OpenSSL 3.2.1

Source commit: 3199a4eed0402f205987ca53cef3e0510d3cfacf

libs/openssl/CHANGES.md

@@ -25,6 +25,95 @@ OpenSSL Releases
 OpenSSL 3.2
 -----------
 
+### Changes between 3.2.0 and 3.2.1 [30 Jan 2024]
+
+ * A file in PKCS12 format can contain certificates and keys and may come from
+   an untrusted source. The PKCS12 specification allows certain fields to be
+   NULL, but OpenSSL did not correctly check for this case. A fix has been
+   applied to prevent a NULL pointer dereference that results in OpenSSL
+   crashing. If an application processes PKCS12 files from an untrusted source
+   using the OpenSSL APIs then that application will be vulnerable to this
+   issue prior to this fix.
+
+   OpenSSL APIs that were vulnerable to this are: PKCS12_parse(),
+   PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()
+   and PKCS12_newpass().
+
+   We have also fixed a similar issue in SMIME_write_PKCS7(). However since this
+   function is related to writing data we do not consider it security
+   significant.
+
+   ([CVE-2024-0727])
+
+   *Matt Caswell*
+
+ * When function EVP_PKEY_public_check() is called on RSA public keys,
+   a computation is done to confirm that the RSA modulus, n, is composite.
+   For valid RSA keys, n is a product of two or more large primes and this
+   computation completes quickly. However, if n is an overly large prime,
+   then this computation would take a long time.
+
+   An application that calls EVP_PKEY_public_check() and supplies an RSA key
+   obtained from an untrusted source could be vulnerable to a Denial of Service
+   attack.
+
+   The function EVP_PKEY_public_check() is not called from other OpenSSL
+   functions however it is called from the OpenSSL pkey command line
+   application. For that reason that application is also vulnerable if used
+   with the "-pubin" and "-check" options on untrusted data.
+
+   To resolve this issue RSA keys larger than OPENSSL_RSA_MAX_MODULUS_BITS will
+   now fail the check immediately with an RSA_R_MODULUS_TOO_LARGE error reason.
+
+   ([CVE-2023-6237])
+
+   *Tomáš Mráz*
+
+ * Restore the encoding of SM2 PrivateKeyInfo and SubjectPublicKeyInfo to
+   have the contained AlgorithmIdentifier.algorithm set to id-ecPublicKey
+   rather than SM2.
+
+   *Richard Levitte*
+
+ * The POLY1305 MAC (message authentication code) implementation in OpenSSL
+   for PowerPC CPUs saves the contents of vector registers in different
+   order than they are restored. Thus the contents of some of these vector
+   registers is corrupted when returning to the caller. The vulnerable code is
+   used only on newer PowerPC processors supporting the PowerISA 2.07
+   instructions.
+
+   The consequences of this kind of internal application state corruption can
+   be various - from no consequences, if the calling application does not
+   depend on the contents of non-volatile XMM registers at all, to the worst
+   consequences, where the attacker could get complete control of the
+   application process. However unless the compiler uses the vector registers
+   for storing pointers, the most likely consequence, if any, would be an
+   incorrect result of some application dependent calculations or a crash
+   leading to a denial of service.
+
+   ([CVE-2023-6129])
+
+   *Rohan McLure*
+
+ * Fix excessive time spent in DH check / generation with large Q parameter
+   value.
+
+   Applications that use the functions DH_generate_key() to generate an
+   X9.42 DH key may experience long delays. Likewise, applications that use
+   DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()
+   to check an X9.42 DH key or X9.42 DH parameters may experience long delays.
+   Where the key or parameters that are being checked have been obtained from
+   an untrusted source this may lead to a Denial of Service.
+
+   ([CVE-2023-5678])
+
+   *Richard Levitte*
+
+ * Disable building QUIC server utility when OpenSSL is configured with
+   `no-apps`.
+
+   *Vitalii Koshura*
+
 ### Changes between 3.1 and 3.2.0 [23 Nov 2023]
 
  * The BLAKE2b hash algorithm supports a configurable output length
@@ -477,22 +566,6 @@ OpenSSL 3.2
 OpenSSL 3.1
 -----------
 
-### Changes between 3.1.4 and 3.1.5 [xx XXX xxxx]
-
- * Fix excessive time spent in DH check / generation with large Q parameter
-   value.
-
-   Applications that use the functions DH_generate_key() to generate an
-   X9.42 DH key may experience long delays. Likewise, applications that use
-   DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()
-   to check an X9.42 DH key or X9.42 DH parameters may experience long delays.
-   Where the key or parameters that are being checked have been obtained from
-   an untrusted source this may lead to a Denial of Service.
-
-   ([CVE-2023-5678])
-
-   *Richard Levitte*
-
 ### Changes between 3.1.3 and 3.1.4 [24 Oct 2023]
 
  * Fix incorrect key and IV resizing issues when calling EVP_EncryptInit_ex2(),
@@ -20319,6 +20392,9 @@ ndif
 
 <!-- Links -->
 
+[CVE-2024-0727]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-0727
+[CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237
+[CVE-2023-6129]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6129
 [CVE-2023-5678]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5678
 [CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363
 [CVE-2023-4807]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-4807

libs/openssl/CONTRIBUTING.md

@@ -9,22 +9,36 @@ Development is done on GitHub in the [openssl/openssl] repository.
 
   [openssl/openssl]: <https://github.com/openssl/openssl>
 
-To request new features or report bugs, please open an issue on GitHub
+To request new a feature, ask a question, or report a bug,
+please open an [issue on GitHub](https://github.com/openssl/openssl/issues).
 
-To submit a patch, please open a pull request on GitHub.  If you are thinking
-of making a large contribution, open an issue for it before starting work,
-to get comments from the community.  Someone may be already working on
-the same thing, or there may be reasons why that feature isn't implemented.
+To submit a patch or implement a new feature, please open a
+[pull request on GitHub](https://github.com/openssl/openssl/pulls).
+If you are thinking of making a large contribution,
+open an issue for it before starting work, to get comments from the community.
+Someone may be already working on the same thing,
+or there may be special reasons why a feature is not implemented.
 
 To make it easier to review and accept your pull request, please follow these
 guidelines:
 
  1. Anything other than a trivial contribution requires a [Contributor
     License Agreement] (CLA), giving us permission to use your code.
-    If your contribution is too small to require a CLA (e.g. fixing a spelling
-    mistake), place the text "`CLA: trivial`" on a line by itself separated by
-    an empty line from the rest of the commit message. It is not sufficient to
-    only place the text in the GitHub pull request description.
+    If your contribution is too small to require a CLA (e.g., fixing a spelling
+    mistake), then place the text "`CLA: trivial`" on a line by itself below
+    the rest of your commit message separated by an empty line, like this:
+
+    ```
+        One-line summary of trivial change
+
+        Optional main body of commit message. It might contain a sentence
+        or two explaining the trivial change.
+
+        CLA: trivial
+    ```
+
+    It is not sufficient to only place the text "`CLA: trivial`" in the GitHub
+    pull request description.
 
     [Contributor License Agreement]: <https://www.openssl.org/policies/cla.html>
 
@@ -32,8 +46,8 @@ guidelines:
 
     ```
         git commit --amend
-        [add the line, save and quit the editor]
-        git push -f
+        # add the line, save and quit the editor
+        git push -f [<repository> [<branch>]]
     ```
 
  2. All source files should start with the following text (with
@@ -53,22 +67,24 @@ guidelines:
     often. We do not accept merge commits, you will have to remove them
     (usually by rebasing) before it will be acceptable.
 
- 4. Patches should follow our [coding style] and compile without warnings.
+ 4. Code provided should follow our [coding style] and compile without warnings.
+    There is a [Perl tool](util/check-format.pl) that helps
+    finding code formatting mistakes and other coding style nits.
     Where `gcc` or `clang` is available, you should use the
     `--strict-warnings` `Configure` option.  OpenSSL compiles on many varied
-    platforms: try to ensure you only use portable features.  Clean builds via
-    GitHub Actions and AppVeyor are required, and they are started automatically
-    whenever a PR is created or updated.
+    platforms: try to ensure you only use portable features.
+    Clean builds via GitHub Actions are required. They are started automatically
+    whenever a PR is created or updated by committers.
 
     [coding style]: https://www.openssl.org/policies/technical/coding-style.html
 
- 5. When at all possible, patches should include tests. These can
+ 5. When at all possible, code contributions should include tests. These can
     either be added to an existing test, or completely new.  Please see
     [test/README.md](test/README.md) for information on the test framework.
 
  6. New features or changed functionality must include
-    documentation. Please look at the "pod" files in doc/man[1357] for
-    examples of our style. Run "make doc-nits" to make sure that your
+    documentation. Please look at the `.pod` files in `doc/man[1357]` for
+    examples of our style. Run `make doc-nits` to make sure that your
     documentation changes are clean.
 
  7. For user visible changes (API changes, behaviour changes, ...),
@@ -78,17 +94,9 @@ guidelines:
     Have a look through existing entries for inspiration.
     Please note that this is NOT simply a copy of git-log one-liners.
     Also note that security fixes get an entry in [CHANGES.md](CHANGES.md).
-    This file helps users get more in depth information of what comes
+    This file helps users get more in-depth information of what comes
     with a specific release without having to sift through the higher
     noise ratio in git-log.
 
- 8. For larger or more important user visible changes, as well as
-    security fixes, please add a line in [NEWS.md](NEWS.md).
-    On exception, it might be worth adding a multi-line entry (such as
-    the entry that announces all the types that became opaque with
-    OpenSSL 1.1.0).
-    This file helps users get a very quick summary of what comes with a
-    specific release, to see if an upgrade is worth the effort.
-
- 9. Guidelines how to integrate error output of new crypto library modules
+ 8. Guidelines how to integrate error output of new crypto library modules
     can be found in [crypto/err/README.md](crypto/err/README.md).

libs/openssl/Configurations/10-main.conf

@@ -821,12 +821,13 @@ my %targets = (
         asm_arch         => 'riscv32',
     },
 
-    # loongarch64 below refers to contemporary LOONGARCH Architecture
+    # loongarch64 below refers to contemporary LoongArch Architecture
     # specifications,
     "linux64-loongarch64" => {
         inherit_from     => [ "linux-generic64"],
         perlasm_scheme   => "linux64",
         asm_arch         => 'loongarch64',
+        lib_cppflags     => add("-DL_ENDIAN"),
     },
 
     #### IA-32 targets...
@@ -2124,5 +2125,15 @@ my %targets = (
         inherit_from     => [ "vms-generic" ],
         bn_ops           => "SIXTY_FOUR_BIT",
         pointer_size     => "",
+    },
+    "vms-x86_64-p32" => {
+        inherit_from     => [ "vms-x86_64" ],
+        cflags           => add("/POINTER_SIZE=32"),
+        pointer_size     => "32",
+    },
+    "vms-x86_64-p64" => {
+        inherit_from     => [ "vms-x86_64" ],
+        cflags           => add("/POINTER_SIZE=64=ARGV"),
+        pointer_size     => "64",
     }
 );

libs/openssl/Configurations/50-nonstop.conf

@@ -170,24 +170,6 @@
                              '_REENTRANT', '_THREAD_SUPPORT_FUNCTIONS'],
         ex_libs          => '-lput',
     },
-    'nonstop-model-spt' => {
-        template         => 1,
-        cflags           => add('-Wnowarn=140'),
-        defines          => ['_SPT_MODEL_',
-                             'SPT_THREAD_AWARE_NONBLOCK',
-                             '_REENTRANT'],
-        ex_libs          => '-lspt',
-    },
-
-    # Additional floss model that can be combined with any of the other models.
-    # If used without any of the other models, the entry that does so must
-    # disable threads.
-    'nonstop-model-floss' => {
-        template         => 1,
-        defines          => ['OPENSSL_TANDEM_FLOSS', '_ENABLE_FLOSS_THREADS'],
-        includes         => ['/usr/local/include'],
-        ex_libs          => '-lfloss',
-    },
 
     ######################################################################
     # Now for the entries themselves, let's combine things!
@@ -225,25 +207,6 @@
         multilib         => '64-put',
         multibin         => '64-put',
     },
-    'nonstop-nsx_spt' => {
-        inherit_from     => [ 'nonstop-common',
-                              'nonstop-archenv-x86_64-oss',
-                              'nonstop-ilp32',
-                              'nonstop-efloat-x86_64',
-                              'nonstop-model-spt' ],
-        multilib         => '-spt',
-        multibin         => '-spt',
-    },
-    'nonstop-nsx_spt_floss' => {
-        inherit_from     => [ 'nonstop-common',
-                              'nonstop-archenv-x86_64-oss',
-                              'nonstop-ilp32',
-                              'nonstop-efloat-x86_64',
-                              'nonstop-model-floss',
-                              'nonstop-model-spt'],
-        multilib         => '-spt',
-        multibin         => '-spt',
-    },
     'nonstop-nsx_g' => {
         inherit_from     => [ 'nonstop-common',
                               'nonstop-archenv-x86_64-guardian',
@@ -293,24 +256,6 @@
         multilib         => '64-put',
         multibin         => '64-put',
     },
-    'nonstop-nse_spt' => {
-        inherit_from     => [ 'nonstop-common',
-                              'nonstop-archenv-itanium-oss',
-                              'nonstop-ilp32',
-                              'nonstop-efloat-itanium',
-                              'nonstop-model-spt' ],
-        multilib         => '-spt',
-        multibin         => '-spt',
-    },
-    'nonstop-nse_spt_floss' => {
-        inherit_from     => [ 'nonstop-common',
-                              'nonstop-archenv-itanium-oss',
-                              'nonstop-ilp32',
-                              'nonstop-efloat-itanium',
-                              'nonstop-model-floss', 'nonstop-model-spt' ],
-        multilib         => '-spt',
-        multibin         => '-spt',
-    },
     'nonstop-nse_g' => {
         inherit_from     => [ 'nonstop-common',
                               'nonstop-archenv-itanium-guardian',

libs/openssl/Configurations/descrip.mms.tmpl

@@ -516,7 +516,8 @@ build_all_generated : $(GENERATED_MANDATORY) $(GENERATED) build_docs
 all : build_sw build_docs
 
 test : tests
-{- dependmagic('tests'); -} : build_programs_nodep, build_modules_nodep run_tests
+{- dependmagic('tests'); -} : build_programs_nodep, build_modules_nodep
+	$(MMS) $(MMSQUALIFIERS) run_tests
 run_tests :
         @ ! {- output_off() if $disabled{tests}; "" -}
         DEFINE SRCTOP "$(SRCDIR)"
@@ -748,13 +749,15 @@ vmsconfig.pm : configdata.pm
         WRITE CONFIG "  shlib_version => '","{- $config{shlib_version} -}","',"
         WRITE CONFIG "  shlib_major => '","{- $config{shlib_major} -}","',"
         WRITE CONFIG "  shlib_minor => '","{- $config{shlib_minor} -}","',"
-        WRITE CONFIG "  no_shared => '","{- $disabled{shared} -}","',"
         WRITE CONFIG "  INSTALLTOP => '$(INSTALLTOP)',"
         WRITE CONFIG "  OPENSSLDIR => '$(OPENSSLDIR)',"
+        WRITE CONFIG ");"
+        WRITE CONFIG "our %target = ("
         WRITE CONFIG "  pointer_size => '","{- $target{pointer_size} -}","',"
         WRITE CONFIG ");"
-        WRITE CONFIG "our %target = ();"
-        WRITE CONFIG "our %disabled = ();"
+        WRITE CONFIG "our %disabled = ("
+        WRITE CONFIG "  shared => '","{- $disabled{shared} -}","',"
+        WRITE CONFIG ");"
         WRITE CONFIG "our %withargs = ();"
         WRITE CONFIG "our %unified_info = ();"
         WRITE CONFIG "1;"

libs/openssl/Configurations/unix-Makefile.tmpl

@@ -544,8 +544,9 @@ help: ## Show this help screen
 
 ##@ Testing
 test: tests ## Run tests (alias of "tests")
-{- dependmagic('tests', 'Run tests'); -}: build_programs_nodep build_modules_nodep link-utils run_tests
-run_tests:
+{- dependmagic('tests', 'Run tests'); -}: build_programs_nodep build_modules_nodep link-utils
+	$(MAKE) run_tests
+run_tests: FORCE
 	@ : {- output_off() if $disabled{tests}; "" -}
 	( SRCTOP=$(SRCDIR) \
 	  BLDTOP=$(BLDDIR) \
@@ -1363,18 +1364,16 @@ renumber: build_generated
                 --renumber \
                 $(SSLHEADERS)
 
-$(SRCDIR)/util/libcrypto.num: $(CRYPTOHEADERS) $(SRCDIR)/include/openssl/symhacks.h
+.PHONY: ordinals
+ordinals: build_generated
 	$(PERL) $(SRCDIR)/util/mknum.pl --version $(VERSION_NUMBER) --no-warnings \
                 --ordinals $(SRCDIR)/util/libcrypto.num \
                 --symhacks $(SRCDIR)/include/openssl/symhacks.h \
                 $(CRYPTOHEADERS)
-$(SRCDIR)/util/libssl.num: $(SSLHEADERS) $(SRCDIR)/include/openssl/symhacks.h
 	$(PERL) $(SRCDIR)/util/mknum.pl --version $(VERSION_NUMBER) --no-warnings \
                 --ordinals $(SRCDIR)/util/libssl.num \
                 --symhacks $(SRCDIR)/include/openssl/symhacks.h \
                 $(SSLHEADERS)
-.PHONY: ordinals
-ordinals: build_generated $(SRCDIR)/util/libcrypto.num $(SRCDIR)/util/libssl.num
 
 test_ordinals:
 	$(MAKE) run_tests TESTS=test_ordinals

libs/openssl/Configurations/windows-makefile.tmpl

@@ -440,6 +440,8 @@ all: build_sw {- "build_docs" if !$disabled{docs}; -}
 
 test: tests
 {- dependmagic('tests'); -}: build_programs_nodep build_modules_nodep copy-utils
+	$(MAKE) /$(MAKEFLAGS) run_tests
+run_tests:
 	@{- output_off() if $disabled{tests}; "\@rem" -}
 	cmd /C "set "SRCTOP=$(SRCDIR)" & set "BLDTOP=$(BLDDIR)" & set "PERL=$(PERL)" & set "FIPSKEY=$(FIPSKEY)" & "$(PERL)" "$(SRCDIR)\test\run_tests.pl" $(TESTS)"
 	@{- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -}

libs/openssl/Configure

@@ -1891,11 +1891,12 @@ if ($builder eq "unified") {
         my $base = shift;
         my $dir = shift;
         my $relativeto = shift || ".";
+        my $no_mkpath = shift // 0;
 
         $dir = catdir($base,$dir) unless isabsolute($dir);
 
         # Make sure the directories we're building in exists
-        mkpath($dir);
+        mkpath($dir) unless $no_mkpath;
 
         my $res = abs2rel(absolutedir($dir), rel2abs($relativeto));
         #print STDERR "DEBUG[cleandir]: $dir , $base => $res\n";
@@ -1906,6 +1907,7 @@ if ($builder eq "unified") {
         my $base = shift;
         my $file = shift;
         my $relativeto = shift || ".";
+        my $no_mkpath = shift // 0;
 
         $file = catfile($base,$file) unless isabsolute($file);
 
@@ -1913,7 +1915,7 @@ if ($builder eq "unified") {
         my $f = basename($file);
 
         # Make sure the directories we're building in exists
-        mkpath($d);
+        mkpath($d) unless $no_mkpath;
 
         my $res = abs2rel(catfile(absolutedir($d), $f), rel2abs($relativeto));
         #print STDERR "DEBUG[cleanfile]: $d , $f => $res\n";
@@ -1943,7 +1945,7 @@ if ($builder eq "unified") {
     }
     # Then, look in our standard directory
     push @build_file_templates,
-        ( map { cleanfile($srcdir, catfile("Configurations", $_), $blddir) }
+        ( map { cleanfile($srcdir, catfile("Configurations", $_), $blddir, 1) }
           @build_file_template_names );
 
     my $build_file_template;
@@ -1958,7 +1960,7 @@ if ($builder eq "unified") {
     }
     $config{build_file_templates}
       = [ cleanfile($srcdir, catfile("Configurations", "common0.tmpl"),
-                    $blddir),
+                    $blddir, 1),
            $build_file_template ];
 
     my @build_dirs = ( [ ] );   # current directory
@@ -1967,7 +1969,7 @@ if ($builder eq "unified") {
 
     # We want to detect configdata.pm in the source tree, so we
     # don't use it if the build tree is different.
-    my $src_configdata = cleanfile($srcdir, "configdata.pm", $blddir);
+    my $src_configdata = cleanfile($srcdir, "configdata.pm", $blddir, 1);
 
     # Any source file that we recognise is placed in this hash table, with
     # the list of its intended destinations as value.  When everything has
@@ -2320,7 +2322,7 @@ EOF
             my $dest = $_;
             my $ddest = cleanfile($buildd, $_, $blddir);
             foreach (@{$sources{$dest}}) {
-                my $s = cleanfile($sourced, $_, $blddir);
+                my $s = cleanfile($sourced, $_, $blddir, 1);
 
                 # If it's generated or we simply don't find it in the source
                 # tree, we assume it's in the build tree.
@@ -2365,7 +2367,7 @@ EOF
             my $dest = $_;
             my $ddest = cleanfile($buildd, $_, $blddir);
             foreach (@{$shared_sources{$dest}}) {
-                my $s = cleanfile($sourced, $_, $blddir);
+                my $s = cleanfile($sourced, $_, $blddir, 1);
 
