b/deps/openssl/config/archs/aix64-gcc-as/no-asm/include/openssl/opensslv.h index 1b938a927c7d59..06ba6600ff29ce 100644 --- a/deps/openssl/config/archs/aix64-gcc-as/no-asm/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/aix64-gcc-as/no-asm/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/darwin-i386-cc/asm/configdata.pm b/deps/openssl/config/archs/darwin-i386-cc/asm/configdata.pm index dd2e698e0ccc04..ba53b9f9cea130 100644 --- a/deps/openssl/config/archs/darwin-i386-cc/asm/configdata.pm +++ b/deps/openssl/config/archs/darwin-i386-cc/asm/configdata.pm @@ -156,7 +156,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -206,7 +206,7 @@ our %config = ( ], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -258,11 +258,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned int", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "darwin-i386-cc", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "ar", @@ -1598,6 +1598,7 @@ our %unified_info = ( "OPENSSL_IA32_SSE2", "PADLOCK_ASM", "POLY1305_ASM", + "RC4_ASM", "RMD160_ASM", "SHA1_ASM", "SHA256_ASM", @@ -1645,7 +1646,8 @@ our %unified_info = ( "VPAES_ASM" ], "providers/liblegacy.a" => [ - "MD5_ASM" + "MD5_ASM", + "RC4_ASM" ], "test/provider_internal_test" => [ "PROVIDER_INIT_FUNCTION_NAME=p_test_init" diff --git a/deps/openssl/config/archs/darwin-i386-cc/asm/crypto/buildinf.h b/deps/openssl/config/archs/darwin-i386-cc/asm/crypto/buildinf.h index 88afb06bbc114d..e98ef7735cb4ed 100644 --- a/deps/openssl/config/archs/darwin-i386-cc/asm/crypto/buildinf.h +++ b/deps/openssl/config/archs/darwin-i386-cc/asm/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: darwin-i386-cc" -#define DATE "built on: Fri Jun 9 12:01:57 2023 UTC" +#define DATE "built on: Sun Aug 6 00:28:31 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/darwin-i386-cc/asm/include/openssl/opensslv.h b/deps/openssl/config/archs/darwin-i386-cc/asm/include/openssl/opensslv.h index 1b938a927c7d59..06ba6600ff29ce 100644 --- a/deps/openssl/config/archs/darwin-i386-cc/asm/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/darwin-i386-cc/asm/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/darwin-i386-cc/asm/openssl-cl.gypi b/deps/openssl/config/archs/darwin-i386-cc/asm/openssl-cl.gypi index fa640617e063e8..eeb54ba669b40a 100644 --- a/deps/openssl/config/archs/darwin-i386-cc/asm/openssl-cl.gypi +++ b/deps/openssl/config/archs/darwin-i386-cc/asm/openssl-cl.gypi @@ -17,6 +17,7 @@ 'OPENSSL_IA32_SSE2', 'PADLOCK_ASM', 'POLY1305_ASM', + 'RC4_ASM', 'RMD160_ASM', 'SHA1_ASM', 'SHA256_ASM', diff --git a/deps/openssl/config/archs/darwin-i386-cc/asm/openssl.gypi b/deps/openssl/config/archs/darwin-i386-cc/asm/openssl.gypi index cf331ff9355043..1fac08080709a0 100644 --- a/deps/openssl/config/archs/darwin-i386-cc/asm/openssl.gypi +++ b/deps/openssl/config/archs/darwin-i386-cc/asm/openssl.gypi @@ -990,6 +990,7 @@ 'OPENSSL_IA32_SSE2', 'PADLOCK_ASM', 'POLY1305_ASM', + 'RC4_ASM', 'RMD160_ASM', 'SHA1_ASM', 'SHA256_ASM', diff --git a/deps/openssl/config/archs/darwin-i386-cc/asm_avx2/configdata.pm b/deps/openssl/config/archs/darwin-i386-cc/asm_avx2/configdata.pm index 0236d99d33a9a7..a1999fe03a4772 100644 --- a/deps/openssl/config/archs/darwin-i386-cc/asm_avx2/configdata.pm +++ b/deps/openssl/config/archs/darwin-i386-cc/asm_avx2/configdata.pm @@ -156,7 +156,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -206,7 +206,7 @@ our %config = ( ], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -258,11 +258,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned int", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "darwin-i386-cc", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "ar", @@ -1598,6 +1598,7 @@ our %unified_info = ( "OPENSSL_IA32_SSE2", "PADLOCK_ASM", "POLY1305_ASM", + "RC4_ASM", "RMD160_ASM", "SHA1_ASM", "SHA256_ASM", @@ -1645,7 +1646,8 @@ our %unified_info = ( "VPAES_ASM" ], "providers/liblegacy.a" => [ - "MD5_ASM" + "MD5_ASM", + "RC4_ASM" ], "test/provider_internal_test" => [ "PROVIDER_INIT_FUNCTION_NAME=p_test_init" diff --git a/deps/openssl/config/archs/darwin-i386-cc/asm_avx2/crypto/buildinf.h b/deps/openssl/config/archs/darwin-i386-cc/asm_avx2/crypto/buildinf.h index db1463ebd9208a..76159a1731d678 100644 --- a/deps/openssl/config/archs/darwin-i386-cc/asm_avx2/crypto/buildinf.h +++ b/deps/openssl/config/archs/darwin-i386-cc/asm_avx2/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: darwin-i386-cc" -#define DATE "built on: Fri Jun 9 12:02:18 2023 UTC" +#define DATE "built on: Sun Aug 6 00:28:51 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/darwin-i386-cc/asm_avx2/include/openssl/opensslv.h b/deps/openssl/config/archs/darwin-i386-cc/asm_avx2/include/openssl/opensslv.h index 1b938a927c7d59..06ba6600ff29ce 100644 --- a/deps/openssl/config/archs/darwin-i386-cc/asm_avx2/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/darwin-i386-cc/asm_avx2/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/darwin-i386-cc/asm_avx2/openssl-cl.gypi b/deps/openssl/config/archs/darwin-i386-cc/asm_avx2/openssl-cl.gypi index 41086e27bb8150..235d0cac01e4c0 100644 --- a/deps/openssl/config/archs/darwin-i386-cc/asm_avx2/openssl-cl.gypi +++ b/deps/openssl/config/archs/darwin-i386-cc/asm_avx2/openssl-cl.gypi @@ -17,6 +17,7 @@ 'OPENSSL_IA32_SSE2', 'PADLOCK_ASM', 'POLY1305_ASM', + 'RC4_ASM', 'RMD160_ASM', 'SHA1_ASM', 'SHA256_ASM', diff --git a/deps/openssl/config/archs/darwin-i386-cc/asm_avx2/openssl.gypi b/deps/openssl/config/archs/darwin-i386-cc/asm_avx2/openssl.gypi index 09d5fd91d86031..0f428fdfbb5bd7 100644 --- a/deps/openssl/config/archs/darwin-i386-cc/asm_avx2/openssl.gypi +++ b/deps/openssl/config/archs/darwin-i386-cc/asm_avx2/openssl.gypi @@ -990,6 +990,7 @@ 'OPENSSL_IA32_SSE2', 'PADLOCK_ASM', 'POLY1305_ASM', + 'RC4_ASM', 'RMD160_ASM', 'SHA1_ASM', 'SHA256_ASM', diff --git a/deps/openssl/config/archs/darwin-i386-cc/no-asm/configdata.pm b/deps/openssl/config/archs/darwin-i386-cc/no-asm/configdata.pm index face9f022762e9..97fab50db92bdf 100644 --- a/deps/openssl/config/archs/darwin-i386-cc/no-asm/configdata.pm +++ b/deps/openssl/config/archs/darwin-i386-cc/no-asm/configdata.pm @@ -154,7 +154,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -205,7 +205,7 @@ our %config = ( ], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-asm no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -258,11 +258,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned int", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "darwin-i386-cc", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "ar", diff --git a/deps/openssl/config/archs/darwin-i386-cc/no-asm/crypto/buildinf.h b/deps/openssl/config/archs/darwin-i386-cc/no-asm/crypto/buildinf.h index cd966a1098c64c..67ace143c5c393 100644 --- a/deps/openssl/config/archs/darwin-i386-cc/no-asm/crypto/buildinf.h +++ b/deps/openssl/config/archs/darwin-i386-cc/no-asm/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: darwin-i386-cc" -#define DATE "built on: Fri Jun 9 12:02:39 2023 UTC" +#define DATE "built on: Sun Aug 6 00:29:11 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/darwin-i386-cc/no-asm/include/openssl/opensslv.h b/deps/openssl/config/archs/darwin-i386-cc/no-asm/include/openssl/opensslv.h index 1b938a927c7d59..06ba6600ff29ce 100644 --- a/deps/openssl/config/archs/darwin-i386-cc/no-asm/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/darwin-i386-cc/no-asm/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/darwin64-arm64-cc/asm/configdata.pm b/deps/openssl/config/archs/darwin64-arm64-cc/asm/configdata.pm index f857559a756c8c..9b51a15ef51371 100644 --- a/deps/openssl/config/archs/darwin64-arm64-cc/asm/configdata.pm +++ b/deps/openssl/config/archs/darwin64-arm64-cc/asm/configdata.pm @@ -156,7 +156,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -206,7 +206,7 @@ our %config = ( ], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -258,11 +258,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned int", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "darwin64-arm64-cc", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "ar", diff --git a/deps/openssl/config/archs/darwin64-arm64-cc/asm/crypto/buildinf.h b/deps/openssl/config/archs/darwin64-arm64-cc/asm/crypto/buildinf.h index c8ae0aa7190e5b..2e38ca1fc8f695 100644 --- a/deps/openssl/config/archs/darwin64-arm64-cc/asm/crypto/buildinf.h +++ b/deps/openssl/config/archs/darwin64-arm64-cc/asm/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: darwin64-arm64-cc" -#define DATE "built on: Fri Jun 9 12:02:57 2023 UTC" +#define DATE "built on: Sun Aug 6 00:29:30 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/darwin64-arm64-cc/asm/include/openssl/opensslv.h b/deps/openssl/config/archs/darwin64-arm64-cc/asm/include/openssl/opensslv.h index 1b938a927c7d59..06ba6600ff29ce 100644 --- a/deps/openssl/config/archs/darwin64-arm64-cc/asm/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/darwin64-arm64-cc/asm/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/darwin64-arm64-cc/asm_avx2/configdata.pm b/deps/openssl/config/archs/darwin64-arm64-cc/asm_avx2/configdata.pm index 051e75f55a534a..a465039cbfa855 100644 --- a/deps/openssl/config/archs/darwin64-arm64-cc/asm_avx2/configdata.pm +++ b/deps/openssl/config/archs/darwin64-arm64-cc/asm_avx2/configdata.pm @@ -156,7 +156,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -206,7 +206,7 @@ our %config = ( ], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -258,11 +258,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned int", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "darwin64-arm64-cc", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "ar", diff --git a/deps/openssl/config/archs/darwin64-arm64-cc/asm_avx2/crypto/buildinf.h b/deps/openssl/config/archs/darwin64-arm64-cc/asm_avx2/crypto/buildinf.h index 7e1526a94e38f5..513091049d0260 100644 --- a/deps/openssl/config/archs/darwin64-arm64-cc/asm_avx2/crypto/buildinf.h +++ b/deps/openssl/config/archs/darwin64-arm64-cc/asm_avx2/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: darwin64-arm64-cc" -#define DATE "built on: Fri Jun 9 12:03:16 2023 UTC" +#define DATE "built on: Sun Aug 6 00:29:49 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/darwin64-arm64-cc/asm_avx2/include/openssl/opensslv.h b/deps/openssl/config/archs/darwin64-arm64-cc/asm_avx2/include/openssl/opensslv.h index 1b938a927c7d59..06ba6600ff29ce 100644 --- a/deps/openssl/config/archs/darwin64-arm64-cc/asm_avx2/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/darwin64-arm64-cc/asm_avx2/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/darwin64-arm64-cc/no-asm/configdata.pm b/deps/openssl/config/archs/darwin64-arm64-cc/no-asm/configdata.pm index 2b2d5f67b14150..6519d8eb5ee0d2 100644 --- a/deps/openssl/config/archs/darwin64-arm64-cc/no-asm/configdata.pm +++ b/deps/openssl/config/archs/darwin64-arm64-cc/no-asm/configdata.pm @@ -154,7 +154,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -205,7 +205,7 @@ our %config = ( ], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-asm no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -258,11 +258,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned int", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "darwin64-arm64-cc", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "ar", diff --git a/deps/openssl/config/archs/darwin64-arm64-cc/no-asm/crypto/buildinf.h b/deps/openssl/config/archs/darwin64-arm64-cc/no-asm/crypto/buildinf.h index 4d475f83e339a0..bf5b5aecd602cd 100644 --- a/deps/openssl/config/archs/darwin64-arm64-cc/no-asm/crypto/buildinf.h +++ b/deps/openssl/config/archs/darwin64-arm64-cc/no-asm/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: darwin64-arm64-cc" -#define DATE "built on: Fri Jun 9 12:03:36 2023 UTC" +#define DATE "built on: Sun Aug 6 00:30:09 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/darwin64-arm64-cc/no-asm/include/openssl/opensslv.h b/deps/openssl/config/archs/darwin64-arm64-cc/no-asm/include/openssl/opensslv.h index 1b938a927c7d59..06ba6600ff29ce 100644 --- a/deps/openssl/config/archs/darwin64-arm64-cc/no-asm/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/darwin64-arm64-cc/no-asm/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/darwin64-x86_64-cc/asm/configdata.pm b/deps/openssl/config/archs/darwin64-x86_64-cc/asm/configdata.pm index 5a0805d8dea9b8..8f523192cad9d4 100644 --- a/deps/openssl/config/archs/darwin64-x86_64-cc/asm/configdata.pm +++ b/deps/openssl/config/archs/darwin64-x86_64-cc/asm/configdata.pm @@ -156,7 +156,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -206,7 +206,7 @@ our %config = ( ], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -258,11 +258,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned int", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "darwin64-x86_64-cc", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "ar", @@ -1599,6 +1599,7 @@ our %unified_info = ( "OPENSSL_IA32_SSE2", "PADLOCK_ASM", "POLY1305_ASM", + "RC4_ASM", "SHA1_ASM", "SHA256_ASM", "SHA512_ASM", @@ -1650,7 +1651,8 @@ our %unified_info = ( "X25519_ASM" ], "providers/liblegacy.a" => [ - "MD5_ASM" + "MD5_ASM", + "RC4_ASM" ], "test/provider_internal_test" => [ "PROVIDER_INIT_FUNCTION_NAME=p_test_init" diff --git a/deps/openssl/config/archs/darwin64-x86_64-cc/asm/crypto/buildinf.h b/deps/openssl/config/archs/darwin64-x86_64-cc/asm/crypto/buildinf.h index 6fd9893b8e143e..2c108157902d0c 100644 --- a/deps/openssl/config/archs/darwin64-x86_64-cc/asm/crypto/buildinf.h +++ b/deps/openssl/config/archs/darwin64-x86_64-cc/asm/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: darwin64-x86_64-cc" -#define DATE "built on: Fri Jun 9 12:00:52 2023 UTC" +#define DATE "built on: Sun Aug 6 00:27:25 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/darwin64-x86_64-cc/asm/include/openssl/opensslv.h b/deps/openssl/config/archs/darwin64-x86_64-cc/asm/include/openssl/opensslv.h index 1b938a927c7d59..06ba6600ff29ce 100644 --- a/deps/openssl/config/archs/darwin64-x86_64-cc/asm/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/darwin64-x86_64-cc/asm/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/darwin64-x86_64-cc/asm/openssl-cl.gypi b/deps/openssl/config/archs/darwin64-x86_64-cc/asm/openssl-cl.gypi index 22e4d3d9cad4fe..6fc980121a0b7e 100644 --- a/deps/openssl/config/archs/darwin64-x86_64-cc/asm/openssl-cl.gypi +++ b/deps/openssl/config/archs/darwin64-x86_64-cc/asm/openssl-cl.gypi @@ -18,6 +18,7 @@ 'OPENSSL_IA32_SSE2', 'PADLOCK_ASM', 'POLY1305_ASM', + 'RC4_ASM', 'SHA1_ASM', 'SHA256_ASM', 'SHA512_ASM', diff --git a/deps/openssl/config/archs/darwin64-x86_64-cc/asm/openssl.gypi b/deps/openssl/config/archs/darwin64-x86_64-cc/asm/openssl.gypi index 14a4210edba15c..454a35a31ecd9a 100644 --- a/deps/openssl/config/archs/darwin64-x86_64-cc/asm/openssl.gypi +++ b/deps/openssl/config/archs/darwin64-x86_64-cc/asm/openssl.gypi @@ -1004,6 +1004,7 @@ 'OPENSSL_IA32_SSE2', 'PADLOCK_ASM', 'POLY1305_ASM', + 'RC4_ASM', 'SHA1_ASM', 'SHA256_ASM', 'SHA512_ASM', diff --git a/deps/openssl/config/archs/darwin64-x86_64-cc/asm_avx2/configdata.pm b/deps/openssl/config/archs/darwin64-x86_64-cc/asm_avx2/configdata.pm index be4cf2a3bf2879..d036b582d78c68 100644 --- a/deps/openssl/config/archs/darwin64-x86_64-cc/asm_avx2/configdata.pm +++ b/deps/openssl/config/archs/darwin64-x86_64-cc/asm_avx2/configdata.pm @@ -156,7 +156,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -206,7 +206,7 @@ our %config = ( ], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -258,11 +258,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned int", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "darwin64-x86_64-cc", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "ar", @@ -1599,6 +1599,7 @@ our %unified_info = ( "OPENSSL_IA32_SSE2", "PADLOCK_ASM", "POLY1305_ASM", + "RC4_ASM", "SHA1_ASM", "SHA256_ASM", "SHA512_ASM", @@ -1650,7 +1651,8 @@ our %unified_info = ( "X25519_ASM" ], "providers/liblegacy.a" => [ - "MD5_ASM" + "MD5_ASM", + "RC4_ASM" ], "test/provider_internal_test" => [ "PROVIDER_INIT_FUNCTION_NAME=p_test_init" diff --git a/deps/openssl/config/archs/darwin64-x86_64-cc/asm_avx2/crypto/buildinf.h b/deps/openssl/config/archs/darwin64-x86_64-cc/asm_avx2/crypto/buildinf.h index 84dffeb542dd42..994cec42e962cd 100644 --- a/deps/openssl/config/archs/darwin64-x86_64-cc/asm_avx2/crypto/buildinf.h +++ b/deps/openssl/config/archs/darwin64-x86_64-cc/asm_avx2/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: darwin64-x86_64-cc" -#define DATE "built on: Fri Jun 9 12:01:16 2023 UTC" +#define DATE "built on: Sun Aug 6 00:27:49 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/darwin64-x86_64-cc/asm_avx2/include/openssl/opensslv.h b/deps/openssl/config/archs/darwin64-x86_64-cc/asm_avx2/include/openssl/opensslv.h index 1b938a927c7d59..06ba6600ff29ce 100644 --- a/deps/openssl/config/archs/darwin64-x86_64-cc/asm_avx2/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/darwin64-x86_64-cc/asm_avx2/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/darwin64-x86_64-cc/asm_avx2/openssl-cl.gypi b/deps/openssl/config/archs/darwin64-x86_64-cc/asm_avx2/openssl-cl.gypi index 0b8979e20eb300..b4fdd2479ed704 100644 --- a/deps/openssl/config/archs/darwin64-x86_64-cc/asm_avx2/openssl-cl.gypi +++ b/deps/openssl/config/archs/darwin64-x86_64-cc/asm_avx2/openssl-cl.gypi @@ -18,6 +18,7 @@ 'OPENSSL_IA32_SSE2', 'PADLOCK_ASM', 'POLY1305_ASM', + 'RC4_ASM', 'SHA1_ASM', 'SHA256_ASM', 'SHA512_ASM', diff --git a/deps/openssl/config/archs/darwin64-x86_64-cc/asm_avx2/openssl.gypi b/deps/openssl/config/archs/darwin64-x86_64-cc/asm_avx2/openssl.gypi index cb4fc2bf7ab75f..b6218392f74489 100644 --- a/deps/openssl/config/archs/darwin64-x86_64-cc/asm_avx2/openssl.gypi +++ b/deps/openssl/config/archs/darwin64-x86_64-cc/asm_avx2/openssl.gypi @@ -1004,6 +1004,7 @@ 'OPENSSL_IA32_SSE2', 'PADLOCK_ASM', 'POLY1305_ASM', + 'RC4_ASM', 'SHA1_ASM', 'SHA256_ASM', 'SHA512_ASM', diff --git a/deps/openssl/config/archs/darwin64-x86_64-cc/no-asm/configdata.pm b/deps/openssl/config/archs/darwin64-x86_64-cc/no-asm/configdata.pm index 6f7fd736109dc9..e85b222e7d012d 100644 --- a/deps/openssl/config/archs/darwin64-x86_64-cc/no-asm/configdata.pm +++ b/deps/openssl/config/archs/darwin64-x86_64-cc/no-asm/configdata.pm @@ -154,7 +154,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -205,7 +205,7 @@ our %config = ( ], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-asm no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -258,11 +258,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned int", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "darwin64-x86_64-cc", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "ar", diff --git a/deps/openssl/config/archs/darwin64-x86_64-cc/no-asm/crypto/buildinf.h b/deps/openssl/config/archs/darwin64-x86_64-cc/no-asm/crypto/buildinf.h index 368c58965bb070..fb875ca7f85df2 100644 --- a/deps/openssl/config/archs/darwin64-x86_64-cc/no-asm/crypto/buildinf.h +++ b/deps/openssl/config/archs/darwin64-x86_64-cc/no-asm/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: darwin64-x86_64-cc" -#define DATE "built on: Fri Jun 9 12:01:39 2023 UTC" +#define DATE "built on: Sun Aug 6 00:28:13 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/darwin64-x86_64-cc/no-asm/include/openssl/opensslv.h b/deps/openssl/config/archs/darwin64-x86_64-cc/no-asm/include/openssl/opensslv.h index 1b938a927c7d59..06ba6600ff29ce 100644 --- a/deps/openssl/config/archs/darwin64-x86_64-cc/no-asm/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/darwin64-x86_64-cc/no-asm/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/linux-aarch64/asm/configdata.pm b/deps/openssl/config/archs/linux-aarch64/asm/configdata.pm index 029caf8c119fcf..8d48c4016f8c8b 100644 --- a/deps/openssl/config/archs/linux-aarch64/asm/configdata.pm +++ b/deps/openssl/config/archs/linux-aarch64/asm/configdata.pm @@ -159,7 +159,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -207,7 +207,7 @@ our %config = ( "openssl_sys_defines" => [], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -259,11 +259,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned char", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "linux-aarch64", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "ar", diff --git a/deps/openssl/config/archs/linux-aarch64/asm/crypto/buildinf.h b/deps/openssl/config/archs/linux-aarch64/asm/crypto/buildinf.h index 8b8d370ee5f7f1..59ce7dfcd536af 100644 --- a/deps/openssl/config/archs/linux-aarch64/asm/crypto/buildinf.h +++ b/deps/openssl/config/archs/linux-aarch64/asm/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: linux-aarch64" -#define DATE "built on: Fri Jun 9 12:03:54 2023 UTC" +#define DATE "built on: Sun Aug 6 00:30:30 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/linux-aarch64/asm/include/openssl/opensslv.h b/deps/openssl/config/archs/linux-aarch64/asm/include/openssl/opensslv.h index 1b938a927c7d59..06ba6600ff29ce 100644 --- a/deps/openssl/config/archs/linux-aarch64/asm/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/linux-aarch64/asm/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/linux-aarch64/asm_avx2/configdata.pm b/deps/openssl/config/archs/linux-aarch64/asm_avx2/configdata.pm index 7c4e9d65f86317..9d498a04297dd0 100644 --- a/deps/openssl/config/archs/linux-aarch64/asm_avx2/configdata.pm +++ b/deps/openssl/config/archs/linux-aarch64/asm_avx2/configdata.pm @@ -159,7 +159,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -207,7 +207,7 @@ our %config = ( "openssl_sys_defines" => [], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -259,11 +259,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned char", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "linux-aarch64", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "ar", diff --git a/deps/openssl/config/archs/linux-aarch64/asm_avx2/crypto/buildinf.h b/deps/openssl/config/archs/linux-aarch64/asm_avx2/crypto/buildinf.h index 0e97659b1b9b54..8044c52de8534f 100644 --- a/deps/openssl/config/archs/linux-aarch64/asm_avx2/crypto/buildinf.h +++ b/deps/openssl/config/archs/linux-aarch64/asm_avx2/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: linux-aarch64" -#define DATE "built on: Fri Jun 9 12:04:14 2023 UTC" +#define DATE "built on: Sun Aug 6 00:30:52 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/linux-aarch64/asm_avx2/include/openssl/opensslv.h b/deps/openssl/config/archs/linux-aarch64/asm_avx2/include/openssl/opensslv.h index 1b938a927c7d59..06ba6600ff29ce 100644 --- a/deps/openssl/config/archs/linux-aarch64/asm_avx2/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/linux-aarch64/asm_avx2/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/linux-aarch64/no-asm/configdata.pm b/deps/openssl/config/archs/linux-aarch64/no-asm/configdata.pm index 6fa7cbd666927f..31514639fa12cd 100644 --- a/deps/openssl/config/archs/linux-aarch64/no-asm/configdata.pm +++ b/deps/openssl/config/archs/linux-aarch64/no-asm/configdata.pm @@ -157,7 +157,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -206,7 +206,7 @@ our %config = ( "openssl_sys_defines" => [], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-asm no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -259,11 +259,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned char", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "linux-aarch64", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "ar", diff --git a/deps/openssl/config/archs/linux-aarch64/no-asm/crypto/buildinf.h b/deps/openssl/config/archs/linux-aarch64/no-asm/crypto/buildinf.h index 6312c75141ff39..2c556e7c636514 100644 --- a/deps/openssl/config/archs/linux-aarch64/no-asm/crypto/buildinf.h +++ b/deps/openssl/config/archs/linux-aarch64/no-asm/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: linux-aarch64" -#define DATE "built on: Fri Jun 9 12:04:34 2023 UTC" +#define DATE "built on: Sun Aug 6 00:31:14 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/linux-aarch64/no-asm/include/openssl/opensslv.h b/deps/openssl/config/archs/linux-aarch64/no-asm/include/openssl/opensslv.h index 1b938a927c7d59..06ba6600ff29ce 100644 --- a/deps/openssl/config/archs/linux-aarch64/no-asm/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/linux-aarch64/no-asm/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/linux-armv4/asm/configdata.pm b/deps/openssl/config/archs/linux-armv4/asm/configdata.pm index c8549b716ed284..b6536beee0911a 100644 --- a/deps/openssl/config/archs/linux-armv4/asm/configdata.pm +++ b/deps/openssl/config/archs/linux-armv4/asm/configdata.pm @@ -159,7 +159,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -207,7 +207,7 @@ our %config = ( "openssl_sys_defines" => [], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -259,11 +259,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned char", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "linux-armv4", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "ar", diff --git a/deps/openssl/config/archs/linux-armv4/asm/crypto/buildinf.h b/deps/openssl/config/archs/linux-armv4/asm/crypto/buildinf.h index 5483148e0d9fa3..16acd7cb38014e 100644 --- a/deps/openssl/config/archs/linux-armv4/asm/crypto/buildinf.h +++ b/deps/openssl/config/archs/linux-armv4/asm/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: linux-armv4" -#define DATE "built on: Fri Jun 9 12:04:54 2023 UTC" +#define DATE "built on: Sun Aug 6 00:31:35 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/linux-armv4/asm/include/openssl/opensslv.h b/deps/openssl/config/archs/linux-armv4/asm/include/openssl/opensslv.h index 1b938a927c7d59..06ba6600ff29ce 100644 --- a/deps/openssl/config/archs/linux-armv4/asm/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/linux-armv4/asm/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/linux-armv4/asm_avx2/configdata.pm b/deps/openssl/config/archs/linux-armv4/asm_avx2/configdata.pm index 203ca2516c4476..2d6713a69fe77a 100644 --- a/deps/openssl/config/archs/linux-armv4/asm_avx2/configdata.pm +++ b/deps/openssl/config/archs/linux-armv4/asm_avx2/configdata.pm @@ -159,7 +159,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -207,7 +207,7 @@ our %config = ( "openssl_sys_defines" => [], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -259,11 +259,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned char", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "linux-armv4", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "ar", diff --git a/deps/openssl/config/archs/linux-armv4/asm_avx2/crypto/buildinf.h b/deps/openssl/config/archs/linux-armv4/asm_avx2/crypto/buildinf.h index d0aa130324d6ba..2ee5795e784c20 100644 --- a/deps/openssl/config/archs/linux-armv4/asm_avx2/crypto/buildinf.h +++ b/deps/openssl/config/archs/linux-armv4/asm_avx2/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: linux-armv4" -#define DATE "built on: Fri Jun 9 12:05:16 2023 UTC" +#define DATE "built on: Sun Aug 6 00:31:58 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/linux-armv4/asm_avx2/include/openssl/opensslv.h b/deps/openssl/config/archs/linux-armv4/asm_avx2/include/openssl/opensslv.h index 1b938a927c7d59..06ba6600ff29ce 100644 --- a/deps/openssl/config/archs/linux-armv4/asm_avx2/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/linux-armv4/asm_avx2/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/linux-armv4/no-asm/configdata.pm b/deps/openssl/config/archs/linux-armv4/no-asm/configdata.pm index ce3e0a42c34881..bee312afe923a3 100644 --- a/deps/openssl/config/archs/linux-armv4/no-asm/configdata.pm +++ b/deps/openssl/config/archs/linux-armv4/no-asm/configdata.pm @@ -157,7 +157,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -206,7 +206,7 @@ our %config = ( "openssl_sys_defines" => [], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-asm no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -259,11 +259,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned char", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "linux-armv4", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "ar", diff --git a/deps/openssl/config/archs/linux-armv4/no-asm/crypto/buildinf.h b/deps/openssl/config/archs/linux-armv4/no-asm/crypto/buildinf.h index d5645c2e250669..37415a157b7a5a 100644 --- a/deps/openssl/config/archs/linux-armv4/no-asm/crypto/buildinf.h +++ b/deps/openssl/config/archs/linux-armv4/no-asm/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: linux-armv4" -#define DATE "built on: Fri Jun 9 12:05:35 2023 UTC" +#define DATE "built on: Sun Aug 6 00:32:20 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/linux-armv4/no-asm/include/openssl/opensslv.h b/deps/openssl/config/archs/linux-armv4/no-asm/include/openssl/opensslv.h index 1b938a927c7d59..06ba6600ff29ce 100644 --- a/deps/openssl/config/archs/linux-armv4/no-asm/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/linux-armv4/no-asm/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/linux-elf/asm/configdata.pm b/deps/openssl/config/archs/linux-elf/asm/configdata.pm index 35521a3b9a8248..fe754b5ea008b5 100644 --- a/deps/openssl/config/archs/linux-elf/asm/configdata.pm +++ b/deps/openssl/config/archs/linux-elf/asm/configdata.pm @@ -159,7 +159,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -207,7 +207,7 @@ our %config = ( "openssl_sys_defines" => [], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -259,11 +259,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned int", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "linux-elf", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "ar", @@ -1604,6 +1604,7 @@ our %unified_info = ( "OPENSSL_IA32_SSE2", "PADLOCK_ASM", "POLY1305_ASM", + "RC4_ASM", "RMD160_ASM", "SHA1_ASM", "SHA256_ASM", @@ -1651,7 +1652,8 @@ our %unified_info = ( "VPAES_ASM" ], "providers/liblegacy.a" => [ - "MD5_ASM" + "MD5_ASM", + "RC4_ASM" ], "test/provider_internal_test" => [ "PROVIDER_INIT_FUNCTION_NAME=p_test_init" diff --git a/deps/openssl/config/archs/linux-elf/asm/crypto/buildinf.h b/deps/openssl/config/archs/linux-elf/asm/crypto/buildinf.h index 2833ceecca2d7a..f58e1b3b022376 100644 --- a/deps/openssl/config/archs/linux-elf/asm/crypto/buildinf.h +++ b/deps/openssl/config/archs/linux-elf/asm/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: linux-elf" -#define DATE "built on: Fri Jun 9 12:05:54 2023 UTC" +#define DATE "built on: Sun Aug 6 00:32:41 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/linux-elf/asm/include/openssl/opensslv.h b/deps/openssl/config/archs/linux-elf/asm/include/openssl/opensslv.h index 1b938a927c7d59..06ba6600ff29ce 100644 --- a/deps/openssl/config/archs/linux-elf/asm/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/linux-elf/asm/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/linux-elf/asm/openssl-cl.gypi b/deps/openssl/config/archs/linux-elf/asm/openssl-cl.gypi index 412214ff027bec..8f021d5c21263e 100644 --- a/deps/openssl/config/archs/linux-elf/asm/openssl-cl.gypi +++ b/deps/openssl/config/archs/linux-elf/asm/openssl-cl.gypi @@ -18,6 +18,7 @@ 'OPENSSL_IA32_SSE2', 'PADLOCK_ASM', 'POLY1305_ASM', + 'RC4_ASM', 'RMD160_ASM', 'SHA1_ASM', 'SHA256_ASM', diff --git a/deps/openssl/config/archs/linux-elf/asm/openssl.gypi b/deps/openssl/config/archs/linux-elf/asm/openssl.gypi index f8bb8061186381..0cf7d926c47e93 100644 --- a/deps/openssl/config/archs/linux-elf/asm/openssl.gypi +++ b/deps/openssl/config/archs/linux-elf/asm/openssl.gypi @@ -993,6 +993,7 @@ 'OPENSSL_IA32_SSE2', 'PADLOCK_ASM', 'POLY1305_ASM', + 'RC4_ASM', 'RMD160_ASM', 'SHA1_ASM', 'SHA256_ASM', diff --git a/deps/openssl/config/archs/linux-elf/asm_avx2/configdata.pm b/deps/openssl/config/archs/linux-elf/asm_avx2/configdata.pm index f1c5d3bdc01ed4..083f6bc78525da 100644 --- a/deps/openssl/config/archs/linux-elf/asm_avx2/configdata.pm +++ b/deps/openssl/config/archs/linux-elf/asm_avx2/configdata.pm @@ -159,7 +159,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -207,7 +207,7 @@ our %config = ( "openssl_sys_defines" => [], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -259,11 +259,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned int", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "linux-elf", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "ar", @@ -1604,6 +1604,7 @@ our %unified_info = ( "OPENSSL_IA32_SSE2", "PADLOCK_ASM", "POLY1305_ASM", + "RC4_ASM", "RMD160_ASM", "SHA1_ASM", "SHA256_ASM", @@ -1651,7 +1652,8 @@ our %unified_info = ( "VPAES_ASM" ], "providers/liblegacy.a" => [ - "MD5_ASM" + "MD5_ASM", + "RC4_ASM" ], "test/provider_internal_test" => [ "PROVIDER_INIT_FUNCTION_NAME=p_test_init" diff --git a/deps/openssl/config/archs/linux-elf/asm_avx2/crypto/buildinf.h b/deps/openssl/config/archs/linux-elf/asm_avx2/crypto/buildinf.h index f17e29484d2840..cfff344f504f1f 100644 --- a/deps/openssl/config/archs/linux-elf/asm_avx2/crypto/buildinf.h +++ b/deps/openssl/config/archs/linux-elf/asm_avx2/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: linux-elf" -#define DATE "built on: Fri Jun 9 12:06:15 2023 UTC" +#define DATE "built on: Sun Aug 6 00:33:04 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/linux-elf/asm_avx2/include/openssl/opensslv.h b/deps/openssl/config/archs/linux-elf/asm_avx2/include/openssl/opensslv.h index 1b938a927c7d59..06ba6600ff29ce 100644 --- a/deps/openssl/config/archs/linux-elf/asm_avx2/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/linux-elf/asm_avx2/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/linux-elf/asm_avx2/openssl-cl.gypi b/deps/openssl/config/archs/linux-elf/asm_avx2/openssl-cl.gypi index 2e818082b7baac..4e2c60206e2c21 100644 --- a/deps/openssl/config/archs/linux-elf/asm_avx2/openssl-cl.gypi +++ b/deps/openssl/config/archs/linux-elf/asm_avx2/openssl-cl.gypi @@ -18,6 +18,7 @@ 'OPENSSL_IA32_SSE2', 'PADLOCK_ASM', 'POLY1305_ASM', + 'RC4_ASM', 'RMD160_ASM', 'SHA1_ASM', 'SHA256_ASM', diff --git a/deps/openssl/config/archs/linux-elf/asm_avx2/openssl.gypi b/deps/openssl/config/archs/linux-elf/asm_avx2/openssl.gypi index 31ae85eee1e27f..4ca065ef163fd8 100644 --- a/deps/openssl/config/archs/linux-elf/asm_avx2/openssl.gypi +++ b/deps/openssl/config/archs/linux-elf/asm_avx2/openssl.gypi @@ -993,6 +993,7 @@ 'OPENSSL_IA32_SSE2', 'PADLOCK_ASM', 'POLY1305_ASM', + 'RC4_ASM', 'RMD160_ASM', 'SHA1_ASM', 'SHA256_ASM', diff --git a/deps/openssl/config/archs/linux-elf/no-asm/configdata.pm b/deps/openssl/config/archs/linux-elf/no-asm/configdata.pm index 69069353323851..a5e1137b149e7a 100644 --- a/deps/openssl/config/archs/linux-elf/no-asm/configdata.pm +++ b/deps/openssl/config/archs/linux-elf/no-asm/configdata.pm @@ -157,7 +157,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -206,7 +206,7 @@ our %config = ( "openssl_sys_defines" => [], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-asm no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -259,11 +259,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned int", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "linux-elf", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "ar", diff --git a/deps/openssl/config/archs/linux-elf/no-asm/crypto/buildinf.h b/deps/openssl/config/archs/linux-elf/no-asm/crypto/buildinf.h index 8289ac097f3f28..0dd30616b28e66 100644 --- a/deps/openssl/config/archs/linux-elf/no-asm/crypto/buildinf.h +++ b/deps/openssl/config/archs/linux-elf/no-asm/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: linux-elf" -#define DATE "built on: Fri Jun 9 12:06:35 2023 UTC" +#define DATE "built on: Sun Aug 6 00:33:27 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/linux-elf/no-asm/include/openssl/opensslv.h b/deps/openssl/config/archs/linux-elf/no-asm/include/openssl/opensslv.h index 1b938a927c7d59..06ba6600ff29ce 100644 --- a/deps/openssl/config/archs/linux-elf/no-asm/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/linux-elf/no-asm/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/linux-ppc64le/asm/configdata.pm b/deps/openssl/config/archs/linux-ppc64le/asm/configdata.pm index ba849aab6ad85e..f979f6f060f9b6 100644 --- a/deps/openssl/config/archs/linux-ppc64le/asm/configdata.pm +++ b/deps/openssl/config/archs/linux-ppc64le/asm/configdata.pm @@ -159,7 +159,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -207,7 +207,7 @@ our %config = ( "openssl_sys_defines" => [], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -259,11 +259,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned char", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "linux-ppc64le", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "ar", diff --git a/deps/openssl/config/archs/linux-ppc64le/asm/crypto/buildinf.h b/deps/openssl/config/archs/linux-ppc64le/asm/crypto/buildinf.h index 02933f6dcf4c97..c45299350be3f9 100644 --- a/deps/openssl/config/archs/linux-ppc64le/asm/crypto/buildinf.h +++ b/deps/openssl/config/archs/linux-ppc64le/asm/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: linux-ppc64le" -#define DATE "built on: Fri Jun 9 12:08:05 2023 UTC" +#define DATE "built on: Sun Aug 6 00:35:08 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/linux-ppc64le/asm/include/openssl/opensslv.h b/deps/openssl/config/archs/linux-ppc64le/asm/include/openssl/opensslv.h index 1b938a927c7d59..06ba6600ff29ce 100644 --- a/deps/openssl/config/archs/linux-ppc64le/asm/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/linux-ppc64le/asm/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/linux-ppc64le/asm_avx2/configdata.pm b/deps/openssl/config/archs/linux-ppc64le/asm_avx2/configdata.pm index be99b4e22f7b01..08080140eb2e78 100644 --- a/deps/openssl/config/archs/linux-ppc64le/asm_avx2/configdata.pm +++ b/deps/openssl/config/archs/linux-ppc64le/asm_avx2/configdata.pm @@ -159,7 +159,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -207,7 +207,7 @@ our %config = ( "openssl_sys_defines" => [], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -259,11 +259,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned char", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "linux-ppc64le", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "ar", diff --git a/deps/openssl/config/archs/linux-ppc64le/asm_avx2/crypto/buildinf.h b/deps/openssl/config/archs/linux-ppc64le/asm_avx2/crypto/buildinf.h index adf8760ec18c50..2395cef1030cd0 100644 --- a/deps/openssl/config/archs/linux-ppc64le/asm_avx2/crypto/buildinf.h +++ b/deps/openssl/config/archs/linux-ppc64le/asm_avx2/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: linux-ppc64le" -#define DATE "built on: Fri Jun 9 12:08:25 2023 UTC" +#define DATE "built on: Sun Aug 6 00:35:31 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/linux-ppc64le/asm_avx2/include/openssl/opensslv.h b/deps/openssl/config/archs/linux-ppc64le/asm_avx2/include/openssl/opensslv.h index 1b938a927c7d59..06ba6600ff29ce 100644 --- a/deps/openssl/config/archs/linux-ppc64le/asm_avx2/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/linux-ppc64le/asm_avx2/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/linux-ppc64le/no-asm/configdata.pm b/deps/openssl/config/archs/linux-ppc64le/no-asm/configdata.pm index 8e3ad7b5776a38..189ada48854119 100644 --- a/deps/openssl/config/archs/linux-ppc64le/no-asm/configdata.pm +++ b/deps/openssl/config/archs/linux-ppc64le/no-asm/configdata.pm @@ -157,7 +157,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -206,7 +206,7 @@ our %config = ( "openssl_sys_defines" => [], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-asm no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -259,11 +259,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned char", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "linux-ppc64le", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "ar", diff --git a/deps/openssl/config/archs/linux-ppc64le/no-asm/crypto/buildinf.h b/deps/openssl/config/archs/linux-ppc64le/no-asm/crypto/buildinf.h index b77a7e069c3273..bf4a292031de3f 100644 --- a/deps/openssl/config/archs/linux-ppc64le/no-asm/crypto/buildinf.h +++ b/deps/openssl/config/archs/linux-ppc64le/no-asm/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: linux-ppc64le" -#define DATE "built on: Fri Jun 9 12:08:46 2023 UTC" +#define DATE "built on: Sun Aug 6 00:35:54 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/linux-ppc64le/no-asm/include/openssl/opensslv.h b/deps/openssl/config/archs/linux-ppc64le/no-asm/include/openssl/opensslv.h index 1b938a927c7d59..06ba6600ff29ce 100644 --- a/deps/openssl/config/archs/linux-ppc64le/no-asm/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/linux-ppc64le/no-asm/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/linux-x86_64/asm/configdata.pm b/deps/openssl/config/archs/linux-x86_64/asm/configdata.pm index c2f948fe7636b2..133c99bdb8379f 100644 --- a/deps/openssl/config/archs/linux-x86_64/asm/configdata.pm +++ b/deps/openssl/config/archs/linux-x86_64/asm/configdata.pm @@ -159,7 +159,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -207,7 +207,7 @@ our %config = ( "openssl_sys_defines" => [], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -259,11 +259,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned int", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "linux-x86_64", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "ar", @@ -1607,6 +1607,7 @@ our %unified_info = ( "OPENSSL_IA32_SSE2", "PADLOCK_ASM", "POLY1305_ASM", + "RC4_ASM", "SHA1_ASM", "SHA256_ASM", "SHA512_ASM", @@ -1658,7 +1659,8 @@ our %unified_info = ( "X25519_ASM" ], "providers/liblegacy.a" => [ - "MD5_ASM" + "MD5_ASM", + "RC4_ASM" ], "test/provider_internal_test" => [ "PROVIDER_INIT_FUNCTION_NAME=p_test_init" diff --git a/deps/openssl/config/archs/linux-x86_64/asm/crypto/buildinf.h b/deps/openssl/config/archs/linux-x86_64/asm/crypto/buildinf.h index b79059d5f8a546..13c3b4c33b64c4 100644 --- a/deps/openssl/config/archs/linux-x86_64/asm/crypto/buildinf.h +++ b/deps/openssl/config/archs/linux-x86_64/asm/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: linux-x86_64" -#define DATE "built on: Fri Jun 9 12:06:54 2023 UTC" +#define DATE "built on: Sun Aug 6 00:33:49 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/linux-x86_64/asm/include/openssl/opensslv.h b/deps/openssl/config/archs/linux-x86_64/asm/include/openssl/opensslv.h index 1b938a927c7d59..06ba6600ff29ce 100644 --- a/deps/openssl/config/archs/linux-x86_64/asm/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/linux-x86_64/asm/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/linux-x86_64/asm/openssl-cl.gypi b/deps/openssl/config/archs/linux-x86_64/asm/openssl-cl.gypi index f2859f81db38a1..cae54ea439244b 100644 --- a/deps/openssl/config/archs/linux-x86_64/asm/openssl-cl.gypi +++ b/deps/openssl/config/archs/linux-x86_64/asm/openssl-cl.gypi @@ -19,6 +19,7 @@ 'OPENSSL_IA32_SSE2', 'PADLOCK_ASM', 'POLY1305_ASM', + 'RC4_ASM', 'SHA1_ASM', 'SHA256_ASM', 'SHA512_ASM', diff --git a/deps/openssl/config/archs/linux-x86_64/asm/openssl.gypi b/deps/openssl/config/archs/linux-x86_64/asm/openssl.gypi index 0f35968566e11d..14bcd8e7f8fbed 100644 --- a/deps/openssl/config/archs/linux-x86_64/asm/openssl.gypi +++ b/deps/openssl/config/archs/linux-x86_64/asm/openssl.gypi @@ -1007,6 +1007,7 @@ 'OPENSSL_IA32_SSE2', 'PADLOCK_ASM', 'POLY1305_ASM', + 'RC4_ASM', 'SHA1_ASM', 'SHA256_ASM', 'SHA512_ASM', diff --git a/deps/openssl/config/archs/linux-x86_64/asm_avx2/configdata.pm b/deps/openssl/config/archs/linux-x86_64/asm_avx2/configdata.pm index 44a4cc40e82632..682f020891c38e 100644 --- a/deps/openssl/config/archs/linux-x86_64/asm_avx2/configdata.pm +++ b/deps/openssl/config/archs/linux-x86_64/asm_avx2/configdata.pm @@ -159,7 +159,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -207,7 +207,7 @@ our %config = ( "openssl_sys_defines" => [], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -259,11 +259,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned int", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "linux-x86_64", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "ar", @@ -1607,6 +1607,7 @@ our %unified_info = ( "OPENSSL_IA32_SSE2", "PADLOCK_ASM", "POLY1305_ASM", + "RC4_ASM", "SHA1_ASM", "SHA256_ASM", "SHA512_ASM", @@ -1658,7 +1659,8 @@ our %unified_info = ( "X25519_ASM" ], "providers/liblegacy.a" => [ - "MD5_ASM" + "MD5_ASM", + "RC4_ASM" ], "test/provider_internal_test" => [ "PROVIDER_INIT_FUNCTION_NAME=p_test_init" diff --git a/deps/openssl/config/archs/linux-x86_64/asm_avx2/crypto/buildinf.h b/deps/openssl/config/archs/linux-x86_64/asm_avx2/crypto/buildinf.h index 7309b9400bf53d..1d83deffde45f4 100644 --- a/deps/openssl/config/archs/linux-x86_64/asm_avx2/crypto/buildinf.h +++ b/deps/openssl/config/archs/linux-x86_64/asm_avx2/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: linux-x86_64" -#define DATE "built on: Fri Jun 9 12:07:21 2023 UTC" +#define DATE "built on: Sun Aug 6 00:34:19 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/linux-x86_64/asm_avx2/include/openssl/opensslv.h b/deps/openssl/config/archs/linux-x86_64/asm_avx2/include/openssl/opensslv.h index 1b938a927c7d59..06ba6600ff29ce 100644 --- a/deps/openssl/config/archs/linux-x86_64/asm_avx2/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/linux-x86_64/asm_avx2/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/linux-x86_64/asm_avx2/openssl-cl.gypi b/deps/openssl/config/archs/linux-x86_64/asm_avx2/openssl-cl.gypi index b69ffe3bcb391b..e6e8d9052b1633 100644 --- a/deps/openssl/config/archs/linux-x86_64/asm_avx2/openssl-cl.gypi +++ b/deps/openssl/config/archs/linux-x86_64/asm_avx2/openssl-cl.gypi @@ -19,6 +19,7 @@ 'OPENSSL_IA32_SSE2', 'PADLOCK_ASM', 'POLY1305_ASM', + 'RC4_ASM', 'SHA1_ASM', 'SHA256_ASM', 'SHA512_ASM', diff --git a/deps/openssl/config/archs/linux-x86_64/asm_avx2/openssl.gypi b/deps/openssl/config/archs/linux-x86_64/asm_avx2/openssl.gypi index f65991fee158c8..20c248d53cc144 100644 --- a/deps/openssl/config/archs/linux-x86_64/asm_avx2/openssl.gypi +++ b/deps/openssl/config/archs/linux-x86_64/asm_avx2/openssl.gypi @@ -1007,6 +1007,7 @@ 'OPENSSL_IA32_SSE2', 'PADLOCK_ASM', 'POLY1305_ASM', + 'RC4_ASM', 'SHA1_ASM', 'SHA256_ASM', 'SHA512_ASM', diff --git a/deps/openssl/config/archs/linux-x86_64/no-asm/configdata.pm b/deps/openssl/config/archs/linux-x86_64/no-asm/configdata.pm index 29376e60ea0182..3beffa26651377 100644 --- a/deps/openssl/config/archs/linux-x86_64/no-asm/configdata.pm +++ b/deps/openssl/config/archs/linux-x86_64/no-asm/configdata.pm @@ -157,7 +157,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -206,7 +206,7 @@ our %config = ( "openssl_sys_defines" => [], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-asm no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -259,11 +259,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned int", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "linux-x86_64", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "ar", diff --git a/deps/openssl/config/archs/linux-x86_64/no-asm/crypto/buildinf.h b/deps/openssl/config/archs/linux-x86_64/no-asm/crypto/buildinf.h index 1a65c33e1a42c7..c3499dd469d71a 100644 --- a/deps/openssl/config/archs/linux-x86_64/no-asm/crypto/buildinf.h +++ b/deps/openssl/config/archs/linux-x86_64/no-asm/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: linux-x86_64" -#define DATE "built on: Fri Jun 9 12:07:46 2023 UTC" +#define DATE "built on: Sun Aug 6 00:34:48 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/linux-x86_64/no-asm/include/openssl/opensslv.h b/deps/openssl/config/archs/linux-x86_64/no-asm/include/openssl/opensslv.h index 1b938a927c7d59..06ba6600ff29ce 100644 --- a/deps/openssl/config/archs/linux-x86_64/no-asm/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/linux-x86_64/no-asm/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/linux32-s390x/asm/configdata.pm b/deps/openssl/config/archs/linux32-s390x/asm/configdata.pm index 9c834e7af9f81f..b4729ad28f92ae 100644 --- a/deps/openssl/config/archs/linux32-s390x/asm/configdata.pm +++ b/deps/openssl/config/archs/linux32-s390x/asm/configdata.pm @@ -159,7 +159,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -207,7 +207,7 @@ our %config = ( "openssl_sys_defines" => [], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -259,11 +259,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned char", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "linux32-s390x", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "ar", @@ -1601,6 +1601,7 @@ our %unified_info = ( "OPENSSL_BN_ASM_MONT", "OPENSSL_CPUID_OBJ", "POLY1305_ASM", + "RC4_ASM", "S390X_EC_ASM", "SHA1_ASM", "SHA256_ASM", @@ -1640,6 +1641,9 @@ our %unified_info = ( "SHA256_ASM", "SHA512_ASM" ], + "providers/liblegacy.a" => [ + "RC4_ASM" + ], "test/provider_internal_test" => [ "PROVIDER_INIT_FUNCTION_NAME=p_test_init" ], diff --git a/deps/openssl/config/archs/linux32-s390x/asm/crypto/buildinf.h b/deps/openssl/config/archs/linux32-s390x/asm/crypto/buildinf.h index e90bf206b73b2d..210dcc63df0ff1 100644 --- a/deps/openssl/config/archs/linux32-s390x/asm/crypto/buildinf.h +++ b/deps/openssl/config/archs/linux32-s390x/asm/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: linux32-s390x" -#define DATE "built on: Fri Jun 9 12:09:05 2023 UTC" +#define DATE "built on: Sun Aug 6 00:36:17 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/linux32-s390x/asm/include/openssl/opensslv.h b/deps/openssl/config/archs/linux32-s390x/asm/include/openssl/opensslv.h index 1b938a927c7d59..06ba6600ff29ce 100644 --- a/deps/openssl/config/archs/linux32-s390x/asm/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/linux32-s390x/asm/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/linux32-s390x/asm/openssl-cl.gypi b/deps/openssl/config/archs/linux32-s390x/asm/openssl-cl.gypi index bc25c5dffbba90..0333449e35d511 100644 --- a/deps/openssl/config/archs/linux32-s390x/asm/openssl-cl.gypi +++ b/deps/openssl/config/archs/linux32-s390x/asm/openssl-cl.gypi @@ -14,6 +14,7 @@ 'OPENSSL_BN_ASM_MONT', 'OPENSSL_CPUID_OBJ', 'POLY1305_ASM', + 'RC4_ASM', 'S390X_EC_ASM', 'SHA1_ASM', 'SHA256_ASM', diff --git a/deps/openssl/config/archs/linux32-s390x/asm/openssl.gypi b/deps/openssl/config/archs/linux32-s390x/asm/openssl.gypi index 21816e45dad68b..5815f28914db57 100644 --- a/deps/openssl/config/archs/linux32-s390x/asm/openssl.gypi +++ b/deps/openssl/config/archs/linux32-s390x/asm/openssl.gypi @@ -986,6 +986,7 @@ 'OPENSSL_BN_ASM_MONT', 'OPENSSL_CPUID_OBJ', 'POLY1305_ASM', + 'RC4_ASM', 'S390X_EC_ASM', 'SHA1_ASM', 'SHA256_ASM', diff --git a/deps/openssl/config/archs/linux32-s390x/asm_avx2/configdata.pm b/deps/openssl/config/archs/linux32-s390x/asm_avx2/configdata.pm index e2a285be53885d..e3ec7d01486663 100644 --- a/deps/openssl/config/archs/linux32-s390x/asm_avx2/configdata.pm +++ b/deps/openssl/config/archs/linux32-s390x/asm_avx2/configdata.pm @@ -159,7 +159,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -207,7 +207,7 @@ our %config = ( "openssl_sys_defines" => [], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -259,11 +259,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned char", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "linux32-s390x", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "ar", @@ -1601,6 +1601,7 @@ our %unified_info = ( "OPENSSL_BN_ASM_MONT", "OPENSSL_CPUID_OBJ", "POLY1305_ASM", + "RC4_ASM", "S390X_EC_ASM", "SHA1_ASM", "SHA256_ASM", @@ -1640,6 +1641,9 @@ our %unified_info = ( "SHA256_ASM", "SHA512_ASM" ], + "providers/liblegacy.a" => [ + "RC4_ASM" + ], "test/provider_internal_test" => [ "PROVIDER_INIT_FUNCTION_NAME=p_test_init" ], diff --git a/deps/openssl/config/archs/linux32-s390x/asm_avx2/crypto/buildinf.h b/deps/openssl/config/archs/linux32-s390x/asm_avx2/crypto/buildinf.h index 5c8bda117c2ed5..e689eb7c7734ff 100644 --- a/deps/openssl/config/archs/linux32-s390x/asm_avx2/crypto/buildinf.h +++ b/deps/openssl/config/archs/linux32-s390x/asm_avx2/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: linux32-s390x" -#define DATE "built on: Fri Jun 9 12:09:25 2023 UTC" +#define DATE "built on: Sun Aug 6 00:36:40 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/linux32-s390x/asm_avx2/include/openssl/opensslv.h b/deps/openssl/config/archs/linux32-s390x/asm_avx2/include/openssl/opensslv.h index 1b938a927c7d59..06ba6600ff29ce 100644 --- a/deps/openssl/config/archs/linux32-s390x/asm_avx2/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/linux32-s390x/asm_avx2/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/linux32-s390x/asm_avx2/openssl-cl.gypi b/deps/openssl/config/archs/linux32-s390x/asm_avx2/openssl-cl.gypi index 37d3f6b82bf84e..ea32a6d1e63987 100644 --- a/deps/openssl/config/archs/linux32-s390x/asm_avx2/openssl-cl.gypi +++ b/deps/openssl/config/archs/linux32-s390x/asm_avx2/openssl-cl.gypi @@ -14,6 +14,7 @@ 'OPENSSL_BN_ASM_MONT', 'OPENSSL_CPUID_OBJ', 'POLY1305_ASM', + 'RC4_ASM', 'S390X_EC_ASM', 'SHA1_ASM', 'SHA256_ASM', diff --git a/deps/openssl/config/archs/linux32-s390x/asm_avx2/openssl.gypi b/deps/openssl/config/archs/linux32-s390x/asm_avx2/openssl.gypi index a036ce3acab1ae..9cebf7a2e7764c 100644 --- a/deps/openssl/config/archs/linux32-s390x/asm_avx2/openssl.gypi +++ b/deps/openssl/config/archs/linux32-s390x/asm_avx2/openssl.gypi @@ -986,6 +986,7 @@ 'OPENSSL_BN_ASM_MONT', 'OPENSSL_CPUID_OBJ', 'POLY1305_ASM', + 'RC4_ASM', 'S390X_EC_ASM', 'SHA1_ASM', 'SHA256_ASM', diff --git a/deps/openssl/config/archs/linux32-s390x/no-asm/configdata.pm b/deps/openssl/config/archs/linux32-s390x/no-asm/configdata.pm index 278f09a8eb2d28..a71b8dcf839746 100644 --- a/deps/openssl/config/archs/linux32-s390x/no-asm/configdata.pm +++ b/deps/openssl/config/archs/linux32-s390x/no-asm/configdata.pm @@ -157,7 +157,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -206,7 +206,7 @@ our %config = ( "openssl_sys_defines" => [], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-asm no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -259,11 +259,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned char", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "linux32-s390x", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "ar", diff --git a/deps/openssl/config/archs/linux32-s390x/no-asm/crypto/buildinf.h b/deps/openssl/config/archs/linux32-s390x/no-asm/crypto/buildinf.h index e96f91eeb354f0..7c01ad4e90df3b 100644 --- a/deps/openssl/config/archs/linux32-s390x/no-asm/crypto/buildinf.h +++ b/deps/openssl/config/archs/linux32-s390x/no-asm/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: linux32-s390x" -#define DATE "built on: Fri Jun 9 12:09:46 2023 UTC" +#define DATE "built on: Sun Aug 6 00:37:03 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/linux32-s390x/no-asm/include/openssl/opensslv.h b/deps/openssl/config/archs/linux32-s390x/no-asm/include/openssl/opensslv.h index 1b938a927c7d59..06ba6600ff29ce 100644 --- a/deps/openssl/config/archs/linux32-s390x/no-asm/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/linux32-s390x/no-asm/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/linux64-loongarch64/no-asm/configdata.pm b/deps/openssl/config/archs/linux64-loongarch64/no-asm/configdata.pm index 0cce7c2cd8bc69..9576c99c906303 100644 --- a/deps/openssl/config/archs/linux64-loongarch64/no-asm/configdata.pm +++ b/deps/openssl/config/archs/linux64-loongarch64/no-asm/configdata.pm @@ -157,7 +157,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -206,7 +206,7 @@ our %config = ( "openssl_sys_defines" => [], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-asm no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -259,11 +259,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned char", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "linux64-loongarch64", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "ar", diff --git a/deps/openssl/config/archs/linux64-loongarch64/no-asm/crypto/buildinf.h b/deps/openssl/config/archs/linux64-loongarch64/no-asm/crypto/buildinf.h index 2a82a356209006..4e95343a9fb4cd 100644 --- a/deps/openssl/config/archs/linux64-loongarch64/no-asm/crypto/buildinf.h +++ b/deps/openssl/config/archs/linux64-loongarch64/no-asm/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: linux64-loongarch64" -#define DATE "built on: Fri Jun 9 12:16:55 2023 UTC" +#define DATE "built on: Sun Aug 6 00:45:10 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/linux64-loongarch64/no-asm/include/openssl/opensslv.h b/deps/openssl/config/archs/linux64-loongarch64/no-asm/include/openssl/opensslv.h index 1b938a927c7d59..06ba6600ff29ce 100644 --- a/deps/openssl/config/archs/linux64-loongarch64/no-asm/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/linux64-loongarch64/no-asm/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/linux64-mips64/asm/configdata.pm b/deps/openssl/config/archs/linux64-mips64/asm/configdata.pm index 15b1926241b516..dbfc0d2736f05a 100644 --- a/deps/openssl/config/archs/linux64-mips64/asm/configdata.pm +++ b/deps/openssl/config/archs/linux64-mips64/asm/configdata.pm @@ -162,7 +162,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -210,7 +210,7 @@ our %config = ( "openssl_sys_defines" => [], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -262,11 +262,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned char", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "linux64-mips64", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "ar", diff --git a/deps/openssl/config/archs/linux64-mips64/asm/crypto/buildinf.h b/deps/openssl/config/archs/linux64-mips64/asm/crypto/buildinf.h index 2d223c9b46e7d0..6b70def08e855a 100644 --- a/deps/openssl/config/archs/linux64-mips64/asm/crypto/buildinf.h +++ b/deps/openssl/config/archs/linux64-mips64/asm/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: linux64-mips64" -#define DATE "built on: Fri Jun 9 12:11:06 2023 UTC" +#define DATE "built on: Sun Aug 6 00:38:36 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/linux64-mips64/asm/include/openssl/opensslv.h b/deps/openssl/config/archs/linux64-mips64/asm/include/openssl/opensslv.h index 1b938a927c7d59..06ba6600ff29ce 100644 --- a/deps/openssl/config/archs/linux64-mips64/asm/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/linux64-mips64/asm/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/linux64-mips64/asm_avx2/configdata.pm b/deps/openssl/config/archs/linux64-mips64/asm_avx2/configdata.pm index 7c704ad5c61386..3b8e66e40539e8 100644 --- a/deps/openssl/config/archs/linux64-mips64/asm_avx2/configdata.pm +++ b/deps/openssl/config/archs/linux64-mips64/asm_avx2/configdata.pm @@ -162,7 +162,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -210,7 +210,7 @@ our %config = ( "openssl_sys_defines" => [], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -262,11 +262,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned char", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "linux64-mips64", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "ar", diff --git a/deps/openssl/config/archs/linux64-mips64/asm_avx2/crypto/buildinf.h b/deps/openssl/config/archs/linux64-mips64/asm_avx2/crypto/buildinf.h index 1143c2dce57b12..594e838897cbbb 100644 --- a/deps/openssl/config/archs/linux64-mips64/asm_avx2/crypto/buildinf.h +++ b/deps/openssl/config/archs/linux64-mips64/asm_avx2/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: linux64-mips64" -#define DATE "built on: Fri Jun 9 12:11:25 2023 UTC" +#define DATE "built on: Sun Aug 6 00:38:59 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/linux64-mips64/asm_avx2/include/openssl/opensslv.h b/deps/openssl/config/archs/linux64-mips64/asm_avx2/include/openssl/opensslv.h index 1b938a927c7d59..06ba6600ff29ce 100644 --- a/deps/openssl/config/archs/linux64-mips64/asm_avx2/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/linux64-mips64/asm_avx2/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/linux64-mips64/no-asm/configdata.pm b/deps/openssl/config/archs/linux64-mips64/no-asm/configdata.pm index 7b25eb874e412e..01bb1010d678bf 100644 --- a/deps/openssl/config/archs/linux64-mips64/no-asm/configdata.pm +++ b/deps/openssl/config/archs/linux64-mips64/no-asm/configdata.pm @@ -157,7 +157,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -206,7 +206,7 @@ our %config = ( "openssl_sys_defines" => [], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-asm no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -259,11 +259,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned char", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "linux64-mips64", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "ar", diff --git a/deps/openssl/config/archs/linux64-mips64/no-asm/crypto/buildinf.h b/deps/openssl/config/archs/linux64-mips64/no-asm/crypto/buildinf.h index 4303c5e7f82648..1c1ffc1c348702 100644 --- a/deps/openssl/config/archs/linux64-mips64/no-asm/crypto/buildinf.h +++ b/deps/openssl/config/archs/linux64-mips64/no-asm/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: linux64-mips64" -#define DATE "built on: Fri Jun 9 12:11:45 2023 UTC" +#define DATE "built on: Sun Aug 6 00:39:21 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/linux64-mips64/no-asm/include/openssl/opensslv.h b/deps/openssl/config/archs/linux64-mips64/no-asm/include/openssl/opensslv.h index 1b938a927c7d59..06ba6600ff29ce 100644 --- a/deps/openssl/config/archs/linux64-mips64/no-asm/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/linux64-mips64/no-asm/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/linux64-riscv64/no-asm/configdata.pm b/deps/openssl/config/archs/linux64-riscv64/no-asm/configdata.pm index 76fc8399a00801..2618989ca8c17c 100644 --- a/deps/openssl/config/archs/linux64-riscv64/no-asm/configdata.pm +++ b/deps/openssl/config/archs/linux64-riscv64/no-asm/configdata.pm @@ -157,7 +157,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -206,7 +206,7 @@ our %config = ( "openssl_sys_defines" => [], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-asm no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -259,11 +259,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned char", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "linux64-riscv64", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "ar", diff --git a/deps/openssl/config/archs/linux64-riscv64/no-asm/crypto/buildinf.h b/deps/openssl/config/archs/linux64-riscv64/no-asm/crypto/buildinf.h index 5a857cbdc61f87..f8ee87111d60b3 100644 --- a/deps/openssl/config/archs/linux64-riscv64/no-asm/crypto/buildinf.h +++ b/deps/openssl/config/archs/linux64-riscv64/no-asm/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: linux64-riscv64" -#define DATE "built on: Fri Jun 9 12:16:36 2023 UTC" +#define DATE "built on: Sun Aug 6 00:44:48 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/linux64-riscv64/no-asm/include/openssl/opensslv.h b/deps/openssl/config/archs/linux64-riscv64/no-asm/include/openssl/opensslv.h index 1b938a927c7d59..06ba6600ff29ce 100644 --- a/deps/openssl/config/archs/linux64-riscv64/no-asm/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/linux64-riscv64/no-asm/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/linux64-s390x/asm/configdata.pm b/deps/openssl/config/archs/linux64-s390x/asm/configdata.pm index bd313bf90b2e1a..31e57b928cac04 100644 --- a/deps/openssl/config/archs/linux64-s390x/asm/configdata.pm +++ b/deps/openssl/config/archs/linux64-s390x/asm/configdata.pm @@ -159,7 +159,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -207,7 +207,7 @@ our %config = ( "openssl_sys_defines" => [], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -259,11 +259,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned char", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "linux64-s390x", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "ar", @@ -1602,6 +1602,7 @@ our %unified_info = ( "OPENSSL_BN_ASM_MONT", "OPENSSL_CPUID_OBJ", "POLY1305_ASM", + "RC4_ASM", "S390X_EC_ASM", "SHA1_ASM", "SHA256_ASM", @@ -1641,6 +1642,9 @@ our %unified_info = ( "SHA256_ASM", "SHA512_ASM" ], + "providers/liblegacy.a" => [ + "RC4_ASM" + ], "test/provider_internal_test" => [ "PROVIDER_INIT_FUNCTION_NAME=p_test_init" ], diff --git a/deps/openssl/config/archs/linux64-s390x/asm/crypto/buildinf.h b/deps/openssl/config/archs/linux64-s390x/asm/crypto/buildinf.h index 53de14744e5bbc..b10344ae3019e1 100644 --- a/deps/openssl/config/archs/linux64-s390x/asm/crypto/buildinf.h +++ b/deps/openssl/config/archs/linux64-s390x/asm/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: linux64-s390x" -#define DATE "built on: Fri Jun 9 12:10:05 2023 UTC" +#define DATE "built on: Sun Aug 6 00:37:26 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/linux64-s390x/asm/include/openssl/opensslv.h b/deps/openssl/config/archs/linux64-s390x/asm/include/openssl/opensslv.h index 1b938a927c7d59..06ba6600ff29ce 100644 --- a/deps/openssl/config/archs/linux64-s390x/asm/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/linux64-s390x/asm/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/linux64-s390x/asm/openssl-cl.gypi b/deps/openssl/config/archs/linux64-s390x/asm/openssl-cl.gypi index 944f5b6c795ad1..37cfcb1c40ef2c 100644 --- a/deps/openssl/config/archs/linux64-s390x/asm/openssl-cl.gypi +++ b/deps/openssl/config/archs/linux64-s390x/asm/openssl-cl.gypi @@ -14,6 +14,7 @@ 'OPENSSL_BN_ASM_MONT', 'OPENSSL_CPUID_OBJ', 'POLY1305_ASM', + 'RC4_ASM', 'S390X_EC_ASM', 'SHA1_ASM', 'SHA256_ASM', diff --git a/deps/openssl/config/archs/linux64-s390x/asm/openssl.gypi b/deps/openssl/config/archs/linux64-s390x/asm/openssl.gypi index 5598e6a54b4a35..0e033968bf85be 100644 --- a/deps/openssl/config/archs/linux64-s390x/asm/openssl.gypi +++ b/deps/openssl/config/archs/linux64-s390x/asm/openssl.gypi @@ -985,6 +985,7 @@ 'OPENSSL_BN_ASM_MONT', 'OPENSSL_CPUID_OBJ', 'POLY1305_ASM', + 'RC4_ASM', 'S390X_EC_ASM', 'SHA1_ASM', 'SHA256_ASM', diff --git a/deps/openssl/config/archs/linux64-s390x/asm_avx2/configdata.pm b/deps/openssl/config/archs/linux64-s390x/asm_avx2/configdata.pm index 529ed98264331d..f7a270be6046c4 100644 --- a/deps/openssl/config/archs/linux64-s390x/asm_avx2/configdata.pm +++ b/deps/openssl/config/archs/linux64-s390x/asm_avx2/configdata.pm @@ -159,7 +159,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -207,7 +207,7 @@ our %config = ( "openssl_sys_defines" => [], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -259,11 +259,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned char", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "linux64-s390x", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "ar", @@ -1602,6 +1602,7 @@ our %unified_info = ( "OPENSSL_BN_ASM_MONT", "OPENSSL_CPUID_OBJ", "POLY1305_ASM", + "RC4_ASM", "S390X_EC_ASM", "SHA1_ASM", "SHA256_ASM", @@ -1641,6 +1642,9 @@ our %unified_info = ( "SHA256_ASM", "SHA512_ASM" ], + "providers/liblegacy.a" => [ + "RC4_ASM" + ], "test/provider_internal_test" => [ "PROVIDER_INIT_FUNCTION_NAME=p_test_init" ], diff --git a/deps/openssl/config/archs/linux64-s390x/asm_avx2/crypto/buildinf.h b/deps/openssl/config/archs/linux64-s390x/asm_avx2/crypto/buildinf.h index 8708546f4b92ea..c602e1eed19db4 100644 --- a/deps/openssl/config/archs/linux64-s390x/asm_avx2/crypto/buildinf.h +++ b/deps/openssl/config/archs/linux64-s390x/asm_avx2/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: linux64-s390x" -#define DATE "built on: Fri Jun 9 12:10:26 2023 UTC" +#define DATE "built on: Sun Aug 6 00:37:50 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/linux64-s390x/asm_avx2/include/openssl/opensslv.h b/deps/openssl/config/archs/linux64-s390x/asm_avx2/include/openssl/opensslv.h index 1b938a927c7d59..06ba6600ff29ce 100644 --- a/deps/openssl/config/archs/linux64-s390x/asm_avx2/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/linux64-s390x/asm_avx2/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/linux64-s390x/asm_avx2/openssl-cl.gypi b/deps/openssl/config/archs/linux64-s390x/asm_avx2/openssl-cl.gypi index 670ed2d6eb3b08..0ef49ef3c4e5be 100644 --- a/deps/openssl/config/archs/linux64-s390x/asm_avx2/openssl-cl.gypi +++ b/deps/openssl/config/archs/linux64-s390x/asm_avx2/openssl-cl.gypi @@ -14,6 +14,7 @@ 'OPENSSL_BN_ASM_MONT', 'OPENSSL_CPUID_OBJ', 'POLY1305_ASM', + 'RC4_ASM', 'S390X_EC_ASM', 'SHA1_ASM', 'SHA256_ASM', diff --git a/deps/openssl/config/archs/linux64-s390x/asm_avx2/openssl.gypi b/deps/openssl/config/archs/linux64-s390x/asm_avx2/openssl.gypi index 4c8db95c0c4788..d3994ecfaeb3e9 100644 --- a/deps/openssl/config/archs/linux64-s390x/asm_avx2/openssl.gypi +++ b/deps/openssl/config/archs/linux64-s390x/asm_avx2/openssl.gypi @@ -985,6 +985,7 @@ 'OPENSSL_BN_ASM_MONT', 'OPENSSL_CPUID_OBJ', 'POLY1305_ASM', + 'RC4_ASM', 'S390X_EC_ASM', 'SHA1_ASM', 'SHA256_ASM', diff --git a/deps/openssl/config/archs/linux64-s390x/no-asm/configdata.pm b/deps/openssl/config/archs/linux64-s390x/no-asm/configdata.pm index 6973e7b5daf869..a44e5d6c7ea1d1 100644 --- a/deps/openssl/config/archs/linux64-s390x/no-asm/configdata.pm +++ b/deps/openssl/config/archs/linux64-s390x/no-asm/configdata.pm @@ -157,7 +157,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -206,7 +206,7 @@ our %config = ( "openssl_sys_defines" => [], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-asm no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -259,11 +259,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned char", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "linux64-s390x", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "ar", diff --git a/deps/openssl/config/archs/linux64-s390x/no-asm/crypto/buildinf.h b/deps/openssl/config/archs/linux64-s390x/no-asm/crypto/buildinf.h index 8e157bc6576140..6d7b9134d30329 100644 --- a/deps/openssl/config/archs/linux64-s390x/no-asm/crypto/buildinf.h +++ b/deps/openssl/config/archs/linux64-s390x/no-asm/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: linux64-s390x" -#define DATE "built on: Fri Jun 9 12:10:47 2023 UTC" +#define DATE "built on: Sun Aug 6 00:38:14 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/linux64-s390x/no-asm/include/openssl/opensslv.h b/deps/openssl/config/archs/linux64-s390x/no-asm/include/openssl/opensslv.h index 1b938a927c7d59..06ba6600ff29ce 100644 --- a/deps/openssl/config/archs/linux64-s390x/no-asm/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/linux64-s390x/no-asm/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/solaris-x86-gcc/asm/configdata.pm b/deps/openssl/config/archs/solaris-x86-gcc/asm/configdata.pm index f399600323b9e1..d60b22c0286e85 100644 --- a/deps/openssl/config/archs/solaris-x86-gcc/asm/configdata.pm +++ b/deps/openssl/config/archs/solaris-x86-gcc/asm/configdata.pm @@ -156,7 +156,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -204,7 +204,7 @@ our %config = ( "openssl_sys_defines" => [], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -256,11 +256,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned int", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "solaris-x86-gcc", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "ar", @@ -1597,6 +1597,7 @@ our %unified_info = ( "OPENSSL_IA32_SSE2", "PADLOCK_ASM", "POLY1305_ASM", + "RC4_ASM", "RMD160_ASM", "SHA1_ASM", "SHA256_ASM", @@ -1644,7 +1645,8 @@ our %unified_info = ( "VPAES_ASM" ], "providers/liblegacy.a" => [ - "MD5_ASM" + "MD5_ASM", + "RC4_ASM" ], "test/provider_internal_test" => [ "PROVIDER_INIT_FUNCTION_NAME=p_test_init" diff --git a/deps/openssl/config/archs/solaris-x86-gcc/asm/crypto/buildinf.h b/deps/openssl/config/archs/solaris-x86-gcc/asm/crypto/buildinf.h index 93ad98d61cce58..6c58b044ea9707 100644 --- a/deps/openssl/config/archs/solaris-x86-gcc/asm/crypto/buildinf.h +++ b/deps/openssl/config/archs/solaris-x86-gcc/asm/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: solaris-x86-gcc" -#define DATE "built on: Fri Jun 9 12:12:04 2023 UTC" +#define DATE "built on: Sun Aug 6 00:39:44 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/solaris-x86-gcc/asm/include/openssl/opensslv.h b/deps/openssl/config/archs/solaris-x86-gcc/asm/include/openssl/opensslv.h index 1b938a927c7d59..06ba6600ff29ce 100644 --- a/deps/openssl/config/archs/solaris-x86-gcc/asm/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/solaris-x86-gcc/asm/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/solaris-x86-gcc/asm/openssl-cl.gypi b/deps/openssl/config/archs/solaris-x86-gcc/asm/openssl-cl.gypi index 92ea04165d00ac..1c53ac3e17c4ed 100644 --- a/deps/openssl/config/archs/solaris-x86-gcc/asm/openssl-cl.gypi +++ b/deps/openssl/config/archs/solaris-x86-gcc/asm/openssl-cl.gypi @@ -18,6 +18,7 @@ 'OPENSSL_IA32_SSE2', 'PADLOCK_ASM', 