                 # If it's generated or we simply don't find it in the source
                 # tree, we assume it's in the build tree.
@@ -2420,7 +2422,7 @@ EOF
                 if scalar @{$generate{$_}} > 1;
             my @generator = split /\s+/, $generate{$dest}->[0];
             my $gen = $generator[0];
-            $generator[0] = cleanfile($sourced, $gen, $blddir);
+            $generator[0] = cleanfile($sourced, $gen, $blddir, 1);
 
             # If the generator is itself generated, it's in the build tree
             if ($generate{$gen} || ! -f $generator[0]) {
@@ -2446,7 +2448,7 @@ EOF
             } elsif ($dest eq '') {
                 $ddest = '';
             } else {
-                $ddest = cleanfile($sourced, $dest, $blddir);
+                $ddest = cleanfile($sourced, $dest, $blddir, 1);
 
                 # If the destination doesn't exist in source, it can only be
                 # a generated file in the build tree.
@@ -2471,12 +2473,12 @@ EOF
                     && $f =~ m/^(.*?)\|(.*)$/) {
                     $i = $1;
                     $m = $2;
-                    $i = cleanfile($sourced, $i, $blddir);
+                    $i = cleanfile($sourced, $i, $blddir, 1);
                     $i2 = cleanfile($buildd, $i, $blddir);
-                    $d = cleanfile($sourced, "$i/$m", $blddir);
+                    $d = cleanfile($sourced, "$i/$m", $blddir, 1);
                     $d2 = cleanfile($buildd, "$i/$m", $blddir);
                 } else {
-                    $d = cleanfile($sourced, $f, $blddir);
+                    $d = cleanfile($sourced, $f, $blddir, 1);
                     $d2 = cleanfile($buildd, $f, $blddir);
                 }
 
@@ -2507,7 +2509,7 @@ EOF
 
         foreach (keys %includes) {
             my $dest = $_;
-            my $ddest = cleanfile($sourced, $_, $blddir);
+            my $ddest = cleanfile($sourced, $_, $blddir, 1);
 
             # If the destination doesn't exist in source, it can only be
             # a generated file in the build tree.
@@ -2515,7 +2517,7 @@ EOF
                 $ddest = cleanfile($buildd, $_, $blddir);
             }
             foreach (@{$includes{$dest}}) {
-                my $is = cleandir($sourced, $_, $blddir);
+                my $is = cleandir($sourced, $_, $blddir, 1);
                 my $ib = cleandir($buildd, $_, $blddir);
                 push @{$unified_info{includes}->{$ddest}->{source}}, $is
                     unless grep { $_ eq $is } @{$unified_info{includes}->{$ddest}->{source}};
@@ -2528,7 +2530,7 @@ EOF
             my $ddest;
 
             if ($dest ne "") {
-                $ddest = cleanfile($sourced, $dest, $blddir);
+                $ddest = cleanfile($sourced, $dest, $blddir, 1);
 
                 # If the destination doesn't exist in source, it can only
                 # be a generated file in the build tree.
@@ -2912,7 +2914,7 @@ my %template_vars = (
 my $configdata_outname = 'configdata.pm';
 open CONFIGDATA, ">$configdata_outname.new"
     or die "Trying to create $configdata_outname.new: $!";
-my $configdata_tmplname = cleanfile($srcdir, "configdata.pm.in", $blddir);
+my $configdata_tmplname = cleanfile($srcdir, "configdata.pm.in", $blddir, 1);
 my $configdata_tmpl =
     OpenSSL::Template->new(TYPE => 'FILE', SOURCE => $configdata_tmplname);
 $configdata_tmpl->fill_in(

libs/openssl/NEWS.md

@@ -20,6 +20,24 @@ OpenSSL Releases
 OpenSSL 3.2
 -----------
 
+### Major changes between OpenSSL 3.2.0 and OpenSSL 3.2.1 [30 Jan 2024]
+
+OpenSSL 3.2.1 is a security patch release. The most severe CVE fixed in this
+release is Low.
+
+This release incorporates the following bug fixes and mitigations:
+
+  * Fixed PKCS12 Decoding crashes
+    ([CVE-2024-0727])
+  * Fixed excessive time spent checking invalid RSA public keys
+    ([CVE-2023-6237])
+  * Fixed POLY1305 MAC implementation corrupting vector registers on PowerPC
+    CPUs which support PowerISA 2.07
+    ([CVE-2023-6129])
+  * Fixed excessive time spent in DH check / generation with large Q parameter
+    value
+    [(CVE-2023-5678)]
+
 ### Major changes between OpenSSL 3.1 and OpenSSL 3.2.0 [23 Nov 2023]
 
 OpenSSL 3.2.0 is a feature release adding significant new functionality to
@@ -107,11 +125,6 @@ tracker][issue tracker].
 OpenSSL 3.1
 -----------
 
-### Major changes between OpenSSL 3.1.4 and OpenSSL 3.1.5 [under development]
-
-  * Fix excessive time spent in DH check / generation with large Q parameter
-    value ([CVE-2023-5678])
-
 ### Major changes between OpenSSL 3.1.3 and OpenSSL 3.1.4 [24 Oct 2023]
 
   * Mitigate incorrect resize handling for symmetric cipher keys and IVs.
@@ -1567,6 +1580,9 @@ OpenSSL 0.9.x
 
 <!-- Links -->
 
+[CVE-2024-0727]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-0727
+[CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237
+[CVE-2023-6129]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6129
 [CVE-2023-5678]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5678
 [CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363
 [CVE-2023-4807]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-4807

libs/openssl/NOTES-NONSTOP.md

@@ -26,15 +26,16 @@ is the only FLOSS variant that has been broadly tested.
 Threading Models
 ----------------
 
-OpenSSL can be built using unthreaded, POSIX User Threads (PUT), or Standard
-POSIX Threads (SPT). Select the following build configuration for each on
-the TNS/X (L-Series) platform:
+OpenSSL can be built either using the POSIX User Threads (PUT) threading model,
+or with threading support disabled. Select the following build configuration
+for each on the TNS/X (L-Series) platform:
 
- * `nonstop-nsx` or default will select an unthreaded build.
+ * `nonstop-nsx` or default will select an unthreaded 32-bit build.
+ * `nonstop-nsx_64` selects an unthreaded 64-bit memory and file length build.
  * `nonstop-nsx_put` selects the PUT build.
- * `nonstop-nsx_64_put` selects the 64 bit file length PUT build.
- * `nonstop-nsx_spt_floss` selects the SPT build with FLOSS. FLOSS is
-   required for SPT builds because of a known hang when using SPT on its own.
+ * `nonstop-nsx_64_put` selects the 64-bit memory and file length PUT build.
+
+The SPT threading model is no longer supported as of OpenSSL 3.2.
 
 ### TNS/E Considerations
 
@@ -145,9 +146,7 @@ update this list:
 - nonstop-nsx_64_put
 
 **Note:** Cross-compile builds for TNS/E have not been attempted, but should
-follow the same considerations as for TNS/X above. SPT builds generally require
-FLOSS, which is not available for workstation builds. As a result, SPT builds
-of OpenSSL cannot be cross-compiled.
+follow the same considerations as for TNS/X above.
 
 Also see the NSDEE discussion below for more historical information.
 
@@ -223,9 +222,6 @@ assumes that your PWD is set according to your installation standards.
     ./Configure nonstop-nsx_put       --prefix=${PWD} \
         --openssldir=${PWD}/ssl threads "-D_REENTRANT" \
         --with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
-    ./Configure nonstop-nsx_spt_floss --prefix=${PWD} \
-        --openssldir=${PWD}/ssl threads "-D_REENTRANT" \
-        --with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
     ./Configure nonstop-nsx_64        --prefix=${PWD} \
         --openssldir=${PWD}/ssl no-threads \
         --with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
@@ -245,9 +241,6 @@ assumes that your PWD is set according to your installation standards.
     ./Configure nonstop-nse_put       --prefix=${PWD} \
         --openssldir=${PWD}/ssl threads "-D_REENTRANT" \
         --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
-    ./Configure nonstop-nse_spt_floss --prefix=${PWD} \
-        --openssldir=${PWD}/ssl threads "-D_REENTRANT" \
-        --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
     ./Configure nonstop-nse_64        --prefix=${PWD} \
         --openssldir=${PWD}/ssl no-threads \
         --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}

libs/openssl/README.md

@@ -199,7 +199,7 @@ attempting to develop or distribute cryptographic code.
 Copyright
 =========
 
-Copyright (c) 1998-2023 The OpenSSL Project Authors
+Copyright (c) 1998-2024 The OpenSSL Project Authors
 
 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
 

libs/openssl/VERSION.dat

@@ -1,7 +1,7 @@
 MAJOR=3
 MINOR=2
-PATCH=0
+PATCH=1
 PRE_RELEASE_TAG=
 BUILD_METADATA=
-RELEASE_DATE="23 Nov 2023"
+RELEASE_DATE="30 Jan 2024"
 SHLIB_VERSION=3

libs/openssl/VMS/openssl_ivp.com.in

@@ -21,9 +21,9 @@ $	@'INSTALLTOP_'SYS$STARTUP]openssl_startup'v'
 $	@'INSTALLTOP_'SYS$STARTUP]openssl_utils'v'
 $
 $	IF F$SEARCH("OSSL$LIBCRYPTO''pz'") .EQS. "" -
-           .OR. F$SEARCH("OSSL$LIBSSL''pz'") .EQS. "" {- output_off() if $config{no_shared}; "" -}-
+           .OR. F$SEARCH("OSSL$LIBSSL''pz'") .EQS. "" {- output_off() if $disabled{shared}; "" -}-
            .OR. F$SEARCH("OSSL$LIBCRYPTO_SHR''pz'") .EQS. "" -
-           .OR. F$SEARCH("OSSL$LIBSSL_SHR''pz'") .EQS. "" {- output_on() if $config{no_shared}; "" -}-
+           .OR. F$SEARCH("OSSL$LIBSSL_SHR''pz'") .EQS. "" {- output_on() if $disabled{shared}; "" -}-
            .OR. F$SEARCH("OSSL$INCLUDE:[OPENSSL]crypto.h") .EQS. "" -
            .OR. F$SEARCH("OPENSSL:crypto.h") .EQS. "" -
            .OR. F$SEARCH("OSSL$EXE:OPENSSL''v'.EXE") .EQS. ""

libs/openssl/VMS/openssl_shutdown.com.in

@@ -39,19 +39,19 @@ $	DEAS OSSL$MODULES'pz'
 $	DEAS OSSL$EXE
 $	DEAS OSSL$LIBCRYPTO'pz'
 $	DEAS OSSL$LIBSSL'pz'
-${- output_off() if $config{no_shared}; "" -}
+${- output_off() if $disabled{shared}; "" -}
 $	DEAS OSSL$LIBCRYPTO'sv'_SHR'pz'
 $	DEAS OSSL$LIBSSL'sv'_SHR'pz'
-${- output_on() if $config{no_shared}; "" -}
+${- output_on() if $disabled{shared}; "" -}
 $	DEAS OPENSSL
 $
 $	IF P2 .NES. "NOALIASES"
 $	THEN
 $	    DEAS OSSL$ENGINES'pz'
-${- output_off() if $config{no_shared}; "" -}
+${- output_off() if $disabled{shared}; "" -}
 $	    DEAS OSSL$LIBCRYPTO_SHR'pz'
 $	    DEAS OSSL$LIBSSL_SHR'pz'
-${- output_on() if $config{no_shared}; "" -}
+${- output_on() if $disabled{shared}; "" -}
 $	ENDIF
 $
 $	EXIT 'status'

libs/openssl/VMS/openssl_startup.com.in

@@ -103,19 +103,19 @@ $	DEF  OSSL$EXE			OSSL$INSTROOT:[EXE.'arch'],-
 					OSSL$INSTROOT:[EXE]
 $	DEF  OSSL$LIBCRYPTO'pz'		OSSL$LIB:OSSL$LIBCRYPTO'pz'.OLB
 $	DEF  OSSL$LIBSSL'pz'		OSSL$LIB:OSSL$LIBSSL'pz'.OLB
-${- output_off() if $config{no_shared}; "" -}
+${- output_off() if $disabled{shared}; "" -}
 $	DEF  OSSL$LIBCRYPTO'sv'_SHR'pz'	OSSL$SHARE:OSSL$LIBCRYPTO'sv'_SHR'pz'.EXE
 $	DEF  OSSL$LIBSSL'sv'_SHR'pz'	OSSL$SHARE:OSSL$LIBSSL'sv'_SHR'pz'.EXE
-${- output_on() if $config{no_shared}; "" -}
+${- output_on() if $disabled{shared}; "" -}
 $	DEF  OPENSSL			OSSL$INCLUDE:[OPENSSL]
 $
 $	IF P2 .NES. "NOALIASES"
 $	THEN
 $	    DEF OSSL$ENGINES'pz'	OSSL$ENGINES'sv''pz'
-${- output_off() if $config{no_shared}; "" -}
+${- output_off() if $disabled{shared}; "" -}
 $	    DEF OSSL$LIBCRYPTO_SHR'pz'	OSSL$LIBCRYPTO'sv'_SHR'pz'
 $	    DEF OSSL$LIBSSL_SHR'pz'	OSSL$LIBSSL'sv'_SHR'pz'
-${- output_on() if $config{no_shared}; "" -}
+${- output_on() if $disabled{shared}; "" -}
 $	ENDIF
 $
 $ bailout:

libs/openssl/apps/asn1parse.c

@@ -178,7 +178,7 @@ int asn1parse_main(int argc, char **argv)
 
     if ((buf = BUF_MEM_new()) == NULL)
         goto end;
-    if (informat == FORMAT_PEM) {
+    if (genconf == NULL && genstr == NULL && informat == FORMAT_PEM) {
         if (PEM_read_bio(in, &name, &header, &str, &num) != 1) {
             BIO_printf(bio_err, "Error reading PEM file\n");
             ERR_print_errors(bio_err);

libs/openssl/apps/cms.c

@@ -628,7 +628,8 @@ int cms_main(int argc, char **argv)
                                  "recipient certificate file");
                 if (cert == NULL)
                     goto end;
-                sk_X509_push(encerts, cert);
+                if (!sk_X509_push(encerts, cert))
+                    goto end;
                 cert = NULL;
             } else {
                 recipfile = opt_arg();
@@ -837,7 +838,8 @@ int cms_main(int argc, char **argv)
                              "recipient certificate file");
             if (cert == NULL)
                 goto end;
-            sk_X509_push(encerts, cert);
+            if (!sk_X509_push(encerts, cert))
+                goto end;
             cert = NULL;
         }
     }
@@ -1447,6 +1449,7 @@ static CMS_ReceiptRequest
                       STACK_OF(OPENSSL_STRING) *rr_from)
 {
     STACK_OF(GENERAL_NAMES) *rct_to = NULL, *rct_from = NULL;
+    CMS_ReceiptRequest *rr;
 
     rct_to = make_names_stack(rr_to);
     if (rct_to == NULL)
@@ -1458,10 +1461,14 @@ static CMS_ReceiptRequest
     } else {
         rct_from = NULL;
     }
-    return CMS_ReceiptRequest_create0_ex(NULL, -1, rr_allorfirst, rct_from,
-                                         rct_to, app_get0_libctx());
+    rr = CMS_ReceiptRequest_create0_ex(NULL, -1, rr_allorfirst, rct_from,
+                                       rct_to, app_get0_libctx());
+    if (rr == NULL)
+        goto err;
+    return rr;
  err:
     sk_GENERAL_NAMES_pop_free(rct_to, GENERAL_NAMES_free);
+    sk_GENERAL_NAMES_pop_free(rct_from, GENERAL_NAMES_free);
     return NULL;
 }
 

libs/openssl/apps/errstr.c

@@ -62,7 +62,7 @@ int errstr_main(int argc, char **argv)
     /* All remaining arg are error code. */
     ret = 0;
     for (argv = opt_rest(); *argv != NULL; argv++) {
-        if (sscanf(*argv, "%lx", &l) == 0) {
+        if (sscanf(*argv, "%lx", &l) <= 0) {
             ret++;
         } else {
             ERR_error_string_n(l, buf, sizeof(buf));

libs/openssl/apps/lib/opt.c

@@ -726,7 +726,12 @@ int opt_verify(int opt, X509_VERIFY_PARAM *vpm)
             opt_printf_stderr("%s: Invalid Policy %s\n", prog, opt_arg());
             return 0;
         }
-        X509_VERIFY_PARAM_add0_policy(vpm, otmp);
+        if (!X509_VERIFY_PARAM_add0_policy(vpm, otmp)) {
+            ASN1_OBJECT_free(otmp);
+            opt_printf_stderr("%s: Internal error adding Policy %s\n",
+                              prog, opt_arg());
+            return 0;
+        }
         break;
     case OPT_V_PURPOSE:
         /* purpose name -> purpose index */

libs/openssl/apps/lib/s_socket.c

@@ -208,7 +208,7 @@ int init_client(int *sock, const char *host, const char *port,
 
         hostname = BIO_ADDR_hostname_string(BIO_ADDRINFO_address(ai), 1);
         if (hostname != NULL) {
-            BIO_printf(bio_out, "Connecting to %s\n", hostname);
+            BIO_printf(bio_err, "Connecting to %s\n", hostname);
             OPENSSL_free(hostname);
         }
         /* Remove any stale errors from previous connection attempts */

libs/openssl/apps/list.c

@@ -1238,6 +1238,9 @@ static void list_provider_info(void)
     sk_OSSL_PROVIDER_sort(providers);
     for (i = 0; i < sk_OSSL_PROVIDER_num(providers); i++) {
         const OSSL_PROVIDER *prov = sk_OSSL_PROVIDER_value(providers, i);
+        const char *provname = OSSL_PROVIDER_get0_name(prov);
+
+        BIO_printf(bio_out, "  %s\n", provname);
 
         /* Query the "known" information parameters, the order matches below */
         params[0] = OSSL_PARAM_construct_utf8_ptr(OSSL_PROV_PARAM_NAME,
@@ -1250,23 +1253,23 @@ static void list_provider_info(void)
         params[4] = OSSL_PARAM_construct_end();
         OSSL_PARAM_set_all_unmodified(params);
         if (!OSSL_PROVIDER_get_params(prov, params)) {
-            BIO_printf(bio_err, "ERROR: Unable to query provider parameters\n");
-            return;
-        }
-
-        /* Print out the provider information, the params order matches above */
-        BIO_printf(bio_out, "  %s\n", OSSL_PROVIDER_get0_name(prov));
-        if (OSSL_PARAM_modified(params))
-            BIO_printf(bio_out, "    name: %s\n", name);
-        if (OSSL_PARAM_modified(params + 1))
-            BIO_printf(bio_out, "    version: %s\n", version);
-        if (OSSL_PARAM_modified(params + 2))
-            BIO_printf(bio_out, "    status: %sactive\n", status ? "" : "in");
-        if (verbose) {
-            if (OSSL_PARAM_modified(params + 3))
-                BIO_printf(bio_out, "    build info: %s\n", buildinfo);
-            print_param_types("gettable provider parameters",
-                              OSSL_PROVIDER_gettable_params(prov), 4);
+            BIO_printf(bio_err,
+                       "WARNING: Unable to query provider parameters for %s\n",
+                       provname);
+        } else {
+            /* Print out the provider information, the params order matches above */
+            if (OSSL_PARAM_modified(params))
+                BIO_printf(bio_out, "    name: %s\n", name);
+            if (OSSL_PARAM_modified(params + 1))
+                BIO_printf(bio_out, "    version: %s\n", version);
+            if (OSSL_PARAM_modified(params + 2))
+                BIO_printf(bio_out, "    status: %sactive\n", status ? "" : "in");
+            if (verbose) {
+                if (OSSL_PARAM_modified(params + 3))
+                    BIO_printf(bio_out, "    build info: %s\n", buildinfo);
+                print_param_types("gettable provider parameters",
+                                  OSSL_PROVIDER_gettable_params(prov), 4);
+            }
         }
     }
     sk_OSSL_PROVIDER_free(providers);

libs/openssl/apps/pkcs12.c

@@ -14,7 +14,6 @@
 #include <string.h>
 #include "apps.h"
 #include "progs.h"
-#include <openssl/conf.h>
 #include <openssl/asn1.h>
 #include <openssl/crypto.h>
 #include <openssl/err.h>
@@ -535,7 +534,6 @@ int pkcs12_main(int argc, char **argv)
         EVP_MD *macmd = NULL;
         unsigned char *catmp = NULL;
         int i;
-        CONF *conf = NULL;
         ASN1_OBJECT *obj = NULL;
 
         if ((options & (NOCERTS | NOKEYS)) == (NOCERTS | NOKEYS)) {
@@ -681,12 +679,6 @@ int pkcs12_main(int argc, char **argv)
         if (!twopass)
             OPENSSL_strlcpy(macpass, pass, sizeof(macpass));
 
-        /* Load the config file */
-        if ((conf = app_load_config(default_config_file)) == NULL)
-            goto export_end;
-        if (!app_load_modules(conf))
-            goto export_end;
-
         if (jdktrust != NULL) {
             obj = OBJ_txt2obj(jdktrust, 0);
         }
@@ -731,7 +723,6 @@ int pkcs12_main(int argc, char **argv)
         OSSL_STACK_OF_X509_free(certs);
         OSSL_STACK_OF_X509_free(untrusted_certs);
         X509_free(ee_cert);
-        NCONF_free(conf);
         ASN1_OBJECT_free(obj);
         ERR_print_errors(bio_err);
         goto end;

libs/openssl/apps/rehash.c

@@ -45,9 +45,6 @@
 # ifndef PATH_MAX
 #  define PATH_MAX 4096
 # endif
-# ifndef NAME_MAX
-#  define NAME_MAX 255
-# endif
 # define MAX_COLLISIONS  256
 