'POLY1305_ASM', + 'RC4_ASM', 'RMD160_ASM', 'SHA1_ASM', 'SHA256_ASM', diff --git a/deps/openssl/config/archs/solaris-x86-gcc/asm/openssl.gypi b/deps/openssl/config/archs/solaris-x86-gcc/asm/openssl.gypi index 883e7f68eef574..2037cbe79e9b30 100644 --- a/deps/openssl/config/archs/solaris-x86-gcc/asm/openssl.gypi +++ b/deps/openssl/config/archs/solaris-x86-gcc/asm/openssl.gypi @@ -993,6 +993,7 @@ 'OPENSSL_IA32_SSE2', 'PADLOCK_ASM', 'POLY1305_ASM', + 'RC4_ASM', 'RMD160_ASM', 'SHA1_ASM', 'SHA256_ASM', diff --git a/deps/openssl/config/archs/solaris-x86-gcc/asm_avx2/configdata.pm b/deps/openssl/config/archs/solaris-x86-gcc/asm_avx2/configdata.pm index b06229aff138ff..ec632ff0f28c57 100644 --- a/deps/openssl/config/archs/solaris-x86-gcc/asm_avx2/configdata.pm +++ b/deps/openssl/config/archs/solaris-x86-gcc/asm_avx2/configdata.pm @@ -156,7 +156,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -204,7 +204,7 @@ our %config = ( "openssl_sys_defines" => [], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -256,11 +256,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned int", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "solaris-x86-gcc", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "ar", @@ -1597,6 +1597,7 @@ our %unified_info = ( "OPENSSL_IA32_SSE2", "PADLOCK_ASM", "POLY1305_ASM", + "RC4_ASM", "RMD160_ASM", "SHA1_ASM", "SHA256_ASM", @@ -1644,7 +1645,8 @@ our %unified_info = ( "VPAES_ASM" ], "providers/liblegacy.a" => [ - "MD5_ASM" + "MD5_ASM", + "RC4_ASM" ], "test/provider_internal_test" => [ "PROVIDER_INIT_FUNCTION_NAME=p_test_init" diff --git a/deps/openssl/config/archs/solaris-x86-gcc/asm_avx2/crypto/buildinf.h b/deps/openssl/config/archs/solaris-x86-gcc/asm_avx2/crypto/buildinf.h index f0a50817f4335a..01fe3449426840 100644 --- a/deps/openssl/config/archs/solaris-x86-gcc/asm_avx2/crypto/buildinf.h +++ b/deps/openssl/config/archs/solaris-x86-gcc/asm_avx2/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: solaris-x86-gcc" -#define DATE "built on: Fri Jun 9 12:12:25 2023 UTC" +#define DATE "built on: Sun Aug 6 00:40:07 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/solaris-x86-gcc/asm_avx2/include/openssl/opensslv.h b/deps/openssl/config/archs/solaris-x86-gcc/asm_avx2/include/openssl/opensslv.h index 1b938a927c7d59..06ba6600ff29ce 100644 --- a/deps/openssl/config/archs/solaris-x86-gcc/asm_avx2/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/solaris-x86-gcc/asm_avx2/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/solaris-x86-gcc/asm_avx2/openssl-cl.gypi b/deps/openssl/config/archs/solaris-x86-gcc/asm_avx2/openssl-cl.gypi index 2e8a0bb6f09bdf..eb4c8f67d2d882 100644 --- a/deps/openssl/config/archs/solaris-x86-gcc/asm_avx2/openssl-cl.gypi +++ b/deps/openssl/config/archs/solaris-x86-gcc/asm_avx2/openssl-cl.gypi @@ -18,6 +18,7 @@ 'OPENSSL_IA32_SSE2', 'PADLOCK_ASM', 'POLY1305_ASM', + 'RC4_ASM', 'RMD160_ASM', 'SHA1_ASM', 'SHA256_ASM', diff --git a/deps/openssl/config/archs/solaris-x86-gcc/asm_avx2/openssl.gypi b/deps/openssl/config/archs/solaris-x86-gcc/asm_avx2/openssl.gypi index 62eff30b7c26e6..2f0dea41efd200 100644 --- a/deps/openssl/config/archs/solaris-x86-gcc/asm_avx2/openssl.gypi +++ b/deps/openssl/config/archs/solaris-x86-gcc/asm_avx2/openssl.gypi @@ -993,6 +993,7 @@ 'OPENSSL_IA32_SSE2', 'PADLOCK_ASM', 'POLY1305_ASM', + 'RC4_ASM', 'RMD160_ASM', 'SHA1_ASM', 'SHA256_ASM', diff --git a/deps/openssl/config/archs/solaris-x86-gcc/no-asm/configdata.pm b/deps/openssl/config/archs/solaris-x86-gcc/no-asm/configdata.pm index 03ef078f0f9784..5dc7107bb26bbd 100644 --- a/deps/openssl/config/archs/solaris-x86-gcc/no-asm/configdata.pm +++ b/deps/openssl/config/archs/solaris-x86-gcc/no-asm/configdata.pm @@ -154,7 +154,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -203,7 +203,7 @@ our %config = ( "openssl_sys_defines" => [], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-asm no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -256,11 +256,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned int", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "solaris-x86-gcc", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "ar", diff --git a/deps/openssl/config/archs/solaris-x86-gcc/no-asm/crypto/buildinf.h b/deps/openssl/config/archs/solaris-x86-gcc/no-asm/crypto/buildinf.h index c3e3d1195709e1..d9d8f29beefec3 100644 --- a/deps/openssl/config/archs/solaris-x86-gcc/no-asm/crypto/buildinf.h +++ b/deps/openssl/config/archs/solaris-x86-gcc/no-asm/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: solaris-x86-gcc" -#define DATE "built on: Fri Jun 9 12:12:46 2023 UTC" +#define DATE "built on: Sun Aug 6 00:40:30 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/solaris-x86-gcc/no-asm/include/openssl/opensslv.h b/deps/openssl/config/archs/solaris-x86-gcc/no-asm/include/openssl/opensslv.h index 1b938a927c7d59..06ba6600ff29ce 100644 --- a/deps/openssl/config/archs/solaris-x86-gcc/no-asm/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/solaris-x86-gcc/no-asm/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/solaris64-x86_64-gcc/asm/configdata.pm b/deps/openssl/config/archs/solaris64-x86_64-gcc/asm/configdata.pm index 9c98dc83a1170f..199dee44226d9f 100644 --- a/deps/openssl/config/archs/solaris64-x86_64-gcc/asm/configdata.pm +++ b/deps/openssl/config/archs/solaris64-x86_64-gcc/asm/configdata.pm @@ -156,7 +156,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -204,7 +204,7 @@ our %config = ( "openssl_sys_defines" => [], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -256,11 +256,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned int", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "solaris64-x86_64-gcc", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "ar", @@ -1599,6 +1599,7 @@ our %unified_info = ( "OPENSSL_IA32_SSE2", "PADLOCK_ASM", "POLY1305_ASM", + "RC4_ASM", "SHA1_ASM", "SHA256_ASM", "SHA512_ASM", @@ -1650,7 +1651,8 @@ our %unified_info = ( "X25519_ASM" ], "providers/liblegacy.a" => [ - "MD5_ASM" + "MD5_ASM", + "RC4_ASM" ], "test/provider_internal_test" => [ "PROVIDER_INIT_FUNCTION_NAME=p_test_init" diff --git a/deps/openssl/config/archs/solaris64-x86_64-gcc/asm/crypto/buildinf.h b/deps/openssl/config/archs/solaris64-x86_64-gcc/asm/crypto/buildinf.h index 5a27ac2232180c..45e22d76fd5e66 100644 --- a/deps/openssl/config/archs/solaris64-x86_64-gcc/asm/crypto/buildinf.h +++ b/deps/openssl/config/archs/solaris64-x86_64-gcc/asm/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: solaris64-x86_64-gcc" -#define DATE "built on: Fri Jun 9 12:13:05 2023 UTC" +#define DATE "built on: Sun Aug 6 00:40:52 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/solaris64-x86_64-gcc/asm/include/openssl/opensslv.h b/deps/openssl/config/archs/solaris64-x86_64-gcc/asm/include/openssl/opensslv.h index 1b938a927c7d59..06ba6600ff29ce 100644 --- a/deps/openssl/config/archs/solaris64-x86_64-gcc/asm/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/solaris64-x86_64-gcc/asm/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/solaris64-x86_64-gcc/asm/openssl-cl.gypi b/deps/openssl/config/archs/solaris64-x86_64-gcc/asm/openssl-cl.gypi index 73d5bf11bfe78e..aad5fc68f347e0 100644 --- a/deps/openssl/config/archs/solaris64-x86_64-gcc/asm/openssl-cl.gypi +++ b/deps/openssl/config/archs/solaris64-x86_64-gcc/asm/openssl-cl.gypi @@ -19,6 +19,7 @@ 'OPENSSL_IA32_SSE2', 'PADLOCK_ASM', 'POLY1305_ASM', + 'RC4_ASM', 'SHA1_ASM', 'SHA256_ASM', 'SHA512_ASM', diff --git a/deps/openssl/config/archs/solaris64-x86_64-gcc/asm/openssl.gypi b/deps/openssl/config/archs/solaris64-x86_64-gcc/asm/openssl.gypi index 875d3bd1ac265f..24d9ad0e5c0bee 100644 --- a/deps/openssl/config/archs/solaris64-x86_64-gcc/asm/openssl.gypi +++ b/deps/openssl/config/archs/solaris64-x86_64-gcc/asm/openssl.gypi @@ -1007,6 +1007,7 @@ 'OPENSSL_IA32_SSE2', 'PADLOCK_ASM', 'POLY1305_ASM', + 'RC4_ASM', 'SHA1_ASM', 'SHA256_ASM', 'SHA512_ASM', diff --git a/deps/openssl/config/archs/solaris64-x86_64-gcc/asm_avx2/configdata.pm b/deps/openssl/config/archs/solaris64-x86_64-gcc/asm_avx2/configdata.pm index df0e95e3192755..df9f4cc099ead6 100644 --- a/deps/openssl/config/archs/solaris64-x86_64-gcc/asm_avx2/configdata.pm +++ b/deps/openssl/config/archs/solaris64-x86_64-gcc/asm_avx2/configdata.pm @@ -156,7 +156,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -204,7 +204,7 @@ our %config = ( "openssl_sys_defines" => [], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -256,11 +256,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned int", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "solaris64-x86_64-gcc", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "ar", @@ -1599,6 +1599,7 @@ our %unified_info = ( "OPENSSL_IA32_SSE2", "PADLOCK_ASM", "POLY1305_ASM", + "RC4_ASM", "SHA1_ASM", "SHA256_ASM", "SHA512_ASM", @@ -1650,7 +1651,8 @@ our %unified_info = ( "X25519_ASM" ], "providers/liblegacy.a" => [ - "MD5_ASM" + "MD5_ASM", + "RC4_ASM" ], "test/provider_internal_test" => [ "PROVIDER_INIT_FUNCTION_NAME=p_test_init" diff --git a/deps/openssl/config/archs/solaris64-x86_64-gcc/asm_avx2/crypto/buildinf.h b/deps/openssl/config/archs/solaris64-x86_64-gcc/asm_avx2/crypto/buildinf.h index 6d870e373a7b98..9bff7519bf2417 100644 --- a/deps/openssl/config/archs/solaris64-x86_64-gcc/asm_avx2/crypto/buildinf.h +++ b/deps/openssl/config/archs/solaris64-x86_64-gcc/asm_avx2/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: solaris64-x86_64-gcc" -#define DATE "built on: Fri Jun 9 12:13:30 2023 UTC" +#define DATE "built on: Sun Aug 6 00:41:20 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/solaris64-x86_64-gcc/asm_avx2/include/openssl/opensslv.h b/deps/openssl/config/archs/solaris64-x86_64-gcc/asm_avx2/include/openssl/opensslv.h index 1b938a927c7d59..06ba6600ff29ce 100644 --- a/deps/openssl/config/archs/solaris64-x86_64-gcc/asm_avx2/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/solaris64-x86_64-gcc/asm_avx2/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/config/archs/solaris64-x86_64-gcc/asm_avx2/openssl-cl.gypi b/deps/openssl/config/archs/solaris64-x86_64-gcc/asm_avx2/openssl-cl.gypi index b11daee664094f..5e955a3c57c9f6 100644 --- a/deps/openssl/config/archs/solaris64-x86_64-gcc/asm_avx2/openssl-cl.gypi +++ b/deps/openssl/config/archs/solaris64-x86_64-gcc/asm_avx2/openssl-cl.gypi @@ -19,6 +19,7 @@ 'OPENSSL_IA32_SSE2', 'PADLOCK_ASM', 'POLY1305_ASM', + 'RC4_ASM', 'SHA1_ASM', 'SHA256_ASM', 'SHA512_ASM', diff --git a/deps/openssl/config/archs/solaris64-x86_64-gcc/asm_avx2/openssl.gypi b/deps/openssl/config/archs/solaris64-x86_64-gcc/asm_avx2/openssl.gypi index 902e4549ddfb52..5bab94f70bb82a 100644 --- a/deps/openssl/config/archs/solaris64-x86_64-gcc/asm_avx2/openssl.gypi +++ b/deps/openssl/config/archs/solaris64-x86_64-gcc/asm_avx2/openssl.gypi @@ -1007,6 +1007,7 @@ 'OPENSSL_IA32_SSE2', 'PADLOCK_ASM', 'POLY1305_ASM', + 'RC4_ASM', 'SHA1_ASM', 'SHA256_ASM', 'SHA512_ASM', diff --git a/deps/openssl/config/archs/solaris64-x86_64-gcc/no-asm/configdata.pm b/deps/openssl/config/archs/solaris64-x86_64-gcc/no-asm/configdata.pm index 46bbb88086a196..a15e817f8966e5 100644 --- a/deps/openssl/config/archs/solaris64-x86_64-gcc/no-asm/configdata.pm +++ b/deps/openssl/config/archs/solaris64-x86_64-gcc/no-asm/configdata.pm @@ -154,7 +154,7 @@ our %config = ( ], "dynamic_engines" => "0", "ex_libs" => [], - "full_version" => "3.0.9+quic", + "full_version" => "3.0.10+quic", "includes" => [], "lflags" => [], "lib_defines" => [ @@ -203,7 +203,7 @@ our %config = ( "openssl_sys_defines" => [], "openssldir" => "", "options" => "enable-ssl-trace enable-fips no-afalgeng no-asan no-asm no-buildtest-c++ no-comp no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-dynamic-engine no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-ktls no-loadereng no-md2 no-msan no-rc5 no-sctp no-shared no-ssl3 no-ssl3-method no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-zlib no-zlib-dynamic", - "patch" => "9", + "patch" => "10", "perl_archname" => "x86_64-linux-gnu-thread-multi", "perl_cmd" => "/usr/bin/perl", "perl_version" => "5.34.0", @@ -256,11 +256,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned int", - "release_date" => "30 May 2023", + "release_date" => "1 Aug 2023", "shlib_version" => "81.3", "sourcedir" => ".", "target" => "solaris64-x86_64-gcc", - "version" => "3.0.9" + "version" => "3.0.10" ); our %target = ( "AR" => "ar", diff --git a/deps/openssl/config/archs/solaris64-x86_64-gcc/no-asm/crypto/buildinf.h b/deps/openssl/config/archs/solaris64-x86_64-gcc/no-asm/crypto/buildinf.h index 525c1b8631c4b4..c9d1cb2473635d 100644 --- a/deps/openssl/config/archs/solaris64-x86_64-gcc/no-asm/crypto/buildinf.h +++ b/deps/openssl/config/archs/solaris64-x86_64-gcc/no-asm/crypto/buildinf.h @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: solaris64-x86_64-gcc" -#define DATE "built on: Fri Jun 9 12:13:56 2023 UTC" +#define DATE "built on: Sun Aug 6 00:41:48 2023 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/deps/openssl/config/archs/solaris64-x86_64-gcc/no-asm/include/openssl/opensslv.h b/deps/openssl/config/archs/solaris64-x86_64-gcc/no-asm/include/openssl/opensslv.h index 1b938a927c7d59..06ba6600ff29ce 100644 --- a/deps/openssl/config/archs/solaris64-x86_64-gcc/no-asm/include/openssl/opensslv.h +++ b/deps/openssl/config/archs/solaris64-x86_64-gcc/no-asm/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 9 +# define OPENSSL_VERSION_PATCH 10 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.9" -# define OPENSSL_FULL_VERSION_STR "3.0.9+quic" +# define OPENSSL_VERSION_STR "3.0.10" +# define OPENSSL_FULL_VERSION_STR "3.0.10+quic" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "30 May 2023" +# define OPENSSL_RELEASE_DATE "1 Aug 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.9+quic 30 May 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.10+quic 1 Aug 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/deps/openssl/openssl/CHANGES.md b/deps/openssl/openssl/CHANGES.md index 289e44cee499b7..7d892d57ac0914 100644 --- a/deps/openssl/openssl/CHANGES.md +++ b/deps/openssl/openssl/CHANGES.md @@ -28,9 +28,102 @@ breaking changes, and mappings for the large list of deprecated functions. [Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod -### Changes between 3.0.9 and 3.0.9+quic [30 May 2023] - * Add QUIC API support from BoringSSL +### Changes between 3.0.12 and 3.0.12+quic [24 Oct 2023] + +* Add QUIC API support from BoringSSL + *Todd Short* + +### Changes between 3.0.11 and 3.0.12 [24 Oct 2023] + + * Fix incorrect key and IV resizing issues when calling EVP_EncryptInit_ex2(), + EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() with OSSL_PARAM parameters + that alter the key or IV length ([CVE-2023-5363]). + + *Paul Dale* + +### Changes between 3.0.10 and 3.0.11 [19 Sep 2023] + + * Fix POLY1305 MAC implementation corrupting XMM registers on Windows. + + The POLY1305 MAC (message authentication code) implementation in OpenSSL + does not save the contents of non-volatile XMM registers on Windows 64 + platform when calculating the MAC of data larger than 64 bytes. Before + returning to the caller all the XMM registers are set to zero rather than + restoring their previous content. The vulnerable code is used only on newer + x86_64 processors supporting the AVX512-IFMA instructions. + + The consequences of this kind of internal application state corruption can + be various - from no consequences, if the calling application does not + depend on the contents of non-volatile XMM registers at all, to the worst + consequences, where the attacker could get complete control of the + application process. However given the contents of the registers are just + zeroized so the attacker cannot put arbitrary values inside, the most likely + consequence, if any, would be an incorrect result of some application + dependent calculations or a crash leading to a denial of service. + + ([CVE-2023-4807]) + + *Bernd Edlinger* + +### Changes between 3.0.9 and 3.0.10 [1 Aug 2023] + + * Fix excessive time spent checking DH q parameter value. + + The function DH_check() performs various checks on DH parameters. After + fixing CVE-2023-3446 it was discovered that a large q parameter value can + also trigger an overly long computation during some of these checks. + A correct q value, if present, cannot be larger than the modulus p + parameter, thus it is unnecessary to perform these checks if q is larger + than p. + + If DH_check() is called with such q parameter value, + DH_CHECK_INVALID_Q_VALUE return flag is set and the computationally + intensive checks are skipped. + + ([CVE-2023-3817]) + + *Tomáš Mráz* + + * Fix DH_check() excessive time with over sized modulus. + + The function DH_check() performs various checks on DH parameters. One of + those checks confirms that the modulus ("p" parameter) is not too large. + Trying to use a very large modulus is slow and OpenSSL will not normally use + a modulus which is over 10,000 bits in length. + + However the DH_check() function checks numerous aspects of the key or + parameters that have been supplied. Some of those checks use the supplied + modulus value even if it has already been found to be too large. + + A new limit has been added to DH_check of 32,768 bits. Supplying a + key/parameters with a modulus over this size will simply cause DH_check() to + fail. + + ([CVE-2023-3446]) + + *Matt Caswell* + + * Do not ignore empty associated data entries with AES-SIV. + + The AES-SIV algorithm allows for authentication of multiple associated + data entries along with the encryption. To authenticate empty data the + application has to call `EVP_EncryptUpdate()` (or `EVP_CipherUpdate()`) + with NULL pointer as the output buffer and 0 as the input buffer length. + The AES-SIV implementation in OpenSSL just returns success for such call + instead of performing the associated data authentication operation. + The empty data thus will not be authenticated. ([CVE-2023-2975]) + + Thanks to Juerg Wullschleger (Google) for discovering the issue. + + The fix changes the authentication tag value and the ciphertext for + applications that use empty associated data entries with AES-SIV. + To decrypt data encrypted with previous versions of OpenSSL the application + has to skip calls to `EVP_DecryptUpdate()` for empty associated data + entries. + + *Tomáš Mráz* + ### Changes between 3.0.8 and 3.0.9 [30 May 2023] * Mitigate for the time it takes for `OBJ_obj2txt` to translate gigantic @@ -45,7 +138,7 @@ breaking changes, and mappings for the large list of deprecated functions. IDENTIFIER to canonical numeric text form if the size of that OBJECT IDENTIFIER is 586 bytes or less, and fail otherwise. - The basis for this restriction is RFC 2578 (STD 58), section 3.5. OBJECT + The basis for this restriction is [RFC 2578 (STD 58), section 3.5]. OBJECT IDENTIFIER values, which stipulates that OBJECT IDENTIFIERS may have at most 128 sub-identifiers, and that the maximum value that each sub- identifier may have is 2^32-1 (4294967295 decimal). @@ -55,8 +148,6 @@ breaking changes, and mappings for the large list of deprecated functions. these restrictions may occupy is 32 * 128 / 7, which is approximately 586 bytes. - Ref: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5 - *Richard Levitte* * Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms which @@ -19655,6 +19746,12 @@ ndif +[CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363 +[CVE-2023-4807]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-4807 +[CVE-2023-3817]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3817 +[CVE-2023-3446]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3446 +[CVE-2023-2975]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2975 +[RFC 2578 (STD 58), section 3.5]: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5 [CVE-2023-2650]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2650 [CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255 [CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466 diff --git a/deps/openssl/openssl/Configurations/10-main.conf b/deps/openssl/openssl/Configurations/10-main.conf index 8010087b46dcea..280a75b213f25c 100644 --- a/deps/openssl/openssl/Configurations/10-main.conf +++ b/deps/openssl/openssl/Configurations/10-main.conf @@ -9,19 +9,22 @@ sub vc_win64a_info { $vc_win64a_info = { AS => "nasm", ASFLAGS => "-g", asflags => "-Ox -f win64 -DNEAR", - asoutflag => "-o " }; + asoutflag => "-o ", + perlasm_scheme => "nasm" }; } elsif ($disabled{asm}) { # assembler is still used to compile uplink shim $vc_win64a_info = { AS => "ml64", ASFLAGS => "/nologo /Zi", asflags => "/c /Cp /Cx", - asoutflag => "/Fo" }; + asoutflag => "/Fo", + perlasm_scheme => "masm" }; } else { $die->("NASM not found - make sure it's installed and available on %PATH%\n"); $vc_win64a_info = { AS => "{unknown}", ASFLAGS => "", asflags => "", - asoutflag => "" }; + asoutflag => "", + perlasm_scheme => "auto" }; } } return $vc_win64a_info; @@ -1416,7 +1419,7 @@ my %targets = ( sys_id => "WIN64A", uplink_arch => 'x86_64', asm_arch => 'x86_64', - perlasm_scheme => "auto", + perlasm_scheme => sub { vc_win64a_info()->{perlasm_scheme} }, multilib => "-x64", }, "VC-WIN32" => { diff --git a/deps/openssl/openssl/Configurations/README.md b/deps/openssl/openssl/Configurations/README.md index be8c394d0872b2..de3d8bad8a02d4 100644 --- a/deps/openssl/openssl/Configurations/README.md +++ b/deps/openssl/openssl/Configurations/README.md @@ -233,8 +233,14 @@ In each table entry, the following keys are significant: is ILP32; RC4_CHAR RC4 key schedule is made up of 'unsigned char's; + Note: should not be used + for new configuration + targets RC4_INT RC4 key schedule is made up of 'unsigned int's; + Note: should not be used + for new configuration + targets [1] as part of the target configuration, one can have a key called `inherit_from` that indicates what other configurations to inherit diff --git a/deps/openssl/openssl/Configurations/unix-Makefile.tmpl b/deps/openssl/openssl/Configurations/unix-Makefile.tmpl index 17e194f1ef754a..a48fae5fb8b8fe 100644 --- a/deps/openssl/openssl/Configurations/unix-Makefile.tmpl +++ b/deps/openssl/openssl/Configurations/unix-Makefile.tmpl @@ -614,28 +614,28 @@ uninstall_sw: uninstall_runtime uninstall_modules uninstall_engines uninstall_de install_docs: install_man_docs install_html_docs uninstall_docs: uninstall_man_docs uninstall_html_docs - $(RM) -r $(DESTDIR)$(DOCDIR) + $(RM) -r "$(DESTDIR)$(DOCDIR)" {- output_off() if $disabled{fips}; "" -} install_fips: build_sw $(INSTALL_FIPSMODULECONF) @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(MODULESDIR) - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR) + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(MODULESDIR)" + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(OPENSSLDIR)" @$(ECHO) "*** Installing FIPS module" @$(ECHO) "install $(INSTALL_FIPSMODULE) -> $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME)" - @cp "$(INSTALL_FIPSMODULE)" $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).new - @chmod 755 $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).new - @mv -f $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).new \ - $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME) + @cp "$(INSTALL_FIPSMODULE)" "$(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).new" + @chmod 755 "$(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).new" + @mv -f "$(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).new" \ + "$(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME)" @$(ECHO) "*** Installing FIPS module configuration" @$(ECHO) "install $(INSTALL_FIPSMODULECONF) -> $(DESTDIR)$(OPENSSLDIR)/fipsmodule.cnf" - @cp $(INSTALL_FIPSMODULECONF) $(DESTDIR)$(OPENSSLDIR)/fipsmodule.cnf + @cp $(INSTALL_FIPSMODULECONF) "$(DESTDIR)$(OPENSSLDIR)/fipsmodule.cnf" uninstall_fips: @$(ECHO) "*** Uninstalling FIPS module configuration" - $(RM) $(DESTDIR)$(OPENSSLDIR)/fipsmodule.cnf + $(RM) "$(DESTDIR)$(OPENSSLDIR)/fipsmodule.cnf" @$(ECHO) "*** Uninstalling FIPS module" - $(RM) $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME) + $(RM) "$(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME)" {- if ($disabled{fips}) { output_on(); } else { output_off(); } "" -} install_fips: @$(ECHO) "The 'install_fips' target requires the 'enable-fips' option" @@ -646,75 +646,75 @@ uninstall_fips: install_ssldirs: - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR)/certs - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR)/private - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR)/misc + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(OPENSSLDIR)/certs" + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(OPENSSLDIR)/private" + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(OPENSSLDIR)/misc" @set -e; for x in dummy $(MISC_SCRIPTS); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ x1=`echo "$$x" | cut -f1 -d:`; \ x2=`echo "$$x" | cut -f2 -d:`; \ fn=`basename $$x1`; \ $(ECHO) "install $$x1 -> $(DESTDIR)$(OPENSSLDIR)/misc/$$fn"; \ - cp $$x1 $(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new; \ - chmod 755 $(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new; \ - mv -f $(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new \ - $(DESTDIR)$(OPENSSLDIR)/misc/$$fn; \ + cp $$x1 "$(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new"; \ + chmod 755 "$(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new"; \ + mv -f "$(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new" \ + "$(DESTDIR)$(OPENSSLDIR)/misc/$$fn"; \ if [ "$$x1" != "$$x2" ]; then \ ln=`basename "$$x2"`; \ : {- output_off() unless windowsdll(); "" -}; \ $(ECHO) "copy $(DESTDIR)$(OPENSSLDIR)/misc/$$ln -> $(DESTDIR)$(OPENSSLDIR)/misc/$$fn"; \ - cp $(DESTDIR)$(OPENSSLDIR)/misc/$$fn $(DESTDIR)$(OPENSSLDIR)/misc/$$ln; \ + cp "$(DESTDIR)$(OPENSSLDIR)/misc/$$fn" "$(DESTDIR)$(OPENSSLDIR)/misc/$$ln"; \ : {- output_on() unless windowsdll(); output_off() if windowsdll(); "" -}; \ $(ECHO) "link $(DESTDIR)$(OPENSSLDIR)/misc/$$ln -> $(DESTDIR)$(OPENSSLDIR)/misc/$$fn"; \ - ln -sf $$fn $(DESTDIR)$(OPENSSLDIR)/misc/$$ln; \ + ln -sf $$fn "$(DESTDIR)$(OPENSSLDIR)/misc/$$ln"; \ : {- output_on() if windowsdll(); "" -}; \ fi; \ done @$(ECHO) "install $(SRCDIR)/apps/openssl.cnf -> $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.dist" - @cp $(SRCDIR)/apps/openssl.cnf $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new - @chmod 644 $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new - @mv -f $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.dist + @cp $(SRCDIR)/apps/openssl.cnf "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new" + @chmod 644 "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new" + @mv -f "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new" "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf.dist" @if [ ! -f "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf" ]; then \ $(ECHO) "install $(SRCDIR)/apps/openssl.cnf -> $(DESTDIR)$(OPENSSLDIR)/openssl.cnf"; \ - cp $(SRCDIR)/apps/openssl.cnf $(DESTDIR)$(OPENSSLDIR)/openssl.cnf; \ - chmod 644 $(DESTDIR)$(OPENSSLDIR)/openssl.cnf; \ + cp $(SRCDIR)/apps/openssl.cnf "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf"; \ + chmod 644 "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf"; \ fi @$(ECHO) "install $(SRCDIR)/apps/ct_log_list.cnf -> $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.dist" - @cp $(SRCDIR)/apps/ct_log_list.cnf $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.new - @chmod 644 $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.new - @mv -f $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.new $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.dist + @cp $(SRCDIR)/apps/ct_log_list.cnf "$(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.new" + @chmod 644 "$(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.new" + @mv -f "$(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.new" "$(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.dist" @if [ ! -f "$(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf" ]; then \ $(ECHO) "install $(SRCDIR)/apps/ct_log_list.cnf -> $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf"; \ - cp $(SRCDIR)/apps/ct_log_list.cnf $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf; \ - chmod 644 $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf; \ + cp $(SRCDIR)/apps/ct_log_list.cnf "$(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf"; \ + chmod 644 "$(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf"; \ fi install_dev: install_runtime_libs @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) @$(ECHO) "*** Installing development files" - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/include/openssl + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(INSTALLTOP)/include/openssl" @ : {- output_off() if $disabled{uplink}; "" -} @$(ECHO) "install $(SRCDIR)/ms/applink.c -> $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c" - @cp $(SRCDIR)/ms/applink.c $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c - @chmod 644 $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c + @cp $(SRCDIR)/ms/applink.c "$(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c" + @chmod 644 "$(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c" @ : {- output_on() if $disabled{uplink}; "" -} @set -e; for i in $(SRCDIR)/include/openssl/*.h \ $(BLDDIR)/include/openssl/*.h; do \ fn=`basename $$i`; \ $(ECHO) "install $$i -> $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn"; \ - cp $$i $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn; \ - chmod 644 $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn; \ + cp $$i "$(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn"; \ + chmod 644 "$(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn"; \ done - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(libdir) + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(libdir)" @set -e; for l in $(INSTALL_LIBS); do \ fn=`basename $$l`; \ $(ECHO) "install $$l -> $(DESTDIR)$(libdir)/$$fn"; \ - cp $$l $(DESTDIR)$(libdir)/$$fn.new; \ - $(RANLIB) $(DESTDIR)$(libdir)/$$fn.new; \ - chmod 644 $(DESTDIR)$(libdir)/$$fn.new; \ - mv -f $(DESTDIR)$(libdir)/$$fn.new \ - $(DESTDIR)$(libdir)/$$fn; \ + cp $$l "$(DESTDIR)$(libdir)/$$fn.new"; \ + $(RANLIB) "$(DESTDIR)$(libdir)/$$fn.new"; \ + chmod 644 "$(DESTDIR)$(libdir)/$$fn.new"; \ + mv -f "$(DESTDIR)$(libdir)/$$fn.new" \ + "$(DESTDIR)$(libdir)/$$fn"; \ done @ : {- output_off() if $disabled{shared}; "" -} @set -e; for s in $(INSTALL_SHLIB_INFO); do \ @@ -727,18 +727,18 @@ install_dev: install_runtime_libs : {- output_off(); output_on() unless windowsdll() or sharedaix(); "" -}; \ if [ "$$fn2" != "" ]; then \ $(ECHO) "link $(DESTDIR)$(libdir)/$$fn2 -> $(DESTDIR)$(libdir)/$$fn1"; \ - ln -sf $$fn1 $(DESTDIR)$(libdir)/$$fn2; \ + ln -sf $$fn1 "$(DESTDIR)$(libdir)/$$fn2"; \ fi; \ : {- output_off() unless windowsdll() or sharedaix(); output_on() if windowsdll(); "" -}; \ if [ "$$fn3" != "" ]; then \ $(ECHO) "install $$s3 -> $(DESTDIR)$(libdir)/$$fn3"; \ - cp $$s3 $(DESTDIR)$(libdir)/$$fn3.new; \ - chmod 755 $(DESTDIR)$(libdir)/$$fn3.new; \ - mv -f $(DESTDIR)$(libdir)/$$fn3.new \ - $(DESTDIR)$(libdir)/$$fn3; \ + cp $$s3 "$(DESTDIR)$(libdir)/$$fn3.new"; \ + chmod 755 "$(DESTDIR)$(libdir)/$$fn3.new"; \ + mv -f "$(DESTDIR)$(libdir)/$$fn3.new" \ + "$(DESTDIR)$(libdir)/$$fn3"; \ fi; \ : {- output_off() if windowsdll(); output_on() if sharedaix(); "" -}; \ - a=$(DESTDIR)$(libdir)/$$fn2; \ + a="$(DESTDIR)$(libdir)/$$fn2"; \ $(ECHO) "install $$s1 -> $$a"; \ if [ -f $$a ]; then ( trap "rm -rf /tmp/ar.$$$$" INT 0; \ mkdir /tmp/ar.$$$$; ( cd /tmp/ar.$$$$; \ @@ -755,35 +755,35 @@ install_dev: install_runtime_libs : {- output_off() if sharedaix(); output_on(); "" -}; \ done @ : {- output_on() if $disabled{shared}; "" -} - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(libdir)/pkgconfig + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(libdir)/pkgconfig" @$(ECHO) "install libcrypto.pc -> $(DESTDIR)$(libdir)/pkgconfig/libcrypto.pc" - @cp libcrypto.pc $(DESTDIR)$(libdir)/pkgconfig - @chmod 644 $(DESTDIR)$(libdir)/pkgconfig/libcrypto.pc + @cp libcrypto.pc "$(DESTDIR)$(libdir)/pkgconfig" + @chmod 644 "$(DESTDIR)$(libdir)/pkgconfig/libcrypto.pc" @$(ECHO) "install libssl.pc -> $(DESTDIR)$(libdir)/pkgconfig/libssl.pc" - @cp libssl.pc $(DESTDIR)$(libdir)/pkgconfig - @chmod 644 $(DESTDIR)$(libdir)/pkgconfig/libssl.pc + @cp libssl.pc "$(DESTDIR)$(libdir)/pkgconfig" + @chmod 644 "$(DESTDIR)$(libdir)/pkgconfig/libssl.pc" @$(ECHO) "install openssl.pc -> $(DESTDIR)$(libdir)/pkgconfig/openssl.pc" - @cp openssl.pc $(DESTDIR)$(libdir)/pkgconfig - @chmod 644 $(DESTDIR)$(libdir)/pkgconfig/openssl.pc + @cp openssl.pc "$(DESTDIR)$(libdir)/pkgconfig" + @chmod 644 "$(DESTDIR)$(libdir)/pkgconfig/openssl.pc" uninstall_dev: uninstall_runtime_libs @$(ECHO) "*** Uninstalling development files" @ : {- output_off() if $disabled{uplink}; "" -} @$(ECHO) "$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c" - @$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c + @$(RM) "$(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c" @ : {- output_on() if $disabled{uplink}; "" -} @set -e; for i in $(SRCDIR)/include/openssl/*.h \ $(BLDDIR)/include/openssl/*.h; do \ fn=`basename $$i`; \ $(ECHO) "$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn"; \ - $(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn; \ + $(RM) "$(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn"; \ done - -$(RMDIR) $(DESTDIR)$(INSTALLTOP)/include/openssl - -$(RMDIR) $(DESTDIR)$(INSTALLTOP)/include + -$(RMDIR) "$(DESTDIR)$(INSTALLTOP)/include/openssl" + -$(RMDIR) "$(DESTDIR)$(INSTALLTOP)/include" @set -e; for l in $(INSTALL_LIBS); do \ fn=`basename $$l`; \ $(ECHO) "$(RM) $(DESTDIR)$(libdir)/$$fn"; \ - $(RM) $(DESTDIR)$(libdir)/$$fn; \ + $(RM) "$(DESTDIR)$(libdir)/$$fn"; \ done @ : {- output_off() if $disabled{shared}; "" -} @set -e; for s in $(INSTALL_SHLIB_INFO); do \ @@ -795,39 +795,39 @@ uninstall_dev: uninstall_runtime_libs fn3=`basename "$$s3"`; \ : {- output_off() if windowsdll(); "" -}; \ $(ECHO) "$(RM) $(DESTDIR)$(libdir)/$$fn1"; \ - $(RM) $(DESTDIR)$(libdir)/$$fn1; \ + $(RM) "$(DESTDIR)$(libdir)/$$fn1"; \ if [ -n "$$fn2" ]; then \ $(ECHO) "$(RM) $(DESTDIR)$(libdir)/$$fn2"; \ - $(RM) $(DESTDIR)$(libdir)/$$fn2; \ + $(RM) "$(DESTDIR)$(libdir)/$$fn2"; \ fi; \ : {- output_on() if windowsdll(); "" -}{- output_off() unless windowsdll(); "" -}; \ if [ -n "$$fn3" ]; then \ $(ECHO) "$(RM) $(DESTDIR)$(libdir)/$$fn3"; \ - $(RM) $(DESTDIR)$(libdir)/$$fn3; \ + $(RM) "$(DESTDIR)$(libdir)/$$fn3"; \ fi; \ : {- output_on() unless windowsdll(); "" -}; \ done @ : {- output_on() if $disabled{shared}; "" -} - $(RM) $(DESTDIR)$(libdir)/pkgconfig/libcrypto.pc - $(RM) $(DESTDIR)$(libdir)/pkgconfig/libssl.pc - $(RM) $(DESTDIR)$(libdir)/pkgconfig/openssl.pc - -$(RMDIR) $(DESTDIR)$(libdir)/pkgconfig - -$(RMDIR) $(DESTDIR)$(libdir) + $(RM) "$(DESTDIR)$(libdir)/pkgconfig/libcrypto.pc" + $(RM) "$(DESTDIR)$(libdir)/pkgconfig/libssl.pc" + $(RM) "$(DESTDIR)$(libdir)/pkgconfig/openssl.pc" + -$(RMDIR) "$(DESTDIR)$(libdir)/pkgconfig" + -$(RMDIR) "$(DESTDIR)$(libdir)" _install_modules_deps: install_runtime_libs build_modules install_engines: _install_modules_deps @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(ENGINESDIR)/ + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(ENGINESDIR)/" @$(ECHO) "*** Installing engines" @set -e; for e in dummy $(INSTALL_ENGINES); do \ if [ "$$e" = "dummy" ]; then continue; fi; \ fn=`basename $$e`; \ $(ECHO) "install $$e -> $(DESTDIR)$(ENGINESDIR)/$$fn"; \ - cp $$e $(DESTDIR)$(ENGINESDIR)/$$fn.new; \ - chmod 755 $(DESTDIR)$(ENGINESDIR)/$$fn.new; \ - mv -f $(DESTDIR)$(ENGINESDIR)/$$fn.new \ - $(DESTDIR)$(ENGINESDIR)/$$fn; \ + cp $$e "$(DESTDIR)$(ENGINESDIR)/$$fn.new"; \ + chmod 755 "$(DESTDIR)$(ENGINESDIR)/$$fn.new"; \ + mv -f "$(DESTDIR)$(ENGINESDIR)/$$fn.new" \ + "$(DESTDIR)$(ENGINESDIR)/$$fn"; \ done uninstall_engines: @@ -836,22 +836,22 @@ uninstall_engines: if [ "$$e" = "dummy" ]; then continue; fi; \ fn=`basename $$e`; \ $(ECHO) "$(RM) $(DESTDIR)$(ENGINESDIR)/$$fn"; \ - $(RM) $(DESTDIR)$(ENGINESDIR)/$$fn; \ + $(RM) "$(DESTDIR)$(ENGINESDIR)/$$fn"; \ done - -$(RMDIR) $(DESTDIR)$(ENGINESDIR) + -$(RMDIR) "$(DESTDIR)$(ENGINESDIR)" install_modules: _install_modules_deps @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(MODULESDIR)/ + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(MODULESDIR)/" @$(ECHO) "*** Installing modules" @set -e; for e in dummy $(INSTALL_MODULES); do \ if [ "$$e" = "dummy" ]; then continue; fi; \ fn=`basename $$e`; \ $(ECHO) "install $$e -> $(DESTDIR)$(MODULESDIR)/$$fn"; \ - cp $$e $(DESTDIR)$(MODULESDIR)/$$fn.new; \ - chmod 755 $(DESTDIR)$(MODULESDIR)/$$fn.new; \ - mv -f $(DESTDIR)$(MODULESDIR)/$$fn.new \ - $(DESTDIR)$(MODULESDIR)/$$fn; \ + cp $$e "$(DESTDIR)$(MODULESDIR)/$$fn.new"; \ + chmod 755 "$(DESTDIR)$(MODULESDIR)/$$fn.new"; \ + mv -f "$(DESTDIR)$(MODULESDIR)/$$fn.new" \ + "$(DESTDIR)$(MODULESDIR)/$$fn"; \ done uninstall_modules: @@ -860,18 +860,18 @@ uninstall_modules: if [ "$$e" = "dummy" ]; then continue; fi; \ fn=`basename $$e`; \ $(ECHO) "$(RM) $(DESTDIR)$(MODULESDIR)/$$fn"; \ - $(RM) $(DESTDIR)$(MODULESDIR)/$$fn; \ + $(RM) "$(DESTDIR)$(MODULESDIR)/$$fn"; \ done - -$(RMDIR) $(DESTDIR)$(MODULESDIR) + -$(RMDIR) "$(DESTDIR)$(MODULESDIR)" install_runtime: install_programs install_runtime_libs: build_libs @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) @ : {- output_off() if windowsdll(); "" -} - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(libdir) + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(libdir)" @ : {- output_on() if windowsdll(); output_off() unless windowsdll(); "" -} - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/bin + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(INSTALLTOP)/bin" @ : {- output_on() unless windowsdll(); "" -} @$(ECHO) "*** Installing runtime libraries" @set -e; for s in dummy $(INSTALL_SHLIBS); do \ @@ -879,40 +879,40 @@ install_runtime_libs: build_libs fn=`basename $$s`; \ : {- output_off() unless windowsdll(); "" -}; \ $(ECHO) "install $$s -> $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ - cp $$s $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \ - chmod 755 $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \ - mv -f $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new \ - $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \ + cp $$s "$(DESTDIR)$(INSTALLTOP)/bin/$$fn.new"; \ + chmod 755 "$(DESTDIR)$(INSTALLTOP)/bin/$$fn.new"; \ + mv -f "$(DESTDIR)$(INSTALLTOP)/bin/$$fn.new" \ + "$(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ : {- output_on() unless windowsdll(); "" -}{- output_off() if windowsdll(); "" -}; \ $(ECHO) "install $$s -> $(DESTDIR)$(libdir)/$$fn"; \ - cp $$s $(DESTDIR)$(libdir)/$$fn.new; \ - chmod 755 $(DESTDIR)$(libdir)/$$fn.new; \ - mv -f $(DESTDIR)$(libdir)/$$fn.new \ - $(DESTDIR)$(libdir)/$$fn; \ + cp $$s "$(DESTDIR)$(libdir)/$$fn.new"; \ + chmod 755 "$(DESTDIR)$(libdir)/$$fn.new"; \ + mv -f "$(DESTDIR)$(libdir)/$$fn.new" \ + "$(DESTDIR)$(libdir)/$$fn"; \ : {- output_on() if windowsdll(); "" -}; \ done install_programs: install_runtime_libs build_programs @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/bin + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(INSTALLTOP)/bin" @$(ECHO) "*** Installing runtime programs" @set -e; for x in dummy $(INSTALL_PROGRAMS); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "install $$x -> $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ - cp $$x $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \ - chmod 755 $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \ - mv -f $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new \ - $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \ + cp $$x "$(DESTDIR)$(INSTALLTOP)/bin/$$fn.new"; \ + chmod 755 "$(DESTDIR)$(INSTALLTOP)/bin/$$fn.new"; \ + mv -f "$(DESTDIR)$(INSTALLTOP)/bin/$$fn.new" \ + "$(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ done @set -e; for x in dummy $(BIN_SCRIPTS); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "install $$x -> $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ - cp $$x $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \ - chmod 755 $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \ - mv -f $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new \ - $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \ + cp $$x "$(DESTDIR)$(INSTALLTOP)/bin/$$fn.new"; \ + chmod 755 "$(DESTDIR)$(INSTALLTOP)/bin/$$fn.new"; \ + mv -f "$(DESTDIR)$(INSTALLTOP)/bin/$$fn.new" \ + "$(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ done uninstall_runtime: uninstall_programs uninstall_runtime_libs @@ -924,16 +924,16 @@ uninstall_programs: if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ - $(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \ + $(RM) "$(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ done; @set -e; for x in dummy $(BIN_SCRIPTS); \ do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ - $(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \ + $(RM) "$(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ done - -$(RMDIR) $(DESTDIR)$(INSTALLTOP)/bin + -$(RMDIR) "$(DESTDIR)$(INSTALLTOP)/bin" uninstall_runtime_libs: @$(ECHO) "*** Uninstalling runtime libraries" @@ -942,49 +942,49 @@ uninstall_runtime_libs: if [ "$$s" = "dummy" ]; then continue; fi; \ fn=`basename $$s`; \ $(ECHO) "$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ - $(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \ + $(RM) "$(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ done @ : {- output_on() unless windowsdll(); "" -} install_man_docs: build_man_docs @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(MANDIR)/man1 - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(MANDIR)/man3 - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(MANDIR)/man5 - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(MANDIR)/man7 + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(MANDIR)/man1" + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(MANDIR)/man3" + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(MANDIR)/man5" + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(MANDIR)/man7" @$(ECHO) "*** Installing manpages" @set -e; for x in dummy $(MANDOCS1); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "install $$x -> $(DESTDIR)$(MANDIR)/man1/$${fn}$(MANSUFFIX)"; \ - cp $$x $(DESTDIR)$(MANDIR)/man1/$${fn}$(MANSUFFIX); \ - chmod 644 $(DESTDIR)$(MANDIR)/man1/$${fn}$(MANSUFFIX); \ - $(PERL) $(SRCDIR)/util/write-man-symlinks install $(SRCDIR)/doc/man1 $(BLDDIR)/doc/man1 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man1; \ + cp $$x "$(DESTDIR)$(MANDIR)/man1/$${fn}$(MANSUFFIX)"; \ + chmod 644 "$(DESTDIR)$(MANDIR)/man1/$${fn}$(MANSUFFIX)"; \ + $(PERL) $(SRCDIR)/util/write-man-symlinks install $(SRCDIR)/doc/man1 $(BLDDIR)/doc/man1 $${fn}$(MANSUFFIX) "$(DESTDIR)$(MANDIR)/man1"; \ done @set -e; for x in dummy $(MANDOCS3); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "install $$x -> $(DESTDIR)$(MANDIR)/man3/$${fn}$(MANSUFFIX)"; \ - cp $$x $(DESTDIR)$(MANDIR)/man3/$${fn}$(MANSUFFIX); \ - chmod 644 $(DESTDIR)$(MANDIR)/man3/$${fn}$(MANSUFFIX); \ - $(PERL) $(SRCDIR)/util/write-man-symlinks install $(SRCDIR)/doc/man3 $(BLDDIR)/doc/man3 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man3; \ + cp $$x "$(DESTDIR)$(MANDIR)/man3/$${fn}$(MANSUFFIX)"; \ + chmod 644 "$(DESTDIR)$(MANDIR)/man3/$${fn}$(MANSUFFIX)"; \ + $(PERL) $(SRCDIR)/util/write-man-symlinks install $(SRCDIR)/doc/man3 $(BLDDIR)/doc/man3 $${fn}$(MANSUFFIX) "$(DESTDIR)$(MANDIR)/man3"; \ done @set -e; for x in dummy $(MANDOCS5); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "install $$x -> $(DESTDIR)$(MANDIR)/man5/$${fn}$(MANSUFFIX)"; \ - cp $$x $(DESTDIR)$(MANDIR)/man5/$${fn}$(MANSUFFIX); \ - chmod 644 $(DESTDIR)$(MANDIR)/man5/$${fn}$(MANSUFFIX); \ - $(PERL) $(SRCDIR)/util/write-man-symlinks install $(SRCDIR)/doc/man5 $(BLDDIR)/doc/man5 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man5; \ + cp $$x "$(DESTDIR)$(MANDIR)/man5/$${fn}$(MANSUFFIX)"; \ + chmod 644 "$(DESTDIR)$(MANDIR)/man5/$${fn}$(MANSUFFIX)"; \ + $(PERL) $(SRCDIR)/util/write-man-symlinks install $(SRCDIR)/doc/man5 $(BLDDIR)/doc/man5 $${fn}$(MANSUFFIX) "$(DESTDIR)$(MANDIR)/man5"; \ done @set -e; for x in dummy $(MANDOCS7); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "install $$x -> $(DESTDIR)$(MANDIR)/man7/$${fn}$(MANSUFFIX)"; \ - cp $$x $(DESTDIR)$(MANDIR)/man7/$${fn}$(MANSUFFIX); \ - chmod 644 $(DESTDIR)$(MANDIR)/man7/$${fn}$(MANSUFFIX); \ - $(PERL) $(SRCDIR)/util/write-man-symlinks install $(SRCDIR)/doc/man7 $(BLDDIR)/doc/man7 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man7; \ + cp $$x "$(DESTDIR)$(MANDIR)/man7/$${fn}$(MANSUFFIX)"; \ + chmod 644 "$(DESTDIR)$(MANDIR)/man7/$${fn}$(MANSUFFIX)"; \ + $(PERL) $(SRCDIR)/util/write-man-symlinks install $(SRCDIR)/doc/man7 $(BLDDIR)/doc/man7 $${fn}$(MANSUFFIX) "$(DESTDIR)$(MANDIR)/man7"; \ done uninstall_man_docs: build_man_docs @@ -993,65 +993,65 @@ uninstall_man_docs: build_man_docs if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "$(RM) $(DESTDIR)$(MANDIR)/man1/$${fn}$(MANSUFFIX)"; \ - $(RM) $(DESTDIR)$(MANDIR)/man1/$${fn}$(MANSUFFIX); \ - $(PERL) $(SRCDIR)/util/write-man-symlinks uninstall $(SRCDIR)/doc/man1 $(BLDDIR)/doc/man1 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man1; \ + $(RM) "$(DESTDIR)$(MANDIR)/man1/$${fn}$(MANSUFFIX)"; \ + $(PERL) $(SRCDIR)/util/write-man-symlinks uninstall $(SRCDIR)/doc/man1 $(BLDDIR)/doc/man1 $${fn}$(MANSUFFIX) "$(DESTDIR)$(MANDIR)/man1"; \ done @set -e; for x in dummy $(MANDOCS3); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "$(RM) $(DESTDIR)$(MANDIR)/man3/$${fn}$(MANSUFFIX)"; \ - $(RM) $(DESTDIR)$(MANDIR)/man3/$${fn}$(MANSUFFIX); \ - $(PERL) $(SRCDIR)/util/write-man-symlinks uninstall $(SRCDIR)/doc/man3 $(BLDDIR)/doc/man3 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man3; \ + $(RM) "$(DESTDIR)$(MANDIR)/man3/$${fn}$(MANSUFFIX)"; \ + $(PERL) $(SRCDIR)/util/write-man-symlinks uninstall $(SRCDIR)/doc/man3 $(BLDDIR)/doc/man3 $${fn}$(MANSUFFIX) "$(DESTDIR)$(MANDIR)/man3"; \ done @set -e; for x in dummy $(MANDOCS5); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "$(RM) $(DESTDIR)$(MANDIR)/man5/$${fn}$(MANSUFFIX)"; \ - $(RM) $(DESTDIR)$(MANDIR)/man5/$${fn}$(MANSUFFIX); \ - $(PERL) $(SRCDIR)/util/write-man-symlinks uninstall $(SRCDIR)/doc/man5 $(BLDDIR)/doc/man5 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man5; \ + $(RM) "$(DESTDIR)$(MANDIR)/man5/$${fn}$(MANSUFFIX)"; \ + $(PERL) $(SRCDIR)/util/write-man-symlinks uninstall $(SRCDIR)/doc/man5 $(BLDDIR)/doc/man5 $${fn}$(MANSUFFIX) "$(DESTDIR)$(MANDIR)/man5"; \ done @set -e; for x in dummy $(MANDOCS7); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "$(RM) $(DESTDIR)$(MANDIR)/man7/$${fn}$(MANSUFFIX)"; \ - $(RM) $(DESTDIR)$(MANDIR)/man7/$${fn}$(MANSUFFIX); \ - $(PERL) $(SRCDIR)/util/write-man-symlinks uninstall $(SRCDIR)/doc/man7 $(BLDDIR)/doc/man7 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man7; \ + $(RM) "$(DESTDIR)$(MANDIR)/man7/$${fn}$(MANSUFFIX)"; \ + $(PERL) $(SRCDIR)/util/write-man-symlinks uninstall $(SRCDIR)/doc/man7 $(BLDDIR)/doc/man7 $${fn}$(MANSUFFIX) "$(DESTDIR)$(MANDIR)/man7"; \ done install_html_docs: install_image_docs build_html_docs @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(HTMLDIR)/man1 - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(HTMLDIR)/man3 - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(HTMLDIR)/man5 - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(HTMLDIR)/man7 + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(HTMLDIR)/man1" + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(HTMLDIR)/man3" + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(HTMLDIR)/man5" + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(HTMLDIR)/man7" @$(ECHO) "*** Installing HTML manpages" @set -e; for x in dummy $(HTMLDOCS1); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "install $$x -> $(DESTDIR)$(HTMLDIR)/man1/$$fn"; \ - cp $$x $(DESTDIR)$(HTMLDIR)/man1/$$fn; \ - chmod 644 $(DESTDIR)$(HTMLDIR)/man1/$$fn; \ + cp $$x "$(DESTDIR)$(HTMLDIR)/man1/$$fn"; \ + chmod 644 "$(DESTDIR)$(HTMLDIR)/man1/$$fn"; \ done @set -e; for x in dummy $(HTMLDOCS3); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "install $$x -> $(DESTDIR)$(HTMLDIR)/man3/$$fn"; \ - cp $$x $(DESTDIR)$(HTMLDIR)/man3/$$fn; \ - chmod 644 $(DESTDIR)$(HTMLDIR)/man3/$$fn; \ + cp $$x "$(DESTDIR)$(HTMLDIR)/man3/$$fn"; \ + chmod 644 "$(DESTDIR)$(HTMLDIR)/man3/$$fn"; \ done @set -e; for x in dummy $(HTMLDOCS5); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "install $$x -> $(DESTDIR)$(HTMLDIR)/man5/$$fn"; \ - cp $$x $(DESTDIR)$(HTMLDIR)/man5/$$fn; \ - chmod 644 $(DESTDIR)$(HTMLDIR)/man5/$$fn; \ + cp $$x "$(DESTDIR)$(HTMLDIR)/man5/$$fn"; \ + chmod 644 "$(DESTDIR)$(HTMLDIR)/man5/$$fn"; \ done @set -e; for x in dummy $(HTMLDOCS7); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "install $$x -> $(DESTDIR)$(HTMLDIR)/man7/$$fn"; \ - cp $$x $(DESTDIR)$(HTMLDIR)/man7/$$fn; \ - chmod 644 $(DESTDIR)$(HTMLDIR)/man7/$$fn; \ + cp $$x "$(DESTDIR)$(HTMLDIR)/man7/$$fn"; \ + chmod 644 "$(DESTDIR)$(HTMLDIR)/man7/$$fn"; \ done uninstall_html_docs: uninstall_image_docs @@ -1060,35 +1060,35 @@ uninstall_html_docs: uninstall_image_docs if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "$(RM) $(DESTDIR)$(HTMLDIR)/man1/$$fn"; \ - $(RM) $(DESTDIR)$(HTMLDIR)/man1/$$fn; \ + $(RM) "$(DESTDIR)$(HTMLDIR)/man1/$$fn"; \ done @set -e; for x in dummy $(HTMLDOCS3); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "$(RM) $(DESTDIR)$(HTMLDIR)/man3/$$fn"; \ - $(RM) $(DESTDIR)$(HTMLDIR)/man3/$$fn; \ + $(RM) "$(DESTDIR)$(HTMLDIR)/man3/$$fn"; \ done @set -e; for x in dummy $(HTMLDOCS5); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "$(RM) $(DESTDIR)$(HTMLDIR)/man5/$$fn"; \ - $(RM) $(DESTDIR)$(HTMLDIR)/man5/$$fn; \ + $(RM) "$(DESTDIR)$(HTMLDIR)/man5/$$fn"; \ done @set -e; for x in dummy $(HTMLDOCS7); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "$(RM) $(DESTDIR)$(HTMLDIR)/man7/$$fn"; \ - $(RM) $(DESTDIR)$(HTMLDIR)/man7/$$fn; \ + $(RM) "$(DESTDIR)$(HTMLDIR)/man7/$$fn"; \ done install_image_docs: - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(HTMLDIR)/man7/img + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(HTMLDIR)/man7/img" @set -e; for x in dummy $(IMAGEDOCS7); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "install $$x -> $(DESTDIR)$(HTMLDIR)/man7/img/$$fn"; \ - cp $(SRCDIR)/$$x $(DESTDIR)$(HTMLDIR)/man7/img/$$fn; \ - chmod 644 $(DESTDIR)$(HTMLDIR)/man7/img/$$fn; \ + cp $(SRCDIR)/$$x "$(DESTDIR)$(HTMLDIR)/man7/img/$$fn"; \ + chmod 644 "$(DESTDIR)$(HTMLDIR)/man7/img/$$fn"; \ done uninstall_image_docs: @@ -1096,7 +1096,7 @@ uninstall_image_docs: if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "$(RM) $(DESTDIR)$(HTMLDIR)/man7/img/$$fn"; \ - $(RM) $(DESTDIR)$(HTMLDIR)/man7/img/$$fn; \ + $(RM) "$(DESTDIR)$(HTMLDIR)/man7/img/$$fn"; \ done # Developer targets (note: these are only available on Unix) ######### diff --git a/deps/openssl/openssl/Configure b/deps/openssl/openssl/Configure index 8c0e683688db6e..63440170287d5a 100755 --- a/deps/openssl/openssl/Configure +++ b/deps/openssl/openssl/Configure @@ -599,8 +599,7 @@ my @disable_cascades = ( "crypto-mdebug" => [ "crypto-mdebug-backtrace" ], - # If no modules, then no dynamic engines either - "module" => [ "dynamic-engine" ], + "module" => [ "dynamic-engine", "fips" ], # Without shared libraries, dynamic engines aren't possible. # This is due to them having to link with libcrypto and register features @@ -618,8 +617,6 @@ my @disable_cascades = ( # or modules. "pic" => [ "shared", "module" ], - "module" => [ "fips", "dso" ], - "engine" => [ "dynamic-engine", grep(/eng$/, @disablables) ], "dynamic-engine" => [ "loadereng" ], "hw" => [ "padlockeng" ], diff --git a/deps/openssl/openssl/INSTALL.md b/deps/openssl/openssl/INSTALL.md index 59d7d869e982d0..87b1faef90f719 100644 --- a/deps/openssl/openssl/INSTALL.md +++ b/deps/openssl/openssl/INSTALL.md @@ -2,8 +2,8 @@ Build and Install ================= This document describes installation on all supported operating -systems (the Unix/Linux family, including macOS), OpenVMS, -and Windows). +systems: the Unix/Linux family (including macOS), OpenVMS, +and Windows. Table of Contents ================= @@ -796,14 +796,22 @@ By default OpenSSL will attempt to stay in memory until the process exits. This is so that libcrypto and libssl can be properly cleaned up automatically via an `atexit()` handler. The handler is registered by libcrypto and cleans up both libraries. On some platforms the `atexit()` handler will run on unload of -libcrypto (if it has been dynamically loaded) rather than at process exit. This -option can be used to stop OpenSSL from attempting to stay in memory until the +libcrypto (if it has been dynamically loaded) rather than at process exit. + +This option can be used to stop OpenSSL from attempting to stay in memory until the process exits. This could lead to crashes if either libcrypto or libssl have already been unloaded at the point that the atexit handler is invoked, e.g. on a platform which calls `atexit()` on unload of the library, and libssl is unloaded -before libcrypto then a crash is likely to happen. Applications can suppress -running of the `atexit()` handler at run time by using the -`OPENSSL_INIT_NO_ATEXIT` option to `OPENSSL_init_crypto()`. +before libcrypto then a crash is likely to happen. + +Note that shared library pinning is not automatically disabled for static builds, +i.e., `no-shared` does not imply `no-pinshared`. This may come as a surprise when +linking libcrypto statically into a shared third-party library, because in this +case the shared library will be pinned. To prevent this behaviour, you need to +configure the static build using `no-shared` and `no-pinshared` together. + +Applications can suppress running of the `atexit()` handler at run time by +using the `OPENSSL_INIT_NO_ATEXIT` option to `OPENSSL_init_crypto()`. See the man page for it for further details. ### no-posix-io diff --git a/deps/openssl/openssl/NEWS.md b/deps/openssl/openssl/NEWS.md index 10fbf5c9481c04..8f0d973e057bb8 100644 --- a/deps/openssl/openssl/NEWS.md +++ b/deps/openssl/openssl/NEWS.md @@ -18,6 +18,22 @@ OpenSSL Releases OpenSSL 3.0 ----------- +### Major changes between OpenSSL 3.0.11 and OpenSSL 3.0.12 [24 Oct 2023] + + * Mitigate incorrect resize handling for symmetric cipher keys and IVs. + ([CVE-2023-5363]) + +### Major changes between OpenSSL 3.0.10 and OpenSSL 3.0.11 [19 Sep 2023] + + * Fix POLY1305 MAC implementation corrupting XMM registers on Windows + ([CVE-2023-4807]) + +### Major changes between OpenSSL 3.0.9 and OpenSSL 3.0.10 [1 Aug 2023] + + * Fix excessive time spent checking DH q parameter value ([CVE-2023-3817]) + * Fix DH_check() excessive time with over sized modulus ([CVE-2023-3446]) + * Do not ignore empty associated data entries with AES-SIV ([CVE-2023-2975]) + ### Major changes between OpenSSL 3.0.8 and OpenSSL 3.0.9 [30 May 2023] * Mitigate for very slow `OBJ_obj2txt()` performance with gigantic OBJECT @@ -1442,6 +1458,11 @@ OpenSSL 0.9.x +[CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363 +[CVE-2023-4807]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-4807 +[CVE-2023-3817]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3817 +[CVE-2023-3446]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3446 +[CVE-2023-2975]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2975 [CVE-2023-2650]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2650 [CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255 [CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466 diff --git a/deps/openssl/openssl/README-FIPS.md b/deps/openssl/openssl/README-FIPS.md index ba88ff2c4e98fe..c79552b2d8ad66 100644 --- a/deps/openssl/openssl/README-FIPS.md +++ b/deps/openssl/openssl/README-FIPS.md @@ -2,7 +2,7 @@ OpenSSL FIPS support ==================== This release of OpenSSL includes a cryptographic module that can be -FIPS 140-2 validated. The module is implemented as an OpenSSL provider. +FIPS validated. The module is implemented as an OpenSSL provider. A provider is essentially a dynamically loadable module which implements cryptographic algorithms, see the [README-PROVIDERS](README-PROVIDERS.md) file for further details. @@ -28,8 +28,16 @@ resp. `fips.dll` (on Windows). The FIPS provider does not get built and installed automatically. To enable it, you need to configure OpenSSL using the `enable-fips` option. -Installing the FIPS module -========================== +Installing the FIPS provider +============================ + +In order to be FIPS compliant you must only use FIPS validated source code. +Refer to for information related to +which versions are FIPS validated. The instructions given below build OpenSSL +just using the FIPS validated source code. + +If you want to use a validated FIPS provider, but also want to use the latest +OpenSSL release to build everything else, then refer to the next section. The following is only a guide. Please read the Security Policy for up to date installation instructions. @@ -63,11 +71,12 @@ the installation by doing the following two things: - Runs the FIPS module self tests - Generates the so-called FIPS module configuration file containing information - about the module such as the self test status, and the module checksum. + about the module such as the module checksum (and for OpenSSL 3.0 the + self test status). The FIPS module must have the self tests run, and the FIPS module config file -output generated on every machine that it is to be used on. You must not copy -the FIPS module config file output data from one machine to another. +output generated on every machine that it is to be used on. For OpenSSL 3.0, +you must not copy the FIPS module config file output data from one machine to another. On Unix the `openssl fipsinstall` command will be invoked as follows by default: @@ -75,7 +84,80 @@ On Unix the `openssl fipsinstall` command will be invoked as follows by default: If you configured OpenSSL to be installed to a different location, the paths will vary accordingly. In the rare case that you need to install the fipsmodule.cnf -to non-standard location, you can execute the `openssl fipsinstall` command manually. +to a non-standard location, you can execute the `openssl fipsinstall` command manually. + +Installing the FIPS provider and using it with the latest release +================================================================= + +This normally requires you to download 2 copies of the OpenSSL source code. + +Download and build a validated FIPS provider +-------------------------------------------- + +Refer to for information related to +which versions are FIPS validated. For this example we use OpenSSL 3.0.0. + + $ wget https://www.openssl.org/source/openssl-3.0.0.tar.gz + $ tar -xf openssl-3.0.0.tar.gz + $ cd openssl-3.0.0 + $ ./Configure enable-fips + $ make + $ cd .. + +Download and build the latest release of OpenSSL +------------------------------------------------ + +We use OpenSSL 3.1.0 here, (but you could also use the latest 3.0.X) + + $ wget https://www.openssl.org/source/openssl-3.1.0.tar.gz + $ tar -xf openssl-3.1.0.tar.gz + $ cd openssl-3.1.0 + $ ./Configure enable-fips + $ make + +Use the OpenSSL FIPS provider for testing +----------------------------------------- + +We do this by replacing the artifact for the OpenSSL 3.1.0 FIPS provider. +Note that the OpenSSL 3.1.0 FIPS provider has not been validated +so it must not be used for FIPS purposes. + + $ cp ../openssl-3.0.0/providers/fips.so providers/. + $ cp ../openssl-3.0.0/providers/fipsmodule.cnf providers/. + // Note that for OpenSSL 3.0 that the `fipsmodule.cnf` file should not + // be copied across multiple machines if it contains an entry for + // `install-status`. (Otherwise the self tests would be skipped). + + // Validate the output of the following to make sure we are using the + // OpenSSL 3.0.0 FIPS provider + $ ./util/wrap.pl -fips apps/openssl list -provider-path providers \ + -provider fips -providers + + // Now run the current tests using the OpenSSL 3.0 FIPS provider. + $ make tests + +Copy the FIPS provider artifacts (`fips.so` & `fipsmodule.cnf`) to known locations +------------------------------------------------------------------------------------- + + $ cd ../openssl-3.0.0 + $ sudo make install_fips + +Check that the correct FIPS provider is being used +-------------------------------------------------- + + $./util/wrap.pl -fips apps/openssl list -provider-path providers \ + -provider fips -providers + + // This should produce the following output + Providers: + base + name: OpenSSL Base Provider + version: 3.1.0 + status: active + fips + name: OpenSSL FIPS Provider + version: 3.0.0 + status: active Using the FIPS Module in applications ===================================== diff --git a/deps/openssl/openssl/README-OpenSSL.md b/deps/openssl/openssl/README-OpenSSL.md index f2f4fd39ad05bb..b848d050132aae 100644 --- a/deps/openssl/openssl/README-OpenSSL.md +++ b/deps/openssl/openssl/README-OpenSSL.md @@ -166,7 +166,7 @@ attempting to develop or distribute cryptographic code. Copyright ========= -Copyright (c) 1998-2022 The OpenSSL Project +Copyright (c) 1998-2023 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/deps/openssl/openssl/README.md b/deps/openssl/openssl/README.md index 0a76794507312a..e73b04b378e322 100644 --- a/deps/openssl/openssl/README.md +++ b/deps/openssl/openssl/README.md @@ -4,7 +4,7 @@ What This Is This is a fork of [OpenSSL](https://www.openssl.org) to enable QUIC. In addition to the website, the official source distribution is at . The OpenSSL `README` can be found at -[README-OpenSSL.md](https://github.com/quictls/openssl/blob/openssl-3.0.9%2Bquic/README-OpenSSL.md) +[README-OpenSSL.md](https://github.com/quictls/openssl/blob/openssl-3.0.12%2Bquic/README-OpenSSL.md) This fork adds APIs that can be used by QUIC implementations for connection handshakes. Quoting the IETF Working group diff --git a/deps/openssl/openssl/VERSION.dat b/deps/openssl/openssl/VERSION.dat index 124f93e4b03e73..d416c3662e5dd1 100644 --- a/deps/openssl/openssl/VERSION.dat +++ b/deps/openssl/openssl/VERSION.dat @@ -1,7 +1,7 @@ MAJOR=3 MINOR=0 -PATCH=9 +PATCH=12 PRE_RELEASE_TAG= BUILD_METADATA=quic -RELEASE_DATE="30 May 2023" +RELEASE_DATE="24 Oct 2023" SHLIB_VERSION=81.3 diff --git a/deps/openssl/openssl/apps/ca.c b/deps/openssl/openssl/apps/ca.c index e14a5cff78023c..a7a5ab1ecefb4b 100644 --- a/deps/openssl/openssl/apps/ca.c +++ b/deps/openssl/openssl/apps/ca.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -628,6 +628,8 @@ int ca_main(int argc, char **argv) f = NCONF_get_string(conf, section, ENV_NAMEOPT); + if (f == NULL) + ERR_clear_error(); if (f != NULL) { if (!set_nameopt(f)) { BIO_printf(bio_err, "Invalid name options: \"%s\"\n", f); @@ -785,8 +787,10 @@ int ca_main(int argc, char **argv) /* We can have sections in the ext file */ if (extensions == NULL) { extensions = NCONF_get_string(extfile_conf, "default", "extensions"); - if (extensions == NULL) + if (extensions == NULL) { + ERR_clear_error(); extensions = "default"; + } } } @@ -802,15 +806,20 @@ int ca_main(int argc, char **argv) /* * EVP_PKEY_get_default_digest_name() returns 2 if the digest is * mandatory for this algorithm. + * + * That call may give back the name "UNDEF", which has these meanings: + * + * when def_ret == 2: the user MUST leave the digest unspecified + * when def_ret == 1: the user MAY leave the digest unspecified */ if (def_ret == 2 && strcmp(def_dgst, "UNDEF") == 0) { - /* The signing algorithm requires there to be no digest */ dgst = NULL; } else if (dgst == NULL - && (dgst = lookup_conf(conf, section, ENV_DEFAULT_MD)) == NULL) { + && (dgst = lookup_conf(conf, section, ENV_DEFAULT_MD)) == NULL + && strcmp(def_dgst, "UNDEF") != 0) { goto end; } else { - if (strcmp(dgst, "default") == 0) { + if (strcmp(dgst, "default") == 0 || strcmp(def_dgst, "UNDEF") == 0) { if (def_ret <= 0) { BIO_puts(bio_err, "no default digest\n"); goto end; @@ -824,6 +833,8 @@ int ca_main(int argc, char **argv) char *tmp_email_dn = NULL; tmp_email_dn = NCONF_get_string(conf, section, ENV_DEFAULT_EMAIL_DN); + if (tmp_email_dn == NULL) + ERR_clear_error(); if (tmp_email_dn != NULL && strcmp(tmp_email_dn, "no") == 0) email_dn = 0; } @@ -839,6 +850,7 @@ int ca_main(int argc, char **argv) if (NCONF_get_string(conf, section, ENV_RAND_SERIAL) != NULL) { rand_ser = 1; } else { + ERR_clear_error(); serialfile = lookup_conf(conf, section, ENV_SERIAL); if (serialfile == NULL) goto end; @@ -908,8 +920,10 @@ int ca_main(int argc, char **argv) } if (days == 0) { - if (!NCONF_get_number(conf, section, ENV_DEFAULT_DAYS, &days)) + if (!NCONF_get_number(conf, section, ENV_DEFAULT_DAYS, &days)) { + ERR_clear_error(); days = 0; + } } if (enddate == NULL && days == 0) { BIO_printf(bio_err, "cannot lookup how many days to certify for\n"); @@ -1034,7 +1048,7 @@ int ca_main(int argc, char **argv) } } /* - * we have a stack of newly certified certificates and a data base + * we have a stack of newly certified certificates and a database * and serial number that need updating */ @@ -1135,7 +1149,7 @@ int ca_main(int argc, char **argv) if (!rotate_index(dbfile, "new", "old")) goto end; - BIO_printf(bio_err, "Data Base Updated\n"); + BIO_printf(bio_err, "Database updated\n"); } } @@ -1161,22 +1175,28 @@ int ca_main(int argc, char **argv) } } - if ((crlnumberfile = NCONF_get_string(conf, section, ENV_CRLNUMBER)) - != NULL) + crlnumberfile = NCONF_get_string(conf, section, ENV_CRLNUMBER); + if (crlnumberfile != NULL) { if ((crlnumber = load_serial(crlnumberfile, NULL, 0, NULL)) == NULL) { BIO_printf(bio_err, "error while loading CRL number\n"); goto end; } + } else { + ERR_clear_error(); + } if (!crldays && !crlhours && !crlsec) { if (!NCONF_get_number(conf, section, - ENV_DEFAULT_CRL_DAYS, &crldays)) + ENV_DEFAULT_CRL_DAYS, &crldays)) { + ERR_clear_error(); crldays = 0; + } if (!NCONF_get_number(conf, section, - ENV_DEFAULT_CRL_HOURS, &crlhours)) + ENV_DEFAULT_CRL_HOURS, &crlhours)) { + ERR_clear_error(); crlhours = 0; - ERR_clear_error(); + } } if ((crl_nextupdate == NULL) && (crldays == 0) && (crlhours == 0) && (crlsec == 0)) { @@ -1316,7 +1336,7 @@ int ca_main(int argc, char **argv) if (!rotate_index(dbfile, "new", "old")) goto end; - BIO_printf(bio_err, "Data Base Updated\n"); + BIO_printf(bio_err, "Database updated\n"); } } ret = 0; @@ -1758,7 +1778,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, if (verbose) BIO_printf(bio_err, - "The subject name appears to be ok, checking data base for clashes\n"); + "The subject name appears to be ok, checking database for clashes\n"); /* Build the correct Subject if no e-mail is wanted in the subject. */ if (!email_dn) { @@ -1847,7 +1867,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, else if (rrow[DB_type][0] == DB_TYPE_VAL) p = "Valid"; else - p = "\ninvalid type, Data base error\n"; + p = "\ninvalid type, Database error\n"; BIO_printf(bio_err, "Type :%s\n", p);; if (rrow[DB_type][0] == DB_TYPE_REV) { p = rrow[DB_exp_date]; diff --git a/deps/openssl/openssl/apps/cmp.c b/deps/openssl/openssl/apps/cmp.c index 3463579c24fb74..c479b15496607f 100644 --- a/deps/openssl/openssl/apps/cmp.c +++ b/deps/openssl/openssl/apps/cmp.c @@ -2115,7 +2115,7 @@ static const char *prev_item(const char *opt, const char *end) beg = end; while (beg > opt) { --beg; - if (beg[0] == ',' || isspace(beg[0])) { + if (beg[0] == ',' || isspace(_UC(beg[0]))) { ++beg; break; } @@ -2130,7 +2130,7 @@ static const char *prev_item(const char *opt, const char *end) opt_item[len] = '\0'; while (beg > opt) { --beg; - if (beg[0] != ',' && !isspace(beg[0])) { + if (beg[0] != ',' && !isspace(_UC(beg[0]))) { ++beg; break; } @@ -2148,6 +2148,7 @@ static char *conf_get_string(const CONF *src_conf, const char *groups, while ((end = prev_item(groups, end)) != NULL) { if ((res = NCONF_get_string(src_conf, opt_item, name)) != NULL) return res; + ERR_clear_error(); } return res; } @@ -2511,7 +2512,7 @@ static int get_opts(int argc, char **argv) } break; case OPT_CSR: - opt_csr = opt_arg(); + opt_csr = opt_str(); break; case OPT_OUT_TRUSTED: opt_out_trusted = opt_str(); diff --git a/deps/openssl/openssl/apps/cms.c b/deps/openssl/openssl/apps/cms.c index 76c7896719376f..0d1730c56fbb07 100644 --- a/deps/openssl/openssl/apps/cms.c +++ b/deps/openssl/openssl/apps/cms.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -796,6 +796,9 @@ int cms_main(int argc, char **argv) if ((operation & SMIME_IP) == 0 && contfile != NULL) BIO_printf(bio_err, "Warning: -contfile option is ignored for the given operation\n"); + if (operation != SMIME_ENCRYPT && *argv != NULL) + BIO_printf(bio_err, + "Warning: recipient certificate file parameters ignored for operation other than -encrypt\n"); if ((flags & CMS_BINARY) != 0) { if (!(operation & SMIME_OP)) @@ -823,19 +826,13 @@ int cms_main(int argc, char **argv) goto end; } - if (*argv != NULL) { - if (operation == SMIME_ENCRYPT) { - for (; *argv != NULL; argv++) { - cert = load_cert(*argv, FORMAT_UNDEF, - "recipient certificate file"); - if (cert == NULL) - goto end; - sk_X509_push(encerts, cert); - cert = NULL; - } - } else { - BIO_printf(bio_err, "Warning: recipient certificate file parameters ignored for operation other than -encrypt\n"); - } + for (; *argv != NULL; argv++) { + cert = load_cert(*argv, FORMAT_UNDEF, + "recipient certificate file"); + if (cert == NULL) + goto end; + sk_X509_push(encerts, cert); + cert = NULL; } } diff --git a/deps/openssl/openssl/apps/dgst.c b/deps/openssl/openssl/apps/dgst.c index e12389197de4a6..3f02af0d5738ab 100644 --- a/deps/openssl/openssl/apps/dgst.c +++ b/deps/openssl/openssl/apps/dgst.c @@ -320,6 +320,8 @@ int dgst_main(int argc, char **argv) sigkey = app_keygen(mac_ctx, mac_name, 0, 0 /* not verbose */); /* Verbose output would make external-tests gost-engine fail */ EVP_PKEY_CTX_free(mac_ctx); + if (sigkey == NULL) + goto end; } if (hmac_key != NULL) { diff --git a/deps/openssl/openssl/apps/dhparam.c b/deps/openssl/openssl/apps/dhparam.c index 43906cea56497b..2a54dca9d8b552 100644 --- a/deps/openssl/openssl/apps/dhparam.c +++ b/deps/openssl/openssl/apps/dhparam.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -222,6 +222,8 @@ int dhparam_main(int argc, char **argv) } tmppkey = app_paramgen(ctx, alg); + if (tmppkey == NULL) + goto end; EVP_PKEY_CTX_free(ctx); ctx = NULL; if (dsaparam) { diff --git a/deps/openssl/openssl/apps/dsaparam.c b/deps/openssl/openssl/apps/dsaparam.c index b5555282be6e18..ca91beb5b893bb 100644 --- a/deps/openssl/openssl/apps/dsaparam.c +++ b/deps/openssl/openssl/apps/dsaparam.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -218,6 +218,8 @@ int dsaparam_main(int argc, char **argv) goto end; } pkey = app_keygen(ctx, "DSA", numbits, verbose); + if (pkey == NULL) + goto end; assert(private); if (outformat == FORMAT_ASN1) i = i2d_PrivateKey_bio(out, pkey); diff --git a/deps/openssl/openssl/apps/enc.c b/deps/openssl/openssl/apps/enc.c index b3bf4cc2592d01..c275046cf57a64 100644 --- a/deps/openssl/openssl/apps/enc.c +++ b/deps/openssl/openssl/apps/enc.c @@ -624,7 +624,10 @@ int enc_main(int argc, char **argv) } } if (!BIO_flush(wbio)) { - BIO_printf(bio_err, "bad decrypt\n"); + if (enc) + BIO_printf(bio_err, "bad encrypt\n"); + else + BIO_printf(bio_err, "bad decrypt\n"); goto end; } diff --git a/deps/openssl/openssl/apps/gendsa.c b/deps/openssl/openssl/apps/gendsa.c index 27feb793fed23c..8aefca65566c59 100644 --- a/deps/openssl/openssl/apps/gendsa.c +++ b/deps/openssl/openssl/apps/gendsa.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -146,6 +146,8 @@ int gendsa_main(int argc, char **argv) goto end; } pkey = app_keygen(ctx, "DSA", nbits, verbose); + if (pkey == NULL) + goto end; assert(private); if (!PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, passout)) { diff --git a/deps/openssl/openssl/apps/genpkey.c b/deps/openssl/openssl/apps/genpkey.c index d00754eeaca09f..705e5c76b47dc0 100644 --- a/deps/openssl/openssl/apps/genpkey.c +++ b/deps/openssl/openssl/apps/genpkey.