 # if defined(OPENSSL_SYS_VXWORKS)
@@ -356,10 +353,10 @@ static int do_dir(const char *dirname, enum Hash h)
     struct stat st;
     unsigned char idmask[MAX_COLLISIONS / 8];
     int n, numfiles, nextid, dirlen, buflen, errs = 0;
-    size_t i;
+    size_t i, fname_max_len = 20; /* maximum length of "%08x.r%d" */
     const char *pathsep = "";
     const char *filename;
-    char *buf, *copy = NULL;
+    char *buf = NULL, *copy = NULL;
     STACK_OF(OPENSSL_STRING) *files = NULL;
 
     if (app_access(dirname, W_OK) < 0) {
@@ -371,8 +368,6 @@ static int do_dir(const char *dirname, enum Hash h)
         pathsep = "/";
         dirlen++;
     }
-    buflen = dirlen + NAME_MAX + 1;
-    buf = app_malloc(buflen, "filename buffer");
 
     if (verbose)
         BIO_printf(bio_out, "Doing %s\n", dirname);
@@ -383,17 +378,25 @@ static int do_dir(const char *dirname, enum Hash h)
         goto err;
     }
     while ((filename = OPENSSL_DIR_read(&d, dirname)) != NULL) {
+        size_t fname_len = strlen(filename);
+
         if ((copy = OPENSSL_strdup(filename)) == NULL
                 || sk_OPENSSL_STRING_push(files, copy) == 0) {
             OPENSSL_free(copy);
+            OPENSSL_DIR_end(&d);
             BIO_puts(bio_err, "out of memory\n");
             errs = 1;
             goto err;
         }
+        if (fname_len > fname_max_len)
+            fname_max_len = fname_len;
     }
     OPENSSL_DIR_end(&d);
     sk_OPENSSL_STRING_sort(files);
 
+    buflen = dirlen + fname_max_len + 1;
+    buf = app_malloc(buflen, "filename buffer");
+
     numfiles = sk_OPENSSL_STRING_num(files);
     for (n = 0; n < numfiles; ++n) {
         filename = sk_OPENSSL_STRING_value(files, n);

libs/openssl/apps/req.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -704,7 +704,7 @@ int req_main(int argc, char **argv)
             }
             goto end;
         }
-        BIO_free(out);
+        BIO_free_all(out);
         out = NULL;
         BIO_printf(bio_err, "-----\n");
     }

libs/openssl/apps/s_server.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -1714,6 +1714,11 @@ int s_server_main(int argc, char *argv[])
         BIO_printf(bio_err, "Can only use -listen with DTLS\n");
         goto end;
     }
+
+    if (rev && socket_type == SOCK_DGRAM) {
+        BIO_printf(bio_err, "Can't use -rev with DTLS\n");
+        goto end;
+    }
 #endif
 
     if (tfo && socket_type != SOCK_STREAM) {

libs/openssl/apps/smime.c

@@ -484,7 +484,8 @@ int smime_main(int argc, char **argv)
                              "recipient certificate file");
             if (cert == NULL)
                 goto end;
-            sk_X509_push(encerts, cert);
+            if (!sk_X509_push(encerts, cert))
+                goto end;
             cert = NULL;
             argv++;
         }

libs/openssl/crypto/aes/build.info

@@ -38,7 +38,11 @@ IF[{- !$disabled{asm} -}]
   $AESASM_parisc20_64=$AESASM_parisc11
   $AESDEF_parisc20_64=$AESDEF_parisc11
 
-  $AESASM_ppc32=aes_core.c aes_cbc.c aes-ppc.s vpaes-ppc.s aesp8-ppc.s
+  IF[{- $target{sys_id} ne "AIX" && $target{sys_id} ne "MACOSX" -}]
+    $AESASM_ppc32=aes_core.c aes_cbc.c aes-ppc.s vpaes-ppc.s aesp8-ppc.s
+  ELSE
+    $AESASM_ppc32=aes_core.c aes_cbc.c aes-ppc.s vpaes-ppc.s
+  ENDIF
   $AESDEF_ppc32=AES_ASM VPAES_ASM
   $AESASM_ppc64=$AESASM_ppc32
   $AESDEF_ppc64=$AESDEF_ppc32

libs/openssl/crypto/asn1/a_mbstr.c

@@ -139,7 +139,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
     if (*out) {
         free_out = 0;
         dest = *out;
-        ASN1_STRING_set0(dest,  NULL, 0);
+        ASN1_STRING_set0(dest, NULL, 0);
         dest->type = str_type;
     } else {
         free_out = 1;
@@ -153,6 +153,10 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
     /* If both the same type just copy across */
     if (inform == outform) {
         if (!ASN1_STRING_set(dest, in, len)) {
+            if (free_out) {
+                ASN1_STRING_free(dest);
+                *out = NULL;
+            }
             ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB);
             return -1;
         }
@@ -183,8 +187,10 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
         break;
     }
     if ((p = OPENSSL_malloc(outlen + 1)) == NULL) {
-        if (free_out)
+        if (free_out) {
             ASN1_STRING_free(dest);
+            *out = NULL;
+        }
         return -1;
     }
     dest->length = outlen;

libs/openssl/crypto/asn1/a_time.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -295,16 +295,22 @@ ASN1_TIME *ossl_asn1_time_from_tm(ASN1_TIME *s, struct tm *ts, int type)
     tmps->type = type;
     p = (char*)tmps->data;
 
-    if (type == V_ASN1_GENERALIZEDTIME)
+    if (ts->tm_mon > INT_MAX - 1)
+        goto err;
+
+    if (type == V_ASN1_GENERALIZEDTIME) {
+        if (ts->tm_year > INT_MAX - 1900)
+            goto err;
         tmps->length = BIO_snprintf(p, len, "%04d%02d%02d%02d%02d%02dZ",
                                     ts->tm_year + 1900, ts->tm_mon + 1,
                                     ts->tm_mday, ts->tm_hour, ts->tm_min,
                                     ts->tm_sec);
-    else
+    } else {
         tmps->length = BIO_snprintf(p, len, "%02d%02d%02d%02d%02d%02dZ",
                                     ts->tm_year % 100, ts->tm_mon + 1,
                                     ts->tm_mday, ts->tm_hour, ts->tm_min,
                                     ts->tm_sec);
+    }
 
 #ifdef CHARSET_EBCDIC
     ebcdic2ascii(tmps->data, tmps->data, tmps->length);

libs/openssl/crypto/asn1/asn_moid.c

@@ -67,6 +67,10 @@ static int do_create(const char *value, const char *name)
     if (p == NULL) {
         ln = name;
         ostr = value;
+    } else if (p == value) {
+        /* we started with a leading comma */
+        ln = name;
+        ostr = p + 1;
     } else {
         ln = value;
         ostr = p + 1;

libs/openssl/crypto/asn1/asn_mstbl.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2012-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -72,6 +72,8 @@ static int do_tcreate(const char *value, const char *name)
         goto err;
     for (i = 0; i < sk_CONF_VALUE_num(lst); i++) {
         cnf = sk_CONF_VALUE_value(lst, i);
+        if (cnf->value == NULL)
+            goto err;
         if (strcmp(cnf->name, "min") == 0) {
             tbl_min = strtoul(cnf->value, &eptr, 0);
             if (*eptr)
@@ -98,7 +100,9 @@ static int do_tcreate(const char *value, const char *name)
     if (rv == 0) {
         if (cnf)
             ERR_raise_data(ERR_LIB_ASN1, ASN1_R_INVALID_STRING_TABLE_VALUE,
-                           "field=%s, value=%s", cnf->name, cnf->value);
+                           "field=%s, value=%s", cnf->name,
+                                                 cnf->value != NULL ? cnf->value
+                                                 : value);
         else
             ERR_raise_data(ERR_LIB_ASN1, ASN1_R_INVALID_STRING_TABLE_VALUE,
                            "name=%s, value=%s", name, value);

libs/openssl/crypto/bio/bio_sock.c

@@ -354,7 +354,7 @@ int BIO_socket_nbio(int s, int mode)
     int l;
 
     l = mode;
-# if defined(FIONBIO) && !defined(OPENSSL_SYS_TANDEM)
+# ifdef FIONBIO
     l = mode;
 
     ret = BIO_socket_ioctl(s, FIONBIO, &l);

libs/openssl/crypto/bio/bss_dgram.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2005-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -61,6 +61,11 @@
 #   define NO_RECVMMSG
 #  endif
 # endif
+# if defined(__GNU__)
+   /* GNU/Hurd does not have IP_PKTINFO yet */
+   #undef NO_RECVMSG
+   #define NO_RECVMSG
+# endif
 # if !defined(M_METHOD)
 #  if defined(OPENSSL_SYS_WINDOWS) && defined(BIO_HAVE_WSAMSG) && !defined(NO_WSARECVMSG)
 #   define M_METHOD  M_METHOD_WSARECVMSG

libs/openssl/crypto/bn/bn_gf2m.c

@@ -730,14 +730,20 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
 {
     BIGNUM *b = NULL;
     int ret = 0;
+    int numbits;
 
     BN_CTX_start(ctx);
     if ((b = BN_CTX_get(ctx)) == NULL)
         goto err;
 
+    /* Fail on a non-sensical input p value */
+    numbits = BN_num_bits(p);
+    if (numbits <= 1)
+        goto err;
+
     /* generate blinding value */
     do {
-        if (!BN_priv_rand_ex(b, BN_num_bits(p) - 1,
+        if (!BN_priv_rand_ex(b, numbits - 1,
                              BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, 0, ctx))
             goto err;
     } while (BN_is_zero(b));

libs/openssl/crypto/bn/bn_nist.c

@@ -319,6 +319,28 @@ static void nist_cp_bn(BN_ULONG *dst, const BN_ULONG *src, int top)
 # endif
 #endif                          /* BN_BITS2 != 64 */
 
+#ifdef NIST_INT64
+/* Helpers to load/store a 32-bit word (uint32_t) from/into a memory
+ * location and avoid potential aliasing issue.  */
+static ossl_inline uint32_t load_u32(const void *ptr)
+{
+    uint32_t tmp;
+
+    memcpy(&tmp, ptr, sizeof(tmp));
+    return tmp;
+}
+
+static ossl_inline void store_lo32(void *ptr, NIST_INT64 val)
+{
+    /* A cast is needed for big-endian system: on a 32-bit BE system
+     * NIST_INT64 may be defined as well if the compiler supports 64-bit
+     * long long.  */
+    uint32_t tmp = (uint32_t)val;
+
+    memcpy(ptr, &tmp, sizeof(tmp));
+}
+#endif /* NIST_INT64 */
+
 #define nist_set_192(to, from, a1, a2, a3) \
         { \
         bn_cp_64(to, 0, from, (a3) - 3) \
@@ -374,42 +396,42 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         unsigned int *rp = (unsigned int *)r_d;
         const unsigned int *bp = (const unsigned int *)buf.ui;
 
-        acc = rp[0];
+        acc = load_u32(&rp[0]);
         acc += bp[3 * 2 - 6];
         acc += bp[5 * 2 - 6];
-        rp[0] = (unsigned int)acc;
+        store_lo32(&rp[0], acc);
         acc >>= 32;
 
-        acc += rp[1];
+        acc += load_u32(&rp[1]);
         acc += bp[3 * 2 - 5];
         acc += bp[5 * 2 - 5];
-        rp[1] = (unsigned int)acc;
+        store_lo32(&rp[1], acc);
         acc >>= 32;
 
-        acc += rp[2];
+        acc += load_u32(&rp[2]);
         acc += bp[3 * 2 - 6];
         acc += bp[4 * 2 - 6];
         acc += bp[5 * 2 - 6];
-        rp[2] = (unsigned int)acc;
+        store_lo32(&rp[2], acc);
         acc >>= 32;
 
-        acc += rp[3];
+        acc += load_u32(&rp[3]);
         acc += bp[3 * 2 - 5];
         acc += bp[4 * 2 - 5];
         acc += bp[5 * 2 - 5];
-        rp[3] = (unsigned int)acc;
+        store_lo32(&rp[3], acc);
         acc >>= 32;
 
-        acc += rp[4];
+        acc += load_u32(&rp[4]);
         acc += bp[4 * 2 - 6];
         acc += bp[5 * 2 - 6];
-        rp[4] = (unsigned int)acc;
+        store_lo32(&rp[4], acc);
         acc >>= 32;
 
-        acc += rp[5];
+        acc += load_u32(&rp[5]);
         acc += bp[4 * 2 - 5];
         acc += bp[5 * 2 - 5];
-        rp[5] = (unsigned int)acc;
+        store_lo32(&rp[5], acc);
 
         carry = (int)(acc >> 32);
     }
@@ -683,36 +705,36 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         unsigned int *rp = (unsigned int *)r_d;
         const unsigned int *bp = (const unsigned int *)buf.ui;
 
-        acc = rp[0];
+        acc = load_u32(&rp[0]);
         acc += bp[8 - 8];
         acc += bp[9 - 8];
         acc -= bp[11 - 8];
         acc -= bp[12 - 8];
         acc -= bp[13 - 8];
         acc -= bp[14 - 8];
-        rp[0] = (unsigned int)acc;
+        store_lo32(&rp[0], acc);
         acc >>= 32;
 
-        acc += rp[1];
+        acc += load_u32(&rp[1]);
         acc += bp[9 - 8];
         acc += bp[10 - 8];
         acc -= bp[12 - 8];
         acc -= bp[13 - 8];
         acc -= bp[14 - 8];
         acc -= bp[15 - 8];
-        rp[1] = (unsigned int)acc;
+        store_lo32(&rp[1], acc);
         acc >>= 32;
 
-        acc += rp[2];
+        acc += load_u32(&rp[2]);
         acc += bp[10 - 8];
         acc += bp[11 - 8];
         acc -= bp[13 - 8];
         acc -= bp[14 - 8];
         acc -= bp[15 - 8];
-        rp[2] = (unsigned int)acc;
+        store_lo32(&rp[2], acc);
         acc >>= 32;
 
-        acc += rp[3];
+        acc += load_u32(&rp[3]);
         acc += bp[11 - 8];
         acc += bp[11 - 8];
         acc += bp[12 - 8];
@@ -721,10 +743,10 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         acc -= bp[15 - 8];
         acc -= bp[8 - 8];
         acc -= bp[9 - 8];
-        rp[3] = (unsigned int)acc;
+        store_lo32(&rp[3], acc);
         acc >>= 32;
 
-        acc += rp[4];
+        acc += load_u32(&rp[4]);
         acc += bp[12 - 8];
         acc += bp[12 - 8];
         acc += bp[13 - 8];
@@ -732,10 +754,10 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         acc += bp[14 - 8];
         acc -= bp[9 - 8];
         acc -= bp[10 - 8];
-        rp[4] = (unsigned int)acc;
+        store_lo32(&rp[4], acc);
         acc >>= 32;
 
-        acc += rp[5];
+        acc += load_u32(&rp[5]);
         acc += bp[13 - 8];
         acc += bp[13 - 8];
         acc += bp[14 - 8];
@@ -743,10 +765,10 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         acc += bp[15 - 8];
         acc -= bp[10 - 8];
         acc -= bp[11 - 8];
-        rp[5] = (unsigned int)acc;
+        store_lo32(&rp[5], acc);
         acc >>= 32;
 
-        acc += rp[6];
+        acc += load_u32(&rp[6]);
         acc += bp[14 - 8];
         acc += bp[14 - 8];
         acc += bp[15 - 8];
@@ -755,10 +777,10 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         acc += bp[13 - 8];
         acc -= bp[8 - 8];
         acc -= bp[9 - 8];
-        rp[6] = (unsigned int)acc;
+        store_lo32(&rp[6], acc);
         acc >>= 32;
 
-        acc += rp[7];
+        acc += load_u32(&rp[7]);
         acc += bp[15 - 8];
         acc += bp[15 - 8];
         acc += bp[15 - 8];
@@ -767,7 +789,7 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         acc -= bp[11 - 8];
         acc -= bp[12 - 8];
         acc -= bp[13 - 8];
-        rp[7] = (unsigned int)acc;
+        store_lo32(&rp[7], acc);
 
         carry = (int)(acc >> 32);
     }
@@ -920,32 +942,32 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         unsigned int *rp = (unsigned int *)r_d;
         const unsigned int *bp = (const unsigned int *)buf.ui;
 
-        acc = rp[0];
+        acc = load_u32(&rp[0]);
         acc += bp[12 - 12];
         acc += bp[21 - 12];
         acc += bp[20 - 12];
         acc -= bp[23 - 12];
-        rp[0] = (unsigned int)acc;
+        store_lo32(&rp[0], acc);
         acc >>= 32;
 
-        acc += rp[1];
+        acc += load_u32(&rp[1]);
         acc += bp[13 - 12];
         acc += bp[22 - 12];
         acc += bp[23 - 12];
         acc -= bp[12 - 12];
         acc -= bp[20 - 12];
-        rp[1] = (unsigned int)acc;
+        store_lo32(&rp[1], acc);
         acc >>= 32;
 
-        acc += rp[2];
+        acc += load_u32(&rp[2]);
         acc += bp[14 - 12];
         acc += bp[23 - 12];
         acc -= bp[13 - 12];
         acc -= bp[21 - 12];
-        rp[2] = (unsigned int)acc;
+        store_lo32(&rp[2], acc);
         acc >>= 32;
 
-        acc += rp[3];
+        acc += load_u32(&rp[3]);
         acc += bp[15 - 12];
         acc += bp[12 - 12];
         acc += bp[20 - 12];
@@ -953,10 +975,10 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         acc -= bp[14 - 12];
         acc -= bp[22 - 12];
         acc -= bp[23 - 12];
-        rp[3] = (unsigned int)acc;
+        store_lo32(&rp[3], acc);
         acc >>= 32;
 
-        acc += rp[4];
+        acc += load_u32(&rp[4]);
         acc += bp[21 - 12];
         acc += bp[21 - 12];
         acc += bp[16 - 12];
@@ -967,10 +989,10 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         acc -= bp[15 - 12];
         acc -= bp[23 - 12];
         acc -= bp[23 - 12];
-        rp[4] = (unsigned int)acc;
+        store_lo32(&rp[4], acc);
         acc >>= 32;
 
-        acc += rp[5];
+        acc += load_u32(&rp[5]);
         acc += bp[22 - 12];
         acc += bp[22 - 12];
         acc += bp[17 - 12];
@@ -979,10 +1001,10 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         acc += bp[21 - 12];
         acc += bp[23 - 12];
         acc -= bp[16 - 12];
-        rp[5] = (unsigned int)acc;
+        store_lo32(&rp[5], acc);
         acc >>= 32;
 
-        acc += rp[6];
+        acc += load_u32(&rp[6]);
         acc += bp[23 - 12];
         acc += bp[23 - 12];
         acc += bp[18 - 12];
@@ -990,48 +1012,48 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         acc += bp[14 - 12];
         acc += bp[22 - 12];
         acc -= bp[17 - 12];
-        rp[6] = (unsigned int)acc;
+        store_lo32(&rp[6], acc);
         acc >>= 32;
 
-        acc += rp[7];
+        acc += load_u32(&rp[7]);
         acc += bp[19 - 12];
         acc += bp[16 - 12];
         acc += bp[15 - 12];
         acc += bp[23 - 12];
         acc -= bp[18 - 12];
-        rp[7] = (unsigned int)acc;
+        store_lo32(&rp[7], acc);
         acc >>= 32;
 
-        acc += rp[8];
+        acc += load_u32(&rp[8]);
         acc += bp[20 - 12];
         acc += bp[17 - 12];
         acc += bp[16 - 12];
         acc -= bp[19 - 12];
-        rp[8] = (unsigned int)acc;
+        store_lo32(&rp[8], acc);
         acc >>= 32;
 
-        acc += rp[9];
+        acc += load_u32(&rp[9]);
         acc += bp[21 - 12];
         acc += bp[18 - 12];
         acc += bp[17 - 12];
         acc -= bp[20 - 12];
-        rp[9] = (unsigned int)acc;
+        store_lo32(&rp[9], acc);
         acc >>= 32;
 
-        acc += rp[10];
+        acc += load_u32(&rp[10]);
         acc += bp[22 - 12];
         acc += bp[19 - 12];
         acc += bp[18 - 12];
         acc -= bp[21 - 12];
-        rp[10] = (unsigned int)acc;
+        store_lo32(&rp[10], acc);
         acc >>= 32;
 
-        acc += rp[11];
+        acc += load_u32(&rp[11]);
         acc += bp[23 - 12];
         acc += bp[20 - 12];
         acc += bp[19 - 12];
         acc -= bp[22 - 12];
-        rp[11] = (unsigned int)acc;
+        store_lo32(&rp[11], acc);
 
         carry = (int)(acc >> 32);
     }

libs/openssl/crypto/chacha/asm/chacha-loongarch64.pl

@@ -1,6 +1,6 @@
 #! /usr/bin/env perl
 # Author: Min Zhou <[email protected]>
-# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -17,6 +17,14 @@ my ($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$r$_",(4..11));
 my ($t0,$t1,$t2,$t3,$t4,$t5,$t6,$t7,$t8,$x)=map("\$r$_",(12..21));
 my ($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7,$s8)=map("\$r$_",(23..31));
 