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -183,6 +183,8 @@ int genpkey_main(int argc, char **argv) pkey = do_param ? app_paramgen(ctx, algname) : app_keygen(ctx, algname, 0, 0 /* not verbose */); + if (pkey == NULL) + goto end; if (do_param) { rv = PEM_write_bio_Parameters(out, pkey); diff --git a/deps/openssl/openssl/apps/genrsa.c b/deps/openssl/openssl/apps/genrsa.c index 4436b7fa1745a9..6a683517a15fc7 100644 --- a/deps/openssl/openssl/apps/genrsa.c +++ b/deps/openssl/openssl/apps/genrsa.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -203,6 +203,8 @@ int genrsa_main(int argc, char **argv) goto end; } pkey = app_keygen(ctx, "RSA", num, verbose); + if (pkey == NULL) + goto end; if (verbose) { BIGNUM *e = NULL; diff --git a/deps/openssl/openssl/apps/lib/apps.c b/deps/openssl/openssl/apps/lib/apps.c index 79afa1deab9922..a632b0cff2bf68 100644 --- a/deps/openssl/openssl/apps/lib/apps.c +++ b/deps/openssl/openssl/apps/lib/apps.c @@ -638,13 +638,13 @@ void *app_malloc(size_t sz, const char *what) char *next_item(char *opt) /* in list separated by comma and/or space */ { /* advance to separator (comma or whitespace), if any */ - while (*opt != ',' && !isspace(*opt) && *opt != '\0') + while (*opt != ',' && !isspace(_UC(*opt)) && *opt != '\0') opt++; if (*opt != '\0') { /* terminate current item */ *opt++ = '\0'; /* skip over any whitespace after separator */ - while (isspace(*opt)) + while (isspace(_UC(*opt))) opt++; } return *opt == '\0' ? NULL : opt; /* NULL indicates end of input */ @@ -944,7 +944,7 @@ int load_key_certs_crls_suppress(const char *uri, int format, int maybe_stdin, BIO *bio; if (!maybe_stdin) { - BIO_printf(bio_err, "No filename or uri specified for loading"); + BIO_printf(bio_err, "No filename or uri specified for loading\n"); goto end; } uri = ""; @@ -964,8 +964,10 @@ int load_key_certs_crls_suppress(const char *uri, int format, int maybe_stdin, BIO_printf(bio_err, "Could not open file or uri for loading"); goto end; } - if (expect > 0 && !OSSL_STORE_expect(ctx, expect)) + if (expect > 0 && !OSSL_STORE_expect(ctx, expect)) { + BIO_printf(bio_err, "Internal error trying to load"); goto end; + } failed = NULL; while (cnt_expectations > 0 && !OSSL_STORE_eof(ctx)) { @@ -1679,7 +1681,10 @@ CA_DB *load_index(const char *dbfile, DB_ATTR *db_attr) char *p = NCONF_get_string(dbattr_conf, NULL, "unique_subject"); if (p) { retdb->attributes.unique_subject = parse_yesno(p, 1); + } else { + ERR_clear_error(); } + } retdb->dbfname = OPENSSL_strdup(dbfile); @@ -1945,16 +1950,17 @@ X509_NAME *parse_name(const char *cp, int chtype, int canmulti, nid = OBJ_txt2nid(typestr); if (nid == NID_undef) { BIO_printf(bio_err, - "%s: Skipping unknown %s name attribute \"%s\"\n", + "%s warning: Skipping unknown %s name attribute \"%s\"\n", opt_getprog(), desc, typestr); if (ismulti) BIO_printf(bio_err, - "Hint: a '+' in a value string needs be escaped using '\\' else a new member of a multi-valued RDN is expected\n"); + "%s hint: a '+' in a value string needs be escaped using '\\' else a new member of a multi-valued RDN is expected\n", + opt_getprog()); continue; } if (*valstr == '\0') { BIO_printf(bio_err, - "%s: No value provided for %s name attribute \"%s\", skipped\n", + "%s warning: No value provided for %s name attribute \"%s\", skipped\n", opt_getprog(), desc, typestr); continue; } @@ -2008,7 +2014,8 @@ int bio_to_mem(unsigned char **out, int maxlen, BIO *in) BIO_free(mem); return -1; } - maxlen -= len; + if (maxlen != -1) + maxlen -= len; if (maxlen == 0) break; @@ -3356,8 +3363,8 @@ EVP_PKEY *app_keygen(EVP_PKEY_CTX *ctx, const char *alg, int bits, int verbose) BIO_printf(bio_err, "Warning: generating random key material may take a long time\n" "if the system has a poor entropy source\n"); if (EVP_PKEY_keygen(ctx, &res) <= 0) - app_bail_out("%s: Error generating %s key\n", opt_getprog(), - alg != NULL ? alg : "asymmetric"); + BIO_printf(bio_err, "%s: Error generating %s key\n", opt_getprog(), + alg != NULL ? alg : "asymmetric"); return res; } @@ -3369,8 +3376,8 @@ EVP_PKEY *app_paramgen(EVP_PKEY_CTX *ctx, const char *alg) BIO_printf(bio_err, "Warning: generating random key parameters may take a long time\n" "if the system has a poor entropy source\n"); if (EVP_PKEY_paramgen(ctx, &res) <= 0) - app_bail_out("%s: Generating %s key parameters failed\n", - opt_getprog(), alg != NULL ? alg : "asymmetric"); + BIO_printf(bio_err, "%s: Generating %s key parameters failed\n", + opt_getprog(), alg != NULL ? alg : "asymmetric"); return res; } diff --git a/deps/openssl/openssl/apps/pkeyutl.c b/deps/openssl/openssl/apps/pkeyutl.c index 518a74166153fd..3c9f9025a1609d 100644 --- a/deps/openssl/openssl/apps/pkeyutl.c +++ b/deps/openssl/openssl/apps/pkeyutl.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -421,7 +421,7 @@ int pkeyutl_main(int argc, char **argv) /* Raw input data is handled elsewhere */ if (in != NULL && !rawin) { /* Read the input data */ - buf_inlen = bio_to_mem(&buf_in, keysize * 10, in); + buf_inlen = bio_to_mem(&buf_in, -1, in); if (buf_inlen < 0) { BIO_printf(bio_err, "Error reading input Data\n"); goto end; diff --git a/deps/openssl/openssl/apps/req.c b/deps/openssl/openssl/apps/req.c index 23757044ab7f46..41191803aef417 100644 --- a/deps/openssl/openssl/apps/req.c +++ b/deps/openssl/openssl/apps/req.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -199,7 +199,7 @@ static int duplicated(LHASH_OF(OPENSSL_STRING) *addexts, char *kv) /* Check syntax. */ /* Skip leading whitespace, make a copy. */ - while (*kv && isspace(*kv)) + while (*kv && isspace(_UC(*kv))) if (*++kv == '\0') return 1; if ((p = strchr(kv, '=')) == NULL) @@ -210,7 +210,7 @@ static int duplicated(LHASH_OF(OPENSSL_STRING) *addexts, char *kv) /* Skip trailing space before the equal sign. */ for (p = kv + off; p > kv; --p) - if (!isspace(p[-1])) + if (!isspace(_UC(p[-1]))) break; if (p == kv) { OPENSSL_free(kv); @@ -635,8 +635,10 @@ int req_main(int argc, char **argv) if (newreq && pkey == NULL) { app_RAND_load_conf(req_conf, section); - if (!NCONF_get_number(req_conf, section, BITS, &newkey_len)) + if (!NCONF_get_number(req_conf, section, BITS, &newkey_len)) { + ERR_clear_error(); newkey_len = DEFAULT_KEY_LENGTH; + } genctx = set_keygen_ctx(keyalg, &keyalgstr, &newkey_len, gen_eng); if (genctx == NULL) @@ -683,6 +685,8 @@ int req_main(int argc, char **argv) EVP_PKEY_CTX_set_app_data(genctx, bio_err); pkey = app_keygen(genctx, keyalgstr, newkey_len, verbose); + if (pkey == NULL) + goto end; EVP_PKEY_CTX_free(genctx); genctx = NULL; @@ -988,10 +992,10 @@ int req_main(int argc, char **argv) else tpubkey = X509_REQ_get0_pubkey(req); if (tpubkey == NULL) { - fprintf(stdout, "Modulus is unavailable\n"); + BIO_puts(bio_err, "Modulus is unavailable\n"); goto end; } - fprintf(stdout, "Modulus="); + BIO_puts(out, "Modulus="); if (EVP_PKEY_is_a(tpubkey, "RSA") || EVP_PKEY_is_a(tpubkey, "RSA-PSS")) { BIGNUM *n = NULL; @@ -1000,9 +1004,9 @@ int req_main(int argc, char **argv) BN_print(out, n); BN_free(n); } else { - fprintf(stdout, "Wrong Algorithm type"); + BIO_puts(out, "Wrong Algorithm type"); } - fprintf(stdout, "\n"); + BIO_puts(out, "\n"); } if (!noout && !gen_x509) { diff --git a/deps/openssl/openssl/apps/s_client.c b/deps/openssl/openssl/apps/s_client.c index a9142386428de0..efa2879ca0e703 100644 --- a/deps/openssl/openssl/apps/s_client.c +++ b/deps/openssl/openssl/apps/s_client.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2005 Nokia. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -2271,7 +2271,7 @@ int s_client_main(int argc, char **argv) do { mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); } - while (mbuf_len > 3 && (!isdigit(mbuf[0]) || !isdigit(mbuf[1]) || !isdigit(mbuf[2]) || mbuf[3] != ' ')); + while (mbuf_len > 3 && (!isdigit((unsigned char)mbuf[0]) || !isdigit((unsigned char)mbuf[1]) || !isdigit((unsigned char)mbuf[2]) || mbuf[3] != ' ')); (void)BIO_flush(fbio); BIO_pop(fbio); BIO_free(fbio); diff --git a/deps/openssl/openssl/apps/s_server.c b/deps/openssl/openssl/apps/s_server.c index a203d6a091cac3..c8ccdfd03ca196 100644 --- a/deps/openssl/openssl/apps/s_server.c +++ b/deps/openssl/openssl/apps/s_server.c @@ -789,7 +789,7 @@ const OPTIONS s_server_options[] = { "second server certificate chain file in PEM format"}, {"dkey", OPT_DKEY, '<', "Second private key file to use (usually for DSA)"}, - {"dkeyform", OPT_DKEYFORM, 'F', + {"dkeyform", OPT_DKEYFORM, 'f', "Second key file format (ENGINE, other values ignored)"}, {"dpass", OPT_DPASS, 's', "Second private key and cert file pass phrase source"}, diff --git a/deps/openssl/openssl/apps/speed.c b/deps/openssl/openssl/apps/speed.c index addf7e32137f56..1113d775b8ab98 100644 --- a/deps/openssl/openssl/apps/speed.c +++ b/deps/openssl/openssl/apps/speed.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -1005,6 +1005,13 @@ static int EdDSA_sign_loop(void *args) int ret, count; for (count = 0; COND(eddsa_c[testnum][0]); count++) { + ret = EVP_DigestSignInit(edctx[testnum], NULL, NULL, NULL, NULL); + if (ret == 0) { + BIO_printf(bio_err, "EdDSA sign init failure\n"); + ERR_print_errors(bio_err); + count = -1; + break; + } ret = EVP_DigestSign(edctx[testnum], eddsasig, eddsasigsize, buf, 20); if (ret == 0) { BIO_printf(bio_err, "EdDSA sign failure\n"); @@ -1026,6 +1033,13 @@ static int EdDSA_verify_loop(void *args) int ret, count; for (count = 0; COND(eddsa_c[testnum][1]); count++) { + ret = EVP_DigestVerifyInit(edctx[testnum], NULL, NULL, NULL, NULL); + if (ret == 0) { + BIO_printf(bio_err, "EdDSA verify init failure\n"); + ERR_print_errors(bio_err); + count = -1; + break; + } ret = EVP_DigestVerify(edctx[testnum], eddsasig, eddsasigsize, buf, 20); if (ret != 1) { BIO_printf(bio_err, "EdDSA verify failure\n"); @@ -3133,12 +3147,22 @@ int speed_main(int argc, char **argv) } for (k = 0; k < ALGOR_NUM; k++) { + const char *alg_name = names[k]; + if (!doit[k]) continue; + + if (k == D_EVP) { + if (evp_cipher == NULL) + alg_name = evp_md_name; + else if ((alg_name = EVP_CIPHER_get0_name(evp_cipher)) == NULL) + app_bail_out("failed to get name of cipher '%s'\n", evp_cipher); + } + if (mr) - printf("+F:%u:%s", k, names[k]); + printf("+F:%u:%s", k, alg_name); else - printf("%-13s", names[k]); + printf("%-13s", alg_name); for (testnum = 0; testnum < size_num; testnum++) { if (results[k][testnum] > 10000 && !mr) printf(" %11.2fk", results[k][testnum] / 1e3); @@ -3676,7 +3700,8 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single, } else { int pad; - RAND_bytes(out, 16); + if (RAND_bytes(inp, 16) <= 0) + app_bail_out("error setting random bytes\n"); len += 16; aad[11] = (unsigned char)(len >> 8); aad[12] = (unsigned char)(len); diff --git a/deps/openssl/openssl/appveyor.yml b/deps/openssl/openssl/appveyor.yml deleted file mode 100644 index 9bb6f04e0a44cb..00000000000000 --- a/deps/openssl/openssl/appveyor.yml +++ /dev/null @@ -1,82 +0,0 @@ -image: - - Visual Studio 2017 - -platform: - - x64 - - x86 - -environment: - fast_finish: true - matrix: - - VSVER: 15 - -configuration: - - shared - - minimal - -for: - - - branches: - only: - - master - configuration: - - shared - - plain - - minimal - -before_build: - - ps: >- - Install-Module VSSetup -Scope CurrentUser - - ps: >- - Get-VSSetupInstance -All - - ps: >- - If ($env:Platform -Match "x86") { - $env:VCVARS_PLATFORM="x86" - $env:TARGET="VC-WIN32 no-asm --strict-warnings" - } Else { - $env:VCVARS_PLATFORM="amd64" - $env:TARGET="VC-WIN64A-masm" - } - - ps: >- - If ($env:Configuration -Match "shared") { - $env:CONFIG_OPTS="enable-fips" - } ElseIf ($env:Configuration -Match "minimal") { - $env:CONFIG_OPTS="no-bulk no-asm -DOPENSSL_SMALL_FOOTPRINT" - } Else { - $env:CONFIG_OPTS="no-fips no-shared" - } - - call "C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Auxiliary\Build\vcvarsall.bat" %VCVARS_PLATFORM% - - mkdir _build - - cd _build - - perl ..\Configure %TARGET% no-makedepend %CONFIG_OPTS% - - perl configdata.pm --dump - - cd .. - - ps: >- - If ($env:BUILDONLY -or $env:MAKEVERBOSE) { - $env:NMAKE="nmake" - } Else { - $env:NMAKE="nmake /S" - } - - ps: >- - gci env:* | sort-object name - -build_script: - - cd _build - - "%NMAKE% build_all_generated" - - "%NMAKE% PERL=no-perl" - - cd .. - -test_script: - - cd _build - - ps: >- - if ($env:Configuration -Match "plain") { - cmd /c "%NMAKE% test VERBOSE_FAILURE=yes 2>&1" - } Else { - cmd /c "%NMAKE% test VERBOSE_FAILURE=yes TESTS=-test_fuzz 2>&1" - } - - ps: >- - if ($env:Configuration -Match "shared") { - mkdir ..\_install - cmd /c "%NMAKE% install DESTDIR=..\_install 2>&1" - } - - cd .. diff --git a/deps/openssl/openssl/crypto/LPdir_unix.c b/deps/openssl/openssl/crypto/LPdir_unix.c index bc0e924e46a741..b6dda7bce2eca4 100644 --- a/deps/openssl/openssl/crypto/LPdir_unix.c +++ b/deps/openssl/openssl/crypto/LPdir_unix.c @@ -1,5 +1,5 @@ /* - * Copyright 2004-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -137,7 +137,7 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory) if ((*ctx)->expect_file_generations) { char *p = (*ctx)->entry_name + strlen((*ctx)->entry_name); - while(p > (*ctx)->entry_name && isdigit(p[-1])) + while (p > (*ctx)->entry_name && isdigit((unsigned char)p[-1])) p--; if (p > (*ctx)->entry_name && p[-1] == ';') p[-1] = '\0'; diff --git a/deps/openssl/openssl/crypto/aes/asm/aesv8-armx.pl b/deps/openssl/openssl/crypto/aes/asm/aesv8-armx.pl index 544dc7e8effe66..d0e0be6187bd2e 100755 --- a/deps/openssl/openssl/crypto/aes/asm/aesv8-armx.pl +++ b/deps/openssl/openssl/crypto/aes/asm/aesv8-armx.pl @@ -3661,6 +3661,9 @@ () s/\.[ui]?64//o and s/\.16b/\.2d/go; s/\.[42]([sd])\[([0-3])\]/\.$1\[$2\]/o; + # Switch preprocessor checks to aarch64 versions. + s/__ARME([BL])__/__AARCH64E$1__/go; + print $_,"\n"; } } else { ######## 32-bit code diff --git a/deps/openssl/openssl/crypto/arm_arch.h b/deps/openssl/openssl/crypto/arm_arch.h index 45d7e155647540..ec4a087fede2fc 100644 --- a/deps/openssl/openssl/crypto/arm_arch.h +++ b/deps/openssl/openssl/crypto/arm_arch.h @@ -1,5 +1,5 @@ /* - * Copyright 2011-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -21,11 +21,6 @@ # elif defined(__GNUC__) # if defined(__aarch64__) # define __ARM_ARCH__ 8 -# if __BYTE_ORDER__==__ORDER_BIG_ENDIAN__ -# define __ARMEB__ -# else -# define __ARMEL__ -# endif /* * Why doesn't gcc define __ARM_ARCH__? Instead it defines * bunch of below macros. See all_architectures[] table in diff --git a/deps/openssl/openssl/crypto/asn1/a_strnid.c b/deps/openssl/openssl/crypto/asn1/a_strnid.c index 9e54db929282c5..d052935661d362 100644 --- a/deps/openssl/openssl/crypto/asn1/a_strnid.c +++ b/deps/openssl/openssl/crypto/asn1/a_strnid.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -129,8 +129,10 @@ ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid) int idx; ASN1_STRING_TABLE fnd; +#ifndef OPENSSL_NO_AUTOLOAD_CONFIG /* "stable" can be impacted by config, so load the config file first */ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL); +#endif fnd.nid = nid; if (stable) { diff --git a/deps/openssl/openssl/crypto/asn1/asn1_gen.c b/deps/openssl/openssl/crypto/asn1/asn1_gen.c index 64620a4f28a7f6..402ab34e6a46f7 100644 --- a/deps/openssl/openssl/crypto/asn1/asn1_gen.c +++ b/deps/openssl/openssl/crypto/asn1/asn1_gen.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -698,9 +698,12 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) atmp->value.asn1_string->data = rdata; atmp->value.asn1_string->length = rdlen; atmp->value.asn1_string->type = utype; - } else if (format == ASN1_GEN_FORMAT_ASCII) - ASN1_STRING_set(atmp->value.asn1_string, str, -1); - else if ((format == ASN1_GEN_FORMAT_BITLIST) + } else if (format == ASN1_GEN_FORMAT_ASCII) { + if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1)) { + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); + goto bad_str; + } + } else if ((format == ASN1_GEN_FORMAT_BITLIST) && (utype == V_ASN1_BIT_STRING)) { if (!CONF_parse_list (str, ',', 1, bitstr_cb, atmp->value.bit_string)) { diff --git a/deps/openssl/openssl/crypto/asn1/asn_mime.c b/deps/openssl/openssl/crypto/asn1/asn_mime.c index b44b0f36858bd6..9fc52d0476264a 100644 --- a/deps/openssl/openssl/crypto/asn1/asn_mime.c +++ b/deps/openssl/openssl/crypto/asn1/asn_mime.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -516,6 +516,12 @@ int SMIME_crlf_copy(BIO *in, BIO *out, int flags) int len; char linebuf[MAX_SMLEN]; int ret; + + if (in == NULL || out == NULL) { + ERR_raise(ERR_LIB_ASN1, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + /* * Buffer output so we don't write one line at a time. This is useful * when streaming as we don't end up with one OCTET STRING per line. diff --git a/deps/openssl/openssl/crypto/bn/bn_gcd.c b/deps/openssl/openssl/crypto/bn/bn_gcd.c index 59d024f674ebd5..cd0b0151ec7ed6 100644 --- a/deps/openssl/openssl/crypto/bn/bn_gcd.c +++ b/deps/openssl/openssl/crypto/bn/bn_gcd.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -611,9 +611,9 @@ int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx) for (i = 0; i < m; i++) { /* conditionally flip signs if delta is positive and g is odd */ - cond = (-delta >> (8 * sizeof(delta) - 1)) & g->d[0] & 1 + cond = ((unsigned int)-delta >> (8 * sizeof(delta) - 1)) & g->d[0] & 1 /* make sure g->top > 0 (i.e. if top == 0 then g == 0 always) */ - & (~((g->top - 1) >> (sizeof(g->top) * 8 - 1))); + & (~((unsigned int)(g->top - 1) >> (sizeof(g->top) * 8 - 1))); delta = (-cond & -delta) | ((cond - 1) & delta); r->neg ^= cond; /* swap */ @@ -625,7 +625,7 @@ int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx) goto err; BN_consttime_swap(g->d[0] & 1 /* g is odd */ /* make sure g->top > 0 (i.e. if top == 0 then g == 0 always) */ - & (~((g->top - 1) >> (sizeof(g->top) * 8 - 1))), + & (~((unsigned int)(g->top - 1) >> (sizeof(g->top) * 8 - 1))), g, temp, top); if (!BN_rshift1(g, g)) goto err; diff --git a/deps/openssl/openssl/crypto/bn/bn_recp.c b/deps/openssl/openssl/crypto/bn/bn_recp.c index 96a6b19ab0da2a..3a2c812ac66638 100644 --- a/deps/openssl/openssl/crypto/bn/bn_recp.c +++ b/deps/openssl/openssl/crypto/bn/bn_recp.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -44,7 +44,7 @@ void BN_RECP_CTX_free(BN_RECP_CTX *recp) int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx) { - if (!BN_copy(&(recp->N), d)) + if (BN_is_zero(d) || !BN_copy(&(recp->N), d)) return 0; BN_zero(&(recp->Nr)); recp->num_bits = BN_num_bits(d); diff --git a/deps/openssl/openssl/crypto/build.info b/deps/openssl/openssl/crypto/build.info index b90390ae864c40..c04db5591120df 100644 --- a/deps/openssl/openssl/crypto/build.info +++ b/deps/openssl/openssl/crypto/build.info @@ -97,8 +97,6 @@ $UTIL_COMMON=\ context.c sparse_array.c asn1_dsa.c packet.c param_build.c \ param_build_set.c der_writer.c threads_lib.c params_dup.c -SHARED_SOURCE[../libssl]=sparse_array.c - SOURCE[../libcrypto]=$UTIL_COMMON \ mem.c mem_sec.c \ cversion.c info.c cpt_err.c ebcdic.c uid.c o_time.c o_dir.c \ diff --git a/deps/openssl/openssl/crypto/chacha/asm/chacha-ia64.pl b/deps/openssl/openssl/crypto/chacha/asm/chacha-ia64.pl index b13d972855754d..78201649d55029 100644 --- a/deps/openssl/openssl/crypto/chacha/asm/chacha-ia64.pl +++ b/deps/openssl/openssl/crypto/chacha/asm/chacha-ia64.pl @@ -46,6 +46,8 @@ ADDP @k[11]=4,$key .save ar.lc,r3 mov r3=ar.lc } +{ .mmi; ADDP $out=0,$out + ADDP $inp=0,$inp } { .mmi; ADDP $key=0,$key ADDP $counter=0,$counter .save pr,r14 diff --git a/deps/openssl/openssl/crypto/cmp/cmp_asn.c b/deps/openssl/openssl/crypto/cmp/cmp_asn.c index 0ca107554c96dd..a8de73ad979b67 100644 --- a/deps/openssl/openssl/crypto/cmp/cmp_asn.c +++ b/deps/openssl/openssl/crypto/cmp/cmp_asn.c @@ -1,5 +1,5 @@ /* - * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright Nokia 2007-2019 * Copyright Siemens AG 2015-2019 * @@ -188,22 +188,22 @@ int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p, return 0; } -/* get ASN.1 encoded integer, return -1 on error */ +/* get ASN.1 encoded integer, return -2 on error; -1 is valid for certReqId */ int ossl_cmp_asn1_get_int(const ASN1_INTEGER *a) { int64_t res; if (!ASN1_INTEGER_get_int64(&res, a)) { ERR_raise(ERR_LIB_CMP, ASN1_R_INVALID_NUMBER); - return -1; + return -2; } if (res < INT_MIN) { ERR_raise(ERR_LIB_CMP, ASN1_R_TOO_SMALL); - return -1; + return -2; } if (res > INT_MAX) { ERR_raise(ERR_LIB_CMP, ASN1_R_TOO_LARGE); - return -1; + return -2; } return (int)res; } diff --git a/deps/openssl/openssl/crypto/cmp/cmp_client.c b/deps/openssl/openssl/crypto/cmp/cmp_client.c index dc41f4c3b7d9e2..df334cc0019822 100644 --- a/deps/openssl/openssl/crypto/cmp/cmp_client.c +++ b/deps/openssl/openssl/crypto/cmp/cmp_client.c @@ -584,7 +584,7 @@ static int cert_response(OSSL_CMP_CTX *ctx, int sleep, int rid, return 0; if (rid == OSSL_CMP_CERTREQID_NONE) { /* used for OSSL_CMP_PKIBODY_P10CR */ rid = ossl_cmp_asn1_get_int(crep->certReqId); - if (rid != OSSL_CMP_CERTREQID_NONE) { + if (rid < OSSL_CMP_CERTREQID_NONE) { ERR_raise(ERR_LIB_CMP, CMP_R_BAD_REQUEST_ID); return 0; } diff --git a/deps/openssl/openssl/crypto/cmp/cmp_status.c b/deps/openssl/openssl/crypto/cmp/cmp_status.c index bfe6cd9906b82a..68144aa4fed878 100644 --- a/deps/openssl/openssl/crypto/cmp/cmp_status.c +++ b/deps/openssl/openssl/crypto/cmp/cmp_status.c @@ -1,5 +1,5 @@ /* - * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright Nokia 2007-2019 * Copyright Siemens AG 2015-2019 * @@ -30,9 +30,12 @@ int ossl_cmp_pkisi_get_status(const OSSL_CMP_PKISI *si) { + int res ; + if (!ossl_assert(si != NULL && si->status != NULL)) return -1; - return ossl_cmp_asn1_get_int(si->status); + res = ossl_cmp_asn1_get_int(si->status); + return res == -2 ? -1 : res; } const char *ossl_cmp_PKIStatus_to_string(int status) diff --git a/deps/openssl/openssl/crypto/cms/cms_enc.c b/deps/openssl/openssl/crypto/cms/cms_enc.c index f7007c12319e66..ae88df33a7f0bf 100644 --- a/deps/openssl/openssl/crypto/cms/cms_enc.c +++ b/deps/openssl/openssl/crypto/cms/cms_enc.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -15,6 +15,7 @@ #include #include #include "crypto/evp.h" +#include "crypto/asn1.h" #include "cms_local.h" /* CMS EncryptedData Utilities */ @@ -81,7 +82,7 @@ BIO *ossl_cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec, if (enc) { calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_get_type(ctx)); - if (calg->algorithm == NULL) { + if (calg->algorithm == NULL || calg->algorithm->nid == NID_undef) { ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM); goto err; } diff --git a/deps/openssl/openssl/crypto/cms/cms_env.c b/deps/openssl/openssl/crypto/cms/cms_env.c index 3105d37726a599..99cf1dcb396ca5 100644 --- a/deps/openssl/openssl/crypto/cms/cms_env.c +++ b/deps/openssl/openssl/crypto/cms/cms_env.c @@ -26,7 +26,7 @@ static void cms_env_set_version(CMS_EnvelopedData *env); #define CMS_ENVELOPED_STANDARD 1 #define CMS_ENVELOPED_AUTH 2 -static int cms_get_enveloped_type(const CMS_ContentInfo *cms) +static int cms_get_enveloped_type_simple(const CMS_ContentInfo *cms) { int nid = OBJ_obj2nid(cms->contentType); @@ -38,11 +38,28 @@ static int cms_get_enveloped_type(const CMS_ContentInfo *cms) return CMS_ENVELOPED_AUTH; default: - ERR_raise(ERR_LIB_CMS, CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA); return 0; } } +static int cms_get_enveloped_type(const CMS_ContentInfo *cms) +{ + int ret = cms_get_enveloped_type_simple(cms); + + if (ret == 0) + ERR_raise(ERR_LIB_CMS, CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA); + return ret; +} + +void ossl_cms_env_enc_content_free(const CMS_ContentInfo *cinf) +{ + if (cms_get_enveloped_type_simple(cinf) != 0) { + CMS_EncryptedContentInfo *ec = ossl_cms_get0_env_enc_content(cinf); + if (ec != NULL) + OPENSSL_clear_free(ec->key, ec->keylen); + } +} + CMS_EnvelopedData *ossl_cms_get0_enveloped(CMS_ContentInfo *cms) { if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped) { @@ -142,10 +159,12 @@ CMS_EncryptedContentInfo *ossl_cms_get0_env_enc_content(const CMS_ContentInfo *c { switch (cms_get_enveloped_type(cms)) { case CMS_ENVELOPED_STANDARD: - return cms->d.envelopedData->encryptedContentInfo; + return cms->d.envelopedData == NULL ? NULL + : cms->d.envelopedData->encryptedContentInfo; case CMS_ENVELOPED_AUTH: - return cms->d.authEnvelopedData->authEncryptedContentInfo; + return cms->d.authEnvelopedData == NULL ? NULL + : cms->d.authEnvelopedData->authEncryptedContentInfo; default: return NULL; diff --git a/deps/openssl/openssl/crypto/cms/cms_err.c b/deps/openssl/openssl/crypto/cms/cms_err.c index dcbea201c8e5f4..4bd6a0dc1bf101 100644 --- a/deps/openssl/openssl/crypto/cms/cms_err.c +++ b/deps/openssl/openssl/crypto/cms/cms_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -154,6 +154,8 @@ static const ERR_STRING_DATA CMS_str_reasons[] = { "unsupported recipientinfo type"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_RECIPIENT_TYPE), "unsupported recipient type"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_SIGNATURE_ALGORITHM), + "unsupported signature algorithm"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_TYPE), "unsupported type"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNWRAP_ERROR), "unwrap error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNWRAP_FAILURE), "unwrap failure"}, diff --git a/deps/openssl/openssl/crypto/cms/cms_lib.c b/deps/openssl/openssl/crypto/cms/cms_lib.c index 0738da3da280e9..8b135e95aacc81 100644 --- a/deps/openssl/openssl/crypto/cms/cms_lib.c +++ b/deps/openssl/openssl/crypto/cms/cms_lib.c @@ -76,6 +76,7 @@ CMS_ContentInfo *CMS_ContentInfo_new(void) void CMS_ContentInfo_free(CMS_ContentInfo *cms) { if (cms != NULL) { + ossl_cms_env_enc_content_free(cms); OPENSSL_free(cms->ctx.propq); ASN1_item_free((ASN1_VALUE *)cms, ASN1_ITEM_rptr(CMS_ContentInfo)); } diff --git a/deps/openssl/openssl/crypto/cms/cms_local.h b/deps/openssl/openssl/crypto/cms/cms_local.h index 15b4a29ce03dce..253f6819e43542 100644 --- a/deps/openssl/openssl/crypto/cms/cms_local.h +++ b/deps/openssl/openssl/crypto/cms/cms_local.h @@ -1,5 +1,5 @@ /* - * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -444,6 +444,7 @@ BIO *ossl_cms_EnvelopedData_init_bio(CMS_ContentInfo *cms); int ossl_cms_EnvelopedData_final(CMS_ContentInfo *cms, BIO *chain); BIO *ossl_cms_AuthEnvelopedData_init_bio(CMS_ContentInfo *cms); int ossl_cms_AuthEnvelopedData_final(CMS_ContentInfo *cms, BIO *cmsbio); +void ossl_cms_env_enc_content_free(const CMS_ContentInfo *cinf); CMS_EnvelopedData *ossl_cms_get0_enveloped(CMS_ContentInfo *cms); CMS_AuthEnvelopedData *ossl_cms_get0_auth_enveloped(CMS_ContentInfo *cms); CMS_EncryptedContentInfo *ossl_cms_get0_env_enc_content(const CMS_ContentInfo *cms); diff --git a/deps/openssl/openssl/crypto/cms/cms_rsa.c b/deps/openssl/openssl/crypto/cms/cms_rsa.c index 997567fdbfac0d..61fd43fb54d051 100644 --- a/deps/openssl/openssl/crypto/cms/cms_rsa.c +++ b/deps/openssl/openssl/crypto/cms/cms_rsa.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,6 +13,7 @@ #include #include "crypto/asn1.h" #include "crypto/rsa.h" +#include "crypto/evp.h" #include "cms_local.h" static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg) @@ -210,6 +211,16 @@ static int rsa_cms_sign(CMS_SignerInfo *si) if (pad_mode != RSA_PKCS1_PSS_PADDING) return 0; + if (evp_pkey_ctx_is_legacy(pkctx)) { + /* No provider -> we cannot query it for algorithm ID. */ + ASN1_STRING *os = NULL; + + os = ossl_rsa_ctx_to_pss_string(pkctx); + if (os == NULL) + return 0; + return X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_PKEY_RSA_PSS), V_ASN1_SEQUENCE, os); + } + params[0] = OSSL_PARAM_construct_octet_string( OSSL_SIGNATURE_PARAM_ALGORITHM_ID, aid, sizeof(aid)); params[1] = OSSL_PARAM_construct_end(); diff --git a/deps/openssl/openssl/crypto/cms/cms_sd.c b/deps/openssl/openssl/crypto/cms/cms_sd.c index 34c021bba64af7..2093657a2a4a69 100644 --- a/deps/openssl/openssl/crypto/cms/cms_sd.c +++ b/deps/openssl/openssl/crypto/cms/cms_sd.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -233,9 +233,9 @@ static int cms_sd_asn1_ctrl(CMS_SignerInfo *si, int cmd) int i; if (EVP_PKEY_is_a(pkey, "DSA") || EVP_PKEY_is_a(pkey, "EC")) - return ossl_cms_ecdsa_dsa_sign(si, cmd); + return ossl_cms_ecdsa_dsa_sign(si, cmd) > 0; else if (EVP_PKEY_is_a(pkey, "RSA") || EVP_PKEY_is_a(pkey, "RSA-PSS")) - return ossl_cms_rsa_sign(si, cmd); + return ossl_cms_rsa_sign(si, cmd) > 0; /* Something else? We'll give engines etc a chance to handle this */ if (pkey->ameth == NULL || pkey->ameth->pkey_ctrl == NULL) @@ -354,11 +354,16 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, if (md == NULL) { int def_nid; - if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0) + + if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0) { + ERR_raise_data(ERR_LIB_CMS, CMS_R_NO_DEFAULT_DIGEST, + "pkey nid=%d", EVP_PKEY_get_id(pk)); goto err; + } md = EVP_get_digestbynid(def_nid); if (md == NULL) { - ERR_raise(ERR_LIB_CMS, CMS_R_NO_DEFAULT_DIGEST); + ERR_raise_data(ERR_LIB_CMS, CMS_R_NO_DEFAULT_DIGEST, + "default md nid=%d", def_nid); goto err; } } @@ -398,8 +403,11 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, } } - if (!(flags & CMS_KEY_PARAM) && !cms_sd_asn1_ctrl(si, 0)) + if (!(flags & CMS_KEY_PARAM) && !cms_sd_asn1_ctrl(si, 0)) { + ERR_raise_data(ERR_LIB_CMS, CMS_R_UNSUPPORTED_SIGNATURE_ALGORITHM, + "pkey nid=%d", EVP_PKEY_get_id(pk)); goto err; + } if (!(flags & CMS_NOATTR)) { /* * Initialize signed attributes structure so other attributes diff --git a/deps/openssl/openssl/crypto/conf/conf_mod.c b/deps/openssl/openssl/crypto/conf/conf_mod.c index 17bbbf7a27475a..1ea32648e9f9f9 100644 --- a/deps/openssl/openssl/crypto/conf/conf_mod.c +++ b/deps/openssl/openssl/crypto/conf/conf_mod.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -184,15 +184,21 @@ int CONF_modules_load_file_ex(OSSL_LIB_CTX *libctx, const char *filename, CONF *conf = NULL; int ret = 0, diagnostics = 0; + ERR_set_mark(); + if (filename == NULL) { file = CONF_get1_default_config_file(); if (file == NULL) goto err; + if (*file == '\0') { + /* Do not try to load an empty file name but do not error out */ + ret = 1; + goto err; + } } else { file = (char *)filename; } - ERR_set_mark(); conf = NCONF_new_ex(libctx, NULL); if (conf == NULL) goto err; diff --git a/deps/openssl/openssl/crypto/conf/conf_sap.c b/deps/openssl/openssl/crypto/conf/conf_sap.c index 39efcdbf90fa3a..3019bcf31af81a 100644 --- a/deps/openssl/openssl/crypto/conf/conf_sap.c +++ b/deps/openssl/openssl/crypto/conf/conf_sap.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -65,7 +65,10 @@ int ossl_config_int(const OPENSSL_INIT_SETTINGS *settings) #endif #ifndef OPENSSL_SYS_UEFI - ret = CONF_modules_load_file(filename, appname, flags); + ret = CONF_modules_load_file_ex(OSSL_LIB_CTX_get0_global_default(), + filename, appname, flags); +#else + ret = 1; #endif openssl_configured = 1; return ret; diff --git a/deps/openssl/openssl/crypto/core_namemap.c b/deps/openssl/openssl/crypto/core_namemap.c index 7e11ab1c8845d9..ebf7ed5eb165a8 100644 --- a/deps/openssl/openssl/crypto/core_namemap.c +++ b/deps/openssl/openssl/crypto/core_namemap.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -142,6 +142,9 @@ int ossl_namemap_doall_names(const OSSL_NAMEMAP *namemap, int number, cbdata.number = number; cbdata.found = 0; + if (namemap == NULL) + return 0; + /* * We collect all the names first under a read lock. Subsequently we call * the user function, so that we're not holding the read lock when in user diff --git a/deps/openssl/openssl/crypto/dh/dh_check.c b/deps/openssl/openssl/crypto/dh/dh_check.c index 0b391910d6b37c..7ba2beae7fd6b9 100644 --- a/deps/openssl/openssl/crypto/dh/dh_check.c +++ b/deps/openssl/openssl/crypto/dh/dh_check.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -143,7 +143,7 @@ int DH_check(const DH *dh, int *ret) #ifdef FIPS_MODULE return DH_check_params(dh, ret); #else - int ok = 0, r; + int ok = 0, r, q_good = 0; BN_CTX *ctx = NULL; BIGNUM *t1 = NULL, *t2 = NULL; int nid = DH_get_nid((DH *)dh); @@ -152,6 +152,13 @@ int DH_check(const DH *dh, int *ret) if (nid != NID_undef) return 1; + /* Don't do any checks at all with an excessively large modulus */ + if (BN_num_bits(dh->params.p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) { + ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE); + *ret = DH_MODULUS_TOO_LARGE | DH_CHECK_P_NOT_PRIME; + return 0; + } + if (!DH_check_params(dh, ret)) return 0; @@ -165,6 +172,13 @@ int DH_check(const DH *dh, int *ret) goto err; if (dh->params.q != NULL) { + if (BN_ucmp(dh->params.p, dh->params.q) > 0) + q_good = 1; + else + *ret |= DH_CHECK_INVALID_Q_VALUE; + } + + if (q_good) { if (BN_cmp(dh->params.g, BN_value_one()) <= 0) *ret |= DH_NOT_SUITABLE_GENERATOR; else if (BN_cmp(dh->params.g, dh->params.p) >= 0) @@ -245,7 +259,8 @@ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret) */ int ossl_dh_check_pub_key_partial(const DH *dh, const BIGNUM *pub_key, int *ret) { - return ossl_ffc_validate_public_key_partial(&dh->params, pub_key, ret); + return ossl_ffc_validate_public_key_partial(&dh->params, pub_key, ret) + && *ret == 0; } int ossl_dh_check_priv_key(const DH *dh, const BIGNUM *priv_key, int *ret) diff --git a/deps/openssl/openssl/crypto/dh/dh_key.c b/deps/openssl/openssl/crypto/dh/dh_key.c index 4e9705beef733b..d84ea99241b9e8 100644 --- a/deps/openssl/openssl/crypto/dh/dh_key.c +++ b/deps/openssl/openssl/crypto/dh/dh_key.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -190,7 +190,6 @@ static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, static int dh_init(DH *dh) { dh->flags |= DH_FLAG_CACHE_MONT_P; - ossl_ffc_params_init(&dh->params); dh->dirty_cnt++; return 1; } diff --git a/deps/openssl/openssl/crypto/dh/dh_lib.c b/deps/openssl/openssl/crypto/dh/dh_lib.c index 29cda5d7bfa845..5577413e1e0c07 100644 --- a/deps/openssl/openssl/crypto/dh/dh_lib.c +++ b/deps/openssl/openssl/crypto/dh/dh_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -116,6 +116,8 @@ static DH *dh_new_intern(ENGINE *engine, OSSL_LIB_CTX *libctx) goto err; #endif /* FIPS_MODULE */ + ossl_ffc_params_init(&ret->params); + if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { ERR_raise(ERR_LIB_DH, ERR_R_INIT_FAIL); goto err; diff --git a/deps/openssl/openssl/crypto/dsa/dsa_check.c b/deps/openssl/openssl/crypto/dsa/dsa_check.c index 7ee914a477ecea..fb0e9129a2956b 100644 --- a/deps/openssl/openssl/crypto/dsa/dsa_check.c +++ b/deps/openssl/openssl/crypto/dsa/dsa_check.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -39,7 +39,8 @@ int ossl_dsa_check_params(const DSA *dsa, int checktype, int *ret) */ int ossl_dsa_check_pub_key(const DSA *dsa, const BIGNUM *pub_key, int *ret) { - return ossl_ffc_validate_public_key(&dsa->params, pub_key, ret); + return ossl_ffc_validate_public_key(&dsa->params, pub_key, ret) + && *ret == 0; } /* @@ -49,7 +50,8 @@ int ossl_dsa_check_pub_key(const DSA *dsa, const BIGNUM *pub_key, int *ret) */ int ossl_dsa_check_pub_key_partial(const DSA *dsa, const BIGNUM *pub_key, int *ret) { - return ossl_ffc_validate_public_key_partial(&dsa->params, pub_key, ret); + return ossl_ffc_validate_public_key_partial(&dsa->params, pub_key, ret) + && *ret == 0; } int ossl_dsa_check_priv_key(const DSA *dsa, const BIGNUM *priv_key, int *ret) diff --git a/deps/openssl/openssl/crypto/dsa/dsa_lib.c b/deps/openssl/openssl/crypto/dsa/dsa_lib.c index ccc70165921764..2ae3f8e36b265f 100644 --- a/deps/openssl/openssl/crypto/dsa/dsa_lib.c +++ b/deps/openssl/openssl/crypto/dsa/dsa_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -176,6 +176,8 @@ static DSA *dsa_new_intern(ENGINE *engine, OSSL_LIB_CTX *libctx) goto err; #endif + ossl_ffc_params_init(&ret->params); + if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { ERR_raise(ERR_LIB_DSA, ERR_R_INIT_FAIL); goto err; diff --git a/deps/openssl/openssl/crypto/dsa/dsa_ossl.c b/deps/openssl/openssl/crypto/dsa/dsa_ossl.c index 62f7c70149f4fb..8fd66a950e3739 100644 --- a/deps/openssl/openssl/crypto/dsa/dsa_ossl.c +++ b/deps/openssl/openssl/crypto/dsa/dsa_ossl.c @@ -441,7 +441,6 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, static int dsa_init(DSA *dsa) { dsa->flags |= DSA_FLAG_CACHE_MONT_P; - ossl_ffc_params_init(&dsa->params); dsa->dirty_cnt++; return 1; } diff --git a/deps/openssl/openssl/crypto/encode_decode/decoder_lib.c b/deps/openssl/openssl/crypto/encode_decode/decoder_lib.c index e24d2c6cd588be..2e4b7ed60b9c1c 100644 --- a/deps/openssl/openssl/crypto/encode_decode/decoder_lib.c +++ b/deps/openssl/openssl/crypto/encode_decode/decoder_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -743,10 +743,11 @@ static int decoder_process(const OSSL_PARAM params[], void *arg) (void *)new_data.ctx, LEVEL, rv); } OSSL_TRACE_END(DECODER); - data->flag_construct_called = 1; ok = (rv > 0); - if (ok) + if (ok) { + data->flag_construct_called = 1; goto end; + } } /* The constructor didn't return success */ diff --git a/deps/openssl/openssl/crypto/encode_decode/decoder_pkey.c b/deps/openssl/openssl/crypto/encode_decode/decoder_pkey.c index ed10bb1cee035a..ad5e2805319b57 100644 --- a/deps/openssl/openssl/crypto/encode_decode/decoder_pkey.c +++ b/deps/openssl/openssl/crypto/encode_decode/decoder_pkey.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -150,7 +150,11 @@ static int decoder_construct_pkey(OSSL_DECODER_INSTANCE *decoder_inst, import_data.keymgmt = keymgmt; import_data.keydata = NULL; - import_data.selection = data->selection; + if (data->selection == 0) + /* import/export functions do not tolerate 0 selection */ + import_data.selection = OSSL_KEYMGMT_SELECT_ALL; + else + import_data.selection = data->selection; /* * No need to check for errors here, the value of diff --git a/deps/openssl/openssl/crypto/engine/eng_lib.c b/deps/openssl/openssl/crypto/engine/eng_lib.c index dfd53a43319559..cfdb5a50f481da 100644 --- a/deps/openssl/openssl/crypto/engine/eng_lib.c +++ b/deps/openssl/openssl/crypto/engine/eng_lib.c @@ -133,28 +133,34 @@ static ENGINE_CLEANUP_ITEM *int_cleanup_item(ENGINE_CLEANUP_CB *cb) return item; } -void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb) +int engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb) { ENGINE_CLEANUP_ITEM *item; if (!int_cleanup_check(1)) - return; + return 0; item = int_cleanup_item(cb); - if (item != NULL) - if (sk_ENGINE_CLEANUP_ITEM_insert(cleanup_stack, item, 0) <= 0) - OPENSSL_free(item); + if (item != NULL) { + if (sk_ENGINE_CLEANUP_ITEM_insert(cleanup_stack, item, 0)) + return 1; + OPENSSL_free(item); + } + return 0; } -void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb) +int engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb) { ENGINE_CLEANUP_ITEM *item; + if (!int_cleanup_check(1)) - return; + return 0; item = int_cleanup_item(cb); if (item != NULL) { - if (sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item) <= 0) - OPENSSL_free(item); + if (sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item) > 0) + return 1; + OPENSSL_free(item); } + return 0; } /* The API function that performs all cleanup */ diff --git a/deps/openssl/openssl/crypto/engine/eng_list.c b/deps/openssl/openssl/crypto/engine/eng_list.c index 04c73c76286486..f2eed3b071746b 100644 --- a/deps/openssl/openssl/crypto/engine/eng_list.c +++ b/deps/openssl/openssl/crypto/engine/eng_list.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -78,12 +78,15 @@ static int engine_list_add(ENGINE *e) ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INTERNAL_LIST_ERROR); return 0; } - engine_list_head = e; - e->prev = NULL; /* * The first time the list allocates, we should register the cleanup. */ - engine_cleanup_add_last(engine_list_cleanup); + if (!engine_cleanup_add_last(engine_list_cleanup)) { + ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INTERNAL_LIST_ERROR); + return 0; + } + engine_list_head = e; + e->prev = NULL; } else { /* We are adding to the tail of an existing list. */ if ((engine_list_tail == NULL) || (engine_list_tail->next != NULL)) { diff --git a/deps/openssl/openssl/crypto/engine/eng_local.h b/deps/openssl/openssl/crypto/engine/eng_local.h index 03a86299cf88b8..75bc9e6f1675b9 100644 --- a/deps/openssl/openssl/crypto/engine/eng_local.h +++ b/deps/openssl/openssl/crypto/engine/eng_local.h @@ -1,5 +1,5 @@ /* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -46,8 +46,8 @@ typedef struct st_engine_cleanup_item { ENGINE_CLEANUP_CB *cb; } ENGINE_CLEANUP_ITEM; DEFINE_STACK_OF(ENGINE_CLEANUP_ITEM) -void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb); -void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb); +int engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb); +int engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb); /* We need stacks of ENGINEs for use in eng_table.c */ DEFINE_STACK_OF(ENGINE) diff --git a/deps/openssl/openssl/crypto/engine/eng_pkey.c b/deps/openssl/openssl/crypto/engine/eng_pkey.c index 6e6d6df35b2b9a..f84fcde4601629 100644 --- a/deps/openssl/openssl/crypto/engine/eng_pkey.c +++ b/deps/openssl/openssl/crypto/engine/eng_pkey.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -79,6 +79,48 @@ EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, ERR_raise(ERR_LIB_ENGINE, ENGINE_R_FAILED_LOADING_PRIVATE_KEY); return NULL; } + /* We enforce check for legacy key */ + switch (EVP_PKEY_get_id(pkey)) { + case EVP_PKEY_RSA: + { + RSA *rsa = EVP_PKEY_get1_RSA(pkey); + EVP_PKEY_set1_RSA(pkey, rsa); + RSA_free(rsa); + } + break; +# ifndef OPENSSL_NO_EC + case EVP_PKEY_SM2: + case EVP_PKEY_EC: + { + EC_KEY *ec = EVP_PKEY_get1_EC_KEY(pkey); + EVP_PKEY_set1_EC_KEY(pkey, ec); + EC_KEY_free(ec); + } + break; +# endif +# ifndef OPENSSL_NO_DSA + case EVP_PKEY_DSA: + { + DSA *dsa = EVP_PKEY_get1_DSA(pkey); + EVP_PKEY_set1_DSA(pkey, dsa); + DSA_free(dsa); + } + break; +#endif +# ifndef OPENSSL_NO_DH + case EVP_PKEY_DH: + { + DH *dh = EVP_PKEY_get1_DH(pkey); + EVP_PKEY_set1_DH(pkey, dh); + DH_free(dh); + } + break; +#endif + default: + /*Do nothing */ + break; + } + return pkey; } diff --git a/deps/openssl/openssl/crypto/engine/eng_table.c b/deps/openssl/openssl/crypto/engine/eng_table.c index a8209d9e71760b..9dc3144bbfd7b6 100644 --- a/deps/openssl/openssl/crypto/engine/eng_table.c +++ b/deps/openssl/openssl/crypto/engine/eng_table.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -93,9 +93,12 @@ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup, added = 1; if (!int_table_check(table, 1)) goto end; - if (added) - /* The cleanup callback needs to be added */ - engine_cleanup_add_first(cleanup); + /* The cleanup callback needs to be added */ + if (added && !engine_cleanup_add_first(cleanup)) { + lh_ENGINE_PILE_free(&(*table)->piles); + *table = NULL; + goto end; + } while (num_nids--) { tmplate.nid = *nids; fnd = lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate); @@ -201,8 +204,10 @@ ENGINE *ossl_engine_table_select(ENGINE_TABLE **table, int nid, ENGINE_PILE tmplate, *fnd = NULL; int initres, loop = 0; +#ifndef OPENSSL_NO_AUTOLOAD_CONFIG /* Load the config before trying to check if engines are available */ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL); +#endif if (!(*table)) { OSSL_TRACE3(ENGINE_TABLE, diff --git a/deps/openssl/openssl/crypto/err/openssl.txt b/deps/openssl/openssl/crypto/err/openssl.txt index 48eb77f56ebb0d..d62ee33ecc77fe 100644 --- a/deps/openssl/openssl/crypto/err/openssl.txt +++ b/deps/openssl/openssl/crypto/err/openssl.txt @@ -375,6 +375,7 @@ CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM:179:\ CMS_R_UNSUPPORTED_LABEL_SOURCE:193:unsupported label source CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE:155:unsupported recipientinfo type CMS_R_UNSUPPORTED_RECIPIENT_TYPE:154:unsupported recipient type +CMS_R_UNSUPPORTED_SIGNATURE_ALGORITHM:195:unsupported signature algorithm CMS_R_UNSUPPORTED_TYPE:156:unsupported type CMS_R_UNWRAP_ERROR:157:unwrap error CMS_R_UNWRAP_FAILURE:180:unwrap failure @@ -1678,6 +1679,7 @@ X509_R_CERTIFICATE_VERIFICATION_FAILED:139:certificate verification failed X509_R_CERT_ALREADY_IN_HASH_TABLE:101:cert already in hash table X509_R_CRL_ALREADY_DELTA:127:crl already delta X509_R_CRL_VERIFY_FAILURE:131:crl verify failure +X509_R_DUPLICATE_ATTRIBUTE:140:duplicate attribute X509_R_ERROR_GETTING_MD_BY_NID:141:error getting md by nid X509_R_ERROR_USING_SIGINF_SET:142:error using siginf set X509_R_IDP_MISMATCH:128:idp mismatch diff --git a/deps/openssl/openssl/crypto/evp/ctrl_params_translate.c b/deps/openssl/openssl/crypto/evp/ctrl_params_translate.c index ccafdfddd58f63..dcd53b43f92b9c 100644 --- a/deps/openssl/openssl/crypto/evp/ctrl_params_translate.c +++ b/deps/openssl/openssl/crypto/evp/ctrl_params_translate.c @@ -636,8 +636,8 @@ static int default_fixup_args(enum state state, ctx->p2, ctx->sz); case OSSL_PARAM_OCTET_STRING: return OSSL_PARAM_get_octet_string(ctx->params, - ctx->p2, ctx->sz, - &ctx->sz); + &ctx->p2, ctx->sz, + (size_t *)&ctx->p1); case OSSL_PARAM_OCTET_PTR: return OSSL_PARAM_get_octet_ptr(ctx->params, ctx->p2, &ctx->sz); @@ -685,7 +685,7 @@ static int default_fixup_args(enum state state, return OSSL_PARAM_set_octet_string(ctx->params, ctx->p2, size); case OSSL_PARAM_OCTET_PTR: - return OSSL_PARAM_set_octet_ptr(ctx->params, ctx->p2, + return OSSL_PARAM_set_octet_ptr(ctx->params, *(void **)ctx->p2, size); default: ERR_raise_data(ERR_LIB_EVP, ERR_R_UNSUPPORTED, @@ -695,6 +695,9 @@ static int default_fixup_args(enum state state, translation->param_data_type); return 0; } + } else if (state == PRE_PARAMS_TO_CTRL && ctx->action_type == GET) { + if (translation->param_data_type == OSSL_PARAM_OCTET_PTR) + ctx->p2 = &ctx->bufp; } } /* Any other combination is simply pass-through */ @@ -1783,7 +1786,8 @@ static int get_rsa_payload_n(enum state state, { const BIGNUM *bn = NULL; - if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA) + if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA + && EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA_PSS) return 0; bn = RSA_get0_n(EVP_PKEY_get0_RSA(ctx->p2)); @@ -1796,7 +1800,8 @@ static int get_rsa_payload_e(enum state state, { const BIGNUM *bn = NULL; - if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA) + if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA + && EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA_PSS) return 0; bn = RSA_get0_e(EVP_PKEY_get0_RSA(ctx->p2)); @@ -1809,7 +1814,8 @@ static int get_rsa_payload_d(enum state state, { const BIGNUM *bn = NULL; - if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA) + if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA + && EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA_PSS) return 0; bn = RSA_get0_d(EVP_PKEY_get0_RSA(ctx->p2)); @@ -1909,7 +1915,8 @@ static int get_rsa_payload_coefficient(enum state state, const struct translation_st *translation, \ struct translation_ctx_st *ctx) \ { \ - if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA) \ + if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA \ + && EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA_PSS) \ return 0; \ return get_rsa_payload_factor(state, translation, ctx, n - 1); \ } @@ -1920,7 +1927,8 @@ static int get_rsa_payload_coefficient(enum state state, const struct translation_st *translation, \ struct translation_ctx_st *ctx) \ { \ - if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA) \ + if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA \ + && EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA_PSS) \ return 0; \ return get_rsa_payload_exponent(state, translation, ctx, \ n - 1); \ @@ -1932,7 +1940,8 @@ static int get_rsa_payload_coefficient(enum state state, const struct translation_st *translation, \ struct translation_ctx_st *ctx) \ { \ - if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA) \ + if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA \ + && EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA_PSS) \ return 0; \ return get_rsa_payload_coefficient(state, translation, ctx, \ n - 1); \ @@ -2254,7 +2263,7 @@ static const struct translation_st evp_pkey_ctx_translations[] = { OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, OSSL_PARAM_OCTET_STRING, NULL }, { GET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_TYPE_CRYPT, EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL, NULL, NULL, - OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, OSSL_PARAM_OCTET_STRING, NULL }, + OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, OSSL_PARAM_OCTET_PTR, NULL }, { SET, EVP_PKEY_RSA_PSS, 0, EVP_PKEY_OP_TYPE_GEN, EVP_PKEY_CTRL_MD, "rsa_pss_keygen_md", NULL, @@ -2268,10 +2277,10 @@ static const struct translation_st evp_pkey_ctx_translations[] = { { SET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, EVP_PKEY_CTRL_RSA_KEYGEN_BITS, "rsa_keygen_bits", NULL, OSSL_PKEY_PARAM_RSA_BITS, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, - { SET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_KEYGEN, + { SET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, "rsa_keygen_pubexp", NULL, OSSL_PKEY_PARAM_RSA_E, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, - { SET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_KEYGEN, + { SET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES, "rsa_keygen_primes", NULL, OSSL_PKEY_PARAM_RSA_PRIMES, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, diff --git a/deps/openssl/openssl/crypto/evp/evp_enc.c b/deps/openssl/openssl/crypto/evp/evp_enc.c index b178d1086473f1..4e6f83e3d0a94a 100644 --- a/deps/openssl/openssl/crypto/evp/evp_enc.c +++ b/deps/openssl/openssl/crypto/evp/evp_enc.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -192,7 +192,12 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx, #endif } - if (cipher->prov != NULL) { + if (!ossl_assert(cipher->prov != NULL)) { + ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); + return 0; + } + + if (cipher != ctx->fetched_cipher) { if (!EVP_CIPHER_up_ref((EVP_CIPHER *)cipher)) { ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); return 0; @@ -218,6 +223,42 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx, return 0; } +#ifndef FIPS_MODULE + /* + * Fix for CVE-2023-5363 + * Passing in a size as part of the init call takes effect late + * so, force such to occur before the initialisation. + * + * The FIPS provider's internal library context is used in a manner + * such that this is not an issue. + */ + if (params != NULL) { + OSSL_PARAM param_lens[3] = { OSSL_PARAM_END, OSSL_PARAM_END, + OSSL_PARAM_END }; + OSSL_PARAM *q = param_lens; + const OSSL_PARAM *p; + + p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN); + if (p != NULL) + memcpy(q++, p, sizeof(*q)); + + /* + * Note that OSSL_CIPHER_PARAM_AEAD_IVLEN is a synomym for + * OSSL_CIPHER_PARAM_IVLEN so both are covered here. + */ + p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_IVLEN); + if (p != NULL) + memcpy(q++, p, sizeof(*q)); + + if (q != param_lens) { + if (!EVP_CIPHER_CTX_set_params(ctx, param_lens)) { + ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_LENGTH); + return 0; + } + } + } +#endif + if (enc) { if (ctx->cipher->einit == NULL) { ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); diff --git a/deps/openssl/openssl/crypto/evp/legacy_sha.c b/deps/openssl/openssl/crypto/evp/legacy_sha.c index 3859286eeb2046..ca9a3264978abe 100644 --- a/deps/openssl/openssl/crypto/evp/legacy_sha.c +++ b/deps/openssl/openssl/crypto/evp/legacy_sha.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -71,7 +71,11 @@ static int sha1_int_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2) static int shake_ctrl(EVP_MD_CTX *evp_ctx, int cmd, int p1, void *p2) { - KECCAK1600_CTX *ctx = evp_ctx->md_data; + KECCAK1600_CTX *ctx; + + if (evp_ctx == NULL) + return 0; + ctx = evp_ctx->md_data; switch (cmd) { case EVP_MD_CTRL_XOF_LEN: diff --git a/deps/openssl/openssl/crypto/evp/p5_crpt2.c b/deps/openssl/openssl/crypto/evp/p5_crpt2.c index b7455be1cf0ac0..35617390233429 100644 --- a/deps/openssl/openssl/crypto/evp/p5_crpt2.c +++ b/deps/openssl/openssl/crypto/evp/p5_crpt2.c @@ -231,13 +231,16 @@ int PKCS5_v2_PBKDF2_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass, goto err; } + (void)ERR_set_mark(); prfmd = prfmd_fetch = EVP_MD_fetch(libctx, OBJ_nid2sn(hmac_md_nid), propq); if (prfmd == NULL) prfmd = EVP_get_digestbynid(hmac_md_nid); if (prfmd == NULL) { + (void)ERR_clear_last_mark(); ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_PRF); goto err; } + (void)ERR_pop_to_mark(); if (kdf->salt->type != V_ASN1_OCTET_STRING) { ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_SALT_TYPE); diff --git a/deps/openssl/openssl/crypto/evp/p_lib.c b/deps/openssl/openssl/crypto/evp/p_lib.c index f6acb5b47effcb..04b148a912187e 100644 --- a/deps/openssl/openssl/crypto/evp/p_lib.c +++ b/deps/openssl/openssl/crypto/evp/p_lib.c @@ -717,11 +717,13 @@ static void detect_foreign_key(EVP_PKEY *pkey) { switch (pkey->type) { case EVP_PKEY_RSA: + case EVP_PKEY_RSA_PSS: pkey->foreign = pkey->pkey.rsa != NULL && ossl_rsa_is_foreign(pkey->pkey.rsa); break; # ifndef OPENSSL_NO_EC case EVP_PKEY_SM2: + break; case EVP_PKEY_EC: pkey->foreign = pkey->pkey.ec != NULL && ossl_ec_key_is_foreign(pkey->pkey.ec); @@ -1074,6 +1076,7 @@ int EVP_PKEY_can_sign(const EVP_PKEY *pkey) if (pkey->keymgmt == NULL) { switch (EVP_PKEY_get_base_id(pkey)) { case EVP_PKEY_RSA: + case EVP_PKEY_RSA_PSS: return 1; # ifndef OPENSSL_NO_DSA case EVP_PKEY_DSA: @@ -1198,7 +1201,7 @@ int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey, int indent, ASN1_PCTX *pctx) { - return print_pkey(pkey, out, indent, EVP_PKEY_KEYPAIR, NULL, + return print_pkey(pkey, out, indent, EVP_PKEY_PRIVATE_KEY, NULL, (pkey->ameth != NULL ? pkey->ameth->priv_print : NULL), pctx); } diff --git a/deps/openssl/openssl/crypto/evp/pmeth_lib.c b/deps/openssl/openssl/crypto/evp/pmeth_lib.c index ce6e1a1ccbd577..ba1971ce461d57 100644 --- a/deps/openssl/openssl/crypto/evp/pmeth_lib.c +++ b/deps/openssl/openssl/crypto/evp/pmeth_lib.c @@ -251,10 +251,11 @@ static EVP_PKEY_CTX *int_ctx_new(OSSL_LIB_CTX *libctx, */ if (e != NULL) pmeth = ENGINE_get_pkey_meth(e, id); - else if (pkey != NULL && pkey->foreign) + else +# endif /* OPENSSL_NO_ENGINE */ + if (pkey != NULL && pkey->foreign) pmeth = EVP_PKEY_meth_find(id); else -# endif app_pmeth = pmeth = evp_pkey_meth_find_added_by_application(id); /* END legacy */ diff --git a/deps/openssl/openssl/crypto/ex_data.c b/deps/openssl/openssl/crypto/ex_data.c index 40223f06e4ecb6..13b9288994569c 100644 --- a/deps/openssl/openssl/crypto/ex_data.c +++ b/deps/openssl/openssl/crypto/ex_data.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -163,6 +163,8 @@ int ossl_crypto_get_ex_new_index_ex(OSSL_LIB_CTX *ctx, int class_index, * "app_data" routines use ex_data index zero. See RT 3710. */ if (ip->meth == NULL || !sk_EX_CALLBACK_push(ip->meth, NULL)) { + sk_EX_CALLBACK_free(ip->meth); + ip->meth = NULL; ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); goto err; } diff --git a/deps/openssl/openssl/crypto/ffc/ffc_key_validate.c b/deps/openssl/openssl/crypto/ffc/ffc_key_validate.c index 342789621d6df1..a4a2a58e9a7fd9 100644 --- a/deps/openssl/openssl/crypto/ffc/ffc_key_validate.c +++ b/deps/openssl/openssl/crypto/ffc/ffc_key_validate.c @@ -26,7 +26,7 @@ int ossl_ffc_validate_public_key_partial(const FFC_PARAMS *params, *ret = 0; if (params == NULL || pub_key == NULL || params->p == NULL) { *ret = FFC_ERROR_PASSED_NULL_PARAM; - return 0; + return 1; } ctx = BN_CTX_new_ex(NULL); @@ -39,18 +39,14 @@ int ossl_ffc_validate_public_key_partial(const FFC_PARAMS *params, if (tmp == NULL || !BN_set_word(tmp, 1)) goto err; - if (BN_cmp(pub_key, tmp) <= 0) { + if (BN_cmp(pub_key, tmp) <= 0) *ret |= FFC_ERROR_PUBKEY_TOO_SMALL; - goto err; - } /* Step(1): Verify pub_key <= p-2 */ if (BN_copy(tmp, params->p) == NULL || !BN_sub_word(tmp, 1)) goto err; - if (BN_cmp(pub_key, tmp) >= 0) { + if (BN_cmp(pub_key, tmp) >= 0) *ret |= FFC_ERROR_PUBKEY_TOO_LARGE; - goto err; - } ok = 1; err: if (ctx != NULL) { @@ -73,7 +69,7 @@ int ossl_ffc_validate_public_key(const FFC_PARAMS *params, if (!ossl_ffc_validate_public_key_partial(params, pub_key, ret)) return 0; - if (params->q != NULL) { + if (*ret == 0 && params->q != NULL) { ctx = BN_CTX_new_ex(NULL); if (ctx == NULL) goto err; @@ -84,10 +80,8 @@ int ossl_ffc_validate_public_key(const FFC_PARAMS *params, if (tmp == NULL || !BN_mod_exp(tmp, pub_key, params->q, params->p, ctx)) goto err; - if (!BN_is_one(tmp)) { + if (!BN_is_one(tmp)) *ret |= FFC_ERROR_PUBKEY_INVALID; - goto err; - } } ok = 1; diff --git a/deps/openssl/openssl/crypto/http/http_client.c b/deps/openssl/openssl/crypto/http/http_client.c index ee41c03103e5fc..e3ccc6c4cc2fdd 100644 --- a/deps/openssl/openssl/crypto/http/http_client.c +++ b/deps/openssl/openssl/crypto/http/http_client.c @@ -164,7 +164,8 @@ void OSSL_HTTP_REQ_CTX_set_max_response_length(OSSL_HTTP_REQ_CTX *rctx, /* * Create request line using |rctx| and |path| (or "/" in case |path| is NULL). - * Server name (and port) must be given if and only if plain HTTP proxy is used. + * Server name (and optional port) must be given if and only if + * a plain HTTP proxy is used and |path| does not begin with 'http://'. */ int OSSL_HTTP_REQ_CTX_set_request_line(OSSL_HTTP_REQ_CTX *rctx, int method_POST, const char *server, const char *port, @@ -193,11 +194,17 @@ int OSSL_HTTP_REQ_CTX_set_request_line(OSSL_HTTP_REQ_CTX *rctx, int method_POST, return 0; } - /* Make sure path includes a forward slash */ - if (path == NULL) + /* Make sure path includes a forward slash (abs_path) */ + if (path == NULL) { path = "/"; - if (path[0] != '/' && BIO_printf(rctx->mem, "/") <= 0) + } else if (HAS_PREFIX(path, "http://")) { /* absoluteURI for proxy use */ + if (server != NULL) { + ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_INVALID_ARGUMENT); + return 0; + } + } else if (path[0] != '/' && BIO_printf(rctx->mem, "/") <= 0) { return 0; + } /* * Add (the rest of) the path and the HTTP version, * which is fixed to 1.0 for straightforward implementation of keep-alive diff --git a/deps/openssl/openssl/crypto/http/http_lib.c b/deps/openssl/openssl/crypto/http/http_lib.c index ec24e0dc488e58..e45f60b7228746 100644 --- a/deps/openssl/openssl/crypto/http/http_lib.c +++ b/deps/openssl/openssl/crypto/http/http_lib.c @@ -22,6 +22,13 @@ static void init_pstring(char **pstr) } } +static void init_pint(int *pint) +{ + if (pint != NULL) { + *pint = 0; + } +} + static int copy_substring(char **dest, const char *start, const char *end) { return dest == NULL @@ -54,6 +61,7 @@ int OSSL_parse_url(const char *url, char **pscheme, char **puser, char **phost, init_pstring(puser); init_pstring(phost); init_pstring(pport); + init_pint(pport_num); init_pstring(ppath); init_pstring(pfrag); init_pstring(pquery); diff --git a/deps/openssl/openssl/crypto/lhash/lhash.c b/deps/openssl/openssl/crypto/lhash/lhash.c index 1cd988f01fc76a..a01cfa725e38c7 100644 --- a/deps/openssl/openssl/crypto/lhash/lhash.c +++ b/deps/openssl/openssl/crypto/lhash/lhash.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -266,12 +266,12 @@ static void contract(OPENSSL_LHASH *lh) if (n == NULL) { /* fputs("realloc error in lhash",stderr); */ lh->error++; - return; + } else { + lh->b = n; } lh->num_alloc_nodes /= 2; lh->pmax /= 2; lh->p = lh->pmax - 1; - lh->b = n; } else lh->p--; diff --git a/deps/openssl/openssl/crypto/mem.c b/deps/openssl/openssl/crypto/mem.c index f6cdcf5a423ec7..34128616e2700e 100644 --- a/deps/openssl/openssl/crypto/mem.c +++ b/deps/openssl/openssl/crypto/mem.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -100,6 +100,9 @@ void CRYPTO_get_alloc_counts(int *mcount, int *rcount, int *fcount) * or 100;100@25;0 * This means 100 mallocs succeed, then next 100 fail 25% of the time, and * all remaining (count is zero) succeed. + * The failure percentge can have 2 digits after the comma. For example: + * 0@0.01 + * This means 0.01% of all allocations will fail. */ static void parseit(void) { @@ -112,26 +115,27 @@ static void parseit(void) /* Get the count (atol will stop at the @ if there), and percentage */ md_count = atol(md_failstring); atsign = strchr(md_failstring, '@'); - md_fail_percent = atsign == NULL ? 0 : atoi(atsign + 1); + md_fail_percent = atsign == NULL ? 0 : (int)(atof(atsign + 1) * 100 + 0.5); if (semi != NULL) md_failstring = semi; } /* - * Windows doesn't have random(), but it has rand() + * Windows doesn't have random() and srandom(), but it has rand() and srand(). * Some rand() implementations aren't good, but we're not * dealing with secure randomness here. */ # ifdef _WIN32 # define random() rand() +# define srandom(seed) srand(seed) # endif /* * See if the current malloc should fail. */ static int shouldfail(void) { - int roll = (int)(random() % 100); + int roll = (int)(random() % 10000); int shoulditfail = roll < md_fail_percent; # ifndef _WIN32 /* suppressed on Windows as POSIX-like file descriptors are non-inheritable */ @@ -165,6 +169,8 @@ void ossl_malloc_setup_failures(void) parseit(); if ((cp = getenv("OPENSSL_MALLOC_FD")) != NULL) md_tracefd = atoi(cp); + if ((cp = getenv("OPENSSL_MALLOC_SEED")) != NULL) + srandom(atoi(cp)); } #endif @@ -195,7 +201,6 @@ void *CRYPTO_zalloc(size_t num, const char *file, int line) void *ret; ret = CRYPTO_malloc(num, file, line); - FAILTEST(); if (ret != NULL) memset(ret, 0, num); @@ -208,7 +213,6 @@ void *CRYPTO_realloc(void *str, size_t num, const char *file, int line) if (realloc_impl != CRYPTO_realloc) return realloc_impl(str, num, file, line); - FAILTEST(); if (str == NULL) return CRYPTO_malloc(num, file, line); @@ -217,6 +221,7 @@ void *CRYPTO_realloc(void *str, size_t num, const char *file, int line) return NULL; } + FAILTEST(); return realloc(str, num); } diff --git a/deps/openssl/openssl/crypto/modes/asm/ghashv8-armx.pl b/deps/openssl/openssl/crypto/modes/asm/ghashv8-armx.pl index b1d35d25b5b19f..b3d94041729e6f 100644 --- a/deps/openssl/openssl/crypto/modes/asm/ghashv8-armx.pl +++ b/deps/openssl/openssl/crypto/modes/asm/ghashv8-armx.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2014-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -744,6 +744,9 @@ s/\.[uisp]?64//o and s/\.16b/\.2d/go; s/\.[42]([sd])\[([0-3])\]/\.$1\[$2\]/o; + # Switch preprocessor checks to aarch64 versions. + s/__ARME([BL])__/__AARCH64E$1__/go; + print $_,"\n"; } } else { ######## 32-bit code diff --git a/deps/openssl/openssl/crypto/objects/obj_dat.c b/deps/openssl/openssl/crypto/objects/obj_dat.c index 1a52000e6e9d64..85d30eb58ae013 100644 --- a/deps/openssl/openssl/crypto/objects/obj_dat.c +++ b/deps/openssl/openssl/crypto/objects/obj_dat.c @@ -642,13 +642,14 @@ const void *OBJ_bsearch_ex_(const void *key, const void *base, int num, if (p == NULL) { const char *base_ = base; int l, h, i = 0, c = 0; + char *p1; for (i = 0; i < num; ++i) { - p = &(base_[i * size]); - c = (*cmp) (key, p); + p1 = &(base_[i * size]); + c = (*cmp) (key, p1); if (c == 0 || (c < 0 && (flags & OBJ_BSEARCH_VALUE_ON_NOMATCH))) - return p; + return p1; } } #endif diff --git a/deps/openssl/openssl/crypto/param_build_set.c b/deps/openssl/openssl/crypto/param_build_set.c index 8b570ded96ebb4..5de06cc7ed685c 100644 --- a/deps/openssl/openssl/crypto/param_build_set.c +++ b/deps/openssl/openssl/crypto/param_build_set.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -99,21 +99,22 @@ int ossl_param_build_set_multi_key_bn(OSSL_PARAM_BLD *bld, OSSL_PARAM *params, { int i, sz = sk_BIGNUM_const_num(stk); OSSL_PARAM *p; - + const BIGNUM *bn; if (bld != NULL) { for (i = 0; i < sz && names[i] != NULL; ++i) { - if (!OSSL_PARAM_BLD_push_BN(bld, names[i], - sk_BIGNUM_const_value(stk, i))) + bn = sk_BIGNUM_const_value(stk, i); + if (bn != NULL && !OSSL_PARAM_BLD_push_BN(bld, names[i], bn)) return 0; } return 1; } for (i = 0; i < sz && names[i] != NULL; ++i) { + bn = sk_BIGNUM_const_value(stk, i); p = OSSL_PARAM_locate(params, names[i]); - if (p != NULL) { - if (!OSSL_PARAM_set_BN(p, sk_BIGNUM_const_value(stk, i))) + if (p != NULL && bn != NULL) { + if (!OSSL_PARAM_set_BN(p, bn)) return 0; } } diff --git a/deps/openssl/openssl/crypto/params.c b/deps/openssl/openssl/crypto/params.c index 5fd1e0028da917..4d85b5943c71e8 100644 --- a/deps/openssl/openssl/crypto/params.c +++ b/deps/openssl/openssl/crypto/params.c @@ -14,6 +14,7 @@ #include "internal/numbers.h" #include "internal/endian.h" +#ifndef OPENSSL_SYS_UEFI /* * Return the number of bits in the mantissa of a double. This is used to * shift a larger integral value to determine if it will exactly fit into a @@ -23,6 +24,7 @@ static unsigned int real_shift(void) { return sizeof(double) == 4 ? 24 : 53; } +#endif OSSL_PARAM *OSSL_PARAM_locate(OSSL_PARAM *p, const char *key) { @@ -342,8 +344,6 @@ OSSL_PARAM OSSL_PARAM_construct_ulong(const char *key, unsigned long int *buf) int OSSL_PARAM_get_int32(const OSSL_PARAM *p, int32_t *val) { - double d; - if (val == NULL || p == NULL ) return 0; @@ -391,6 +391,9 @@ int OSSL_PARAM_get_int32(const OSSL_PARAM *p, int32_t *val) return general_get_int(p, val, sizeof(*val)); } else if (p->data_type == OSSL_PARAM_REAL) { +#ifndef OPENSSL_SYS_UEFI + double d; + switch (p->data_size) { case sizeof(double): d = *(const double *)p->data; @@ -400,6 +403,7 @@ int OSSL_PARAM_get_int32(const OSSL_PARAM *p, int32_t *val) } break; } +#endif } return 0; } @@ -442,6 +446,7 @@ int OSSL_PARAM_set_int32(OSSL_PARAM *p, int32_t val) #endif return general_set_int(p, &val, sizeof(val)); } else if (p->data_type == OSSL_PARAM_REAL) { +#ifndef OPENSSL_SYS_UEFI p->return_size = sizeof(double); if (p->data == NULL) return 1; @@ -450,6 +455,7 @@ int OSSL_PARAM_set_int32(OSSL_PARAM *p, int32_t val) *(double *)p->data = (double)val; return 1; } +#endif } return 0; } @@ -462,8 +468,6 @@ OSSL_PARAM OSSL_PARAM_construct_int32(const char *key, int32_t *buf) int OSSL_PARAM_get_uint32(const OSSL_PARAM *p, uint32_t *val) { - double d; - if (val == NULL || p == NULL) return 0; @@ -509,6 +513,9 @@ int OSSL_PARAM_get_uint32(const OSSL_PARAM *p, uint32_t *val) #endif return general_get_uint(p, val, sizeof(*val)); } else if (p->data_type == OSSL_PARAM_REAL) { +#ifndef OPENSSL_SYS_UEFI + double d; + switch (p->data_size) { case sizeof(double): d = *(const double *)p->data; @@ -518,6 +525,7 @@ int OSSL_PARAM_get_uint32(const OSSL_PARAM *p, uint32_t *val) } break; } +#endif } return 0; } @@ -564,6 +572,7 @@ int OSSL_PARAM_set_uint32(OSSL_PARAM *p, uint32_t val) #endif return general_set_uint(p, &val, sizeof(val)); } else if (p->data_type == OSSL_PARAM_REAL) { +#ifndef OPENSSL_SYS_UEFI p->return_size = sizeof(double); if (p->data == NULL) return 1; @@ -572,6 +581,7 @@ int OSSL_PARAM_set_uint32(OSSL_PARAM *p, uint32_t val) *(double *)p->data = (double)val; return 1; } +#endif } return 0; } @@ -584,8 +594,6 @@ OSSL_PARAM OSSL_PARAM_construct_uint32(const char *key, uint32_t *buf) int OSSL_PARAM_get_int64(const OSSL_PARAM *p, int64_t *val) { - double d; - if (val == NULL || p == NULL ) return 0; @@ -620,6 +628,9 @@ int OSSL_PARAM_get_int64(const OSSL_PARAM *p, int64_t *val) #endif return general_get_int(p, val, sizeof(*val)); } else if (p->data_type == OSSL_PARAM_REAL) { +#ifndef OPENSSL_SYS_UEFI + double d; + switch (p->data_size) { case sizeof(double): d = *(const double *)p->data; @@ -636,14 +647,13 @@ int OSSL_PARAM_get_int64(const OSSL_PARAM *p, int64_t *val) } break; } +#endif } return 0; } int OSSL_PARAM_set_int64(OSSL_PARAM *p, int64_t val) { - uint64_t u64; - if (p == NULL) return 0; p->return_size = 0; @@ -686,6 +696,9 @@ int OSSL_PARAM_set_int64(OSSL_PARAM *p, int64_t val) #endif return general_set_int(p, &val, sizeof(val)); } else if (p->data_type == OSSL_PARAM_REAL) { +#ifndef OPENSSL_SYS_UEFI + uint64_t u64; + p->return_size = sizeof(double); if (p->data == NULL) return 1; @@ -698,6 +711,7 @@ int OSSL_PARAM_set_int64(OSSL_PARAM *p, int64_t val) } break; } +#endif } return 0; } @@ -709,8 +723,6 @@ OSSL_PARAM OSSL_PARAM_construct_int64(const char *key, int64_t *buf) int OSSL_PARAM_get_uint64(const OSSL_PARAM *p, uint64_t *val) { - double d; - if (val == NULL || p == NULL) return 0; @@ -750,6 +762,9 @@ int OSSL_PARAM_get_uint64(const OSSL_PARAM *p, uint64_t *val) #endif return general_get_uint(p, val, sizeof(*val)); } else if (p->data_type == OSSL_PARAM_REAL) { +#ifndef OPENSSL_SYS_UEFI + double d; + switch (p->data_size) { case sizeof(double): d = *(const double *)p->data; @@ -766,6 +781,7 @@ int OSSL_PARAM_get_uint64(const OSSL_PARAM *p, uint64_t *val) } break; } +#endif } return 0; } @@ -818,6 +834,7 @@ int OSSL_PARAM_set_uint64(OSSL_PARAM *p, uint64_t val) #endif return general_set_uint(p, &val, sizeof(val)); } else if (p->data_type == OSSL_PARAM_REAL) { +#ifndef OPENSSL_SYS_UEFI p->return_size = sizeof(double); switch (p->data_size) { case sizeof(double): @@ -827,6 +844,7 @@ int OSSL_PARAM_set_uint64(OSSL_PARAM *p, uint64_t val) } break; } +#endif } return 0; } @@ -953,6 +971,7 @@ OSSL_PARAM OSSL_PARAM_construct_BN(const char *key, unsigned char *buf, buf, bsize); } +#ifndef OPENSSL_SYS_UEFI int OSSL_PARAM_get_double(const OSSL_PARAM *p, double *val) { int64_t i64; @@ -1073,6 +1092,7 @@ OSSL_PARAM OSSL_PARAM_construct_double(const char *key, double *buf) { return ossl_param_construct(key, OSSL_PARAM_REAL, buf, sizeof(double)); } +#endif static int get_string_internal(const OSSL_PARAM *p, void **val, size_t *max_len, size_t *used_len, diff --git a/deps/openssl/openssl/crypto/pem/pem_pkey.c b/deps/openssl/openssl/crypto/pem/pem_pkey.c index 3e76852c67a44a..4deee46ce5506f 100644 --- a/deps/openssl/openssl/crypto/pem/pem_pkey.c +++ b/deps/openssl/openssl/crypto/pem/pem_pkey.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -366,10 +366,19 @@ int PEM_write_bio_PrivateKey_traditional(BIO *bp, const EVP_PKEY *x, return ret; } +static int no_password_cb(char *buf, int num, int rwflag, void *userdata) +{ + return -1; +} + EVP_PKEY *PEM_read_bio_Parameters_ex(BIO *bp, EVP_PKEY **x, OSSL_LIB_CTX *libctx, const char *propq) { - return pem_read_bio_key(bp, x, NULL, NULL, libctx, propq, + /* + * PEM_read_bio_Parameters(_ex) should never ask for a password. Any attempt + * to get a password just fails. + */ + return pem_read_bio_key(bp, x, no_password_cb, NULL, libctx, propq, EVP_PKEY_KEY_PARAMETERS); } diff --git a/deps/openssl/openssl/crypto/perlasm/arm-xlate.pl b/deps/openssl/openssl/crypto/perlasm/arm-xlate.pl index a90885905c0fdb..38d570c79017c2 100755 --- a/deps/openssl/openssl/crypto/perlasm/arm-xlate.pl +++ b/deps/openssl/openssl/crypto/perlasm/arm-xlate.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -159,9 +159,8 @@ sub expand_line { } { - $line =~ s|(^[\.\w]+)\:\s*||; - my $label = $1; - if ($label) { + if ($line =~ s|(^[\.\w]+)\:\s*||) { + my $label = $1; printf "%s:",($GLOBALS{$label} or $label); } } diff --git a/deps/openssl/openssl/crypto/perlasm/x86asm.pl b/deps/openssl/openssl/crypto/perlasm/x86asm.pl index 98a7159a5f131c..8dcde9eacaa3d1 100644 --- a/deps/openssl/openssl/crypto/perlasm/x86asm.pl +++ b/deps/openssl/openssl/crypto/perlasm/x86asm.pl @@ -174,9 +174,9 @@ sub ::vprotd sub ::endbranch { - &::generic("%ifdef __CET__\n"); + &::generic("#ifdef __CET__\n"); &::data_byte(0xf3,0x0f,0x1e,0xfb); - &::generic("%endif\n"); + &::generic("#endif\n"); } # label management diff --git a/deps/openssl/openssl/crypto/pkcs12/p12_crt.c b/deps/openssl/openssl/crypto/pkcs12/p12_crt.c index 00c71297463d9e..26a444f868b028 100644 --- a/deps/openssl/openssl/crypto/pkcs12/p12_crt.c +++ b/deps/openssl/openssl/crypto/pkcs12/p12_crt.