+# The saved floating-point registers in the LP64D ABI.  In LoongArch
+# with vector extension, the low 64 bits of a vector register alias with
+# the corresponding FPR.  So we must save and restore the corresponding
+# FPR if we'll write into a vector register.  The ABI only requires
+# saving and restoring the FPR (i.e. 64 bits of the corresponding vector
+# register), not the entire vector register.
+my ($fs0,$fs1,$fs2,$fs3,$fs4,$fs5,$fs6,$fs7)=map("\$f$_",(24..31));
+
 # Here is the 128-bit vector register layout for LSX extension.
 my ($vr0,$vr1,$vr2,$vr3,$vr4,$vr5,$vr6,$vr7,$vr8,$vr9,$vr10,
     $vr11,$vr12,$vr13,$vr14,$vr15,$vr16,$vr17,$vr18,$vr19,
@@ -63,16 +71,29 @@ ChaCha20_ctr32:
 	# $a4 = arg #5 (counter array)
 
 	beqz		$len,.Lno_data
+	ori			$t3,$zero,64
 	la.pcrel	$t0,OPENSSL_loongarch_hwcap_P
 	ld.w		$t0,$t0,0
 
+	bleu		$len,$t3,.LChaCha20_1x  # goto 1x when len <= 64
+
+	andi		$t0,$t0,LOONGARCH_HWCAP_LASX | LOONGARCH_HWCAP_LSX
+	beqz		$t0,.LChaCha20_1x
+
+	addi.d		$sp,$sp,-64
+	fst.d		$fs0,$sp,0
+	fst.d		$fs1,$sp,8
+	fst.d		$fs2,$sp,16
+	fst.d		$fs3,$sp,24
+	fst.d		$fs4,$sp,32
+	fst.d		$fs5,$sp,40
+	fst.d		$fs6,$sp,48
+	fst.d		$fs7,$sp,56
+
 	andi		$t1,$t0,LOONGARCH_HWCAP_LASX
 	bnez		$t1,.LChaCha20_8x
 
-	andi		$t2,$t0,LOONGARCH_HWCAP_LSX
-	bnez		$t2,.LChaCha20_4x
-
-	b			.LChaCha20_1x
+	b		.LChaCha20_4x
 
 EOF
 
@@ -441,9 +462,6 @@ EOF
 $code .= <<EOF;
 .align 6
 .LChaCha20_4x:
-	ori			$t3,$zero,64
-	bleu		$len,$t3,.LChaCha20_1x  # goto 1x when len <= 64
-
 	addi.d		$sp,$sp,-128
 
 	# Save the initial block counter in $t4
@@ -783,7 +801,7 @@ $code .= <<EOF;
 
 .Ldone_4x:
 	addi.d		$sp,$sp,128
-	b			.Lend
+	b			.Lrestore_saved_fpr
 
 EOF
 }
@@ -868,9 +886,6 @@ EOF
 $code .= <<EOF;
 .align 6
 .LChaCha20_8x:
-	ori			$t3,$zero,64
-	bleu		$len,$t3,.LChaCha20_1x  # goto 1x when len <= 64
-
 	addi.d		$sp,$sp,-128
 
 	# Save the initial block counter in $t4
@@ -1394,12 +1409,22 @@ $code .= <<EOF;
 
 .Ldone_8x:
 	addi.d		$sp,$sp,128
-	b			.Lend
+	b			.Lrestore_saved_fpr
 
 EOF
 }
 
 $code .= <<EOF;
+.Lrestore_saved_fpr:
+	fld.d		$fs0,$sp,0
+	fld.d		$fs1,$sp,8
+	fld.d		$fs2,$sp,16
+	fld.d		$fs3,$sp,24
+	fld.d		$fs4,$sp,32
+	fld.d		$fs5,$sp,40
+	fld.d		$fs6,$sp,48
+	fld.d		$fs7,$sp,56
+	addi.d		$sp,$sp,64
 .Lno_data:
 .Lend:
 	jr	$ra

libs/openssl/crypto/cms/cms_att.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -12,8 +12,9 @@
 #include <openssl/x509v3.h>
 #include <openssl/err.h>
 #include <openssl/cms.h>
-#include "cms_local.h"
 #include "internal/nelem.h"
+#include "crypto/x509.h"
+#include "cms_local.h"
 
 /*-
  * Attribute flags.
@@ -94,7 +95,7 @@ X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc)
 
 int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr)
 {
-    if (X509at_add1_attr(&si->signedAttrs, attr))
+    if (ossl_x509at_add1_attr(&si->signedAttrs, attr))
         return 1;
     return 0;
 }
@@ -103,7 +104,7 @@ int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si,
                                 const ASN1_OBJECT *obj, int type,
                                 const void *bytes, int len)
 {
-    if (X509at_add1_attr_by_OBJ(&si->signedAttrs, obj, type, bytes, len))
+    if (ossl_x509at_add1_attr_by_OBJ(&si->signedAttrs, obj, type, bytes, len))
         return 1;
     return 0;
 }
@@ -111,7 +112,7 @@ int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si,
 int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si,
                                 int nid, int type, const void *bytes, int len)
 {
-    if (X509at_add1_attr_by_NID(&si->signedAttrs, nid, type, bytes, len))
+    if (ossl_x509at_add1_attr_by_NID(&si->signedAttrs, nid, type, bytes, len))
         return 1;
     return 0;
 }
@@ -120,7 +121,8 @@ int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si,
                                 const char *attrname, int type,
                                 const void *bytes, int len)
 {
-    if (X509at_add1_attr_by_txt(&si->signedAttrs, attrname, type, bytes, len))
+    if (ossl_x509at_add1_attr_by_txt(&si->signedAttrs, attrname, type, bytes,
+                                     len))
         return 1;
     return 0;
 }
@@ -161,7 +163,7 @@ X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc)
 
 int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr)
 {
-    if (X509at_add1_attr(&si->unsignedAttrs, attr))
+    if (ossl_x509at_add1_attr(&si->unsignedAttrs, attr))
         return 1;
     return 0;
 }
@@ -170,7 +172,7 @@ int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si,
                                   const ASN1_OBJECT *obj, int type,
                                   const void *bytes, int len)
 {
-    if (X509at_add1_attr_by_OBJ(&si->unsignedAttrs, obj, type, bytes, len))
+    if (ossl_x509at_add1_attr_by_OBJ(&si->unsignedAttrs, obj, type, bytes, len))
         return 1;
     return 0;
 }
@@ -179,7 +181,7 @@ int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si,
                                   int nid, int type,
                                   const void *bytes, int len)
 {
-    if (X509at_add1_attr_by_NID(&si->unsignedAttrs, nid, type, bytes, len))
+    if (ossl_x509at_add1_attr_by_NID(&si->unsignedAttrs, nid, type, bytes, len))
         return 1;
     return 0;
 }
@@ -188,8 +190,8 @@ int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si,
                                   const char *attrname, int type,
                                   const void *bytes, int len)
 {
-    if (X509at_add1_attr_by_txt(&si->unsignedAttrs, attrname,
-                                type, bytes, len))
+    if (ossl_x509at_add1_attr_by_txt(&si->unsignedAttrs, attrname,
+                                     type, bytes, len))
         return 1;
     return 0;
 }

libs/openssl/crypto/cms/cms_rsa.c

@@ -99,8 +99,10 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
     if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0)
         goto err;
     if (label != NULL
-            && EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0)
+            && EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0) {
+        OPENSSL_free(label);
         goto err;
+    }
     /* Carry on */
     rv = 1;
 

libs/openssl/crypto/conf/conf_err.c

@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -41,6 +41,8 @@ static const ERR_STRING_DATA CONF_str_reasons[] = {
     "openssl conf references missing section"},
     {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_RECURSIVE_DIRECTORY_INCLUDE),
     "recursive directory include"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_RECURSIVE_SECTION_REFERENCE),
+    "recursive section reference"},
     {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_RELATIVE_PATH), "relative path"},
     {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_SSL_COMMAND_SECTION_EMPTY),
     "ssl command section empty"},

libs/openssl/crypto/ec/asm/ecp_sm2p256-armv8.pl

@@ -28,44 +28,44 @@ my ($t4,$t5,$t6,$t7,$t8)=map("x$_",(15..19));
 sub bn_mod_add() {
 	my $mod = shift;
 $code.=<<___;
-	# Load inputs
+	// Load inputs
 	ldp $s0,$s1,[x1]
 	ldp $s2,$s3,[x1,#16]
 	ldp $s4,$s5,[x2]
 	ldp $s6,$s7,[x2,#16]
 
-	# Addition
+	// Addition
 	adds $s0,$s0,$s4
 	adcs $s1,$s1,$s5
 	adcs $s2,$s2,$s6
 	adcs $s3,$s3,$s7
 	adc $t4,xzr,xzr
 
-	# Load polynomial
+	// Load polynomial
 	adr x2,$mod
 	ldp $s4,$s5,[x2]
 	ldp $s6,$s7,[x2,#16]
 
-	# Backup Addition
+	// Backup Addition
 	mov $t0,$s0
 	mov $t1,$s1
 	mov $t2,$s2
 	mov $t3,$s3
 
-	# Sub polynomial
+	// Sub polynomial
 	subs $t0,$t0,$s4
 	sbcs $t1,$t1,$s5
 	sbcs $t2,$t2,$s6
 	sbcs $t3,$t3,$s7
 	sbcs $t4,$t4,xzr
 
-	# Select based on carry
+	// Select based on carry
 	csel $s0,$s0,$t0,cc
 	csel $s1,$s1,$t1,cc
 	csel $s2,$s2,$t2,cc
 	csel $s3,$s3,$t3,cc
 
-	# Store results
+	// Store results
 	stp $s0,$s1,[x0]
 	stp $s2,$s3,[x0,#16]
 ___
@@ -74,44 +74,44 @@ ___
 sub bn_mod_sub() {
 	my $mod = shift;
 $code.=<<___;
-	# Load inputs
+	// Load inputs
 	ldp $s0,$s1,[x1]
 	ldp $s2,$s3,[x1,#16]
 	ldp $s4,$s5,[x2]
 	ldp $s6,$s7,[x2,#16]
 
-	# Subtraction
+	// Subtraction
 	subs $s0,$s0,$s4
 	sbcs $s1,$s1,$s5
 	sbcs $s2,$s2,$s6
 	sbcs $s3,$s3,$s7
 	sbc $t4,xzr,xzr
 
-	# Load polynomial
+	// Load polynomial
 	adr x2,$mod
 	ldp $s4,$s5,[x2]
 	ldp $s6,$s7,[x2,#16]
 
-	# Backup subtraction
+	// Backup subtraction
 	mov $t0,$s0
 	mov $t1,$s1
 	mov $t2,$s2
 	mov $t3,$s3
 
-	# Add polynomial
+	// Add polynomial
 	adds $t0,$t0,$s4
 	adcs $t1,$t1,$s5
 	adcs $t2,$t2,$s6
 	adcs $t3,$t3,$s7
 	tst $t4,$t4
 
-	# Select based on carry
+	// Select based on carry
 	csel $s0,$s0,$t0,eq
 	csel $s1,$s1,$t1,eq
 	csel $s2,$s2,$t2,eq
 	csel $s3,$s3,$t3,eq
 
-	# Store results
+	// Store results
 	stp $s0,$s1,[x0]
 	stp $s2,$s3,[x0,#16]
 ___
@@ -120,38 +120,38 @@ ___
 sub bn_mod_div_by_2() {
 	my $mod = shift;
 $code.=<<___;
-	# Load inputs
+	// Load inputs
 	ldp $s0,$s1,[x1]
 	ldp $s2,$s3,[x1,#16]
 
-	# Save the least significant bit
+	// Save the least significant bit
 	mov $t0,$s0
 
-	# Right shift 1
+	// Right shift 1
 	extr $s0,$s1,$s0,#1
 	extr $s1,$s2,$s1,#1
 	extr $s2,$s3,$s2,#1
 	lsr $s3,$s3,#1
 
-	# Load mod
+	// Load mod
 	adr x2,$mod
 	ldp $s4,$s5,[x2]
 	ldp $s6,$s7,[x2,#16]
 
-	# Parity check
+	// Parity check
 	tst $t0,#1
 	csel $s4,xzr,$s4,eq
 	csel $s5,xzr,$s5,eq
 	csel $s6,xzr,$s6,eq
 	csel $s7,xzr,$s7,eq
 
-	# Add
+	// Add
 	adds $s0,$s0,$s4
 	adcs $s1,$s1,$s5
 	adcs $s2,$s2,$s6
 	adc $s3,$s3,$s7
 
-	# Store results
+	// Store results
 	stp $s0,$s1,[x0]
 	stp $s2,$s3,[x0,#16]
 ___
@@ -183,17 +183,17 @@ $code.=<<___;
 .align	5
 bn_rshift1:
 	AARCH64_VALID_CALL_TARGET
-	# Load inputs
+	// Load inputs
 	ldp $s0,$s1,[x0]
 	ldp $s2,$s3,[x0,#16]
 
-	# Right shift
+	// Right shift
 	extr $s0,$s1,$s0,#1
 	extr $s1,$s2,$s1,#1
 	extr $s2,$s3,$s2,#1
 	lsr $s3,$s3,#1
 
-	# Store results
+	// Store results
 	stp $s0,$s1,[x0]
 	stp $s2,$s3,[x0,#16]
 
@@ -206,19 +206,19 @@ bn_rshift1:
 .align	5
 bn_sub:
 	AARCH64_VALID_CALL_TARGET
-	# Load inputs
+	// Load inputs
 	ldp $s0,$s1,[x1]
 	ldp $s2,$s3,[x1,#16]
 	ldp $s4,$s5,[x2]
 	ldp $s6,$s7,[x2,#16]
 
-	# Subtraction
+	// Subtraction
 	subs $s0,$s0,$s4
 	sbcs $s1,$s1,$s5
 	sbcs $s2,$s2,$s6
 	sbc $s3,$s3,$s7
 
-	# Store results
+	// Store results
 	stp $s0,$s1,[x0]
 	stp $s2,$s3,[x0,#16]
 
@@ -255,11 +255,11 @@ $code.=<<___;
 .align	5
 ecp_sm2p256_mul_by_3:
 	AARCH64_VALID_CALL_TARGET
-	# Load inputs
+	// Load inputs
 	ldp $s0,$s1,[x1]
 	ldp $s2,$s3,[x1,#16]
 
-	# 2*a
+	// 2*a
 	adds $s0,$s0,$s0
 	adcs $s1,$s1,$s1
 	adcs $s2,$s2,$s2
@@ -271,7 +271,7 @@ ecp_sm2p256_mul_by_3:
 	mov $t2,$s2
 	mov $t3,$s3
 
-	# Sub polynomial
+	// Sub polynomial
 	adr x2,.Lpoly
 	ldp $s4,$s5,[x2]
 	ldp $s6,$s7,[x2,#16]
@@ -287,7 +287,7 @@ ecp_sm2p256_mul_by_3:
 	csel $s3,$s3,$t3,cs
 	eor $t4,$t4,$t4
 
-	# 3*a
+	// 3*a
 	ldp $s4,$s5,[x1]
 	ldp $s6,$s7,[x1,#16]
 	adds $s0,$s0,$s4
@@ -301,7 +301,7 @@ ecp_sm2p256_mul_by_3:
 	mov $t2,$s2
 	mov $t3,$s3
 
-	# Sub polynomial
+	// Sub polynomial
 	adr x2,.Lpoly
 	ldp $s4,$s5,[x2]
 	ldp $s6,$s7,[x2,#16]
@@ -316,7 +316,7 @@ ecp_sm2p256_mul_by_3:
 	csel $s2,$s2,$t2,cs
 	csel $s3,$s3,$t3,cs
 
-	# Store results
+	// Store results
 	stp $s0,$s1,[x0]
 	stp $s2,$s3,[x0,#16]
 
@@ -360,45 +360,45 @@ $code.=<<___;
 .size ecp_sm2p256_sub_mod_ord,.-ecp_sm2p256_sub_mod_ord
 
 .macro RDC
-	# a = |  s7   | ... | s0  |, where si are 64-bit quantities
-	#   = |a15|a14| ... |a1|a0|, where ai are 32-bit quantities
-	# |    s7     |    s6     |    s5     |    s4     |
-	# | a15 | a14 | a13 | a12 | a11 | a10 | a9  | a8  |
-	# |    s3     |    s2     |    s1     |    s0     |
-	# | a7  | a6  | a5  | a4  | a3  | a2  | a1  | a0  |
-	# =================================================
-	# | a8  | a11 | a10 | a9  | a8  |   0 |    s4     | (+)
-	# | a9  | a15 |    s6     | a11 |   0 | a10 | a9  | (+)
-	# | a10 |   0 | a14 | a13 | a12 |   0 |    s5     | (+)
-	# | a11 |   0 |    s7     | a13 |   0 | a12 | a11 | (+)
-	# | a12 |   0 |    s7     | a13 |   0 |    s6     | (+)
-	# | a12 |   0 |   0 | a15 | a14 |   0 | a14 | a13 | (+)
-	# | a13 |   0 |   0 |   0 | a15 |   0 | a14 | a13 | (+)
-	# | a13 |   0 |   0 |   0 |   0 |   0 |    s7     | (+)
-	# | a14 |   0 |   0 |   0 |   0 |   0 |    s7     | (+)
-	# | a14 |   0 |   0 |   0 |   0 |   0 |   0 | a15 | (+)
-	# | a15 |   0 |   0 |   0 |   0 |   0 |   0 | a15 | (+)
-	# | a15 |   0 |   0 |   0 |   0 |   0 |   0 |   0 | (+)
-	# |    s7     |   0 |   0 |   0 |   0 |   0 |   0 | (+)
-	# |   0 |   0 |   0 |   0 |   0 | a8  |   0 |   0 | (-)
-	# |   0 |   0 |   0 |   0 |   0 | a9  |   0 |   0 | (-)
-	# |   0 |   0 |   0 |   0 |   0 | a13 |   0 |   0 | (-)
-	# |   0 |   0 |   0 |   0 |   0 | a14 |   0 |   0 | (-)
-	# | U[7]| U[6]| U[5]| U[4]| U[3]| U[2]| U[1]| U[0]|
-	# |    V[3]   |    V[2]   |    V[1]   |    V[0]   |
-
-	# 1. 64-bit addition
-	# t2=s6+s7+s7
+	// a = |  s7   | ... | s0  |, where si are 64-bit quantities
+	//   = |a15|a14| ... |a1|a0|, where ai are 32-bit quantities
+	// |    s7     |    s6     |    s5     |    s4     |
+	// | a15 | a14 | a13 | a12 | a11 | a10 | a9  | a8  |
+	// |    s3     |    s2     |    s1     |    s0     |
+	// | a7  | a6  | a5  | a4  | a3  | a2  | a1  | a0  |
+	// =================================================
+	// | a8  | a11 | a10 | a9  | a8  |   0 |    s4     | (+)
+	// | a9  | a15 |    s6     | a11 |   0 | a10 | a9  | (+)
+	// | a10 |   0 | a14 | a13 | a12 |   0 |    s5     | (+)
+	// | a11 |   0 |    s7     | a13 |   0 | a12 | a11 | (+)
+	// | a12 |   0 |    s7     | a13 |   0 |    s6     | (+)
+	// | a12 |   0 |   0 | a15 | a14 |   0 | a14 | a13 | (+)
+	// | a13 |   0 |   0 |   0 | a15 |   0 | a14 | a13 | (+)
+	// | a13 |   0 |   0 |   0 |   0 |   0 |    s7     | (+)
+	// | a14 |   0 |   0 |   0 |   0 |   0 |    s7     | (+)
+	// | a14 |   0 |   0 |   0 |   0 |   0 |   0 | a15 | (+)
+	// | a15 |   0 |   0 |   0 |   0 |   0 |   0 | a15 | (+)
+	// | a15 |   0 |   0 |   0 |   0 |   0 |   0 |   0 | (+)
+	// |    s7     |   0 |   0 |   0 |   0 |   0 |   0 | (+)
+	// |   0 |   0 |   0 |   0 |   0 | a8  |   0 |   0 | (-)
+	// |   0 |   0 |   0 |   0 |   0 | a9  |   0 |   0 | (-)
+	// |   0 |   0 |   0 |   0 |   0 | a13 |   0 |   0 | (-)
+	// |   0 |   0 |   0 |   0 |   0 | a14 |   0 |   0 | (-)
+	// | U[7]| U[6]| U[5]| U[4]| U[3]| U[2]| U[1]| U[0]|
+	// |    V[3]   |    V[2]   |    V[1]   |    V[0]   |
+
+	// 1. 64-bit addition
+	// t2=s6+s7+s7
 	adds $t2,$s6,$s7
 	adcs $t1,xzr,xzr
 	adds $t2,$t2,$s7
 	adcs $t1,$t1,xzr
-	# t3=s4+s5+t2
+	// t3=s4+s5+t2
 	adds $t3,$s4,$t2
 	adcs $t4,$t1,xzr
 	adds $t3,$t3,$s5
 	adcs $t4,$t4,xzr
-	# sum
+	// sum
 	adds $s0,$s0,$t3
 	adcs $s1,$s1,$t4
 	adcs $s2,$s2,$t2
@@ -410,7 +410,7 @@ $code.=<<___;
 	stp $s0,$s1,[sp,#32]
 	stp $s2,$s3,[sp,#48]
 
-	# 2. 64-bit to 32-bit spread
+	// 2. 64-bit to 32-bit spread
 	mov $t1,#0xffffffff
 	mov $s0,$s4
 	mov $s1,$s5
@@ -425,7 +425,7 @@ $code.=<<___;
 	lsr $s6,$s6,#32 // a13
 	lsr $s7,$s7,#32 // a15
 
-	# 3. 32-bit addition
+	// 3. 32-bit addition
 	add $t1,$a14,$a12  // t1 <- a12 + a14
 	add $t2,$a15,$a13  // t2 <- a13 + a15
 	add $t3,$a8,$a9    // t3 <- a8 + a9
@@ -446,53 +446,53 @@ $code.=<<___;
 	add $a11,$a11,$t2  // a11 <- a9 + a11 + 2*(a13 + a15)
 	add $t1,$t1,$t4    // t1 <- a10 + a12 + 2*a14
 
-	# U[0]  s5	a9 + a11 + 2*(a13 + a15)
-	# U[1]  t1	a10 + a12 + 2*a14
-	# U[2] -t3	a8 + a9 + a13 + a14
-	# U[3]  s2	a8 + a11 + a12 + 2*a13 + a14 + a15
-	# U[4]  s4	a9 + a13 + a15
-	# U[5]  t4	a10 + a14
-	# U[6]  s7	a11 + a15
-	# U[7]  s1	a8 + a9 + a10 + a11 + 2*(a12 + a13 + a14 + a15)
+	// U[0]  s5	a9 + a11 + 2*(a13 + a15)
+	// U[1]  t1	a10 + a12 + 2*a14
+	// U[2] -t3	a8 + a9 + a13 + a14
+	// U[3]  s2	a8 + a11 + a12 + 2*a13 + a14 + a15
+	// U[4]  s4	a9 + a13 + a15
+	// U[5]  t4	a10 + a14
+	// U[6]  s7	a11 + a15
+	// U[7]  s1	a8 + a9 + a10 + a11 + 2*(a12 + a13 + a14 + a15)
 
-	# 4. 32-bit to 64-bit
+	// 4. 32-bit to 64-bit
 	lsl $s0,$t1,#32
 	extr $t1,$s2,$t1,#32
 	extr $s2,$t4,$s2,#32
 	extr $t4,$s1,$t4,#32
 	lsr $s1,$s1,#32
 
-	# 5. 64-bit addition
+	// 5. 64-bit addition
 	adds $s5,$s5,$s0
 	adcs $t1,$t1,xzr
 	adcs $s4,$s4,$s2
 	adcs $s7,$s7,$t4
 	adcs $t0,$t0,$s1
 
-	# V[0]	s5
-	# V[1]	t1
-	# V[2]	s4
-	# V[3]	s7
-	# carry	t0
-	# sub	t3
+	// V[0]	s5
+	// V[1]	t1
+	// V[2]	s4
+	// V[3]	s7
+	// carry	t0
+	// sub	t3
 
-	# 5. Process s0-s3
+	// 5. Process s0-s3
 	ldp $s0,$s1,[sp,#32]
 	ldp $s2,$s3,[sp,#48]
-	# add with V0-V3
+	// add with V0-V3
 	adds $s0,$s0,$s5
 	adcs $s1,$s1,$t1
 	adcs $s2,$s2,$s4
 	adcs $s3,$s3,$s7
 	adcs $t0,$t0,xzr
-	# sub with t3
+	// sub with t3
 	subs $s1,$s1,$t3
 	sbcs $s2,$s2,xzr
 	sbcs $s3,$s3,xzr
 	sbcs $t0,$t0,xzr
 
-	# 6. MOD
-	# First Mod
+	// 6. MOD
+	// First Mod
 	lsl $t1,$t0,#32
 	subs $t2,$t1,$t0
 
@@ -501,8 +501,8 @@ $code.=<<___;
 	adcs $s2,$s2,xzr
 	adcs $s3,$s3,$t1
 
-	# Last Mod
-	# return y - p if y > p else y
+	// Last Mod
+	// return y - p if y > p else y
 	mov $s4,$s0
 	mov $s5,$s1
 	mov $s6,$s2
@@ -533,44 +533,44 @@ $code.=<<___;
 .align	5
 ecp_sm2p256_mul:
 	AARCH64_SIGN_LINK_REGISTER
-	# Store scalar registers
+	// Store scalar registers
 	stp x29,x30,[sp,#-80]!
 	add x29,sp,#0
 	stp x16,x17,[sp,#16]
 	stp x18,x19,[sp,#64]
 
-	# Load inputs
+	// Load inputs
 	ldp $s0,$s1,[x1]
 	ldp $s2,$s3,[x1,#16]
 	ldp $s4,$s5,[x2]
 	ldp $s6,$s7,[x2,#16]
 
-### multiplication ###
-	# ========================
-	#             s3 s2 s1 s0
-	# *           s7 s6 s5 s4
-	# ------------------------
-	# +           s0 s0 s0 s0
-	#              *  *  *  *
-	#             s7 s6 s5 s4
-	#          s1 s1 s1 s1
-	#           *  *  *  *
-	#          s7 s6 s5 s4
-	#       s2 s2 s2 s2
-	#        *  *  *  *
-	#       s7 s6 s5 s4
-	#    s3 s3 s3 s3
-	#     *  *  *  *
-	#    s7 s6 s5 s4
-	# ------------------------
-	# s7 s6 s5 s4 s3 s2 s1 s0
-	# ========================
-
-### s0*s4 ###
+// ### multiplication ###
+	// ========================
+	//             s3 s2 s1 s0
+	// *           s7 s6 s5 s4
+	// ------------------------
+	// +           s0 s0 s0 s0
+	//              *  *  *  *
+	//             s7 s6 s5 s4
+	//          s1 s1 s1 s1
+	//           *  *  *  *
+	//          s7 s6 s5 s4
+	//       s2 s2 s2 s2
+	//        *  *  *  *
+	//       s7 s6 s5 s4
+	//    s3 s3 s3 s3
+	//     *  *  *  *
+	//    s7 s6 s5 s4
+	// ------------------------
+	// s7 s6 s5 s4 s3 s2 s1 s0
+	// ========================
+
+// ### s0*s4 ###
 	mul $t5,$s0,$s4
 	umulh $t2,$s0,$s4
 
-### s1*s4 + s0*s5 ###
+// ### s1*s4 + s0*s5 ###
 	mul $t0,$s1,$s4
 	umulh $t1,$s1,$s4
 	adds $t2,$t2,$t0
@@ -582,7 +582,7 @@ ecp_sm2p256_mul:
 	adcs $t3,$t3,$t1
 	adcs $t4,xzr,xzr
 
-### s2*s4 + s1*s5 + s0*s6 ###
+// ### s2*s4 + s1*s5 + s0*s6 ###
 	mul $t0,$s2,$s4
 	umulh $t1,$s2,$s4
 	adds $t3,$t3,$t0
@@ -600,7 +600,7 @@ ecp_sm2p256_mul:
 	adcs $t4,$t4,$t1
 	adcs $t6,$t6,xzr
 
-### s3*s4 + s2*s5 + s1*s6 + s0*s7 ###
+// ### s3*s4 + s2*s5 + s1*s6 + s0*s7 ###
 	mul $t0,$s3,$s4
 	umulh $t1,$s3,$s4
 	adds $t4,$t4,$t0
@@ -625,7 +625,7 @@ ecp_sm2p256_mul:
 	adcs $t6,$t6,$t1
 	adcs $t7,$t7,xzr
 
-### s3*s5 + s2*s6 + s1*s7 ###
+// ### s3*s5 + s2*s6 + s1*s7 ###
 	mul $t0,$s3,$s5
 	umulh $t1,$s3,$s5
 	adds $t6,$t6,$t0
@@ -644,7 +644,7 @@ ecp_sm2p256_mul:
 	adcs $t7,$t7,$t1
 	adcs $t8,$t8,xzr
 
-### s3*s6 + s2*s7 ###
+// ### s3*s6 + s2*s7 ###
 	mul $t0,$s3,$s6
 	umulh $t1,$s3,$s6
 	adds $t7,$t7,$t0
@@ -657,7 +657,7 @@ ecp_sm2p256_mul:
 	adcs $t8,$t8,$t1
 	adcs $t6,$t6,xzr
 
-### s3*s7 ###
+// ### s3*s7 ###
 	mul $t0,$s3,$s7
 	umulh $t1,$s3,$s7
 	adds $s6,$t8,$t0
@@ -668,15 +668,15 @@ ecp_sm2p256_mul:
 	mov $s2,$t3
 	mov $s3,$t4
 
-	# result of mul: s7 s6 s5 s4 s3 s2 s1 s0
+	// result of mul: s7 s6 s5 s4 s3 s2 s1 s0
 
-### Reduction ###
+// ### Reduction ###
 	RDC
 
 	stp $s0,$s1,[x0]
 	stp $s2,$s3,[x0,#16]
 
-	# Restore scalar registers
+	// Restore scalar registers
 	ldp x16,x17,[sp,#16]
 	ldp x18,x19,[sp,#64]
 	ldp x29,x30,[sp],#80
@@ -692,48 +692,48 @@ ecp_sm2p256_mul:
 
 ecp_sm2p256_sqr:
 	AARCH64_SIGN_LINK_REGISTER
-	# Store scalar registers
+	// Store scalar registers
 	stp x29,x30,[sp,#-80]!
 	add x29,sp,#0
 	stp x16,x17,[sp,#16]
 	stp x18,x19,[sp,#64]
 
-	# Load inputs
+	// Load inputs
 	ldp $s4,$s5,[x1]
 	ldp $s6,$s7,[x1,#16]
 
-### square ###
-	# ========================
-	#             s7 s6 s5 s4
-	# *           s7 s6 s5 s4
-	# ------------------------
-	# +           s4 s4 s4 s4
-	#              *  *  *  *
-	#             s7 s6 s5 s4
-	#          s5 s5 s5 s5
-	#           *  *  *  *
-	#          s7 s6 s5 s4
-	#       s6 s6 s6 s6
-	#        *  *  *  *
-	#       s7 s6 s5 s4
-	#    s7 s7 s7 s7
-	#     *  *  *  *
-	#    s7 s6 s5 s4
-	# ------------------------
-	# s7 s6 s5 s4 s3 s2 s1 s0
-	# ========================
-
-### s4*s5 ###
+// ### square ###
+	// ========================
+	//             s7 s6 s5 s4
+	// *           s7 s6 s5 s4
+	// ------------------------
+	// +           s4 s4 s4 s4
+	//              *  *  *  *
+	//             s7 s6 s5 s4
+	//          s5 s5 s5 s5
+	//           *  *  *  *
+	//          s7 s6 s5 s4
+	//       s6 s6 s6 s6
+	//        *  *  *  *
+	//       s7 s6 s5 s4
+	//    s7 s7 s7 s7
+	//     *  *  *  *
+	//    s7 s6 s5 s4
+	// ------------------------
+	// s7 s6 s5 s4 s3 s2 s1 s0
+	// ========================
+
+// ### s4*s5 ###
 	mul $s1,$s4,$s5
 	umulh $s2,$s4,$s5
 
-### s4*s6 ###
+// ### s4*s6 ###
 	mul $t0,$s6,$s4
 	umulh $s3,$s6,$s4
 	adds $s2,$s2,$t0
 	adcs $s3,$s3,xzr
 
-### s4*s7 + s5*s6 ###
+// ### s4*s7 + s5*s6 ###
 	mul $t0,$s7,$s4
 	umulh $t1,$s7,$s4
 	adds $s3,$s3,$t0
@@ -745,19 +745,19 @@ ecp_sm2p256_sqr:
 	adcs $s0,$s0,$t1
 	adcs $t2,xzr,xzr
 
-### s5*s7 ###
+// ### s5*s7 ###
 	mul $t0,$s7,$s5
 	umulh $t1,$s7,$s5
 	adds $s0,$s0,$t0
 	adcs $t2,$t2,$t1
 
-### s6*s7 ###
+// ### s6*s7 ###
 	mul $t0,$s7,$s6
 	umulh $t1,$s7,$s6
 	adds $t2,$t2,$t0
 	adcs $t3,$t1,xzr
 
-### 2*(t3,t2,s0,s3,s2,s1) ###
+// ### 2*(t3,t2,s0,s3,s2,s1) ###
 	adds $s1,$s1,$s1
 	adcs $s2,$s2,$s2
 	adcs $s3,$s3,$s3
@@ -766,19 +766,19 @@ ecp_sm2p256_sqr:
 	adcs $t3,$t3,$t3
 	adcs $t4,xzr,xzr
 
-### s4*s4 ###
+// ### s4*s4 ###
 	mul $t5,$s4,$s4
 	umulh $t6,$s4,$s4
 
-### s5*s5 ###
+// ### s5*s5 ###
 	mul $s4,$s5,$s5
 	umulh $s5,$s5,$s5
 
-### s6*s6 ###
+// ### s6*s6 ###
 	mul $t0,$s6,$s6
 	umulh $t1,$s6,$s6
 
-### s7*s7 ###
+// ### s7*s7 ###
 	mul $t7,$s7,$s7
 	umulh $t8,$s7,$s7
 
@@ -796,15 +796,15 @@ ecp_sm2p256_sqr:
 	mov $s6,$t3
 	mov $s7,$t4
 
-	# result of mul: s7 s6 s5 s4 s3 s2 s1 s0
+	// result of mul: s7 s6 s5 s4 s3 s2 s1 s0
 
-### Reduction ###
+// ### Reduction ###
 	RDC
 
 	stp $s0,$s1,[x0]
 	stp $s2,$s3,[x0,#16]
 
-	# Restore scalar registers
+	// Restore scalar registers
 	ldp x16,x17,[sp,#16]
 	ldp x18,x19,[sp,#64]
 	ldp x29,x30,[sp],#80

libs/openssl/crypto/ec/ecp_sm2p256.c

@@ -40,28 +40,28 @@ typedef struct {
 
 #if !defined(OPENSSL_NO_SM2_PRECOMP)
 /* Coordinates of G, for which we have precomputed tables */
-static const BN_ULONG def_xG[P256_LIMBS] ALIGN32 = {
+ALIGN32 static const BN_ULONG def_xG[P256_LIMBS] = {
     0x715a4589334c74c7, 0x8fe30bbff2660be1,
     0x5f9904466a39c994, 0x32c4ae2c1f198119
 };
 
-static const BN_ULONG def_yG[P256_LIMBS] ALIGN32 = {
+ALIGN32 static const BN_ULONG def_yG[P256_LIMBS] = {
     0x02df32e52139f0a0, 0xd0a9877cc62a4740,
     0x59bdcee36b692153, 0xbc3736a2f4f6779c,
 };
 #endif
 
 /* p and order for SM2 according to GB/T 32918.5-2017 */
-static const BN_ULONG def_p[P256_LIMBS] ALIGN32 = {
+ALIGN32 static const BN_ULONG def_p[P256_LIMBS] = {
     0xffffffffffffffff, 0xffffffff00000000,
     0xffffffffffffffff, 0xfffffffeffffffff
 };
-static const BN_ULONG def_ord[P256_LIMBS] ALIGN32 = {
+ALIGN32 static const BN_ULONG def_ord[P256_LIMBS] = {
     0x53bbf40939d54123, 0x7203df6b21c6052b,
     0xffffffffffffffff, 0xfffffffeffffffff
 };
 
-static const BN_ULONG ONE[P256_LIMBS] ALIGN32 = {1, 0, 0, 0};
+ALIGN32 static const BN_ULONG ONE[P256_LIMBS] = {1, 0, 0, 0};
 
 /* Functions implemented in assembly */
 /*
@@ -139,10 +139,10 @@ static ossl_inline int is_greater(const BN_ULONG *a, const BN_ULONG *b)
 /* Binary algorithm for inversion in Fp */
 #define BN_MOD_INV(out, in, mod_div, mod_sub, mod) \
     do {                                           \
-        BN_ULONG u[4] ALIGN32;                     \
-        BN_ULONG v[4] ALIGN32;                     \
-        BN_ULONG x1[4] ALIGN32 = {1, 0, 0, 0};     \
-        BN_ULONG x2[4] ALIGN32 = {0};              \
+        ALIGN32 BN_ULONG u[4];                     \
+        ALIGN32 BN_ULONG v[4];                     \
+        ALIGN32 BN_ULONG x1[4] = {1, 0, 0, 0};     \
+        ALIGN32 BN_ULONG x2[4] = {0};              \
                                                    \
         if (is_zeros(in))                          \
             return;                                \
@@ -188,9 +188,9 @@ static ossl_inline void ecp_sm2p256_mod_ord_inverse(BN_ULONG* out,
 static void ecp_sm2p256_point_double(P256_POINT *R, const P256_POINT *P)
 {
     unsigned int i;
-    BN_ULONG tmp0[P256_LIMBS] ALIGN32;
-    BN_ULONG tmp1[P256_LIMBS] ALIGN32;
-    BN_ULONG tmp2[P256_LIMBS] ALIGN32;
+    ALIGN32 BN_ULONG tmp0[P256_LIMBS];
+    ALIGN32 BN_ULONG tmp1[P256_LIMBS];
+    ALIGN32 BN_ULONG tmp2[P256_LIMBS];
 
     /* zero-check P->Z */
     if (is_zeros(P->Z)) {
@@ -225,10 +225,10 @@ static void ecp_sm2p256_point_add_affine(P256_POINT *R, const P256_POINT *P,
                                          const P256_POINT_AFFINE *Q)
 {
     unsigned int i;
-    BN_ULONG tmp0[P256_LIMBS] ALIGN32 = {0};
-    BN_ULONG tmp1[P256_LIMBS] ALIGN32 = {0};
-    BN_ULONG tmp2[P256_LIMBS] ALIGN32 = {0};
-    BN_ULONG tmp3[P256_LIMBS] ALIGN32 = {0};
+    ALIGN32 BN_ULONG tmp0[P256_LIMBS] = {0};
+    ALIGN32 BN_ULONG tmp1[P256_LIMBS] = {0};
+    ALIGN32 BN_ULONG tmp2[P256_LIMBS] = {0};
+    ALIGN32 BN_ULONG tmp3[P256_LIMBS] = {0};
 
     /* zero-check P->Z */
     if (is_zeros(P->Z)) {
@@ -288,9 +288,9 @@ static void ecp_sm2p256_point_add(P256_POINT *R, const P256_POINT *P,
                                   const P256_POINT *Q)
 {
     unsigned int i;
-    BN_ULONG tmp0[P256_LIMBS] ALIGN32 = {0};
-    BN_ULONG tmp1[P256_LIMBS] ALIGN32 = {0};
-    BN_ULONG tmp2[P256_LIMBS] ALIGN32 = {0};
+    ALIGN32 BN_ULONG tmp0[P256_LIMBS] = {0};
+    ALIGN32 BN_ULONG tmp1[P256_LIMBS] = {0};
+    ALIGN32 BN_ULONG tmp2[P256_LIMBS] = {0};
 
     /* zero-check P | Q ->Z */
     if (is_zeros(P->Z)) {
@@ -382,7 +382,7 @@ static void ecp_sm2p256_point_P_mul_by_scalar(P256_POINT *R, const BN_ULONG *k,
 {
     int i, init = 0;
     unsigned int index, mask = 0x0f;
-    P256_POINT precomputed[16] ALIGN64;
+    ALIGN64 P256_POINT precomputed[16];
 
     memset(R, 0, sizeof(P256_POINT));
 