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,6 +14,12 @@ static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag); +static PKCS12_SAFEBAG *pkcs12_add_cert_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, + X509 *cert, + const char *name, + int namelen, + unsigned char *keyid, + int keyidlen); static int copy_bag_attr(PKCS12_SAFEBAG *bag, EVP_PKEY *pkey, int nid) { @@ -40,6 +46,9 @@ PKCS12 *PKCS12_create_ex(const char *pass, const char *name, EVP_PKEY *pkey, int i; unsigned char keyid[EVP_MAX_MD_SIZE]; unsigned int keyidlen = 0; + int namelen = -1; + unsigned char *pkeyid = NULL; + int pkeyidlen = -1; /* Set defaults */ if (nid_cert == NID_undef) @@ -64,11 +73,16 @@ PKCS12 *PKCS12_create_ex(const char *pass, const char *name, EVP_PKEY *pkey, } if (cert) { - bag = PKCS12_add_cert(&bags, cert); - if (name && !PKCS12_add_friendlyname(bag, name, -1)) - goto err; - if (keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen)) - goto err; + if (name == NULL) + name = (char *)X509_alias_get0(cert, &namelen); + if (keyidlen > 0) { + pkeyid = keyid; + pkeyidlen = keyidlen; + } else { + pkeyid = X509_keyid_get0(cert, &pkeyidlen); + } + + bag = pkcs12_add_cert_bag(&bags, cert, name, namelen, pkeyid, pkeyidlen); } /* Add all other certificates */ @@ -139,30 +153,23 @@ PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, X509 * iter, mac_iter, keytype, NULL, NULL); } -PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert) +static PKCS12_SAFEBAG *pkcs12_add_cert_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, + X509 *cert, + const char *name, + int namelen, + unsigned char *keyid, + int keyidlen) { PKCS12_SAFEBAG *bag = NULL; - char *name; - int namelen = -1; - unsigned char *keyid; - int keyidlen = -1; /* Add user certificate */ if ((bag = PKCS12_SAFEBAG_create_cert(cert)) == NULL) goto err; - /* - * Use friendlyName and localKeyID in certificate. (if present) - */ - - name = (char *)X509_alias_get0(cert, &namelen); - - if (name && !PKCS12_add_friendlyname(bag, name, namelen)) + if (name != NULL && !PKCS12_add_friendlyname(bag, name, namelen)) goto err; - keyid = X509_keyid_get0(cert, &keyidlen); - - if (keyid && !PKCS12_add_localkeyid(bag, keyid, keyidlen)) + if (keyid != NULL && !PKCS12_add_localkeyid(bag, keyid, keyidlen)) goto err; if (!pkcs12_add_bag(pbags, bag)) @@ -173,7 +180,22 @@ PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert) err: PKCS12_SAFEBAG_free(bag); return NULL; +} + +PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert) +{ + char *name = NULL; + int namelen = -1; + unsigned char *keyid = NULL; + int keyidlen = -1; + + /* + * Use friendlyName and localKeyID in certificate. (if present) + */ + name = (char *)X509_alias_get0(cert, &namelen); + keyid = X509_keyid_get0(cert, &keyidlen); + return pkcs12_add_cert_bag(pbags, cert, name, namelen, keyid, keyidlen); } PKCS12_SAFEBAG *PKCS12_add_key_ex(STACK_OF(PKCS12_SAFEBAG) **pbags, diff --git a/deps/openssl/openssl/crypto/pkcs12/p12_mutl.c b/deps/openssl/openssl/crypto/pkcs12/p12_mutl.c index afdb8d688ba336..67a885a45f89e0 100644 --- a/deps/openssl/openssl/crypto/pkcs12/p12_mutl.c +++ b/deps/openssl/openssl/crypto/pkcs12/p12_mutl.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -108,15 +108,20 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen, X509_ALGOR_get0(&macoid, NULL, NULL, macalg); if (OBJ_obj2txt(md_name, sizeof(md_name), macoid, 0) < 0) return 0; + + (void)ERR_set_mark(); md = md_fetch = EVP_MD_fetch(p12->authsafes->ctx.libctx, md_name, p12->authsafes->ctx.propq); if (md == NULL) md = EVP_get_digestbynid(OBJ_obj2nid(macoid)); if (md == NULL) { + (void)ERR_clear_last_mark(); ERR_raise(ERR_LIB_PKCS12, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM); return 0; } + (void)ERR_pop_to_mark(); + md_size = EVP_MD_get_size(md); md_nid = EVP_MD_get_type(md); if (md_size < 0) diff --git a/deps/openssl/openssl/crypto/poly1305/asm/poly1305-armv8.pl b/deps/openssl/openssl/crypto/poly1305/asm/poly1305-armv8.pl index 113a2151b6fa14..dc39f4053fe6a9 100755 --- a/deps/openssl/openssl/crypto/poly1305/asm/poly1305-armv8.pl +++ b/deps/openssl/openssl/crypto/poly1305/asm/poly1305-armv8.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -85,7 +85,7 @@ ldp $r0,$r1,[$inp] // load key mov $s1,#0xfffffffc0fffffff movk $s1,#0x0fff,lsl#48 -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev $r0,$r0 // flip bytes rev $r1,$r1 #endif @@ -132,7 +132,7 @@ .Loop: ldp $t0,$t1,[$inp],#16 // load input sub $len,$len,#16 -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev $t0,$t0 rev $t1,$t1 #endif @@ -197,13 +197,13 @@ csel $h0,$h0,$d0,eq csel $h1,$h1,$d1,eq -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ ror $t0,$t0,#32 // flip nonce words ror $t1,$t1,#32 #endif adds $h0,$h0,$t0 // accumulate nonce adc $h1,$h1,$t1 -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev $h0,$h0 // flip output bytes rev $h1,$h1 #endif @@ -335,7 +335,7 @@ adcs $h1,$h1,xzr adc $h2,$h2,xzr -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev $d0,$d0 rev $d1,$d1 #endif @@ -381,7 +381,7 @@ ldp $d0,$d1,[$inp],#16 // load input sub $len,$len,#16 add $s1,$r1,$r1,lsr#2 // s1 = r1 + (r1 >> 2) -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev $d0,$d0 rev $d1,$d1 #endif @@ -466,7 +466,7 @@ lsl $padbit,$padbit,#24 add x15,$ctx,#48 -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev x8,x8 rev x12,x12 rev x9,x9 @@ -502,7 +502,7 @@ ld1 {$S2,$R3,$S3,$R4},[x15],#64 ld1 {$S4},[x15] -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev x8,x8 rev x12,x12 rev x9,x9 @@ -563,7 +563,7 @@ umull $ACC1,$IN23_0,${R1}[2] ldp x9,x13,[$in2],#48 umull $ACC0,$IN23_0,${R0}[2] -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev x8,x8 rev x12,x12 rev x9,x9 @@ -628,7 +628,7 @@ umlal $ACC4,$IN01_2,${R2}[0] umlal $ACC1,$IN01_2,${S4}[0] umlal $ACC2,$IN01_2,${R0}[0] -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev x8,x8 rev x12,x12 rev x9,x9 @@ -909,13 +909,13 @@ csel $h0,$h0,$d0,eq csel $h1,$h1,$d1,eq -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ ror $t0,$t0,#32 // flip nonce words ror $t1,$t1,#32 #endif adds $h0,$h0,$t0 // accumulate nonce adc $h1,$h1,$t1 -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev $h0,$h0 // flip output bytes rev $h1,$h1 #endif diff --git a/deps/openssl/openssl/crypto/poly1305/asm/poly1305-x86_64.pl b/deps/openssl/openssl/crypto/poly1305/asm/poly1305-x86_64.pl index fa9bfb7a7b814c..4cddca1c514c04 100755 --- a/deps/openssl/openssl/crypto/poly1305/asm/poly1305-x86_64.pl +++ b/deps/openssl/openssl/crypto/poly1305/asm/poly1305-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -195,7 +195,7 @@ sub poly1305_iteration { bt \$`5+32`,%r9 # AVX2? cmovc %rax,%r10 ___ -$code.=<<___ if ($avx>3); +$code.=<<___ if ($avx>3 && !$win64); mov \$`(1<<31|1<<21|1<<16)`,%rax shr \$32,%r9 and %rax,%r9 @@ -2724,7 +2724,7 @@ sub poly1305_iteration { .cfi_endproc .size poly1305_blocks_avx512,.-poly1305_blocks_avx512 ___ -if ($avx>3) { +if ($avx>3 && !$win64) { ######################################################################## # VPMADD52 version using 2^44 radix. # diff --git a/deps/openssl/openssl/crypto/property/property.c b/deps/openssl/openssl/crypto/property/property.c index b97861d4862fa8..602db0f3ff54e9 100644 --- a/deps/openssl/openssl/crypto/property/property.c +++ b/deps/openssl/openssl/crypto/property/property.c @@ -129,11 +129,11 @@ static const OSSL_LIB_CTX_METHOD ossl_ctx_global_properties_method = { }; OSSL_PROPERTY_LIST **ossl_ctx_global_properties(OSSL_LIB_CTX *libctx, - int loadconfig) + ossl_unused int loadconfig) { OSSL_GLOBAL_PROPERTIES *globp; -#ifndef FIPS_MODULE +#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_AUTOLOAD_CONFIG) if (loadconfig && !OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL)) return NULL; #endif @@ -513,7 +513,7 @@ int ossl_method_store_fetch(OSSL_METHOD_STORE *store, if (nid <= 0 || method == NULL || store == NULL) return 0; -#ifndef FIPS_MODULE +#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_AUTOLOAD_CONFIG) if (ossl_lib_ctx_is_default(store->ctx) && !OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL)) return 0; diff --git a/deps/openssl/openssl/crypto/property/property_parse.c b/deps/openssl/openssl/crypto/property/property_parse.c index ca2bd33381bfdd..e3a4998df11fcb 100644 --- a/deps/openssl/openssl/crypto/property/property_parse.c +++ b/deps/openssl/openssl/crypto/property/property_parse.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -588,15 +588,38 @@ static void put_char(char ch, char **buf, size_t *remain, size_t *needed) static void put_str(const char *str, char **buf, size_t *remain, size_t *needed) { - size_t olen, len; + size_t olen, len, i; + char quote = '\0'; + int quotes; len = olen = strlen(str); *needed += len; - if (*remain == 0) + /* + * Check to see if we need quotes or not. + * Characters that are legal in a PropertyName don't need quoting. + * We simply assume all others require quotes. + */ + for (i = 0; i < len; i++) + if (!ossl_isalnum(str[i]) && str[i] != '.' && str[i] != '_') { + /* Default to single quotes ... */ + if (quote == '\0') + quote = '\''; + /* ... but use double quotes if a single is present */ + if (str[i] == '\'') + quote = '"'; + } + + quotes = quote != '\0'; + if (*remain == 0) { + *needed += 2 * quotes; return; + } - if (*remain < len + 1) + if (quotes) + put_char(quote, buf, remain, needed); + + if (*remain < len + 1 + quotes) len = *remain - 1; if (len > 0) { @@ -605,6 +628,9 @@ static void put_str(const char *str, char **buf, size_t *remain, size_t *needed) *remain -= len; } + if (quotes) + put_char(quote, buf, remain, needed); + if (len < olen && *remain == 1) { **buf = '\0'; ++*buf; diff --git a/deps/openssl/openssl/crypto/provider_core.c b/deps/openssl/openssl/crypto/provider_core.c index 7a12328121623e..92cce32c5bbf88 100644 --- a/deps/openssl/openssl/crypto/provider_core.c +++ b/deps/openssl/openssl/crypto/provider_core.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -408,7 +408,7 @@ int ossl_provider_info_add_to_store(OSSL_LIB_CTX *libctx, } OSSL_PROVIDER *ossl_provider_find(OSSL_LIB_CTX *libctx, const char *name, - int noconfig) + ossl_unused int noconfig) { struct provider_store_st *store = NULL; OSSL_PROVIDER *prov = NULL; @@ -417,7 +417,7 @@ OSSL_PROVIDER *ossl_provider_find(OSSL_LIB_CTX *libctx, const char *name, OSSL_PROVIDER tmpl = { 0, }; int i; -#ifndef FIPS_MODULE +#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_AUTOLOAD_CONFIG) /* * Make sure any providers are loaded from config before we try to find * them. @@ -1356,7 +1356,7 @@ int ossl_provider_doall_activated(OSSL_LIB_CTX *ctx, struct provider_store_st *store = get_provider_store(ctx); STACK_OF(OSSL_PROVIDER) *provs = NULL; -#ifndef FIPS_MODULE +#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_AUTOLOAD_CONFIG) /* * Make sure any providers are loaded from config before we try to use * them. diff --git a/deps/openssl/openssl/crypto/rand/rand_lib.c b/deps/openssl/openssl/crypto/rand/rand_lib.c index 0fcf4fe3bc1ef7..5fde214448f3be 100644 --- a/deps/openssl/openssl/crypto/rand/rand_lib.c +++ b/deps/openssl/openssl/crypto/rand/rand_lib.c @@ -120,6 +120,8 @@ void RAND_keep_random_devices_open(int keep) */ int RAND_poll(void) { + static const char salt[] = "polling"; + # ifndef OPENSSL_NO_DEPRECATED_3_0 const RAND_METHOD *meth = RAND_get_rand_method(); int ret = meth == RAND_OpenSSL(); @@ -148,14 +150,12 @@ int RAND_poll(void) ret = 1; err: ossl_rand_pool_free(pool); + return ret; } - return ret; -# else - static const char salt[] = "polling"; +# endif RAND_seed(salt, sizeof(salt)); return 1; -# endif } # ifndef OPENSSL_NO_DEPRECATED_3_0 diff --git a/deps/openssl/openssl/crypto/rc4/build.info b/deps/openssl/openssl/crypto/rc4/build.info index 68b3c73f55b04f..c9c81f87dabf8a 100644 --- a/deps/openssl/openssl/crypto/rc4/build.info +++ b/deps/openssl/openssl/crypto/rc4/build.info @@ -21,10 +21,15 @@ SOURCE[../../libcrypto]=$RC4ASM # When all deprecated symbols are removed, libcrypto doesn't export the # rc4 functions, so we must include them directly in liblegacy.a -IF[{- $disabled{'deprecated-3.0'} && !$disabled{module} && !$disabled{shared} -}] +IF[{- !$disabled{module} && !$disabled{shared} -}] SOURCE[../../providers/liblegacy.a]=$RC4ASM ENDIF +# Implementations are now spread across several libraries, so the defines +# need to be applied to all affected libraries and modules. +DEFINE[../../libcrypto]=$RC4DEF +DEFINE[../../providers/liblegacy.a]=$RC4DEF + GENERATE[rc4-586.S]=asm/rc4-586.pl DEPEND[rc4-586.S]=../perlasm/x86asm.pl diff --git a/deps/openssl/openssl/crypto/rsa/rsa_ameth.c b/deps/openssl/openssl/crypto/rsa/rsa_ameth.c index 61ec53d4244ca6..07734077e3228a 100644 --- a/deps/openssl/openssl/crypto/rsa/rsa_ameth.c +++ b/deps/openssl/openssl/crypto/rsa/rsa_ameth.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -60,13 +60,16 @@ static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) if (!rsa_param_encode(pkey, &str, &strtype)) return 0; penclen = i2d_RSAPublicKey(pkey->pkey.rsa, &penc); - if (penclen <= 0) + if (penclen <= 0) { + ASN1_STRING_free(str); return 0; + } if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(pkey->ameth->pkey_id), strtype, str, penc, penclen)) return 1; OPENSSL_free(penc); + ASN1_STRING_free(str); return 0; } @@ -641,6 +644,36 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, const void *asn, size_t aid_len = 0; OSSL_PARAM params[2]; + if (evp_pkey_ctx_is_legacy(pkctx)) { + /* No provider -> we cannot query it for algorithm ID. */ + ASN1_STRING *os1 = NULL; + + os1 = ossl_rsa_ctx_to_pss_string(pkctx); + if (os1 == NULL) + return 0; + /* Duplicate parameters if we have to */ + if (alg2 != NULL) { + ASN1_STRING *os2 = ASN1_STRING_dup(os1); + + if (os2 == NULL) { + ASN1_STRING_free(os1); + return 0; + } + if (!X509_ALGOR_set0(alg2, OBJ_nid2obj(EVP_PKEY_RSA_PSS), + V_ASN1_SEQUENCE, os2)) { + ASN1_STRING_free(os1); + ASN1_STRING_free(os2); + return 0; + } + } + if (!X509_ALGOR_set0(alg1, OBJ_nid2obj(EVP_PKEY_RSA_PSS), + V_ASN1_SEQUENCE, os1)) { + ASN1_STRING_free(os1); + return 0; + } + return 3; + } + params[0] = OSSL_PARAM_construct_octet_string( OSSL_SIGNATURE_PARAM_ALGORITHM_ID, aid, sizeof(aid)); params[1] = OSSL_PARAM_construct_end(); @@ -652,11 +685,13 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, const void *asn, if (alg1 != NULL) { const unsigned char *pp = aid; + if (d2i_X509_ALGOR(&alg1, &pp, aid_len) == NULL) return 0; } if (alg2 != NULL) { const unsigned char *pp = aid; + if (d2i_X509_ALGOR(&alg2, &pp, aid_len) == NULL) return 0; } diff --git a/deps/openssl/openssl/crypto/rsa/rsa_backend.c b/deps/openssl/openssl/crypto/rsa/rsa_backend.c index 58187fa2ef59df..f9d1cb361d7704 100644 --- a/deps/openssl/openssl/crypto/rsa/rsa_backend.c +++ b/deps/openssl/openssl/crypto/rsa/rsa_backend.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -141,18 +141,6 @@ int ossl_rsa_todata(RSA *rsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[], /* Check private key data integrity */ if (include_private && rsa_d != NULL) { - int numprimes = sk_BIGNUM_const_num(factors); - int numexps = sk_BIGNUM_const_num(exps); - int numcoeffs = sk_BIGNUM_const_num(coeffs); - - /* - * It's permissible to have zero primes, i.e. no CRT params. - * Otherwise, there must be at least two, as many exponents, - * and one coefficient less. - */ - if (numprimes != 0 - && (numprimes < 2 || numexps < 2 || numcoeffs < 1)) - goto err; if (!ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_D, rsa_d) diff --git a/deps/openssl/openssl/crypto/rsa/rsa_lib.c b/deps/openssl/openssl/crypto/rsa/rsa_lib.c index 449097b8b27afc..71a17a92349d3b 100644 --- a/deps/openssl/openssl/crypto/rsa/rsa_lib.c +++ b/deps/openssl/openssl/crypto/rsa/rsa_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -753,18 +753,22 @@ int ossl_rsa_set0_all_params(RSA *r, const STACK_OF(BIGNUM) *primes, return 0; pnum = sk_BIGNUM_num(primes); - if (pnum < 2 - || pnum != sk_BIGNUM_num(exps) - || pnum != sk_BIGNUM_num(coeffs) + 1) + if (pnum < 2) return 0; if (!RSA_set0_factors(r, sk_BIGNUM_value(primes, 0), - sk_BIGNUM_value(primes, 1)) - || !RSA_set0_crt_params(r, sk_BIGNUM_value(exps, 0), - sk_BIGNUM_value(exps, 1), - sk_BIGNUM_value(coeffs, 0))) + sk_BIGNUM_value(primes, 1))) return 0; + if (pnum == sk_BIGNUM_num(exps) + && pnum == sk_BIGNUM_num(coeffs) + 1) { + + if (!RSA_set0_crt_params(r, sk_BIGNUM_value(exps, 0), + sk_BIGNUM_value(exps, 1), + sk_BIGNUM_value(coeffs, 0))) + return 0; + } + #ifndef FIPS_MODULE old_infos = r->prime_infos; #endif @@ -1084,6 +1088,12 @@ int EVP_PKEY_CTX_get_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD **md) int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, void *label, int llen) { OSSL_PARAM rsa_params[2], *p = rsa_params; + const char *empty = ""; + /* + * Needed as we swap label with empty if it is NULL, and label is + * freed at the end of this function. + */ + void *plabel = label; int ret; if (ctx == NULL || !EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx)) { @@ -1096,9 +1106,13 @@ int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, void *label, int llen) if (!EVP_PKEY_CTX_is_a(ctx, "RSA")) return -1; + /* Accept NULL for backward compatibility */ + if (label == NULL && llen == 0) + plabel = (void *)empty; + /* Cast away the const. This is read only so should be safe */ *p++ = OSSL_PARAM_construct_octet_string(OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, - (void *)label, (size_t)llen); + (void *)plabel, (size_t)llen); *p++ = OSSL_PARAM_construct_end(); ret = evp_pkey_ctx_set_params_strict(ctx, rsa_params); diff --git a/deps/openssl/openssl/crypto/rsa/rsa_pmeth.c b/deps/openssl/openssl/crypto/rsa/rsa_pmeth.c index 44c819a5c3ce7a..0bf5ac098ac080 100644 --- a/deps/openssl/openssl/crypto/rsa/rsa_pmeth.c +++ b/deps/openssl/openssl/crypto/rsa/rsa_pmeth.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -584,6 +584,10 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_PADDING_MODE); return -2; } + if (p2 == NULL) { + ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } *(unsigned char **)p2 = rctx->oaep_label; return rctx->oaep_labellen; diff --git a/deps/openssl/openssl/crypto/sha/asm/keccak1600-avx2.pl b/deps/openssl/openssl/crypto/sha/asm/keccak1600-avx2.pl index 84682289bf7a71..864066533445a6 100755 --- a/deps/openssl/openssl/crypto/sha/asm/keccak1600-avx2.pl +++ b/deps/openssl/openssl/crypto/sha/asm/keccak1600-avx2.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -432,6 +432,7 @@ ret .size SHA3_squeeze,.-SHA3_squeeze +.section .rodata .align 64 rhotates_left: .quad 3, 18, 36, 41 # [2][0] [4][0] [1][0] [3][0] diff --git a/deps/openssl/openssl/crypto/sha/asm/keccak1600-avx512.pl b/deps/openssl/openssl/crypto/sha/asm/keccak1600-avx512.pl index 85d6e7ffe424aa..efc32545c35625 100755 --- a/deps/openssl/openssl/crypto/sha/asm/keccak1600-avx512.pl +++ b/deps/openssl/openssl/crypto/sha/asm/keccak1600-avx512.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -486,6 +486,7 @@ ret .size SHA3_squeeze,.-SHA3_squeeze +.section .rodata .align 64 theta_perm: .quad 0, 1, 2, 3, 4, 5, 6, 7 # [not used] diff --git a/deps/openssl/openssl/crypto/sha/asm/keccak1600-avx512vl.pl b/deps/openssl/openssl/crypto/sha/asm/keccak1600-avx512vl.pl index 73e75f363f2041..f941556b42a8b7 100755 --- a/deps/openssl/openssl/crypto/sha/asm/keccak1600-avx512vl.pl +++ b/deps/openssl/openssl/crypto/sha/asm/keccak1600-avx512vl.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -349,6 +349,7 @@ ret .size SHA3_squeeze,.-SHA3_squeeze +.section .rodata .align 64 rhotates_left: .quad 3, 18, 36, 41 # [2][0] [4][0] [1][0] [3][0] diff --git a/deps/openssl/openssl/crypto/srp/srp_vfy.c b/deps/openssl/openssl/crypto/srp/srp_vfy.c index e8beb60d278a08..96d511ffe6368e 100644 --- a/deps/openssl/openssl/crypto/srp/srp_vfy.c +++ b/deps/openssl/openssl/crypto/srp/srp_vfy.c @@ -1,5 +1,5 @@ /* - * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2004, EdelKey Project. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -283,6 +283,7 @@ SRP_VBASE *SRP_VBASE_new(char *seed_key) return NULL; if ((vb->users_pwd = sk_SRP_user_pwd_new_null()) == NULL || (vb->gN_cache = sk_SRP_gN_cache_new_null()) == NULL) { + sk_SRP_user_pwd_free(vb->users_pwd); OPENSSL_free(vb); return NULL; } diff --git a/deps/openssl/openssl/crypto/store/store_lib.c b/deps/openssl/openssl/crypto/store/store_lib.c index 5ff927862916e5..bc12d8dd13a28e 100644 --- a/deps/openssl/openssl/crypto/store/store_lib.c +++ b/deps/openssl/openssl/crypto/store/store_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -424,14 +424,14 @@ OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx) load_data.v = NULL; load_data.ctx = ctx; + ctx->error_flag = 0; if (!ctx->fetched_loader->p_load(ctx->loader_ctx, ossl_store_handle_load_result, &load_data, ossl_pw_passphrase_callback_dec, &ctx->pwdata)) { - if (!OSSL_STORE_eof(ctx)) - ctx->error_flag = 1; + ctx->error_flag = 1; return NULL; } v = load_data.v; diff --git a/deps/openssl/openssl/crypto/store/store_result.c b/deps/openssl/openssl/crypto/store/store_result.c index 96d31199074d6b..bbc8f6fef265dc 100644 --- a/deps/openssl/openssl/crypto/store/store_result.c +++ b/deps/openssl/openssl/crypto/store/store_result.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -553,8 +553,10 @@ static int try_pkcs12(struct extracted_param_data_st *data, OSSL_STORE_INFO **v, ok = 0; /* Assume decryption or parse error */ - if (PKCS12_verify_mac(p12, "", 0) + if (!PKCS12_mac_present(p12) || PKCS12_verify_mac(p12, NULL, 0)) { + pass = NULL; + } else if (PKCS12_verify_mac(p12, "", 0)) { pass = ""; } else { static char prompt_info[] = "PKCS12 import pass phrase"; diff --git a/deps/openssl/openssl/crypto/threads_pthread.c b/deps/openssl/openssl/crypto/threads_pthread.c index bfc05a4e878c25..801855c9306e20 100644 --- a/deps/openssl/openssl/crypto/threads_pthread.c +++ b/deps/openssl/openssl/crypto/threads_pthread.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -72,8 +72,6 @@ CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void) # if !defined (__TANDEM) && !defined (_SPT_MODEL_) # if !defined(NDEBUG) && !defined(OPENSSL_NO_MUTEX_ERRORCHECK) pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_ERRORCHECK); -# else - pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_NORMAL); # endif # else /* The SPT Thread Library does not define MUTEX attributes. */ diff --git a/deps/openssl/openssl/crypto/x509/by_dir.c b/deps/openssl/openssl/crypto/x509/by_dir.c index cb40c7737f72f8..ad871966aa6e30 100644 --- a/deps/openssl/openssl/crypto/x509/by_dir.c +++ b/deps/openssl/openssl/crypto/x509/by_dir.c @@ -348,7 +348,8 @@ static int get_cert_by_subject_ex(X509_LOOKUP *xl, X509_LOOKUP_TYPE type, /* * we have added it to the cache so now pull it out again */ - X509_STORE_lock(xl->store_ctx); + if (!X509_STORE_lock(xl->store_ctx)) + goto finish; j = sk_X509_OBJECT_find(xl->store_ctx->objs, &stmp); tmp = sk_X509_OBJECT_value(xl->store_ctx->objs, j); X509_STORE_unlock(xl->store_ctx); diff --git a/deps/openssl/openssl/crypto/x509/v3_ist.c b/deps/openssl/openssl/crypto/x509/v3_ist.c index 0de281f6687122..4a3cfa12a471b6 100644 --- a/deps/openssl/openssl/crypto/x509/v3_ist.c +++ b/deps/openssl/openssl/crypto/x509/v3_ist.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -50,43 +50,38 @@ static ISSUER_SIGN_TOOL *v2i_issuer_sign_tool(X509V3_EXT_METHOD *method, X509V3_ } if (strcmp(cnf->name, "signTool") == 0) { ist->signTool = ASN1_UTF8STRING_new(); - if (ist->signTool == NULL) { + if (ist->signTool == NULL || !ASN1_STRING_set(ist->signTool, cnf->value, strlen(cnf->value))) { ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - ISSUER_SIGN_TOOL_free(ist); - return NULL; + goto err; } - ASN1_STRING_set(ist->signTool, cnf->value, strlen(cnf->value)); } else if (strcmp(cnf->name, "cATool") == 0) { ist->cATool = ASN1_UTF8STRING_new(); - if (ist->cATool == NULL) { + if (ist->cATool == NULL || !ASN1_STRING_set(ist->cATool, cnf->value, strlen(cnf->value))) { ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - ISSUER_SIGN_TOOL_free(ist); - return NULL; + goto err; } - ASN1_STRING_set(ist->cATool, cnf->value, strlen(cnf->value)); } else if (strcmp(cnf->name, "signToolCert") == 0) { ist->signToolCert = ASN1_UTF8STRING_new(); - if (ist->signToolCert == NULL) { + if (ist->signToolCert == NULL || !ASN1_STRING_set(ist->signToolCert, cnf->value, strlen(cnf->value))) { ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - ISSUER_SIGN_TOOL_free(ist); - return NULL; + goto err; } - ASN1_STRING_set(ist->signToolCert, cnf->value, strlen(cnf->value)); } else if (strcmp(cnf->name, "cAToolCert") == 0) { ist->cAToolCert = ASN1_UTF8STRING_new(); - if (ist->cAToolCert == NULL) { + if (ist->cAToolCert == NULL || !ASN1_STRING_set(ist->cAToolCert, cnf->value, strlen(cnf->value))) { ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - ISSUER_SIGN_TOOL_free(ist); - return NULL; + goto err; } - ASN1_STRING_set(ist->cAToolCert, cnf->value, strlen(cnf->value)); } else { ERR_raise(ERR_LIB_X509V3, ERR_R_PASSED_INVALID_ARGUMENT); - ISSUER_SIGN_TOOL_free(ist); - return NULL; + goto err; } } return ist; + +err: + ISSUER_SIGN_TOOL_free(ist); + return NULL; } static int i2r_issuer_sign_tool(X509V3_EXT_METHOD *method, diff --git a/deps/openssl/openssl/crypto/x509/v3_purp.c b/deps/openssl/openssl/crypto/x509/v3_purp.c index a6ebbd5f94f6a6..6461189179f468 100644 --- a/deps/openssl/openssl/crypto/x509/v3_purp.c +++ b/deps/openssl/openssl/crypto/x509/v3_purp.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -438,7 +438,7 @@ int ossl_x509v3_cache_extensions(X509 *x) * in case ctx->param->flags & X509_V_FLAG_X509_STRICT */ if (bs->pathlen->type == V_ASN1_NEG_INTEGER) { - ERR_raise(ERR_LIB_X509, X509V3_R_NEGATIVE_PATHLEN); + ERR_raise(ERR_LIB_X509V3, X509V3_R_NEGATIVE_PATHLEN); x->ex_flags |= EXFLAG_INVALID; } else { x->ex_pathlen = ASN1_INTEGER_get(bs->pathlen); @@ -479,7 +479,7 @@ int ossl_x509v3_cache_extensions(X509 *x) ASN1_BIT_STRING_free(usage); /* Check for empty key usage according to RFC 5280 section 4.2.1.3 */ if (x->ex_kusage == 0) { - ERR_raise(ERR_LIB_X509, X509V3_R_EMPTY_KEY_USAGE); + ERR_raise(ERR_LIB_X509V3, X509V3_R_EMPTY_KEY_USAGE); x->ex_flags |= EXFLAG_INVALID; } } else if (i != -1) { @@ -632,7 +632,7 @@ int ossl_x509v3_cache_extensions(X509 *x) return 1; } if ((x->ex_flags & EXFLAG_INVALID) != 0) - ERR_raise(ERR_LIB_X509, X509V3_R_INVALID_CERTIFICATE); + ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_CERTIFICATE); /* If computing sha1_hash failed the error queue already reflects this. */ err: diff --git a/deps/openssl/openssl/crypto/x509/x509_att.c b/deps/openssl/openssl/crypto/x509/x509_att.c index 73ac59454d1f70..d9fe7a3791d1fa 100644 --- a/deps/openssl/openssl/crypto/x509/x509_att.c +++ b/deps/openssl/openssl/crypto/x509/x509_att.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -82,6 +82,11 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, return NULL; } + if (*x != NULL && X509at_get_attr_by_OBJ(*x, attr->object, -1) != -1) { + ERR_raise(ERR_LIB_X509, X509_R_DUPLICATE_ATTRIBUTE); + return NULL; + } + if (*x == NULL) { if ((sk = sk_X509_ATTRIBUTE_new_null()) == NULL) goto err; diff --git a/deps/openssl/openssl/crypto/x509/x509_cmp.c b/deps/openssl/openssl/crypto/x509/x509_cmp.c index 5c9d91f4073d74..989fb8faa9f465 100644 --- a/deps/openssl/openssl/crypto/x509/x509_cmp.c +++ b/deps/openssl/openssl/crypto/x509/x509_cmp.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -277,11 +277,11 @@ int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b) if (ret == 0 && a->canon_enclen == 0) return 0; - if (a->canon_enc == NULL || b->canon_enc == NULL) - return -2; - - if (ret == 0) + if (ret == 0) { + if (a->canon_enc == NULL || b->canon_enc == NULL) + return -2; ret = memcmp(a->canon_enc, b->canon_enc, a->canon_enclen); + } return ret < 0 ? -1 : ret > 0; } @@ -292,12 +292,13 @@ unsigned long X509_NAME_hash_ex(const X509_NAME *x, OSSL_LIB_CTX *libctx, unsigned long ret = 0; unsigned char md[SHA_DIGEST_LENGTH]; EVP_MD *sha1 = EVP_MD_fetch(libctx, "SHA1", propq); + int i2d_ret; /* Make sure X509_NAME structure contains valid cached encoding */ - i2d_X509_NAME(x, NULL); + i2d_ret = i2d_X509_NAME(x, NULL); if (ok != NULL) *ok = 0; - if (sha1 != NULL + if (i2d_ret >= 0 && sha1 != NULL && EVP_Digest(x->canon_enc, x->canon_enclen, md, NULL, sha1, NULL)) { ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) | ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L) @@ -325,7 +326,9 @@ unsigned long X509_NAME_hash_old(const X509_NAME *x) goto end; /* Make sure X509_NAME structure contains valid cached encoding */ - i2d_X509_NAME(x, NULL); + if (i2d_X509_NAME(x, NULL) < 0) + goto end; + if (EVP_DigestInit_ex(md_ctx, md5, NULL) && EVP_DigestUpdate(md_ctx, x->bytes->data, x->bytes->length) && EVP_DigestFinal_ex(md_ctx, md, NULL)) diff --git a/deps/openssl/openssl/crypto/x509/x509_err.c b/deps/openssl/openssl/crypto/x509/x509_err.c index a933aeef351fc5..37467935c99786 100644 --- a/deps/openssl/openssl/crypto/x509/x509_err.c +++ b/deps/openssl/openssl/crypto/x509/x509_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -28,6 +28,8 @@ static const ERR_STRING_DATA X509_str_reasons[] = { {ERR_PACK(ERR_LIB_X509, 0, X509_R_CRL_ALREADY_DELTA), "crl already delta"}, {ERR_PACK(ERR_LIB_X509, 0, X509_R_CRL_VERIFY_FAILURE), "crl verify failure"}, + {ERR_PACK(ERR_LIB_X509, 0, X509_R_DUPLICATE_ATTRIBUTE), + "duplicate attribute"}, {ERR_PACK(ERR_LIB_X509, 0, X509_R_ERROR_GETTING_MD_BY_NID), "error getting md by nid"}, {ERR_PACK(ERR_LIB_X509, 0, X509_R_ERROR_USING_SIGINF_SET), diff --git a/deps/openssl/openssl/crypto/x509/x509_vpm.c b/deps/openssl/openssl/crypto/x509/x509_vpm.c index b4f4c45998befe..998ce8ac1ba14e 100644 --- a/deps/openssl/openssl/crypto/x509/x509_vpm.c +++ b/deps/openssl/openssl/crypto/x509/x509_vpm.c @@ -1,5 +1,5 @@ /* - * Copyright 2004-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -337,7 +337,10 @@ int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, if (param->policies == NULL) return 0; } - return sk_ASN1_OBJECT_push(param->policies, policy); + + if (sk_ASN1_OBJECT_push(param->policies, policy) <= 0) + return 0; + return 1; } int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, @@ -592,7 +595,10 @@ int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param) X509_VERIFY_PARAM_free(ptmp); } } - return sk_X509_VERIFY_PARAM_push(param_table, param); + + if (sk_X509_VERIFY_PARAM_push(param_table, param) <= 0) + return 0; + return 1; } int X509_VERIFY_PARAM_get_count(void) diff --git a/deps/openssl/openssl/doc/man1/openssl-cmp.pod.in b/deps/openssl/openssl/doc/man1/openssl-cmp.pod.in index 4250deb426fc15..9240916fce40fe 100644 --- a/deps/openssl/openssl/doc/man1/openssl-cmp.pod.in +++ b/deps/openssl/openssl/doc/man1/openssl-cmp.pod.in @@ -659,11 +659,12 @@ is typically used when authenticating with pre-shared key (password-based MAC). =item B<-secret> I -Prefer PBM-based message protection with given source of a secret value. -The secret is used for creating PBM-based protection of outgoing messages -and (as far as needed) for validating PBM-based protection of incoming messages. -PBM stands for Password-Based Message Authentication Code. +Provides the source of a secret value to use with MAC-based message protection. This takes precedence over the B<-cert> and B<-key> options. +The secret is used for creating MAC-based protection of outgoing messages +and for validating incoming messages that have MAC-based protection. +The algorithm used by default is Password-Based Message Authentication Code (PBM) +as defined in RFC 4210 section 5.1.3.1. For more information about the format of I see L. @@ -682,7 +683,8 @@ while the subject of B<-oldcert> or B<-subjectName> may provide fallback values. The issuer of this certificate is used as one of the recipient fallback values and as fallback issuer entry in the certificate template of IR/CR/KUR messages. -When using signature-based message protection, this "protection certificate" +When performing signature-based message protection, +this "protection certificate", also called "signer certificate", will be included first in the extraCerts field of outgoing messages and the signature is done with the corresponding key. In Initialization Request (IR) messages this can be used for authenticating @@ -713,8 +715,8 @@ have no effect on the certificate verification enabled via this option. The corresponding private key file for the client's current certificate given in the B<-cert> option. -This will be used for signature-based message protection unless -the B<-secret> option indicating PBM or B<-unprotected_requests> is given. +This will be used for signature-based message protection unless the B<-secret> +option indicating MAC-based protection or B<-unprotected_requests> is given. It is also used as a fallback for the B<-newkey> option with IR/CR/KUR messages. @@ -730,7 +732,7 @@ L. =item B<-digest> I Specifies name of supported digest to use in RFC 4210's MSG_SIG_ALG -and as the one-way function (OWF) in MSG_MAC_ALG. +and as the one-way function (OWF) in C. If applicable, this is used for message protection and proof-of-possession (POPO) signatures. To see the list of supported digests, use C. @@ -738,7 +740,7 @@ Defaults to C. =item B<-mac> I -Specifies the name of the MAC algorithm in MSG_MAC_ALG. +Specifies the name of the MAC algorithm in C. To get the names of supported MAC algorithms use C and possibly combine such a name with the name of a supported digest algorithm, e.g., hmacWithSHA256. @@ -1097,6 +1099,13 @@ only affect the certificate verification enabled via the B<-out_trusted> option. =head1 NOTES +When a client obtains from a CMP server CA certificates that it is going to +trust, for instance via the C field of a certificate response, +authentication of the CMP server is particularly critical. +So special care must be taken setting up server authentication +using B<-trusted> and related options for certificate-based authentication +or B<-secret> for MAC-based protection. + When setting up CMP configurations and experimenting with enrollment options typically various errors occur until the configuration is correct and complete. When the CMP server reports an error the client will by default @@ -1166,7 +1175,7 @@ In order to update the enrolled certificate one may call openssl cmp -section insta,kur -using with PBM-based protection or +using MAC-based protection with PBM or openssl cmp -section insta,kur,signature @@ -1225,7 +1234,7 @@ Then it can start using the new cert and key. -newkey cl_key_new.pem -certout cl_cert.pem cp cl_key_new.pem cl_key.pem -This command sequence can be repated as often as needed. +This command sequence can be repeated as often as needed. =head2 Requesting information from CMP server diff --git a/deps/openssl/openssl/doc/man1/openssl-cms.pod.in b/deps/openssl/openssl/doc/man1/openssl-cms.pod.in index c63a7f330ba636..65a61ee97f1d6a 100644 --- a/deps/openssl/openssl/doc/man1/openssl-cms.pod.in +++ b/deps/openssl/openssl/doc/man1/openssl-cms.pod.in @@ -391,7 +391,7 @@ option. =item I ... This is an alternative to using the B<-recip> option when encrypting a message. -One or more certificate filennames may be given. +One or more certificate filenames may be given. =item B<-I> @@ -902,7 +902,7 @@ The B<-engine> option was deprecated in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man1/openssl-dhparam.pod.in b/deps/openssl/openssl/doc/man1/openssl-dhparam.pod.in index d358ba95dcf3f3..7865e3b25b9d5b 100644 --- a/deps/openssl/openssl/doc/man1/openssl-dhparam.pod.in +++ b/deps/openssl/openssl/doc/man1/openssl-dhparam.pod.in @@ -88,7 +88,7 @@ I. It must be the last option. If this option is present then the input file is ignored and parameters are generated instead. If this option is not present but a generator (B<-2>, B<-3> or B<-5>) is present, parameters are generated with a default length of 2048 bits. -The minimim length is 512 bits. The maximum length is 10000 bits. +The minimum length is 512 bits. The maximum length is 10000 bits. =item B<-noout> @@ -126,7 +126,7 @@ The B<-C> option was removed in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man1/openssl-genpkey.pod.in b/deps/openssl/openssl/doc/man1/openssl-genpkey.pod.in index 181530670836c3..8f139d147f9273 100644 --- a/deps/openssl/openssl/doc/man1/openssl-genpkey.pod.in +++ b/deps/openssl/openssl/doc/man1/openssl-genpkey.pod.in @@ -278,7 +278,7 @@ RFC5114 names "dh_1024_160", "dh_2048_224", "dh_2048_256". If this option is set, then the appropriate RFC5114 parameters are used instead of generating new parameters. The value I can be one of -1, 2 or 3 that are equivalant to using the option B with one of +1, 2 or 3 that are equivalent to using the option B with one of "dh_1024_160", "dh_2048_224" or "dh_2048_256". All other options will be ignored if this value is set. @@ -333,7 +333,7 @@ The B option must be B<"DH">. =item "default" Selects a default type based on the B. This is used by the -OpenSSL default provider to set the type for backwards compatability. +OpenSSL default provider to set the type for backwards compatibility. If B is B<"DH"> then B<"generator"> is used. If B is B<"DHX"> then B<"fips186_2"> is used. @@ -494,7 +494,7 @@ The B<-engine> option was deprecated in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man1/openssl-genrsa.pod.in b/deps/openssl/openssl/doc/man1/openssl-genrsa.pod.in index 62964096151734..db1cab6e41a308 100644 --- a/deps/openssl/openssl/doc/man1/openssl-genrsa.pod.in +++ b/deps/openssl/openssl/doc/man1/openssl-genrsa.pod.in @@ -35,9 +35,6 @@ B B =head1 DESCRIPTION -This command has been deprecated. -The L command should be used instead. - This command generates an RSA private key. =head1 OPTIONS @@ -118,13 +115,9 @@ L, L, L -=head1 HISTORY - -This command was deprecated in OpenSSL 3.0. - =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man1/openssl-kdf.pod.in b/deps/openssl/openssl/doc/man1/openssl-kdf.pod.in index 23776378a1be30..6eed74d70d4c86 100644 --- a/deps/openssl/openssl/doc/man1/openssl-kdf.pod.in +++ b/deps/openssl/openssl/doc/man1/openssl-kdf.pod.in @@ -66,8 +66,7 @@ cases. =item B<-kdfopt> I:I Passes options to the KDF algorithm. -A comprehensive list of parameters can be found in the EVP_KDF_CTX -implementation documentation. +A comprehensive list of parameters can be found in L. Common parameter names used by EVP_KDF_CTX_set_params() are: =over 4 @@ -81,9 +80,8 @@ A key must be specified for most KDF algorithms. =item BI -Specifies the secret key in hexadecimal form (two hex digits per byte). -The key length must conform to any restrictions of the KDF algorithm. -A key must be specified for most KDF algorithms. +Alternative to the B option where +the secret key is specified in hexadecimal form (two hex digits per byte). =item BI @@ -93,8 +91,35 @@ The password must be specified for PBKDF2 and scrypt. =item BI -Specifies the password in hexadecimal form (two hex digits per byte). -The password must be specified for PBKDF2 and scrypt. +Alternative to the B option where +the password is specified in hexadecimal form (two hex digits per byte). + +=item BI + +Specifies a non-secret unique cryptographic salt as an alphanumeric string +(use if it contains printable characters only). +The length must conform to any restrictions of the KDF algorithm. +A salt parameter is required for several KDF algorithms, +such as L. + +=item BI + +Alternative to the B option where +the salt is specified in hexadecimal form (two hex digits per byte). + +=item BI + +Some KDF implementations, such as L, take an 'info' parameter +for binding the derived key material +to application- and context-specific information. +Specifies the info, fixed info, other info or shared info argument +as an alphanumeric string (use if it contains printable characters only). +The length must conform to any restrictions of the KDF algorithm. + +=item BI + +Alternative to the B option where +the info is specified in hexadecimal form (two hex digits per byte). =item BI @@ -195,7 +220,7 @@ Added in OpenSSL 3.0 =head1 COPYRIGHT -Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man1/openssl-rsautl.pod.in b/deps/openssl/openssl/doc/man1/openssl-rsautl.pod.in index 186e49e5e49b89..0a32fd965bf193 100644 --- a/deps/openssl/openssl/doc/man1/openssl-rsautl.pod.in +++ b/deps/openssl/openssl/doc/man1/openssl-rsautl.pod.in @@ -99,7 +99,7 @@ Encrypt the input data using an RSA public key. Decrypt the input data using an RSA private key. -=item B<-pkcs>, B<-oaep>, B<-x931> B<-raw> +=item B<-pkcs>, B<-oaep>, B<-x931>, B<-raw> The padding to use: PKCS#1 v1.5 (the default), PKCS#1 OAEP, ANSI X9.31, or no padding, respectively. @@ -232,7 +232,7 @@ The B<-engine> option was deprecated in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man1/openssl-s_client.pod.in b/deps/openssl/openssl/doc/man1/openssl-s_client.pod.in index c921e3b4a25f38..4b7b58b72d5537 100644 --- a/deps/openssl/openssl/doc/man1/openssl-s_client.pod.in +++ b/deps/openssl/openssl/doc/man1/openssl-s_client.pod.in @@ -274,7 +274,7 @@ See L for details. =item B<-pass> I -the private key and certifiate file password source. +the private key and certificate file password source. For more information about the format of I see L. @@ -910,7 +910,7 @@ The B<-engine> option was deprecated in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man1/openssl-ts.pod.in b/deps/openssl/openssl/doc/man1/openssl-ts.pod.in index 6f718202024757..3e7f7c4be94b2d 100644 --- a/deps/openssl/openssl/doc/man1/openssl-ts.pod.in +++ b/deps/openssl/openssl/doc/man1/openssl-ts.pod.in @@ -490,7 +490,7 @@ Default is no. (Optional) =item B This option specifies the hash function to be used to calculate the TSA's -public key certificate identifier. Default is sha256. (Optional) +public key certificate identifier. Default is sha1. (Optional) =back @@ -652,7 +652,7 @@ L =head1 COPYRIGHT -Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man1/openssl-verification-options.pod b/deps/openssl/openssl/doc/man1/openssl-verification-options.pod index 5fa3907c2801a8..4998e452b54957 100644 --- a/deps/openssl/openssl/doc/man1/openssl-verification-options.pod +++ b/deps/openssl/openssl/doc/man1/openssl-verification-options.pod @@ -92,7 +92,7 @@ It does not have a negative trust attribute rejecting the given use. =item * It has a positive trust attribute accepting the given use -or (by default) one of the following compatibilty conditions apply: +or (by default) one of the following compatibility conditions apply: It is self-signed or the B<-partial_chain> option is given (which corresponds to the B flag being set). @@ -686,7 +686,7 @@ The checks enabled by B<-x509_strict> have been extended in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man1/openssl-x509.pod.in b/deps/openssl/openssl/doc/man1/openssl-x509.pod.in index dd8f17154af966..5a120287a84534 100644 --- a/deps/openssl/openssl/doc/man1/openssl-x509.pod.in +++ b/deps/openssl/openssl/doc/man1/openssl-x509.pod.in @@ -478,7 +478,7 @@ unless the B<-new> option is given, which generates a certificate from scratch. =item B<-CAform> B|B|B, -The format for the CA certificate; unspecifed by default. +The format for the CA certificate; unspecified by default. See L for details. =item B<-CAkey> I|I @@ -784,7 +784,7 @@ The B<-C> option was removed in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/ASN1_aux_cb.pod b/deps/openssl/openssl/doc/man3/ASN1_aux_cb.pod index 12f7ddf82d6467..f87b51d5efac26 100644 --- a/deps/openssl/openssl/doc/man3/ASN1_aux_cb.pod +++ b/deps/openssl/openssl/doc/man3/ASN1_aux_cb.pod @@ -3,7 +3,7 @@ =head1 NAME ASN1_AUX, ASN1_PRINT_ARG, ASN1_STREAM_ARG, ASN1_aux_cb, ASN1_aux_const_cb -- ASN.1 auxilliary data +- ASN.1 auxiliary data =head1 SYNOPSIS @@ -45,7 +45,7 @@ ASN.1 data structures can be associated with an B object to supply additional information about the ASN.1 structure. An B structure is associated with the structure during the definition of the ASN.1 template. For example an B structure will be associated by using one of the various -ASN.1 template definition macros that supply auxilliary information such as +ASN.1 template definition macros that supply auxiliary information such as ASN1_SEQUENCE_enc(), ASN1_SEQUENCE_ref(), ASN1_SEQUENCE_cb_const_cb(), ASN1_SEQUENCE_const_cb(), ASN1_SEQUENCE_cb() or ASN1_NDEF_SEQUENCE_cb(). @@ -274,7 +274,7 @@ B operation types were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/ASN1_item_sign.pod b/deps/openssl/openssl/doc/man3/ASN1_item_sign.pod index 407268bf1779bc..2716bd30ccd45e 100644 --- a/deps/openssl/openssl/doc/man3/ASN1_item_sign.pod +++ b/deps/openssl/openssl/doc/man3/ASN1_item_sign.pod @@ -62,7 +62,7 @@ I are ignored if they are NULL. ASN1_item_sign() is similar to ASN1_item_sign_ex() but uses default values of NULL for the I, I and I. -ASN1_item_sign_ctx() is similiar to ASN1_item_sign() but uses the parameters +ASN1_item_sign_ctx() is similar to ASN1_item_sign() but uses the parameters contained in digest context I. ASN1_item_verify_ex() is used to verify the signature I of internal @@ -77,7 +77,7 @@ See EVP_PKEY_CTX_set1_id() for further info. ASN1_item_verify() is similar to ASN1_item_verify_ex() but uses default values of NULL for the I, I and I. -ASN1_item_verify_ctx() is similiar to ASN1_item_verify() but uses the parameters +ASN1_item_verify_ctx() is similar to ASN1_item_verify() but uses the parameters contained in digest context I. @@ -216,7 +216,7 @@ ASN1_item_sign_ex() and ASN1_item_verify_ex() were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/ASYNC_WAIT_CTX_new.pod b/deps/openssl/openssl/doc/man3/ASYNC_WAIT_CTX_new.pod index 328af9e53a6419..7621a8b3a166b1 100644 --- a/deps/openssl/openssl/doc/man3/ASYNC_WAIT_CTX_new.pod +++ b/deps/openssl/openssl/doc/man3/ASYNC_WAIT_CTX_new.pod @@ -83,7 +83,7 @@ will be populated with the list of added and deleted fds respectively. Similarly to ASYNC_WAIT_CTX_get_all_fds() either of these can be NULL, but if they are not NULL then the caller is responsible for ensuring sufficient memory is allocated. -Implementors of async aware code (e.g. engines) are encouraged to return a +Implementers of async aware code (e.g. engines) are encouraged to return a stable fd for the lifetime of the B in order to reduce the "churn" of regularly changing fds - although no guarantees of this are provided to applications. @@ -216,7 +216,7 @@ were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/BIO_s_core.pod b/deps/openssl/openssl/doc/man3/BIO_s_core.pod index fbcd0b5c9c07f6..0b9aefe91e540f 100644 --- a/deps/openssl/openssl/doc/man3/BIO_s_core.pod +++ b/deps/openssl/openssl/doc/man3/BIO_s_core.pod @@ -22,7 +22,7 @@ libcrypto into a provider supply an OSSL_CORE_BIO parameter. This represents a BIO within libcrypto, but cannot be used directly by a provider. Instead it should be wrapped using a BIO_s_core(). -Once a BIO is contructed based on BIO_s_core(), the associated OSSL_CORE_BIO +Once a BIO is constructed based on BIO_s_core(), the associated OSSL_CORE_BIO object should be set on it using BIO_set_data(3). Note that the BIO will only operate correctly if it is associated with a library context constructed using OSSL_LIB_CTX_new_from_dispatch(3). To associate the BIO with a library context @@ -62,7 +62,7 @@ Create a core BIO and write some data to it: =head1 COPYRIGHT -Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/BIO_s_mem.pod b/deps/openssl/openssl/doc/man3/BIO_s_mem.pod index 6b3cc6a2dae943..3bbc3e7fcf02c9 100644 --- a/deps/openssl/openssl/doc/man3/BIO_s_mem.pod +++ b/deps/openssl/openssl/doc/man3/BIO_s_mem.pod @@ -59,6 +59,8 @@ positive return value B should be set to a negative value, typically -1. BIO_get_mem_data() sets *B to a pointer to the start of the memory BIOs data and returns the total amount of data available. It is implemented as a macro. +Note the pointer returned by this call is informative, no transfer of ownership +of this memory is implied. See notes on BIO_set_close(). BIO_set_mem_buf() sets the internal BUF_MEM structure to B and sets the close flag to B, that is B should be either BIO_CLOSE or BIO_NOCLOSE. @@ -114,6 +116,10 @@ preceding that write operation cannot be undone. Calling BIO_get_mem_ptr() prior to a BIO_reset() call with BIO_FLAGS_NONCLEAR_RST set has the same effect as a write operation. +Calling BIO_set_close() with BIO_NOCLOSE orphans the BUF_MEM internal to the +BIO, _not_ its actual data buffer. See the examples section for the proper +method for claiming ownership of the data pointer for a deferred free operation. + =head1 BUGS There should be an option to set the maximum size of a memory BIO. @@ -151,10 +157,24 @@ Extract the BUF_MEM structure from a memory BIO and then free up the BIO: BIO_set_close(mem, BIO_NOCLOSE); /* So BIO_free() leaves BUF_MEM alone */ BIO_free(mem); +Extract the BUF_MEM ptr, claim ownership of the internal data and free the BIO +and BUF_MEM structure: + + BUF_MEM *bptr; + char *data; + + BIO_get_mem_data(bio, &data); + BIO_get_mem_ptr(bio, &bptr); + BIO_set_close(mem, BIO_NOCLOSE); /* So BIO_free orphans BUF_MEM */ + BIO_free(bio); + bptr->data = NULL; /* Tell BUF_MEM to orphan data */ + BUF_MEM_free(bptr); + ... + free(data); =head1 COPYRIGHT -Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/BN_rand.pod b/deps/openssl/openssl/doc/man3/BN_rand.pod index aebad1e72eb2c2..0ad76d6af7e753 100644 --- a/deps/openssl/openssl/doc/man3/BN_rand.pod +++ b/deps/openssl/openssl/doc/man3/BN_rand.pod @@ -59,7 +59,7 @@ BN_rand() is the same as BN_rand_ex() except that the default library context is always used. BN_rand_range_ex() generates a cryptographically strong pseudo-random -number I, of security stength at least I bits, +number I, of security strength at least I bits, in the range 0 E= I E I using the random number generator for the library context associated with I. The parameter I may be NULL in which case the default library context is used. @@ -119,7 +119,7 @@ BN_priv_rand_range_ex() functions were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/CMS_add1_signer.pod b/deps/openssl/openssl/doc/man3/CMS_add1_signer.pod index 800085b7b86a9b..d606a02cc1fd81 100644 --- a/deps/openssl/openssl/doc/man3/CMS_add1_signer.pod +++ b/deps/openssl/openssl/doc/man3/CMS_add1_signer.pod @@ -31,8 +31,8 @@ Unless the B flag is set the returned CMS_ContentInfo structure is not complete and must be finalized either by streaming (if applicable) or a call to CMS_final(). -The CMS_SignerInfo_sign() function will explicitly sign a CMS_SignerInfo -structure, its main use is when B and B flags +The CMS_SignerInfo_sign() function explicitly signs a CMS_SignerInfo +structure, its main use is when the B and B flags are both set. =head1 NOTES @@ -90,6 +90,8 @@ before it is finalized. CMS_add1_signer() returns an internal pointer to the CMS_SignerInfo structure just added or NULL if an error occurs. +CMS_SignerInfo_sign() returns 1 on success, 0 on failure. + =head1 SEE ALSO L, L, @@ -97,7 +99,7 @@ L, =head1 COPYRIGHT -Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2014-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/CMS_sign.pod b/deps/openssl/openssl/doc/man3/CMS_sign.pod index 0d812756aef551..03bfc6fce16a74 100644 --- a/deps/openssl/openssl/doc/man3/CMS_sign.pod +++ b/deps/openssl/openssl/doc/man3/CMS_sign.pod @@ -105,7 +105,7 @@ The function CMS_sign() is a basic CMS signing function whose output will be suitable for many purposes. For finer control of the output format the B, B and B parameters can all be B and the B flag set. Then one or more signers can be added using the -function CMS_sign_add1_signer(), non default digests can be used and custom +function CMS_add1_signer(), non default digests can be used and custom attributes added. CMS_final() must then be called to finalize the structure if streaming is not enabled. @@ -132,7 +132,7 @@ The CMS_sign_ex() method was added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/CONF_modules_load_file.pod b/deps/openssl/openssl/doc/man3/CONF_modules_load_file.pod index f96d9a12938a68..620bbfd8986194 100644 --- a/deps/openssl/openssl/doc/man3/CONF_modules_load_file.pod +++ b/deps/openssl/openssl/doc/man3/CONF_modules_load_file.pod @@ -34,7 +34,7 @@ as determined by calling CONF_get1_default_config_file(). If B is NULL the standard OpenSSL application name B is used. The behaviour can be customized using B. Note that, the error suppressing -can be overriden by B as described in L. +can be overridden by B as described in L. CONF_modules_load_file() is the same as CONF_modules_load_file_ex() but has a NULL library context. @@ -154,7 +154,7 @@ L =head1 COPYRIGHT -Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2004-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/DH_generate_parameters.pod b/deps/openssl/openssl/doc/man3/DH_generate_parameters.pod index 1098a161ea63f2..9c1dff7aedd9ab 100644 --- a/deps/openssl/openssl/doc/man3/DH_generate_parameters.pod +++ b/deps/openssl/openssl/doc/man3/DH_generate_parameters.pod @@ -128,6 +128,10 @@ The parameter B is invalid. =back +If 0 is returned or B<*codes> is set to a nonzero value the supplied +parameters should not be used for Diffie-Hellman operations otherwise +the security properties of the key exchange are not guaranteed. + DH_check_ex(), DH_check_params() and DH_check_pub_key_ex() are similar to DH_check() and DH_check_params() respectively, but the error reasons are added to the thread's error queue instead of provided as return values from the @@ -160,7 +164,7 @@ DH_generate_parameters_ex() instead. =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/DH_get0_pqg.pod b/deps/openssl/openssl/doc/man3/DH_get0_pqg.pod index 2afc35c77f865d..6e5b301f6c6ea6 100644 --- a/deps/openssl/openssl/doc/man3/DH_get0_pqg.pod +++ b/deps/openssl/openssl/doc/man3/DH_get0_pqg.pod @@ -40,7 +40,7 @@ see L: All of the functions described on this page are deprecated. Applications should instead use L for any methods that -return a B. Refer to L for more infomation. +return a B. Refer to L for more information. A DH object contains the parameters I

, I and I. Note that the I parameter is optional. It also contains a public key (I) and @@ -141,7 +141,7 @@ All of these functions were deprecated in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/DSA_generate_parameters.pod b/deps/openssl/openssl/doc/man3/DSA_generate_parameters.pod index 415c4c8b82ce74..a10dc9ba275940 100644 --- a/deps/openssl/openssl/doc/man3/DSA_generate_parameters.pod +++ b/deps/openssl/openssl/doc/man3/DSA_generate_parameters.pod @@ -51,7 +51,7 @@ called as shown below. For information on the BN_GENCB structure and the BN_GENCB_call function discussed below, refer to L. -DSA_generate_prime() is similar to DSA_generate_prime_ex() but +DSA_generate_parameters() is similar to DSA_generate_parameters_ex() but expects an old-style callback function; see L for information on the old-style callback. @@ -126,7 +126,7 @@ DSA_generate_parameters_ex() instead. =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/EVP_EncryptInit.pod b/deps/openssl/openssl/doc/man3/EVP_EncryptInit.pod index e469f28a7b5423..886cbdfbd3f5f9 100644 --- a/deps/openssl/openssl/doc/man3/EVP_EncryptInit.pod +++ b/deps/openssl/openssl/doc/man3/EVP_EncryptInit.pod @@ -665,7 +665,7 @@ Note that the block size for a cipher may be different to the block size for the underlying encryption/decryption primitive. For example AES in CTR mode has a block size of 1 (because it operates like a stream cipher), even though AES has a block size of 16. -Use EVP_CIPHER_get_block_size() to retreive the cached value. +Use EVP_CIPHER_get_block_size() to retrieve the cached value. =item "aead" (B) @@ -1192,10 +1192,11 @@ EVP_DecryptFinal_ex() returns 0 if the decrypt failed or 1 for success. EVP_CipherInit_ex2() and EVP_CipherUpdate() return 1 for success and 0 for failure. EVP_CipherFinal_ex() returns 0 for a decryption failure or 1 for success. -EVP_Cipher() returns the amount of encrypted / decrypted bytes, or -1 -on failure if the flag B is set for the -cipher. EVP_Cipher() returns 1 on success or 0 on failure, if the flag +EVP_Cipher() returns 1 on success or 0 on failure, if the flag B is not set for the cipher. +EVP_Cipher() returns the number of bytes written to I for encryption / decryption, or +the number of bytes authenticated in a call specifying AAD for an AEAD cipher, if the flag +B is set for the cipher. EVP_CIPHER_CTX_reset() returns 1 for success and 0 for failure. @@ -1266,7 +1267,8 @@ depending on the mode specified. To specify additional authenticated data (AAD), a call to EVP_CipherUpdate(), EVP_EncryptUpdate() or EVP_DecryptUpdate() should be made with the output -parameter I set to B. +parameter I set to B. In this case, on success, the parameter +I is set to the number of bytes authenticated. When decrypting, the return value of EVP_DecryptFinal() or EVP_CipherFinal() indicates whether the operation was successful. If it does not indicate success, diff --git a/deps/openssl/openssl/doc/man3/EVP_KDF.pod b/deps/openssl/openssl/doc/man3/EVP_KDF.pod index 3b4e2b79aa1458..31d61b2a3df0a7 100644 --- a/deps/openssl/openssl/doc/man3/EVP_KDF.pod +++ b/deps/openssl/openssl/doc/man3/EVP_KDF.pod @@ -191,7 +191,7 @@ For those KDF implementations that support it, this parameter sets the password. =item "salt" (B) -Some KDF implementations can take a salt. +Some KDF implementations can take a non-secret unique cryptographic salt. For those KDF implementations that support it, this parameter sets the salt. The default value, if any, is implementation dependent. @@ -227,6 +227,15 @@ Some KDF implementations require a key. For those KDF implementations that support it, this octet string parameter sets the key. +=item "info" (B) + +Some KDF implementations, such as L, take an 'info' parameter +for binding the derived key material +to application- and context-specific information. +This parameter sets the info, fixed info, other info or shared info argument. +You can specify this parameter multiple times, and each instance will +be concatenated to form the final value. + =item "maclen" (B) Used by implementations that use a MAC with a variable output size (KMAC). @@ -295,7 +304,7 @@ This functionality was added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/EVP_KEYMGMT.pod b/deps/openssl/openssl/doc/man3/EVP_KEYMGMT.pod index f81fc9efb00b93..455ffadce5ec64 100644 --- a/deps/openssl/openssl/doc/man3/EVP_KEYMGMT.pod +++ b/deps/openssl/openssl/doc/man3/EVP_KEYMGMT.pod @@ -123,7 +123,7 @@ otherwise 0. EVP_KEYMGMT_get0_name() returns the algorithm name, or NULL on error. -EVP_KEYMGMT_get0_description() returns a pointer to a decription, or NULL if +EVP_KEYMGMT_get0_description() returns a pointer to a description, or NULL if there isn't one. EVP_KEYMGMT_gettable_params(), EVP_KEYMGMT_settable_params() and @@ -140,7 +140,7 @@ The functions described here were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/EVP_MAC.pod b/deps/openssl/openssl/doc/man3/EVP_MAC.pod index 13482ac5e188e7..56ac92a486728e 100644 --- a/deps/openssl/openssl/doc/man3/EVP_MAC.pod +++ b/deps/openssl/openssl/doc/man3/EVP_MAC.pod @@ -181,7 +181,7 @@ EVP_MAC_CTX_set_params() passes chosen parameters to the underlying context, given a context I. The set of parameters given with I determine exactly what parameters are passed down. -If I are NULL, the unterlying context should do nothing and return 1. +If I are NULL, the underlying context should do nothing and return 1. Note that a parameter that is unknown in the underlying context is simply ignored. Also, what happens when a needed parameter isn't passed down is @@ -481,7 +481,7 @@ These functions were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/EVP_PKEY2PKCS8.pod b/deps/openssl/openssl/doc/man3/EVP_PKEY2PKCS8.pod index 290a3ba3593e61..1129a5c75c4bea 100644 --- a/deps/openssl/openssl/doc/man3/EVP_PKEY2PKCS8.pod +++ b/deps/openssl/openssl/doc/man3/EVP_PKEY2PKCS8.pod @@ -21,7 +21,7 @@ EVP_PKEY2PKCS8() converts a private key I into a returned PKCS8 object. EVP_PKCS82PKEY_ex() converts a PKCS8 object I into a returned private key. It uses I and I when fetching algorithms. -EVP_PKCS82PKEY() is similiar to EVP_PKCS82PKEY_ex() but uses default values of +EVP_PKCS82PKEY() is similar to EVP_PKCS82PKEY_ex() but uses default values of NULL for the I and I. =head1 RETURN VALUES @@ -37,7 +37,7 @@ L, =head1 COPYRIGHT -Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/EVP_PKEY_decapsulate.pod b/deps/openssl/openssl/doc/man3/EVP_PKEY_decapsulate.pod index 529e318f9eba01..819291627bb8b8 100644 --- a/deps/openssl/openssl/doc/man3/EVP_PKEY_decapsulate.pod +++ b/deps/openssl/openssl/doc/man3/EVP_PKEY_decapsulate.pod @@ -3,7 +3,7 @@ =head1 NAME EVP_PKEY_decapsulate_init, EVP_PKEY_decapsulate -- Key decapsulation using a private key algorithm +- Key decapsulation using a KEM algorithm with a private key =head1 SYNOPSIS @@ -11,7 +11,7 @@ EVP_PKEY_decapsulate_init, EVP_PKEY_decapsulate int EVP_PKEY_decapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]); int EVP_PKEY_decapsulate(EVP_PKEY_CTX *ctx, - unsigned char *secret, size_t *secretlen, + unsigned char *unwrapped, size_t *unwrappedlen, const unsigned char *wrapped, size_t wrappedlen); =head1 DESCRIPTION @@ -19,18 +19,20 @@ EVP_PKEY_decapsulate_init, EVP_PKEY_decapsulate The EVP_PKEY_decapsulate_init() function initializes a private key algorithm context I for a decapsulation operation and then sets the I on the context in the same way as calling L. +Note that I usually is produced using L, +specifying the private key to use. The EVP_PKEY_decapsulate() function performs a private key decapsulation operation using I. The data to be decapsulated is specified using the I and I parameters. -If I is I then the maximum size of the output secret buffer -is written to the I<*secretlen> parameter. If I is not B and the -call is successful then the decapsulated secret data is written to I and -the amount of data written to I. +If I is NULL then the maximum size of the output secret buffer +is written to I<*unwrappedlen>. If I is not NULL and the +call is successful then the decapsulated secret data is written to I +and the amount of data written to I<*unwrappedlen>. =head1 NOTES -After the call to EVP_PKEY_decapsulate_init() algorithm specific parameters +After the call to EVP_PKEY_decapsulate_init() algorithm-specific parameters for the operation may be set or modified using L. =head1 RETURN VALUES @@ -79,7 +81,7 @@ Decapsulate data using RSA: =head1 SEE ALSO -L, +L, L, L, @@ -89,7 +91,7 @@ These functions were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/EVP_PKEY_derive.pod b/deps/openssl/openssl/doc/man3/EVP_PKEY_derive.pod index d61bb5512f62ed..bfbe14b1ffff44 100644 --- a/deps/openssl/openssl/doc/man3/EVP_PKEY_derive.pod +++ b/deps/openssl/openssl/doc/man3/EVP_PKEY_derive.pod @@ -32,7 +32,7 @@ EVP_PKEY_derive_set_peer_ex() sets the peer key: this will normally be a public key. The I will validate the public key if this value is non zero. -EVP_PKEY_derive_set_peer() is similiar to EVP_PKEY_derive_set_peer_ex() with +EVP_PKEY_derive_set_peer() is similar to EVP_PKEY_derive_set_peer_ex() with I set to 1. EVP_PKEY_derive() derives a shared secret using I. @@ -114,7 +114,7 @@ added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/EVP_PKEY_encapsulate.pod b/deps/openssl/openssl/doc/man3/EVP_PKEY_encapsulate.pod index 9baf88d07beffc..0ee7d627904d13 100644 --- a/deps/openssl/openssl/doc/man3/EVP_PKEY_encapsulate.pod +++ b/deps/openssl/openssl/doc/man3/EVP_PKEY_encapsulate.pod @@ -3,7 +3,7 @@ =head1 NAME EVP_PKEY_encapsulate_init, EVP_PKEY_encapsulate -- Key encapsulation using a public key algorithm +- Key encapsulation using a KEM algorithm with a public key =head1 SYNOPSIS @@ -11,7 +11,7 @@ EVP_PKEY_encapsulate_init, EVP_PKEY_encapsulate int EVP_PKEY_encapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]); int EVP_PKEY_encapsulate(EVP_PKEY_CTX *ctx, - unsigned char *out, size_t *outlen, + unsigned char *wrappedkey, size_t *wrappedkeylen, unsigned char *genkey, size_t *genkeylen); =head1 DESCRIPTION @@ -19,19 +19,27 @@ EVP_PKEY_encapsulate_init, EVP_PKEY_encapsulate The EVP_PKEY_encapsulate_init() function initializes a public key algorithm context I for an encapsulation operation and then sets the I on the context in the same way as calling L. +Note that I is usually is produced using L, +specifying the public key to use. The EVP_PKEY_encapsulate() function performs a public key encapsulation -operation using I with the name I. -If I is B then the maximum size of the output buffer is written to the -I<*outlen> parameter and the maximum size of the generated key buffer is written -to I<*genkeylen>. If I is not B and the call is successful then the +operation using I. +The symmetric secret generated in I can be used as key material. +The ciphertext in I is its encapsulated form, which can be sent +to another party, who can use L to retrieve it +using their private key. +If I is NULL then the maximum size of the output buffer +is written to the I<*wrappedkeylen> parameter unless I is NULL +and the maximum size of the generated key buffer is written to I<*genkeylen> +unless I is NULL. +If I is not NULL and the call is successful then the internally generated key is written to I and its size is written to I<*genkeylen>. The encapsulated version of the generated key is written to -I and its size is written to I<*outlen>. +I and its size is written to I<*wrappedkeylen>. =head1 NOTES -After the call to EVP_PKEY_encapsulate_init() algorithm specific parameters +After the call to EVP_PKEY_encapsulate_init() algorithm-specific parameters for the operation may be set or modified using L. =head1 RETURN VALUES @@ -82,7 +90,7 @@ Encapsulate an RSASVE key (for RSA keys). =head1 SEE ALSO -L, +L, L, L, @@ -92,7 +100,7 @@ These functions were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/EVP_PKEY_get_default_digest_nid.pod b/deps/openssl/openssl/doc/man3/EVP_PKEY_get_default_digest_nid.pod index ddabac8ff8e413..e22a3e7b4717c1 100644 --- a/deps/openssl/openssl/doc/man3/EVP_PKEY_get_default_digest_nid.pod +++ b/deps/openssl/openssl/doc/man3/EVP_PKEY_get_default_digest_nid.pod @@ -18,8 +18,8 @@ EVP_PKEY_get_default_digest_nid, EVP_PKEY_get_default_digest_name EVP_PKEY_get_default_digest_name() fills in the default message digest name for the public key signature operations associated with key I into I, up to at most I bytes including the -ending NUL byte. The name could be C<"UNDEF">, signifying that no digest -should be used. +ending NUL byte. The name could be C<"UNDEF">, signifying that a digest +must (for return value 2) or may (for return value 1) be left unspecified. EVP_PKEY_get_default_digest_nid() sets I to the default message digest NID for the public key signature operations associated with key @@ -57,7 +57,7 @@ This function was added in OpenSSL 1.0.0. =head1 COPYRIGHT -Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/EVP_PKEY_gettable_params.pod b/deps/openssl/openssl/doc/man3/EVP_PKEY_gettable_params.pod index b51e4c4de1859d..acf20b54e554aa 100644 --- a/deps/openssl/openssl/doc/man3/EVP_PKEY_gettable_params.pod +++ b/deps/openssl/openssl/doc/man3/EVP_PKEY_gettable_params.pod @@ -60,7 +60,7 @@ is allocated by the method. EVP_PKEY_get_utf8_string_param() get a key I UTF8 string value into a buffer I of maximum size I associated with a name of -I. The maximum size must be large enough to accomodate the string +I. The maximum size must be large enough to accommodate the string value including a terminating NUL byte, or this function will fail. If I is not NULL, I<*out_len> is set to the length of the string not including the terminating NUL byte. The required buffer size not including @@ -125,7 +125,7 @@ These functions were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/EVP_PKEY_new.pod b/deps/openssl/openssl/doc/man3/EVP_PKEY_new.pod index 0ea7062f0182aa..1c75c7571994b3 100644 --- a/deps/openssl/openssl/doc/man3/EVP_PKEY_new.pod +++ b/deps/openssl/openssl/doc/man3/EVP_PKEY_new.pod @@ -62,7 +62,7 @@ see L: B is a generic structure to hold diverse types of asymmetric keys (also known as "key pairs"), and can be used for diverse operations, like signing, verifying signatures, key derivation, etc. The asymmetric keys -themselves are often refered to as the "internal key", and are handled by +themselves are often referred to as the "internal key", and are handled by backends, such as providers (through L) or Bs. Conceptually, an B internal key may hold a private key, a public @@ -210,7 +210,7 @@ previously implied to be disallowed. =head1 COPYRIGHT -Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/EVP_PKEY_todata.pod b/deps/openssl/openssl/doc/man3/EVP_PKEY_todata.pod index dedfb1b0cf8ae8..71867236f98706 100644 --- a/deps/openssl/openssl/doc/man3/EVP_PKEY_todata.pod +++ b/deps/openssl/openssl/doc/man3/EVP_PKEY_todata.pod @@ -23,7 +23,7 @@ I is described in L. L should be used to free the returned parameters in I<*params>. -EVP_PKEY_export() is similiar to EVP_PKEY_todata() but uses a callback +EVP_PKEY_export() is similar to EVP_PKEY_todata() but uses a callback I that gets passed the value of I. See L for more information about the callback. Note that the L array that is passed to the callback is not persistent after the @@ -53,7 +53,7 @@ These functions were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/EVP_SIGNATURE.pod b/deps/openssl/openssl/doc/man3/EVP_SIGNATURE.pod index 600522085398c2..1f534ef33810eb 100644 --- a/deps/openssl/openssl/doc/man3/EVP_SIGNATURE.pod +++ b/deps/openssl/openssl/doc/man3/EVP_SIGNATURE.pod @@ -61,7 +61,7 @@ EVP_SIGNATURE_get0_provider() returns the provider that I was fetched from. EVP_SIGNATURE_do_all_provided() traverses all SIGNATURE implemented by all -activated roviders in the given library context I, and for each of the +activated providers in the given library context I, and for each of the implementations, calls the given function I with the implementation method and the given I as argument. @@ -106,7 +106,7 @@ The functions described here were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/EVP_aes_128_gcm.pod b/deps/openssl/openssl/doc/man3/EVP_aes_128_gcm.pod index 09cae991295049..485705ea788907 100644 --- a/deps/openssl/openssl/doc/man3/EVP_aes_128_gcm.pod +++ b/deps/openssl/openssl/doc/man3/EVP_aes_128_gcm.pod @@ -134,13 +134,7 @@ section for details. EVP_aes_192_wrap(), EVP_aes_256_wrap(), EVP_aes_128_wrap_pad(), -EVP_aes_128_wrap(), -EVP_aes_192_wrap(), -EVP_aes_256_wrap(), EVP_aes_192_wrap_pad(), -EVP_aes_128_wrap(), -EVP_aes_192_wrap(), -EVP_aes_256_wrap(), EVP_aes_256_wrap_pad() AES key wrap with 128, 192 and 256 bit keys, as according to RFC 3394 section @@ -173,7 +167,7 @@ the XTS "tweak" value. Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -L instead. +L with L instead. See L for further information. =head1 RETURN VALUES diff --git a/deps/openssl/openssl/doc/man3/EVP_aria_128_gcm.pod b/deps/openssl/openssl/doc/man3/EVP_aria_128_gcm.pod index 92913652630d52..91aa75ec387172 100644 --- a/deps/openssl/openssl/doc/man3/EVP_aria_128_gcm.pod +++ b/deps/openssl/openssl/doc/man3/EVP_aria_128_gcm.pod @@ -96,7 +96,7 @@ correctly, see the L section for details. Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -L instead. +L with L instead. See L for further information. =head1 RETURN VALUES diff --git a/deps/openssl/openssl/doc/man3/EVP_bf_cbc.pod b/deps/openssl/openssl/doc/man3/EVP_bf_cbc.pod index 4df98f4bdf47ec..11a909207ac954 100644 --- a/deps/openssl/openssl/doc/man3/EVP_bf_cbc.pod +++ b/deps/openssl/openssl/doc/man3/EVP_bf_cbc.pod @@ -41,7 +41,7 @@ Blowfish encryption algorithm in CBC, CFB, ECB and OFB modes respectively. Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -L instead. +L with L instead. See L for further information. =head1 RETURN VALUES diff --git a/deps/openssl/openssl/doc/man3/EVP_blake2b512.pod b/deps/openssl/openssl/doc/man3/EVP_blake2b512.pod index 98e1899f6a935d..55bd9f3bce77db 100644 --- a/deps/openssl/openssl/doc/man3/EVP_blake2b512.pod +++ b/deps/openssl/openssl/doc/man3/EVP_blake2b512.pod @@ -35,7 +35,7 @@ The BLAKE2b algorithm that produces a 512-bit output from a given input. Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -L instead. +L with L instead. See L for further information. While the BLAKE2b and BLAKE2s algorithms supports a variable length digest, diff --git a/deps/openssl/openssl/doc/man3/EVP_camellia_128_ecb.pod b/deps/openssl/openssl/doc/man3/EVP_camellia_128_ecb.pod index a6b597156a77a9..cb6e12e2122b76 100644 --- a/deps/openssl/openssl/doc/man3/EVP_camellia_128_ecb.pod +++ b/deps/openssl/openssl/doc/man3/EVP_camellia_128_ecb.pod @@ -79,7 +79,7 @@ Camellia for 128, 192 and 256 bit keys in the following modes: CBC, CFB with Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -L instead. +L with L instead. See L for further information. =head1 RETURN VALUES diff --git a/deps/openssl/openssl/doc/man3/EVP_cast5_cbc.pod b/deps/openssl/openssl/doc/man3/EVP_cast5_cbc.pod index 85ff2ad014888f..7fef0598151d85 100644 --- a/deps/openssl/openssl/doc/man3/EVP_cast5_cbc.pod +++ b/deps/openssl/openssl/doc/man3/EVP_cast5_cbc.pod @@ -41,7 +41,7 @@ CAST encryption algorithm in CBC, ECB, CFB and OFB modes respectively. Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -L instead. +L with L instead. See L for further information. =head1 RETURN VALUES diff --git a/deps/openssl/openssl/doc/man3/EVP_chacha20.pod b/deps/openssl/openssl/doc/man3/EVP_chacha20.pod index 28ab25bf718891..7e80c8de40c9ec 100644 --- a/deps/openssl/openssl/doc/man3/EVP_chacha20.pod +++ b/deps/openssl/openssl/doc/man3/EVP_chacha20.pod @@ -22,10 +22,10 @@ The ChaCha20 stream cipher for EVP. =item EVP_chacha20() The ChaCha20 stream cipher. The key length is 256 bits, the IV is 128 bits long. -The first 32 bits consists of a counter in little-endian order followed by a 96 +The first 64 bits consists of a counter in little-endian order followed by a 64 bit nonce. For example a nonce of: -000000000000000000000002 +0000000000000002 With an initial counter of 42 (2a in hex) would be expressed as: @@ -44,9 +44,12 @@ L section for more information. Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -L instead. +L with L instead. See L for further information. +L +uses a 32 bit counter and a 96 bit nonce for the IV. + =head1 RETURN VALUES These functions return an B structure that contains the diff --git a/deps/openssl/openssl/doc/man3/EVP_des_cbc.pod b/deps/openssl/openssl/doc/man3/EVP_des_cbc.pod index 501216cd6d77b3..442be8993a29f7 100644 --- a/deps/openssl/openssl/doc/man3/EVP_des_cbc.pod +++ b/deps/openssl/openssl/doc/man3/EVP_des_cbc.pod @@ -89,7 +89,7 @@ Triple-DES key wrap according to RFC 3217 Section 3. Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -L instead. +L with L instead. See L for further information. =head1 RETURN VALUES diff --git a/deps/openssl/openssl/doc/man3/EVP_desx_cbc.pod b/deps/openssl/openssl/doc/man3/EVP_desx_cbc.pod index fae827192ee995..c22c0de47900c8 100644 --- a/deps/openssl/openssl/doc/man3/EVP_desx_cbc.pod +++ b/deps/openssl/openssl/doc/man3/EVP_desx_cbc.pod @@ -31,7 +31,7 @@ implementation. Developers should be aware of the negative performance implications of calling this function multiple times and should consider using -L instead. +L with L instead. See L for further information. =head1 RETURN VALUES diff --git a/deps/openssl/openssl/doc/man3/EVP_idea_cbc.pod b/deps/openssl/openssl/doc/man3/EVP_idea_cbc.pod index 5a9adaedc4462c..a36aae0bc999e3 100644 --- a/deps/openssl/openssl/doc/man3/EVP_idea_cbc.pod +++ b/deps/openssl/openssl/doc/man3/EVP_idea_cbc.pod @@ -39,7 +39,7 @@ The IDEA encryption algorithm in CBC, CFB, ECB and OFB modes respectively. Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -L instead. +L with L instead. See L for further information. =head1 RETURN VALUES diff --git a/deps/openssl/openssl/doc/man3/EVP_md2.pod b/deps/openssl/openssl/doc/man3/EVP_md2.pod index 0b473887e01b97..a6f3a010deb5aa 100644 --- a/deps/openssl/openssl/doc/man3/EVP_md2.pod +++ b/deps/openssl/openssl/doc/man3/EVP_md2.pod @@ -28,7 +28,7 @@ The MD2 algorithm which produces a 128-bit output from a given input. Developers should be aware of the negative performance implications of calling this function multiple times and should consider using -L instead. +L with L instead. See L for further information. =head1 RETURN VALUES diff --git a/deps/openssl/openssl/doc/man3/EVP_md4.pod b/deps/openssl/openssl/doc/man3/EVP_md4.pod index baaff9e4eaa2ac..a4e1a7d0a6e910 100644 --- a/deps/openssl/openssl/doc/man3/EVP_md4.pod +++ b/deps/openssl/openssl/doc/man3/EVP_md4.pod @@ -29,7 +29,7 @@ The MD4 algorithm which produces a 128-bit output from a given input. Developers should be aware of the negative performance implications of calling this function multiple times and should consider using -L instead. +L with L instead. See L for further information. =head1 RETURN VALUES diff --git a/deps/openssl/openssl/doc/man3/EVP_md5.pod b/deps/openssl/openssl/doc/man3/EVP_md5.pod index 752fdd1f6c37b3..42370fb3d0a329 100644 --- a/deps/openssl/openssl/doc/man3/EVP_md5.pod +++ b/deps/openssl/openssl/doc/man3/EVP_md5.pod @@ -40,7 +40,7 @@ WARNING: this algorithm is not intended for non-SSL usage. Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -L instead. +L with L or L instead. See L for further information. =head1 RETURN VALUES diff --git a/deps/openssl/openssl/doc/man3/EVP_mdc2.pod b/deps/openssl/openssl/doc/man3/EVP_mdc2.pod index e9de6f3c560a61..3681bd06a63cd9 100644 --- a/deps/openssl/openssl/doc/man3/EVP_mdc2.pod +++ b/deps/openssl/openssl/doc/man3/EVP_mdc2.pod @@ -30,7 +30,7 @@ The MDC-2DES algorithm of using MDC-2 with the DES block cipher. It produces a Developers should be aware of the negative performance implications of calling this function multiple times and should consider using -L instead. +L with L instead. See L for further information. =head1 RETURN VALUES diff --git a/deps/openssl/openssl/doc/man3/EVP_rc2_cbc.pod b/deps/openssl/openssl/doc/man3/EVP_rc2_cbc.pod index bf4a13ba45c19c..17f6f4b3e254da 100644 --- a/deps/openssl/openssl/doc/man3/EVP_rc2_cbc.pod +++ b/deps/openssl/openssl/doc/man3/EVP_rc2_cbc.pod @@ -55,7 +55,7 @@ functions to set the key length and effective key length. Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -L instead. +L with L instead. See L for further information. =head1 RETURN VALUES diff --git a/deps/openssl/openssl/doc/man3/EVP_rc4.pod b/deps/openssl/openssl/doc/man3/EVP_rc4.pod index f22e88a6521477..0311ef278ca12d 100644 --- a/deps/openssl/openssl/doc/man3/EVP_rc4.pod +++ b/deps/openssl/openssl/doc/man3/EVP_rc4.pod @@ -47,7 +47,7 @@ interface. Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -L instead. +L with L instead. See L for further information. =head1 RETURN VALUES diff --git a/deps/openssl/openssl/doc/man3/EVP_rc5_32_12_16_cbc.pod b/deps/openssl/openssl/doc/man3/EVP_rc5_32_12_16_cbc.pod index c177b1845196f2..69fc2f2cc656b9 100644 --- a/deps/openssl/openssl/doc/man3/EVP_rc5_32_12_16_cbc.pod +++ b/deps/openssl/openssl/doc/man3/EVP_rc5_32_12_16_cbc.pod @@ -60,7 +60,7 @@ is an int. Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -L instead. +L with L instead. See L for further information. =head1 RETURN VALUES diff --git a/deps/openssl/openssl/doc/man3/EVP_ripemd160.pod b/deps/openssl/openssl/doc/man3/EVP_ripemd160.pod index 6ad2d3e0186968..5b96fd09f85037 100644 --- a/deps/openssl/openssl/doc/man3/EVP_ripemd160.pod +++ b/deps/openssl/openssl/doc/man3/EVP_ripemd160.pod @@ -29,7 +29,7 @@ The RIPEMD-160 algorithm which produces a 160-bit output from a given input. Developers should be aware of the negative performance implications of calling this function multiple times and should consider using -L instead. +L with L instead. See L for further information. =head1 RETURN VALUES diff --git a/deps/openssl/openssl/doc/man3/EVP_seed_cbc.pod b/deps/openssl/openssl/doc/man3/EVP_seed_cbc.pod index 010607e5740590..2c821d07c3993a 100644 --- a/deps/openssl/openssl/doc/man3/EVP_seed_cbc.pod +++ b/deps/openssl/openssl/doc/man3/EVP_seed_cbc.pod @@ -41,7 +41,7 @@ The SEED encryption algorithm in CBC, CFB, ECB and OFB modes respectively. Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -L instead. +L with L instead. See L for further information. =head1 RETURN VALUES diff --git a/deps/openssl/openssl/doc/man3/EVP_sha1.pod b/deps/openssl/openssl/doc/man3/EVP_sha1.pod index 264ddd1addb717..6fc8f07b066a6f 100644 --- a/deps/openssl/openssl/doc/man3/EVP_sha1.pod +++ b/deps/openssl/openssl/doc/man3/EVP_sha1.pod @@ -29,7 +29,7 @@ The SHA-1 algorithm which produces a 160-bit output from a given input. Developers should be aware of the negative performance implications of calling this function multiple times and should consider using -L instead. +L with L instead. See L for further information. =head1 RETURN VALUES diff --git a/deps/openssl/openssl/doc/man3/EVP_sha224.pod b/deps/openssl/openssl/doc/man3/EVP_sha224.pod index 7a50cf9b6c3f15..be09e49ee39325 100644 --- a/deps/openssl/openssl/doc/man3/EVP_sha224.pod +++ b/deps/openssl/openssl/doc/man3/EVP_sha224.pod @@ -49,7 +49,7 @@ their outputs are of the same size. Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -L instead. +L with Linstead. See L for further information. =head1 RETURN VALUES diff --git a/deps/openssl/openssl/doc/man3/EVP_sha3_224.pod b/deps/openssl/openssl/doc/man3/EVP_sha3_224.pod index 5bb9ae1b89e550..93c0d0b9fb1e0f 100644 --- a/deps/openssl/openssl/doc/man3/EVP_sha3_224.pod +++ b/deps/openssl/openssl/doc/man3/EVP_sha3_224.pod @@ -54,7 +54,7 @@ B provides that of 256 bits. Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -L instead. +L with L or L instead. See L for further information. =head1 RETURN VALUES diff --git a/deps/openssl/openssl/doc/man3/EVP_sm3.pod b/deps/openssl/openssl/doc/man3/EVP_sm3.pod index 4e8112dc0afee2..65be55e88dba8d 100644 --- a/deps/openssl/openssl/doc/man3/EVP_sm3.pod +++ b/deps/openssl/openssl/doc/man3/EVP_sm3.pod @@ -28,7 +28,7 @@ The SM3 hash function. Developers should be aware of the negative performance implications of calling this function multiple times and should consider using -L instead. +L with L instead. See L for further information. =head1 RETURN VALUES diff --git a/deps/openssl/openssl/doc/man3/EVP_sm4_cbc.pod b/deps/openssl/openssl/doc/man3/EVP_sm4_cbc.pod index b67ade549968c5..48be7a31ad756d 100644 --- a/deps/openssl/openssl/doc/man3/EVP_sm4_cbc.pod +++ b/deps/openssl/openssl/doc/man3/EVP_sm4_cbc.pod @@ -45,7 +45,7 @@ respectively. Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -L instead. +L with L instead. See L for further information. =head1 RETURN VALUES diff --git a/deps/openssl/openssl/doc/man3/EVP_whirlpool.pod b/deps/openssl/openssl/doc/man3/EVP_whirlpool.pod index a9826e290a4279..c5d465b16f0c3c 100644 --- a/deps/openssl/openssl/doc/man3/EVP_whirlpool.pod +++ b/deps/openssl/openssl/doc/man3/EVP_whirlpool.pod @@ -30,7 +30,7 @@ input. Developers should be aware of the negative performance implications of calling this function multiple times and should consider using -L instead. +L with L instead. See L for further information. =head1 RETURN VALUES diff --git a/deps/openssl/openssl/doc/man3/OCSP_resp_find_status.pod b/deps/openssl/openssl/doc/man3/OCSP_resp_find_status.pod index f4afddcdefe9d1..0fa1a3cf249a06 100644 --- a/deps/openssl/openssl/doc/man3/OCSP_resp_find_status.pod +++ b/deps/openssl/openssl/doc/man3/OCSP_resp_find_status.pod @@ -131,7 +131,7 @@ in L. If I contains B it ignores all certificates in I and in I, else it takes them as untrusted intermediate CA certificates and uses them for constructing the validation path for the signer certificate. -Certicate revocation status checks using CRLs is disabled during path validation +Certificate revocation status checks using CRLs is disabled during path validation if the signer certificate contains the B extension. After successful path validation the function returns success if the B flag is set. @@ -210,7 +210,7 @@ L =head1 COPYRIGHT -Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/OCSP_sendreq_new.pod b/deps/openssl/openssl/doc/man3/OCSP_sendreq_new.pod index 6e4c8110f1f038..ce2749ed1ba686 100644 --- a/deps/openssl/openssl/doc/man3/OCSP_sendreq_new.pod +++ b/deps/openssl/openssl/doc/man3/OCSP_sendreq_new.pod @@ -40,7 +40,7 @@ These functions perform an OCSP POST request / response transfer over HTTP, using the HTTP request functions described in L. The function OCSP_sendreq_new() builds a complete B structure -with the B I to be used for requests and reponse, the URL path I, +with the B I to be used for requests and response, the URL path I, optionally the OCSP request I, and a response header maximum line length of I. If I is zero a default value of 4KiB is used. The I may be set to NULL and provided later using OCSP_REQ_CTX_set1_req() @@ -115,7 +115,7 @@ were deprecated in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/OSSL_CMP_CTX_new.pod b/deps/openssl/openssl/doc/man3/OSSL_CMP_CTX_new.pod index c0c41a226bfeb2..ce7db8f2f08628 100644 --- a/deps/openssl/openssl/doc/man3/OSSL_CMP_CTX_new.pod +++ b/deps/openssl/openssl/doc/man3/OSSL_CMP_CTX_new.pod @@ -182,7 +182,7 @@ clearing the internal CMP transaction (aka session) status, PKIStatusInfo, and any previous results (newCert, newChain, caPubs, and extraCertsIn) from the last executed transaction. It also clears any ITAVs that were added by OSSL_CMP_CTX_push0_genm_ITAV(). -All other field values (i.e., CMP options) are retained for potential re-use. +All other field values (i.e., CMP options) are retained for potential reuse. OSSL_CMP_CTX_set_option() sets the given value for the given option (e.g., OSSL_CMP_OPT_IMPLICIT_CONFIRM) in the given OSSL_CMP_CTX structure. @@ -260,12 +260,12 @@ The following options can be set: =item B The NID of the digest algorithm to be used as one-way function (OWF) - in RFC 4210's MSG_MAC_ALG for PBM-based message protection. + for MAC-based message protection with password-based MAC (PBM). + See RFC 4210 section 5.1.3.1 for details. Default is SHA256. =item B - The NID of the MAC algorithm to be used in RFC 4210's MSG_MAC_ALG - for PBM-based message protection. + The NID of the MAC algorithm to be used for message protection with PBM. Default is HMAC-SHA1 as per RFC 4210. =item B @@ -450,8 +450,8 @@ The reference counts of those certificates handled successfully are increased. OSSL_CMP_CTX_get0_untrusted(OSSL_CMP_CTX *ctx) returns a pointer to the list of untrusted certs, which may be empty if unset. -OSSL_CMP_CTX_set1_cert() sets the CMP signer certificate -related to the private key used for CMP message protection. +OSSL_CMP_CTX_set1_cert() sets the CMP signer certificate, also called protection +certificate, related to the private key for signature-based message protection. Therefore the public key of this I must correspond to the private key set before or thereafter via OSSL_CMP_CTX_set1_pkey(). When using signature-based protection of CMP request messages @@ -481,15 +481,15 @@ OSSL_CMP_CTX_set1_pkey() sets the client's private key corresponding to the CMP signer certificate set via OSSL_CMP_CTX_set1_cert(). This key is used create signature-based protection (protectionAlg = MSG_SIG_ALG) of outgoing messages -unless a PBM secret has been set via OSSL_CMP_CTX_set1_secretValue(). +unless a symmetric secret has been set via OSSL_CMP_CTX_set1_secretValue(). The I argument may be NULL to clear the entry. -OSSL_CMP_CTX_set1_secretValue() sets the byte string I with length I -as PBM secret in the given I or clears it if the I argument is NULL. -If present, this secret is used to create PBM-based protection of outgoing -messages and to verify any PBM-based protection of incoming messages -(protectionAlg = MSG_MAC_ALG). PBM stands for Password-Based MAC. -PBM-based protection takes precedence over signature-based protection. +OSSL_CMP_CTX_set1_secretValue() sets in I the byte string I of length +I to use as pre-shared secret, or clears it if the I argument is NULL. +If present, this secret is used to create MAC-based authentication and integrity +protection (rather than applying signature-based protection) +of outgoing messages and to verify authenticity and integrity of incoming +messages that have MAC-based protection (protectionAlg = C). OSSL_CMP_CTX_set1_referenceValue() sets the given referenceValue I with length I in the given I or clears it if the I argument is NULL. @@ -500,7 +500,7 @@ then the sender field will contain the NULL-DN and the senderKID field of the CMP message header must be set. When signature-based protection is used the senderKID will be set to the subjectKeyIdentifier of the CMP signer certificate as far as present. -If not present or when PBM-based protection is used +If not present or when MAC-based protection is used the I value is taken as the fallback value for the senderKID. OSSL_CMP_CTX_set1_recipient() sets the recipient name that will be used in the @@ -627,7 +627,7 @@ OSSL_CMP_CTX_set_certConf_cb_arg(), or NULL if unset. OSSL_CMP_CTX_get_status() returns for client contexts the PKIstatus from the last received CertRepMessage or Revocation Response or error message: -=item B on sucessful receipt of a GENP message: +=item B on successful receipt of a GENP message: =over 4 @@ -731,7 +731,7 @@ Set up a CMP client context for sending requests and verifying responses: OSSL_CMP_CTX_set1_serverPath(cmp_ctx, path_or_alias); OSSL_CMP_CTX_set0_trustedStore(cmp_ctx, ts); -Set up client credentials for password-based protection (PBM): +Set up symmetric credentials for MAC-based message protection such as PBM: OSSL_CMP_CTX_set1_referenceValue(cmp_ctx, ref, ref_len); OSSL_CMP_CTX_set1_secretValue(cmp_ctx, sec, sec_len); diff --git a/deps/openssl/openssl/doc/man3/OSSL_CMP_exec_certreq.pod b/deps/openssl/openssl/doc/man3/OSSL_CMP_exec_certreq.pod index b0d81c7c41a968..0cabc3bad5ac96 100644 --- a/deps/openssl/openssl/doc/man3/OSSL_CMP_exec_certreq.pod +++ b/deps/openssl/openssl/doc/man3/OSSL_CMP_exec_certreq.pod @@ -42,7 +42,7 @@ client-server transactions, i.e., sequences of CMP requests and responses. All functions take a populated OSSL_CMP_CTX structure as their first argument. Usually the server name, port, and path ("CMP alias") need to be set, as well as -credentials the client can use for authenticating itself to the client. +credentials the client can use for authenticating itself to the server. In order to authenticate the server the client typically needs a trust store. The functions return their respective main results directly, while there are also accessor functions for retrieving various results and status information @@ -72,7 +72,7 @@ and need to be filled in using L, L, L, etc. For P10CR, L needs to be used instead. The enrollment session may be blocked by sleeping until the addressed -CA (or an intermedate PKI component) can fully process and answer the request. +CA (or an intermediate PKI component) can fully process and answer the request. OSSL_CMP_try_certreq() is an alternative to the above functions that is more flexible regarding what to do after receiving a checkAfter value. @@ -119,9 +119,17 @@ See RFC 4210 section 5.3.19 and appendix E.5 for details. CMP is defined in RFC 4210 (and CRMF in RFC 4211). -So far the CMP client implementation is limited to one request per CMP message +The CMP client implementation is limited to one request per CMP message (and consequently to at most one response component per CMP message). +When a client obtains from a CMP server CA certificates that it is going to +trust, for instance via the caPubs field of a certificate response, +authentication of the CMP server is particularly critical. +So special care must be taken setting up server authentication in I +using functions such as +L (for certificate-based authentication) or +L (for MAC-based protection). + =head1 RETURN VALUES OSSL_CMP_exec_certreq(), OSSL_CMP_exec_IR_ses(), OSSL_CMP_exec_CR_ses(), @@ -163,7 +171,7 @@ The OpenSSL CMP support was added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/OSSL_CMP_log_open.pod b/deps/openssl/openssl/doc/man3/OSSL_CMP_log_open.pod index 9a55370e3c0cc0..f540c193829777 100644 --- a/deps/openssl/openssl/doc/man3/OSSL_CMP_log_open.pod +++ b/deps/openssl/openssl/doc/man3/OSSL_CMP_log_open.pod @@ -89,7 +89,7 @@ As long as neither if the two is used any logging output is ignored. OSSL_CMP_log_close() may be called when all activities are finished to flush any pending CMP-specific log output and deallocate related resources. -It may be called multiple times. It does get called at OpenSSL stutdown. +It may be called multiple times. It does get called at OpenSSL shutdown. OSSL_CMP_print_to_bio() prints the given component info, filename, line number, severity level, and log message or error queue message to the given I. @@ -114,7 +114,7 @@ The OpenSSL CMP support was added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/OSSL_DECODER.pod b/deps/openssl/openssl/doc/man3/OSSL_DECODER.pod index 334f955e16f99a..dcfd72bf973847 100644 --- a/deps/openssl/openssl/doc/man3/OSSL_DECODER.pod +++ b/deps/openssl/openssl/doc/man3/OSSL_DECODER.pod @@ -116,7 +116,7 @@ multiple synonyms associated with it. In this case the first name from the algorithm definition is returned. Ownership of the returned string is retained by the I object and should not be freed by the caller. -OSSL_DECODER_get0_description() returns a pointer to a decription, or NULL if +OSSL_DECODER_get0_description() returns a pointer to a description, or NULL if there isn't one. OSSL_DECODER_names_do_all() returns 1 if the callback was called for all @@ -180,7 +180,7 @@ The functions described here were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/OSSL_DECODER_CTX_new_for_pkey.pod b/deps/openssl/openssl/doc/man3/OSSL_DECODER_CTX_new_for_pkey.pod index 213791404c778e..acb04bc3762379 100644 --- a/deps/openssl/openssl/doc/man3/OSSL_DECODER_CTX_new_for_pkey.pod +++ b/deps/openssl/openssl/doc/man3/OSSL_DECODER_CTX_new_for_pkey.pod @@ -41,7 +41,7 @@ them up, so all the caller has to do next is call functions like L. The caller may use the optional I, I, I and I to specify what the input is expected to contain. The I must reference an B variable -that will be set to the newly created B on succesfull decoding. +that will be set to the newly created B on successful decoding. The referenced variable must be initialized to NULL before calling the function. @@ -135,7 +135,7 @@ The functions described here were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/OSSL_ENCODER.pod b/deps/openssl/openssl/doc/man3/OSSL_ENCODER.pod index cfabba2e1d025f..06d8f80f881225 100644 --- a/deps/openssl/openssl/doc/man3/OSSL_ENCODER.pod +++ b/deps/openssl/openssl/doc/man3/OSSL_ENCODER.pod @@ -117,7 +117,7 @@ multiple synonyms associated with it. In this case the first name from the algorithm definition is returned. Ownership of the returned string is retained by the I object and should not be freed by the caller. -OSSL_ENCODER_get0_description() returns a pointer to a decription, or NULL if +OSSL_ENCODER_get0_description() returns a pointer to a description, or NULL if there isn't one. OSSL_ENCODER_names_do_all() returns 1 if the callback was called for all @@ -134,7 +134,7 @@ The functions described here were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/OSSL_ENCODER_CTX.pod b/deps/openssl/openssl/doc/man3/OSSL_ENCODER_CTX.pod index 2d7a6a298f852b..7f3915fda88236 100644 --- a/deps/openssl/openssl/doc/man3/OSSL_ENCODER_CTX.pod +++ b/deps/openssl/openssl/doc/man3/OSSL_ENCODER_CTX.pod @@ -80,7 +80,7 @@ as DER to PEM, as well as more specialized encoders like RSA to DER. The final output type must be given, and a chain of encoders must end with an implementation that produces that output type. -At the beginning of the encoding process, a contructor provided by the +At the beginning of the encoding process, a constructor provided by the caller is called to ensure that there is an appropriate provider-side object to start with. The constructor is set with OSSL_ENCODER_CTX_set_construct(). @@ -148,7 +148,7 @@ The pointer that was set with OSSL_ENCODE_CTX_set_construct_data(). The constructor is expected to return a valid (non-NULL) pointer to a provider-native object that can be used as first input of an encoding chain, -or NULL to indicate that an error has occured. +or NULL to indicate that an error has occurred. These utility functions may be used by a constructor: @@ -211,7 +211,7 @@ The functions described here were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/OSSL_ESS_check_signing_certs.pod b/deps/openssl/openssl/doc/man3/OSSL_ESS_check_signing_certs.pod index bff26193d75831..24145ead1728f8 100644 --- a/deps/openssl/openssl/doc/man3/OSSL_ESS_check_signing_certs.pod +++ b/deps/openssl/openssl/doc/man3/OSSL_ESS_check_signing_certs.pod @@ -46,7 +46,7 @@ while the list contained in I is of type B. As far as these lists are present, they must be nonempty. The certificate identified by their first entry must be the first element of I, i.e. the signer certificate. -Any further certficates referenced in the list must also be found in I. +Any further certificates referenced in the list must also be found in I. The matching is done using the given certificate hash algorithm and value. In addition to the checks required by RFCs 2624 and 5035, if the B field is included in an B or B @@ -78,7 +78,7 @@ OSSL_ESS_check_signing_certs() were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/OSSL_HTTP_REQ_CTX.pod b/deps/openssl/openssl/doc/man3/OSSL_HTTP_REQ_CTX.pod index fbe1a152b80c25..6216420e4ffe92 100644 --- a/deps/openssl/openssl/doc/man3/OSSL_HTTP_REQ_CTX.pod +++ b/deps/openssl/openssl/doc/man3/OSSL_HTTP_REQ_CTX.pod @@ -72,12 +72,16 @@ which collects the HTTP request header lines. OSSL_HTTP_REQ_CTX_free() frees up the HTTP request context I. The I is not free'd, I will be free'd if I is set. -OSSL_HTTP_REQ_CTX_set_request_line() adds the HTTP request line to the context. +OSSL_HTTP_REQ_CTX_set_request_line() adds the 1st HTTP request line to I. The HTTP method is determined by I, which should be 1 to indicate C or 0 to indicate C. -I and I may be set to indicate a proxy server and port -that the request should go through, otherwise they should be left NULL. -I is the HTTP request path; if left NULL, C is used. +I and I may be set to give the server and the optional port that +an HTTP proxy shall forward the request to, otherwise they must be left NULL. +I provides the HTTP request path; if left NULL, C is used. +For backward compatibility, I may begin with C and thus convey +an absoluteURI. In this case it indicates HTTP proxy use and provides also the +server (and optionally the port) that the proxy shall forward the request to. +In this case the I and I arguments must be NULL. OSSL_HTTP_REQ_CTX_add1_header() adds header I with value I to the context I. It can be called more than once to add multiple header lines. @@ -133,7 +137,7 @@ The function may need to be called again if its result is -1, which indicates L. In such a case it is advisable to sleep a little in between, using L on the read BIO to prevent a busy loop. -OSSL_HTTP_REQ_CTX_nbio_d2i() is like OSSL_HTTP_REQ_CTX_nbio() but on successs +OSSL_HTTP_REQ_CTX_nbio_d2i() is like OSSL_HTTP_REQ_CTX_nbio() but on success in addition parses the response, which must be a DER-encoded ASN.1 structure, using the ASN.1 template I and places the result in I<*pval>. @@ -256,7 +260,7 @@ The functions described here were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/OSSL_HTTP_parse_url.pod b/deps/openssl/openssl/doc/man3/OSSL_HTTP_parse_url.pod index 945e981a73fa14..768f0acdb14c72 100644 --- a/deps/openssl/openssl/doc/man3/OSSL_HTTP_parse_url.pod +++ b/deps/openssl/openssl/doc/man3/OSSL_HTTP_parse_url.pod @@ -57,7 +57,7 @@ The path component is also optional and defaults to C. Each non-NULL result pointer argument I, I, I, I, I, I, and I, is assigned the respective url component. On success, they are guaranteed to contain non-NULL string pointers, else NULL. -It is the reponsibility of the caller to free them using L. +It is the responsibility of the caller to free them using L. If I is NULL, any given query component is handled as part of the path. A string returned via I<*ppath> is guaranteed to begin with a C character. For absent scheme, userinfo, port, query, and fragment components @@ -97,7 +97,7 @@ OCSP_parse_url() was deprecated in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/OSSL_HTTP_transfer.pod b/deps/openssl/openssl/doc/man3/OSSL_HTTP_transfer.pod index 3337f6d4a35e51..716e365ef50db0 100644 --- a/deps/openssl/openssl/doc/man3/OSSL_HTTP_transfer.pod +++ b/deps/openssl/openssl/doc/man3/OSSL_HTTP_transfer.pod @@ -161,8 +161,11 @@ NULL) to print additional diagnostic information in a user-oriented way. OSSL_HTTP_set1_request() sets up in I the request header and content data and expectations on the response using the following parameters. -If indicates using a proxy for HTTP (but not HTTPS), the server hostname -(and optionally port) needs to be placed in the header and thus must be present. +If indicates using a proxy for HTTP (but not HTTPS), the server host +(and optionally port) needs to be placed in the header; thus it must be present +in I. +For backward compatibility, the server (and optional port) may also be given in +the I argument beginning with C (thus giving an absoluteURI). If I is NULL it defaults to "/". If I is NULL the HTTP GET method will be used to send the request else HTTP POST with the contents of I and optional I, where @@ -274,7 +277,7 @@ All the functions described here were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/OSSL_PARAM.pod b/deps/openssl/openssl/doc/man3/OSSL_PARAM.pod index 3939ddc742968d..1e5bf06cf767a7 100644 --- a/deps/openssl/openssl/doc/man3/OSSL_PARAM.pod +++ b/deps/openssl/openssl/doc/man3/OSSL_PARAM.pod @@ -108,7 +108,7 @@ B in relation to C strings. When setting parameters, the size should be set to the length of the string, not counting the terminating NUL byte. When requesting parameters, the size should be set to the size of the buffer to be populated, which -should accomodate enough space for a terminating NUL byte. +should accommodate enough space for a terminating NUL byte. When I, it's acceptable for I to be NULL. This can be used by the I to figure out dynamically exactly diff --git a/deps/openssl/openssl/doc/man3/OSSL_PARAM_int.pod b/deps/openssl/openssl/doc/man3/OSSL_PARAM_int.pod index c03e30f839652a..d357818ff14bd9 100644 --- a/deps/openssl/openssl/doc/man3/OSSL_PARAM_int.pod +++ b/deps/openssl/openssl/doc/man3/OSSL_PARAM_int.pod @@ -241,7 +241,7 @@ will be assigned the size the parameter's I buffer should have. OSSL_PARAM_get_utf8_string() retrieves a UTF8 string from the parameter pointed to by I

. The string is stored into I<*val> with a size limit of I, -which must be large enough to accomodate a terminating NUL byte, +which must be large enough to accommodate a terminating NUL byte, otherwise this function will fail. If I<*val> is NULL, memory is allocated for the string (including the terminating NUL byte) and I is ignored. @@ -250,14 +250,14 @@ If memory is allocated by this function, it must be freed by the caller. OSSL_PARAM_set_utf8_string() sets a UTF8 string from the parameter pointed to by I

to the value referenced by I. If the parameter's I field isn't NULL, its I must indicate -that the buffer is large enough to accomodate the string that I points at, +that the buffer is large enough to accommodate the string that I points at, not including the terminating NUL byte, or this function will fail. A terminating NUL byte is added only if the parameter's I indicates the buffer is longer than the string length, otherwise the string will not be NUL terminated. If the parameter's I field is NULL, then only its I field will be assigned the minimum size the parameter's I buffer should have -to accomodate the string, not including a terminating NUL byte. +to accommodate the string, not including a terminating NUL byte. OSSL_PARAM_get_octet_string() retrieves an OCTET string from the parameter pointed to by I

. diff --git a/deps/openssl/openssl/doc/man3/OSSL_PROVIDER.pod b/deps/openssl/openssl/doc/man3/OSSL_PROVIDER.pod index 9710469e07f2c4..40a4ea1005725e 100644 --- a/deps/openssl/openssl/doc/man3/OSSL_PROVIDER.pod +++ b/deps/openssl/openssl/doc/man3/OSSL_PROVIDER.pod @@ -90,8 +90,8 @@ the environment variable OPENSSL_MODULES if set. OSSL_PROVIDER_try_load() functions like OSSL_PROVIDER_load(), except that it does not disable the fallback providers if the provider cannot be -loaded and initialized or if I is zero. -If the provider loads successfully and I is nonzero, the +loaded and initialized or if I is nonzero. +If the provider loads successfully and I is zero, the fallback providers are disabled. OSSL_PROVIDER_unload() unloads the given provider. @@ -213,7 +213,7 @@ The type and functions described here were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/OSSL_SELF_TEST_new.pod b/deps/openssl/openssl/doc/man3/OSSL_SELF_TEST_new.pod index 5fe838351908b5..4c4b10fca96ad0 100644 --- a/deps/openssl/openssl/doc/man3/OSSL_SELF_TEST_new.pod +++ b/deps/openssl/openssl/doc/man3/OSSL_SELF_TEST_new.pod @@ -22,7 +22,7 @@ OSSL_SELF_TEST_onend - functionality to trigger a callback during a self test =head1 DESCRIPTION -These methods are intended for use by provider implementors, to display +These methods are intended for use by provider implementers, to display diagnostic information during self testing. OSSL_SELF_TEST_new() allocates an opaque B object that has a @@ -165,7 +165,7 @@ The functions described here were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/OSSL_STORE_LOADER.pod b/deps/openssl/openssl/doc/man3/OSSL_STORE_LOADER.pod index b1d838604badc8..9cd016be158a9a 100644 --- a/deps/openssl/openssl/doc/man3/OSSL_STORE_LOADER.pod +++ b/deps/openssl/openssl/doc/man3/OSSL_STORE_LOADER.pod @@ -327,7 +327,7 @@ definition string, or NULL on error. OSSL_STORE_LOADER_is_a() returns 1 if I was identifiable, otherwise 0. -OSSL_STORE_LOADER_get0_description() returns a pointer to a decription, or NULL if +OSSL_STORE_LOADER_get0_description() returns a pointer to a description, or NULL if there isn't one. The functions with the types B, @@ -380,7 +380,7 @@ were added in OpenSSL 1.1.1, and became deprecated in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/OSSL_trace_set_channel.pod b/deps/openssl/openssl/doc/man3/OSSL_trace_set_channel.pod index 3b9c64e5412f7f..f93242643c406a 100644 --- a/deps/openssl/openssl/doc/man3/OSSL_trace_set_channel.pod +++ b/deps/openssl/openssl/doc/man3/OSSL_trace_set_channel.pod @@ -48,7 +48,7 @@ so the caller must not free it directly. OSSL_trace_set_prefix() and OSSL_trace_set_suffix() can be used to add an extra line for each channel, to be output before and after group of tracing output. -What constitues an output group is decided by the code that produces +What constitutes an output group is decided by the code that produces the output. The lines given here are considered immutable; for more dynamic tracing prefixes, consider setting a callback with diff --git a/deps/openssl/openssl/doc/man3/PKCS12_create.pod b/deps/openssl/openssl/doc/man3/PKCS12_create.pod index dc0f06d9d323c7..92e588062a36ed 100644 --- a/deps/openssl/openssl/doc/man3/PKCS12_create.pod +++ b/deps/openssl/openssl/doc/man3/PKCS12_create.pod @@ -42,7 +42,8 @@ can all be set to zero and sensible defaults will be used. These defaults are: AES password based encryption (PBES2 with PBKDF2 and AES-256-CBC) for private keys and certificates, the PBKDF2 and MAC key derivation iteration count of B (currently 2048), and -MAC algorithm HMAC with SHA2-256. +MAC algorithm HMAC with SHA2-256. The MAC key derivation algorithm used +for the outer PKCS#12 structure is PKCS12KDF. The default MAC iteration count is 1 in order to retain compatibility with old software which did not interpret MAC iteration counts. If such compatibility @@ -68,6 +69,8 @@ I or I can be set to -1 indicating that no encryption should be used. I can be set to -1 and the MAC will then be omitted entirely. +This can be useful when running with the FIPS provider as the PKCS12KDF +is not a FIPS approvable algorithm. PKCS12_create() makes assumptions regarding the encoding of the given pass phrase. @@ -83,7 +86,9 @@ IETF RFC 7292 (L) =head1 SEE ALSO +L, L, +L, L =head1 HISTORY @@ -96,7 +101,7 @@ standards. =head1 COPYRIGHT -Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/PKCS12_decrypt_skey.pod b/deps/openssl/openssl/doc/man3/PKCS12_decrypt_skey.pod index 7a41b2b06c2f7e..97c6823a3c746b 100644 --- a/deps/openssl/openssl/doc/man3/PKCS12_decrypt_skey.pod +++ b/deps/openssl/openssl/doc/man3/PKCS12_decrypt_skey.pod @@ -21,7 +21,7 @@ decrypt functions PKCS12_decrypt_skey() Decrypt the PKCS#8 shrouded keybag contained within I using the supplied password I of length I. -PKCS12_decrypt_skey_ex() is similar to the above but allows for a library contex +PKCS12_decrypt_skey_ex() is similar to the above but allows for a library context I and property query I to be used to select algorithm implementations. =head1 RETURN VALUES @@ -45,7 +45,7 @@ PKCS12_decrypt_skey_ex() was added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/PKCS12_gen_mac.pod b/deps/openssl/openssl/doc/man3/PKCS12_gen_mac.pod index 53b55e8703030d..a72df145fedd70 100644 --- a/deps/openssl/openssl/doc/man3/PKCS12_gen_mac.pod +++ b/deps/openssl/openssl/doc/man3/PKCS12_gen_mac.pod @@ -21,7 +21,8 @@ PKCS12_verify_mac - Functions to create and manipulate a PKCS#12 structure =head1 DESCRIPTION PKCS12_gen_mac() generates an HMAC over the entire PKCS#12 object using the -supplied password along with a set of already configured paramters. +supplied password along with a set of already configured parameters. +The default key generation mechanism used is PKCS12KDF. PKCS12_verify_mac() verifies the PKCS#12 object's HMAC using the supplied password. @@ -57,12 +58,13 @@ IETF RFC 7292 (L) =head1 SEE ALSO L, +L, L, L =head1 COPYRIGHT -Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/PKCS5_PBKDF2_HMAC.pod b/deps/openssl/openssl/doc/man3/PKCS5_PBKDF2_HMAC.pod index 0984e993daefa5..8b5feff9192c02 100644 --- a/deps/openssl/openssl/doc/man3/PKCS5_PBKDF2_HMAC.pod +++ b/deps/openssl/openssl/doc/man3/PKCS5_PBKDF2_HMAC.pod @@ -33,7 +33,8 @@ be NULL terminated. B is the iteration count and its value should be greater than or equal to 1. RFC 2898 suggests an iteration count of at least 1000. Any -B less than 1 is treated as a single iteration. +B value less than 1 is invalid; such values will result in failure +and raise the PROV_R_INVALID_ITERATION_COUNT error. B is the message digest function used in the derivation. PKCS5_PBKDF2_HMAC_SHA1() calls PKCS5_PBKDF2_HMAC() with EVP_sha1(). @@ -66,7 +67,7 @@ L =head1 COPYRIGHT -Copyright 2014-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2014-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/RAND_bytes.pod b/deps/openssl/openssl/doc/man3/RAND_bytes.pod index ee7ed4af860c81..8440a731856438 100644 --- a/deps/openssl/openssl/doc/man3/RAND_bytes.pod +++ b/deps/openssl/openssl/doc/man3/RAND_bytes.pod @@ -37,7 +37,7 @@ and L. RAND_bytes_ex() and RAND_priv_bytes_ex() are the same as RAND_bytes() and RAND_priv_bytes() except that they both take additional I and -I parameters. The bytes genreated will have a security strength of at +I parameters. The bytes generated will have a security strength of at least I bits. The DRBG used for the operation is the public or private DRBG associated with the specified I. The parameter can be NULL, in which case @@ -101,7 +101,7 @@ The RAND_bytes_ex() and RAND_priv_bytes_ex() functions were added in OpenSSL 3.0 =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/RSA_get0_key.pod b/deps/openssl/openssl/doc/man3/RSA_get0_key.pod index 0a0f79125a3281..1c1fa5bfcda35c 100644 --- a/deps/openssl/openssl/doc/man3/RSA_get0_key.pod +++ b/deps/openssl/openssl/doc/man3/RSA_get0_key.pod @@ -54,7 +54,7 @@ see L: All of the functions described on this page are deprecated. Applications should instead use L for any methods that -return a B. Refer to L for more infomation. +return a B. Refer to L for more information. An RSA object contains the components for the public and private key, B, B, B, B

, B, B, B and B. B is @@ -184,7 +184,7 @@ All of these functions were deprecated in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/SSL_CONF_CTX_set_ssl_ctx.pod b/deps/openssl/openssl/doc/man3/SSL_CONF_CTX_set_ssl_ctx.pod index 06cc1e4ec539d2..3913ea9390079d 100644 --- a/deps/openssl/openssl/doc/man3/SSL_CONF_CTX_set_ssl_ctx.pod +++ b/deps/openssl/openssl/doc/man3/SSL_CONF_CTX_set_ssl_ctx.pod @@ -2,6 +2,7 @@ =head1 NAME +SSL_CONF_CTX_finish, SSL_CONF_CTX_set_ssl_ctx, SSL_CONF_CTX_set_ssl - set context to configure =head1 SYNOPSIS @@ -10,6 +11,7 @@ SSL_CONF_CTX_set_ssl_ctx, SSL_CONF_CTX_set_ssl - set context to configure void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx); void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl); + int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx); =head1 DESCRIPTION @@ -23,6 +25,10 @@ B structure B. Any previous B or B associated with B is cleared. Subsequent calls to SSL_CONF_cmd() will be sent to B. +The function SSL_CONF_CTX_finish() must be called after all configuration +operations have been completed. It is used to finalise any operations +or to process defaults. + =head1 NOTES The context need not be set or it can be set to B in which case only @@ -32,6 +38,8 @@ syntax checking of commands is performed, where possible. SSL_CONF_CTX_set_ssl_ctx() and SSL_CTX_set_ssl() do not return a value. +SSL_CONF_CTX_finish() returns 1 for success and 0 for failure. + =head1 SEE ALSO L, @@ -47,7 +55,7 @@ These functions were added in OpenSSL 1.0.2. =head1 COPYRIGHT -Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2012-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/SSL_CTX_new.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_new.pod index 61de1a655164ad..f467f93659b575 100644 --- a/deps/openssl/openssl/doc/man3/SSL_CTX_new.pod +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_new.pod @@ -100,7 +100,7 @@ provide serialization of access for these cases. =head1 NOTES -On session estabilishment, by default, no peer credentials verification is done. +On session establishment, by default, no peer credentials verification is done. This must be explicitly requested, typically using L. For verifying peer certificates many options can be set using various functions such as L and L. @@ -249,7 +249,7 @@ SSL_CTX_new_ex() was added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/SSL_CTX_set_info_callback.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_info_callback.pod index 9cee6420738486..c1c6a67f85a7d7 100644 --- a/deps/openssl/openssl/doc/man3/SSL_CTX_set_info_callback.pod +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set_info_callback.pod @@ -12,11 +12,15 @@ SSL_get_info_callback #include - void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*callback)()); - void (*SSL_CTX_get_info_callback(const SSL_CTX *ctx))(); + void SSL_CTX_set_info_callback(SSL_CTX *ctx, + void (*callback) (const SSL *ssl, int type, int val)); - void SSL_set_info_callback(SSL *ssl, void (*callback)()); - void (*SSL_get_info_callback(const SSL *ssl))(); + void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type, int val); + + void SSL_set_info_callback(SSL *ssl, + void (*callback) (const SSL *ssl, int type, int val)); + + void (*SSL_get_info_callback(const SSL *ssl)) (const SSL *ssl, int type, int val); =head1 DESCRIPTION @@ -119,7 +123,7 @@ SSL_get_info_callback() returns the current setting. The following example callback function prints state strings, information about alerts being handled and error messages to the B BIO. - void apps_ssl_info_callback(SSL *s, int where, int ret) + void apps_ssl_info_callback(const SSL *s, int where, int ret) { const char *str; int w = where & ~SSL_ST_MASK; @@ -156,7 +160,7 @@ L =head1 COPYRIGHT -Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/SSL_CTX_set_tmp_dh_callback.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_tmp_dh_callback.pod index 4daf78b8d3341e..0c6694d4c6a7ca 100644 --- a/deps/openssl/openssl/doc/man3/SSL_CTX_set_tmp_dh_callback.pod +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set_tmp_dh_callback.pod @@ -73,9 +73,9 @@ the built-in parameter support described above. Applications wishing to supply their own DH parameters should call SSL_CTX_set0_tmp_dh_pkey() or SSL_set0_tmp_dh_pkey() to supply the parameters for the B or B respectively. The parameters should be supplied in the I argument as -an B containg DH parameters. Ownership of the I value is +an B containing DH parameters. Ownership of the I value is passed to the B or B object as a result of this call, and so the -caller should not free it if the function call is succesful. +caller should not free it if the function call is successful. The deprecated macros SSL_CTX_set_tmp_dh() and SSL_set_tmp_dh() do the same thing as SSL_CTX_set0_tmp_dh_pkey() and SSL_set0_tmp_dh_pkey() except that the @@ -112,7 +112,7 @@ L, L =head1 COPYRIGHT -Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/SSL_get_verify_result.pod b/deps/openssl/openssl/doc/man3/SSL_get_verify_result.pod index ac37408748b25e..08c46c0576ba2b 100644 --- a/deps/openssl/openssl/doc/man3/SSL_get_verify_result.pod +++ b/deps/openssl/openssl/doc/man3/SSL_get_verify_result.pod @@ -22,6 +22,13 @@ of a certificate can fail because of many reasons at the same time. Only the last verification error that occurred during the processing is available from SSL_get_verify_result(). +Sometimes there can be a sequence of errors leading to the verification +failure as reported by SSL_get_verify_result(). +To get the errors, it is necessary to setup a verify callback via +L or L and retrieve the errors +from the error stack there, because once L returns, +these errors may no longer be available. + The verification result is part of the established session and is restored when a session is reused. @@ -56,7 +63,7 @@ L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/SSL_new.pod b/deps/openssl/openssl/doc/man3/SSL_new.pod index 59d275523f98e7..2b522769169b77 100644 --- a/deps/openssl/openssl/doc/man3/SSL_new.pod +++ b/deps/openssl/openssl/doc/man3/SSL_new.pod @@ -35,7 +35,7 @@ MUST NOT have yet started the SSL handshake. For connections that are not in their initial state SSL_dup() just increments an internal reference count and returns the I handle. It may be possible to use L to recycle an SSL handle that is not in its initial -state for re-use, but this is best avoided. Instead, save and restore +state for reuse, but this is best avoided. Instead, save and restore the session, if desired, and construct a fresh handle for each connection. The subset of settings in I that are duplicated are: @@ -124,7 +124,7 @@ L =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/X509_STORE_CTX_new.pod b/deps/openssl/openssl/doc/man3/X509_STORE_CTX_new.pod index 2319012a98e161..c508a1d3fc1b88 100644 --- a/deps/openssl/openssl/doc/man3/X509_STORE_CTX_new.pod +++ b/deps/openssl/openssl/doc/man3/X509_STORE_CTX_new.pod @@ -177,7 +177,7 @@ administrator might only trust it for the former. An X.509 certificate extension exists that can record extended key usage information to supplement the purpose information described above. This extended mechanism is arbitrarily extensible and not well suited for a generic library API; applications that need to -validate extended key usage information in certifiates will need to define a +validate extended key usage information in certificates will need to define a custom "purpose" (see below) or supply a nondefault verification callback (L). @@ -273,7 +273,7 @@ There is no need to call X509_STORE_CTX_cleanup() explicitly since OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2009-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2009-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/deps/openssl/openssl/doc/man3/X509_VERIFY_PARAM_set_flags.pod index 43c1900bca787a..4627206174a508 100644 --- a/deps/openssl/openssl/doc/man3/X509_VERIFY_PARAM_set_flags.pod +++ b/deps/openssl/openssl/doc/man3/X509_VERIFY_PARAM_set_flags.pod @@ -223,7 +223,7 @@ X509_VERIFY_PARAM_set1_ip_asc() return 1 for success and 0 for failure. X509_VERIFY_PARAM_get0_host(), X509_VERIFY_PARAM_get0_email(), and -X509_VERIFY_PARAM_get1_ip_asc(), return the string pointers pecified above +X509_VERIFY_PARAM_get1_ip_asc(), return the string pointer specified above or NULL if the respective value has not been set or on error. X509_VERIFY_PARAM_get_flags() returns the current verification flags. diff --git a/deps/openssl/openssl/doc/man3/X509_add_cert.pod b/deps/openssl/openssl/doc/man3/X509_add_cert.pod index 1512d81701b8be..907164e9710ef9 100644 --- a/deps/openssl/openssl/doc/man3/X509_add_cert.pod +++ b/deps/openssl/openssl/doc/man3/X509_add_cert.pod @@ -31,7 +31,7 @@ The value B, which equals 0, means no special semantics. If B is set then the reference counts of those certificates added successfully are increased. -If B is set then the certifcates are prepended to I. +If B is set then the certificates are prepended to I. By default they are appended to I. In both cases the original order of the added certificates is preserved. @@ -66,7 +66,7 @@ were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/X509_digest.pod b/deps/openssl/openssl/doc/man3/X509_digest.pod index f4921dbc187bf5..29cce96370c69e 100644 --- a/deps/openssl/openssl/doc/man3/X509_digest.pod +++ b/deps/openssl/openssl/doc/man3/X509_digest.pod @@ -44,9 +44,9 @@ X509_digest_sig() calculates a digest of the given certificate I using the same hash algorithm as in its signature, if the digest is an integral part of the certificate signature algorithm identifier. Otherwise, a fallback hash algorithm is determined as follows: -SHA512 if the signature alorithm is ED25519, +SHA512 if the signature algorithm is ED25519, SHAKE256 if it is ED448, otherwise SHA256. -The output parmeters are assigned as follows. +The output parameters are assigned as follows. Unless I is NULL, the hash algorithm used is provided in I<*md_used> and must be freed by the caller (if it is not NULL). Unless I is NULL, @@ -81,7 +81,7 @@ The X509_digest_sig() function was added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/X509_dup.pod b/deps/openssl/openssl/doc/man3/X509_dup.pod index 9fc355c7ce3478..1c9e4b95bc7b87 100644 --- a/deps/openssl/openssl/doc/man3/X509_dup.pod +++ b/deps/openssl/openssl/doc/man3/X509_dup.pod @@ -350,7 +350,7 @@ to generate the function bodies. B_new>() allocates an empty object of the indicated type. The object returned must be released by calling B_free>(). -B_new_ex>() is similiar to B_new>() but also passes the +B_new_ex>() is similar to B_new>() but also passes the library context I and the property query I to use when retrieving algorithms from providers. This created object can then be used when loading binary data using B>(). @@ -383,7 +383,7 @@ deprecated in 3.0. =head1 COPYRIGHT -Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/d2i_PKCS8PrivateKey_bio.pod b/deps/openssl/openssl/doc/man3/d2i_PKCS8PrivateKey_bio.pod index 5b5371b70f19cd..51d8aa8cfb474d 100644 --- a/deps/openssl/openssl/doc/man3/d2i_PKCS8PrivateKey_bio.pod +++ b/deps/openssl/openssl/doc/man3/d2i_PKCS8PrivateKey_bio.pod @@ -8,7 +8,7 @@ i2d_PKCS8PrivateKey_nid_bio, i2d_PKCS8PrivateKey_nid_fp - PKCS#8 format private =head1 SYNOPSIS - #include + #include EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u); EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u); @@ -64,7 +64,7 @@ L =head1 COPYRIGHT -Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/d2i_RSAPrivateKey.pod b/deps/openssl/openssl/doc/man3/d2i_RSAPrivateKey.pod index b4f5b466090004..08cd2c85e5bd79 100644 --- a/deps/openssl/openssl/doc/man3/d2i_RSAPrivateKey.pod +++ b/deps/openssl/openssl/doc/man3/d2i_RSAPrivateKey.pod @@ -28,7 +28,6 @@ d2i_RSA_PUBKEY_fp, d2i_DHparams, d2i_DHparams_bio, d2i_DHparams_fp, -d2i_ECPKParameters, d2i_ECParameters, d2i_ECPrivateKey, d2i_ECPrivateKey_bio, @@ -56,7 +55,6 @@ i2d_DSA_PUBKEY, i2d_DSA_PUBKEY_bio, i2d_DSA_PUBKEY_fp, i2d_DSAparams, -i2d_ECPKParameters, i2d_ECParameters, i2d_ECPrivateKey, i2d_ECPrivateKey_bio, @@ -205,7 +203,7 @@ I and I as follows: =item BPrivateKey>() translates into: - int selection = EVP_PKEY_PRIVATE_KEY; + int selection = EVP_PKEY_KEYPAIR; const char *structure = "type-specific"; =item BPublicKey>() translates into: @@ -309,7 +307,7 @@ L =head1 COPYRIGHT -Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man3/d2i_X509.pod b/deps/openssl/openssl/doc/man3/d2i_X509.pod index c79a964e6d7f98..00efb603581661 100644 --- a/deps/openssl/openssl/doc/man3/d2i_X509.pod +++ b/deps/openssl/openssl/doc/man3/d2i_X509.pod @@ -53,6 +53,7 @@ d2i_DIST_POINT, d2i_DIST_POINT_NAME, d2i_DSA_SIG, d2i_ECDSA_SIG, +d2i_ECPKParameters, d2i_EDIPARTYNAME, d2i_ESS_CERT_ID, d2i_ESS_CERT_ID_V2, @@ -223,6 +224,7 @@ i2d_DIST_POINT, i2d_DIST_POINT_NAME, i2d_DSA_SIG, i2d_ECDSA_SIG, +i2d_ECPKParameters, i2d_EDIPARTYNAME, i2d_ESS_CERT_ID, i2d_ESS_CERT_ID_V2, @@ -388,10 +390,12 @@ to the returned structure is also written to I<*a>. If an error occurred then NULL is returned. On a successful return, if I<*a> is not NULL then it is assumed that I<*a> -contains a valid B> structure and an attempt is made to reuse it. This -"reuse" capability is present for historical compatibility but its use is -B (see BUGS below, and the discussion in the RETURN -VALUES section). +contains a valid B> structure and an attempt is made to reuse it. +For B> structures where it matters it is possible to set up a library +context on the decoded structure this way (see the B section). +However using the "reuse" capability for other purposes is B (see B below, and the discussion in the B +section). B_bio>() is similar to B>() except it attempts to parse data from BIO I. @@ -536,6 +540,22 @@ Alternative technique: if (d2i_X509(&x, &p, len) == NULL) /* error */ +Setting up a library context and property query: + + X509 *x; + unsigned char *buf; + const unsigned char *p; + int len; + OSSL_LIB_CTX *libctx = ....; + const char *propq = ....; + + /* Set up buf and len to point to the input buffer. */ + p = buf; + x = X509_new_ex(libctx, propq); + + if (d2i_X509(&x, &p, len) == NULL) + /* error, x was freed and NULL assigned to it (see RETURN VALUES) */ + =head1 WARNINGS Using a temporary variable is mandatory. A common diff --git a/deps/openssl/openssl/doc/man5/config.pod b/deps/openssl/openssl/doc/man5/config.pod index a78ff4dc065770..8d312c661fa099 100644 --- a/deps/openssl/openssl/doc/man5/config.pod +++ b/deps/openssl/openssl/doc/man5/config.pod @@ -415,7 +415,7 @@ For example: =head2 Random Configuration The name B in the initialization section names the section -containing the random number generater settings. +containing the random number generator settings. Within the random section, the following names have meaning: diff --git a/deps/openssl/openssl/doc/man5/x509v3_config.pod b/deps/openssl/openssl/doc/man5/x509v3_config.pod index 1830092394bc90..044904022d894e 100644 --- a/deps/openssl/openssl/doc/man5/x509v3_config.pod +++ b/deps/openssl/openssl/doc/man5/x509v3_config.pod @@ -93,7 +93,7 @@ numeric identifier, as shown here: email.2 = steve@example.org The syntax of raw extensions is defined by the source code that parses -the extension but should be documened. +the extension but should be documented. See L for an example of a raw extension. If an extension type is unsupported, then the I extension syntax @@ -590,7 +590,7 @@ L =head1 COPYRIGHT -Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2004-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man7/EVP_KDF-PKCS12KDF.pod b/deps/openssl/openssl/doc/man7/EVP_KDF-PKCS12KDF.pod index 7edde1dc9bf7f0..98653656986427 100644 --- a/deps/openssl/openssl/doc/man7/EVP_KDF-PKCS12KDF.pod +++ b/deps/openssl/openssl/doc/man7/EVP_KDF-PKCS12KDF.pod @@ -46,6 +46,9 @@ RFC 7292 section B.3. =head1 NOTES +This algorithm is not available in the FIPS provider as it is not FIPS +approvable. + A typical application of this algorithm is to derive keying material for an encryption algorithm from a password in the "pass", a salt in "salt", and an iteration count. @@ -68,7 +71,8 @@ L, L, L, L, -L +L, +L =head1 HISTORY @@ -76,7 +80,7 @@ This functionality was added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man7/EVP_PKEY-EC.pod b/deps/openssl/openssl/doc/man7/EVP_PKEY-EC.pod index 4b6dec35862c68..3b14e256721b79 100644 --- a/deps/openssl/openssl/doc/man7/EVP_PKEY-EC.pod +++ b/deps/openssl/openssl/doc/man7/EVP_PKEY-EC.pod @@ -15,7 +15,7 @@ The B keytype is implemented in OpenSSL's default provider. The normal way of specifying domain parameters for an EC curve is via the curve name "group". For curves with no curve name, explicit parameters can be used that specify "field-type", "p", "a", "b", "generator" and "order". -Explicit parameters are supported for backwards compability reasons, but they +Explicit parameters are supported for backwards compatibility reasons, but they are not compliant with multiple standards (including RFC5915) which only allow named curves. @@ -70,7 +70,7 @@ I multiplied by the I gives the number of points on the curve. =item "decoded-from-explicit" (B) -Gets a flag indicating wether the key or parameters were decoded from explicit +Gets a flag indicating whether the key or parameters were decoded from explicit curve parameters. Set to 1 if so or 0 if a named curve was used. =item "use-cofactor-flag" (B) @@ -99,7 +99,7 @@ point_conversion_forms please see L. Valid values are Sets or Gets the type of group check done when EVP_PKEY_param_check() is called. Valid values are "default", "named" and "named-nist". The "named" type checks that the domain parameters match the inbuilt curve parameters, -"named-nist" is similiar but also checks that the named curve is a nist curve. +"named-nist" is similar but also checks that the named curve is a nist curve. The "default" type does domain parameter validation for the OpenSSL default provider, but is equivalent to "named-nist" for the OpenSSL FIPS provider. diff --git a/deps/openssl/openssl/doc/man7/EVP_PKEY-RSA.pod b/deps/openssl/openssl/doc/man7/EVP_PKEY-RSA.pod index f1141a364b8616..161e9d4d71d16d 100644 --- a/deps/openssl/openssl/doc/man7/EVP_PKEY-RSA.pod +++ b/deps/openssl/openssl/doc/man7/EVP_PKEY-RSA.pod @@ -189,7 +189,7 @@ both return 1 unconditionally. For RSA keys, L conforms to the SP800-56Br1 I when the OpenSSL FIPS provider is used. The OpenSSL default provider -performs similiar tests but relaxes the keysize restrictions for backwards +performs similar tests but relaxes the keysize restrictions for backwards compatibility. For RSA keys, L is the same as diff --git a/deps/openssl/openssl/doc/man7/OSSL_PROVIDER-FIPS.pod b/deps/openssl/openssl/doc/man7/OSSL_PROVIDER-FIPS.pod index 2f34866d998bf0..66165bdb0cc3f7 100644 --- a/deps/openssl/openssl/doc/man7/OSSL_PROVIDER-FIPS.pod +++ b/deps/openssl/openssl/doc/man7/OSSL_PROVIDER-FIPS.pod @@ -408,6 +408,19 @@ A simple self test callback is shown below for illustrative purposes. return ret; } +=head1 NOTES + +Some released versions of OpenSSL do not include a validated +FIPS provider. To determine which versions have undergone +the validation process, please refer to the +L. If you +require FIPS-approved functionality, it is essential to build your FIPS +provider using one of the validated versions listed there. Normally, +it is possible to utilize a FIPS provider constructed from one of the +validated versions alongside F and F compiled from any +release within the same major release series. This flexibility enables +you to address bug fixes and CVEs that fall outside the FIPS boundary. + =head1 SEE ALSO L, @@ -417,7 +430,8 @@ L, L, L, L, -L +L, +L =head1 HISTORY diff --git a/deps/openssl/openssl/doc/man7/crypto.pod b/deps/openssl/openssl/doc/man7/crypto.pod index ea81c91d3affed..c31e10ac29a53b 100644 --- a/deps/openssl/openssl/doc/man7/crypto.pod +++ b/deps/openssl/openssl/doc/man7/crypto.pod @@ -207,7 +207,7 @@ If anything in this step fails, the next step is used as a fallback. As a fallback, try to fetch the operation type implementation from the same provider as the original L's L, still using the -propery string from the B. +property string from the B. =back diff --git a/deps/openssl/openssl/doc/man7/fips_module.pod b/deps/openssl/openssl/doc/man7/fips_module.pod index b1d67ca61b43d9..d0861a9dceccda 100644 --- a/deps/openssl/openssl/doc/man7/fips_module.pod +++ b/deps/openssl/openssl/doc/man7/fips_module.pod @@ -14,6 +14,9 @@ This guide details different ways that OpenSSL can be used in conjunction with the FIPS module. Which is the correct approach to use will depend on your own specific circumstances and what you are attempting to achieve. +For information related to installing the FIPS module see +L. + Note that the old functions FIPS_mode() and FIPS_mode_set() are no longer present so you must remove them from your application if you use them. @@ -92,7 +95,7 @@ Obviously the include file location above should match the path and name of the FIPS module config file that you installed earlier. See L. -For FIPS usage, it is recommened that the B option is +For FIPS usage, it is recommended that the B option is enabled to prevent accidental use of non-FIPS validated algorithms via broken or mistaken configuration. See L. @@ -456,9 +459,23 @@ use L. To extract the name from the B, use L. +=head1 NOTES + +Some released versions of OpenSSL do not include a validated +FIPS provider. To determine which versions have undergone +the validation process, please refer to the +L. If you +require FIPS-approved functionality, it is essential to build your FIPS +provider using one of the validated versions listed there. Normally, +it is possible to utilize a FIPS provider constructed from one of the +validated versions alongside F and F compiled from any +release within the same major release series. This flexibility enables +you to address bug fixes and CVEs that fall outside the FIPS boundary. + =head1 SEE ALSO -L, L, L +L, L, L, +L =head1 HISTORY @@ -467,7 +484,7 @@ in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man7/life_cycle-pkey.pod b/deps/openssl/openssl/doc/man7/life_cycle-pkey.pod index 6768750f481991..a9dc06b934d55f 100644 --- a/deps/openssl/openssl/doc/man7/life_cycle-pkey.pod +++ b/deps/openssl/openssl/doc/man7/life_cycle-pkey.pod @@ -22,7 +22,7 @@ This state represents the PKEY after it has been allocated. =item decapsulate This state represents the PKEY when it is ready to perform a private key decapsulation -opeartion. +operation. =item decrypt @@ -40,7 +40,7 @@ operation. =item encapsulate This state represents the PKEY when it is ready to perform a public key encapsulation -opeartion. +operation. =item encrypt @@ -703,7 +703,7 @@ The provider PKEY interface was introduced in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man7/migration_guide.pod b/deps/openssl/openssl/doc/man7/migration_guide.pod index 9eb4a031aa32f3..61641324a7fc9d 100644 --- a/deps/openssl/openssl/doc/man7/migration_guide.pod +++ b/deps/openssl/openssl/doc/man7/migration_guide.pod @@ -130,7 +130,7 @@ New algorithms provided via engines will still work. Engine-backed keys can be loaded via custom B implementation. In this case the B objects created via L -will be concidered legacy and will continue to work. +will be considered legacy and will continue to work. To ensure the future compatibility, the engines should be turned to providers. To prefer the provider-based hardware offload, you can specify the default @@ -306,6 +306,15 @@ context and property query and will call an extended version of the key/IV derivation function which supports these parameters. This includes L, L and L. +=head4 PKCS#12 KDF versus FIPS + +Unlike in 1.x.y, the PKCS12KDF algorithm used when a PKCS#12 structure +is created with a MAC that does not work with the FIPS provider as the PKCS12KDF +is not a FIPS approvable mechanism. + +See L, L, L, +L. + =head4 Windows thread synchronization changes Windows thread synchronization uses read/write primitives (SRWLock) when @@ -641,7 +650,7 @@ set up with the default library context. Use L, L, L and L if a library context is required. -All functions listed below with a I have a replacment function I +All functions listed below with a I have a replacement function I that takes B as an additional argument. Functions that have other mappings are listed along with the respective name. @@ -999,7 +1008,7 @@ that refer to these categories. Any accessor that uses an ENGINE is deprecated (such as EVP_PKEY_set1_engine()). Applications using engines should instead use providers. -Before providers were added algorithms were overriden by changing the methods +Before providers were added algorithms were overridden by changing the methods used by algorithms. All these methods such as RSA_new_method() and RSA_meth_new() are now deprecated and can be replaced by using providers instead. @@ -1548,7 +1557,7 @@ See L EC_KEY_set_flags(), EC_KEY_get_flags(), EC_KEY_clear_flags() -See L which handles flags as seperate +See L which handles flags as separate parameters for B, B, B, B and diff --git a/deps/openssl/openssl/doc/man7/openssl-glossary.pod b/deps/openssl/openssl/doc/man7/openssl-glossary.pod index b112b375ac2019..54c8de93a058ba 100644 --- a/deps/openssl/openssl/doc/man7/openssl-glossary.pod +++ b/deps/openssl/openssl/doc/man7/openssl-glossary.pod @@ -12,7 +12,7 @@ openssl-glossary - An OpenSSL Glossary =item Algorithm -Cryptograpic primitives such as the SHA256 digest, or AES encryption are +Cryptographic primitives such as the SHA256 digest, or AES encryption are referred to in OpenSSL as "algorithms". There can be more than one implementation for any given algorithm available for use. @@ -45,7 +45,7 @@ L =item Default Provider -An OpenSSL Provider that contains the most commmon OpenSSL algorithm +An OpenSSL Provider that contains the most common OpenSSL algorithm implementations. It is loaded by default if no other provider is available. All the algorithm implementations in the Base Provider are also available in the Default Provider. @@ -81,7 +81,7 @@ Fetching is the process of looking through the available algorithm implementations, applying selection criteria (via a property query string), and finally choosing the implementation that will be used. -Also see Explicit Fetching and Implict Fetching. +Also see Explicit Fetching and Implicit Fetching. L @@ -221,7 +221,7 @@ This glossary was added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man7/provider-kdf.pod b/deps/openssl/openssl/doc/man7/provider-kdf.pod index ad80869ebea7c3..51362a7cccdc11 100644 --- a/deps/openssl/openssl/doc/man7/provider-kdf.pod +++ b/deps/openssl/openssl/doc/man7/provider-kdf.pod @@ -198,7 +198,7 @@ Sets the mode in the associated KDF ctx. =item "pkcs5" (B) -Enables or diables the SP800-132 compliance checks. +Enables or disables the SP800-132 compliance checks. A mode of 0 enables the compliance checks. The checks performed are: @@ -349,7 +349,7 @@ The provider KDF interface was introduced in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/doc/man7/provider-object.pod b/deps/openssl/openssl/doc/man7/provider-object.pod index 1088e035510f75..022d14d768fbdb 100644 --- a/deps/openssl/openssl/doc/man7/provider-object.pod +++ b/deps/openssl/openssl/doc/man7/provider-object.pod @@ -164,7 +164,7 @@ A human readable text that describes extra details on the object. =back -When a provider-native object abtraction is used, it I contain object +When a provider-native object abstraction is used, it I contain object data in at least one form (object data I, i.e. the "data" item, or object data I, i.e. the "reference" item). Both may be present at once, in which case the OpenSSL library code that @@ -184,7 +184,7 @@ introduced in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/engines/e_loader_attic.c b/deps/openssl/openssl/engines/e_loader_attic.c index eba7ab14b8e30d..a20e04da1a5b47 100644 --- a/deps/openssl/openssl/engines/e_loader_attic.c +++ b/deps/openssl/openssl/engines/e_loader_attic.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -1486,9 +1486,9 @@ static int file_name_check(OSSL_STORE_LOADER_CTX *ctx, const char *name) * Last, check that the rest of the extension is a decimal number, at * least one digit long. */ - if (!isdigit(*p)) + if (!isdigit((unsigned char)*p)) return 0; - while (isdigit(*p)) + while (isdigit((unsigned char)*p)) p++; #ifdef __VMS diff --git a/deps/openssl/openssl/fuzz/build.info b/deps/openssl/openssl/fuzz/build.info index 7b26b8c15228f8..dc976b70f06796 100644 --- a/deps/openssl/openssl/fuzz/build.info +++ b/deps/openssl/openssl/fuzz/build.info @@ -9,7 +9,7 @@ -} IF[{- !$disabled{"fuzz-afl"} || !$disabled{"fuzz-libfuzzer"} -}] - PROGRAMS{noinst}=asn1 asn1parse bignum bndiv client conf crl server x509 + PROGRAMS{noinst}=asn1 asn1parse bignum bndiv client conf crl server IF[{- !$disabled{"cmp"} -}] PROGRAMS{noinst}=cmp @@ -23,6 +23,10 @@ IF[{- !$disabled{"fuzz-afl"} || !$disabled{"fuzz-libfuzzer"} -}] PROGRAMS{noinst}=ct ENDIF + IF[{- !$disabled{"ocsp"} -}] + PROGRAMS{noinst}=x509 + ENDIF + SOURCE[asn1]=asn1.c driver.c fuzz_rand.c INCLUDE[asn1]=../include {- $ex_inc -} DEPEND[asn1]=../libcrypto ../libssl {- $ex_lib -} @@ -73,7 +77,7 @@ IF[{- !$disabled{"fuzz-afl"} || !$disabled{"fuzz-libfuzzer"} -}] ENDIF IF[{- !$disabled{tests} -}] - PROGRAMS{noinst}=asn1-test asn1parse-test bignum-test bndiv-test client-test conf-test crl-test server-test x509-test + PROGRAMS{noinst}=asn1-test asn1parse-test bignum-test bndiv-test client-test conf-test crl-test server-test IF[{- !$disabled{"cmp"} -}] PROGRAMS{noinst}=cmp-test @@ -87,6 +91,10 @@ IF[{- !$disabled{tests} -}] PROGRAMS{noinst}=ct-test ENDIF + IF[{- !$disabled{"ocsp"} -}] + PROGRAMS{noinst}=x509-test + ENDIF + SOURCE[asn1-test]=asn1.c test-corpus.c fuzz_rand.c INCLUDE[asn1-test]=../include DEPEND[asn1-test]=../libcrypto ../libssl diff --git a/deps/openssl/openssl/fuzz/x509.c b/deps/openssl/openssl/fuzz/x509.c index 78061d176af792..e2d2639164c01d 100644 --- a/deps/openssl/openssl/fuzz/x509.c +++ b/deps/openssl/openssl/fuzz/x509.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -9,6 +9,7 @@ */ #include +#include #include #include #include @@ -17,31 +18,131 @@ int FuzzerInitialize(int *argc, char ***argv) { FuzzerSetRand(); - OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS + | OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL); ERR_clear_error(); CRYPTO_free_ex_index(0, -1); return 1; } +static int cb(int ok, X509_STORE_CTX *ctx) +{ + return 1; +} + int FuzzerTestOneInput(const uint8_t *buf, size_t len) { const unsigned char *p = buf; + size_t orig_len = len; unsigned char *der = NULL; + BIO *bio = NULL; + X509 *x509_1 = NULL, *x509_2 = NULL; + X509_STORE *store = NULL; + X509_VERIFY_PARAM *param = NULL; + X509_STORE_CTX *ctx = NULL; + X509_CRL *crl = NULL; + STACK_OF(X509_CRL) *crls = NULL; + STACK_OF(X509) *certs = NULL; + OCSP_RESPONSE *resp = NULL; + OCSP_BASICRESP *bs = NULL; + OCSP_CERTID *id = NULL; + + x509_1 = d2i_X509(NULL, &p, len); + if (x509_1 == NULL) + goto err; + + bio = BIO_new(BIO_s_null()); + if (bio == NULL) + goto err; + + /* This will load and print the public key as well as extensions */ + X509_print(bio, x509_1); + BIO_free(bio); + + X509_issuer_and_serial_hash(x509_1); + + i2d_X509(x509_1, &der); + OPENSSL_free(der); + + len = orig_len - (p - buf); + x509_2 = d2i_X509(NULL, &p, len); + if (x509_2 == NULL) + goto err; + + len = orig_len - (p - buf); + crl = d2i_X509_CRL(NULL, &p, len); + if (crl == NULL) + goto err; + + len = orig_len - (p - buf); + resp = d2i_OCSP_RESPONSE(NULL, &p, len); + + store = X509_STORE_new(); + X509_STORE_add_cert(store, x509_2); - X509 *x509 = d2i_X509(NULL, &p, len); - if (x509 != NULL) { - BIO *bio = BIO_new(BIO_s_null()); - /* This will load and print the public key as well as extensions */ - X509_print(bio, x509); - BIO_free(bio); + param = X509_VERIFY_PARAM_new(); + X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_NO_CHECK_TIME); + X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_X509_STRICT); + X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_PARTIAL_CHAIN); + X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK); - X509_issuer_and_serial_hash(x509); + X509_STORE_set1_param(store, param); - i2d_X509(x509, &der); - OPENSSL_free(der); + X509_STORE_set_verify_cb(store, cb); - X509_free(x509); + ctx = X509_STORE_CTX_new(); + if (ctx == NULL) + goto err; + + X509_STORE_CTX_init(ctx, store, x509_1, NULL); + + if (crl != NULL) { + crls = sk_X509_CRL_new_null(); + if (crls == NULL) + goto err; + + sk_X509_CRL_push(crls, crl); + X509_STORE_CTX_set0_crls(ctx, crls); } + + X509_verify_cert(ctx); + + if (resp != NULL) + bs = OCSP_response_get1_basic(resp); + + if (bs != NULL) { + int status, reason; + ASN1_GENERALIZEDTIME *revtime, *thisupd, *nextupd; + + certs = sk_X509_new_null(); + if (certs == NULL) + goto err; + + sk_X509_push(certs, x509_1); + sk_X509_push(certs, x509_2); + + OCSP_basic_verify(bs, certs, store, OCSP_PARTIAL_CHAIN); + + id = OCSP_cert_to_id(NULL, x509_1, x509_2); + if (id == NULL) + goto err; + OCSP_resp_find_status(bs, id, &status, &reason, &revtime, &thisupd, + &nextupd); + } + +err: + X509_STORE_CTX_free(ctx); + X509_VERIFY_PARAM_free(param); + X509_STORE_free(store); + X509_free(x509_1); + X509_free(x509_2); + X509_CRL_free(crl); + OCSP_CERTID_free(id); + OCSP_BASICRESP_free(bs); + OCSP_RESPONSE_free(resp); + sk_X509_CRL_free(crls); + sk_X509_free(certs); + ERR_clear_error(); return 0; } diff --git a/deps/openssl/openssl/include/crypto/bn_conf.h b/deps/openssl/openssl/include/crypto/bn_conf.h deleted file mode 100644 index 79400c6472a49c..00000000000000 --- a/deps/openssl/openssl/include/crypto/bn_conf.h +++ /dev/null @@ -1 +0,0 @@ -#include "../../../config/bn_conf.h" diff --git a/deps/openssl/openssl/include/crypto/dso_conf.h b/deps/openssl/openssl/include/crypto/dso_conf.h deleted file mode 100644 index e7f2afa9872320..00000000000000 --- a/deps/openssl/openssl/include/crypto/dso_conf.h +++ /dev/null @@ -1 +0,0 @@ -#include "../../../config/dso_conf.h" diff --git a/deps/openssl/openssl/include/crypto/x509err.h b/deps/openssl/openssl/include/crypto/x509err.h index 53f567d92e249a..0a67975bd050f0 100644 --- a/deps/openssl/openssl/include/crypto/x509err.h +++ b/deps/openssl/openssl/include/crypto/x509err.