@@ -427,8 +427,8 @@ static void ecp_sm2p256_point_P_mul_by_scalar(P256_POINT *R, const BN_ULONG *k,
 static void ecp_sm2p256_point_get_affine(P256_POINT_AFFINE *R,
                                          const P256_POINT *P)
 {
-    BN_ULONG z_inv3[P256_LIMBS] ALIGN32 = {0};
-    BN_ULONG z_inv2[P256_LIMBS] ALIGN32 = {0};
+    ALIGN32 BN_ULONG z_inv3[P256_LIMBS] = {0};
+    ALIGN32 BN_ULONG z_inv2[P256_LIMBS] = {0};
 
     if (is_one(P->Z)) {
         memcpy(R->X, P->X, 32);
@@ -461,13 +461,13 @@ static int ecp_sm2p256_get_affine(const EC_GROUP *group,
                                   const EC_POINT *point,
                                   BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
 {
-    BN_ULONG z_inv2[P256_LIMBS] ALIGN32 = {0};
-    BN_ULONG z_inv3[P256_LIMBS] ALIGN32 = {0};
-    BN_ULONG x_aff[P256_LIMBS] ALIGN32 = {0};
-    BN_ULONG y_aff[P256_LIMBS] ALIGN32 = {0};
-    BN_ULONG point_x[P256_LIMBS] ALIGN32 = {0};
-    BN_ULONG point_y[P256_LIMBS] ALIGN32 = {0};
-    BN_ULONG point_z[P256_LIMBS] ALIGN32 = {0};
+    ALIGN32 BN_ULONG z_inv2[P256_LIMBS] = {0};
+    ALIGN32 BN_ULONG z_inv3[P256_LIMBS] = {0};
+    ALIGN32 BN_ULONG x_aff[P256_LIMBS] = {0};
+    ALIGN32 BN_ULONG y_aff[P256_LIMBS] = {0};
+    ALIGN32 BN_ULONG point_x[P256_LIMBS] = {0};
+    ALIGN32 BN_ULONG point_y[P256_LIMBS] = {0};
+    ALIGN32 BN_ULONG point_z[P256_LIMBS] = {0};
 
     if (EC_POINT_is_at_infinity(group, point)) {
         ECerr(ERR_LIB_EC, EC_R_POINT_AT_INFINITY);
@@ -510,7 +510,7 @@ static int ecp_sm2p256_windowed_mul(const EC_GROUP *group,
     unsigned int i;
     int ret = 0;
     const BIGNUM **scalars = NULL;
-    BN_ULONG k[P256_LIMBS] ALIGN32 = {0};
+    ALIGN32 BN_ULONG k[P256_LIMBS] = {0};
     P256_POINT kP;
     ALIGN32 union {
         P256_POINT p;
@@ -572,7 +572,7 @@ static int ecp_sm2p256_points_mul(const EC_GROUP *group,
 {
     int ret = 0, p_is_infinity = 0;
     const EC_POINT *generator = NULL;
-    BN_ULONG k[P256_LIMBS] ALIGN32 = {0};
+    ALIGN32 BN_ULONG k[P256_LIMBS] = {0};
     ALIGN32 union {
         P256_POINT p;
         P256_POINT_AFFINE a;
@@ -646,9 +646,9 @@ err:
 static int ecp_sm2p256_field_mul(const EC_GROUP *group, BIGNUM *r,
                                  const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
 {
-    BN_ULONG a_fe[P256_LIMBS] ALIGN32 = {0};
-    BN_ULONG b_fe[P256_LIMBS] ALIGN32 = {0};
-    BN_ULONG r_fe[P256_LIMBS] ALIGN32 = {0};
+    ALIGN32 BN_ULONG a_fe[P256_LIMBS] = {0};
+    ALIGN32 BN_ULONG b_fe[P256_LIMBS] = {0};
+    ALIGN32 BN_ULONG r_fe[P256_LIMBS] = {0};
 
     if (a == NULL || b == NULL || r == NULL)
         return 0;
@@ -670,8 +670,8 @@ static int ecp_sm2p256_field_mul(const EC_GROUP *group, BIGNUM *r,
 static int ecp_sm2p256_field_sqr(const EC_GROUP *group, BIGNUM *r,
                                  const BIGNUM *a, BN_CTX *ctx)
 {
-    BN_ULONG a_fe[P256_LIMBS] ALIGN32 = {0};
-    BN_ULONG r_fe[P256_LIMBS] ALIGN32 = {0};
+    ALIGN32 BN_ULONG a_fe[P256_LIMBS] = {0};
+    ALIGN32 BN_ULONG r_fe[P256_LIMBS] = {0};
 
     if (a == NULL || r == NULL)
         return 0;
@@ -693,8 +693,8 @@ static int ecp_sm2p256_inv_mod_ord(const EC_GROUP *group, BIGNUM *r,
                                              const BIGNUM *x, BN_CTX *ctx)
 {
     int ret = 0;
-    BN_ULONG t[P256_LIMBS] ALIGN32 = {0};
-    BN_ULONG out[P256_LIMBS] ALIGN32 = {0};
+    ALIGN32 BN_ULONG t[P256_LIMBS] = {0};
+    ALIGN32 BN_ULONG out[P256_LIMBS] = {0};
 
     if (bn_wexpand(r, P256_LIMBS) == NULL) {
         ECerr(ERR_LIB_EC, ERR_R_BN_LIB);

libs/openssl/crypto/ec/ecx_backend.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -114,7 +114,7 @@ ECX_KEY *ossl_ecx_key_dup(const ECX_KEY *key, int selection)
         return NULL;
 
     ret->libctx = key->libctx;
-    ret->haspubkey = key->haspubkey;
+    ret->haspubkey = 0;
     ret->keylen = key->keylen;
     ret->type = key->type;
 
@@ -127,8 +127,11 @@ ECX_KEY *ossl_ecx_key_dup(const ECX_KEY *key, int selection)
             goto err;
     }
 
-    if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
+    if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0
+        && key->haspubkey == 1) {
         memcpy(ret->pubkey, key->pubkey, sizeof(ret->pubkey));
+        ret->haspubkey = 1;
+    }
 
     if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0
         && key->privkey != NULL) {

libs/openssl/crypto/encode_decode/decoder_pkey.c

@@ -721,10 +721,9 @@ int ossl_decoder_cache_flush(OSSL_LIB_CTX *libctx)
     DECODER_CACHE *cache
         = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_DECODER_CACHE_INDEX);
 
-    if (cache == NULL) {
-        ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_OSSL_DECODER_LIB);
+    if (cache == NULL)
         return 0;
-    }
+
 
     if (!CRYPTO_THREAD_write_lock(cache->lock)) {
         ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_OSSL_DECODER_LIB);

libs/openssl/crypto/err/openssl.txt

@@ -424,6 +424,7 @@ CONF_R_NUMBER_TOO_LARGE:121:number too large
 CONF_R_OPENSSL_CONF_REFERENCES_MISSING_SECTION:124:\
 	openssl conf references missing section
 CONF_R_RECURSIVE_DIRECTORY_INCLUDE:111:recursive directory include
+CONF_R_RECURSIVE_SECTION_REFERENCE:126:recursive section reference
 CONF_R_RELATIVE_PATH:125:relative path
 CONF_R_SSL_COMMAND_SECTION_EMPTY:117:ssl command section empty
 CONF_R_SSL_COMMAND_SECTION_NOT_FOUND:118:ssl command section not found

libs/openssl/crypto/evp/e_aes.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -885,8 +885,6 @@ typedef struct {
         /* KMO-AES parameter block - end */
     } kmo;
     unsigned int fc;
-
-    int res;
 } S390X_AES_OFB_CTX;
 
 typedef struct {
@@ -903,8 +901,6 @@ typedef struct {
         /* KMF-AES parameter block - end */
     } kmf;
     unsigned int fc;
-
-    int res;
 } S390X_AES_CFB_CTX;
 
 typedef struct {
@@ -1068,7 +1064,6 @@ static int s390x_aes_ofb_init_key(EVP_CIPHER_CTX *ctx,
     memcpy(cctx->kmo.param.cv, iv, ivlen);
     memcpy(cctx->kmo.param.k, key, keylen);
     cctx->fc = S390X_AES_FC(keylen);
-    cctx->res = 0;
     return 1;
 }
 
@@ -1078,7 +1073,7 @@ static int s390x_aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     S390X_AES_OFB_CTX *cctx = EVP_C_DATA(S390X_AES_OFB_CTX, ctx);
     const int ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
     unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
-    int n = cctx->res;
+    int n = ctx->num;
     int rem;
 
     memcpy(cctx->kmo.param.cv, iv, ivlen);
@@ -1111,7 +1106,7 @@ static int s390x_aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     }
 
     memcpy(iv, cctx->kmo.param.cv, ivlen);
-    cctx->res = n;
+    ctx->num = n;
     return 1;
 }
 
@@ -1137,7 +1132,6 @@ static int s390x_aes_cfb_init_key(EVP_CIPHER_CTX *ctx,
     if (!enc)
         cctx->fc |= S390X_DECRYPT;
 
-    cctx->res = 0;
     memcpy(cctx->kmf.param.cv, iv, ivlen);
     memcpy(cctx->kmf.param.k, key, keylen);
     return 1;
@@ -1151,7 +1145,7 @@ static int s390x_aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     const int enc = EVP_CIPHER_CTX_is_encrypting(ctx);
     const int ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
     unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
-    int n = cctx->res;
+    int n = ctx->num;
     int rem;
     unsigned char tmp;
 
@@ -1197,7 +1191,7 @@ static int s390x_aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     }
 
     memcpy(iv, cctx->kmf.param.cv, ivlen);
-    cctx->res = n;
+    ctx->num = n;
     return 1;
 }
 

libs/openssl/crypto/evp/evp_fetch.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -318,13 +318,26 @@ inner_evp_generic_fetch(struct evp_method_data_st *methdata,
              * there is a correct name_id and meth_id, since those have
              * already been calculated in get_evp_method_from_store() and
              * put_evp_method_in_store() above.
+             * Note that there is a corner case here, in which, if a user
+             * passes a name of the form name1:name2:..., then the construction
+             * will create a method against all names, but the lookup will fail
+             * as ossl_namemap_name2num treats the name string as a single name
+             * rather than introducing new features where in the EVP_<obj>_fetch
+             * parses the string and querys for each, return an error.
              */
             if (name_id == 0)
                 name_id = ossl_namemap_name2num(namemap, name);
-            meth_id = evp_method_id(name_id, operation_id);
-            if (name_id != 0)
-                ossl_method_store_cache_set(store, prov, meth_id, propq,
-                                            method, up_ref_method, free_method);
+            if (name_id == 0) {
+                ERR_raise_data(ERR_LIB_EVP, ERR_R_FETCH_FAILED,
+                               "Algorithm %s cannot be found", name);
+                free_method(method);
+                method = NULL;
+            } else {
+                meth_id = evp_method_id(name_id, operation_id);
+                if (meth_id != 0)
+                    ossl_method_store_cache_set(store, prov, meth_id, propq,
+                                                method, up_ref_method, free_method);
+            }
         }
 
         /*

libs/openssl/crypto/http/http_lib.c

@@ -118,7 +118,7 @@ int OSSL_parse_url(const char *url, char **pscheme, char **puser, char **phost,
         port = ++p;
     /* remaining port spec handling is also done for the default values */
     /* make sure a decimal port number is given */
-    if (!sscanf(port, "%u", &portnum) || portnum > 65535) {
+    if (sscanf(port, "%u", &portnum) <= 0 || portnum > 65535) {
         ERR_raise_data(ERR_LIB_HTTP, HTTP_R_INVALID_PORT_NUMBER, "%s", port);
         goto err;
     }

libs/openssl/crypto/md5/asm/md5-aarch64.pl

@@ -28,10 +28,13 @@ open OUT,"| \"$^X\" $xlate $flavour \"$output\""
 *STDOUT=*OUT;
 
 $code .= <<EOF;
+#include "arm_arch.h"
+
 .text
 .globl  ossl_md5_block_asm_data_order
 .type   ossl_md5_block_asm_data_order,\@function
 ossl_md5_block_asm_data_order:
+        AARCH64_VALID_CALL_TARGET
         // Save all callee-saved registers
         stp     x19,x20,[sp,#-80]!
         stp     x21,x22,[sp,#16]

libs/openssl/crypto/mem_sec.c

@@ -260,11 +260,17 @@ int CRYPTO_secure_allocated(const void *ptr)
 
 size_t CRYPTO_secure_used(void)
 {
+    size_t ret = 0;
+
 #ifndef OPENSSL_NO_SECURE_MEMORY
-    return secure_mem_used;
-#else
-    return 0;
+    if (!CRYPTO_THREAD_read_lock(sec_malloc_lock))
+        return 0;
+
+    ret = secure_mem_used;
+
+    CRYPTO_THREAD_unlock(sec_malloc_lock);
 #endif /* OPENSSL_NO_SECURE_MEMORY */
+    return ret;
 }
 
 size_t CRYPTO_secure_actual_size(void *ptr)

libs/openssl/crypto/objects/obj_dat.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -128,7 +128,7 @@ static unsigned long added_obj_hash(const ADDED_OBJ *ca)
     a = ca->obj;
     switch (ca->type) {
     case ADDED_DATA:
-        ret = a->length << 20L;
+        ret = (unsigned long)a->length << 20UL;
         p = (unsigned char *)a->data;
         for (i = 0; i < a->length; i++)
             ret ^= p[i] << ((i * 3) % 24);
@@ -790,6 +790,10 @@ int OBJ_create(const char *oid, const char *sn, const char *ln)
     } else {
         /* Create a no-OID ASN1_OBJECT */
         tmpoid = ASN1_OBJECT_new();
+        if (tmpoid == NULL) {
+            ERR_raise(ERR_LIB_OBJ, ERR_R_ASN1_LIB);
+            return 0;
+        }
     }
 
     if (!ossl_obj_write_lock(1)) {

libs/openssl/crypto/param_build.c

@@ -255,9 +255,9 @@ int OSSL_PARAM_BLD_push_utf8_string(OSSL_PARAM_BLD *bld, const char *key,
     OSSL_PARAM_BLD_DEF *pd;
     int secure;
 
-    if (bsize == 0) {
+    if (bsize == 0)
         bsize = strlen(buf);
-    } else if (bsize > INT_MAX) {
+    if (bsize > INT_MAX) {
         ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_STRING_TOO_LONG);
         return 0;
     }
@@ -274,9 +274,9 @@ int OSSL_PARAM_BLD_push_utf8_ptr(OSSL_PARAM_BLD *bld, const char *key,
 {
     OSSL_PARAM_BLD_DEF *pd;
 
-    if (bsize == 0) {
+    if (bsize == 0)
         bsize = strlen(buf);
-    } else if (bsize > INT_MAX) {
+    if (bsize > INT_MAX) {
         ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_STRING_TOO_LONG);
         return 0;
     }

libs/openssl/crypto/params.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2019, Oracle and/or its affiliates.  All rights reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -197,6 +197,10 @@ static int unsigned_from_unsigned(void *dest, size_t dest_len,
 /* General purpose get integer parameter call that handles odd sizes */
 static int general_get_int(const OSSL_PARAM *p, void *val, size_t val_size)
 {
+    if (p->data == NULL) {
+        err_null_argument;
+        return 0;
+    }
     if (p->data_type == OSSL_PARAM_INTEGER)
         return signed_from_signed(val, val_size, p->data, p->data_size);
     if (p->data_type == OSSL_PARAM_UNSIGNED_INTEGER)
@@ -226,6 +230,11 @@ static int general_set_int(OSSL_PARAM *p, void *val, size_t val_size)
 /* General purpose get unsigned integer parameter call that handles odd sizes */
 static int general_get_uint(const OSSL_PARAM *p, void *val, size_t val_size)
 {
+
+    if (p->data == NULL) {
+        err_null_argument;
+        return 0;
+    }
     if (p->data_type == OSSL_PARAM_INTEGER)
         return unsigned_from_signed(val, val_size, p->data, p->data_size);
     if (p->data_type == OSSL_PARAM_UNSIGNED_INTEGER)
@@ -385,6 +394,11 @@ int OSSL_PARAM_get_int32(const OSSL_PARAM *p, int32_t *val)
         return 0;
     }
 
+    if (p->data == NULL) {
+        err_null_argument;
+        return 0;
+    }
+
     if (p->data_type == OSSL_PARAM_INTEGER) {
 #ifndef OPENSSL_SMALL_FOOTPRINT
         int64_t i64;
@@ -534,6 +548,11 @@ int OSSL_PARAM_get_uint32(const OSSL_PARAM *p, uint32_t *val)
         return 0;
     }
 
+    if (p->data == NULL) {
+        err_null_argument;
+        return 0;
+    }
+
     if (p->data_type == OSSL_PARAM_UNSIGNED_INTEGER) {
 #ifndef OPENSSL_SMALL_FOOTPRINT
         uint64_t u64;
@@ -685,6 +704,11 @@ int OSSL_PARAM_get_int64(const OSSL_PARAM *p, int64_t *val)
         return 0;
     }
 
+    if (p->data == NULL) {
+        err_null_argument;
+        return 0;
+    }
+
     if (p->data_type == OSSL_PARAM_INTEGER) {
 #ifndef OPENSSL_SMALL_FOOTPRINT
         switch (p->data_size) {
@@ -829,6 +853,11 @@ int OSSL_PARAM_get_uint64(const OSSL_PARAM *p, uint64_t *val)
         return 0;
     }
 
+    if (p->data == NULL) {
+        err_null_argument;
+        return 0;
+    }
+
     if (p->data_type == OSSL_PARAM_UNSIGNED_INTEGER) {
 #ifndef OPENSSL_SMALL_FOOTPRINT
         switch (p->data_size) {
@@ -1040,7 +1069,7 @@ int OSSL_PARAM_get_BN(const OSSL_PARAM *p, BIGNUM **val)
 {
     BIGNUM *b = NULL;
 
-    if (val == NULL || p == NULL) {
+    if (val == NULL || p == NULL || p->data == NULL) {
         err_null_argument;
         return 0;
     }
@@ -1132,7 +1161,7 @@ int OSSL_PARAM_get_double(const OSSL_PARAM *p, double *val)
     int64_t i64;
     uint64_t u64;
 
-    if (val == NULL || p == NULL) {
+    if (val == NULL || p == NULL || p->data == NULL) {
         err_null_argument;
         return 0;
     }

libs/openssl/crypto/params_from_text.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2019, Oracle and/or its affiliates.  All rights reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -115,7 +115,13 @@ static int prepare_from_text(const OSSL_PARAM *paramdefs, const char *key,
         break;
     case OSSL_PARAM_OCTET_STRING:
         if (*ishex) {
-            *buf_n = strlen(value) >> 1;
+            size_t hexdigits = strlen(value);
+            if ((hexdigits % 2) != 0) {
+                /* We don't accept an odd number of hex digits */
+                ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_ODD_NUMBER_OF_DIGITS);
+                return 0;
+            }
+            *buf_n = hexdigits >> 1;
         } else {
             *buf_n = value_n;
         }

libs/openssl/crypto/perlasm/x86_64-xlate.pl

@@ -111,7 +111,12 @@ elsif (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
     $gnuas=1;
 }
 elsif (`$ENV{CC} --version 2>/dev/null`
-		=~ /clang .*/)
+		=~ /(clang .*|Intel.*oneAPI .*)/)
+{
+    $gnuas=1;
+}
+elsif (`$ENV{CC} -V 2>/dev/null`
+		=~ /nvc .*/)
 {
     $gnuas=1;
 }

libs/openssl/crypto/pkcs12/p12_add.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -78,6 +78,12 @@ STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7)
         ERR_raise(ERR_LIB_PKCS12, PKCS12_R_CONTENT_TYPE_NOT_DATA);
         return NULL;
     }
+
+    if (p7->d.data == NULL) {
+        ERR_raise(ERR_LIB_PKCS12, PKCS12_R_DECODE_ERROR);
+        return NULL;
+    }
+
     return ASN1_item_unpack_ex(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS),
                                ossl_pkcs7_ctx_get0_libctx(&p7->ctx),
                                ossl_pkcs7_ctx_get0_propq(&p7->ctx));
@@ -152,6 +158,12 @@ STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass,
 {
     if (!PKCS7_type_is_encrypted(p7))
         return NULL;
+
+    if (p7->d.encrypted == NULL) {
+        ERR_raise(ERR_LIB_PKCS12, PKCS12_R_DECODE_ERROR);
+        return NULL;
+    }
+
     return PKCS12_item_decrypt_d2i_ex(p7->d.encrypted->enc_data->algorithm,
                                    ASN1_ITEM_rptr(PKCS12_SAFEBAGS),
                                    pass, passlen,
@@ -191,6 +203,12 @@ STACK_OF(PKCS7) *PKCS12_unpack_authsafes(const PKCS12 *p12)
         ERR_raise(ERR_LIB_PKCS12, PKCS12_R_CONTENT_TYPE_NOT_DATA);
         return NULL;
     }
+
+    if (p12->authsafes->d.data == NULL) {
+        ERR_raise(ERR_LIB_PKCS12, PKCS12_R_DECODE_ERROR);
+        return NULL;
+    }
+
     p7ctx = &p12->authsafes->ctx;
     p7s = ASN1_item_unpack_ex(p12->authsafes->d.data,
                               ASN1_ITEM_rptr(PKCS12_AUTHSAFES),

libs/openssl/crypto/pkcs12/p12_mutl.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -98,6 +98,11 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
         return 0;
     }
 
+    if (p12->authsafes->d.data == NULL) {
+        ERR_raise(ERR_LIB_PKCS12, PKCS12_R_DECODE_ERROR);
+        return 0;
+    }
+
     salt = p12->mac->salt->data;
     saltlen = p12->mac->salt->length;
     if (p12->mac->iter == NULL)

libs/openssl/crypto/pkcs12/p12_npas.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -80,8 +80,9 @@ static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass)
             bags = PKCS12_unpack_p7data(p7);
         } else if (bagnid == NID_pkcs7_encrypted) {
             bags = PKCS12_unpack_p7encdata(p7, oldpass, -1);
-            if (!alg_get(p7->d.encrypted->enc_data->algorithm,
-                         &pbe_nid, &pbe_iter, &pbe_saltlen, &cipherid))
+            if (p7->d.encrypted == NULL
+                    || !alg_get(p7->d.encrypted->enc_data->algorithm,
+                                &pbe_nid, &pbe_iter, &pbe_saltlen, &cipherid))
                 goto err;
         } else {
             continue;

libs/openssl/crypto/pkcs7/pk7_mime.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -33,10 +33,13 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
     int ctype_nid = OBJ_obj2nid(p7->type);
     const PKCS7_CTX *ctx = ossl_pkcs7_get0_ctx(p7);
 
-    if (ctype_nid == NID_pkcs7_signed)
+    if (ctype_nid == NID_pkcs7_signed) {
+        if (p7->d.sign == NULL)
+            return 0;
         mdalgs = p7->d.sign->md_algs;
-    else
+    } else {
         mdalgs = NULL;
+    }
 
     flags ^= SMIME_OLDMIME;
 

libs/openssl/crypto/poly1305/asm/poly1305-ppc.pl

@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -744,7 +744,7 @@ ___
 my $LOCALS= 6*$SIZE_T;
 my $VSXFRAME = $LOCALS + 6*$SIZE_T;
    $VSXFRAME += 128;	# local variables
-   $VSXFRAME += 13*16;	# v20-v31 offload
+   $VSXFRAME += 12*16;	# v20-v31 offload
 
 my $BIG_ENDIAN = ($flavour !~ /le/) ? 4 : 0;
 