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/include/openssl/asn1.h b/deps/openssl/openssl/include/openssl/asn1.h deleted file mode 100644 index cd9fc7cc706c37..00000000000000 --- a/deps/openssl/openssl/include/openssl/asn1.h +++ /dev/null @@ -1 +0,0 @@ -#include "../../../config/asn1.h" diff --git a/deps/openssl/openssl/include/openssl/asn1t.h b/deps/openssl/openssl/include/openssl/asn1t.h deleted file mode 100644 index 6ff4f574949bbd..00000000000000 --- a/deps/openssl/openssl/include/openssl/asn1t.h +++ /dev/null @@ -1 +0,0 @@ -#include "../../../config/asn1t.h" diff --git a/deps/openssl/openssl/include/openssl/bio.h b/deps/openssl/openssl/include/openssl/bio.h deleted file mode 100644 index dcece3cb4d6ebf..00000000000000 --- a/deps/openssl/openssl/include/openssl/bio.h +++ /dev/null @@ -1 +0,0 @@ -#include "../../../config/bio.h" diff --git a/deps/openssl/openssl/include/openssl/cmp.h b/deps/openssl/openssl/include/openssl/cmp.h deleted file mode 100644 index 7c8a6dc96fc360..00000000000000 --- a/deps/openssl/openssl/include/openssl/cmp.h +++ /dev/null @@ -1 +0,0 @@ -#include "../../../config/cmp.h" diff --git a/deps/openssl/openssl/include/openssl/cms.h b/deps/openssl/openssl/include/openssl/cms.h deleted file mode 100644 index 33a00775c9fa76..00000000000000 --- a/deps/openssl/openssl/include/openssl/cms.h +++ /dev/null @@ -1 +0,0 @@ -#include "../../../config/cms.h" diff --git a/deps/openssl/openssl/include/openssl/cmserr.h b/deps/openssl/openssl/include/openssl/cmserr.h index d48c2a4ab89f03..f2d7708f10c8d6 100644 --- a/deps/openssl/openssl/include/openssl/cmserr.h +++ b/deps/openssl/openssl/include/openssl/cmserr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -113,6 +113,7 @@ # define CMS_R_UNSUPPORTED_LABEL_SOURCE 193 # define CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE 155 # define CMS_R_UNSUPPORTED_RECIPIENT_TYPE 154 +# define CMS_R_UNSUPPORTED_SIGNATURE_ALGORITHM 195 # define CMS_R_UNSUPPORTED_TYPE 156 # define CMS_R_UNWRAP_ERROR 157 # define CMS_R_UNWRAP_FAILURE 180 diff --git a/deps/openssl/openssl/include/openssl/conf.h b/deps/openssl/openssl/include/openssl/conf.h deleted file mode 100644 index 2712886cafcd78..00000000000000 --- a/deps/openssl/openssl/include/openssl/conf.h +++ /dev/null @@ -1 +0,0 @@ -#include "../../../config/conf.h" diff --git a/deps/openssl/openssl/include/openssl/configuration.h b/deps/openssl/openssl/include/openssl/configuration.h deleted file mode 100644 index 8ffad996047c5e..00000000000000 --- a/deps/openssl/openssl/include/openssl/configuration.h +++ /dev/null @@ -1 +0,0 @@ -#include "../../../config/configuration.h" diff --git a/deps/openssl/openssl/include/openssl/crmf.h b/deps/openssl/openssl/include/openssl/crmf.h deleted file mode 100644 index 4103852ecb21c2..00000000000000 --- a/deps/openssl/openssl/include/openssl/crmf.h +++ /dev/null @@ -1 +0,0 @@ -#include "../../../config/crmf.h" diff --git a/deps/openssl/openssl/include/openssl/crypto.h b/deps/openssl/openssl/include/openssl/crypto.h deleted file mode 100644 index 6d0e701ebd3c19..00000000000000 --- a/deps/openssl/openssl/include/openssl/crypto.h +++ /dev/null @@ -1 +0,0 @@ -#include "../../../config/crypto.h" diff --git a/deps/openssl/openssl/include/openssl/ct.h b/deps/openssl/openssl/include/openssl/ct.h deleted file mode 100644 index 7ebb84387135be..00000000000000 --- a/deps/openssl/openssl/include/openssl/ct.h +++ /dev/null @@ -1 +0,0 @@ -#include "../../../config/ct.h" diff --git a/deps/openssl/openssl/include/openssl/dh.h b/deps/openssl/openssl/include/openssl/dh.h index b97871eca7faa5..6533260f20272f 100644 --- a/deps/openssl/openssl/include/openssl/dh.h +++ b/deps/openssl/openssl/include/openssl/dh.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -89,7 +89,11 @@ int EVP_PKEY_CTX_get0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm); # include # ifndef OPENSSL_DH_MAX_MODULUS_BITS -# define OPENSSL_DH_MAX_MODULUS_BITS 10000 +# define OPENSSL_DH_MAX_MODULUS_BITS 10000 +# endif + +# ifndef OPENSSL_DH_CHECK_MAX_MODULUS_BITS +# define OPENSSL_DH_CHECK_MAX_MODULUS_BITS 32768 # endif # define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 diff --git a/deps/openssl/openssl/include/openssl/err.h b/deps/openssl/openssl/include/openssl/err.h deleted file mode 100644 index bf482070474781..00000000000000 --- a/deps/openssl/openssl/include/openssl/err.h +++ /dev/null @@ -1 +0,0 @@ -#include "../../../config/err.h" diff --git a/deps/openssl/openssl/include/openssl/ess.h b/deps/openssl/openssl/include/openssl/ess.h deleted file mode 100644 index 64cc016225119f..00000000000000 --- a/deps/openssl/openssl/include/openssl/ess.h +++ /dev/null @@ -1 +0,0 @@ -#include "../../../config/ess.h" diff --git a/deps/openssl/openssl/include/openssl/evp.h b/deps/openssl/openssl/include/openssl/evp.h index 49e8e1df786516..e64072f9656263 100644 --- a/deps/openssl/openssl/include/openssl/evp.h +++ b/deps/openssl/openssl/include/openssl/evp.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -85,6 +85,8 @@ /* Easy to use macros for EVP_PKEY related selections */ # define EVP_PKEY_KEY_PARAMETERS \ ( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ) +# define EVP_PKEY_PRIVATE_KEY \ + ( EVP_PKEY_KEY_PARAMETERS | OSSL_KEYMGMT_SELECT_PRIVATE_KEY ) # define EVP_PKEY_PUBLIC_KEY \ ( EVP_PKEY_KEY_PARAMETERS | OSSL_KEYMGMT_SELECT_PUBLIC_KEY ) # define EVP_PKEY_KEYPAIR \ diff --git a/deps/openssl/openssl/include/openssl/fipskey.h b/deps/openssl/openssl/include/openssl/fipskey.h deleted file mode 100644 index c012013d98d4e8..00000000000000 --- a/deps/openssl/openssl/include/openssl/fipskey.h +++ /dev/null @@ -1 +0,0 @@ -#include "../../../config/fipskey.h" diff --git a/deps/openssl/openssl/include/openssl/lhash.h b/deps/openssl/openssl/include/openssl/lhash.h deleted file mode 100644 index 8d824f5cfe6274..00000000000000 --- a/deps/openssl/openssl/include/openssl/lhash.h +++ /dev/null @@ -1 +0,0 @@ -#include "../../../config/lhash.h" diff --git a/deps/openssl/openssl/include/openssl/ocsp.h b/deps/openssl/openssl/include/openssl/ocsp.h deleted file mode 100644 index 5b13afedf36bb6..00000000000000 --- a/deps/openssl/openssl/include/openssl/ocsp.h +++ /dev/null @@ -1 +0,0 @@ -#include "../../../config/ocsp.h" diff --git a/deps/openssl/openssl/include/openssl/opensslv.h b/deps/openssl/openssl/include/openssl/opensslv.h deleted file mode 100644 index 078cfba40fbe73..00000000000000 --- a/deps/openssl/openssl/include/openssl/opensslv.h +++ /dev/null @@ -1 +0,0 @@ -#include "../../../config/opensslv.h" diff --git a/deps/openssl/openssl/include/openssl/pkcs12.h b/deps/openssl/openssl/include/openssl/pkcs12.h deleted file mode 100644 index 2d7e2c08e99175..00000000000000 --- a/deps/openssl/openssl/include/openssl/pkcs12.h +++ /dev/null @@ -1 +0,0 @@ -#include "../../../config/pkcs12.h" diff --git a/deps/openssl/openssl/include/openssl/pkcs7.h b/deps/openssl/openssl/include/openssl/pkcs7.h deleted file mode 100644 index b553f9d0f053b0..00000000000000 --- a/deps/openssl/openssl/include/openssl/pkcs7.h +++ /dev/null @@ -1 +0,0 @@ -#include "../../../config/pkcs7.h" diff --git a/deps/openssl/openssl/include/openssl/pkcs7.h.in b/deps/openssl/openssl/include/openssl/pkcs7.h.in index f5c55a3fbe5761..006b38b604110b 100644 --- a/deps/openssl/openssl/include/openssl/pkcs7.h.in +++ b/deps/openssl/openssl/include/openssl/pkcs7.h.in @@ -1,7 +1,7 @@ /* * {- join("\n * ", @autowarntext) -} * - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -57,8 +57,8 @@ typedef struct pkcs7_signer_info_st { PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; X509_ALGOR *digest_alg; STACK_OF(X509_ATTRIBUTE) *auth_attr; /* [ 0 ] */ - X509_ALGOR *digest_enc_alg; - ASN1_OCTET_STRING *enc_digest; + X509_ALGOR *digest_enc_alg; /* confusing name, actually used for signing */ + ASN1_OCTET_STRING *enc_digest; /* confusing name, actually signature */ STACK_OF(X509_ATTRIBUTE) *unauth_attr; /* [ 1 ] */ /* The private key to sign with */ EVP_PKEY *pkey; diff --git a/deps/openssl/openssl/include/openssl/safestack.h b/deps/openssl/openssl/include/openssl/safestack.h deleted file mode 100644 index 989eafb33023b9..00000000000000 --- a/deps/openssl/openssl/include/openssl/safestack.h +++ /dev/null @@ -1 +0,0 @@ -#include "../../../config/safestack.h" diff --git a/deps/openssl/openssl/include/openssl/srp.h b/deps/openssl/openssl/include/openssl/srp.h deleted file mode 100644 index 9df42dad4c3127..00000000000000 --- a/deps/openssl/openssl/include/openssl/srp.h +++ /dev/null @@ -1 +0,0 @@ -#include "../../../config/srp.h" diff --git a/deps/openssl/openssl/include/openssl/ssl.h b/deps/openssl/openssl/include/openssl/ssl.h deleted file mode 100644 index eb74ca98a9759a..00000000000000 --- a/deps/openssl/openssl/include/openssl/ssl.h +++ /dev/null @@ -1 +0,0 @@ -#include "../../../config/ssl.h" diff --git a/deps/openssl/openssl/include/openssl/ui.h b/deps/openssl/openssl/include/openssl/ui.h deleted file mode 100644 index f5edb766b4fc6c..00000000000000 --- a/deps/openssl/openssl/include/openssl/ui.h +++ /dev/null @@ -1 +0,0 @@ -#include "../../../config/ui.h" diff --git a/deps/openssl/openssl/include/openssl/x509.h b/deps/openssl/openssl/include/openssl/x509.h deleted file mode 100644 index ed28bd68cb2474..00000000000000 --- a/deps/openssl/openssl/include/openssl/x509.h +++ /dev/null @@ -1 +0,0 @@ -#include "../../../config/x509.h" diff --git a/deps/openssl/openssl/include/openssl/x509_vfy.h b/deps/openssl/openssl/include/openssl/x509_vfy.h deleted file mode 100644 index 9270a3ee09750a..00000000000000 --- a/deps/openssl/openssl/include/openssl/x509_vfy.h +++ /dev/null @@ -1 +0,0 @@ -#include "../../../config/x509_vfy.h" diff --git a/deps/openssl/openssl/include/openssl/x509err.h b/deps/openssl/openssl/include/openssl/x509err.h index a56facd46bf978..34ead4b81acf89 100644 --- a/deps/openssl/openssl/include/openssl/x509err.h +++ b/deps/openssl/openssl/include/openssl/x509err.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -30,6 +30,7 @@ # define X509_R_CERT_ALREADY_IN_HASH_TABLE 101 # define X509_R_CRL_ALREADY_DELTA 127 # define X509_R_CRL_VERIFY_FAILURE 131 +# define X509_R_DUPLICATE_ATTRIBUTE 140 # define X509_R_ERROR_GETTING_MD_BY_NID 141 # define X509_R_ERROR_USING_SIGINF_SET 142 # define X509_R_IDP_MISMATCH 128 diff --git a/deps/openssl/openssl/include/openssl/x509v3.h b/deps/openssl/openssl/include/openssl/x509v3.h deleted file mode 100644 index 5629ae9a3a90af..00000000000000 --- a/deps/openssl/openssl/include/openssl/x509v3.h +++ /dev/null @@ -1 +0,0 @@ -#include "../../../config/x509v3.h" diff --git a/deps/openssl/openssl/providers/common/securitycheck.c b/deps/openssl/openssl/providers/common/securitycheck.c index 699ada7c529f30..0d3acdbe56e2ff 100644 --- a/deps/openssl/openssl/providers/common/securitycheck.c +++ b/deps/openssl/openssl/providers/common/securitycheck.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -167,17 +167,25 @@ int ossl_dsa_check_key(OSSL_LIB_CTX *ctx, const DSA *dsa, int sign) /* * For Digital signature verification DSA keys with < 112 bits of - * security strength (i.e L < 2048 bits), are still allowed for legacy - * use. The bounds given in SP800 131Ar2 - Table 2 are - * (512 <= L < 2048 and 160 <= N < 224) + * security strength, are still allowed for legacy + * use. The bounds given in SP 800-131Ar2 - Table 2 are + * (512 <= L < 2048 or 160 <= N < 224). + * + * We are a little stricter and insist that both minimums are met. + * For example a L = 256, N = 160 key *would* be allowed by SP 800-131Ar2 + * but we don't. */ - if (!sign && L < 2048) - return (L >= 512 && N >= 160 && N < 224); + if (!sign) { + if (L < 512 || N < 160) + return 0; + if (L < 2048 || N < 224) + return 1; + } /* Valid sizes for both sign and verify */ - if (L == 2048 && (N == 224 || N == 256)) + if (L == 2048 && (N == 224 || N == 256)) /* 112 bits */ return 1; - return (L == 3072 && N == 256); + return (L == 3072 && N == 256); /* 128 bits */ } # endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */ return 1; diff --git a/deps/openssl/openssl/providers/fips-sources.checksums b/deps/openssl/openssl/providers/fips-sources.checksums index dea6ef04e23db6..fa977f5a983829 100644 --- a/deps/openssl/openssl/providers/fips-sources.checksums +++ b/deps/openssl/openssl/providers/fips-sources.checksums @@ -21,7 +21,7 @@ c56c324667b67d726e040d70379efba5b270e2937f403c1b5979018b836903c7 crypto/aes/asm c7c6694480bb5319690f94826139a93f5c460ebea6dba101b520a76cb956ec93 crypto/aes/asm/aesni-x86_64.pl f3a8f3c960c0f47aaa8fc2633d18b14e7c7feeccc536b0115a08bc58333122b6 crypto/aes/asm/aesp8-ppc.pl e397a5781893e97dd90a5a52049633be12a43f379ec5751bca2a6350c39444c8 crypto/aes/asm/aest4-sparcv9.pl -a097f9d71de7cefa8e93629033ff1986fb01128623ec051d9b5afef55c0e5ebb crypto/aes/asm/aesv8-armx.pl +e3955352a92d56905d63e68937e4758f13190a14a10a3dcb1e5c641c49913c0c crypto/aes/asm/aesv8-armx.pl 5e8005fdb6641df465bdda20c3476f7176e6bcd63d5073044a0c02a327c7f172 crypto/aes/asm/bsaes-armv7.pl 0726a2c4c15c27a12b2f7d5e16863df4a1b1daa7b7d9b728f621b2b224d290e6 crypto/aes/asm/bsaes-x86_64.pl 1ff94d6bf6c8ae4809f64657eb89260fe3cb22137f649d3c73f72cb190258196 crypto/aes/asm/vpaes-armv8.pl @@ -79,7 +79,7 @@ d94295953ab91469fe2b9da2a542b8ea11ac38551ecde8f8202b7f645c2dea16 crypto/bn/bn_d 74b63a4515894592b7241fb30b91b21510beaa3d397809e3d74bc9a73e879d18 crypto/bn/bn_div.c a29b8b7fa8460f11e50f880e3c3c9e0755b93889bcbb5476206c4d938a9c5735 crypto/bn/bn_exp.c ec2b6e3af6df473a23e7f1a8522f2554cb0eb5d34e3282458c4a66d242278434 crypto/bn/bn_exp2.c -1abab2cc5466b005b939d156e7d8664a4d42a191c9040dbb83941269d6844f0c crypto/bn/bn_gcd.c +baba7c8ae95af6aa36bc9f4be3a2eed33d500451e568ca4bfc6bc7cb48d4f7ea crypto/bn/bn_gcd.c 4d6cc7ed36978247a191df1eea0120f8ee97b639ba228793dabe5a8355a1a609 crypto/bn/bn_gf2m.c 081e8a6abc23599307dab3b1a92113a65e0bf8717cbc40c970c7469350bc4581 crypto/bn/bn_intern.c 602ed46fbfe12c899dfb7d9d99ff0dbfff96b454fce3cd02817f3e2488dd9192 crypto/bn/bn_kron.c @@ -93,7 +93,7 @@ f60f3d49b183b04bcdf9b82f7c961b8c1bcb00e68a2c1166fe9edd95a783356e crypto/bn/bn_m c6760a724d696b7209f0a71f8483fabcf4f081f7e93e2628284c32ef78f69365 crypto/bn/bn_prime.c c56ad3073108a0de21c5820a48beae2bccdbf5aa8075ec21738878222eb9adc3 crypto/bn/bn_prime.h 628419eabdb88b265823e43a7a1c88fdfecef79771180836f6089050dc9eadb1 crypto/bn/bn_rand.c -1f6e13da1d9965b341f81bc0842a987a7db9b7de0fa7f7040d49be01b92d282b crypto/bn/bn_recp.c +4df8f204c8a06de2b4395be613ca0b9943613c523586e2005876d5c7bb891c75 crypto/bn/bn_recp.c a5c5c9f99961a5a7f22a3dcdce964c8a330f822be17f08652223a20fed747d0a crypto/bn/bn_rsa_fips186_4.c 704b0b4723e5c9e9bae5f3e35f9ae8ae8dca3383929e954de9e5169845abfdb2 crypto/bn/bn_shift.c 622e90766b29e0d25f46474429aebda8eba2246835b9e85dc26da7cdbd49334f crypto/bn/bn_sqr.c @@ -109,7 +109,7 @@ c39334b70e1394e43f378ae8d31b6e6dc125e4d9181e6536d38e649c4eaadb75 crypto/buffer/ ff9be205d6d7ff00b0e64508f0eb8d9ec0415fbabc0948d26e308212b3f7b2d8 crypto/context.c c309d81ea991ddf5be4337afad2fd132169f7443c76f863349d3f3c82f3374e4 crypto/core_algorithm.c f0fd9eb38bf7f196bbb4d26ce8fdf86d0a4f9db219157e66b2c0ffefb4f42005 crypto/core_fetch.c -02670d631bf0f34cca1e3477079d7fe5de4e03c391cf3992986f44f55319597c crypto/core_namemap.c +799c84d224639c6760c5c28e0e287500a973ca6d0c3d7c1bdcd61b0da4018b3c crypto/core_namemap.c 469e2f53b5f76cd487a60d3d4c44c8fc3a6c4d08405597ba664661ba485508d3 crypto/cpuid.c 71f0fff881eb4c5505fb17662f0ea4bbff24c6858c045a013ad8f786b07da5c4 crypto/cryptlib.c 66dbfc58916709d5a6913777346083247942a8d9458ee9b2bf443f0ea4988d64 crypto/ctype.c @@ -122,20 +122,20 @@ eeef5722ad56bf1af2ff71681bcc8b8525bc7077e973c98cee920ce9bcc66c81 crypto/des/ecb 61926e30dd940616e80936d1c94c5f522daf0d475fb3a40a9e589e78f322901e crypto/des/set_key.c 8344811b14d151f6cd40a7bc45c8f4a1106252b119c1d5e6a589a023f39b107d crypto/des/spr.h 816472a54c273906d0a2b58650e0b9d28cc2c8023d120f0d77160f1fe34c4ca3 crypto/dh/dh_backend.c -d2d0569bea2598bd405f23b60e5283a6ce353f1145a25ff8f28cf15711743156 crypto/dh/dh_check.c +fcbfe5acb73e1b4094efec56a754b803d2c1a53644c78cf6a73ae868e3f3886d crypto/dh/dh_check.c 7838e9a35870b0fbcba0aff2f52a2439f64d026e9922bce6e5978c2f22c51120 crypto/dh/dh_gen.c 6b17861887b2535159b9e6ca4f927767dad3e71b6e8be50055bc784f78e92d64 crypto/dh/dh_group_params.c a5cf5cb464b40f1bc5457dc2a6f2c5ec0f050196603cd2ba7037a23ab64adbf7 crypto/dh/dh_kdf.c -0afa7dd237f9b21b0cfb0de10505facd57eb07ded905d888d43a1de2356d4002 crypto/dh/dh_key.c -b0046b2c4e1d74ff4e93f2486a00f63728909b8a75cbdd29b9100e607f97995c crypto/dh/dh_lib.c +9e61a0b5017d835b348b15e93760c42d8d899ffae4251455c7b3085cfd25294c crypto/dh/dh_key.c +92345c259ea2a8c09e6d6b069d0942bd6ca4642231580f3e8148ae7a832a1115 crypto/dh/dh_lib.c 8300775d88db0a1aa26a77eb49d6c4f7252e7fee69e1440de4c40edadc9da044 crypto/dh/dh_local.h bbcf4fc3067ac462a27d7277973180b7dc140df9262a686c7fbe4318ca01f7b8 crypto/dsa/dsa_backend.c -b9c5992089203123c3fae46e39bb4d05e19854087bca7a30ad1f82a3505deec7 crypto/dsa/dsa_check.c +d7e0d87494e3b3f0898a56785a219e87a2ce14416393ec32d8c0b5f539c7bdbf crypto/dsa/dsa_check.c ae727bf6319eb57e682de35d75ea357921987953b3688365c710e7fba51c7c58 crypto/dsa/dsa_gen.c b1de1624e590dbf76f76953802ff162cc8de7c5e2eaba897313c866424d6902b crypto/dsa/dsa_key.c -9e436a2e0867920c3a5ac58bc14300cad4ab2c4c8fe5e40b355dfd21bfdfe146 crypto/dsa/dsa_lib.c +9f4837c5abe53613a2dc1c5db81d073d4f42bd28b6a2d1e93a2b350d8e25d52a crypto/dsa/dsa_lib.c f4d52d3897219786c6046bf76abb2f174655c584caa50272bf5d281720df5022 crypto/dsa/dsa_local.h -38062c6eebdb2f88fa0c6592837a96a49de2ae520d3ad483a3e02921c8adb094 crypto/dsa/dsa_ossl.c +c5c252f205482a71efeabe226d51a1c541a6ba2dfa9b8b8a70901087a9dc1667 crypto/dsa/dsa_ossl.c d612fd05ff98816ba6cf37f84c0e31443ad9d840ed587a7ab2066027da390325 crypto/dsa/dsa_sign.c 53fa10cc87ac63e35df661882852dc46ae68e6fee83b842f1aeefe00b8900ee1 crypto/dsa/dsa_vrf.c d9722ad8c6b6e209865a921f3cda831d09bf54a55cacd1edd9802edb6559190a crypto/ec/asm/ecp_nistp521-ppc64.pl @@ -193,7 +193,7 @@ b4b7c683279454ba41438f50a015cb63ef056ccb9be0168918dfbae00313dc68 crypto/ec/ecp_ 0e75a058dcbbb62cfe39fec6c4a85385dc1a8fce794e4278ce6cebb29763b82b crypto/evp/dh_support.c 1af3872164b4a4757bc7896a24b4d2f8eb2cfb4cba0d872a93db69975693e0a6 crypto/evp/digest.c 838277f228cd3025cf95a9cd435e5606ad1fb5d207bbb057aa29892e6a657c55 crypto/evp/ec_support.c -1c3d1b1f800b1f1f5adb1fdbdd67cdf37ca7ea93b264d1468c72a63c140873ce crypto/evp/evp_enc.c +61df3942752307b7006f09d7628348a0cc9e5555469a3a8862349067a52824b7 crypto/evp/evp_enc.c 7f10367f9b6191c4a8c01784130d26b2d778485a41cdac5fa17c9a1c4096f132 crypto/evp/evp_fetch.c ebe32b2895f7f9767710674352c8949efe93b4bbb5e7b71c27bb5d1822339b46 crypto/evp/evp_lib.c 78f07bf50b6999611a4e9414ab3a20b219b0ab29ca2bd05002d6919a3f67b8eb crypto/evp/evp_local.h @@ -213,11 +213,11 @@ e7e8eb5683cd3fbd409df888020dc353b65ac291361829cc4131d5bc86c9fcb3 crypto/evp/mac 1f0e9e94e9b0ad322956521b438b78d44cfcd8eb974e8921d05f9e21ba1c05cf crypto/evp/pmeth_gn.c 76511fba789089a50ef87774817a5482c33633a76a94ecf7b6e8eb915585575d crypto/evp/pmeth_lib.c 4b2dbddf0f9ceed34c3822347138be754fb194febca1c21c46bcc3a5cce33674 crypto/evp/signature.c -b06cb8fd4bd95aae1f66e1e145269c82169257f1a60ef0f78f80a3d4c5131fac crypto/ex_data.c +f2acfb82aac20251d05a9c252cc6c282bd44e43feac4ac2e0faf68b9a38aef57 crypto/ex_data.c 1c8389c5d49616d491978f0f2b2a54ba82d805ec41c8f75c67853216953cf46a crypto/ffc/ffc_backend.c a12af33e605315cdddd6d759e70cd9632f0f33682b9aa7103ed1ecd354fc7e55 crypto/ffc/ffc_dh.c 854378f57707e31ad02cca6eec94369f91f327288d3665713e249c12f7b13211 crypto/ffc/ffc_key_generate.c -2695c9c8ad9193a8c1ab53d5d09712d50d12c91eb8d62e8a15cbc78f327afe84 crypto/ffc/ffc_key_validate.c +4e973d956d4ec2087994de8e963be1a512da1441f22e6e7b9cd7ee536e3ff834 crypto/ffc/ffc_key_validate.c 8b72d5a7452b2c15aec6d20027053a83f7df89d49a3b6cfedd77e2b1a29e9fc1 crypto/ffc/ffc_params.c 1a1d227f9a0f427d2ec93bc646c726c9cd49a84a343b4aff0c9c744fa6df05a9 crypto/ffc/ffc_params_generate.c 73dac805abab36cd9df53a421221c71d06a366a4ce479fa788be777f11b47159 crypto/ffc/ffc_params_validate.c @@ -225,7 +225,7 @@ a12af33e605315cdddd6d759e70cd9632f0f33682b9aa7103ed1ecd354fc7e55 crypto/ffc/ffc 0395c1b0834f2f4a0ca1756385f4dc1a4ef6fb925b2db3743df7f57256c5166f crypto/hmac/hmac_local.h 0e2d6129504d15ffaf5baa63158ccec0e4b6193a8275333956d8f868ef35127e crypto/ia64cpuid.S f897493b50f4e9dd4cacb2a7accda6683c10ece602641874cdff1dac7128a751 crypto/initthread.c -5482c47c266523129980302426d25839fda662f1544f4b684707e6b272a952c9 crypto/lhash/lhash.c +7290d8d7ec31a98b17618f218d4f27b393501c7606c814a43db8af1975ad1d10 crypto/lhash/lhash.c 5d49ce00fc06df1b64cbc139ef45c71e0faf08a33f966bc608c82d574521a49e crypto/lhash/lhash_local.h f866aafae928db1b439ac950dc90744a2397dfe222672fe68b3798396190c8b0 crypto/mem_clr.c e14f48d4112c0efe3826b4aa390cc24045a85298cc551ec7f3f36ac4236d7d81 crypto/modes/asm/aes-gcm-armv8_64.pl @@ -240,7 +240,7 @@ e472d73d06933667a51a0af973479993eed333c71b43af03095450acb36dbeb4 crypto/modes/a 26f55a57e77f774d17dfba93d757f78edfa3a03f68a71ffa37ccf3bfc468b1e2 crypto/modes/asm/ghash-x86.pl 72744131007d2389c09665a59a862f5f6bb61b64bd3456e9b400985cb56586b8 crypto/modes/asm/ghash-x86_64.pl a4e9f2e496bd9362b17a1b5989aa4682647cefcff6117f0607122a9e11a9dfd9 crypto/modes/asm/ghashp8-ppc.pl -0029b5beb1d4cd4c5ad47164c23f3e7c9d1eaff66ef54af025ee26795b11a1c7 crypto/modes/asm/ghashv8-armx.pl +69a13f423ca74c22543900c14aef4a848e3bc75504b65d2f51c6903aebcc17a7 crypto/modes/asm/ghashv8-armx.pl 65112dfe63cd59487e7bdb1706b44acfcf48ecede12cc3ae51daa5b661f41f06 crypto/modes/cbc128.c 1611e73dc1e01b5c2201f51756a7405b7673aa0bb872e2957d1ec80c3530486f crypto/modes/ccm128.c d8c2f256532a4b94db6d03aea5cb609cccc938069f644b2fc77c5015648d148d crypto/modes/cfb128.c @@ -252,29 +252,29 @@ e55a816c356b2d526bc6e40c8b81afa02576e4d44c7d7b6bbe444fb8b01aad41 crypto/modes/w 8aa2504f84a0637b5122f0c963c9d82773ba248bad972ab92be7169995d162b5 crypto/o_str.c 8ddbbdf43131c10dcd4428aef0eff2b1e98b0410accada0fad41a4925868beef crypto/packet.c a20bfd927d69737c86ca95d3cf636afa8cefd8fe23412d1a3897644a0da21211 crypto/param_build.c -c2fe815fb3fd5efe9a6544cae55f9469063a0f6fb728361737b927f6182ae0bb crypto/param_build_set.c -06e67fdd2a308bf355c8dae2e0acd9af94f6e53d428a7d31966311eb5c0aebc1 crypto/params.c +2a0f272dd553b698e8c6fa57962694ebd6064cb03fe26a60df529205568d315d crypto/param_build_set.c +0e4a5388a92fabbe5a540176c0b4c5ce258b78dc9168ecc2e805352a06aaf0ba crypto/params.c 4fda13f6af05d80b0ab89ec4f5813c274a21a9b4565be958a02d006236cef05c crypto/params_dup.c a0097ff2da8955fe15ba204cb54f3fd48a06f846e2b9826f507b26acf65715c3 crypto/params_from_text.c 97cb7414dc2f165d5849ee3b46cdfff0afb067729435d9c01a747e0ca41e230c crypto/ppccap.c 3ca43596a7528dec8ff9d1a3cd0d68b62640f84b1d6a8b5e4842cfd0be1133ad crypto/ppccpuid.pl b4d34272a0bd1fbe6562022bf7ea6259b6a5a021a48222d415be47ef5ef2a905 crypto/property/defn_cache.c -7da6ae864beb1a4daa4be31eb41d48141a3a7eb7a263a4937a6889e05656a595 crypto/property/property.c +3c4ade2fed4605e374d85ec1134a98da34e7124f89f44b81a754e8cfe81f14ba crypto/property/property.c 66da4f28d408133fb544b14aeb9ad4913e7c5c67e2826e53f0dc5bf4d8fada26 crypto/property/property_local.h -921305e62749aec22da4843738bee3448b61e7e30d5309beddc7141ad07a8004 crypto/property/property_parse.c +099407e68e705f1458b701b9336f633565fc0843355fedf1ec83794349548a51 crypto/property/property_parse.c a7cefda6a117550e2c76e0f307565ce1e11640b11ba10c80e469a837fd1212a3 crypto/property/property_query.c 065698c8d88a5facc0cbc02a3bd0c642c94687a8c5dd79901c942138b406067d crypto/property/property_string.c -9653ec9c1476350a94b9cc7f8be3d99961fd803870c9ac03315298d2909a6a8e crypto/provider_core.c +0ba5d0297837940c972224c97cbbf3ea4a723c1eed9ce1112538c9bb26208639 crypto/provider_core.c d0af10d4091b2032aac1b7db80f8c2e14fa7176592716b25b9437ab6b53c0a89 crypto/provider_local.h 5ba2e1c74ddcd0453d02e32612299d1eef18eff8493a7606c15d0dc3738ad1d9 crypto/provider_predefined.c a5a4472636b8b0095ad8d4acd37e275ad79da1a67ecff7b7b5c3e46c9ebc65b7 crypto/rand/rand_lib.c fd03b9bb2c23470fa40880ed3bf9847bb17d50592101a78c0ad7a0f121209788 crypto/rand/rand_local.h f0c8792a99132e0b9c027cfa7370f45594a115934cdc9e8f23bdd64abecaf7fd crypto/rsa/rsa_acvp_test_params.c -9e7dd6fc91d3266d4aa4f0f41b7986381122b7d98114e63ebf04c5ee298b5fda crypto/rsa/rsa_backend.c +5834d7c518ad53ea0dd3db811c0e51568c81cc6c117012030101d29003d0725c crypto/rsa/rsa_backend.c 38a102cd1da1f6ca5a46e6a22f018237964336274385f5c70cbedcaa6997647e crypto/rsa/rsa_chk.c e32cfa04221a2a3ea33f7bcb93ee51b84cbeba97e94c1fbf6e420b24f97fc9ce crypto/rsa/rsa_crpt.c e995da1c2e5007bd7f5907f369fe45ed15f4e657143a85078c755bd5e6863d0b crypto/rsa/rsa_gen.c -74ed75d1d8e0844800504a137bfd81c3dbcb6c4bd58b5d5fe9d0a362092b6e88 crypto/rsa/rsa_lib.c +f2222f270e57559537d3da8abbeb1390bc5376b73dae59d536af6e73eb48bba0 crypto/rsa/rsa_lib.c a65e85be5269d8cb88e86b3413c978fa8994419a671092cbf104ff1a08fda23b crypto/rsa/rsa_local.h cf0b75cd54b61b9b9a290ef18d0ddce9fb26a029a54eb3f720d9b25188440f00 crypto/rsa/rsa_mp_names.c 5c60f6e05db82e13178d805deb1947b8eee4a905e6e77523d3b288da70a46bb5 crypto/rsa/rsa_none.c @@ -292,9 +292,9 @@ f01af62704dbf9457e2669c3e7c1d4d740f0388faa49df93611b987a8aa2bf11 crypto/rsa/rsa 5fa59240ca885cbc0c1cd026934b226d44fc9c3fdf0c2e7e3a7bd7f4963ca2e5 crypto/self_test_core.c 05c533fde7fdba0c76103e97d881b7224c8427451b453e2f6413552996063e31 crypto/sha/asm/keccak1600-armv4.pl ca3b2b654f9a8c4bc2fa2538c1f19d17acd4a6b9e0df6a4b81df04efa697e67e crypto/sha/asm/keccak1600-armv8.pl -ef575a7fb4956cc3be4ef10a6aeaa10702eadfc92c86167880690320ce942b26 crypto/sha/asm/keccak1600-avx2.pl -f1dcf75789dfb0c5d7cd35988cb8046f60097bbaf1fbdab32a9269fa5492214c crypto/sha/asm/keccak1600-avx512.pl -63e547b100562d1142512d5b54e16efc276ecb6c743c27873dbcdd7cb917c828 crypto/sha/asm/keccak1600-avx512vl.pl +12b7acce2fba0bc0e1ca07842ec84be6a022f141c86e077abb42c864af1d8d9c crypto/sha/asm/keccak1600-avx2.pl +faf0cccb685d5abc807e08db194f847c67b940da2fc3c235c210dc31d73a5334 crypto/sha/asm/keccak1600-avx512.pl +be1e7dd9998e3f31cfa6e1b17bc198aeec584a8b76820e38f71d51b05f8a9f2a crypto/sha/asm/keccak1600-avx512vl.pl 33bdcc6f7668460c3bdf779633e43bfad62b937042a73acb007b462fc5b0a034 crypto/sha/asm/keccak1600-c64x.pl 09fc831dd39bd90a701e9b16d9e9987cc215252a22e1e0355f5da6c495fca35a crypto/sha/asm/keccak1600-mmx.pl ce4a58129e5ee3ac4c9dfec5ecc010440570ebf7bf869e3e9977f2121a64b27a crypto/sha/asm/keccak1600-ppc64.pl @@ -344,7 +344,7 @@ c50c584c55e56347bb43aca4b796b5344d70daece3061f586b79c871c21f5d1a crypto/sparse_ 8da78169fa8c09dc3c29c9bf1602b22e88c5eac4815e274ba1864c166e31584b crypto/stack/stack.c 7b4efa594d8d1f3ecbf4605cf54f72fb296a3b1d951bdc69e415aaa08f34e5c8 crypto/threads_lib.c a41ae93a755e2ec89b3cb5b4932e2b508fdda92ace2e025a2650a6da0e9e972c crypto/threads_none.c -2637a8727dee790812b000f2e02b336f7907949df633dda72938bbaafdb204fe crypto/threads_pthread.c +3729e2bd36f945808b578e0d89fac0fcb3114e4fc9381614bcbd8a9869991716 crypto/threads_pthread.c 88423960f0414f6fd41fba4f4c67f9f7260c2741e4788adcd52493e895ec8027 crypto/threads_win.c fd6c27cf7c6b5449b17f2b725f4203c4c10207f1973db09fd41571efe5de08fd crypto/x86_64cpuid.pl bbec287bb9bf35379885f8f8998b7fd9e8fc22efee9e1b299109af0f33a7ee16 crypto/x86cpuid.pl @@ -419,7 +419,7 @@ cbd9d7855ca3ba4240207fc025c22bbfef7411116446ff63511e336a0559bed0 include/openss 1d1697bd3e35920ff9eaec23c29472d727a7fc4d108150957f41f6f5ecf80f1a include/openssl/cryptoerr.h bbc82260cbcadd406091f39b9e3b5ea63146d9a4822623ead16fa12c43ab9fc6 include/openssl/cryptoerr_legacy.h fa3e6b6c2e6222424b9cd7005e3c5499a2334c831cd5d6a29256ce945be8cb1d include/openssl/des.h -3a57eceec58ab781d79cb0458c2251a233f45ba0ef8f414d148c55ac2dff1bc8 include/openssl/dh.h +75fba45d6fc66e3aaef216959327157613f08070935aae4a5260e740184f031f include/openssl/dh.h 836130f5a32bbdce51b97b34758ed1b03a9d06065c187418eaf323dca6adfc6d include/openssl/dherr.h 92ae2c907fd56859e3ae28a085071611be5c9245879305cdf8bad027219e64b6 include/openssl/dsa.h 276d1f6e111ba933bc708e6a0670047cbe0d0b67aabe31807abbbc231de4d8cf include/openssl/dsaerr.h @@ -430,7 +430,7 @@ bc9ec2be442a4f49980ba2c63c8f0da701de1f6e23d7db35d781658f833dd7b9 include/openss 61c76ee3f12ed0e42503a56421ca00f1cb9a0f4caa5f9c4421c374bcd45917d7 include/openssl/encoder.h 69dd983f45b8ccd551f084796519446552963a18c52b70470d978b597c81b2dc include/openssl/encodererr.h c6ee8f17d7252bdd0807a124dc6d50a95c32c04e17688b7c2e061998570b7028 include/openssl/err.h.in -12ec111c0e22581e0169be5e1838353a085fb51e3042ef59a7db1cee7da73c5b include/openssl/evp.h +b23bf3e2d0a60fe4d768afbe7aab48b47791e1274ae42b28895255119ae7f61d include/openssl/evp.h 5bd1b5dcd14067a1fe490d49df911002793c0b4f0bd4492cd8f71cfed7bf9f2a include/openssl/evperr.h 5381d96fe867a4ee0ebc09b9e3a262a0d7a27edc5f91dccfb010c7d713cd0820 include/openssl/fips_names.h b1d41beba560a41383f899a361b786e04f889106fb5960ec831b0af7996c9783 include/openssl/fipskey.h.in @@ -492,11 +492,11 @@ e1ef8b2be828a54312d6561b37751a5b6e9d5ebdb6c3e63589728c3d8adca7dc providers/comm a8b73b10ab0100942dd2bc45f2fc9c9238b70bec0e49708ba113bc7479c8b92a providers/common/provider_err.c 9eae3e2cac89c7b63d091fdca1b6d80c5c5d52aa79c8ba4ce0158c5437ad62f3 providers/common/provider_seeding.c eec462d685dd3b4764b076a3c18ecd9dd254350a0b78ddc2f8a60587829e1ce3 providers/common/provider_util.c -ba345b0d71f74c9e3d752579e16d11cc70b4b00faa329cc674bc43dd2620e044 providers/common/securitycheck.c +5b94312727ca33e4f5c038f4caaae8417bf584cfde22df83d91f3c55c30c81ee providers/common/securitycheck.c 527eda471e26763a5fcf123b2d290234d5c836de7b8ef6eef2166ef439919d82 providers/common/securitycheck_fips.c abd5997bc33b681a4ab275978b92aebca0806a4a3f0c2f41dacf11b3b6f4e101 providers/fips/fips_entry.c 0f761a26c8fa6ad8d5a15c817afe1741352b21769b2164a2eb7dd50e1f6fe04f providers/fips/fipsprov.c -52b48aece6aa3592593c94b53326410c75efb95ac480697ce414679446b49943 providers/fips/self_test.c +5d24ba30f9cc7ca48546fb85dc285bd68590f3a604a0bd471bcb0c2a61169591 providers/fips/self_test.c f822a03138e8b83ccaa910b89d72f31691da6778bf6638181f993ec7ae1167e3 providers/fips/self_test.h d3c95c9c6cc4e3b1a5e4b2bfb2ae735a4109d763bcda7b1e9b8f9eb253f79820 providers/fips/self_test_data.inc 629f619ad055723e42624230c08430a3ef53e17ab405dc0fd35499e9ca4e389c providers/fips/self_test_kats.c @@ -567,18 +567,18 @@ abe2b0f3711eaa34846e155cffc9242e4051c45de896f747afd5ac9d87f637dc providers/impl 589f6133799da80760e8bc3ab0191a341ab6d4d2706e92e6eb4a24b0250fefa6 providers/implementations/kdfs/tls1_prf.c 4d4a6d9a562d2dcfec941d3f113a544663b5ac2fbe4accd89ec70c1cc11751d0 providers/implementations/kdfs/x942kdf.c 6b6c776b12664164f3cb54c21df61e1c4477c7855d89431a16fb338cdae58d43 providers/implementations/kem/rsa_kem.c -37120f8a420de0e44b7dc1f31b50d59520e5318cf546e83684e0c3de5c7b76c5 providers/implementations/keymgmt/dh_kmgmt.c -2a4493c9e68f41d37d7ec69c272005c6df7b1a34db2d49663f52e836e4fd888c providers/implementations/keymgmt/dsa_kmgmt.c +11a0d0fb88ed88e965f10b3a0ef6c880f60341df995128f57ad943053aaf15b2 providers/implementations/keymgmt/dh_kmgmt.c +a329f57cb041cd03907e9d996fbc2f378ee116c7f8d7fbf1ea08b7a5df7e0304 providers/implementations/keymgmt/dsa_kmgmt.c 9bc88451d3ae110c7a108ee73d3b3b6bda801ec3494d2dfb9c9970b85c2d34fe providers/implementations/keymgmt/ec_kmgmt.c 258ae17bb2dd87ed1511a8eb3fe99eed9b77f5c2f757215ff6b3d0e8791fc251 providers/implementations/keymgmt/ec_kmgmt_imexport.inc -d77ece2494e6b12a6201a2806ee5fb24a6dc2fa3e1891a46012a870e0b781ab1 providers/implementations/keymgmt/ecx_kmgmt.c +011c36aad6834729043f23eacab417732541ee23916d9afa5bb9164862be00bb providers/implementations/keymgmt/ecx_kmgmt.c 053a2be39a87f50b877ebdbbf799cf5faf8b2de33b04311d819d212ee1ea329b providers/implementations/keymgmt/kdf_legacy_kmgmt.c -e30357311e4a3e1c78266af6315fd1fc99584bfb09f4a7cd0ddc7261cf1e17e1 providers/implementations/keymgmt/mac_legacy_kmgmt.c +1646b477fa231dd0f6c22444c99098f9b447cab0d39ff69b811262469d4dbe09 providers/implementations/keymgmt/mac_legacy_kmgmt.c 19f22fc70a6321441e56d5bd4aab3d01d52d17069d4e4b5cefce0f411ecece75 providers/implementations/keymgmt/rsa_kmgmt.c aeb42590728ca87b916b8a3d337351b1c82ee0747213e5ce740c2350b3db7185 providers/implementations/macs/cmac_prov.c e69aa06f8f3c6f5a26702b9f44a844b8589b99dc0ee590953a29e8b9ef10acbe providers/implementations/macs/gmac_prov.c 895c8dc7235b9ad5ff893be0293cbc245a5455e8850195ac7d446646e4ea71d0 providers/implementations/macs/hmac_prov.c -f75fbfe5348f93ad610da7d310f4e8fecf18c0549f27605da25d393c33e0edc2 providers/implementations/macs/kmac_prov.c +8640b63fd8325aaf8f7128d6cc448d9af448a65bf51a8978075467d33a67944e providers/implementations/macs/kmac_prov.c bf30274dd6b528ae913984775bd8f29c6c48c0ef06d464d0f738217727b7aa5c providers/implementations/rands/crngt.c 9d23df7f99beec7392c9d4ed813407050bc2d150098888fe802e2c9705fc33fa providers/implementations/rands/drbg.c bb5f8161a80d0d1a7ee919af2b167972b00afd62e326252ca6aa93101f315f19 providers/implementations/rands/drbg_ctr.c diff --git a/deps/openssl/openssl/providers/fips.checksum b/deps/openssl/openssl/providers/fips.checksum index 077e225c6d9309..347a9614339ee8 100644 --- a/deps/openssl/openssl/providers/fips.checksum +++ b/deps/openssl/openssl/providers/fips.checksum @@ -1 +1 @@ -d4b8aaf04173ffd7bdd7d64e823002a988146d85c193a4bb8217dc8225583169 providers/fips-sources.checksums +114b59f288ec2d6ddfcd26187f43cad614c6d4e4a7aba24410494f46f627671c providers/fips-sources.checksums diff --git a/deps/openssl/openssl/providers/fips/self_test.c b/deps/openssl/openssl/providers/fips/self_test.c index 80d048a847b081..ca5b3b585bd31a 100644 --- a/deps/openssl/openssl/providers/fips/self_test.c +++ b/deps/openssl/openssl/providers/fips/self_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -16,6 +16,7 @@ #include #include #include "e_os.h" +#include "internal/tsan_assist.h" #include "prov/providercommon.h" /* @@ -47,7 +48,6 @@ static int FIPS_conditional_error_check = 1; static CRYPTO_RWLOCK *self_test_lock = NULL; -static CRYPTO_RWLOCK *fips_state_lock = NULL; static unsigned char fixed_key[32] = { FIPS_KEY_ELEMENTS }; static CRYPTO_ONCE fips_self_test_init = CRYPTO_ONCE_STATIC_INIT; @@ -59,7 +59,6 @@ DEFINE_RUN_ONCE_STATIC(do_fips_self_test_init) * platform then we just leak it deliberately. */ self_test_lock = CRYPTO_THREAD_lock_new(); - fips_state_lock = CRYPTO_THREAD_lock_new(); return self_test_lock != NULL; } @@ -155,12 +154,12 @@ void __TERM__cleanup(void) { # define DEP_INITIAL_STATE FIPS_STATE_SELFTEST #endif -static int FIPS_state = DEP_INITIAL_STATE; +static TSAN_QUALIFIER int FIPS_state = DEP_INITIAL_STATE; #if defined(DEP_INIT_ATTRIBUTE) DEP_INIT_ATTRIBUTE void init(void) { - FIPS_state = FIPS_STATE_SELFTEST; + tsan_store(&FIPS_state, FIPS_STATE_SELFTEST); } #endif @@ -168,7 +167,6 @@ DEP_INIT_ATTRIBUTE void init(void) DEP_FINI_ATTRIBUTE void cleanup(void) { CRYPTO_THREAD_lock_free(self_test_lock); - CRYPTO_THREAD_lock_free(fips_state_lock); } #endif @@ -229,10 +227,7 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex static void set_fips_state(int state) { - if (ossl_assert(CRYPTO_THREAD_write_lock(fips_state_lock) != 0)) { - FIPS_state = state; - CRYPTO_THREAD_unlock(fips_state_lock); - } + tsan_store(&FIPS_state, state); } /* This API is triggered either on loading of the FIPS module or on demand */ @@ -250,10 +245,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) if (!RUN_ONCE(&fips_self_test_init, do_fips_self_test_init)) return 0; - if (!CRYPTO_THREAD_read_lock(fips_state_lock)) - return 0; - loclstate = FIPS_state; - CRYPTO_THREAD_unlock(fips_state_lock); + loclstate = tsan_load(&FIPS_state); if (loclstate == FIPS_STATE_RUNNING) { if (!on_demand_test) @@ -265,24 +257,17 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) if (!CRYPTO_THREAD_write_lock(self_test_lock)) return 0; - if (!CRYPTO_THREAD_read_lock(fips_state_lock)) { - CRYPTO_THREAD_unlock(self_test_lock); - return 0; - } - if (FIPS_state == FIPS_STATE_RUNNING) { - CRYPTO_THREAD_unlock(fips_state_lock); + loclstate = tsan_load(&FIPS_state); + if (loclstate == FIPS_STATE_RUNNING) { if (!on_demand_test) { CRYPTO_THREAD_unlock(self_test_lock); return 1; } set_fips_state(FIPS_STATE_SELFTEST); - } else if (FIPS_state != FIPS_STATE_SELFTEST) { - CRYPTO_THREAD_unlock(fips_state_lock); + } else if (loclstate != FIPS_STATE_SELFTEST) { CRYPTO_THREAD_unlock(self_test_lock); ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_STATE); return 0; - } else { - CRYPTO_THREAD_unlock(fips_state_lock); } if (st == NULL @@ -393,20 +378,13 @@ void ossl_set_error_state(const char *type) int ossl_prov_is_running(void) { - int res; - static unsigned int rate_limit = 0; + int res, loclstate; + static TSAN_QUALIFIER unsigned int rate_limit = 0; - if (!CRYPTO_THREAD_read_lock(fips_state_lock)) - return 0; - res = FIPS_state == FIPS_STATE_RUNNING - || FIPS_state == FIPS_STATE_SELFTEST; - if (FIPS_state == FIPS_STATE_ERROR) { - CRYPTO_THREAD_unlock(fips_state_lock); - if (!CRYPTO_THREAD_write_lock(fips_state_lock)) - return 0; - if (rate_limit++ < FIPS_ERROR_REPORTING_RATE_LIMIT) + loclstate = tsan_load(&FIPS_state); + res = loclstate == FIPS_STATE_RUNNING || loclstate == FIPS_STATE_SELFTEST; + if (loclstate == FIPS_STATE_ERROR) + if (tsan_counter(&rate_limit) < FIPS_ERROR_REPORTING_RATE_LIMIT) ERR_raise(ERR_LIB_PROV, PROV_R_FIPS_MODULE_IN_ERROR_STATE); - } - CRYPTO_THREAD_unlock(fips_state_lock); return res; } diff --git a/deps/openssl/openssl/providers/implementations/ciphers/cipher_aes_siv.c b/deps/openssl/openssl/providers/implementations/ciphers/cipher_aes_siv.c index 45010b90db2af8..bdc896e8f7e403 100644 --- a/deps/openssl/openssl/providers/implementations/ciphers/cipher_aes_siv.c +++ b/deps/openssl/openssl/providers/implementations/ciphers/cipher_aes_siv.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -120,14 +120,18 @@ static int siv_cipher(void *vctx, unsigned char *out, size_t *outl, if (!ossl_prov_is_running()) return 0; - if (inl == 0) { - *outl = 0; - return 1; - } + /* Ignore just empty encryption/decryption call and not AAD. */ + if (out != NULL) { + if (inl == 0) { + if (outl != NULL) + *outl = 0; + return 1; + } - if (outsize < inl) { - ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); - return 0; + if (outsize < inl) { + ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); + return 0; + } } if (ctx->hw->cipher(ctx, out, in, inl) <= 0) diff --git a/deps/openssl/openssl/providers/implementations/ciphers/cipher_chacha20.c b/deps/openssl/openssl/providers/implementations/ciphers/cipher_chacha20.c index 386c865d832e0f..ef80a515d756dc 100644 --- a/deps/openssl/openssl/providers/implementations/ciphers/cipher_chacha20.c +++ b/deps/openssl/openssl/providers/implementations/ciphers/cipher_chacha20.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -21,6 +21,7 @@ static OSSL_FUNC_cipher_newctx_fn chacha20_newctx; static OSSL_FUNC_cipher_freectx_fn chacha20_freectx; +static OSSL_FUNC_cipher_dupctx_fn chacha20_dupctx; static OSSL_FUNC_cipher_get_params_fn chacha20_get_params; static OSSL_FUNC_cipher_get_ctx_params_fn chacha20_get_ctx_params; static OSSL_FUNC_cipher_set_ctx_params_fn chacha20_set_ctx_params; @@ -64,6 +65,25 @@ static void chacha20_freectx(void *vctx) } } +static void *chacha20_dupctx(void *vctx) +{ + PROV_CHACHA20_CTX *ctx = (PROV_CHACHA20_CTX *)vctx; + PROV_CHACHA20_CTX *dupctx = NULL; + + if (ctx != NULL) { + dupctx = OPENSSL_memdup(ctx, sizeof(*dupctx)); + if (dupctx != NULL && dupctx->base.tlsmac != NULL && dupctx->base.alloced) { + dupctx->base.tlsmac = OPENSSL_memdup(dupctx->base.tlsmac, + dupctx->base.tlsmacsize); + if (dupctx->base.tlsmac == NULL) { + OPENSSL_free(dupctx); + dupctx = NULL; + } + } + } + return dupctx; +} + static int chacha20_get_params(OSSL_PARAM params[]) { return ossl_cipher_generic_get_params(params, 0, CHACHA20_FLAGS, @@ -187,6 +207,7 @@ int ossl_chacha20_dinit(void *vctx, const unsigned char *key, size_t keylen, const OSSL_DISPATCH ossl_chacha20_functions[] = { { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))chacha20_newctx }, { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))chacha20_freectx }, + { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))chacha20_dupctx }, { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))ossl_chacha20_einit }, { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))ossl_chacha20_dinit }, { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))chacha20_update }, diff --git a/deps/openssl/openssl/providers/implementations/ciphers/cipher_rc4_hmac_md5.h b/deps/openssl/openssl/providers/implementations/ciphers/cipher_rc4_hmac_md5.h index 1697aabbf39bcb..4a1d154a7ceb1c 100644 --- a/deps/openssl/openssl/providers/implementations/ciphers/cipher_rc4_hmac_md5.h +++ b/deps/openssl/openssl/providers/implementations/ciphers/cipher_rc4_hmac_md5.h @@ -1,5 +1,5 @@ /* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -31,3 +31,6 @@ typedef struct prov_cipher_hw_rc4_hmac_md5_st { } PROV_CIPHER_HW_RC4_HMAC_MD5; const PROV_CIPHER_HW *ossl_prov_cipher_hw_rc4_hmac_md5(size_t keybits); + +void rc4_md5_enc(RC4_KEY *key, const void *in0, void *out, + MD5_CTX *ctx, const void *inp, size_t blocks); diff --git a/deps/openssl/openssl/providers/implementations/encode_decode/decode_der2key.c b/deps/openssl/openssl/providers/implementations/encode_decode/decode_der2key.c index b9cee2571bf392..d598f7eba1acc9 100644 --- a/deps/openssl/openssl/providers/implementations/encode_decode/decode_der2key.c +++ b/deps/openssl/openssl/providers/implementations/encode_decode/decode_der2key.c @@ -316,10 +316,14 @@ static int der2key_export_object(void *vctx, void *keydata; if (reference_sz == sizeof(keydata) && export != NULL) { + int selection = ctx->selection; + + if (selection == 0) + selection = OSSL_KEYMGMT_SELECT_ALL; /* The contents of the reference is the address to our object */ keydata = *(void **)reference; - return export(keydata, ctx->selection, export_cb, export_cbarg); + return export(keydata, selection, export_cb, export_cbarg); } return 0; } diff --git a/deps/openssl/openssl/providers/implementations/encode_decode/decode_msblob2key.c b/deps/openssl/openssl/providers/implementations/encode_decode/decode_msblob2key.c index 501957faba0117..b9d0cabadae2e4 100644 --- a/deps/openssl/openssl/providers/implementations/encode_decode/decode_msblob2key.c +++ b/deps/openssl/openssl/providers/implementations/encode_decode/decode_msblob2key.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -79,6 +79,18 @@ static void msblob2key_freectx(void *vctx) OPENSSL_free(ctx); } +static int msblob2key_does_selection(void *provctx, int selection) +{ + if (selection == 0) + return 1; + + if ((selection & (OSSL_KEYMGMT_SELECT_PRIVATE_KEY + | OSSL_KEYMGMT_SELECT_PUBLIC_KEY)) != 0) + return 1; + + return 0; +} + static int msblob2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection, OSSL_CALLBACK *data_cb, void *data_cbarg, OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) @@ -211,10 +223,14 @@ msblob2key_export_object(void *vctx, void *keydata; if (reference_sz == sizeof(keydata) && export != NULL) { + int selection = ctx->selection; + + if (selection == 0) + selection = OSSL_KEYMGMT_SELECT_ALL; /* The contents of the reference is the address to our object */ keydata = *(void **)reference; - return export(keydata, ctx->selection, export_cb, export_cbarg); + return export(keydata, selection, export_cb, export_cbarg); } return 0; } @@ -260,6 +276,8 @@ static void rsa_adjust(void *key, struct msblob2key_ctx_st *ctx) (void (*)(void))msblob2##keytype##_newctx }, \ { OSSL_FUNC_DECODER_FREECTX, \ (void (*)(void))msblob2key_freectx }, \ + { OSSL_FUNC_DECODER_DOES_SELECTION, \ + (void (*)(void))msblob2key_does_selection }, \ { OSSL_FUNC_DECODER_DECODE, \ (void (*)(void))msblob2key_decode }, \ { OSSL_FUNC_DECODER_EXPORT_OBJECT, \ diff --git a/deps/openssl/openssl/providers/implementations/encode_decode/decode_pvk2key.c b/deps/openssl/openssl/providers/implementations/encode_decode/decode_pvk2key.c index c6424165b03bf7..2d7cb15e53e0ae 100644 --- a/deps/openssl/openssl/providers/implementations/encode_decode/decode_pvk2key.c +++ b/deps/openssl/openssl/providers/implementations/encode_decode/decode_pvk2key.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -79,6 +79,17 @@ static void pvk2key_freectx(void *vctx) OPENSSL_free(ctx); } +static int pvk2key_does_selection(void *provctx, int selection) +{ + if (selection == 0) + return 1; + + if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) + return 1; + + return 0; +} + static int pvk2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection, OSSL_CALLBACK *data_cb, void *data_cbarg, OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) @@ -179,10 +190,14 @@ static int pvk2key_export_object(void *vctx, void *keydata; if (reference_sz == sizeof(keydata) && export != NULL) { + int selection = ctx->selection; + + if (selection == 0) + selection = OSSL_KEYMGMT_SELECT_ALL; /* The contents of the reference is the address to our object */ keydata = *(void **)reference; - return export(keydata, ctx->selection, export_cb, export_cbarg); + return export(keydata, selection, export_cb, export_cbarg); } return 0; } @@ -226,6 +241,8 @@ static void rsa_adjust(void *key, struct pvk2key_ctx_st *ctx) (void (*)(void))pvk2##keytype##_newctx }, \ { OSSL_FUNC_DECODER_FREECTX, \ (void (*)(void))pvk2key_freectx }, \ + { OSSL_FUNC_DECODER_DOES_SELECTION, \ + (void (*)(void))pvk2key_does_selection }, \ { OSSL_FUNC_DECODER_DECODE, \ (void (*)(void))pvk2key_decode }, \ { OSSL_FUNC_DECODER_EXPORT_OBJECT, \ diff --git a/deps/openssl/openssl/providers/implementations/encode_decode/encode_key2any.c b/deps/openssl/openssl/providers/implementations/encode_decode/encode_key2any.c index c7b01cb2b3e5ef..0f4c62962ddcd4 100644 --- a/deps/openssl/openssl/providers/implementations/encode_decode/encode_key2any.c +++ b/deps/openssl/openssl/providers/implementations/encode_decode/encode_key2any.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -858,14 +858,17 @@ static int prepare_rsa_params(const void *rsa, int nid, int save, case 1: if ((str = OPENSSL_malloc(str_sz)) == NULL || !WPACKET_init_der(&pkt, str, str_sz)) { + WPACKET_cleanup(&pkt); goto err; } break; } if (!ossl_DER_w_RSASSA_PSS_params(&pkt, -1, pss) || !WPACKET_finish(&pkt) - || !WPACKET_get_total_written(&pkt, &str_sz)) + || !WPACKET_get_total_written(&pkt, &str_sz)) { + WPACKET_cleanup(&pkt); goto err; + } WPACKET_cleanup(&pkt); /* diff --git a/deps/openssl/openssl/providers/implementations/encode_decode/encode_key2text.c b/deps/openssl/openssl/providers/implementations/encode_decode/encode_key2text.c index 7d983f5e51c6df..3e75a9afb370c6 100644 --- a/deps/openssl/openssl/providers/implementations/encode_decode/encode_key2text.c +++ b/deps/openssl/openssl/providers/implementations/encode_decode/encode_key2text.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -241,7 +241,7 @@ static int dh_to_text(BIO *out, const void *key, int selection) return 0; } } - if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { + if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { pub_key = DH_get0_pub_key(dh); if (pub_key == NULL) { ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY); @@ -316,7 +316,7 @@ static int dsa_to_text(BIO *out, const void *key, int selection) return 0; } } - if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { + if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { pub_key = DSA_get0_pub_key(dsa); if (pub_key == NULL) { ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY); @@ -525,7 +525,7 @@ static int ec_to_text(BIO *out, const void *key, int selection) if (priv_len == 0) goto err; } - if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { + if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { const EC_POINT *pub_pt = EC_KEY_get0_public_key(ec); if (pub_pt == NULL) { @@ -575,26 +575,31 @@ static int ecx_to_text(BIO *out, const void *key, int selection) return 0; } + switch (ecx->type) { + case ECX_KEY_TYPE_X25519: + type_label = "X25519"; + break; + case ECX_KEY_TYPE_X448: + type_label = "X448"; + break; + case ECX_KEY_TYPE_ED25519: + type_label = "ED25519"; + break; + case ECX_KEY_TYPE_ED448: + type_label = "ED448"; + break; + } + if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { if (ecx->privkey == NULL) { ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PRIVATE_KEY); return 0; } - switch (ecx->type) { - case ECX_KEY_TYPE_X25519: - type_label = "X25519 Private-Key"; - break; - case ECX_KEY_TYPE_X448: - type_label = "X448 Private-Key"; - break; - case ECX_KEY_TYPE_ED25519: - type_label = "ED25519 Private-Key"; - break; - case ECX_KEY_TYPE_ED448: - type_label = "ED448 Private-Key"; - break; - } + if (BIO_printf(out, "%s Private-Key:\n", type_label) <= 0) + return 0; + if (!print_labeled_buf(out, "priv:", ecx->privkey, ecx->keylen)) + return 0; } else if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { /* ecx->pubkey is an array, not a pointer... */ if (!ecx->haspubkey) { @@ -602,29 +607,11 @@ static int ecx_to_text(BIO *out, const void *key, int selection) return 0; } - switch (ecx->type) { - case ECX_KEY_TYPE_X25519: - type_label = "X25519 Public-Key"; - break; - case ECX_KEY_TYPE_X448: - type_label = "X448 Public-Key"; - break; - case ECX_KEY_TYPE_ED25519: - type_label = "ED25519 Public-Key"; - break; - case ECX_KEY_TYPE_ED448: - type_label = "ED448 Public-Key"; - break; - } + if (BIO_printf(out, "%s Public-Key:\n", type_label) <= 0) + return 0; } - if (BIO_printf(out, "%s:\n", type_label) <= 0) - return 0; - if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0 - && !print_labeled_buf(out, "priv:", ecx->privkey, ecx->keylen)) - return 0; - if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0 - && !print_labeled_buf(out, "pub:", ecx->pubkey, ecx->keylen)) + if (!print_labeled_buf(out, "pub:", ecx->pubkey, ecx->keylen)) return 0; return 1; diff --git a/deps/openssl/openssl/providers/implementations/keymgmt/dh_kmgmt.c b/deps/openssl/openssl/providers/implementations/keymgmt/dh_kmgmt.c index 9a7dde7c66273b..c14b9765d11b30 100644 --- a/deps/openssl/openssl/providers/implementations/keymgmt/dh_kmgmt.c +++ b/deps/openssl/openssl/providers/implementations/keymgmt/dh_kmgmt.c @@ -222,6 +222,9 @@ static int dh_export(void *keydata, int selection, OSSL_CALLBACK *param_cb, if (!ossl_prov_is_running() || dh == NULL) return 0; + if ((selection & DH_POSSIBLE_SELECTIONS) == 0) + return 0; + tmpl = OSSL_PARAM_BLD_new(); if (tmpl == NULL) return 0; @@ -389,7 +392,7 @@ static int dh_validate_public(const DH *dh, int checktype) && ossl_dh_is_named_safe_prime_group(dh)) return ossl_dh_check_pub_key_partial(dh, pub_key, &res); - return DH_check_pub_key(dh, pub_key, &res); + return DH_check_pub_key_ex(dh, pub_key); } static int dh_validate_private(const DH *dh) diff --git a/deps/openssl/openssl/providers/implementations/keymgmt/dsa_kmgmt.c b/deps/openssl/openssl/providers/implementations/keymgmt/dsa_kmgmt.c index cd8b4410b0db63..2f5742cfcc07ce 100644 --- a/deps/openssl/openssl/providers/implementations/keymgmt/dsa_kmgmt.c +++ b/deps/openssl/openssl/providers/implementations/keymgmt/dsa_kmgmt.c @@ -223,6 +223,9 @@ static int dsa_export(void *keydata, int selection, OSSL_CALLBACK *param_cb, if (!ossl_prov_is_running() || dsa == NULL) return 0; + if ((selection & DSA_POSSIBLE_SELECTIONS) == 0) + return 0; + tmpl = OSSL_PARAM_BLD_new(); if (tmpl == NULL) return 0; diff --git a/deps/openssl/openssl/providers/implementations/keymgmt/ecx_kmgmt.c b/deps/openssl/openssl/providers/implementations/keymgmt/ecx_kmgmt.c index 2a7f867aa56b3b..987d38456fba41 100644 --- a/deps/openssl/openssl/providers/implementations/keymgmt/ecx_kmgmt.c +++ b/deps/openssl/openssl/providers/implementations/keymgmt/ecx_kmgmt.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -238,6 +238,9 @@ static int ecx_export(void *keydata, int selection, OSSL_CALLBACK *param_cb, if (!ossl_prov_is_running() || key == NULL) return 0; + if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0) + return 0; + tmpl = OSSL_PARAM_BLD_new(); if (tmpl == NULL) return 0; diff --git a/deps/openssl/openssl/providers/implementations/keymgmt/mac_legacy_kmgmt.c b/deps/openssl/openssl/providers/implementations/keymgmt/mac_legacy_kmgmt.c index c934ff16409415..1fae4407fca609 100644 --- a/deps/openssl/openssl/providers/implementations/keymgmt/mac_legacy_kmgmt.c +++ b/deps/openssl/openssl/providers/implementations/keymgmt/mac_legacy_kmgmt.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -281,6 +281,9 @@ static int mac_export(void *keydata, int selection, OSSL_CALLBACK *param_cb, if (!ossl_prov_is_running() || key == NULL) return 0; + if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) == 0) + return 0; + tmpl = OSSL_PARAM_BLD_new(); if (tmpl == NULL) return 0; diff --git a/deps/openssl/openssl/providers/implementations/macs/kmac_prov.c b/deps/openssl/openssl/providers/implementations/macs/kmac_prov.c index b2f85398b4e284..99e7c60a74ce50 100644 --- a/deps/openssl/openssl/providers/implementations/macs/kmac_prov.c +++ b/deps/openssl/openssl/providers/implementations/macs/kmac_prov.c @@ -1,5 +1,5 @@ /* - * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -249,7 +249,7 @@ static int kmac_setkey(struct kmac_data_st *kctx, const unsigned char *key, ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); return 0; } - if (w < 0) { + if (w <= 0) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST_LENGTH); return 0; } @@ -289,7 +289,7 @@ static int kmac_init(void *vmacctx, const unsigned char *key, return 0; t = EVP_MD_get_block_size(ossl_prov_digest_md(&kctx->digest)); - if (t < 0) { + if (t <= 0) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST_LENGTH); return 0; } diff --git a/deps/openssl/openssl/providers/implementations/storemgmt/file_store.c b/deps/openssl/openssl/providers/implementations/storemgmt/file_store.c index 6d6312659beac1..bb8b2ab8625a1e 100644 --- a/deps/openssl/openssl/providers/implementations/storemgmt/file_store.c +++ b/deps/openssl/openssl/providers/implementations/storemgmt/file_store.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -612,9 +612,9 @@ static int file_name_check(struct file_ctx_st *ctx, const char *name) * Last, check that the rest of the extension is a decimal number, at * least one digit long. */ - if (!isdigit(*p)) + if (!isdigit((unsigned char)*p)) return 0; - while (isdigit(*p)) + while (isdigit((unsigned char)*p)) p++; #ifdef __VMS @@ -623,7 +623,7 @@ static int file_name_check(struct file_ctx_st *ctx, const char *name) */ if (*p == ';') for (p++; *p != '\0'; p++) - if (!ossl_isdigit(*p)) + if (!ossl_isdigit((unsigned char)*p)) break; #endif diff --git a/deps/openssl/openssl/ssl/ssl_lib.c b/deps/openssl/openssl/ssl/ssl_lib.c index a00e1fe3621c9c..b0ab5c6ef80042 100644 --- a/deps/openssl/openssl/ssl/ssl_lib.c +++ b/deps/openssl/openssl/ssl/ssl_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -631,7 +631,7 @@ int SSL_clear(SSL *s) OPENSSL_free(s->psksession_id); s->psksession_id = NULL; s->psksession_id_len = 0; - s->hello_retry_request = 0; + s->hello_retry_request = SSL_HRR_NONE; s->sent_tickets = 0; s->error = 0; @@ -2894,14 +2894,14 @@ char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size) if (sk_SSL_CIPHER_find(srvrsk, c) < 0) continue; - n = strlen(c->name); - if (n + 1 > size) { + n = OPENSSL_strnlen(c->name, size); + if (n >= size) { if (p != buf) --p; *p = '\0'; return buf; } - strcpy(p, c->name); + memcpy(p, c->name, n); p += n; *(p++) = ':'; size -= n + 1; diff --git a/deps/openssl/openssl/ssl/ssl_sess.c b/deps/openssl/openssl/ssl/ssl_sess.c index c322a11d9c52a5..d836b33ed0e81d 100644 --- a/deps/openssl/openssl/ssl/ssl_sess.c +++ b/deps/openssl/openssl/ssl/ssl_sess.c @@ -198,8 +198,11 @@ SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket) dest->references = 1; dest->lock = CRYPTO_THREAD_lock_new(); - if (dest->lock == NULL) + if (dest->lock == NULL) { + OPENSSL_free(dest); + dest = NULL; goto err; + } if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, dest, &dest->ex_data)) goto err; diff --git a/deps/openssl/openssl/ssl/statem/extensions.c b/deps/openssl/openssl/ssl/statem/extensions.c index 2f8b80fb6f8891..d686bd6dba8a9b 100644 --- a/deps/openssl/openssl/ssl/statem/extensions.c +++ b/deps/openssl/openssl/ssl/statem/extensions.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -1420,7 +1420,11 @@ static int final_key_share(SSL *s, unsigned int context, int sent) group_id = pgroups[i]; if (check_in_list(s, group_id, clntgroups, clnt_num_groups, - 1)) + 1) + && tls_group_allowed(s, group_id, + SSL_SECOP_CURVE_SUPPORTED) + && tls_valid_group(s, group_id, TLS1_3_VERSION, + TLS1_3_VERSION, 0, NULL)) break; } diff --git a/deps/openssl/openssl/ssl/statem/extensions_srvr.c b/deps/openssl/openssl/ssl/statem/extensions_srvr.c index ed53b28aba80ab..0dfbfed9a4af6c 100644 --- a/deps/openssl/openssl/ssl/statem/extensions_srvr.c +++ b/deps/openssl/openssl/ssl/statem/extensions_srvr.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -883,7 +883,7 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, } /* Act as if this ClientHello came after a HelloRetryRequest */ - s->hello_retry_request = 1; + s->hello_retry_request = SSL_HRR_PENDING; s->ext.cookieok = 1; #endif diff --git a/deps/openssl/openssl/ssl/statem/statem_lib.c b/deps/openssl/openssl/ssl/statem/statem_lib.c index 8053bbc86b69fb..cb31835265ff76 100644 --- a/deps/openssl/openssl/ssl/statem/statem_lib.c +++ b/deps/openssl/openssl/ssl/statem/statem_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -67,7 +67,8 @@ int ssl3_do_write(SSL *s, int type) #endif ret = ssl3_write_bytes(s, type, &s->init_buf->data[s->init_off], s->init_num, &written); - if (ret < 0) + + if (ret <= 0) return -1; if (type == SSL3_RT_HANDSHAKE) /* diff --git a/deps/openssl/openssl/ssl/t1_lib.c b/deps/openssl/openssl/ssl/t1_lib.c index e6f4bcc04533ce..8be00a4f340598 100644 --- a/deps/openssl/openssl/ssl/t1_lib.c +++ b/deps/openssl/openssl/ssl/t1_lib.c @@ -23,6 +23,7 @@ #include "internal/nelem.h" #include "internal/sizes.h" #include "internal/tlsgroups.h" +#include "internal/cryptlib.h" #include "ssl_local.h" #include @@ -600,6 +601,7 @@ uint16_t tls1_shared_group(SSL *s, int nmatch) const uint16_t *pref, *supp; size_t num_pref, num_supp, i; int k; + SSL_CTX *ctx = s->ctx; /* Can't do anything on client side */ if (s->server == 0) @@ -636,10 +638,29 @@ uint16_t tls1_shared_group(SSL *s, int nmatch) for (k = 0, i = 0; i < num_pref; i++) { uint16_t id = pref[i]; + const TLS_GROUP_INFO *inf; if (!tls1_in_list(id, supp, num_supp) - || !tls_group_allowed(s, id, SSL_SECOP_CURVE_SHARED)) - continue; + || !tls_group_allowed(s, id, SSL_SECOP_CURVE_SHARED)) + continue; + inf = tls1_group_id_lookup(ctx, id); + if (!ossl_assert(inf != NULL)) + return 0; + if (SSL_IS_DTLS(s)) { + if (inf->maxdtls == -1) + continue; + if ((inf->mindtls != 0 && DTLS_VERSION_LT(s->version, inf->mindtls)) + || (inf->maxdtls != 0 + && DTLS_VERSION_GT(s->version, inf->maxdtls))) + continue; + } else { + if (inf->maxtls == -1) + continue; + if ((inf->mintls != 0 && s->version < inf->mintls) + || (inf->maxtls != 0 && s->version > inf->maxtls)) + continue; + } + if (nmatch == k) return id; k++; diff --git a/deps/openssl/openssl/test/README-dev.md b/deps/openssl/openssl/test/README-dev.md index d015bcf5bfb019..d8922de000800f 100644 --- a/deps/openssl/openssl/test/README-dev.md +++ b/deps/openssl/openssl/test/README-dev.md @@ -130,7 +130,11 @@ Generic form of C test executables int setup_tests(void) { ADD_TEST(my_test); /* Add each test separately */ - return 1; /* Indicate success */ + return 1; /* Indicates success. Return 0 */ + /* to produce an error with a */ + /* usage message and -1 for */ + /* failure to set up with no */ + /* usage message. */ } You should use the `TEST_xxx` macros provided by `testutil.h` to test all failure diff --git a/deps/openssl/openssl/test/build.info b/deps/openssl/openssl/test/build.info index a5c1c65ddd03e8..75846e05acbc01 100644 --- a/deps/openssl/openssl/test/build.info +++ b/deps/openssl/openssl/test/build.info @@ -41,8 +41,6 @@ IF[{- !$disabled{tests} -}] evp_pkey_provided_test evp_test evp_extra_test evp_extra_test2 \ evp_fetch_prov_test evp_libctx_test ossl_store_test \ v3nametest v3ext punycode_test \ - evp_pkey_provided_test evp_test evp_extra_test evp_extra_test2 \ - evp_fetch_prov_test v3nametest v3ext \ crltest danetest bad_dtls_test lhash_test sparse_array_test \ conf_include_test params_api_test params_conversion_test \ constant_time_test verify_extra_test clienthellotest \ diff --git a/deps/openssl/openssl/test/certs/sm2-pub.key b/deps/openssl/openssl/test/certs/sm2-pub.key new file mode 100644 index 00000000000000..ecb6b5c2d68e77 --- /dev/null +++ b/deps/openssl/openssl/test/certs/sm2-pub.key @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEMKnjZFqe34rtSmZ7g5ALnKTPKYhM +xEy9cpq3Kzgb7/JoTTZHm9tGrG1oBUCNszq0jPff7Fxp/azNv7rDPzJXGg== +-----END PUBLIC KEY----- diff --git a/deps/openssl/openssl/test/chacha_internal_test.c b/deps/openssl/openssl/test/chacha_internal_test.c index 878bd752e054bb..d316bfd7b36170 100644 --- a/deps/openssl/openssl/test/chacha_internal_test.c +++ b/deps/openssl/openssl/test/chacha_internal_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -181,7 +181,7 @@ static int test_cha_cha_internal(int n) int setup_tests(void) { -#ifdef CPUID_OBJ +#ifdef OPENSSL_CPUID_OBJ OPENSSL_cpuid_setup(); #endif diff --git a/deps/openssl/openssl/test/cmp_asn_test.c b/deps/openssl/openssl/test/cmp_asn_test.c index 1e65b383753eab..42a6b93b6b2732 100644 --- a/deps/openssl/openssl/test/cmp_asn_test.c +++ b/deps/openssl/openssl/test/cmp_asn_test.c @@ -42,16 +42,28 @@ static void tear_down(CMP_ASN_TEST_FIXTURE *fixture) static int execute_cmp_asn1_get_int_test(CMP_ASN_TEST_FIXTURE *fixture) { - int res; + int res = 0; ASN1_INTEGER *asn1integer = ASN1_INTEGER_new(); + const int good_int = 77; + const int64_t max_int = INT_MAX; if (!TEST_ptr(asn1integer)) - return 0; - if (!TEST_true(ASN1_INTEGER_set(asn1integer, 77))) { + return res; + + if (!TEST_true(ASN1_INTEGER_set(asn1integer, good_int))) { ASN1_INTEGER_free(asn1integer); return 0; } - res = TEST_int_eq(77, ossl_cmp_asn1_get_int(asn1integer)); + res = TEST_int_eq(good_int, ossl_cmp_asn1_get_int(asn1integer)); + if (res == 0) + goto err; + + res = 0; + if (!TEST_true(ASN1_INTEGER_set_int64(asn1integer, max_int + 1))) + goto err; + res = TEST_int_eq(-2, ossl_cmp_asn1_get_int(asn1integer)); + + err: ASN1_INTEGER_free(asn1integer); return res; } diff --git a/deps/openssl/openssl/test/cmp_protect_test.c b/deps/openssl/openssl/test/cmp_protect_test.c index 32dae32d9398d9..09bf2ec17faffa 100644 --- a/deps/openssl/openssl/test/cmp_protect_test.c +++ b/deps/openssl/openssl/test/cmp_protect_test.c @@ -37,15 +37,17 @@ static OSSL_PROVIDER *default_null_provider = NULL, *provider = NULL; static void tear_down(CMP_PROTECT_TEST_FIXTURE *fixture) { - OSSL_CMP_CTX_free(fixture->cmp_ctx); - OSSL_CMP_MSG_free(fixture->msg); - OSSL_CMP_PKISI_free(fixture->si); + if (fixture != NULL) { + OSSL_CMP_CTX_free(fixture->cmp_ctx); + OSSL_CMP_MSG_free(fixture->msg); + OSSL_CMP_PKISI_free(fixture->si); - OPENSSL_free(fixture->mem); - sk_X509_free(fixture->certs); - sk_X509_free(fixture->chain); + OPENSSL_free(fixture->mem); + sk_X509_free(fixture->certs); + sk_X509_free(fixture->chain); - OPENSSL_free(fixture); + OPENSSL_free(fixture); + } } static CMP_PROTECT_TEST_FIXTURE *set_up(const char *const test_case_name) diff --git a/deps/openssl/openssl/test/cmsapitest.c b/deps/openssl/openssl/test/cmsapitest.c index d5c4cb8481c210..dbb05cd4962269 100644 --- a/deps/openssl/openssl/test/cmsapitest.c +++ b/deps/openssl/openssl/test/cmsapitest.c @@ -1,5 +1,5 @@ /* - * Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -56,7 +56,7 @@ static int test_encrypt_decrypt(const EVP_CIPHER *cipher) BIO_free(outmsgbio); CMS_ContentInfo_free(content); - return testresult; + return testresult && TEST_int_eq(ERR_peek_error(), 0); } static int test_encrypt_decrypt_aes_cbc(void) @@ -286,7 +286,7 @@ static int test_d2i_CMS_bio_NULL(void) CMS_NO_SIGNER_CERT_VERIFY)); CMS_ContentInfo_free(cms); BIO_free(bio); - return ret; + return ret && TEST_int_eq(ERR_peek_error(), 0); } static unsigned char *read_all(BIO *bio, long *p_len) diff --git a/deps/openssl/openssl/test/dhtest.c b/deps/openssl/openssl/test/dhtest.c index 7b587f3cfa8fad..000dd5b6980572 100644 --- a/deps/openssl/openssl/test/dhtest.c +++ b/deps/openssl/openssl/test/dhtest.