@@ -919,12 +919,12 @@ __poly1305_blocks_vsx:
 	addi	r11,r11,32
 	stvx	v22,r10,$sp
 	addi	r10,r10,32
-	stvx	v23,r10,$sp
-	addi	r10,r10,32
-	stvx	v24,r11,$sp
+	stvx	v23,r11,$sp
 	addi	r11,r11,32
-	stvx	v25,r10,$sp
+	stvx	v24,r10,$sp
 	addi	r10,r10,32
+	stvx	v25,r11,$sp
+	addi	r11,r11,32
 	stvx	v26,r10,$sp
 	addi	r10,r10,32
 	stvx	v27,r11,$sp
@@ -1153,12 +1153,12 @@ __poly1305_blocks_vsx:
 	addi	r11,r11,32
 	stvx	v22,r10,$sp
 	addi	r10,r10,32
-	stvx	v23,r10,$sp
-	addi	r10,r10,32
-	stvx	v24,r11,$sp
+	stvx	v23,r11,$sp
 	addi	r11,r11,32
-	stvx	v25,r10,$sp
+	stvx	v24,r10,$sp
 	addi	r10,r10,32
+	stvx	v25,r11,$sp
+	addi	r11,r11,32
 	stvx	v26,r10,$sp
 	addi	r10,r10,32
 	stvx	v27,r11,$sp
@@ -1899,26 +1899,26 @@ Ldone_vsx:
 	mtspr	256,r12				# restore vrsave
 	lvx	v20,r10,$sp
 	addi	r10,r10,32
-	lvx	v21,r10,$sp
-	addi	r10,r10,32
-	lvx	v22,r11,$sp
+	lvx	v21,r11,$sp
 	addi	r11,r11,32
-	lvx	v23,r10,$sp
+	lvx	v22,r10,$sp
 	addi	r10,r10,32
-	lvx	v24,r11,$sp
+	lvx	v23,r11,$sp
 	addi	r11,r11,32
-	lvx	v25,r10,$sp
+	lvx	v24,r10,$sp
 	addi	r10,r10,32
-	lvx	v26,r11,$sp
+	lvx	v25,r11,$sp
 	addi	r11,r11,32
-	lvx	v27,r10,$sp
+	lvx	v26,r10,$sp
 	addi	r10,r10,32
-	lvx	v28,r11,$sp
+	lvx	v27,r11,$sp
 	addi	r11,r11,32
-	lvx	v29,r10,$sp
+	lvx	v28,r10,$sp
 	addi	r10,r10,32
-	lvx	v30,r11,$sp
-	lvx	v31,r10,$sp
+	lvx	v29,r11,$sp
+	addi	r11,r11,32
+	lvx	v30,r10,$sp
+	lvx	v31,r11,$sp
 	$POP	r27,`$VSXFRAME-$SIZE_T*5`($sp)
 	$POP	r28,`$VSXFRAME-$SIZE_T*4`($sp)
 	$POP	r29,`$VSXFRAME-$SIZE_T*3`($sp)

libs/openssl/crypto/property/property_parse.c

@@ -97,9 +97,18 @@ static int parse_number(const char *t[], OSSL_PROPERTY_DEFINITION *res)
     const char *s = *t;
     int64_t v = 0;
 
-    if (!ossl_isdigit(*s))
-        return 0;
     do {
+        if (!ossl_isdigit(*s)) {
+            ERR_raise_data(ERR_LIB_PROP, PROP_R_NOT_A_DECIMAL_DIGIT,
+                           "HERE-->%s", *t);
+            return 0;
+        }
+        /* overflow check */
+        if (v > ((INT64_MAX - (*s - '0')) / 10)) {
+            ERR_raise_data(ERR_LIB_PROP, PROP_R_PARSE_FAILED,
+                           "Property %s overflows", *t);
+            return 0;
+        }
         v = v * 10 + (*s++ - '0');
     } while (ossl_isdigit(*s));
     if (!ossl_isspace(*s) && *s != '\0' && *s != ',') {
@@ -117,15 +126,27 @@ static int parse_hex(const char *t[], OSSL_PROPERTY_DEFINITION *res)
 {
     const char *s = *t;
     int64_t v = 0;
+    int sval;
 
-    if (!ossl_isxdigit(*s))
-        return 0;
     do {
+        if (ossl_isdigit(*s)) {
+            sval = *s - '0';
+        } else if (ossl_isxdigit(*s)) {
+            sval = ossl_tolower(*s) - 'a' + 10;
+        } else {
+            ERR_raise_data(ERR_LIB_PROP, PROP_R_NOT_AN_HEXADECIMAL_DIGIT,
+                           "%s", *t);
+            return 0;
+        }
+
+        if (v > ((INT64_MAX - sval) / 16)) {
+            ERR_raise_data(ERR_LIB_PROP, PROP_R_PARSE_FAILED,
+                           "Property %s overflows", *t);
+            return 0;
+        }
+
         v <<= 4;
-        if (ossl_isdigit(*s))
-            v += *s - '0';
-        else
-            v += ossl_tolower(*s) - 'a';
+        v += sval;
     } while (ossl_isxdigit(*++s));
     if (!ossl_isspace(*s) && *s != '\0' && *s != ',') {
         ERR_raise_data(ERR_LIB_PROP, PROP_R_NOT_AN_HEXADECIMAL_DIGIT,
@@ -143,9 +164,18 @@ static int parse_oct(const char *t[], OSSL_PROPERTY_DEFINITION *res)
     const char *s = *t;
     int64_t v = 0;
 
-    if (*s == '9' || *s == '8' || !ossl_isdigit(*s))
-        return 0;
     do {
+        if (*s == '9' || *s == '8' || !ossl_isdigit(*s)) {
+            ERR_raise_data(ERR_LIB_PROP, PROP_R_NOT_AN_OCTAL_DIGIT,
+                           "HERE-->%s", *t);
+            return 0;
+        }
+        if (v > ((INT64_MAX - (*s - '0')) / 8)) {
+            ERR_raise_data(ERR_LIB_PROP, PROP_R_PARSE_FAILED,
+                           "Property %s overflows", *t);
+            return 0;
+        }
+
         v = (v << 3) + (*s - '0');
     } while (ossl_isdigit(*++s) && *s != '9' && *s != '8');
     if (!ossl_isspace(*s) && *s != '\0' && *s != ',') {

libs/openssl/crypto/provider_conf.c

@@ -64,13 +64,22 @@ static const char *skip_dot(const char *name)
     return name;
 }
 
-static int provider_conf_params(OSSL_PROVIDER *prov,
-                                OSSL_PROVIDER_INFO *provinfo,
-                                const char *name, const char *value,
-                                const CONF *cnf)
+/*
+ * Parse the provider params section
+ * Returns:
+ * 1 for success
+ * 0 for non-fatal errors
+ * < 0 for fatal errors
+ */
+static int provider_conf_params_internal(OSSL_PROVIDER *prov,
+                                         OSSL_PROVIDER_INFO *provinfo,
+                                         const char *name, const char *value,
+                                         const CONF *cnf,
+                                         STACK_OF(OPENSSL_CSTRING) *visited)
 {
     STACK_OF(CONF_VALUE) *sect;
     int ok = 1;
+    int rc = 0;
 
     sect = NCONF_get_section(cnf, value);
     if (sect != NULL) {
@@ -80,6 +89,25 @@ static int provider_conf_params(OSSL_PROVIDER *prov,
 
         OSSL_TRACE1(CONF, "Provider params: start section %s\n", value);
 
+        /*
+         * Check to see if the provided section value has already
+         * been visited.  If it has, then we have a recursive lookup
+         * in the configuration which isn't valid.  As such we should error
+         * out
+         */
+        for (i = 0; i < sk_OPENSSL_CSTRING_num(visited); i++) {
+            if (sk_OPENSSL_CSTRING_value(visited, i) == value) {
+                ERR_raise(ERR_LIB_CONF, CONF_R_RECURSIVE_SECTION_REFERENCE);
+                return -1;
+            }
+        }
+
+        /*
+         * We've not visited this node yet, so record it on the stack
+         */
+        if (!sk_OPENSSL_CSTRING_push(visited, value))
+            return -1;
+
         if (name != NULL) {
             OPENSSL_strlcpy(buffer, name, sizeof(buffer));
             OPENSSL_strlcat(buffer, ".", sizeof(buffer));
@@ -89,14 +117,20 @@ static int provider_conf_params(OSSL_PROVIDER *prov,
         for (i = 0; i < sk_CONF_VALUE_num(sect); i++) {
             CONF_VALUE *sectconf = sk_CONF_VALUE_value(sect, i);
 
-            if (buffer_len + strlen(sectconf->name) >= sizeof(buffer))
-                return 0;
+            if (buffer_len + strlen(sectconf->name) >= sizeof(buffer)) {
+                sk_OPENSSL_CSTRING_pop(visited);
+                return -1;
+            }
             buffer[buffer_len] = '\0';
             OPENSSL_strlcat(buffer, sectconf->name, sizeof(buffer));
-            if (!provider_conf_params(prov, provinfo, buffer, sectconf->value,
-                                      cnf))
-                return 0;
+            rc = provider_conf_params_internal(prov, provinfo, buffer,
+                                               sectconf->value, cnf, visited);
+            if (rc < 0) {
+                sk_OPENSSL_CSTRING_pop(visited);
+                return rc;
+            }
         }
+        sk_OPENSSL_CSTRING_pop(visited);
 
         OSSL_TRACE1(CONF, "Provider params: finish section %s\n", value);
     } else {
@@ -110,6 +144,33 @@ static int provider_conf_params(OSSL_PROVIDER *prov,
     return ok;
 }
 
+/*
+ * recursively parse the provider configuration section
+ * of the config file. 
+ * Returns
+ * 1 on success
+ * 0 on non-fatal error
+ * < 0 on fatal errors
+ */
+static int provider_conf_params(OSSL_PROVIDER *prov,
+                                OSSL_PROVIDER_INFO *provinfo,
+                                const char *name, const char *value,
+                                const CONF *cnf)
+{
+    int rc;
+    STACK_OF(OPENSSL_CSTRING) *visited = sk_OPENSSL_CSTRING_new_null();
+
+    if (visited == NULL)
+        return -1;
+
+    rc = provider_conf_params_internal(prov, provinfo, name,
+                                       value, cnf, visited);
+
+    sk_OPENSSL_CSTRING_free(visited);
+
+    return rc;
+}
+
 static int prov_already_activated(const char *name,
                                   STACK_OF(OSSL_PROVIDER) *activated)
 {
@@ -130,6 +191,13 @@ static int prov_already_activated(const char *name,
     return 0;
 }
 
+/*
+ * Attempt to activate a provider
+ * Returns:
+ * 1 on successful activation
+ * 0 on failed activation for non-fatal error
+ * < 0 on failed activation for fatal errors
+ */
 static int provider_conf_activate(OSSL_LIB_CTX *libctx, const char *name,
                                   const char *value, const char *path,
                                   int soft, const CONF *cnf)
@@ -141,7 +209,7 @@ static int provider_conf_activate(OSSL_LIB_CTX *libctx, const char *name,
 
     if (pcgbl == NULL || !CRYPTO_THREAD_write_lock(pcgbl->lock)) {
         ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR);
-        return 0;
+        return -1;
     }
     if (!prov_already_activated(name, pcgbl->activated_providers)) {
         /*
@@ -154,7 +222,7 @@ static int provider_conf_activate(OSSL_LIB_CTX *libctx, const char *name,
         if (!ossl_provider_disable_fallback_loading(libctx)) {
             CRYPTO_THREAD_unlock(pcgbl->lock);
             ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR);
-            return 0;
+            return -1;
         }
         prov = ossl_provider_find(libctx, name, 1);
         if (prov == NULL)
@@ -163,7 +231,7 @@ static int provider_conf_activate(OSSL_LIB_CTX *libctx, const char *name,
             CRYPTO_THREAD_unlock(pcgbl->lock);
             if (soft)
                 ERR_clear_error();
-            return 0;
+            return (soft == 0) ? -1 : 0;
         }
 
         if (path != NULL)
@@ -171,7 +239,7 @@ static int provider_conf_activate(OSSL_LIB_CTX *libctx, const char *name,
 
         ok = provider_conf_params(prov, NULL, NULL, value, cnf);
 
-        if (ok) {
+        if (ok == 1) {
             if (!ossl_provider_activate(prov, 1, 0)) {
                 ok = 0;
             } else if (!ossl_provider_add_to_store(prov, &actual, 0)) {
@@ -195,7 +263,8 @@ static int provider_conf_activate(OSSL_LIB_CTX *libctx, const char *name,
                 }
             }
         }
-        if (!ok)
+
+        if (ok <= 0)
             ossl_provider_free(prov);
     }
     CRYPTO_THREAD_unlock(pcgbl->lock);
@@ -212,6 +281,7 @@ static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name,
     const char *path = NULL;
     long activate = 0;
     int ok = 0;
+    int added = 0;
 
     name = skip_dot(name);
     OSSL_TRACE1(CONF, "Configuring provider %s\n", name);
@@ -266,19 +336,23 @@ static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name,
         }
         if (ok)
             ok = provider_conf_params(NULL, &entry, NULL, value, cnf);
-        if (ok && (entry.path != NULL || entry.parameters != NULL))
+        if (ok >= 1 && (entry.path != NULL || entry.parameters != NULL)) {
             ok = ossl_provider_info_add_to_store(libctx, &entry);
-        if (!ok || (entry.path == NULL && entry.parameters == NULL)) {
-            ossl_provider_info_clear(&entry);
+            added = 1;
         }
-
+        if (added == 0)
+            ossl_provider_info_clear(&entry);
     }
 
     /*
-     * Even if ok is 0, we still return success. Failure to load a provider is
-     * not fatal. We want to continue to load the rest of the config file.
+     * Provider activation returns a tristate:
+     * 1 for successful activation
+     * 0 for non-fatal activation failure
+     * < 0 for fatal activation failure
+     * We return success (1) for activation, (1) for non-fatal activation
+     * failure, and (0) for fatal activation failure
      */
-    return 1;
+    return ok >= 0;
 }
 
 static int provider_conf_init(CONF_IMODULE *md, const CONF *cnf)
@@ -301,7 +375,7 @@ static int provider_conf_init(CONF_IMODULE *md, const CONF *cnf)
     for (i = 0; i < sk_CONF_VALUE_num(elist); i++) {
         cval = sk_CONF_VALUE_value(elist, i);
         if (!provider_conf_load(NCONF_get0_libctx((CONF *)cnf),
-                    cval->name, cval->value, cnf))
+                                cval->name, cval->value, cnf))
             return 0;
     }
 

libs/openssl/crypto/provider_core.c

@@ -970,44 +970,46 @@ static int provider_init(OSSL_PROVIDER *prov)
     prov->provctx = tmp_provctx;
     prov->dispatch = provider_dispatch;
 
-    for (; provider_dispatch->function_id != 0; provider_dispatch++) {
-        switch (provider_dispatch->function_id) {
-        case OSSL_FUNC_PROVIDER_TEARDOWN:
-            prov->teardown =
-                OSSL_FUNC_provider_teardown(provider_dispatch);
-            break;
-        case OSSL_FUNC_PROVIDER_GETTABLE_PARAMS:
-            prov->gettable_params =
-                OSSL_FUNC_provider_gettable_params(provider_dispatch);
-            break;
-        case OSSL_FUNC_PROVIDER_GET_PARAMS:
-            prov->get_params =
-                OSSL_FUNC_provider_get_params(provider_dispatch);
-            break;
-        case OSSL_FUNC_PROVIDER_SELF_TEST:
-            prov->self_test =
-                OSSL_FUNC_provider_self_test(provider_dispatch);
-            break;
-        case OSSL_FUNC_PROVIDER_GET_CAPABILITIES:
-            prov->get_capabilities =
-                OSSL_FUNC_provider_get_capabilities(provider_dispatch);
-            break;
-        case OSSL_FUNC_PROVIDER_QUERY_OPERATION:
-            prov->query_operation =
-                OSSL_FUNC_provider_query_operation(provider_dispatch);
-            break;
-        case OSSL_FUNC_PROVIDER_UNQUERY_OPERATION:
-            prov->unquery_operation =
-                OSSL_FUNC_provider_unquery_operation(provider_dispatch);
-            break;
+    if (provider_dispatch != NULL) {
+        for (; provider_dispatch->function_id != 0; provider_dispatch++) {
+            switch (provider_dispatch->function_id) {
+            case OSSL_FUNC_PROVIDER_TEARDOWN:
+                prov->teardown =
+                    OSSL_FUNC_provider_teardown(provider_dispatch);
+                break;
+            case OSSL_FUNC_PROVIDER_GETTABLE_PARAMS:
+                prov->gettable_params =
+                    OSSL_FUNC_provider_gettable_params(provider_dispatch);
+                break;
+            case OSSL_FUNC_PROVIDER_GET_PARAMS:
+                prov->get_params =
+                    OSSL_FUNC_provider_get_params(provider_dispatch);
+                break;
+            case OSSL_FUNC_PROVIDER_SELF_TEST:
+                prov->self_test =
+                    OSSL_FUNC_provider_self_test(provider_dispatch);
+                break;
+            case OSSL_FUNC_PROVIDER_GET_CAPABILITIES:
+                prov->get_capabilities =
+                    OSSL_FUNC_provider_get_capabilities(provider_dispatch);
+                break;
+            case OSSL_FUNC_PROVIDER_QUERY_OPERATION:
+                prov->query_operation =
+                    OSSL_FUNC_provider_query_operation(provider_dispatch);
+                break;
+            case OSSL_FUNC_PROVIDER_UNQUERY_OPERATION:
+                prov->unquery_operation =
+                    OSSL_FUNC_provider_unquery_operation(provider_dispatch);
+                break;
 #ifndef OPENSSL_NO_ERR
 # ifndef FIPS_MODULE
-        case OSSL_FUNC_PROVIDER_GET_REASON_STRINGS:
-            p_get_reason_strings =
-                OSSL_FUNC_provider_get_reason_strings(provider_dispatch);
-            break;
+            case OSSL_FUNC_PROVIDER_GET_REASON_STRINGS:
+                p_get_reason_strings =
+                    OSSL_FUNC_provider_get_reason_strings(provider_dispatch);
+                break;
 # endif
 #endif
+            }
         }
     }
 

libs/openssl/crypto/rsa/rsa_lib.c

@@ -1001,6 +1001,10 @@ int EVP_PKEY_CTX_set_rsa_pss_keygen_md_name(EVP_PKEY_CTX *ctx,
  */
 int EVP_PKEY_CTX_set_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD *md)
 {
+    /* If key type not RSA return error */
+    if (!EVP_PKEY_CTX_is_a(ctx, "RSA"))
+        return -1;
+
     return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT,
                              EVP_PKEY_CTRL_RSA_OAEP_MD, 0, (void *)(md));
 }
@@ -1028,6 +1032,10 @@ int EVP_PKEY_CTX_get_rsa_oaep_md_name(EVP_PKEY_CTX *ctx, char *name,
  */
 int EVP_PKEY_CTX_get_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD **md)
 {
+    /* If key type not RSA return error */
+    if (!EVP_PKEY_CTX_is_a(ctx, "RSA"))
+        return -1;
+
     return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT,
                              EVP_PKEY_CTRL_GET_RSA_OAEP_MD, 0, (void *)md);
 }

libs/openssl/crypto/rsa/rsa_sp800_56b_check.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2018-2024 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2018-2019, Oracle and/or its affiliates.  All rights reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -289,6 +289,11 @@ int ossl_rsa_sp800_56b_check_public(const RSA *rsa)
         return 0;
 
     nbits = BN_num_bits(rsa->n);
+    if (nbits > OPENSSL_RSA_MAX_MODULUS_BITS) {
+        ERR_raise(ERR_LIB_RSA, RSA_R_MODULUS_TOO_LARGE);
+        return 0;
+    }
+
 #ifdef FIPS_MODULE
     /*
      * (Step a): modulus must be 2048 or 3072 (caveat from SP800-56Br1)
@@ -324,7 +329,8 @@ int ossl_rsa_sp800_56b_check_public(const RSA *rsa)
         goto err;
     }
 
-    ret = ossl_bn_miller_rabin_is_prime(rsa->n, 0, ctx, NULL, 1, &status);
+    /* Highest number of MR rounds from FIPS 186-5 Section B.3 Table B.1 */
+    ret = ossl_bn_miller_rabin_is_prime(rsa->n, 5, ctx, NULL, 1, &status);
 #ifdef FIPS_MODULE
     if (ret != 1 || status != BN_PRIMETEST_COMPOSITE_NOT_POWER_OF_PRIME) {
 #else

libs/openssl/crypto/x509/by_file.c

@@ -128,6 +128,17 @@ int X509_load_cert_file_ex(X509_LOOKUP *ctx, const char *file, int type,
                 count = 0;
                 goto err;
             }
+            /*
+             * X509_STORE_add_cert() added a reference rather than a copy,
+             * so we need a fresh X509 object.
+             */
+            X509_free(x);
+            x = X509_new_ex(libctx, propq);
+            if (x == NULL) {
+                ERR_raise(ERR_LIB_X509, ERR_R_ASN1_LIB);
+                count = 0;
+                goto err;
+            }
             count++;
         }
     } else if (type == X509_FILETYPE_ASN1) {

libs/openssl/crypto/x509/v3_addr.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -984,6 +984,10 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method,
          * the other input values.
          */
         if (safi != NULL) {
+            if (val->value == NULL) {
+                ERR_raise(ERR_LIB_X509V3, X509V3_R_MISSING_VALUE);
+                goto err;
+            }
             *safi = strtoul(val->value, &t, 0);
             t += strspn(t, " \t");
             if (*safi > 0xFF || *t++ != ':') {

libs/openssl/crypto/x509/v3_asid.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -169,8 +169,11 @@ int X509v3_asid_add_inherit(ASIdentifiers *asid, int which)
     if (*choice == NULL) {
         if ((*choice = ASIdentifierChoice_new()) == NULL)
             return 0;
-        if (((*choice)->u.inherit = ASN1_NULL_new()) == NULL)
+        if (((*choice)->u.inherit = ASN1_NULL_new()) == NULL) {
+            ASIdentifierChoice_free(*choice);
+            *choice = NULL;
             return 0;
+        }
         (*choice)->type = ASIdentifierChoice_inherit;
     }
     return (*choice)->type == ASIdentifierChoice_inherit;
@@ -196,18 +199,23 @@ int X509v3_asid_add_id_or_range(ASIdentifiers *asid,
     default:
         return 0;
     }
-    if (*choice != NULL && (*choice)->type == ASIdentifierChoice_inherit)
+    if (*choice != NULL && (*choice)->type != ASIdentifierChoice_asIdsOrRanges)
         return 0;
     if (*choice == NULL) {
         if ((*choice = ASIdentifierChoice_new()) == NULL)
             return 0;
         (*choice)->u.asIdsOrRanges = sk_ASIdOrRange_new(ASIdOrRange_cmp);
-        if ((*choice)->u.asIdsOrRanges == NULL)
+        if ((*choice)->u.asIdsOrRanges == NULL) {
+            ASIdentifierChoice_free(*choice);
+            *choice = NULL;
             return 0;
+        }
         (*choice)->type = ASIdentifierChoice_asIdsOrRanges;
     }
     if ((aor = ASIdOrRange_new()) == NULL)
         return 0;
+    if (!sk_ASIdOrRange_reserve((*choice)->u.asIdsOrRanges, 1))
+        goto err;
     if (max == NULL) {
         aor->type = ASIdOrRange_id;
         aor->u.id = min;
@@ -220,7 +228,8 @@ int X509v3_asid_add_id_or_range(ASIdentifiers *asid,
         ASN1_INTEGER_free(aor->u.range->max);
         aor->u.range->max = max;
     }
-    if (!(sk_ASIdOrRange_push((*choice)->u.asIdsOrRanges, aor)))
+    /* Cannot fail due to the reservation above */
+    if (!ossl_assert(sk_ASIdOrRange_push((*choice)->u.asIdsOrRanges, aor)))
         goto err;
     return 1;
 