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -73,7 +73,7 @@ static int dh_test(void) goto err1; /* check fails, because p is way too small */ - if (!DH_check(dh, &i)) + if (!TEST_true(DH_check(dh, &i))) goto err2; i ^= DH_MODULUS_TOO_SMALL; if (!TEST_false(i & DH_CHECK_P_NOT_PRIME) @@ -124,6 +124,29 @@ static int dh_test(void) /* We'll have a stale error on the queue from the above test so clear it */ ERR_clear_error(); + if (!TEST_ptr(BN_copy(q, p)) || !TEST_true(BN_add(q, q, BN_value_one()))) + goto err3; + + if (!TEST_true(DH_check(dh, &i))) + goto err3; + if (!TEST_true(i & DH_CHECK_INVALID_Q_VALUE) + || !TEST_false(i & DH_CHECK_Q_NOT_PRIME)) + goto err3; + + /* Modulus of size: dh check max modulus bits + 1 */ + if (!TEST_true(BN_set_word(p, 1)) + || !TEST_true(BN_lshift(p, p, OPENSSL_DH_CHECK_MAX_MODULUS_BITS))) + goto err3; + + /* + * We expect no checks at all for an excessively large modulus + */ + if (!TEST_false(DH_check(dh, &i))) + goto err3; + + /* We'll have a stale error on the queue from the above test so clear it */ + ERR_clear_error(); + /* * II) key generation */ @@ -138,7 +161,7 @@ static int dh_test(void) goto err3; /* ... and check whether it is valid */ - if (!DH_check(a, &i)) + if (!TEST_true(DH_check(a, &i))) goto err3; if (!TEST_false(i & DH_CHECK_P_NOT_PRIME) || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME) diff --git a/deps/openssl/openssl/test/endecode_test.c b/deps/openssl/openssl/test/endecode_test.c index e3f7b81f693077..5158b39ee41f19 100644 --- a/deps/openssl/openssl/test/endecode_test.c +++ b/deps/openssl/openssl/test/endecode_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -158,6 +158,7 @@ static int test_encode_decode(const char *file, const int line, void *encoded = NULL; long encoded_len = 0; EVP_PKEY *pkey2 = NULL; + EVP_PKEY *pkey3 = NULL; void *encoded2 = NULL; long encoded2_len = 0; int ok = 0; @@ -185,15 +186,25 @@ static int test_encode_decode(const char *file, const int line, output_type, output_structure, (flags & FLAG_DECODE_WITH_TYPE ? type : NULL), selection, pass)) + || ((output_structure == NULL + || strcmp(output_structure, "type-specific") != 0) + && !TEST_true(decode_cb(file, line, (void **)&pkey3, encoded, encoded_len, + output_type, output_structure, + (flags & FLAG_DECODE_WITH_TYPE ? type : NULL), + 0, pass))) || !TEST_true(encode_cb(file, line, &encoded2, &encoded2_len, pkey2, selection, output_type, output_structure, pass, pcipher))) goto end; if (selection == OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) { - if (!TEST_int_eq(EVP_PKEY_parameters_eq(pkey, pkey2), 1)) + if (!TEST_int_eq(EVP_PKEY_parameters_eq(pkey, pkey2), 1) + || (pkey3 != NULL + && !TEST_int_eq(EVP_PKEY_parameters_eq(pkey, pkey3), 1))) goto end; } else { - if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1)) + if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1) + || (pkey3 != NULL + && !TEST_int_eq(EVP_PKEY_eq(pkey, pkey3), 1))) goto end; } @@ -218,6 +229,7 @@ static int test_encode_decode(const char *file, const int line, OPENSSL_free(encoded); OPENSSL_free(encoded2); EVP_PKEY_free(pkey2); + EVP_PKEY_free(pkey3); return ok; } diff --git a/deps/openssl/openssl/test/evp_extra_test.c b/deps/openssl/openssl/test/evp_extra_test.c index a6667105dcdcda..2318bf6a68c9fe 100644 --- a/deps/openssl/openssl/test/evp_extra_test.c +++ b/deps/openssl/openssl/test/evp_extra_test.c @@ -1133,11 +1133,11 @@ static int test_EVP_PKEY_sign(int tst) if (tst == 0 ) { if (!TEST_ptr(pkey = load_example_rsa_key())) - goto out; + goto out; } else if (tst == 1) { #ifndef OPENSSL_NO_DSA if (!TEST_ptr(pkey = load_example_dsa_key())) - goto out; + goto out; #else ret = 1; goto out; @@ -1145,7 +1145,82 @@ static int test_EVP_PKEY_sign(int tst) } else { #ifndef OPENSSL_NO_EC if (!TEST_ptr(pkey = load_example_ec_key())) + goto out; +#else + ret = 1; + goto out; +#endif + } + + ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL); + if (!TEST_ptr(ctx) + || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0) + || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs, + sizeof(tbs)), 0)) + goto out; + sig = OPENSSL_malloc(sig_len); + if (!TEST_ptr(sig) + /* Test sending a signature buffer that is too short is rejected */ + || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs, + sizeof(tbs)), 0) + || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)), + 0) + /* Test the signature round-trips */ + || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0) + || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)), + 0)) + goto out; + + ret = 1; + out: + EVP_PKEY_CTX_free(ctx); + OPENSSL_free(sig); + EVP_PKEY_free(pkey); + return ret; +} + +#ifndef OPENSSL_NO_DEPRECATED_3_0 +static int test_EVP_PKEY_sign_with_app_method(int tst) +{ + int ret = 0; + EVP_PKEY *pkey = NULL; + RSA *rsa = NULL; + RSA_METHOD *rsa_meth = NULL; +#ifndef OPENSSL_NO_DSA + DSA *dsa = NULL; + DSA_METHOD *dsa_meth = NULL; +#endif + unsigned char *sig = NULL; + size_t sig_len = 0, shortsig_len = 1; + EVP_PKEY_CTX *ctx = NULL; + unsigned char tbs[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, + 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13 + }; + + if (tst == 0) { + if (!TEST_ptr(pkey = load_example_rsa_key())) + goto out; + if (!TEST_ptr(rsa_meth = RSA_meth_dup(RSA_get_default_method()))) + goto out; + + if (!TEST_ptr(rsa = EVP_PKEY_get1_RSA(pkey)) + || !TEST_int_gt(RSA_set_method(rsa, rsa_meth), 0) + || !TEST_int_gt(EVP_PKEY_assign_RSA(pkey, rsa), 0)) + goto out; + rsa = NULL; /* now owned by the pkey */ + } else { +#ifndef OPENSSL_NO_DSA + if (!TEST_ptr(pkey = load_example_dsa_key())) goto out; + if (!TEST_ptr(dsa_meth = DSA_meth_dup(DSA_get_default_method()))) + goto out; + + if (!TEST_ptr(dsa = EVP_PKEY_get1_DSA(pkey)) + || !TEST_int_gt(DSA_set_method(dsa, dsa_meth), 0) + || !TEST_int_gt(EVP_PKEY_assign_DSA(pkey, dsa), 0)) + goto out; + dsa = NULL; /* now owned by the pkey */ #else ret = 1; goto out; @@ -1176,8 +1251,15 @@ static int test_EVP_PKEY_sign(int tst) EVP_PKEY_CTX_free(ctx); OPENSSL_free(sig); EVP_PKEY_free(pkey); + RSA_free(rsa); + RSA_meth_free(rsa_meth); +#ifndef OPENSSL_NO_DSA + DSA_free(dsa); + DSA_meth_free(dsa_meth); +#endif return ret; } +#endif /* !OPENSSL_NO_DEPRECATED_3_0 */ /* * n = 0 => test using legacy cipher @@ -2830,6 +2912,36 @@ static int test_RSA_OAEP_set_get_params(void) return ret; } +/* https://github.com/openssl/openssl/issues/21288 */ +static int test_RSA_OAEP_set_null_label(void) +{ + int ret = 0; + EVP_PKEY *key = NULL; + EVP_PKEY_CTX *key_ctx = NULL; + + if (!TEST_ptr(key = load_example_rsa_key()) + || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(testctx, key, NULL)) + || !TEST_true(EVP_PKEY_encrypt_init(key_ctx))) + goto err; + + if (!TEST_true(EVP_PKEY_CTX_set_rsa_padding(key_ctx, RSA_PKCS1_OAEP_PADDING))) + goto err; + + if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx, OPENSSL_strdup("foo"), 0))) + goto err; + + if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx, NULL, 0))) + goto err; + + ret = 1; + + err: + EVP_PKEY_free(key); + EVP_PKEY_CTX_free(key_ctx); + + return ret; +} + #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) static int test_decrypt_null_chunks(void) { @@ -4739,6 +4851,253 @@ static int test_ecx_not_private_key(int tst) } #endif /* OPENSSL_NO_EC */ +static int aes_gcm_encrypt(const unsigned char *gcm_key, size_t gcm_key_s, + const unsigned char *gcm_iv, size_t gcm_ivlen, + const unsigned char *gcm_pt, size_t gcm_pt_s, + const unsigned char *gcm_aad, size_t gcm_aad_s, + const unsigned char *gcm_ct, size_t gcm_ct_s, + const unsigned char *gcm_tag, size_t gcm_tag_s) +{ + int ret = 0; + EVP_CIPHER_CTX *ctx; + EVP_CIPHER *cipher = NULL; + int outlen, tmplen; + unsigned char outbuf[1024]; + unsigned char outtag[16]; + OSSL_PARAM params[2] = { + OSSL_PARAM_END, OSSL_PARAM_END + }; + + if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) + || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", ""))) + goto err; + + params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, + &gcm_ivlen); + + if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params)) + || (gcm_aad != NULL + && !TEST_true(EVP_EncryptUpdate(ctx, NULL, &outlen, + gcm_aad, gcm_aad_s))) + || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen, + gcm_pt, gcm_pt_s)) + || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen))) + goto err; + + params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, + outtag, sizeof(outtag)); + + if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params)) + || !TEST_mem_eq(outbuf, outlen, gcm_ct, gcm_ct_s) + || !TEST_mem_eq(outtag, gcm_tag_s, gcm_tag, gcm_tag_s)) + goto err; + + ret = 1; +err: + EVP_CIPHER_free(cipher); + EVP_CIPHER_CTX_free(ctx); + + return ret; +} + +static int aes_gcm_decrypt(const unsigned char *gcm_key, size_t gcm_key_s, + const unsigned char *gcm_iv, size_t gcm_ivlen, + const unsigned char *gcm_pt, size_t gcm_pt_s, + const unsigned char *gcm_aad, size_t gcm_aad_s, + const unsigned char *gcm_ct, size_t gcm_ct_s, + const unsigned char *gcm_tag, size_t gcm_tag_s) +{ + int ret = 0; + EVP_CIPHER_CTX *ctx; + EVP_CIPHER *cipher = NULL; + int outlen; + unsigned char outbuf[1024]; + OSSL_PARAM params[2] = { + OSSL_PARAM_END, OSSL_PARAM_END + }; + + if ((ctx = EVP_CIPHER_CTX_new()) == NULL) + goto err; + + if ((cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", "")) == NULL) + goto err; + + params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, + &gcm_ivlen); + + if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params)) + || (gcm_aad != NULL + && !TEST_true(EVP_DecryptUpdate(ctx, NULL, &outlen, + gcm_aad, gcm_aad_s))) + || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen, + gcm_ct, gcm_ct_s)) + || !TEST_mem_eq(outbuf, outlen, gcm_pt, gcm_pt_s)) + goto err; + + params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, + (void*)gcm_tag, gcm_tag_s); + + if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params)) + ||!TEST_true(EVP_DecryptFinal_ex(ctx, outbuf, &outlen))) + goto err; + + ret = 1; +err: + EVP_CIPHER_free(cipher); + EVP_CIPHER_CTX_free(ctx); + + return ret; +} + +static int test_aes_gcm_ivlen_change_cve_2023_5363(void) +{ + /* AES-GCM test data obtained from NIST public test vectors */ + static const unsigned char gcm_key[] = { + 0xd0, 0xc2, 0x67, 0xc1, 0x9f, 0x30, 0xd8, 0x0b, 0x89, 0x14, 0xbb, 0xbf, + 0xb7, 0x2f, 0x73, 0xb8, 0xd3, 0xcd, 0x5f, 0x6a, 0x78, 0x70, 0x15, 0x84, + 0x8a, 0x7b, 0x30, 0xe3, 0x8f, 0x16, 0xf1, 0x8b, + }; + static const unsigned char gcm_iv[] = { + 0xb6, 0xdc, 0xda, 0x95, 0xac, 0x99, 0x77, 0x76, 0x25, 0xae, 0x87, 0xf8, + 0xa3, 0xa9, 0xdd, 0x64, 0xd7, 0x9b, 0xbd, 0x5f, 0x4a, 0x0e, 0x54, 0xca, + 0x1a, 0x9f, 0xa2, 0xe3, 0xf4, 0x5f, 0x5f, 0xc2, 0xce, 0xa7, 0xb6, 0x14, + 0x12, 0x6f, 0xf0, 0xaf, 0xfd, 0x3e, 0x17, 0x35, 0x6e, 0xa0, 0x16, 0x09, + 0xdd, 0xa1, 0x3f, 0xd8, 0xdd, 0xf3, 0xdf, 0x4f, 0xcb, 0x18, 0x49, 0xb8, + 0xb3, 0x69, 0x2c, 0x5d, 0x4f, 0xad, 0x30, 0x91, 0x08, 0xbc, 0xbe, 0x24, + 0x01, 0x0f, 0xbe, 0x9c, 0xfb, 0x4f, 0x5d, 0x19, 0x7f, 0x4c, 0x53, 0xb0, + 0x95, 0x90, 0xac, 0x7b, 0x1f, 0x7b, 0xa0, 0x99, 0xe1, 0xf3, 0x48, 0x54, + 0xd0, 0xfc, 0xa9, 0xcc, 0x91, 0xf8, 0x1f, 0x9b, 0x6c, 0x9a, 0xe0, 0xdc, + 0x63, 0xea, 0x7d, 0x2a, 0x4a, 0x7d, 0xa5, 0xed, 0x68, 0x57, 0x27, 0x6b, + 0x68, 0xe0, 0xf2, 0xb8, 0x51, 0x50, 0x8d, 0x3d, + }; + static const unsigned char gcm_pt[] = { + 0xb8, 0xb6, 0x88, 0x36, 0x44, 0xe2, 0x34, 0xdf, 0x24, 0x32, 0x91, 0x07, + 0x4f, 0xe3, 0x6f, 0x81, + }; + static const unsigned char gcm_ct[] = { + 0xff, 0x4f, 0xb3, 0xf3, 0xf9, 0xa2, 0x51, 0xd4, 0x82, 0xc2, 0xbe, 0xf3, + 0xe2, 0xd0, 0xec, 0xed, + }; + static const unsigned char gcm_tag[] = { + 0xbd, 0x06, 0x38, 0x09, 0xf7, 0xe1, 0xc4, 0x72, 0x0e, 0xf2, 0xea, 0x63, + 0xdb, 0x99, 0x6c, 0x21, + }; + + return aes_gcm_encrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv), + gcm_pt, sizeof(gcm_pt), NULL, 0, + gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag)) + && aes_gcm_decrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv), + gcm_pt, sizeof(gcm_pt), NULL, 0, + gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag)); +} + +#ifndef OPENSSL_NO_RC4 +static int rc4_encrypt(const unsigned char *rc4_key, size_t rc4_key_s, + const unsigned char *rc4_pt, size_t rc4_pt_s, + const unsigned char *rc4_ct, size_t rc4_ct_s) +{ + int ret = 0; + EVP_CIPHER_CTX *ctx; + EVP_CIPHER *cipher = NULL; + int outlen, tmplen; + unsigned char outbuf[1024]; + OSSL_PARAM params[2] = { + OSSL_PARAM_END, OSSL_PARAM_END + }; + + if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) + || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "RC4", ""))) + goto err; + + params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, + &rc4_key_s); + + if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, rc4_key, NULL, params)) + || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen, + rc4_pt, rc4_pt_s)) + || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen))) + goto err; + + if (!TEST_mem_eq(outbuf, outlen, rc4_ct, rc4_ct_s)) + goto err; + + ret = 1; +err: + EVP_CIPHER_free(cipher); + EVP_CIPHER_CTX_free(ctx); + + return ret; +} + +static int rc4_decrypt(const unsigned char *rc4_key, size_t rc4_key_s, + const unsigned char *rc4_pt, size_t rc4_pt_s, + const unsigned char *rc4_ct, size_t rc4_ct_s) +{ + int ret = 0; + EVP_CIPHER_CTX *ctx; + EVP_CIPHER *cipher = NULL; + int outlen; + unsigned char outbuf[1024]; + OSSL_PARAM params[2] = { + OSSL_PARAM_END, OSSL_PARAM_END + }; + + if ((ctx = EVP_CIPHER_CTX_new()) == NULL) + goto err; + + if ((cipher = EVP_CIPHER_fetch(testctx, "RC4", "")) == NULL) + goto err; + + params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, + &rc4_key_s); + + if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, rc4_key, NULL, params)) + || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen, + rc4_ct, rc4_ct_s)) + || !TEST_mem_eq(outbuf, outlen, rc4_pt, rc4_pt_s)) + goto err; + + ret = 1; +err: + EVP_CIPHER_free(cipher); + EVP_CIPHER_CTX_free(ctx); + + return ret; +} + +static int test_aes_rc4_keylen_change_cve_2023_5363(void) +{ + /* RC4 test data obtained from RFC 6229 */ + static const struct { + unsigned char key[5]; + unsigned char padding[11]; + } rc4_key = { + { /* Five bytes of key material */ + 0x83, 0x32, 0x22, 0x77, 0x2a, + }, + { /* Random padding to 16 bytes */ + 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a, 0xaa, 0x32, 0x91 + } + }; + static const unsigned char rc4_pt[] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + }; + static const unsigned char rc4_ct[] = { + 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a, + 0x2e, 0x87, 0x9e, 0x92, 0xa4, 0x97, 0xef, 0xda + }; + + if (lgcyprov == NULL) + return TEST_skip("Test requires legacy provider to be loaded"); + + return rc4_encrypt(rc4_key.key, sizeof(rc4_key.key), + rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct)) + && rc4_decrypt(rc4_key.key, sizeof(rc4_key.key), + rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct)); +} +#endif + int setup_tests(void) { OPTION_CHOICE o; @@ -4771,6 +5130,9 @@ int setup_tests(void) ADD_TEST(test_EVP_Digest); ADD_TEST(test_EVP_md_null); ADD_ALL_TESTS(test_EVP_PKEY_sign, 3); +#ifndef OPENSSL_NO_DEPRECATED_3_0 + ADD_ALL_TESTS(test_EVP_PKEY_sign_with_app_method, 2); +#endif ADD_ALL_TESTS(test_EVP_Enveloped, 2); ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata)); ADD_TEST(test_privatekey_to_pkcs8); @@ -4814,6 +5176,7 @@ int setup_tests(void) #endif ADD_TEST(test_RSA_get_set_params); ADD_TEST(test_RSA_OAEP_set_get_params); + ADD_TEST(test_RSA_OAEP_set_null_label); #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) ADD_TEST(test_decrypt_null_chunks); #endif @@ -4878,6 +5241,12 @@ int setup_tests(void) ADD_ALL_TESTS(test_ecx_not_private_key, OSSL_NELEM(keys)); #endif + /* Test cases for CVE-2023-5363 */ + ADD_TEST(test_aes_gcm_ivlen_change_cve_2023_5363); +#ifndef OPENSSL_NO_RC4 + ADD_TEST(test_aes_rc4_keylen_change_cve_2023_5363); +#endif + return 1; } diff --git a/deps/openssl/openssl/test/evp_test.c b/deps/openssl/openssl/test/evp_test.c index 19cabd6dce1425..c781f65b3ed177 100644 --- a/deps/openssl/openssl/test/evp_test.c +++ b/deps/openssl/openssl/test/evp_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -3683,11 +3683,11 @@ static int prov_available(char *providers) int more = 1; while (more) { - for (; isspace(*providers); providers++) + for (; isspace((unsigned char)(*providers)); providers++) continue; if (*providers == '\0') break; /* End of the road */ - for (p = providers; *p != '\0' && !isspace(*p); p++) + for (p = providers; *p != '\0' && !isspace((unsigned char)(*p)); p++) continue; if (*p == '\0') more = 0; diff --git a/deps/openssl/openssl/test/ffc_internal_test.c b/deps/openssl/openssl/test/ffc_internal_test.c index 7f8f44c8a9fdc7..83dec13c8c9b33 100644 --- a/deps/openssl/openssl/test/ffc_internal_test.c +++ b/deps/openssl/openssl/test/ffc_internal_test.c @@ -455,22 +455,20 @@ static int ffc_public_validate_test(void) if (!TEST_true(BN_set_word(pub, 1))) goto err; BN_set_negative(pub, 1); - /* Fail if public key is negative */ - if (!TEST_false(ossl_ffc_validate_public_key(params, pub, &res))) + /* Check must succeed but set res if public key is negative */ + if (!TEST_true(ossl_ffc_validate_public_key(params, pub, &res))) goto err; if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_SMALL, res)) goto err; if (!TEST_true(BN_set_word(pub, 0))) goto err; - if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_SMALL, res)) - goto err; - /* Fail if public key is zero */ - if (!TEST_false(ossl_ffc_validate_public_key(params, pub, &res))) + /* Check must succeed but set res if public key is zero */ + if (!TEST_true(ossl_ffc_validate_public_key(params, pub, &res))) goto err; if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_SMALL, res)) goto err; - /* Fail if public key is 1 */ - if (!TEST_false(ossl_ffc_validate_public_key(params, BN_value_one(), &res))) + /* Check must succeed but set res if public key is 1 */ + if (!TEST_true(ossl_ffc_validate_public_key(params, BN_value_one(), &res))) goto err; if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_SMALL, res)) goto err; @@ -482,24 +480,24 @@ static int ffc_public_validate_test(void) if (!TEST_ptr(BN_copy(pub, params->p))) goto err; - /* Fail if public key = p */ - if (!TEST_false(ossl_ffc_validate_public_key(params, pub, &res))) + /* Check must succeed but set res if public key = p */ + if (!TEST_true(ossl_ffc_validate_public_key(params, pub, &res))) goto err; if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_LARGE, res)) goto err; if (!TEST_true(BN_sub_word(pub, 1))) goto err; - /* Fail if public key = p - 1 */ - if (!TEST_false(ossl_ffc_validate_public_key(params, pub, &res))) + /* Check must succeed but set res if public key = p - 1 */ + if (!TEST_true(ossl_ffc_validate_public_key(params, pub, &res))) goto err; if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_LARGE, res)) goto err; if (!TEST_true(BN_sub_word(pub, 1))) goto err; - /* Fail if public key is not related to p & q */ - if (!TEST_false(ossl_ffc_validate_public_key(params, pub, &res))) + /* Check must succeed but set res if public key is not related to p & q */ + if (!TEST_true(ossl_ffc_validate_public_key(params, pub, &res))) goto err; if (!TEST_int_eq(FFC_ERROR_PUBKEY_INVALID, res)) goto err; @@ -510,14 +508,14 @@ static int ffc_public_validate_test(void) if (!TEST_true(ossl_ffc_validate_public_key(params, pub, &res))) goto err; - /* Fail if params is NULL */ - if (!TEST_false(ossl_ffc_validate_public_key(NULL, pub, &res))) + /* Check must succeed but set res if params is NULL */ + if (!TEST_true(ossl_ffc_validate_public_key(NULL, pub, &res))) goto err; if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res)) goto err; res = -1; - /* Fail if pubkey is NULL */ - if (!TEST_false(ossl_ffc_validate_public_key(params, NULL, &res))) + /* Check must succeed but set res if pubkey is NULL */ + if (!TEST_true(ossl_ffc_validate_public_key(params, NULL, &res))) goto err; if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res)) goto err; @@ -525,8 +523,8 @@ static int ffc_public_validate_test(void) BN_free(params->p); params->p = NULL; - /* Fail if params->p is NULL */ - if (!TEST_false(ossl_ffc_validate_public_key(params, pub, &res))) + /* Check must succeed but set res if params->p is NULL */ + if (!TEST_true(ossl_ffc_validate_public_key(params, pub, &res))) goto err; if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res)) goto err; diff --git a/deps/openssl/openssl/test/helpers/ssltestlib.c b/deps/openssl/openssl/test/helpers/ssltestlib.c index 02e9c27e5ffcc8..ef4a6177aa7ddc 100644 --- a/deps/openssl/openssl/test/helpers/ssltestlib.c +++ b/deps/openssl/openssl/test/helpers/ssltestlib.c @@ -42,6 +42,7 @@ static int tls_dump_puts(BIO *bp, const char *str); static BIO_METHOD *method_tls_dump = NULL; static BIO_METHOD *meth_mem = NULL; static BIO_METHOD *meth_always_retry = NULL; +static int retry_err = -1; /* Note: Not thread safe! */ const BIO_METHOD *bio_f_tls_dump_filter(void) @@ -760,16 +761,21 @@ static int always_retry_free(BIO *bio) return 1; } +void set_always_retry_err_val(int err) +{ + retry_err = err; +} + static int always_retry_read(BIO *bio, char *out, int outl) { BIO_set_retry_read(bio); - return -1; + return retry_err; } static int always_retry_write(BIO *bio, const char *in, int inl) { BIO_set_retry_write(bio); - return -1; + return retry_err; } static long always_retry_ctrl(BIO *bio, int cmd, long num, void *ptr) @@ -795,13 +801,13 @@ static long always_retry_ctrl(BIO *bio, int cmd, long num, void *ptr) static int always_retry_gets(BIO *bio, char *buf, int size) { BIO_set_retry_read(bio); - return -1; + return retry_err; } static int always_retry_puts(BIO *bio, const char *str) { BIO_set_retry_write(bio); - return -1; + return retry_err; } int create_ssl_ctx_pair(OSSL_LIB_CTX *libctx, const SSL_METHOD *sm, diff --git a/deps/openssl/openssl/test/helpers/ssltestlib.h b/deps/openssl/openssl/test/helpers/ssltestlib.h index 50ae27995009bb..8e9daa5601d3ea 100644 --- a/deps/openssl/openssl/test/helpers/ssltestlib.h +++ b/deps/openssl/openssl/test/helpers/ssltestlib.h @@ -35,6 +35,7 @@ void bio_s_mempacket_test_free(void); const BIO_METHOD *bio_s_always_retry(void); void bio_s_always_retry_free(void); +void set_always_retry_err_val(int err); /* Packet types - value 0 is reserved */ #define INJECT_PACKET 1 diff --git a/deps/openssl/openssl/test/pbetest.c b/deps/openssl/openssl/test/pbetest.c index d73ae66fa536af..cfffc2b9323327 100644 --- a/deps/openssl/openssl/test/pbetest.c +++ b/deps/openssl/openssl/test/pbetest.c @@ -1,5 +1,5 @@ /* - * Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -15,6 +15,8 @@ #include #include #include +#include +#include #if !defined OPENSSL_NO_RC4 && !defined OPENSSL_NO_MD5 \ || !defined OPENSSL_NO_DES && !defined OPENSSL_NO_SHA1 @@ -123,8 +125,27 @@ static int test_pkcs5_pbe_des_sha1(void) } #endif +#ifdef OPENSSL_NO_AUTOLOAD_CONFIG +/* + * For configurations where we are not autoloading configuration, we need + * to access the legacy provider. The easiest way is to load both the + * legacy and default providers directly and unload them on termination. + */ +static OSSL_PROVIDER *legacy, *dflt; +#endif + int setup_tests(void) { +#ifdef OPENSSL_NO_AUTOLOAD_CONFIG + /* Load required providers if not done via configuration */ + legacy = OSSL_PROVIDER_load(NULL, "legacy"); + dflt = OSSL_PROVIDER_load(NULL, "default"); + if (!TEST_ptr(legacy) || !TEST_ptr(dflt)) { + cleanup_tests(); + return -1; + } +#endif + #if !defined OPENSSL_NO_RC4 && !defined OPENSSL_NO_MD5 ADD_TEST(test_pkcs5_pbe_rc4_md5); #endif @@ -134,3 +155,13 @@ int setup_tests(void) return 1; } + +#ifdef OPENSSL_NO_AUTOLOAD_CONFIG +void cleanup_tests(void) +{ + /* Dispose of providers */ + OSSL_PROVIDER_unload(legacy); + OSSL_PROVIDER_unload(dflt); + legacy = dflt = NULL; +} +#endif diff --git a/deps/openssl/openssl/test/pemtest.c b/deps/openssl/openssl/test/pemtest.c index c8c88bf1f1656f..bf970983654439 100644 --- a/deps/openssl/openssl/test/pemtest.c +++ b/deps/openssl/openssl/test/pemtest.c @@ -125,6 +125,35 @@ static int test_empty_payload(void) return ret; } +static int test_protected_params(void) +{ + BIO *b; + static char *protectedpay = + "-----BEGIN RSA PRIVATE KEY-----\n" + "Proc-Type: 4,ENCRYPTED\n" + "DEK-Info: AES-256-CBC,4A44448ED28992710556549B35100CEA\n" + "\n" + "Xw3INxKeH+rUUF57mjATpvj6zknVhedwrlRmRvnwlLv5wqIy5Ae4UVLPh7SUswfC\n" + "-----END RSA PRIVATE KEY-----\n"; + EVP_PKEY *pkey = NULL; + int ret = 0; + + b = BIO_new_mem_buf(protectedpay, strlen(protectedpay)); + if (!TEST_ptr(b)) + return 0; + + /* Expected to fail because we cannot decrypt protected PEM files */ + pkey = PEM_read_bio_Parameters(b, NULL); + if (!TEST_ptr_null(pkey)) + goto err; + + ret = 1; + err: + EVP_PKEY_free(pkey); + BIO_free(b); + return ret; +} + int setup_tests(void) { if (!TEST_ptr(pemfile = test_get_argument(0))) @@ -133,5 +162,6 @@ int setup_tests(void) ADD_TEST(test_invalid); ADD_TEST(test_cert_key_cert); ADD_TEST(test_empty_payload); + ADD_TEST(test_protected_params); return 1; } diff --git a/deps/openssl/openssl/test/pkcs12_format_test.c b/deps/openssl/openssl/test/pkcs12_format_test.c index d4129d2522bce8..c142093f72bbbc 100644 --- a/deps/openssl/openssl/test/pkcs12_format_test.c +++ b/deps/openssl/openssl/test/pkcs12_format_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -792,6 +792,70 @@ static int pkcs12_create_test(void) } #endif +static int pkcs12_recreate_test(void) +{ + int ret = 0; + X509 *cert = NULL; + X509 *cert_parsed = NULL; + EVP_PKEY *pkey = NULL; + EVP_PKEY *pkey_parsed = NULL; + PKCS12 *p12 = NULL; + PKCS12 *p12_parsed = NULL; + PKCS12 *p12_recreated = NULL; + const unsigned char *cert_bytes = CERT1; + const unsigned char *key_bytes = KEY1; + BIO *bio = NULL; + + cert = d2i_X509(NULL, &cert_bytes, sizeof(CERT1)); + if (!TEST_ptr(cert)) + goto err; + pkey = d2i_AutoPrivateKey(NULL, &key_bytes, sizeof(KEY1)); + if (!TEST_ptr(pkey)) + goto err; + p12 = PKCS12_create("pass", NULL, pkey, cert, NULL, NID_aes_256_cbc, + NID_aes_256_cbc, 2, 1, 0); + if (!TEST_ptr(p12)) + goto err; + if (!TEST_int_eq(ERR_peek_error(), 0)) + goto err; + + bio = BIO_new(BIO_s_mem()); + if (!TEST_ptr(bio)) + goto err; + if (!TEST_int_eq(i2d_PKCS12_bio(bio, p12), 1)) + goto err; + p12_parsed = PKCS12_init_ex(NID_pkcs7_data, testctx, NULL); + if (!TEST_ptr(p12_parsed)) + goto err; + p12_parsed = d2i_PKCS12_bio(bio, &p12_parsed); + if (!TEST_ptr(p12_parsed)) + goto err; + if (!TEST_int_eq(PKCS12_parse(p12_parsed, "pass", &pkey_parsed, + &cert_parsed, NULL), 1)) + goto err; + + /* cert_parsed also contains auxiliary data */ + p12_recreated = PKCS12_create("new_pass", NULL, pkey_parsed, cert_parsed, + NULL, NID_aes_256_cbc, NID_aes_256_cbc, + 2, 1, 0); + if (!TEST_ptr(p12_recreated)) + goto err; + if (!TEST_int_eq(ERR_peek_error(), 0)) + goto err; + + ret = 1; +err: + BIO_free(bio); + PKCS12_free(p12); + PKCS12_free(p12_parsed); + PKCS12_free(p12_recreated); + EVP_PKEY_free(pkey); + EVP_PKEY_free(pkey_parsed); + X509_free(cert); + X509_free(cert_parsed); + return ret; +} + typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, @@ -873,6 +937,8 @@ int setup_tests(void) if (default_libctx) ADD_TEST(pkcs12_create_test); #endif + if (default_libctx) + ADD_TEST(pkcs12_recreate_test); ADD_ALL_TESTS(test_single_key_enc_pass, OSSL_NELEM(passwords)); ADD_ALL_TESTS(test_single_key_enc_iter, OSSL_NELEM(iters)); ADD_TEST(test_single_key_with_attrs); diff --git a/deps/openssl/openssl/test/property_test.c b/deps/openssl/openssl/test/property_test.c index 6a405e364baf10..1005b9952c9a6c 100644 --- a/deps/openssl/openssl/test/property_test.c +++ b/deps/openssl/openssl/test/property_test.c @@ -616,6 +616,9 @@ static struct { { "", "" }, { "fips=3", "fips=3" }, { "fips=-3", "fips=-3" }, + { "provider='foo bar'", "provider='foo bar'" }, + { "provider=\"foo bar'\"", "provider=\"foo bar'\"" }, + { "provider=abc***", "provider='abc***'" }, { NULL, "" } }; diff --git a/deps/openssl/openssl/test/provider_internal_test.c b/deps/openssl/openssl/test/provider_internal_test.c index cb7d5efcf54889..1fe8fb0cc5c412 100644 --- a/deps/openssl/openssl/test/provider_internal_test.c +++ b/deps/openssl/openssl/test/provider_internal_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -83,6 +83,7 @@ static int test_loaded_provider(void) && test_provider(prov, expected_greeting1(name)); } +# ifndef OPENSSL_NO_AUTOLOAD_CONFIG static int test_configured_provider(void) { const char *name = "p_test_configured"; @@ -95,6 +96,7 @@ static int test_configured_provider(void) TEST_ptr(prov = ossl_provider_find(NULL, name, 0)) && test_provider(prov, expected_greeting); } +# endif #endif static int test_cache_flushes(void) @@ -139,7 +141,9 @@ int setup_tests(void) ADD_TEST(test_builtin_provider); #ifndef NO_PROVIDER_MODULE ADD_TEST(test_loaded_provider); +# ifndef OPENSSL_NO_AUTOLOAD_CONFIG ADD_TEST(test_configured_provider); +# endif #endif ADD_TEST(test_cache_flushes); return 1; diff --git a/deps/openssl/openssl/test/recipes/05-test_rand.t b/deps/openssl/openssl/test/recipes/05-test_rand.t index 3f352db9df3a6d..aa012c1907adee 100644 --- a/deps/openssl/openssl/test/recipes/05-test_rand.t +++ b/deps/openssl/openssl/test/recipes/05-test_rand.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -29,12 +29,12 @@ SKIP: { @randdata = run(app(['openssl', 'rand', '-engine', 'ossltest', '-hex', '16' ]), capture => 1, statusvar => \$success); chomp(@randdata); - ok($success and $randdata[0] eq $expected, + ok($success && $randdata[0] eq $expected, "rand with ossltest: Check rand output is as expected"); @randdata = run(app(['openssl', 'rand', '-engine', 'dasync', '-hex', '16' ]), capture => 1, statusvar => \$success); chomp(@randdata); - ok($success and length($randdata[0]) == 32, + ok($success && length($randdata[0]) == 32, "rand with dasync: Check rand output is of expected length"); } diff --git a/deps/openssl/openssl/test/recipes/15-test_rsapss.t b/deps/openssl/openssl/test/recipes/15-test_rsapss.t index c566ade933e9d6..44721a32372f78 100644 --- a/deps/openssl/openssl/test/recipes/15-test_rsapss.t +++ b/deps/openssl/openssl/test/recipes/15-test_rsapss.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -16,7 +16,7 @@ use OpenSSL::Test::Utils; setup("test_rsapss"); -plan tests => 11; +plan tests => 13; #using test/testrsa.pem which happens to be a 512 bit RSA ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha1', @@ -79,6 +79,8 @@ ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), my $rsapss = "rsapss.key"; ok(run(app(['openssl', 'genpkey', '-algorithm', 'RSA-PSS', '-pkeyopt', 'rsa_keygen_bits:1024', + '-pkeyopt', 'rsa_keygen_pubexp:65537', + '-pkeyopt', 'rsa_keygen_primes:2', '--out', $rsapss]))); ok(run(app(['openssl', 'rsa', '-check', '-in', $rsapss]))); @@ -87,3 +89,11 @@ ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), ok(!run(app([ 'openssl', 'rsa', '-in' => data_file('negativesaltlen.pem')], '-out' => 'badout'))); + +ok(run(app(['openssl', 'genpkey', '-algorithm', 'RSA-PSS', '-pkeyopt', 'rsa_keygen_bits:1024', + '-pkeyopt', 'rsa_pss_keygen_md:SHA256', '-pkeyopt', 'rsa_pss_keygen_saltlen:10', + '-out', 'testrsapss.pem'])), + "openssl genpkey RSA-PSS with pss parameters"); +ok(run(app(['openssl', 'pkey', '-in', 'testrsapss.pem', '-pubout', '-text'])), + "openssl pkey, execute rsa_pub_encode with pss parameters"); +unlink 'testrsapss.pem'; diff --git a/deps/openssl/openssl/test/recipes/20-test_cli_fips.t b/deps/openssl/openssl/test/recipes/20-test_cli_fips.t index 6d3c5ba1bb01c5..d4b4d4ca51c68f 100644 --- a/deps/openssl/openssl/test/recipes/20-test_cli_fips.t +++ b/deps/openssl/openssl/test/recipes/20-test_cli_fips.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -109,65 +109,70 @@ sub tsignverify { $ENV{OPENSSL_CONF} = $defaultconf; - $sigfile = $nonfips_sigfile; - $testtext = $prefix.': '. - 'Sign something with a non-FIPS key'. - ' with the default provider'; - ok(run(app(['openssl', 'dgst', '-sha256', - '-sign', $nonfips_key, - '-out', $sigfile, - $tbs_data])), - $testtext); + SKIP : { + skip "FIPS failure testing", 6 + if ($nonfips_key eq ''); + + $sigfile = $nonfips_sigfile; + $testtext = $prefix.': '. + 'Sign something with a non-FIPS key'. + ' with the default provider'; + ok(run(app(['openssl', 'dgst', '-sha256', + '-sign', $nonfips_key, + '-out', $sigfile, + $tbs_data])), + $testtext); - $testtext = $prefix.': '. - 'Verify something with a non-FIPS key'. - ' with the default provider'; - ok(run(app(['openssl', 'dgst', '-sha256', - '-verify', $nonfips_pub_key, - '-signature', $sigfile, - $tbs_data])), - $testtext); + $testtext = $prefix.': '. + 'Verify something with a non-FIPS key'. + ' with the default provider'; + ok(run(app(['openssl', 'dgst', '-sha256', + '-verify', $nonfips_pub_key, + '-signature', $sigfile, + $tbs_data])), + $testtext); - $ENV{OPENSSL_CONF} = $fipsconf; + $ENV{OPENSSL_CONF} = $fipsconf; - $testtext = $prefix.': '. - 'Sign something with a non-FIPS key'. - ' (should fail)'; - ok(!run(app(['openssl', 'dgst', '-sha256', - '-sign', $nonfips_key, - '-out', $prefix.'.nonfips.fail.sig', - $tbs_data])), - $testtext); + $testtext = $prefix.': '. + 'Sign something with a non-FIPS key'. + ' (should fail)'; + ok(!run(app(['openssl', 'dgst', '-sha256', + '-sign', $nonfips_key, + '-out', $prefix.'.nonfips.fail.sig', + $tbs_data])), + $testtext); - $testtext = $prefix.': '. - 'Verify something with a non-FIPS key'. - ' (should fail)'; - ok(!run(app(['openssl', 'dgst', '-sha256', - '-verify', $nonfips_pub_key, - '-signature', $sigfile, - $tbs_data])), - $testtext); + $testtext = $prefix.': '. + 'Verify something with a non-FIPS key'. + ' (should fail)'; + ok(!run(app(['openssl', 'dgst', '-sha256', + '-verify', $nonfips_pub_key, + '-signature', $sigfile, + $tbs_data])), + $testtext); - $testtext = $prefix.': '. - 'Verify something with a non-FIPS key'. - ' in FIPS mode but with a non-FIPS property query'; - ok(run(app(['openssl', 'dgst', - '-provider', 'default', - '-propquery', '?fips!=yes', - '-sha256', - '-verify', $nonfips_pub_key, - '-signature', $sigfile, - $tbs_data])), - $testtext); + $testtext = $prefix.': '. + 'Verify something with a non-FIPS key'. + ' in FIPS mode but with a non-FIPS property query'; + ok(run(app(['openssl', 'dgst', + '-provider', 'default', + '-propquery', '?fips!=yes', + '-sha256', + '-verify', $nonfips_pub_key, + '-signature', $sigfile, + $tbs_data])), + $testtext); - $testtext = $prefix.': '. - 'Verify a valid signature against the wrong data with a non-FIPS key'. - ' (should fail)'; - ok(!run(app(['openssl', 'dgst', '-sha256', - '-verify', $nonfips_pub_key, - '-signature', $sigfile, - $bogus_data])), - $testtext); + $testtext = $prefix.': '. + 'Verify a valid signature against the wrong data with a non-FIPS key'. + ' (should fail)'; + ok(!run(app(['openssl', 'dgst', '-sha256', + '-verify', $nonfips_pub_key, + '-signature', $sigfile, + $bogus_data])), + $testtext); + } } SKIP : { @@ -395,7 +400,6 @@ SKIP : { '-out', $testtext_prefix.'.fail.priv.pem'])), $testtext); - tsignverify($testtext_prefix, $fips_key, $fips_pub_key, $nonfips_key, - $nonfips_pub_key); + tsignverify($testtext_prefix, $fips_key, $fips_pub_key, '', ''); }; } diff --git a/deps/openssl/openssl/test/recipes/20-test_pkeyutl.t b/deps/openssl/openssl/test/recipes/20-test_pkeyutl.t index 5492baa551389b..2c9540b70f935f 100644 --- a/deps/openssl/openssl/test/recipes/20-test_pkeyutl.t +++ b/deps/openssl/openssl/test/recipes/20-test_pkeyutl.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -13,15 +13,16 @@ use File::Spec; use File::Basename; use OpenSSL::Test qw/:DEFAULT srctop_file ok_nofips/; use OpenSSL::Test::Utils; +use File::Compare qw/compare_text/; setup("test_pkeyutl"); -plan tests => 12; +plan tests => 14; # For the tests below we use the cert itself as the TBS file SKIP: { - skip "Skipping tests that require EC, SM2 or SM3", 2 + skip "Skipping tests that require EC, SM2 or SM3", 4 if disabled("ec") || disabled("sm2") || disabled("sm3"); # SM2 @@ -38,6 +39,18 @@ SKIP: { '-sigfile', 'sm2.sig', '-rawin', '-digest', 'sm3', '-pkeyopt', 'distid:someid']))), "Verify an SM2 signature against a piece of data"); + ok_nofips(run(app(([ 'openssl', 'pkeyutl', '-encrypt', + '-in', srctop_file('test', 'data2.bin'), + '-inkey', srctop_file('test', 'certs', 'sm2-pub.key'), + '-pubin', '-out', 'sm2.enc']))), + "Encrypt a piece of data using SM2"); + ok_nofips(run(app(([ 'openssl', 'pkeyutl', '-decrypt', + '-in', 'sm2.enc', + '-inkey', srctop_file('test', 'certs', 'sm2.key'), + '-out', 'sm2.dat']))) + && compare_text('sm2.dat', + srctop_file('test', 'data2.bin')) == 0, + "Decrypt a piece of data using SM2"); } SKIP: { diff --git a/deps/openssl/openssl/test/recipes/25-test_req.t b/deps/openssl/openssl/test/recipes/25-test_req.t index e615f1b338855f..8c8274aee699ce 100644 --- a/deps/openssl/openssl/test/recipes/25-test_req.t +++ b/deps/openssl/openssl/test/recipes/25-test_req.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -15,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/; setup("test_req"); -plan tests => 44; +plan tests => 46; require_ok(srctop_file('test', 'recipes', 'tconversion.pl')); @@ -473,3 +473,14 @@ my $cert = "self-signed_CA_with_keyUsages.pem"; generate_cert($cert, "-in", srctop_file(@certs, "ext-check.csr"), "-copy_extensions", "copy"); has_keyUsage($cert, 1); + +# Generate cert using req with '-modulus' +ok(run(app(["openssl", "req", "-x509", "-new", "-days", "365", + "-key", srctop_file("test", "testrsa.pem"), + "-config", srctop_file('test', 'test.cnf'), + "-out", "testreq-cert.pem", + "-modulus"])), "cert req creation - with -modulus"); + +# Verify cert +ok(run(app(["openssl", "x509", "-in", "testreq-cert.pem", + "-noout", "-text"])), "cert verification"); diff --git a/deps/openssl/openssl/test/recipes/30-test_defltfips.t b/deps/openssl/openssl/test/recipes/30-test_defltfips.t index 426bd660d1fd61..c8f145405b2b4e 100644 --- a/deps/openssl/openssl/test/recipes/30-test_defltfips.t +++ b/deps/openssl/openssl/test/recipes/30-test_defltfips.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -21,6 +21,9 @@ BEGIN { use lib srctop_dir('Configurations'); use lib bldtop_dir('.'); +plan skip_all => "Configuration loading is turned off" + if disabled("autoload-config"); + my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); plan tests => diff --git a/deps/openssl/openssl/test/recipes/30-test_evp.t b/deps/openssl/openssl/test/recipes/30-test_evp.t index 0a036b7da01826..af823515f9bd64 100644 --- a/deps/openssl/openssl/test/recipes/30-test_evp.t +++ b/deps/openssl/openssl/test/recipes/30-test_evp.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -173,7 +173,8 @@ sub test_errors { # actually tests diagnostics of OSSL_STORE } SKIP: { - skip "DSA not disabled", 2 if !disabled("dsa"); + skip "DSA not disabled or ERR disabled", 2 + if !disabled("dsa") || disabled("err"); ok(test_errors(key => 'server-dsa-key.pem', out => 'server-dsa-key.err'), diff --git a/deps/openssl/openssl/test/recipes/30-test_evp_data/evpciph_aes_siv.txt b/deps/openssl/openssl/test/recipes/30-test_evp_data/evpciph_aes_siv.txt index a78a49158d5159..ab7f2b6f6aa28a 100644 --- a/deps/openssl/openssl/test/recipes/30-test_evp_data/evpciph_aes_siv.txt +++ b/deps/openssl/openssl/test/recipes/30-test_evp_data/evpciph_aes_siv.txt @@ -1,5 +1,5 @@ # -# Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -20,6 +20,19 @@ Tag = 85632d07c6e8f37f950acd320a2ecc93 Plaintext = 112233445566778899aabbccddee Ciphertext = 40c02b9690c4dc04daef7f6afe5c +Cipher = aes-128-siv +Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff +Tag = f1c5fdeac1f15a26779c1501f9fb7588 +Plaintext = 112233445566778899aabbccddee +Ciphertext = 27e946c669088ab06da58c5c831c + +Cipher = aes-128-siv +Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff +AAD = +Tag = d1022f5b3664e5a4dfaf90f85be6f28a +Plaintext = 112233445566778899aabbccddee +Ciphertext = b66cff6b8eca0b79f083b39a0901 + Cipher = aes-128-siv Key = 7f7e7d7c7b7a79787776757473727170404142434445464748494a4b4c4d4e4f AAD = 00112233445566778899aabbccddeeffdeaddadadeaddadaffeeddccbbaa99887766554433221100 @@ -29,6 +42,24 @@ Tag = 7bdb6e3b432667eb06f4d14bff2fbd0f Plaintext = 7468697320697320736f6d6520706c61696e7465787420746f20656e6372797074207573696e67205349562d414553 Ciphertext = cb900f2fddbe404326601965c889bf17dba77ceb094fa663b7a3f748ba8af829ea64ad544a272e9c485b62a3fd5c0d +Cipher = aes-128-siv +Key = 7f7e7d7c7b7a79787776757473727170404142434445464748494a4b4c4d4e4f +AAD = 00112233445566778899aabbccddeeffdeaddadadeaddadaffeeddccbbaa99887766554433221100 +AAD = +AAD = 09f911029d74e35bd84156c5635688c0 +Tag = 83ce6593a8fa67eb6fcd2819cedfc011 +Plaintext = 7468697320697320736f6d6520706c61696e7465787420746f20656e6372797074207573696e67205349562d414553 +Ciphertext = 30d937b42f71f71f93fc2d8d702d3eac8dc7651eefcd81120081ff29d626f97f3de17f2969b691c91b69b652bf3a6d + +Cipher = aes-128-siv +Key = 7f7e7d7c7b7a79787776757473727170404142434445464748494a4b4c4d4e4f +AAD = +AAD = 00112233445566778899aabbccddeeffdeaddadadeaddadaffeeddccbbaa99887766554433221100 +AAD = 09f911029d74e35bd84156c5635688c0 +Tag = 77dd4a44f5a6b41302121ee7f378de25 +Plaintext = 7468697320697320736f6d6520706c61696e7465787420746f20656e6372797074207573696e67205349562d414553 +Ciphertext = 0fcd664c922464c88939d71fad7aefb864e501b0848a07d39201c1067a7288f3dadf0131a823a0bc3d588e8564a5fe + Cipher = aes-192-siv Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0f0f1f2f3f4f5f6f7f8f9fafbfcfdfefffffefdfcfbfaf9f8f7f6f5f4f3f2f1f0 AAD = 101112131415161718191a1b1c1d1e1f2021222324252627 diff --git a/deps/openssl/openssl/test/recipes/30-test_evp_data/evppkey_dsa.txt b/deps/openssl/openssl/test/recipes/30-test_evp_data/evppkey_dsa.txt index 8e3743b9fd7bf9..debd62bca84cbc 100644 --- a/deps/openssl/openssl/test/recipes/30-test_evp_data/evppkey_dsa.txt +++ b/deps/openssl/openssl/test/recipes/30-test_evp_data/evppkey_dsa.txt @@ -1,5 +1,5 @@ # -# Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -142,6 +142,23 @@ Kr2KShQB0FlSgvcCDTX7g8eJ/UuIWo6wX4hSdHDhBB4CHAdVVg1m5ikOICUBo37Y /TqkTaCFsMDwcDc20Jg= -----END PRIVATE KEY----- +PrivateKey = DSA-2048-160 +-----BEGIN PRIVATE KEY----- +MIICTAIBADCCAi0GByqGSM44BAEwggIgAoIBAQCOypCJyAO7uNZSPSNGalSkyjQC +xdFVIGfMJKjEXzJnH4g3ts0UqUyO8126REDJEXDeMi22841xsSvzz0ZJeT5YvMLW +t1BtSTiYg2QOar1qEGJunHgjsWKJbVzIqWNw60ZP7pNKmlR7PKa3WDaPhdeVP8zJ +PEMeUHOSprO5Jk/Hjr8jxV0znIIixb9L9PgJAwxiM7rkRHS2Oz1FCYDmNmuFhQDh +Cb3wY9t1AcAHZ05uZ4PtNjdRPwFLPeVdckPj0ntApvOrH18xPWBmwcVeHAH1SV2k +7LPK7wILHVzcKm74ubX/s1wKysyyXyKM+oCgG9jvfh09VQJcHTHaVS643ohZAhUA +uQMLDZqMQbh9TYlm9xYCEBaeVs0CggEAcum3PgEQIRfukytMQ7gKMyfxHqhMmJ6t +RolRhgMrSfl99dmMoqJV+sdSjYvZSkwl71N1Y4Al8GcJB1SzTSb8qGRzM+43pa4k +SyQZ62WA8w5gaIQJ85JUrWiT8C6SgwAbruS5BVHRbQD6FxZwro9+s8uPnLesMTQX +p4maNSQaqYX7tqGl6Z7Wo0PsEwuDRvBlI6sl97gl4q3FQPByCq/64UW/eF6Illo1 +dpfbiWCszsp8oczXCEuP+2Y67WUIj3LjFA7WM/R8K4SfdMQ/VXY/cyRhlUqQl8Qe +ndBVKe0IeSdqvMcLNoUip7DGcOXW2ogZl+wgeP4xL3pdo8uS025kjwQWAhRfutAE +r/MlbdGMvcA7l0XmzzY85w== +-----END PRIVATE KEY----- + PrivateKey = DSA-2048-224 -----BEGIN PRIVATE KEY----- MIICXAIBADCCAjUGByqGSM44BAEwggIoAoIBAQDVjuiHR3XA9yAjToNQOmdg2rN9 @@ -249,9 +266,16 @@ bDfJavyQoCWW6EF260m2+rWtl6ILGhhWIbDN5KfXBhrOPvxvHQQiAiBZM1KxUjGw h2C/91Z0b0Xg4QYNOtVUbfqQTJQAqEpaRg== -----END PRIVATE KEY----- - Title = FIPS Tests (using different key sizes and digests) +# Test sign with a 2048 bit key with N == 160 is not allowed in fips mode +Availablein = fips +DigestSign = SHA256 +Key = DSA-2048-160 +Input = "Hello" +Output = 00 +Result = DIGESTSIGNINIT_ERROR + # Test sign with a 2048 bit key with N == 224 is allowed in fips mode DigestSign = SHA256 Key = DSA-2048-224 @@ -289,6 +313,13 @@ Key = DSA-1024 Input = "Hello " Output = 302c0214602d21ed37e46051bb3d06cc002adddeb4cdb3bd02144f39f75587b286588862d06366b2f29bddaf8cf6 +# Test verify with a 2048/160 bit key is allowed in fips mode +FIPSversion = >3.1.1 +DigestVerify = SHA256 +Key = DSA-2048-160 +Input = "Hello" +Output = 302e021500a51ca7f70ae206f221dc9b805bb04bfc07d6e448021500b16e45f9dac8aff04e115f96c00f4237d0fced41 + Title = Fips Negative Tests (using different key sizes and digests) # Test sign with a 1024 bit key is not allowed in fips mode diff --git a/deps/openssl/openssl/test/recipes/70-test_tls13hrr.t b/deps/openssl/openssl/test/recipes/70-test_tls13hrr.t index faf7302e424097..9d0694c3d6ecd1 100644 --- a/deps/openssl/openssl/test/recipes/70-test_tls13hrr.t +++ b/deps/openssl/openssl/test/recipes/70-test_tls13hrr.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -38,7 +38,8 @@ my $proxy = TLSProxy::Proxy->new( use constant { CHANGE_HRR_CIPHERSUITE => 0, CHANGE_CH1_CIPHERSUITE => 1, - DUPLICATE_HRR => 2 + DUPLICATE_HRR => 2, + INVALID_GROUP => 3 }; #Test 1: A client should fail if the server changes the ciphersuite between the @@ -51,7 +52,7 @@ if (disabled("ec")) { } my $testtype = CHANGE_HRR_CIPHERSUITE; $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; -plan tests => 3; +plan tests => 4; ok(TLSProxy::Message->fail(), "Server ciphersuite changes"); #Test 2: It is an error if the client changes the offered ciphersuites so that @@ -80,6 +81,24 @@ $testtype = DUPLICATE_HRR; $proxy->start(); ok($fatal_alert, "Server duplicated HRR"); +#Test 4: If the client sends a group that is in the supported_groups list but +# otherwise not valid (e.g. not suitable for TLSv1.3) we should reject it +# and not consider it when sending the HRR. We send brainpoolP512r1 in +# the ClientHello, which is acceptable to the server but is not valid in +# TLSv1.3. We expect the server to select X25519 in the HRR and the +# handshake to complete successfully +SKIP: { + skip "EC/TLSv1.2 is disabled in this build", 1 + if disabled("ec") || disabled("tls1_2"); + + $proxy->clear(); + $proxy->clientflags("-groups P-256:brainpoolP512r1:X25519"); + $proxy->serverflags("-groups brainpoolP512r1:X25519"); + $testtype = INVALID_GROUP; + $proxy->start(); + ok(TLSProxy::Message->success(), "Invalid group with HRR"); +} + sub hrr_filter { my $proxy = shift; @@ -133,16 +152,25 @@ sub hrr_filter return; } - # CHANGE_CH1_CIPHERSUITE if ($proxy->flight != 0) { return; } my $ch1 = ${$proxy->message_list}[0]; - # The server will always pick TLS_AES_256_GCM_SHA384 - my @ciphersuites = (TLSProxy::Message::CIPHER_TLS13_AES_128_GCM_SHA256); - $ch1->ciphersuite_len(2 * scalar @ciphersuites); - $ch1->ciphersuites(\@ciphersuites); + if ($testtype == CHANGE_CH1_CIPHERSUITE) { + # The server will always pick TLS_AES_256_GCM_SHA384 + my @ciphersuites = (TLSProxy::Message::CIPHER_TLS13_AES_128_GCM_SHA256); + $ch1->ciphersuite_len(2 * scalar @ciphersuites); + $ch1->ciphersuites(\@ciphersuites); + } elsif ($testtype == INVALID_GROUP) { + # INVALID_GROUP + my $ext = pack "C7", + 0x00, 0x05, #List Length + 0x00, 0x1c, #brainpoolP512r1 (not compatible with TLSv1.3) + 0x00, 0x01, 0xff; #key_exchange data + $ch1->set_extension( + TLSProxy::Message::EXT_KEY_SHARE, $ext); + } $ch1->repack(); } diff --git a/deps/openssl/openssl/test/recipes/80-test_cms.t b/deps/openssl/openssl/test/recipes/80-test_cms.t index cabbe3ecdf1a5d..be779233130e20 100644 --- a/deps/openssl/openssl/test/recipes/80-test_cms.t +++ b/deps/openssl/openssl/test/recipes/80-test_cms.t @@ -50,7 +50,7 @@ my ($no_des, $no_dh, $no_dsa, $no_ec, $no_ec2m, $no_rc2, $no_zlib) $no_rc2 = 1 if disabled("legacy"); -plan tests => 16; +plan tests => 18; ok(run(test(["pkcs7_test"])), "test pkcs7"); @@ -994,3 +994,28 @@ with({ exit_checker => sub { return shift == 6; } }, ])), "Check failure during BIO setup with -stream is handled correctly"); }); + +# Test case for return value mis-check reported in #21986 +with({ exit_checker => sub { return shift == 3; } }, + sub { + SKIP: { + skip "DSA is not supported in this build", 1 if $no_dsa; + + ok(run(app(['openssl', 'cms', '-sign', + '-in', srctop_file("test", "smcont.txt"), + '-signer', srctop_file("test/smime-certs", "smdsa1.pem"), + '-md', 'SHAKE256'])), + "issue#21986"); + } + }); + +# Test for problem reported in #22225 +with({ exit_checker => sub { return shift == 3; } }, + sub { + ok(run(app(['openssl', 'cms', '-encrypt', + '-in', srctop_file("test", "smcont.txt"), + '-aes-256-ctr', '-recip', + catfile($smdir, "smec1.pem"), + ])), + "Check for failure when cipher does not have an assigned OID (issue#22225)"); + }); diff --git a/deps/openssl/openssl/test/recipes/90-test_store_cases.t b/deps/openssl/openssl/test/recipes/90-test_store_cases.t new file mode 100644 index 00000000000000..05b00e6b4eb13f --- /dev/null +++ b/deps/openssl/openssl/test/recipes/90-test_store_cases.t @@ -0,0 +1,36 @@ +#! /usr/bin/env perl +# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +# This collects specific use cases, and tests our handling + +use File::Spec::Functions; +use File::Copy; +use MIME::Base64; +use OpenSSL::Test qw(:DEFAULT srctop_file srctop_dir bldtop_file bldtop_dir + data_file); +use OpenSSL::Test::Utils; + +my $test_name = "test_store_cases"; +setup($test_name); + +plan tests => 2; + +my $stderr; + +# The case of the garbage PKCS#12 DER file where a passphrase was +# prompted for. That should not have happened. +$stderr = 'garbage-pkcs12.stderr.txt'; +ok(!run(app(['openssl', 'storeutl', '-passin', 'pass:invalidapass', + data_file('garbage-pkcs12.p12')], + stderr => $stderr)), + "checking that storeutl fails when given a garbage pkcs12 file"); +open DATA, $stderr; +@match = grep /try_pkcs12:.*?:maybe wrong password$/, ; +close DATA; +ok(scalar @match > 0 ? 0 : 1, + "checking that storeutl didn't ask for a passphrase"); diff --git a/deps/openssl/openssl/test/recipes/90-test_store_cases_data/garbage-pkcs12.p12 b/deps/openssl/openssl/test/recipes/90-test_store_cases_data/garbage-pkcs12.p12 new file mode 100644 index 00000000000000..1a9f2578f33fcb --- /dev/null +++ b/deps/openssl/openssl/test/recipes/90-test_store_cases_data/garbage-pkcs12.p12 @@ -0,0 +1 @@ +0[Í0 *†HÎ80¤1 0 UUS10 Upo \ No newline at end of file diff --git a/deps/openssl/openssl/test/recipes/99-test_fuzz_x509.t b/deps/openssl/openssl/test/recipes/99-test_fuzz_x509.t index 9a1e3a19cadce4..b0b86365d10193 100644 --- a/deps/openssl/openssl/test/recipes/99-test_fuzz_x509.t +++ b/deps/openssl/openssl/test/recipes/99-test_fuzz_x509.t @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -15,6 +15,9 @@ use OpenSSL::Test::Utils; my $fuzzer = "x509"; setup("test_fuzz_${fuzzer}"); +plan skip_all => "This test requires ocsp support" + if disabled("ocsp"); + plan tests => 2; # one more due to below require_ok(...) require_ok(srctop_file('test','recipes','fuzz.pl')); diff --git a/deps/openssl/openssl/test/rsa_test.c b/deps/openssl/openssl/test/rsa_test.c index 62a54df74d89db..18345b431a7cc5 100644 --- a/deps/openssl/openssl/test/rsa_test.c +++ b/deps/openssl/openssl/test/rsa_test.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -391,10 +391,126 @@ static int test_rsa_security_bit(int n) return r; } +static int test_EVP_rsa_legacy_key(void) +{ + int ret; + size_t buflen = 384; + size_t msglen = 64; + unsigned char sigbuf[384]; + unsigned char msgbuf[64]; + BIGNUM *p; + BIGNUM *q; + BIGNUM *n; + BIGNUM *d; + BIGNUM *e; + RSA *rsa; + const EVP_MD *md; + EVP_MD_CTX *ctx = NULL; + EVP_PKEY *pkey = NULL; + + unsigned char n_data[] = { + 0x00, 0xc7, 0x28, 0x7a, 0x28, 0x91, 0x51, 0xa5, 0xe8, 0x3c, 0x45, 0xcf, + 0x1d, 0xa9, 0x69, 0x7a, 0x0d, 0xdb, 0xdd, 0x8f, 0xe2, 0xde, 0x85, 0xdd, + 0x85, 0x6d, 0x8f, 0x78, 0x20, 0xd6, 0xe, 0xe5, 0x06, 0xcb, 0x9c, 0xd6, + 0xd3, 0xca, 0xef, 0x1d, 0x80, 0xd3, 0x18, 0x23, 0x91, 0x5c, 0xe5, 0xc8, + 0x44, 0x37, 0x56, 0x1b, 0x68, 0x7f, 0x08, 0xa3, 0x1c, 0xf6, 0xe8, 0x11, + 0x38, 0x0f, 0x2e, 0xad, 0xb1, 0x89, 0x8b, 0x08, 0xe8, 0x35, 0xaf, 0x3b, + 0xfe, 0x37, 0x8d, 0x21, 0xd5, 0x3f, 0x1f, 0x4b, 0x01, 0x30, 0xd8, 0xd0, + 0x24, 0xf7, 0xab, 0x57, 0xad, 0xac, 0xbc, 0x53, 0x6d, 0x84, 0x8e, 0xa1, + 0xb2, 0x5b, 0x8e, 0xe7, 0xb3, 0xac, 0xfc, 0x60, 0x22, 0x10, 0x1e, 0x99, + 0xfa, 0xa0, 0x60, 0x00, 0x69, 0x5f, 0x8e, 0xca, 0x6d, 0x9c, 0xee, 0x5e, + 0x84, 0x4e, 0x53, 0x83, 0x42, 0x76, 0x4d, 0xb8, 0xc1, 0xeb, 0x4e, 0x3d, + 0xc3, 0xce, 0xac, 0x79, 0xbb, 0x29, 0x5d, 0x92, 0x33, 0x6e, 0xcf, 0x8f, + 0x5a, 0xf0, 0xb3, 0xb5, 0xdc, 0xd5, 0xa3, 0xaf, 0x40, 0x4b, 0x0f, 0x05, + 0xac, 0x46, 0x53, 0x2d, 0x5f, 0x20, 0x96, 0x42, 0xa8, 0x47, 0x61, 0x54, + 0x05, 0x2c, 0x8a, 0x26, 0x5d, 0x92, 0x1d, 0x01, 0x2a, 0x27, 0x8a, 0xfc, + 0x64, 0x24, 0x5c, 0x34, 0xde, 0x92, 0xc6, 0x82, 0xea, 0x4d, 0xe2, 0x52, + 0xe5, 0xad, 0x62, 0x00, 0xc6, 0xc8, 0xe9, 0x0c, 0x22, 0xf0, 0x9e, 0xbe, + 0xdc, 0x51, 0x58, 0xad, 0x3b, 0xba, 0x2e, 0x45, 0x65, 0xcc, 0x5b, 0x55, + 0x46, 0x67, 0x18, 0x4a, 0x80, 0x67, 0x5b, 0x84, 0x7f, 0x13, 0x37, 0x45, + 0xd8, 0x03, 0xc6, 0x22, 0xc3, 0x4a, 0x46, 0x6b, 0xde, 0x50, 0xbf, 0x16, + 0x0a, 0x23, 0x0b, 0xaa, 0x50, 0x54, 0xf6, 0x20, 0x83, 0x74, 0x33, 0x97, + 0x2e, 0xf2, 0x8e, 0x7e, 0x13 }; + + unsigned char e_data[] = { 0x01, 0x00, 0x01 }; + + unsigned char d_data[] = { + 0x09, 0x2d, 0xcb, 0xe7, 0x87, 0xbf, 0x10, 0x1a, 0xf2, 0x80, 0x33, 0x2a, + 0x06, 0x4f, 0x56, 0xb1, 0x41, 0xd3, 0x65, 0xd8, 0xca, 0x71, 0xb8, 0x02, + 0x78, 0xc8, 0xb6, 0x7c, 0x28, 0xf4, 0x6c, 0xe8, 0xd1, 0xc4, 0x92, 0x40, + 0x23, 0xa7, 0xbe, 0x9f, 0xdb, 0xda, 0xce, 0x74, 0xda, 0x27, 0xbb, 0x01, + 0xad, 0xdd, 0x39, 0x99, 0x28, 0xd5, 0xb0, 0x92, 0xda, 0xac, 0x5a, 0x72, + 0xcf, 0x7c, 0x52, 0xc4, 0x0e, 0x77, 0x4a, 0x7b, 0x4d, 0x52, 0x1c, 0xbd, + 0x3c, 0x39, 0x34, 0x78, 0x7c, 0x16, 0xc8, 0xa1, 0xae, 0xeb, 0x27, 0x38, + 0xb4, 0xf3, 0x80, 0x30, 0x80, 0x78, 0x13, 0x8e, 0x46, 0x20, 0x3e, 0xc2, + 0x96, 0x26, 0xb1, 0x76, 0x1e, 0x00, 0x69, 0xbb, 0xd8, 0x2b, 0x58, 0xe4, + 0x6c, 0xb4, 0xd0, 0x00, 0x0b, 0x47, 0xec, 0xfb, 0x7d, 0x52, 0x9d, 0x27, + 0x92, 0xe6, 0x95, 0x73, 0xa0, 0x39, 0x37, 0xcd, 0x1f, 0x60, 0x13, 0x1c, + 0x87, 0x9d, 0xa7, 0x91, 0x90, 0xf9, 0x36, 0xc5, 0xfa, 0x3f, 0xf9, 0x7f, + 0x50, 0xf8, 0xb3, 0x54, 0x65, 0xff, 0x6f, 0xa6, 0x22, 0xcc, 0x4a, 0x1e, + 0x49, 0x3f, 0x07, 0xc6, 0xf2, 0x65, 0x73, 0x13, 0x1b, 0x2d, 0xb6, 0x15, + 0xff, 0xcd, 0x9a, 0x1c, 0xea, 0xef, 0x58, 0x56, 0x91, 0x2d, 0x47, 0x81, + 0x56, 0x0d, 0xc3, 0xb0, 0x47, 0x58, 0x8d, 0x05, 0x7d, 0x5b, 0xc0, 0x22, + 0xa4, 0xf0, 0x2e, 0x70, 0x36, 0x01, 0x89, 0xa1, 0x71, 0xed, 0x76, 0xe9, + 0x8d, 0xf5, 0x49, 0xaf, 0x11, 0xbe, 0xe4, 0xd4, 0x48, 0x92, 0xb6, 0x5b, + 0xc2, 0x04, 0xd4, 0x0c, 0x5c, 0x8b, 0xe3, 0xfa, 0x29, 0x63, 0x86, 0xb4, + 0x10, 0xad, 0x32, 0x07, 0x85, 0xe2, 0x43, 0x76, 0x16, 0x90, 0xab, 0xdf, + 0xb3, 0x36, 0x0a, 0xc4, 0x49, 0x7b, 0x95, 0x48, 0x50, 0x72, 0x8f, 0x7d, + 0xf4, 0xfa, 0x60, 0xc1 }; + + unsigned char p_data[] = { + 0x00, 0xed, 0xf7, 0xa7, 0x00, 0x5a, 0xbb, 0xd1, 0x52, 0x65, 0x9b, 0xec, + 0xfe, 0x27, 0x8b, 0xe2, 0xbe, 0x40, 0x8c, 0x2f, 0x6f, 0xb4, 0x26, 0xb2, + 0xbe, 0x45, 0x4b, 0x3b, 0x5a, 0xaa, 0xc6, 0xaa, 0xfa, 0xc1, 0x3a, 0xa9, + 0xa1, 0xba, 0xb7, 0x86, 0x1a, 0x98, 0x15, 0x5f, 0x5c, 0x1c, 0x57, 0x78, + 0x78, 0x6a, 0x13, 0xc2, 0x40, 0x7d, 0x07, 0x87, 0x47, 0xc6, 0x96, 0xd5, + 0x92, 0xc9, 0x65, 0x2c, 0xfe, 0xbb, 0xe0, 0xd6, 0x76, 0x25, 0x5a, 0xa3, + 0xdf, 0x97, 0x4b, 0x64, 0xfd, 0x3b, 0x2b, 0xbc, 0xfb, 0x80, 0xad, 0x3b, + 0x7d, 0x1f, 0x48, 0x56, 0x27, 0xf7, 0x2f, 0x8e, 0x92, 0x07, 0xa8, 0x9f, + 0xbc, 0x5a, 0xce, 0xfa, 0xd5, 0x67, 0xad, 0xf4, 0xbf, 0xe0, 0xc9, 0x3e, + 0x8e, 0xb5, 0x90, 0x58, 0x54, 0x92, 0x9f, 0xda, 0x36, 0xc0, 0x0d, 0x57, + 0xfe, 0x6c, 0x23, 0x63, 0x8b, 0xd1, 0x1e, 0x4f, 0xd3 }; + + unsigned char q_data[] = { + 0x00, 0xd6, 0x3f, 0xf5, 0xee, 0xff, 0x4d, 0x7d, 0x8c, 0x1a, 0x85, 0x5d, + 0x3c, 0x4f, 0x9d, 0xdf, 0xc7, 0x68, 0x27, 0x7f, 0xe4, 0x4f, 0x4f, 0xd7, + 0xa2, 0x3b, 0xcd, 0x4a, 0x34, 0xd8, 0x55, 0x4a, 0x3e, 0x8e, 0xb3, 0xa8, + 0xe9, 0x8a, 0xc5, 0x94, 0xd1, 0x09, 0x32, 0x4b, 0x79, 0x8d, 0x7b, 0x03, + 0x0b, 0x5d, 0xca, 0x91, 0x41, 0xbc, 0x82, 0xc3, 0x89, 0x67, 0x4d, 0x03, + 0x68, 0x03, 0x2d, 0x0e, 0x4e, 0x97, 0x6c, 0xf6, 0x3e, 0x1f, 0xf4, 0x50, + 0x06, 0x5d, 0x05, 0x22, 0xf2, 0xf8, 0xf2, 0xde, 0xad, 0x2e, 0x9d, 0xc3, + 0x97, 0x1b, 0xc3, 0x75, 0xe7, 0x86, 0xde, 0xc5, 0x11, 0x89, 0xed, 0x6a, + 0x13, 0x14, 0x23, 0x4b, 0x98, 0x81, 0xf7, 0xd4, 0x1c, 0xee, 0x30, 0x92, + 0x85, 0x20, 0x4f, 0x35, 0x02, 0xfa, 0xda, 0x14, 0x77, 0xfa, 0x08, 0x34, + 0x60, 0xc7, 0x93, 0x72, 0xdc, 0xc4, 0x18, 0x70, 0xc1 }; + + memset(msgbuf, 0xef, 64); + + ret = (TEST_ptr((p = BN_bin2bn(p_data, sizeof(p_data), NULL))) + && TEST_ptr((q = BN_bin2bn(q_data, sizeof(q_data), NULL))) + && TEST_ptr((n = BN_bin2bn(n_data, sizeof(n_data), NULL))) + && TEST_ptr((d = BN_bin2bn(d_data, sizeof(d_data), NULL))) + && TEST_ptr((e = BN_bin2bn(e_data, sizeof(e_data), NULL))) + && TEST_ptr((rsa = RSA_new())) + && TEST_ptr((md = EVP_sha256())) + && TEST_ptr((ctx = EVP_MD_CTX_new())) + && TEST_ptr((pkey = EVP_PKEY_new())) + && TEST_true(RSA_set0_factors(rsa, p, q)) + && TEST_true(RSA_set0_key(rsa, n, e, d)) + && TEST_true(EVP_PKEY_assign_RSA(pkey, rsa)) + && TEST_true(EVP_DigestSignInit(ctx, NULL, md, NULL, pkey)) + && TEST_true(EVP_DigestSign(ctx, sigbuf, &buflen, msgbuf, msglen))); + + EVP_MD_CTX_free(ctx); + EVP_PKEY_free(pkey); + return ret; +} + int setup_tests(void) { ADD_ALL_TESTS(test_rsa_pkcs1, 3); ADD_ALL_TESTS(test_rsa_oaep, 3); ADD_ALL_TESTS(test_rsa_security_bit, OSSL_NELEM(rsa_security_bits_cases)); + ADD_TEST(test_EVP_rsa_legacy_key); return 1; } diff --git a/deps/openssl/openssl/test/ssl-tests/14-curves.cnf b/deps/openssl/openssl/test/ssl-tests/14-curves.cnf index bafa4a65cd3535..75635d29bd0f7a 100644 --- a/deps/openssl/openssl/test/ssl-tests/14-curves.cnf +++ b/deps/openssl/openssl/test/ssl-tests/14-curves.cnf @@ -1,87 +1,102 @@ # Generated with generate_ssl_tests.pl -num_tests = 80 +num_tests = 95 test-0 = 0-curve-prime256v1 test-1 = 1-curve-secp384r1 test-2 = 2-curve-secp521r1 test-3 = 3-curve-X25519 test-4 = 4-curve-X448 -test-5 = 5-curve-sect233k1 -test-6 = 6-curve-sect233r1 -test-7 = 7-curve-sect283k1 -test-8 = 8-curve-sect283r1 -test-9 = 9-curve-sect409k1 -test-10 = 10-curve-sect409r1 -test-11 = 11-curve-sect571k1 -test-12 = 12-curve-sect571r1 -test-13 = 13-curve-secp224r1 -test-14 = 14-curve-sect163k1 -test-15 = 15-curve-sect163r2 -test-16 = 16-curve-prime192v1 -test-17 = 17-curve-sect163r1 -test-18 = 18-curve-sect193r1 -test-19 = 19-curve-sect193r2 -test-20 = 20-curve-sect239k1 -test-21 = 21-curve-secp160k1 -test-22 = 22-curve-secp160r1 -test-23 = 23-curve-secp160r2 -test-24 = 24-curve-secp192k1 -test-25 = 25-curve-secp224k1 -test-26 = 26-curve-secp256k1 -test-27 = 27-curve-brainpoolP256r1 -test-28 = 28-curve-brainpoolP384r1 -test-29 = 29-curve-brainpoolP512r1 -test-30 = 30-curve-sect233k1-tls12-in-tls13 -test-31 = 31-curve-sect233r1-tls12-in-tls13 -test-32 = 32-curve-sect283k1-tls12-in-tls13 -test-33 = 33-curve-sect283r1-tls12-in-tls13 -test-34 = 34-curve-sect409k1-tls12-in-tls13 -test-35 = 35-curve-sect409r1-tls12-in-tls13 -test-36 = 36-curve-sect571k1-tls12-in-tls13 -test-37 = 37-curve-sect571r1-tls12-in-tls13 -test-38 = 38-curve-secp224r1-tls12-in-tls13 -test-39 = 39-curve-sect163k1-tls12-in-tls13 -test-40 = 40-curve-sect163r2-tls12-in-tls13 -test-41 = 41-curve-prime192v1-tls12-in-tls13 -test-42 = 42-curve-sect163r1-tls12-in-tls13 -test-43 = 43-curve-sect193r1-tls12-in-tls13 -test-44 = 44-curve-sect193r2-tls12-in-tls13 -test-45 = 45-curve-sect239k1-tls12-in-tls13 -test-46 = 46-curve-secp160k1-tls12-in-tls13 -test-47 = 47-curve-secp160r1-tls12-in-tls13 -test-48 = 48-curve-secp160r2-tls12-in-tls13 -test-49 = 49-curve-secp192k1-tls12-in-tls13 -test-50 = 50-curve-secp224k1-tls12-in-tls13 -test-51 = 51-curve-secp256k1-tls12-in-tls13 -test-52 = 52-curve-brainpoolP256r1-tls12-in-tls13 -test-53 = 53-curve-brainpoolP384r1-tls12-in-tls13 -test-54 = 54-curve-brainpoolP512r1-tls12-in-tls13 -test-55 = 55-curve-sect233k1-tls13 -test-56 = 56-curve-sect233r1-tls13 -test-57 = 57-curve-sect283k1-tls13 -test-58 = 58-curve-sect283r1-tls13 -test-59 = 59-curve-sect409k1-tls13 -test-60 = 60-curve-sect409r1-tls13 -test-61 = 61-curve-sect571k1-tls13 -test-62 = 62-curve-sect571r1-tls13 -test-63 = 63-curve-secp224r1-tls13 -test-64 = 64-curve-sect163k1-tls13 -test-65 = 65-curve-sect163r2-tls13 -test-66 = 66-curve-prime192v1-tls13 -test-67 = 67-curve-sect163r1-tls13 -test-68 = 68-curve-sect193r1-tls13 -test-69 = 69-curve-sect193r2-tls13 -test-70 = 70-curve-sect239k1-tls13 -test-71 = 71-curve-secp160k1-tls13 -test-72 = 72-curve-secp160r1-tls13 -test-73 = 73-curve-secp160r2-tls13 -test-74 = 74-curve-secp192k1-tls13 -test-75 = 75-curve-secp224k1-tls13 -test-76 = 76-curve-secp256k1-tls13 -test-77 = 77-curve-brainpoolP256r1-tls13 -test-78 = 78-curve-brainpoolP384r1-tls13 -test-79 = 79-curve-brainpoolP512r1-tls13 +test-5 = 5-curve-ffdhe2048 +test-6 = 6-curve-ffdhe3072 +test-7 = 7-curve-ffdhe4096 +test-8 = 8-curve-ffdhe6144 +test-9 = 9-curve-ffdhe8192 +test-10 = 10-curve-sect233k1 +test-11 = 11-curve-sect233r1 +test-12 = 12-curve-sect283k1 +test-13 = 13-curve-sect283r1 +test-14 = 14-curve-sect409k1 +test-15 = 15-curve-sect409r1 +test-16 = 16-curve-sect571k1 +test-17 = 17-curve-sect571r1 +test-18 = 18-curve-secp224r1 +test-19 = 19-curve-sect163k1 +test-20 = 20-curve-sect163r2 +test-21 = 21-curve-prime192v1 +test-22 = 22-curve-sect163r1 +test-23 = 23-curve-sect193r1 +test-24 = 24-curve-sect193r2 +test-25 = 25-curve-sect239k1 +test-26 = 26-curve-secp160k1 +test-27 = 27-curve-secp160r1 +test-28 = 28-curve-secp160r2 +test-29 = 29-curve-secp192k1 +test-30 = 30-curve-secp224k1 +test-31 = 31-curve-secp256k1 +test-32 = 32-curve-brainpoolP256r1 +test-33 = 33-curve-brainpoolP384r1 +test-34 = 34-curve-brainpoolP512r1 +test-35 = 35-curve-sect233k1-tls12-in-tls13 +test-36 = 36-curve-sect233r1-tls12-in-tls13 +test-37 = 37-curve-sect283k1-tls12-in-tls13 +test-38 = 38-curve-sect283r1-tls12-in-tls13 +test-39 = 39-curve-sect409k1-tls12-in-tls13 +test-40 = 40-curve-sect409r1-tls12-in-tls13 +test-41 = 41-curve-sect571k1-tls12-in-tls13 +test-42 = 42-curve-sect571r1-tls12-in-tls13 +test-43 = 43-curve-secp224r1-tls12-in-tls13 +test-44 = 44-curve-sect163k1-tls12-in-tls13 +test-45 = 45-curve-sect163r2-tls12-in-tls13 +test-46 = 46-curve-prime192v1-tls12-in-tls13 +test-47 = 47-curve-sect163r1-tls12-in-tls13 +test-48 = 48-curve-sect193r1-tls12-in-tls13 +test-49 = 49-curve-sect193r2-tls12-in-tls13 +test-50 = 50-curve-sect239k1-tls12-in-tls13 +test-51 = 51-curve-secp160k1-tls12-in-tls13 +test-52 = 52-curve-secp160r1-tls12-in-tls13 +test-53 = 53-curve-secp160r2-tls12-in-tls13 +test-54 = 54-curve-secp192k1-tls12-in-tls13 +test-55 = 55-curve-secp224k1-tls12-in-tls13 +test-56 = 56-curve-secp256k1-tls12-in-tls13 +test-57 = 57-curve-brainpoolP256r1-tls12-in-tls13 +test-58 = 58-curve-brainpoolP384r1-tls12-in-tls13 +test-59 = 59-curve-brainpoolP512r1-tls12-in-tls13 +test-60 = 60-curve-sect233k1-tls13 +test-61 = 61-curve-sect233r1-tls13 +test-62 = 62-curve-sect283k1-tls13 +test-63 = 63-curve-sect283r1-tls13 +test-64 = 64-curve-sect409k1-tls13 +test-65 = 65-curve-sect409r1-tls13 +test-66 = 66-curve-sect571k1-tls13 +test-67 = 67-curve-sect571r1-tls13 +test-68 = 68-curve-secp224r1-tls13 +test-69 = 69-curve-sect163k1-tls13 +test-70 = 70-curve-sect163r2-tls13 +test-71 = 71-curve-prime192v1-tls13 +test-72 = 72-curve-sect163r1-tls13 +test-73 = 73-curve-sect193r1-tls13 +test-74 = 74-curve-sect193r2-tls13 +test-75 = 75-curve-sect239k1-tls13 +test-76 = 76-curve-secp160k1-tls13 +test-77 = 77-curve-secp160r1-tls13 +test-78 = 78-curve-secp160r2-tls13 +test-79 = 79-curve-secp192k1-tls13 +test-80 = 80-curve-secp224k1-tls13 +test-81 = 81-curve-secp256k1-tls13 +test-82 = 82-curve-brainpoolP256r1-tls13 +test-83 = 83-curve-brainpoolP384r1-tls13 +test-84 = 84-curve-brainpoolP512r1-tls13 +test-85 = 85-curve-ffdhe2048-tls13-in-tls12 +test-86 = 86-curve-ffdhe2048-tls13-in-tls12-2 +test-87 = 87-curve-ffdhe3072-tls13-in-tls12 +test-88 = 88-curve-ffdhe3072-tls13-in-tls12-2 +test-89 = 89-curve-ffdhe4096-tls13-in-tls12 +test-90 = 90-curve-ffdhe4096-tls13-in-tls12-2 +test-91 = 91-curve-ffdhe6144-tls13-in-tls12 +test-92 = 92-curve-ffdhe6144-tls13-in-tls12-2 +test-93 = 93-curve-ffdhe8192-tls13-in-tls12 +test-94 = 94-curve-ffdhe8192-tls13-in-tls12-2 # =========================================================== [0-curve-prime256v1] @@ -229,28 +244,173 @@ ExpectedTmpKeyType = X448 # =========================================================== -[5-curve-sect233k1] -ssl_conf = 5-curve-sect233k1-ssl +[5-curve-ffdhe2048] +ssl_conf = 5-curve-ffdhe2048-ssl -[5-curve-sect233k1-ssl] -server = 5-curve-sect233k1-server -client = 5-curve-sect233k1-client +[5-curve-ffdhe2048-ssl] +server = 5-curve-ffdhe2048-server +client = 5-curve-ffdhe2048-client -[5-curve-sect233k1-server] +[5-curve-ffdhe2048-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = ffdhe2048 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-curve-ffdhe2048-client] +CipherString = ECDHE +Curves = ffdhe2048 +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = dhKeyAgreement + + +# =========================================================== + +[6-curve-ffdhe3072] +ssl_conf = 6-curve-ffdhe3072-ssl + +[6-curve-ffdhe3072-ssl] +server = 6-curve-ffdhe3072-server +client = 6-curve-ffdhe3072-client + +[6-curve-ffdhe3072-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = ffdhe3072 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-curve-ffdhe3072-client] +CipherString = ECDHE +Curves = ffdhe3072 +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = dhKeyAgreement + + +# =========================================================== + +[7-curve-ffdhe4096] +ssl_conf = 7-curve-ffdhe4096-ssl + +[7-curve-ffdhe4096-ssl] +server = 7-curve-ffdhe4096-server +client = 7-curve-ffdhe4096-client + +[7-curve-ffdhe4096-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = ffdhe4096 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-curve-ffdhe4096-client] +CipherString = ECDHE +Curves = ffdhe4096 +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = dhKeyAgreement + + +# =========================================================== + +[8-curve-ffdhe6144] +ssl_conf = 8-curve-ffdhe6144-ssl + +[8-curve-ffdhe6144-ssl] +server = 8-curve-ffdhe6144-server +client = 8-curve-ffdhe6144-client + +[8-curve-ffdhe6144-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = ffdhe6144 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-curve-ffdhe6144-client] +CipherString = ECDHE +Curves = ffdhe6144 +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = dhKeyAgreement + + +# =========================================================== + +[9-curve-ffdhe8192] +ssl_conf = 9-curve-ffdhe8192-ssl + +[9-curve-ffdhe8192-ssl] +server = 9-curve-ffdhe8192-server +client = 9-curve-ffdhe8192-client + +[9-curve-ffdhe8192-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Curves = ffdhe8192 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-curve-ffdhe8192-client] +CipherString = ECDHE +Curves = ffdhe8192 +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = dhKeyAgreement + + +# =========================================================== + +[10-curve-sect233k1] +ssl_conf = 10-curve-sect233k1-ssl + +[10-curve-sect233k1-ssl] +server = 10-curve-sect233k1-server +client = 10-curve-sect233k1-client + +[10-curve-sect233k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect233k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[5-curve-sect233k1-client] +[10-curve-sect233k1-client] CipherString = ECDHE Curves = sect233k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-5] +[test-10] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = sect233k1 @@ -258,28 +418,28 @@ ExpectedTmpKeyType = sect233k1 # =========================================================== -[6-curve-sect233r1] -ssl_conf = 6-curve-sect233r1-ssl +[11-curve-sect233r1] +ssl_conf = 11-curve-sect233r1-ssl -[6-curve-sect233r1-ssl] -server = 6-curve-sect233r1-server -client = 6-curve-sect233r1-client +[11-curve-sect233r1-ssl] +server = 11-curve-sect233r1-server +client = 11-curve-sect233r1-client -[6-curve-sect233r1-server] +[11-curve-sect233r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect233r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[6-curve-sect233r1-client] +[11-curve-sect233r1-client] CipherString = ECDHE Curves = sect233r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-6] +[test-11] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = sect233r1 @@ -287,28 +447,28 @@ ExpectedTmpKeyType = sect233r1 # =========================================================== -[7-curve-sect283k1] -ssl_conf = 7-curve-sect283k1-ssl +[12-curve-sect283k1] +ssl_conf = 12-curve-sect283k1-ssl -[7-curve-sect283k1-ssl] -server = 7-curve-sect283k1-server -client = 7-curve-sect283k1-client +[12-curve-sect283k1-ssl] +server = 12-curve-sect283k1-server +client = 12-curve-sect283k1-client -[7-curve-sect283k1-server] +[12-curve-sect283k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect283k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[7-curve-sect283k1-client] +[12-curve-sect283k1-client] CipherString = ECDHE Curves = sect283k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-7] +[test-12] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = sect283k1 @@ -316,28 +476,28 @@ ExpectedTmpKeyType = sect283k1 # =========================================================== -[8-curve-sect283r1] -ssl_conf = 8-curve-sect283r1-ssl +[13-curve-sect283r1] +ssl_conf = 13-curve-sect283r1-ssl -[8-curve-sect283r1-ssl] -server = 8-curve-sect283r1-server -client = 8-curve-sect283r1-client +[13-curve-sect283r1-ssl] +server = 13-curve-sect283r1-server +client = 13-curve-sect283r1-client -[8-curve-sect283r1-server] +[13-curve-sect283r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect283r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[8-curve-sect283r1-client] +[13-curve-sect283r1-client] CipherString = ECDHE Curves = sect283r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-8] +[test-13] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = sect283r1 @@ -345,28 +505,28 @@ ExpectedTmpKeyType = sect283r1 # =========================================================== -[9-curve-sect409k1] -ssl_conf = 9-curve-sect409k1-ssl +[14-curve-sect409k1] +ssl_conf = 14-curve-sect409k1-ssl -[9-curve-sect409k1-ssl] -server = 9-curve-sect409k1-server -client = 9-curve-sect409k1-client +[14-curve-sect409k1-ssl] +server = 14-curve-sect409k1-server +client = 14-curve-sect409k1-client -[9-curve-sect409k1-server] +[14-curve-sect409k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect409k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[9-curve-sect409k1-client] +[14-curve-sect409k1-client] CipherString = ECDHE Curves = sect409k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-9] +[test-14] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = sect409k1 @@ -374,28 +534,28 @@ ExpectedTmpKeyType = sect409k1 # =========================================================== -[10-curve-sect409r1] -ssl_conf = 10-curve-sect409r1-ssl +[15-curve-sect409r1] +ssl_conf = 15-curve-sect409r1-ssl -[10-curve-sect409r1-ssl] -server = 10-curve-sect409r1-server -client = 10-curve-sect409r1-client +[15-curve-sect409r1-ssl] +server = 15-curve-sect409r1-server +client = 15-curve-sect409r1-client -[10-curve-sect409r1-server] +[15-curve-sect409r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect409r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[10-curve-sect409r1-client] +[15-curve-sect409r1-client] CipherString = ECDHE Curves = sect409r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-10] +[test-15] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = sect409r1 @@ -403,28 +563,28 @@ ExpectedTmpKeyType = sect409r1 # =========================================================== -[11-curve-sect571k1] -ssl_conf = 11-curve-sect571k1-ssl +[16-curve-sect571k1] +ssl_conf = 16-curve-sect571k1-ssl -[11-curve-sect571k1-ssl] -server = 11-curve-sect571k1-server -client = 11-curve-sect571k1-client +[16-curve-sect571k1-ssl] +server = 16-curve-sect571k1-server +client = 16-curve-sect571k1-client -[11-curve-sect571k1-server] +[16-curve-sect571k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect571k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[11-curve-sect571k1-client] +[16-curve-sect571k1-client] CipherString = ECDHE Curves = sect571k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-11] +[test-16] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = sect571k1 @@ -432,28 +592,28 @@ ExpectedTmpKeyType = sect571k1 # =========================================================== -[12-curve-sect571r1] -ssl_conf = 12-curve-sect571r1-ssl +[17-curve-sect571r1] +ssl_conf = 17-curve-sect571r1-ssl -[12-curve-sect571r1-ssl] -server = 12-curve-sect571r1-server -client = 12-curve-sect571r1-client +[17-curve-sect571r1-ssl] +server = 17-curve-sect571r1-server +client = 17-curve-sect571r1-client -[12-curve-sect571r1-server] +[17-curve-sect571r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect571r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[12-curve-sect571r1-client] +[17-curve-sect571r1-client] CipherString = ECDHE Curves = sect571r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-12] +[test-17] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = sect571r1 @@ -461,28 +621,28 @@ ExpectedTmpKeyType = sect571r1 # =========================================================== -[13-curve-secp224r1] -ssl_conf = 13-curve-secp224r1-ssl +[18-curve-secp224r1] +ssl_conf = 18-curve-secp224r1-ssl -[13-curve-secp224r1-ssl] -server = 13-curve-secp224r1-server -client = 13-curve-secp224r1-client +[18-curve-secp224r1-ssl] +server = 18-curve-secp224r1-server +client = 18-curve-secp224r1-client -[13-curve-secp224r1-server] +[18-curve-secp224r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = secp224r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[13-curve-secp224r1-client] +[18-curve-secp224r1-client] CipherString = ECDHE Curves = secp224r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-13] +[test-18] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = secp224r1 @@ -490,28 +650,28 @@ ExpectedTmpKeyType = secp224r1 # =========================================================== -[14-curve-sect163k1] -ssl_conf = 14-curve-sect163k1-ssl +[19-curve-sect163k1] +ssl_conf = 19-curve-sect163k1-ssl -[14-curve-sect163k1-ssl] -server = 14-curve-sect163k1-server -client = 14-curve-sect163k1-client +[19-curve-sect163k1-ssl] +server = 19-curve-sect163k1-server +client = 19-curve-sect163k1-client -[14-curve-sect163k1-server] +[19-curve-sect163k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect163k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[14-curve-sect163k1-client] +[19-curve-sect163k1-client] CipherString = ECDHE Curves = sect163k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-14] +[test-19] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = sect163k1 @@ -519,28 +679,28 @@ ExpectedTmpKeyType = sect163k1 # =========================================================== -[15-curve-sect163r2] -ssl_conf = 15-curve-sect163r2-ssl +[20-curve-sect163r2] +ssl_conf = 20-curve-sect163r2-ssl -[15-curve-sect163r2-ssl] -server = 15-curve-sect163r2-server -client = 15-curve-sect163r2-client +[20-curve-sect163r2-ssl] +server = 20-curve-sect163r2-server +client = 20-curve-sect163r2-client -[15-curve-sect163r2-server] +[20-curve-sect163r2-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect163r2 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[15-curve-sect163r2-client] +[20-curve-sect163r2-client] CipherString = ECDHE Curves = sect163r2 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-15] +[test-20] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = sect163r2 @@ -548,28 +708,28 @@ ExpectedTmpKeyType = sect163r2 # =========================================================== -[16-curve-prime192v1] -ssl_conf = 16-curve-prime192v1-ssl +[21-curve-prime192v1] +ssl_conf = 21-curve-prime192v1-ssl -[16-curve-prime192v1-ssl] -server = 16-curve-prime192v1-server -client = 16-curve-prime192v1-client +[21-curve-prime192v1-ssl] +server = 21-curve-prime192v1-server +client = 21-curve-prime192v1-client -[16-curve-prime192v1-server] +[21-curve-prime192v1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = prime192v1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[16-curve-prime192v1-client] +[21-curve-prime192v1-client] CipherString = ECDHE Curves = prime192v1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-16] +[test-21] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = prime192v1 @@ -577,28 +737,28 @@ ExpectedTmpKeyType = prime192v1 # =========================================================== -[17-curve-sect163r1] -ssl_conf = 17-curve-sect163r1-ssl +[22-curve-sect163r1] +ssl_conf = 22-curve-sect163r1-ssl -[17-curve-sect163r1-ssl] -server = 17-curve-sect163r1-server -client = 17-curve-sect163r1-client +[22-curve-sect163r1-ssl] +server = 22-curve-sect163r1-server +client = 22-curve-sect163r1-client -[17-curve-sect163r1-server] +[22-curve-sect163r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect163r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[17-curve-sect163r1-client] +[22-curve-sect163r1-client] CipherString = ECDHE Curves = sect163r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-17] +[test-22] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = sect163r1 @@ -606,28 +766,28 @@ ExpectedTmpKeyType = sect163r1 # =========================================================== -[18-curve-sect193r1] -ssl_conf = 18-curve-sect193r1-ssl +[23-curve-sect193r1] +ssl_conf = 23-curve-sect193r1-ssl -[18-curve-sect193r1-ssl] -server = 18-curve-sect193r1-server -client = 18-curve-sect193r1-client +[23-curve-sect193r1-ssl] +server = 23-curve-sect193r1-server +client = 23-curve-sect193r1-client -[18-curve-sect193r1-server] +[23-curve-sect193r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect193r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[18-curve-sect193r1-client] +[23-curve-sect193r1-client] CipherString = ECDHE Curves = sect193r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-18] +[test-23] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = sect193r1 @@ -635,28 +795,28 @@ ExpectedTmpKeyType = sect193r1 # =========================================================== -[19-curve-sect193r2] -ssl_conf = 19-curve-sect193r2-ssl +[24-curve-sect193r2] +ssl_conf = 24-curve-sect193r2-ssl -[19-curve-sect193r2-ssl] -server = 19-curve-sect193r2-server -client = 19-curve-sect193r2-client +[24-curve-sect193r2-ssl] +server = 24-curve-sect193r2-server +client = 24-curve-sect193r2-client -[19-curve-sect193r2-server] +[24-curve-sect193r2-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect193r2 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[19-curve-sect193r2-client] +[24-curve-sect193r2-client] CipherString = ECDHE Curves = sect193r2 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-19] +[test-24] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = sect193r2 @@ -664,28 +824,28 @@ ExpectedTmpKeyType = sect193r2 # =========================================================== -[20-curve-sect239k1] -ssl_conf = 20-curve-sect239k1-ssl +[25-curve-sect239k1] +ssl_conf = 25-curve-sect239k1-ssl -[20-curve-sect239k1-ssl] -server = 20-curve-sect239k1-server -client = 20-curve-sect239k1-client +[25-curve-sect239k1-ssl] +server = 25-curve-sect239k1-server +client = 25-curve-sect239k1-client -[20-curve-sect239k1-server] +[25-curve-sect239k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect239k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[20-curve-sect239k1-client] +[25-curve-sect239k1-client] CipherString = ECDHE Curves = sect239k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-20] +[test-25] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = sect239k1 @@ -693,28 +853,28 @@ ExpectedTmpKeyType = sect239k1 # =========================================================== -[21-curve-secp160k1] -ssl_conf = 21-curve-secp160k1-ssl +[26-curve-secp160k1] +ssl_conf = 26-curve-secp160k1-ssl -[21-curve-secp160k1-ssl] -server = 21-curve-secp160k1-server -client = 21-curve-secp160k1-client +[26-curve-secp160k1-ssl] +server = 26-curve-secp160k1-server +client = 26-curve-secp160k1-client -[21-curve-secp160k1-server] +[26-curve-secp160k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = secp160k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[21-curve-secp160k1-client] +[26-curve-secp160k1-client] CipherString = ECDHE Curves = secp160k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-21] +[test-26] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = secp160k1 @@ -722,28 +882,28 @@ ExpectedTmpKeyType = secp160k1 # =========================================================== -[22-curve-secp160r1] -ssl_conf = 22-curve-secp160r1-ssl +[27-curve-secp160r1] +ssl_conf = 27-curve-secp160r1-ssl -[22-curve-secp160r1-ssl] -server = 22-curve-secp160r1-server -client = 22-curve-secp160r1-client +[27-curve-secp160r1-ssl] +server = 27-curve-secp160r1-server +client = 27-curve-secp160r1-client -[22-curve-secp160r1-server] +[27-curve-secp160r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = secp160r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[22-curve-secp160r1-client] +[27-curve-secp160r1-client] CipherString = ECDHE Curves = secp160r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-22] +[test-27] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = secp160r1 @@ -751,28 +911,28 @@ ExpectedTmpKeyType = secp160r1 # =========================================================== -[23-curve-secp160r2] -ssl_conf = 23-curve-secp160r2-ssl +[28-curve-secp160r2] +ssl_conf = 28-curve-secp160r2-ssl -[23-curve-secp160r2-ssl] -server = 23-curve-secp160r2-server -client = 23-curve-secp160r2-client +[28-curve-secp160r2-ssl] +server = 28-curve-secp160r2-server +client = 28-curve-secp160r2-client -[23-curve-secp160r2-server] +[28-curve-secp160r2-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = secp160r2 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[23-curve-secp160r2-client] +[28-curve-secp160r2-client] CipherString = ECDHE Curves = secp160r2 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-23] +[test-28] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = secp160r2 @@ -780,28 +940,28 @@ ExpectedTmpKeyType = secp160r2 # =========================================================== -[24-curve-secp192k1] -ssl_conf = 24-curve-secp192k1-ssl +[29-curve-secp192k1] +ssl_conf = 29-curve-secp192k1-ssl -[24-curve-secp192k1-ssl] -server = 24-curve-secp192k1-server -client = 24-curve-secp192k1-client +[29-curve-secp192k1-ssl] +server = 29-curve-secp192k1-server +client = 29-curve-secp192k1-client -[24-curve-secp192k1-server] +[29-curve-secp192k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = secp192k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[24-curve-secp192k1-client] +[29-curve-secp192k1-client] CipherString = ECDHE Curves = secp192k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-24] +[test-29] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = secp192k1 @@ -809,28 +969,28 @@ ExpectedTmpKeyType = secp192k1 # =========================================================== -[25-curve-secp224k1] -ssl_conf = 25-curve-secp224k1-ssl +[30-curve-secp224k1] +ssl_conf = 30-curve-secp224k1-ssl -[25-curve-secp224k1-ssl] -server = 25-curve-secp224k1-server -client = 25-curve-secp224k1-client +[30-curve-secp224k1-ssl] +server = 30-curve-secp224k1-server +client = 30-curve-secp224k1-client -[25-curve-secp224k1-server] +[30-curve-secp224k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = secp224k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[25-curve-secp224k1-client] +[30-curve-secp224k1-client] CipherString = ECDHE Curves = secp224k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-25] +[test-30] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = secp224k1 @@ -838,28 +998,28 @@ ExpectedTmpKeyType = secp224k1 # =========================================================== -[26-curve-secp256k1] -ssl_conf = 26-curve-secp256k1-ssl +[31-curve-secp256k1] +ssl_conf = 31-curve-secp256k1-ssl -[26-curve-secp256k1-ssl] -server = 26-curve-secp256k1-server -client = 26-curve-secp256k1-client +[31-curve-secp256k1-ssl] +server = 31-curve-secp256k1-server +client = 31-curve-secp256k1-client -[26-curve-secp256k1-server] +[31-curve-secp256k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = secp256k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[26-curve-secp256k1-client] +[31-curve-secp256k1-client] CipherString = ECDHE Curves = secp256k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-26] +[test-31] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = secp256k1 @@ -867,28 +1027,28 @@ ExpectedTmpKeyType = secp256k1 # =========================================================== -[27-curve-brainpoolP256r1] -ssl_conf = 27-curve-brainpoolP256r1-ssl +[32-curve-brainpoolP256r1] +ssl_conf = 32-curve-brainpoolP256r1-ssl -[27-curve-brainpoolP256r1-ssl] -server = 27-curve-brainpoolP256r1-server -client = 27-curve-brainpoolP256r1-client +[32-curve-brainpoolP256r1-ssl] +server = 32-curve-brainpoolP256r1-server +client = 32-curve-brainpoolP256r1-client -[27-curve-brainpoolP256r1-server] +[32-curve-brainpoolP256r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = brainpoolP256r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[27-curve-brainpoolP256r1-client] +[32-curve-brainpoolP256r1-client] CipherString = ECDHE Curves = brainpoolP256r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-27] +[test-32] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = brainpoolP256r1 @@ -896,28 +1056,28 @@ ExpectedTmpKeyType = brainpoolP256r1 # =========================================================== -[28-curve-brainpoolP384r1] -ssl_conf = 28-curve-brainpoolP384r1-ssl +[33-curve-brainpoolP384r1] +ssl_conf = 33-curve-brainpoolP384r1-ssl -[28-curve-brainpoolP384r1-ssl] -server = 28-curve-brainpoolP384r1-server -client = 28-curve-brainpoolP384r1-client +[33-curve-brainpoolP384r1-ssl] +server = 33-curve-brainpoolP384r1-server +client = 33-curve-brainpoolP384r1-client -[28-curve-brainpoolP384r1-server] +[33-curve-brainpoolP384r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = brainpoolP384r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[28-curve-brainpoolP384r1-client] +[33-curve-brainpoolP384r1-client] CipherString = ECDHE Curves = brainpoolP384r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-28] +[test-33] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = brainpoolP384r1 @@ -925,28 +1085,28 @@ ExpectedTmpKeyType = brainpoolP384r1 # =========================================================== -[29-curve-brainpoolP512r1] -ssl_conf = 29-curve-brainpoolP512r1-ssl +[34-curve-brainpoolP512r1] +ssl_conf = 34-curve-brainpoolP512r1-ssl -[29-curve-brainpoolP512r1-ssl] -server = 29-curve-brainpoolP512r1-server -client = 29-curve-brainpoolP512r1-client +[34-curve-brainpoolP512r1-ssl] +server = 34-curve-brainpoolP512r1-server +client = 34-curve-brainpoolP512r1-client -[29-curve-brainpoolP512r1-server] +[34-curve-brainpoolP512r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = brainpoolP512r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[29-curve-brainpoolP512r1-client] +[34-curve-brainpoolP512r1-client] CipherString = ECDHE Curves = brainpoolP512r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-29] +[test-34] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = brainpoolP512r1 @@ -954,21 +1114,21 @@ ExpectedTmpKeyType = brainpoolP512r1 # =========================================================== -[30-curve-sect233k1-tls12-in-tls13] -ssl_conf = 30-curve-sect233k1-tls12-in-tls13-ssl +[35-curve-sect233k1-tls12-in-tls13] +ssl_conf = 35-curve-sect233k1-tls12-in-tls13-ssl -[30-curve-sect233k1-tls12-in-tls13-ssl] -server = 30-curve-sect233k1-tls12-in-tls13-server -client = 30-curve-sect233k1-tls12-in-tls13-client +[35-curve-sect233k1-tls12-in-tls13-ssl] +server = 35-curve-sect233k1-tls12-in-tls13-server +client = 35-curve-sect233k1-tls12-in-tls13-client -[30-curve-sect233k1-tls12-in-tls13-server] +[35-curve-sect233k1-tls12-in-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect233k1:P-256 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[30-curve-sect233k1-tls12-in-tls13-client] +[35-curve-sect233k1-tls12-in-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect233k1:P-256 MaxProtocol = TLSv1.3 @@ -976,7 +1136,7 @@ MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-30] +[test-35] ExpectedProtocol = TLSv1.3 ExpectedResult = Success ExpectedTmpKeyType = P-256 @@ -984,21 +1144,21 @@ ExpectedTmpKeyType = P-256 # =========================================================== -[31-curve-sect233r1-tls12-in-tls13] -ssl_conf = 31-curve-sect233r1-tls12-in-tls13-ssl +[36-curve-sect233r1-tls12-in-tls13] +ssl_conf = 36-curve-sect233r1-tls12-in-tls13-ssl -[31-curve-sect233r1-tls12-in-tls13-ssl] -server = 31-curve-sect233r1-tls12-in-tls13-server -client = 31-curve-sect233r1-tls12-in-tls13-client +[36-curve-sect233r1-tls12-in-tls13-ssl] +server = 36-curve-sect233r1-tls12-in-tls13-server +client = 36-curve-sect233r1-tls12-in-tls13-client -[31-curve-sect233r1-tls12-in-tls13-server] +[36-curve-sect233r1-tls12-in-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect233r1:P-256 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[31-curve-sect233r1-tls12-in-tls13-client] +[36-curve-sect233r1-tls12-in-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect233r1:P-256 MaxProtocol = TLSv1.3 @@ -1006,7 +1166,7 @@ MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-31] +[test-36] ExpectedProtocol = TLSv1.3 ExpectedResult = Success ExpectedTmpKeyType = P-256 @@ -1014,21 +1174,21 @@ ExpectedTmpKeyType = P-256 # =========================================================== -[32-curve-sect283k1-tls12-in-tls13] -ssl_conf = 32-curve-sect283k1-tls12-in-tls13-ssl +[37-curve-sect283k1-tls12-in-tls13] +ssl_conf = 37-curve-sect283k1-tls12-in-tls13-ssl -[32-curve-sect283k1-tls12-in-tls13-ssl] -server = 32-curve-sect283k1-tls12-in-tls13-server -client = 32-curve-sect283k1-tls12-in-tls13-client +[37-curve-sect283k1-tls12-in-tls13-ssl] +server = 37-curve-sect283k1-tls12-in-tls13-server +client = 37-curve-sect283k1-tls12-in-tls13-client -[32-curve-sect283k1-tls12-in-tls13-server] +[37-curve-sect283k1-tls12-in-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect283k1:P-256 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[32-curve-sect283k1-tls12-in-tls13-client] +[37-curve-sect283k1-tls12-in-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect283k1:P-256 MaxProtocol = TLSv1.3 @@ -1036,7 +1196,7 @@ MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-32] +[test-37] ExpectedProtocol = TLSv1.3 ExpectedResult = Success ExpectedTmpKeyType = P-256 @@ -1044,21 +1204,21 @@ ExpectedTmpKeyType = P-256 # =========================================================== -[33-curve-sect283r1-tls12-in-tls13] -ssl_conf = 33-curve-sect283r1-tls12-in-tls13-ssl +[38-curve-sect283r1-tls12-in-tls13] +ssl_conf = 38-curve-sect283r1-tls12-in-tls13-ssl -[33-curve-sect283r1-tls12-in-tls13-ssl] -server = 33-curve-sect283r1-tls12-in-tls13-server -client = 33-curve-sect283r1-tls12-in-tls13-client +[38-curve-sect283r1-tls12-in-tls13-ssl] +server = 38-curve-sect283r1-tls12-in-tls13-server +client = 38-curve-sect283r1-tls12-in-tls13-client -[33-curve-sect283r1-tls12-in-tls13-server] +[38-curve-sect283r1-tls12-in-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect283r1:P-256 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[33-curve-sect283r1-tls12-in-tls13-client] +[38-curve-sect283r1-tls12-in-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect283r1:P-256 MaxProtocol = TLSv1.3 @@ -1066,7 +1226,7 @@ MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-33] +[test-38] ExpectedProtocol = TLSv1.3 ExpectedResult = Success ExpectedTmpKeyType = P-256 @@ -1074,21 +1234,21 @@ ExpectedTmpKeyType = P-256 # =========================================================== -[34-curve-sect409k1-tls12-in-tls13] -ssl_conf = 34-curve-sect409k1-tls12-in-tls13-ssl +[39-curve-sect409k1-tls12-in-tls13] +ssl_conf = 39-curve-sect409k1-tls12-in-tls13-ssl -[34-curve-sect409k1-tls12-in-tls13-ssl] -server = 34-curve-sect409k1-tls12-in-tls13-server -client = 34-curve-sect409k1-tls12-in-tls13-client +[39-curve-sect409k1-tls12-in-tls13-ssl] +server = 39-curve-sect409k1-tls12-in-tls13-server +client = 39-curve-sect409k1-tls12-in-tls13-client -[34-curve-sect409k1-tls12-in-tls13-server] +[39-curve-sect409k1-tls12-in-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect409k1:P-256 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[34-curve-sect409k1-tls12-in-tls13-client] +[39-curve-sect409k1-tls12-in-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect409k1:P-256 MaxProtocol = TLSv1.3 @@ -1096,7 +1256,7 @@ MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-34] +[test-39] ExpectedProtocol = TLSv1.3 ExpectedResult = Success ExpectedTmpKeyType = P-256 @@ -1104,21 +1264,21 @@ ExpectedTmpKeyType = P-256 # =========================================================== -[35-curve-sect409r1-tls12-in-tls13] -ssl_conf = 35-curve-sect409r1-tls12-in-tls13-ssl +[40-curve-sect409r1-tls12-in-tls13] +ssl_conf = 40-curve-sect409r1-tls12-in-tls13-ssl -[35-curve-sect409r1-tls12-in-tls13-ssl] -server = 35-curve-sect409r1-tls12-in-tls13-server -client = 35-curve-sect409r1-tls12-in-tls13-client +[40-curve-sect409r1-tls12-in-tls13-ssl] +server = 40-curve-sect409r1-tls12-in-tls13-server +client = 40-curve-sect409r1-tls12-in-tls13-client -[35-curve-sect409r1-tls12-in-tls13-server] +[40-curve-sect409r1-tls12-in-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect409r1:P-256 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[35-curve-sect409r1-tls12-in-tls13-client] +[40-curve-sect409r1-tls12-in-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect409r1:P-256 MaxProtocol = TLSv1.3 @@ -1126,7 +1286,7 @@ MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-35] +[test-40] ExpectedProtocol = TLSv1.3 ExpectedResult = Success ExpectedTmpKeyType = P-256 @@ -1134,21 +1294,21 @@ ExpectedTmpKeyType = P-256 # =========================================================== -[36-curve-sect571k1-tls12-in-tls13] -ssl_conf = 36-curve-sect571k1-tls12-in-tls13-ssl +[41-curve-sect571k1-tls12-in-tls13] +ssl_conf = 41-curve-sect571k1-tls12-in-tls13-ssl -[36-curve-sect571k1-tls12-in-tls13-ssl] -server = 36-curve-sect571k1-tls12-in-tls13-server -client = 36-curve-sect571k1-tls12-in-tls13-client +[41-curve-sect571k1-tls12-in-tls13-ssl] +server = 41-curve-sect571k1-tls12-in-tls13-server +client = 41-curve-sect571k1-tls12-in-tls13-client -[36-curve-sect571k1-tls12-in-tls13-server] +[41-curve-sect571k1-tls12-in-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect571k1:P-256 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[36-curve-sect571k1-tls12-in-tls13-client] +[41-curve-sect571k1-tls12-in-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect571k1:P-256 MaxProtocol = TLSv1.3 @@ -1156,7 +1316,7 @@ MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-36] +[test-41] ExpectedProtocol = TLSv1.3 ExpectedResult = Success ExpectedTmpKeyType = P-256 @@ -1164,21 +1324,21 @@ ExpectedTmpKeyType = P-256 # =========================================================== -[37-curve-sect571r1-tls12-in-tls13] -ssl_conf = 37-curve-sect571r1-tls12-in-tls13-ssl +[42-curve-sect571r1-tls12-in-tls13] +ssl_conf = 42-curve-sect571r1-tls12-in-tls13-ssl -[37-curve-sect571r1-tls12-in-tls13-ssl] -server = 37-curve-sect571r1-tls12-in-tls13-server -client = 37-curve-sect571r1-tls12-in-tls13-client +[42-curve-sect571r1-tls12-in-tls13-ssl] +server = 42-curve-sect571r1-tls12-in-tls13-server +client = 42-curve-sect571r1-tls12-in-tls13-client -[37-curve-sect571r1-tls12-in-tls13-server] +[42-curve-sect571r1-tls12-in-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect571r1:P-256 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[37-curve-sect571r1-tls12-in-tls13-client] +[42-curve-sect571r1-tls12-in-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect571r1:P-256 MaxProtocol = TLSv1.3 @@ -1186,7 +1346,7 @@ MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-37] +[test-42] ExpectedProtocol = TLSv1.3 ExpectedResult = Success ExpectedTmpKeyType = P-256 @@ -1194,21 +1354,21 @@ ExpectedTmpKeyType = P-256 # =========================================================== -[38-curve-secp224r1-tls12-in-tls13] -ssl_conf = 38-curve-secp224r1-tls12-in-tls13-ssl +[43-curve-secp224r1-tls12-in-tls13] +ssl_conf = 43-curve-secp224r1-tls12-in-tls13-ssl -[38-curve-secp224r1-tls12-in-tls13-ssl] -server = 38-curve-secp224r1-tls12-in-tls13-server -client = 38-curve-secp224r1-tls12-in-tls13-client +[43-curve-secp224r1-tls12-in-tls13-ssl] +server = 43-curve-secp224r1-tls12-in-tls13-server +client = 43-curve-secp224r1-tls12-in-tls13-client -[38-curve-secp224r1-tls12-in-tls13-server] +[43-curve-secp224r1-tls12-in-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = secp224r1:P-256 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[38-curve-secp224r1-tls12-in-tls13-client] +[43-curve-secp224r1-tls12-in-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = secp224r1:P-256 MaxProtocol = TLSv1.3 @@ -1216,7 +1376,7 @@ MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-38] +[test-43] ExpectedProtocol = TLSv1.3 ExpectedResult = Success ExpectedTmpKeyType = P-256 @@ -1224,21 +1384,21 @@ ExpectedTmpKeyType = P-256 # =========================================================== -[39-curve-sect163k1-tls12-in-tls13] -ssl_conf = 39-curve-sect163k1-tls12-in-tls13-ssl +[44-curve-sect163k1-tls12-in-tls13] +ssl_conf = 44-curve-sect163k1-tls12-in-tls13-ssl -[39-curve-sect163k1-tls12-in-tls13-ssl] -server = 39-curve-sect163k1-tls12-in-tls13-server -client = 39-curve-sect163k1-tls12-in-tls13-client +[44-curve-sect163k1-tls12-in-tls13-ssl] +server = 44-curve-sect163k1-tls12-in-tls13-server +client = 44-curve-sect163k1-tls12-in-tls13-client -[39-curve-sect163k1-tls12-in-tls13-server] +[44-curve-sect163k1-tls12-in-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect163k1:P-256 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[39-curve-sect163k1-tls12-in-tls13-client] +[44-curve-sect163k1-tls12-in-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect163k1:P-256 MaxProtocol = TLSv1.3 @@ -1246,7 +1406,7 @@ MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-39] +[test-44] ExpectedProtocol = TLSv1.3 ExpectedResult = Success ExpectedTmpKeyType = P-256 @@ -1254,21 +1414,21 @@ ExpectedTmpKeyType = P-256 # =========================================================== -[40-curve-sect163r2-tls12-in-tls13] -ssl_conf = 40-curve-sect163r2-tls12-in-tls13-ssl +[45-curve-sect163r2-tls12-in-tls13] +ssl_conf = 45-curve-sect163r2-tls12-in-tls13-ssl -[40-curve-sect163r2-tls12-in-tls13-ssl] -server = 40-curve-sect163r2-tls12-in-tls13-server -client = 40-curve-sect163r2-tls12-in-tls13-client +[45-curve-sect163r2-tls12-in-tls13-ssl] +server = 45-curve-sect163r2-tls12-in-tls13-server +client = 45-curve-sect163r2-tls12-in-tls13-client -[40-curve-sect163r2-tls12-in-tls13-server] +[45-curve-sect163r2-tls12-in-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect163r2:P-256 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[40-curve-sect163r2-tls12-in-tls13-client] +[45-curve-sect163r2-tls12-in-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect163r2:P-256 MaxProtocol = TLSv1.3 @@ -1276,7 +1436,7 @@ MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-40] +[test-45] ExpectedProtocol = TLSv1.3 ExpectedResult = Success ExpectedTmpKeyType = P-256 @@ -1284,21 +1444,21 @@ ExpectedTmpKeyType = P-256 # =========================================================== -[41-curve-prime192v1-tls12-in-tls13] -ssl_conf = 41-curve-prime192v1-tls12-in-tls13-ssl +[46-curve-prime192v1-tls12-in-tls13] +ssl_conf = 46-curve-prime192v1-tls12-in-tls13-ssl -[41-curve-prime192v1-tls12-in-tls13-ssl] -server = 41-curve-prime192v1-tls12-in-tls13-server -client = 41-curve-prime192v1-tls12-in-tls13-client +[46-curve-prime192v1-tls12-in-tls13-ssl] +server = 46-curve-prime192v1-tls12-in-tls13-server +client = 46-curve-prime192v1-tls12-in-tls13-client -[41-curve-prime192v1-tls12-in-tls13-server] +[46-curve-prime192v1-tls12-in-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = prime192v1:P-256 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[41-curve-prime192v1-tls12-in-tls13-client] +[46-curve-prime192v1-tls12-in-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = prime192v1:P-256 MaxProtocol = TLSv1.3 @@ -1306,7 +1466,7 @@ MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-41] +[test-46] ExpectedProtocol = TLSv1.3 ExpectedResult = Success ExpectedTmpKeyType = P-256 @@ -1314,21 +1474,21 @@ ExpectedTmpKeyType = P-256 # =========================================================== -[42-curve-sect163r1-tls12-in-tls13] -ssl_conf = 42-curve-sect163r1-tls12-in-tls13-ssl +[47-curve-sect163r1-tls12-in-tls13] +ssl_conf = 47-curve-sect163r1-tls12-in-tls13-ssl -[42-curve-sect163r1-tls12-in-tls13-ssl] -server = 42-curve-sect163r1-tls12-in-tls13-server -client = 42-curve-sect163r1-tls12-in-tls13-client +[47-curve-sect163r1-tls12-in-tls13-ssl] +server = 47-curve-sect163r1-tls12-in-tls13-server +client = 47-curve-sect163r1-tls12-in-tls13-client -[42-curve-sect163r1-tls12-in-tls13-server] +[47-curve-sect163r1-tls12-in-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect163r1:P-256 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[42-curve-sect163r1-tls12-in-tls13-client] +[47-curve-sect163r1-tls12-in-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect163r1:P-256 MaxProtocol = TLSv1.3 @@ -1336,7 +1496,7 @@ MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-42] +[test-47] ExpectedProtocol = TLSv1.3 ExpectedResult = Success ExpectedTmpKeyType = P-256 @@ -1344,21 +1504,21 @@ ExpectedTmpKeyType = P-256 # =========================================================== -[43-curve-sect193r1-tls12-in-tls13] -ssl_conf = 43-curve-sect193r1-tls12-in-tls13-ssl +[48-curve-sect193r1-tls12-in-tls13] +ssl_conf = 48-curve-sect193r1-tls12-in-tls13-ssl -[43-curve-sect193r1-tls12-in-tls13-ssl] -server = 43-curve-sect193r1-tls12-in-tls13-server -client = 43-curve-sect193r1-tls12-in-tls13-client +[48-curve-sect193r1-tls12-in-tls13-ssl] +server = 48-curve-sect193r1-tls12-in-tls13-server +client = 48-curve-sect193r1-tls12-in-tls13-client -[43-curve-sect193r1-tls12-in-tls13-server] +[48-curve-sect193r1-tls12-in-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect193r1:P-256 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[43-curve-sect193r1-tls12-in-tls13-client] +[48-curve-sect193r1-tls12-in-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect193r1:P-256 MaxProtocol = TLSv1.3 @@ -1366,7 +1526,7 @@ MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-43] +[test-48] ExpectedProtocol = TLSv1.3 ExpectedResult = Success ExpectedTmpKeyType = P-256 @@ -1374,21 +1534,21 @@ ExpectedTmpKeyType = P-256 # =========================================================== -[44-curve-sect193r2-tls12-in-tls13] -ssl_conf = 44-curve-sect193r2-tls12-in-tls13-ssl +[49-curve-sect193r2-tls12-in-tls13] +ssl_conf = 49-curve-sect193r2-tls12-in-tls13-ssl -[44-curve-sect193r2-tls12-in-tls13-ssl] -server = 44-curve-sect193r2-tls12-in-tls13-server -client = 44-curve-sect193r2-tls12-in-tls13-client +[49-curve-sect193r2-tls12-in-tls13-ssl] +server = 49-curve-sect193r2-tls12-in-tls13-server +client = 49-curve-sect193r2-tls12-in-tls13-client -[44-curve-sect193r2-tls12-in-tls13-server] +[49-curve-sect193r2-tls12-in-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect193r2:P-256 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[44-curve-sect193r2-tls12-in-tls13-client] +[49-curve-sect193r2-tls12-in-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect193r2:P-256 MaxProtocol = TLSv1.3 @@ -1396,7 +1556,7 @@ MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-44] +[test-49] ExpectedProtocol = TLSv1.3 ExpectedResult = Success ExpectedTmpKeyType = P-256 @@ -1404,21 +1564,21 @@ ExpectedTmpKeyType = P-256 # =========================================================== -[45-curve-sect239k1-tls12-in-tls13] -ssl_conf = 45-curve-sect239k1-tls12-in-tls13-ssl +[50-curve-sect239k1-tls12-in-tls13] +ssl_conf = 50-curve-sect239k1-tls12-in-tls13-ssl -[45-curve-sect239k1-tls12-in-tls13-ssl] -server = 45-curve-sect239k1-tls12-in-tls13-server -client = 45-curve-sect239k1-tls12-in-tls13-client +[50-curve-sect239k1-tls12-in-tls13-ssl] +server = 50-curve-sect239k1-tls12-in-tls13-server +client = 50-curve-sect239k1-tls12-in-tls13-client -[45-curve-sect239k1-tls12-in-tls13-server] +[50-curve-sect239k1-tls12-in-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect239k1:P-256 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[45-curve-sect239k1-tls12-in-tls13-client] +[50-curve-sect239k1-tls12-in-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect239k1:P-256 MaxProtocol = TLSv1.3 @@ -1426,7 +1586,7 @@ MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-45] +[test-50] ExpectedProtocol = TLSv1.3 ExpectedResult = Success ExpectedTmpKeyType = P-256 @@ -1434,21 +1594,21 @@ ExpectedTmpKeyType = P-256 # =========================================================== -[46-curve-secp160k1-tls12-in-tls13] -ssl_conf = 46-curve-secp160k1-tls12-in-tls13-ssl +[51-curve-secp160k1-tls12-in-tls13] +ssl_conf = 51-curve-secp160k1-tls12-in-tls13-ssl -[46-curve-secp160k1-tls12-in-tls13-ssl] -server = 46-curve-secp160k1-tls12-in-tls13-server -client = 46-curve-secp160k1-tls12-in-tls13-client +[51-curve-secp160k1-tls12-in-tls13-ssl] +server = 51-curve-secp160k1-tls12-in-tls13-server +client = 51-curve-secp160k1-tls12-in-tls13-client -[46-curve-secp160k1-tls12-in-tls13-server] +[51-curve-secp160k1-tls12-in-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = secp160k1:P-256 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[46-curve-secp160k1-tls12-in-tls13-client] +[51-curve-secp160k1-tls12-in-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = secp160k1:P-256 MaxProtocol = TLSv1.3 @@ -1456,7 +1616,7 @@ MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-46] +[test-51] ExpectedProtocol = TLSv1.3 ExpectedResult = Success ExpectedTmpKeyType = P-256 @@ -1464,21 +1624,21 @@ ExpectedTmpKeyType = P-256 # =========================================================== -[47-curve-secp160r1-tls12-in-tls13] -ssl_conf = 47-curve-secp160r1-tls12-in-tls13-ssl +[52-curve-secp160r1-tls12-in-tls13] +ssl_conf = 52-curve-secp160r1-tls12-in-tls13-ssl -[47-curve-secp160r1-tls12-in-tls13-ssl] -server = 47-curve-secp160r1-tls12-in-tls13-server -client = 47-curve-secp160r1-tls12-in-tls13-client +[52-curve-secp160r1-tls12-in-tls13-ssl] +server = 52-curve-secp160r1-tls12-in-tls13-server +client = 52-curve-secp160r1-tls12-in-tls13-client -[47-curve-secp160r1-tls12-in-tls13-server] +[52-curve-secp160r1-tls12-in-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = secp160r1:P-256 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[47-curve-secp160r1-tls12-in-tls13-client] +[52-curve-secp160r1-tls12-in-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = secp160r1:P-256 MaxProtocol = TLSv1.3 @@ -1486,7 +1646,7 @@ MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-47] +[test-52] ExpectedProtocol = TLSv1.3 ExpectedResult = Success ExpectedTmpKeyType = P-256 @@ -1494,21 +1654,21 @@ ExpectedTmpKeyType = P-256 # =========================================================== -[48-curve-secp160r2-tls12-in-tls13] -ssl_conf = 48-curve-secp160r2-tls12-in-tls13-ssl +[53-curve-secp160r2-tls12-in-tls13] +ssl_conf = 53-curve-secp160r2-tls12-in-tls13-ssl -[48-curve-secp160r2-tls12-in-tls13-ssl] -server = 48-curve-secp160r2-tls12-in-tls13-server -client = 48-curve-secp160r2-tls12-in-tls13-client +[53-curve-secp160r2-tls12-in-tls13-ssl] +server = 53-curve-secp160r2-tls12-in-tls13-server +client = 53-curve-secp160r2-tls12-in-tls13-client -[48-curve-secp160r2-tls12-in-tls13-server] +[53-curve-secp160r2-tls12-in-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = secp160r2:P-256 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[48-curve-secp160r2-tls12-in-tls13-client] +[53-curve-secp160r2-tls12-in-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = secp160r2:P-256 MaxProtocol = TLSv1.3 @@ -1516,7 +1676,7 @@ MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-48] +[test-53] ExpectedProtocol = TLSv1.3 ExpectedResult = Success ExpectedTmpKeyType = P-256 @@ -1524,21 +1684,21 @@ ExpectedTmpKeyType = P-256 # =========================================================== -[49-curve-secp192k1-tls12-in-tls13] -ssl_conf = 49-curve-secp192k1-tls12-in-tls13-ssl +[54-curve-secp192k1-tls12-in-tls13] +ssl_conf = 54-curve-secp192k1-tls12-in-tls13-ssl -[49-curve-secp192k1-tls12-in-tls13-ssl] -server = 49-curve-secp192k1-tls12-in-tls13-server -client = 49-curve-secp192k1-tls12-in-tls13-client +[54-curve-secp192k1-tls12-in-tls13-ssl] +server = 54-curve-secp192k1-tls12-in-tls13-server +client = 54-curve-secp192k1-tls12-in-tls13-client -[49-curve-secp192k1-tls12-in-tls13-server] +[54-curve-secp192k1-tls12-in-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = secp192k1:P-256 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[49-curve-secp192k1-tls12-in-tls13-client] +[54-curve-secp192k1-tls12-in-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = secp192k1:P-256 MaxProtocol = TLSv1.3 @@ -1546,7 +1706,7 @@ MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-49] +[test-54] ExpectedProtocol = TLSv1.3 ExpectedResult = Success ExpectedTmpKeyType = P-256 @@ -1554,21 +1714,21 @@ ExpectedTmpKeyType = P-256 # =========================================================== -[50-curve-secp224k1-tls12-in-tls13] -ssl_conf = 50-curve-secp224k1-tls12-in-tls13-ssl +[55-curve-secp224k1-tls12-in-tls13] +ssl_conf = 55-curve-secp224k1-tls12-in-tls13-ssl -[50-curve-secp224k1-tls12-in-tls13-ssl] -server = 50-curve-secp224k1-tls12-in-tls13-server -client = 50-curve-secp224k1-tls12-in-tls13-client +[55-curve-secp224k1-tls12-in-tls13-ssl] +server = 55-curve-secp224k1-tls12-in-tls13-server +client = 55-curve-secp224k1-tls12-in-tls13-client -[50-curve-secp224k1-tls12-in-tls13-server] +[55-curve-secp224k1-tls12-in-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = secp224k1:P-256 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[50-curve-secp224k1-tls12-in-tls13-client] +[55-curve-secp224k1-tls12-in-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = secp224k1:P-256 MaxProtocol = TLSv1.3 @@ -1576,7 +1736,7 @@ MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-50] +[test-55] ExpectedProtocol = TLSv1.3 ExpectedResult = Success ExpectedTmpKeyType = P-256 @@ -1584,21 +1744,21 @@ ExpectedTmpKeyType = P-256 # =========================================================== -[51-curve-secp256k1-tls12-in-tls13] -ssl_conf = 51-curve-secp256k1-tls12-in-tls13-ssl +[56-curve-secp256k1-tls12-in-tls13] +ssl_conf = 56-curve-secp256k1-tls12-in-tls13-ssl -[51-curve-secp256k1-tls12-in-tls13-ssl] -server = 51-curve-secp256k1-tls12-in-tls13-server -client = 51-curve-secp256k1-tls12-in-tls13-client +[56-curve-secp256k1-tls12-in-tls13-ssl] +server = 56-curve-secp256k1-tls12-in-tls13-server +client = 56-curve-secp256k1-tls12-in-tls13-client -[51-curve-secp256k1-tls12-in-tls13-server] +[56-curve-secp256k1-tls12-in-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = secp256k1:P-256 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[51-curve-secp256k1-tls12-in-tls13-client] +[56-curve-secp256k1-tls12-in-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = secp256k1:P-256 MaxProtocol = TLSv1.3 @@ -1606,7 +1766,7 @@ MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-51] +[test-56] ExpectedProtocol = TLSv1.3 ExpectedResult = Success ExpectedTmpKeyType = P-256 @@ -1614,21 +1774,21 @@ ExpectedTmpKeyType = P-256 # =========================================================== -[52-curve-brainpoolP256r1-tls12-in-tls13] -ssl_conf = 52-curve-brainpoolP256r1-tls12-in-tls13-ssl +[57-curve-brainpoolP256r1-tls12-in-tls13] +ssl_conf = 57-curve-brainpoolP256r1-tls12-in-tls13-ssl -[52-curve-brainpoolP256r1-tls12-in-tls13-ssl] -server = 52-curve-brainpoolP256r1-tls12-in-tls13-server -client = 52-curve-brainpoolP256r1-tls12-in-tls13-client +[57-curve-brainpoolP256r1-tls12-in-tls13-ssl] +server = 57-curve-brainpoolP256r1-tls12-in-tls13-server +client = 57-curve-brainpoolP256r1-tls12-in-tls13-client -[52-curve-brainpoolP256r1-tls12-in-tls13-server] +[57-curve-brainpoolP256r1-tls12-in-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = brainpoolP256r1:P-256 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[52-curve-brainpoolP256r1-tls12-in-tls13-client] +[57-curve-brainpoolP256r1-tls12-in-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = brainpoolP256r1:P-256 MaxProtocol = TLSv1.3 @@ -1636,7 +1796,7 @@ MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-52] +[test-57] ExpectedProtocol = TLSv1.3 ExpectedResult = Success ExpectedTmpKeyType = P-256 @@ -1644,21 +1804,21 @@ ExpectedTmpKeyType = P-256 # =========================================================== -[53-curve-brainpoolP384r1-tls12-in-tls13] -ssl_conf = 53-curve-brainpoolP384r1-tls12-in-tls13-ssl +[58-curve-brainpoolP384r1-tls12-in-tls13] +ssl_conf = 58-curve-brainpoolP384r1-tls12-in-tls13-ssl -[53-curve-brainpoolP384r1-tls12-in-tls13-ssl] -server = 53-curve-brainpoolP384r1-tls12-in-tls13-server -client = 53-curve-brainpoolP384r1-tls12-in-tls13-client +[58-curve-brainpoolP384r1-tls12-in-tls13-ssl] +server = 58-curve-brainpoolP384r1-tls12-in-tls13-server +client = 58-curve-brainpoolP384r1-tls12-in-tls13-client -[53-curve-brainpoolP384r1-tls12-in-tls13-server] +[58-curve-brainpoolP384r1-tls12-in-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = brainpoolP384r1:P-256 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[53-curve-brainpoolP384r1-tls12-in-tls13-client] +[58-curve-brainpoolP384r1-tls12-in-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = brainpoolP384r1:P-256 MaxProtocol = TLSv1.3 @@ -1666,7 +1826,7 @@ MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-53] +[test-58] ExpectedProtocol = TLSv1.3 ExpectedResult = Success ExpectedTmpKeyType = P-256 @@ -1674,21 +1834,21 @@ ExpectedTmpKeyType = P-256 # =========================================================== -[54-curve-brainpoolP512r1-tls12-in-tls13] -ssl_conf = 54-curve-brainpoolP512r1-tls12-in-tls13-ssl +[59-curve-brainpoolP512r1-tls12-in-tls13] +ssl_conf = 59-curve-brainpoolP512r1-tls12-in-tls13-ssl -[54-curve-brainpoolP512r1-tls12-in-tls13-ssl] -server = 54-curve-brainpoolP512r1-tls12-in-tls13-server -client = 54-curve-brainpoolP512r1-tls12-in-tls13-client +[59-curve-brainpoolP512r1-tls12-in-tls13-ssl] +server = 59-curve-brainpoolP512r1-tls12-in-tls13-server +client = 59-curve-brainpoolP512r1-tls12-in-tls13-client -[54-curve-brainpoolP512r1-tls12-in-tls13-server] +[59-curve-brainpoolP512r1-tls12-in-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = brainpoolP512r1:P-256 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[54-curve-brainpoolP512r1-tls12-in-tls13-client] +[59-curve-brainpoolP512r1-tls12-in-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = brainpoolP512r1:P-256 MaxProtocol = TLSv1.3 @@ -1696,7 +1856,7 @@ MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-54] +[test-59] ExpectedProtocol = TLSv1.3 ExpectedResult = Success ExpectedTmpKeyType = P-256 @@ -1704,676 +1864,946 @@ ExpectedTmpKeyType = P-256 # =========================================================== -[55-curve-sect233k1-tls13] -ssl_conf = 55-curve-sect233k1-tls13-ssl +[60-curve-sect233k1-tls13] +ssl_conf = 60-curve-sect233k1-tls13-ssl -[55-curve-sect233k1-tls13-ssl] -server = 55-curve-sect233k1-tls13-server -client = 55-curve-sect233k1-tls13-client +[60-curve-sect233k1-tls13-ssl] +server = 60-curve-sect233k1-tls13-server +client = 60-curve-sect233k1-tls13-client -[55-curve-sect233k1-tls13-server] +[60-curve-sect233k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect233k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[55-curve-sect233k1-tls13-client] +[60-curve-sect233k1-tls13-client] CipherString = ECDHE Curves = sect233k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-55] +[test-60] ExpectedResult = ClientFail # =========================================================== -[56-curve-sect233r1-tls13] -ssl_conf = 56-curve-sect233r1-tls13-ssl +[61-curve-sect233r1-tls13] +ssl_conf = 61-curve-sect233r1-tls13-ssl -[56-curve-sect233r1-tls13-ssl] -server = 56-curve-sect233r1-tls13-server -client = 56-curve-sect233r1-tls13-client +[61-curve-sect233r1-tls13-ssl] +server = 61-curve-sect233r1-tls13-server +client = 61-curve-sect233r1-tls13-client -[56-curve-sect233r1-tls13-server] +[61-curve-sect233r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect233r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[56-curve-sect233r1-tls13-client] +[61-curve-sect233r1-tls13-client] CipherString = ECDHE Curves = sect233r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-56] +[test-61] ExpectedResult = ClientFail # =========================================================== -[57-curve-sect283k1-tls13] -ssl_conf = 57-curve-sect283k1-tls13-ssl +[62-curve-sect283k1-tls13] +ssl_conf = 62-curve-sect283k1-tls13-ssl -[57-curve-sect283k1-tls13-ssl] -server = 57-curve-sect283k1-tls13-server -client = 57-curve-sect283k1-tls13-client +[62-curve-sect283k1-tls13-ssl] +server = 62-curve-sect283k1-tls13-server +client = 62-curve-sect283k1-tls13-client -[57-curve-sect283k1-tls13-server] +[62-curve-sect283k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect283k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[57-curve-sect283k1-tls13-client] +[62-curve-sect283k1-tls13-client] CipherString = ECDHE Curves = sect283k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-57] +[test-62] ExpectedResult = ClientFail # =========================================================== -[58-curve-sect283r1-tls13] -ssl_conf = 58-curve-sect283r1-tls13-ssl +[63-curve-sect283r1-tls13] +ssl_conf = 63-curve-sect283r1-tls13-ssl -[58-curve-sect283r1-tls13-ssl] -server = 58-curve-sect283r1-tls13-server -client = 58-curve-sect283r1-tls13-client +[63-curve-sect283r1-tls13-ssl] +server = 63-curve-sect283r1-tls13-server +client = 63-curve-sect283r1-tls13-client -[58-curve-sect283r1-tls13-server] +[63-curve-sect283r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect283r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[58-curve-sect283r1-tls13-client] +[63-curve-sect283r1-tls13-client] CipherString = ECDHE Curves = sect283r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-58] +[test-63] ExpectedResult = ClientFail # =========================================================== -[59-curve-sect409k1-tls13] -ssl_conf = 59-curve-sect409k1-tls13-ssl +[64-curve-sect409k1-tls13] +ssl_conf = 64-curve-sect409k1-tls13-ssl -[59-curve-sect409k1-tls13-ssl] -server = 59-curve-sect409k1-tls13-server -client = 59-curve-sect409k1-tls13-client +[64-curve-sect409k1-tls13-ssl] +server = 64-curve-sect409k1-tls13-server +client = 64-curve-sect409k1-tls13-client -[59-curve-sect409k1-tls13-server] +[64-curve-sect409k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect409k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[59-curve-sect409k1-tls13-client] +[64-curve-sect409k1-tls13-client] CipherString = ECDHE Curves = sect409k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-59] +[test-64] ExpectedResult = ClientFail # =========================================================== -[60-curve-sect409r1-tls13] -ssl_conf = 60-curve-sect409r1-tls13-ssl +[65-curve-sect409r1-tls13] +ssl_conf = 65-curve-sect409r1-tls13-ssl -[60-curve-sect409r1-tls13-ssl] -server = 60-curve-sect409r1-tls13-server -client = 60-curve-sect409r1-tls13-client +[65-curve-sect409r1-tls13-ssl] +server = 65-curve-sect409r1-tls13-server +client = 65-curve-sect409r1-tls13-client -[60-curve-sect409r1-tls13-server] +[65-curve-sect409r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect409r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[60-curve-sect409r1-tls13-client] +[65-curve-sect409r1-tls13-client] CipherString = ECDHE Curves = sect409r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-60] +[test-65] ExpectedResult = ClientFail # =========================================================== -[61-curve-sect571k1-tls13] -ssl_conf = 61-curve-sect571k1-tls13-ssl +[66-curve-sect571k1-tls13] +ssl_conf = 66-curve-sect571k1-tls13-ssl -[61-curve-sect571k1-tls13-ssl] -server = 61-curve-sect571k1-tls13-server -client = 61-curve-sect571k1-tls13-client +[66-curve-sect571k1-tls13-ssl] +server = 66-curve-sect571k1-tls13-server +client = 66-curve-sect571k1-tls13-client -[61-curve-sect571k1-tls13-server] +[66-curve-sect571k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect571k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[61-curve-sect571k1-tls13-client] +[66-curve-sect571k1-tls13-client] CipherString = ECDHE Curves = sect571k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-61] +[test-66] ExpectedResult = ClientFail # =========================================================== -[62-curve-sect571r1-tls13] -ssl_conf = 62-curve-sect571r1-tls13-ssl +[67-curve-sect571r1-tls13] +ssl_conf = 67-curve-sect571r1-tls13-ssl -[62-curve-sect571r1-tls13-ssl] -server = 62-curve-sect571r1-tls13-server -client = 62-curve-sect571r1-tls13-client +[67-curve-sect571r1-tls13-ssl] +server = 67-curve-sect571r1-tls13-server +client = 67-curve-sect571r1-tls13-client -[62-curve-sect571r1-tls13-server] +[67-curve-sect571r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect571r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[62-curve-sect571r1-tls13-client] +[67-curve-sect571r1-tls13-client] CipherString = ECDHE Curves = sect571r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-62] +[test-67] ExpectedResult = ClientFail # =========================================================== -[63-curve-secp224r1-tls13] -ssl_conf = 63-curve-secp224r1-tls13-ssl +[68-curve-secp224r1-tls13] +ssl_conf = 68-curve-secp224r1-tls13-ssl -[63-curve-secp224r1-tls13-ssl] -server = 63-curve-secp224r1-tls13-server -client = 63-curve-secp224r1-tls13-client +[68-curve-secp224r1-tls13-ssl] +server = 68-curve-secp224r1-tls13-server +client = 68-curve-secp224r1-tls13-client -[63-curve-secp224r1-tls13-server] +[68-curve-secp224r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = secp224r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[63-curve-secp224r1-tls13-client] +[68-curve-secp224r1-tls13-client] CipherString = ECDHE Curves = secp224r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-63] +[test-68] ExpectedResult = ClientFail # =========================================================== -[64-curve-sect163k1-tls13] -ssl_conf = 64-curve-sect163k1-tls13-ssl +[69-curve-sect163k1-tls13] +ssl_conf = 69-curve-sect163k1-tls13-ssl -[64-curve-sect163k1-tls13-ssl] -server = 64-curve-sect163k1-tls13-server -client = 64-curve-sect163k1-tls13-client +[69-curve-sect163k1-tls13-ssl] +server = 69-curve-sect163k1-tls13-server +client = 69-curve-sect163k1-tls13-client -[64-curve-sect163k1-tls13-server] +[69-curve-sect163k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect163k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[64-curve-sect163k1-tls13-client] +[69-curve-sect163k1-tls13-client] CipherString = ECDHE Curves = sect163k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-64] +[test-69] ExpectedResult = ClientFail # =========================================================== -[65-curve-sect163r2-tls13] -ssl_conf = 65-curve-sect163r2-tls13-ssl +[70-curve-sect163r2-tls13] +ssl_conf = 70-curve-sect163r2-tls13-ssl -[65-curve-sect163r2-tls13-ssl] -server = 65-curve-sect163r2-tls13-server -client = 65-curve-sect163r2-tls13-client +[70-curve-sect163r2-tls13-ssl] +server = 70-curve-sect163r2-tls13-server +client = 70-curve-sect163r2-tls13-client -[65-curve-sect163r2-tls13-server] +[70-curve-sect163r2-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect163r2 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[65-curve-sect163r2-tls13-client] +[70-curve-sect163r2-tls13-client] CipherString = ECDHE Curves = sect163r2 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-65] +[test-70] ExpectedResult = ClientFail # =========================================================== -[66-curve-prime192v1-tls13] -ssl_conf = 66-curve-prime192v1-tls13-ssl +[71-curve-prime192v1-tls13] +ssl_conf = 71-curve-prime192v1-tls13-ssl -[66-curve-prime192v1-tls13-ssl] -server = 66-curve-prime192v1-tls13-server -client = 66-curve-prime192v1-tls13-client +[71-curve-prime192v1-tls13-ssl] +server = 71-curve-prime192v1-tls13-server +client = 71-curve-prime192v1-tls13-client -[66-curve-prime192v1-tls13-server] +[71-curve-prime192v1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = prime192v1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[66-curve-prime192v1-tls13-client] +[71-curve-prime192v1-tls13-client] CipherString = ECDHE Curves = prime192v1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-66] +[test-71] ExpectedResult = ClientFail # =========================================================== -[67-curve-sect163r1-tls13] -ssl_conf = 67-curve-sect163r1-tls13-ssl +[72-curve-sect163r1-tls13] +ssl_conf = 72-curve-sect163r1-tls13-ssl -[67-curve-sect163r1-tls13-ssl] -server = 67-curve-sect163r1-tls13-server -client = 67-curve-sect163r1-tls13-client +[72-curve-sect163r1-tls13-ssl] +server = 72-curve-sect163r1-tls13-server +client = 72-curve-sect163r1-tls13-client -[67-curve-sect163r1-tls13-server] +[72-curve-sect163r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect163r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[67-curve-sect163r1-tls13-client] +[72-curve-sect163r1-tls13-client] CipherString = ECDHE Curves = sect163r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-67] +[test-72] ExpectedResult = ClientFail # =========================================================== -[68-curve-sect193r1-tls13] -ssl_conf = 68-curve-sect193r1-tls13-ssl +[73-curve-sect193r1-tls13] +ssl_conf = 73-curve-sect193r1-tls13-ssl -[68-curve-sect193r1-tls13-ssl] -server = 68-curve-sect193r1-tls13-server -client = 68-curve-sect193r1-tls13-client +[73-curve-sect193r1-tls13-ssl] +server = 73-curve-sect193r1-tls13-server +client = 73-curve-sect193r1-tls13-client -[68-curve-sect193r1-tls13-server] +[73-curve-sect193r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect193r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[68-curve-sect193r1-tls13-client] +[73-curve-sect193r1-tls13-client] CipherString = ECDHE Curves = sect193r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-68] +[test-73] ExpectedResult = ClientFail # =========================================================== -[69-curve-sect193r2-tls13] -ssl_conf = 69-curve-sect193r2-tls13-ssl +[74-curve-sect193r2-tls13] +ssl_conf = 74-curve-sect193r2-tls13-ssl -[69-curve-sect193r2-tls13-ssl] -server = 69-curve-sect193r2-tls13-server -client = 69-curve-sect193r2-tls13-client +[74-curve-sect193r2-tls13-ssl] +server = 74-curve-sect193r2-tls13-server +client = 74-curve-sect193r2-tls13-client -[69-curve-sect193r2-tls13-server] +[74-curve-sect193r2-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect193r2 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[69-curve-sect193r2-tls13-client] +[74-curve-sect193r2-tls13-client] CipherString = ECDHE Curves = sect193r2 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-69] +[test-74] ExpectedResult = ClientFail # =========================================================== -[70-curve-sect239k1-tls13] -ssl_conf = 70-curve-sect239k1-tls13-ssl +[75-curve-sect239k1-tls13] +ssl_conf = 75-curve-sect239k1-tls13-ssl -[70-curve-sect239k1-tls13-ssl] -server = 70-curve-sect239k1-tls13-server -client = 70-curve-sect239k1-tls13-client +[75-curve-sect239k1-tls13-ssl] +server = 75-curve-sect239k1-tls13-server +client = 75-curve-sect239k1-tls13-client -[70-curve-sect239k1-tls13-server] +[75-curve-sect239k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect239k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[70-curve-sect239k1-tls13-client] +[75-curve-sect239k1-tls13-client] CipherString = ECDHE Curves = sect239k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-70] +[test-75] ExpectedResult = ClientFail # =========================================================== -[71-curve-secp160k1-tls13] -ssl_conf = 71-curve-secp160k1-tls13-ssl +[76-curve-secp160k1-tls13] +ssl_conf = 76-curve-secp160k1-tls13-ssl -[71-curve-secp160k1-tls13-ssl] -server = 71-curve-secp160k1-tls13-server -client = 71-curve-secp160k1-tls13-client +[76-curve-secp160k1-tls13-ssl] +server = 76-curve-secp160k1-tls13-server +client = 76-curve-secp160k1-tls13-client -[71-curve-secp160k1-tls13-server] +[76-curve-secp160k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = secp160k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[71-curve-secp160k1-tls13-client] +[76-curve-secp160k1-tls13-client] CipherString = ECDHE Curves = secp160k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-71] +[test-76] ExpectedResult = ClientFail # =========================================================== -[72-curve-secp160r1-tls13] -ssl_conf = 72-curve-secp160r1-tls13-ssl +[77-curve-secp160r1-tls13] +ssl_conf = 77-curve-secp160r1-tls13-ssl -[72-curve-secp160r1-tls13-ssl] -server = 72-curve-secp160r1-tls13-server -client = 72-curve-secp160r1-tls13-client +[77-curve-secp160r1-tls13-ssl] +server = 77-curve-secp160r1-tls13-server +client = 77-curve-secp160r1-tls13-client -[72-curve-secp160r1-tls13-server] +[77-curve-secp160r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = secp160r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[72-curve-secp160r1-tls13-client] +[77-curve-secp160r1-tls13-client] CipherString = ECDHE Curves = secp160r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-72] +[test-77] ExpectedResult = ClientFail # =========================================================== -[73-curve-secp160r2-tls13] -ssl_conf = 73-curve-secp160r2-tls13-ssl +[78-curve-secp160r2-tls13] +ssl_conf = 78-curve-secp160r2-tls13-ssl -[73-curve-secp160r2-tls13-ssl] -server = 73-curve-secp160r2-tls13-server -client = 73-curve-secp160r2-tls13-client +[78-curve-secp160r2-tls13-ssl] +server = 78-curve-secp160r2-tls13-server +client = 78-curve-secp160r2-tls13-client -[73-curve-secp160r2-tls13-server] +[78-curve-secp160r2-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = secp160r2 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[73-curve-secp160r2-tls13-client] +[78-curve-secp160r2-tls13-client] CipherString = ECDHE Curves = secp160r2 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-73] +[test-78] ExpectedResult = ClientFail # =========================================================== -[74-curve-secp192k1-tls13] -ssl_conf = 74-curve-secp192k1-tls13-ssl +[79-curve-secp192k1-tls13] +ssl_conf = 79-curve-secp192k1-tls13-ssl -[74-curve-secp192k1-tls13-ssl] -server = 74-curve-secp192k1-tls13-server -client = 74-curve-secp192k1-tls13-client +[79-curve-secp192k1-tls13-ssl] +server = 79-curve-secp192k1-tls13-server +client = 79-curve-secp192k1-tls13-client -[74-curve-secp192k1-tls13-server] +[79-curve-secp192k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = secp192k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[74-curve-secp192k1-tls13-client] +[79-curve-secp192k1-tls13-client] CipherString = ECDHE Curves = secp192k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-74] +[test-79] ExpectedResult = ClientFail # =========================================================== -[75-curve-secp224k1-tls13] -ssl_conf = 75-curve-secp224k1-tls13-ssl +[80-curve-secp224k1-tls13] +ssl_conf = 80-curve-secp224k1-tls13-ssl -[75-curve-secp224k1-tls13-ssl] -server = 75-curve-secp224k1-tls13-server -client = 75-curve-secp224k1-tls13-client +[80-curve-secp224k1-tls13-ssl] +server = 80-curve-secp224k1-tls13-server +client = 80-curve-secp224k1-tls13-client -[75-curve-secp224k1-tls13-server] +[80-curve-secp224k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = secp224k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[75-curve-secp224k1-tls13-client] +[80-curve-secp224k1-tls13-client] CipherString = ECDHE Curves = secp224k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-75] +[test-80] ExpectedResult = ClientFail # =========================================================== -[76-curve-secp256k1-tls13] -ssl_conf = 76-curve-secp256k1-tls13-ssl +[81-curve-secp256k1-tls13] +ssl_conf = 81-curve-secp256k1-tls13-ssl -[76-curve-secp256k1-tls13-ssl] -server = 76-curve-secp256k1-tls13-server -client = 76-curve-secp256k1-tls13-client +[81-curve-secp256k1-tls13-ssl] +server = 81-curve-secp256k1-tls13-server +client = 81-curve-secp256k1-tls13-client -[76-curve-secp256k1-tls13-server] +[81-curve-secp256k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = secp256k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[76-curve-secp256k1-tls13-client] +[81-curve-secp256k1-tls13-client] CipherString = ECDHE Curves = secp256k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-76] +[test-81] ExpectedResult = ClientFail # =========================================================== -[77-curve-brainpoolP256r1-tls13] -ssl_conf = 77-curve-brainpoolP256r1-tls13-ssl +[82-curve-brainpoolP256r1-tls13] +ssl_conf = 82-curve-brainpoolP256r1-tls13-ssl -[77-curve-brainpoolP256r1-tls13-ssl] -server = 77-curve-brainpoolP256r1-tls13-server -client = 77-curve-brainpoolP256r1-tls13-client +[82-curve-brainpoolP256r1-tls13-ssl] +server = 82-curve-brainpoolP256r1-tls13-server +client = 82-curve-brainpoolP256r1-tls13-client -[77-curve-brainpoolP256r1-tls13-server] +[82-curve-brainpoolP256r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = brainpoolP256r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[77-curve-brainpoolP256r1-tls13-client] +[82-curve-brainpoolP256r1-tls13-client] CipherString = ECDHE Curves = brainpoolP256r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-77] +[test-82] ExpectedResult = ClientFail # =========================================================== -[78-curve-brainpoolP384r1-tls13] -ssl_conf = 78-curve-brainpoolP384r1-tls13-ssl +[83-curve-brainpoolP384r1-tls13] +ssl_conf = 83-curve-brainpoolP384r1-tls13-ssl -[78-curve-brainpoolP384r1-tls13-ssl] -server = 78-curve-brainpoolP384r1-tls13-server -client = 78-curve-brainpoolP384r1-tls13-client +[83-curve-brainpoolP384r1-tls13-ssl] +server = 83-curve-brainpoolP384r1-tls13-server +client = 83-curve-brainpoolP384r1-tls13-client -[78-curve-brainpoolP384r1-tls13-server] +[83-curve-brainpoolP384r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = brainpoolP384r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[78-curve-brainpoolP384r1-tls13-client] +[83-curve-brainpoolP384r1-tls13-client] CipherString = ECDHE Curves = brainpoolP384r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-78] +[test-83] ExpectedResult = ClientFail # =========================================================== -[79-curve-brainpoolP512r1-tls13] -ssl_conf = 79-curve-brainpoolP512r1-tls13-ssl +[84-curve-brainpoolP512r1-tls13] +ssl_conf = 84-curve-brainpoolP512r1-tls13-ssl -[79-curve-brainpoolP512r1-tls13-ssl] -server = 79-curve-brainpoolP512r1-tls13-server -client = 79-curve-brainpoolP512r1-tls13-client +[84-curve-brainpoolP512r1-tls13-ssl] +server = 84-curve-brainpoolP512r1-tls13-server +client = 84-curve-brainpoolP512r1-tls13-client -[79-curve-brainpoolP512r1-tls13-server] +[84-curve-brainpoolP512r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = brainpoolP512r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[79-curve-brainpoolP512r1-tls13-client] +[84-curve-brainpoolP512r1-tls13-client] CipherString = ECDHE Curves = brainpoolP512r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-79] +[test-84] ExpectedResult = ClientFail +# =========================================================== + +[85-curve-ffdhe2048-tls13-in-tls12] +ssl_conf = 85-curve-ffdhe2048-tls13-in-tls12-ssl + +[85-curve-ffdhe2048-tls13-in-tls12-ssl] +server = 85-curve-ffdhe2048-tls13-in-tls12-server +client = 85-curve-ffdhe2048-tls13-in-tls12-client + +[85-curve-ffdhe2048-tls13-in-tls12-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = ffdhe2048 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[85-curve-ffdhe2048-tls13-in-tls12-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = ffdhe2048 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-85] +ExpectedResult = ServerFail + + +# =========================================================== + +[86-curve-ffdhe2048-tls13-in-tls12-2] +ssl_conf = 86-curve-ffdhe2048-tls13-in-tls12-2-ssl + +[86-curve-ffdhe2048-tls13-in-tls12-2-ssl] +server = 86-curve-ffdhe2048-tls13-in-tls12-2-server +client = 86-curve-ffdhe2048-tls13-in-tls12-2-client + +[86-curve-ffdhe2048-tls13-in-tls12-2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = ffdhe2048 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[86-curve-ffdhe2048-tls13-in-tls12-2-client] +CipherString = DEFAULT@SECLEVEL=1 +Curves = ffdhe2048 +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-86] +ExpectedResult = Success + + +# =========================================================== + +[87-curve-ffdhe3072-tls13-in-tls12] +ssl_conf = 87-curve-ffdhe3072-tls13-in-tls12-ssl + +[87-curve-ffdhe3072-tls13-in-tls12-ssl] +server = 87-curve-ffdhe3072-tls13-in-tls12-server +client = 87-curve-ffdhe3072-tls13-in-tls12-client + +[87-curve-ffdhe3072-tls13-in-tls12-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = ffdhe3072 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[87-curve-ffdhe3072-tls13-in-tls12-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = ffdhe3072 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-87] +ExpectedResult = ServerFail + + +# =========================================================== + +[88-curve-ffdhe3072-tls13-in-tls12-2] +ssl_conf = 88-curve-ffdhe3072-tls13-in-tls12-2-ssl + +[88-curve-ffdhe3072-tls13-in-tls12-2-ssl] +server = 88-curve-ffdhe3072-tls13-in-tls12-2-server +client = 88-curve-ffdhe3072-tls13-in-tls12-2-client + +[88-curve-ffdhe3072-tls13-in-tls12-2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = ffdhe3072 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[88-curve-ffdhe3072-tls13-in-tls12-2-client] +CipherString = DEFAULT@SECLEVEL=1 +Curves = ffdhe3072 +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-88] +ExpectedResult = Success + + +# =========================================================== + +[89-curve-ffdhe4096-tls13-in-tls12] +ssl_conf = 89-curve-ffdhe4096-tls13-in-tls12-ssl + +[89-curve-ffdhe4096-tls13-in-tls12-ssl] +server = 89-curve-ffdhe4096-tls13-in-tls12-server +client = 89-curve-ffdhe4096-tls13-in-tls12-client + +[89-curve-ffdhe4096-tls13-in-tls12-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = ffdhe4096 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[89-curve-ffdhe4096-tls13-in-tls12-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = ffdhe4096 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-89] +ExpectedResult = ServerFail + + +# =========================================================== + +[90-curve-ffdhe4096-tls13-in-tls12-2] +ssl_conf = 90-curve-ffdhe4096-tls13-in-tls12-2-ssl + +[90-curve-ffdhe4096-tls13-in-tls12-2-ssl] +server = 90-curve-ffdhe4096-tls13-in-tls12-2-server +client = 90-curve-ffdhe4096-tls13-in-tls12-2-client + +[90-curve-ffdhe4096-tls13-in-tls12-2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = ffdhe4096 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[90-curve-ffdhe4096-tls13-in-tls12-2-client] +CipherString = DEFAULT@SECLEVEL=1 +Curves = ffdhe4096 +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-90] +ExpectedResult = Success + + +# =========================================================== + +[91-curve-ffdhe6144-tls13-in-tls12] +ssl_conf = 91-curve-ffdhe6144-tls13-in-tls12-ssl + +[91-curve-ffdhe6144-tls13-in-tls12-ssl] +server = 91-curve-ffdhe6144-tls13-in-tls12-server +client = 91-curve-ffdhe6144-tls13-in-tls12-client + +[91-curve-ffdhe6144-tls13-in-tls12-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = ffdhe6144 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[91-curve-ffdhe6144-tls13-in-tls12-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = ffdhe6144 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-91] +ExpectedResult = ServerFail + + +# =========================================================== + +[92-curve-ffdhe6144-tls13-in-tls12-2] +ssl_conf = 92-curve-ffdhe6144-tls13-in-tls12-2-ssl + +[92-curve-ffdhe6144-tls13-in-tls12-2-ssl] +server = 92-curve-ffdhe6144-tls13-in-tls12-2-server +client = 92-curve-ffdhe6144-tls13-in-tls12-2-client + +[92-curve-ffdhe6144-tls13-in-tls12-2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = ffdhe6144 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[92-curve-ffdhe6144-tls13-in-tls12-2-client] +CipherString = DEFAULT@SECLEVEL=1 +Curves = ffdhe6144 +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-92] +ExpectedResult = Success + + +# =========================================================== + +[93-curve-ffdhe8192-tls13-in-tls12] +ssl_conf = 93-curve-ffdhe8192-tls13-in-tls12-ssl + +[93-curve-ffdhe8192-tls13-in-tls12-ssl] +server = 93-curve-ffdhe8192-tls13-in-tls12-server +client = 93-curve-ffdhe8192-tls13-in-tls12-client + +[93-curve-ffdhe8192-tls13-in-tls12-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = ffdhe8192 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[93-curve-ffdhe8192-tls13-in-tls12-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = ffdhe8192 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-93] +ExpectedResult = ServerFail + + +# =========================================================== + +[94-curve-ffdhe8192-tls13-in-tls12-2] +ssl_conf = 94-curve-ffdhe8192-tls13-in-tls12-2-ssl + +[94-curve-ffdhe8192-tls13-in-tls12-2-ssl] +server = 94-curve-ffdhe8192-tls13-in-tls12-2-server +client = 94-curve-ffdhe8192-tls13-in-tls12-2-client + +[94-curve-ffdhe8192-tls13-in-tls12-2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = ffdhe8192 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[94-curve-ffdhe8192-tls13-in-tls12-2-client] +CipherString = DEFAULT@SECLEVEL=1 +Curves = ffdhe8192 +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-94] +ExpectedResult = Success + + diff --git a/deps/openssl/openssl/test/ssl-tests/14-curves.cnf.in b/deps/openssl/openssl/test/ssl-tests/14-curves.cnf.in index 5653e70bef21c4..1e003bace0b7a4 100644 --- a/deps/openssl/openssl/test/ssl-tests/14-curves.cnf.in +++ b/deps/openssl/openssl/test/ssl-tests/14-curves.cnf.in @@ -15,6 +15,12 @@ our $fips_mode; my @curves = ("prime256v1", "secp384r1", "secp521r1", "X25519", "X448"); +#Curves *only* suitable for use in TLSv1.3 +my @curves_tls_1_3 = ("ffdhe2048", "ffdhe3072", "ffdhe4096", "ffdhe6144", + "ffdhe8192"); + +push @curves, @curves_tls_1_3; + my @curves_tls_1_2 = ("sect233k1", "sect233r1", "sect283k1", "sect283r1", "sect409k1", "sect409r1", "sect571k1", "sect571r1", "secp224r1"); @@ -29,6 +35,19 @@ push @curves_tls_1_2, @curves_non_fips if !$fips_mode; our @tests = (); +sub get_key_type { + my $group = shift; + my $keyType; + + if ($group =~ /ffdhe/) { + $keyType = "dhKeyAgreement"; + } else { + $keyType = $group; + } + + return $keyType; +} + sub generate_tests() { foreach (0..$#curves) { my $curve = $curves[$_]; @@ -44,7 +63,7 @@ sub generate_tests() { "Curves" => $curve }, test => { - "ExpectedTmpKeyType" => $curve, + "ExpectedTmpKeyType" => get_key_type($curve), "ExpectedProtocol" => "TLSv1.3", "ExpectedResult" => "Success" }, @@ -64,7 +83,7 @@ sub generate_tests() { "Curves" => $curve }, test => { - "ExpectedTmpKeyType" => $curve, + "ExpectedTmpKeyType" => get_key_type($curve), "ExpectedProtocol" => "TLSv1.2", "ExpectedResult" => "Success" }, @@ -112,6 +131,47 @@ sub generate_tests() { }, }; } + foreach (0..$#curves_tls_1_3) { + my $curve = $curves_tls_1_3[$_]; + push @tests, { + name => "curve-${curve}-tls13-in-tls12", + server => { + "Curves" => $curve, + "CipherString" => 'DEFAULT@SECLEVEL=1', + "MaxProtocol" => "TLSv1.3" + }, + client => { + "CipherString" => 'ECDHE@SECLEVEL=1', + "MaxProtocol" => "TLSv1.2", + "Curves" => $curve + }, + test => { + #These curves are only suitable for TLSv1.3 so we expect the + #server to fail because it has no shared groups for TLSv1.2 + #ECDHE key exchange + "ExpectedResult" => "ServerFail" + }, + }; + push @tests, { + name => "curve-${curve}-tls13-in-tls12-2", + server => { + "Curves" => $curve, + "CipherString" => 'DEFAULT@SECLEVEL=1', + "MaxProtocol" => "TLSv1.2" + }, + client => { + "CipherString" => 'DEFAULT@SECLEVEL=1', + "MaxProtocol" => "TLSv1.3", + "Curves" => $curve + }, + test => { + #These curves are only suitable for TLSv1.3. We expect TLSv1.2 + #negotiation to succeed because we fall back to some other + #ciphersuite + "ExpectedResult" => "Success" + }, + }; + } } generate_tests(); diff --git a/deps/openssl/openssl/test/ssl_old_test.c b/deps/openssl/openssl/test/ssl_old_test.c index 91c8b5b7b535f6..6b56754b824017 100644 --- a/deps/openssl/openssl/test/ssl_old_test.c +++ b/deps/openssl/openssl/test/ssl_old_test.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -1525,8 +1525,10 @@ int main(int argc, char *argv[]) ERR_print_errors(bio_err); goto end; } - SSL_CTX_set0_tmp_dh_pkey(s_ctx, dhpkey); - SSL_CTX_set0_tmp_dh_pkey(s_ctx2, dhpkey); + if (!SSL_CTX_set0_tmp_dh_pkey(s_ctx, dhpkey)) + EVP_PKEY_free(dhpkey); + if (!SSL_CTX_set0_tmp_dh_pkey(s_ctx2, dhpkey)) + EVP_PKEY_free(dhpkey); } #endif diff --git a/deps/openssl/openssl/test/sslapitest.c b/deps/openssl/openssl/test/sslapitest.c index 0a775c9b1d4536..a7df6552eb16b2 100644 --- a/deps/openssl/openssl/test/sslapitest.c +++ b/deps/openssl/openssl/test/sslapitest.c @@ -948,18 +948,13 @@ static int test_ccs_change_cipher(void) } #endif -static int execute_test_large_message(const SSL_METHOD *smeth, - const SSL_METHOD *cmeth, - int min_version, int max_version, - int read_ahead) +static int add_large_cert_chain(SSL_CTX *sctx) { - SSL_CTX *cctx = NULL, *sctx = NULL; - SSL *clientssl = NULL, *serverssl = NULL; - int testresult = 0; - int i; BIO *certbio = NULL; X509 *chaincert = NULL; int certlen; + int ret = 0; + int i; if (!TEST_ptr(certbio = BIO_new_file(cert, "r"))) goto end; @@ -972,6 +967,41 @@ static int execute_test_large_message(const SSL_METHOD *smeth, BIO_free(certbio); certbio = NULL; + /* + * We assume the supplied certificate is big enough so that if we add + * NUM_EXTRA_CERTS it will make the overall message large enough. The + * default buffer size is requested to be 16k, but due to the way BUF_MEM + * works, it ends up allocating a little over 21k (16 * 4/3). So, in this + * test we need to have a message larger than that. + */ + certlen = i2d_X509(chaincert, NULL); + OPENSSL_assert(certlen * NUM_EXTRA_CERTS > + (SSL3_RT_MAX_PLAIN_LENGTH * 4) / 3); + for (i = 0; i < NUM_EXTRA_CERTS; i++) { + if (!X509_up_ref(chaincert)) + goto end; + if (!SSL_CTX_add_extra_chain_cert(sctx, chaincert)) { + X509_free(chaincert); + goto end; + } + } + + ret = 1; + end: + BIO_free(certbio); + X509_free(chaincert); + return ret; +} + +static int execute_test_large_message(const SSL_METHOD *smeth, + const SSL_METHOD *cmeth, + int min_version, int max_version, + int read_ahead) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + int testresult = 0; + if (!TEST_true(create_ssl_ctx_pair(libctx, smeth, cmeth, min_version, max_version, &sctx, &cctx, cert, privkey))) @@ -998,24 +1028,8 @@ static int execute_test_large_message(const SSL_METHOD *smeth, SSL_CTX_set_read_ahead(cctx, 1); } - /* - * We assume the supplied certificate is big enough so that if we add - * NUM_EXTRA_CERTS it will make the overall message large enough. The - * default buffer size is requested to be 16k, but due to the way BUF_MEM - * works, it ends up allocating a little over 21k (16 * 4/3). So, in this - * test we need to have a message larger than that. - */ - certlen = i2d_X509(chaincert, NULL); - OPENSSL_assert(certlen * NUM_EXTRA_CERTS > - (SSL3_RT_MAX_PLAIN_LENGTH * 4) / 3); - for (i = 0; i < NUM_EXTRA_CERTS; i++) { - if (!X509_up_ref(chaincert)) - goto end; - if (!SSL_CTX_add_extra_chain_cert(sctx, chaincert)) { - X509_free(chaincert); - goto end; - } - } + if (!add_large_cert_chain(sctx)) + goto end; if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, NULL)) @@ -1032,8 +1046,6 @@ static int execute_test_large_message(const SSL_METHOD *smeth, testresult = 1; end: - BIO_free(certbio); - X509_free(chaincert); SSL_free(serverssl); SSL_free(clientssl); SSL_CTX_free(sctx); @@ -1669,6 +1681,8 @@ static int test_large_app_data(int tst) return testresult; } +#if !defined(OPENSSL_NO_TLS1_2) || !defined(OSSL_NO_USABLE_TLS1_3) \ + || !defined(OPENSSL_NO_DTLS) static int execute_cleanse_plaintext(const SSL_METHOD *smeth, const SSL_METHOD *cmeth, int min_version, int max_version) @@ -1690,15 +1704,13 @@ static int execute_cleanse_plaintext(const SSL_METHOD *smeth, privkey))) goto end; -#ifdef OPENSSL_NO_DTLS1_2 - if (smeth == DTLS_server_method()) { # ifdef OPENSSL_NO_DTLS1_2 + if (smeth == DTLS_server_method()) { /* Not supported in the FIPS provider */ if (is_fips) { testresult = 1; goto end; }; -# endif /* * Default sigalgs are SHA1 based in 0) { ret = run_tests(argv[0]); cleanup_tests(); opt_check_usage(); - } else { + } else if (setup_res == 0) { opt_help(test_get_options()); } end: diff --git a/deps/openssl/openssl/test/testutil/provider.c b/deps/openssl/openssl/test/testutil/provider.c index 5d5991f502584e..79ae13b42a1f0f 100644 --- a/deps/openssl/openssl/test/testutil/provider.c +++ b/deps/openssl/openssl/test/testutil/provider.c @@ -177,11 +177,11 @@ int fips_provider_version_match(OSSL_LIB_CTX *libctx, const char *versions) } mode; while (*versions != '\0') { - for (; isspace(*versions); versions++) + for (; isspace((unsigned char)(*versions)); versions++) continue; if (*versions == '\0') break; - for (p = versions; *versions != '\0' && !isspace(*versions); versions++) + for (p = versions; *versions != '\0' && !isspace((unsigned char)(*versions)); versions++) continue; if (*p == '!') { mode = MODE_NE; @@ -201,7 +201,7 @@ int fips_provider_version_match(OSSL_LIB_CTX *libctx, const char *versions) } else if (*p == '>') { mode = MODE_GT; p++; - } else if (isdigit(*p)) { + } else if (isdigit((unsigned char)*p)) { mode = MODE_EQ; } else { TEST_info("Error matching FIPS version: mode %s\n", p); diff --git a/deps/openssl/openssl/util/missingssl.txt b/deps/openssl/openssl/util/missingssl.txt index 48219fd99a9a47..41ca8a8bbc0022 100644 --- a/deps/openssl/openssl/util/missingssl.txt +++ b/deps/openssl/openssl/util/missingssl.txt @@ -3,7 +3,6 @@ ERR_load_SSL_strings(3) SRP_Calc_A_param(3) SSL_COMP_get_name(3) SSL_COMP_set0_compression_methods(3) -SSL_CONF_CTX_finish(3) SSL_CTX_SRP_CTX_free(3) SSL_CTX_SRP_CTX_init(3) SSL_CTX_get0_certificate(3)