@@ -536,6 +545,11 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method,
             goto err;
         }
 
+        if (val->value == NULL) {
+            ERR_raise(ERR_LIB_X509V3, X509V3_R_EXTENSION_VALUE_ERROR);
+            goto err;
+        }
+
         /*
          * Handle inheritance.
          */

libs/openssl/crypto/x509/v3_crld.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -70,6 +70,11 @@ static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx,
     STACK_OF(GENERAL_NAME) *fnm = NULL;
     STACK_OF(X509_NAME_ENTRY) *rnm = NULL;
 
+    if (cnf->value == NULL) {
+        ERR_raise(ERR_LIB_X509V3, X509V3_R_MISSING_VALUE);
+        goto err;
+    }
+
     if (HAS_PREFIX(cnf->name, "fullname")) {
         fnm = gnames_from_sectname(ctx, cnf->value);
         if (!fnm)

libs/openssl/crypto/x509/v3_ist.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -50,25 +50,33 @@ static ISSUER_SIGN_TOOL *v2i_issuer_sign_tool(X509V3_EXT_METHOD *method, X509V3_
         }
         if (strcmp(cnf->name, "signTool") == 0) {
             ist->signTool = ASN1_UTF8STRING_new();
-            if (ist->signTool == NULL || !ASN1_STRING_set(ist->signTool, cnf->value, strlen(cnf->value))) {
+            if (ist->signTool == NULL
+                || cnf->value == NULL
+                || !ASN1_STRING_set(ist->signTool, cnf->value, strlen(cnf->value))) {
                 ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
                 goto err;
             }
         } else if (strcmp(cnf->name, "cATool") == 0) {
             ist->cATool = ASN1_UTF8STRING_new();
-            if (ist->cATool == NULL || !ASN1_STRING_set(ist->cATool, cnf->value, strlen(cnf->value))) {
+            if (ist->cATool == NULL
+                || cnf->value == NULL
+                || !ASN1_STRING_set(ist->cATool, cnf->value, strlen(cnf->value))) {
                 ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
                 goto err;
             }
         } else if (strcmp(cnf->name, "signToolCert") == 0) {
             ist->signToolCert = ASN1_UTF8STRING_new();
-            if (ist->signToolCert == NULL || !ASN1_STRING_set(ist->signToolCert, cnf->value, strlen(cnf->value))) {
+            if (ist->signToolCert == NULL
+                || cnf->value == NULL
+                || !ASN1_STRING_set(ist->signToolCert, cnf->value, strlen(cnf->value))) {
                 ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
                 goto err;
             }
         } else if (strcmp(cnf->name, "cAToolCert") == 0) {
             ist->cAToolCert = ASN1_UTF8STRING_new();
-            if (ist->cAToolCert == NULL || !ASN1_STRING_set(ist->cAToolCert, cnf->value, strlen(cnf->value))) {
+            if (ist->cAToolCert == NULL
+                || cnf->value == NULL
+                || !ASN1_STRING_set(ist->cAToolCert, cnf->value, strlen(cnf->value))) {
                 ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
                 goto err;
             }

libs/openssl/crypto/x509/v3_san.c

@@ -581,6 +581,8 @@ GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
         if ((gen->d.ia5 = ASN1_IA5STRING_new()) == NULL ||
             !ASN1_STRING_set(gen->d.ia5, (unsigned char *)value,
                              strlen(value))) {
+            ASN1_IA5STRING_free(gen->d.ia5);
+            gen->d.ia5 = NULL;
             ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
             goto err;
         }
@@ -651,16 +653,21 @@ static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx)
      */
     ASN1_TYPE_free(gen->d.otherName->value);
     if ((gen->d.otherName->value = ASN1_generate_v3(p + 1, ctx)) == NULL)
-        return 0;
+        goto err;
     objlen = p - value;
     objtmp = OPENSSL_strndup(value, objlen);
     if (objtmp == NULL)
-        return 0;
+        goto err;
     gen->d.otherName->type_id = OBJ_txt2obj(objtmp, 0);
     OPENSSL_free(objtmp);
     if (!gen->d.otherName->type_id)
-        return 0;
+        goto err;
     return 1;
+
+ err:
+    OTHERNAME_free(gen->d.otherName);
+    gen->d.otherName = NULL;
+    return 0;
 }
 
 static int do_dirname(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx)

libs/openssl/crypto/x509/v3_sxnet.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -103,8 +103,10 @@ static SXNET *sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
     int i;
     for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
         cnf = sk_CONF_VALUE_value(nval, i);
-        if (!SXNET_add_id_asc(&sx, cnf->name, cnf->value, -1))
+        if (!SXNET_add_id_asc(&sx, cnf->name, cnf->value, -1)) {
+            SXNET_free(sx);
             return NULL;
+	}
     }
     return sx;
 }
@@ -123,7 +125,11 @@ int SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user, int userle
         ERR_raise(ERR_LIB_X509V3, X509V3_R_ERROR_CONVERTING_ZONE);
         return 0;
     }
-    return SXNET_add_id_INTEGER(psx, izone, user, userlen);
+    if (!SXNET_add_id_INTEGER(psx, izone, user, userlen)) {
+        ASN1_INTEGER_free(izone);
+        return 0;
+    }
+    return 1;
 }
 
 /* Add an id given the zone as an unsigned long */
@@ -139,8 +145,11 @@ int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user,
         ASN1_INTEGER_free(izone);
         return 0;
     }
-    return SXNET_add_id_INTEGER(psx, izone, user, userlen);
-
+    if (!SXNET_add_id_INTEGER(psx, izone, user, userlen)) {
+        ASN1_INTEGER_free(izone);
+        return 0;
+    }
+    return 1;
 }
 
 /*
@@ -195,6 +204,7 @@ int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, const char *user,
         ERR_raise(ERR_LIB_X509V3, ERR_R_CRYPTO_LIB);
         goto err;
     }
+    ASN1_INTEGER_free(id->zone);
     id->zone = zone;
     *psx = sx;
     return 1;

libs/openssl/crypto/x509/x509_att.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -79,8 +79,8 @@ X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc)
     return sk_X509_ATTRIBUTE_delete(x, loc);
 }
 
-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
-                                           X509_ATTRIBUTE *attr)
+STACK_OF(X509_ATTRIBUTE) *ossl_x509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
+                                                X509_ATTRIBUTE *attr)
 {
     X509_ATTRIBUTE *new_attr = NULL;
     STACK_OF(X509_ATTRIBUTE) *sk = NULL;
@@ -89,10 +89,6 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
         ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
         return NULL;
     }
-    if (*x != NULL && X509at_get_attr_by_OBJ(*x, attr->object, -1) != -1) {
-        ERR_raise(ERR_LIB_X509, X509_R_DUPLICATE_ATTRIBUTE);
-        return NULL;
-    }
 
     if (*x == NULL) {
         if ((sk = sk_X509_ATTRIBUTE_new_null()) == NULL) {
@@ -119,19 +115,68 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
     return NULL;
 }
 
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
+                                           X509_ATTRIBUTE *attr)
+{
+    if (x == NULL || attr == NULL) {
+        ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+    if (*x != NULL && X509at_get_attr_by_OBJ(*x, attr->object, -1) != -1) {
+        ERR_raise(ERR_LIB_X509, X509_R_DUPLICATE_ATTRIBUTE);
+        return NULL;
+    }
+
+    return ossl_x509at_add1_attr(x, attr);
+}
+
+STACK_OF(X509_ATTRIBUTE) *ossl_x509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x,
+                                                       const ASN1_OBJECT *obj,
+                                                       int type,
+                                                       const unsigned char *bytes,
+                                                       int len)
+{
+    X509_ATTRIBUTE *attr;
+    STACK_OF(X509_ATTRIBUTE) *ret;
+
+    attr = X509_ATTRIBUTE_create_by_OBJ(NULL, obj, type, bytes, len);
+    if (attr == NULL)
+        return 0;
+    ret = ossl_x509at_add1_attr(x, attr);
+    X509_ATTRIBUTE_free(attr);
+    return ret;
+}
+
 STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE)
                                                   **x, const ASN1_OBJECT *obj,
                                                   int type,
                                                   const unsigned char *bytes,
                                                   int len)
+{
+    if (x == NULL || obj == NULL) {
+        ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+    if (*x != NULL && X509at_get_attr_by_OBJ(*x, obj, -1) != -1) {
+        ERR_raise(ERR_LIB_X509, X509_R_DUPLICATE_ATTRIBUTE);
+        return NULL;
+    }
+
+    return ossl_x509at_add1_attr_by_OBJ(x, obj, type, bytes, len);
+}
+
+STACK_OF(X509_ATTRIBUTE) *ossl_x509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x,
+                                                       int nid, int type,
+                                                       const unsigned char *bytes,
+                                                       int len)
 {
     X509_ATTRIBUTE *attr;
     STACK_OF(X509_ATTRIBUTE) *ret;
 
-    attr = X509_ATTRIBUTE_create_by_OBJ(NULL, obj, type, bytes, len);
+    attr = X509_ATTRIBUTE_create_by_NID(NULL, nid, type, bytes, len);
     if (attr == NULL)
         return 0;
-    ret = X509at_add1_attr(x, attr);
+    ret = ossl_x509at_add1_attr(x, attr);
     X509_ATTRIBUTE_free(attr);
     return ret;
 }
@@ -140,14 +185,32 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE)
                                                   **x, int nid, int type,
                                                   const unsigned char *bytes,
                                                   int len)
+{
+    if (x == NULL) {
+        ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+    if (*x != NULL && X509at_get_attr_by_NID(*x, nid, -1) != -1) {
+        ERR_raise(ERR_LIB_X509, X509_R_DUPLICATE_ATTRIBUTE);
+        return NULL;
+    }
+
+    return ossl_x509at_add1_attr_by_NID(x, nid, type, bytes, len);
+}
+
+STACK_OF(X509_ATTRIBUTE) *ossl_x509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,
+                                                       const char *attrname,
+                                                       int type,
+                                                       const unsigned char *bytes,
+                                                       int len)
 {
     X509_ATTRIBUTE *attr;
     STACK_OF(X509_ATTRIBUTE) *ret;
 
-    attr = X509_ATTRIBUTE_create_by_NID(NULL, nid, type, bytes, len);
+    attr = X509_ATTRIBUTE_create_by_txt(NULL, attrname, type, bytes, len);
     if (attr == NULL)
         return 0;
-    ret = X509at_add1_attr(x, attr);
+    ret = ossl_x509at_add1_attr(x, attr);
     X509_ATTRIBUTE_free(attr);
     return ret;
 }

libs/openssl/crypto/x509/x509_req.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -202,7 +202,7 @@ X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc)
 
     if (req == NULL) {
         ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
-        return 0;
+        return NULL;
     }
     attr = X509at_delete_attr(req->req_info.attributes, loc);
     if (attr != NULL)

libs/openssl/doc/build.info

@@ -855,6 +855,10 @@ DEPEND[html/man3/CMS_sign_receipt.html]=man3/CMS_sign_receipt.pod
 GENERATE[html/man3/CMS_sign_receipt.html]=man3/CMS_sign_receipt.pod
 DEPEND[man/man3/CMS_sign_receipt.3]=man3/CMS_sign_receipt.pod
 GENERATE[man/man3/CMS_sign_receipt.3]=man3/CMS_sign_receipt.pod
+DEPEND[html/man3/CMS_signed_get_attr.html]=man3/CMS_signed_get_attr.pod
+GENERATE[html/man3/CMS_signed_get_attr.html]=man3/CMS_signed_get_attr.pod
+DEPEND[man/man3/CMS_signed_get_attr.3]=man3/CMS_signed_get_attr.pod
+GENERATE[man/man3/CMS_signed_get_attr.3]=man3/CMS_signed_get_attr.pod
 DEPEND[html/man3/CMS_uncompress.html]=man3/CMS_uncompress.pod
 GENERATE[html/man3/CMS_uncompress.html]=man3/CMS_uncompress.pod
 DEPEND[man/man3/CMS_uncompress.3]=man3/CMS_uncompress.pod
@@ -1263,6 +1267,10 @@ DEPEND[html/man3/EVP_PKEY_fromdata.html]=man3/EVP_PKEY_fromdata.pod
 GENERATE[html/man3/EVP_PKEY_fromdata.html]=man3/EVP_PKEY_fromdata.pod
 DEPEND[man/man3/EVP_PKEY_fromdata.3]=man3/EVP_PKEY_fromdata.pod
 GENERATE[man/man3/EVP_PKEY_fromdata.3]=man3/EVP_PKEY_fromdata.pod
+DEPEND[html/man3/EVP_PKEY_get_attr.html]=man3/EVP_PKEY_get_attr.pod
+GENERATE[html/man3/EVP_PKEY_get_attr.html]=man3/EVP_PKEY_get_attr.pod
+DEPEND[man/man3/EVP_PKEY_get_attr.3]=man3/EVP_PKEY_get_attr.pod
+GENERATE[man/man3/EVP_PKEY_get_attr.3]=man3/EVP_PKEY_get_attr.pod
 DEPEND[html/man3/EVP_PKEY_get_default_digest_nid.html]=man3/EVP_PKEY_get_default_digest_nid.pod
 GENERATE[html/man3/EVP_PKEY_get_default_digest_nid.html]=man3/EVP_PKEY_get_default_digest_nid.pod
 DEPEND[man/man3/EVP_PKEY_get_default_digest_nid.3]=man3/EVP_PKEY_get_default_digest_nid.pod
@@ -2787,6 +2795,10 @@ DEPEND[html/man3/X509_ALGOR_dup.html]=man3/X509_ALGOR_dup.pod
 GENERATE[html/man3/X509_ALGOR_dup.html]=man3/X509_ALGOR_dup.pod
 DEPEND[man/man3/X509_ALGOR_dup.3]=man3/X509_ALGOR_dup.pod
 GENERATE[man/man3/X509_ALGOR_dup.3]=man3/X509_ALGOR_dup.pod
+DEPEND[html/man3/X509_ATTRIBUTE.html]=man3/X509_ATTRIBUTE.pod
+GENERATE[html/man3/X509_ATTRIBUTE.html]=man3/X509_ATTRIBUTE.pod
+DEPEND[man/man3/X509_ATTRIBUTE.3]=man3/X509_ATTRIBUTE.pod
+GENERATE[man/man3/X509_ATTRIBUTE.3]=man3/X509_ATTRIBUTE.pod
 DEPEND[html/man3/X509_CRL_get0_by_serial.html]=man3/X509_CRL_get0_by_serial.pod
 GENERATE[html/man3/X509_CRL_get0_by_serial.html]=man3/X509_CRL_get0_by_serial.pod
 DEPEND[man/man3/X509_CRL_get0_by_serial.3]=man3/X509_CRL_get0_by_serial.pod
@@ -2831,6 +2843,10 @@ DEPEND[html/man3/X509_PUBKEY_new.html]=man3/X509_PUBKEY_new.pod
 GENERATE[html/man3/X509_PUBKEY_new.html]=man3/X509_PUBKEY_new.pod
 DEPEND[man/man3/X509_PUBKEY_new.3]=man3/X509_PUBKEY_new.pod
 GENERATE[man/man3/X509_PUBKEY_new.3]=man3/X509_PUBKEY_new.pod
+DEPEND[html/man3/X509_REQ_get_attr.html]=man3/X509_REQ_get_attr.pod
+GENERATE[html/man3/X509_REQ_get_attr.html]=man3/X509_REQ_get_attr.pod
+DEPEND[man/man3/X509_REQ_get_attr.3]=man3/X509_REQ_get_attr.pod
+GENERATE[man/man3/X509_REQ_get_attr.3]=man3/X509_REQ_get_attr.pod
 DEPEND[html/man3/X509_REQ_get_extensions.html]=man3/X509_REQ_get_extensions.pod
 GENERATE[html/man3/X509_REQ_get_extensions.html]=man3/X509_REQ_get_extensions.pod
 DEPEND[man/man3/X509_REQ_get_extensions.3]=man3/X509_REQ_get_extensions.pod
@@ -3121,6 +3137,7 @@ html/man3/CMS_get0_type.html \
 html/man3/CMS_get1_ReceiptRequest.html \
 html/man3/CMS_sign.html \
 html/man3/CMS_sign_receipt.html \
+html/man3/CMS_signed_get_attr.html \
 html/man3/CMS_uncompress.html \
 html/man3/CMS_verify.html \
 html/man3/CMS_verify_receipt.html \
@@ -3223,6 +3240,7 @@ html/man3/EVP_PKEY_digestsign_supports_digest.html \
 html/man3/EVP_PKEY_encapsulate.html \
 html/man3/EVP_PKEY_encrypt.html \
 html/man3/EVP_PKEY_fromdata.html \
+html/man3/EVP_PKEY_get_attr.html \
 html/man3/EVP_PKEY_get_default_digest_nid.html \
 html/man3/EVP_PKEY_get_field_type.html \
 html/man3/EVP_PKEY_get_group_name.html \
@@ -3604,6 +3622,7 @@ html/man3/UI_new.html \
 html/man3/X509V3_get_d2i.html \
 html/man3/X509V3_set_ctx.html \
 html/man3/X509_ALGOR_dup.html \
+html/man3/X509_ATTRIBUTE.html \
 html/man3/X509_CRL_get0_by_serial.html \
 html/man3/X509_EXTENSION_set_object.html \
 html/man3/X509_LOOKUP.html \
@@ -3615,6 +3634,7 @@ html/man3/X509_NAME_get0_der.html \
 html/man3/X509_NAME_get_index_by_NID.html \
 html/man3/X509_NAME_print_ex.html \
 html/man3/X509_PUBKEY_new.html \
+html/man3/X509_REQ_get_attr.html \
 html/man3/X509_REQ_get_extensions.html \
 html/man3/X509_SIG_get0.html \
 html/man3/X509_STORE_CTX_get_by_subject.html \
@@ -3760,6 +3780,7 @@ man/man3/CMS_get0_type.3 \
 man/man3/CMS_get1_ReceiptRequest.3 \
 man/man3/CMS_sign.3 \
 man/man3/CMS_sign_receipt.3 \
+man/man3/CMS_signed_get_attr.3 \
 man/man3/CMS_uncompress.3 \
 man/man3/CMS_verify.3 \
 man/man3/CMS_verify_receipt.3 \
@@ -3862,6 +3883,7 @@ man/man3/EVP_PKEY_digestsign_supports_digest.3 \
 man/man3/EVP_PKEY_encapsulate.3 \
 man/man3/EVP_PKEY_encrypt.3 \
 man/man3/EVP_PKEY_fromdata.3 \
+man/man3/EVP_PKEY_get_attr.3 \
 man/man3/EVP_PKEY_get_default_digest_nid.3 \
 man/man3/EVP_PKEY_get_field_type.3 \
 man/man3/EVP_PKEY_get_group_name.3 \
@@ -4243,6 +4265,7 @@ man/man3/UI_new.3 \
 man/man3/X509V3_get_d2i.3 \
 man/man3/X509V3_set_ctx.3 \
 man/man3/X509_ALGOR_dup.3 \
+man/man3/X509_ATTRIBUTE.3 \
 man/man3/X509_CRL_get0_by_serial.3 \
 man/man3/X509_EXTENSION_set_object.3 \
 man/man3/X509_LOOKUP.3 \
@@ -4254,6 +4277,7 @@ man/man3/X509_NAME_get0_der.3 \
 man/man3/X509_NAME_get_index_by_NID.3 \
 man/man3/X509_NAME_print_ex.3 \
 man/man3/X509_PUBKEY_new.3 \
+man/man3/X509_REQ_get_attr.3 \
 man/man3/X509_REQ_get_extensions.3 \
 man/man3/X509_SIG_get0.3 \
 man/man3/X509_STORE_CTX_get_by_subject.3 \

libs/openssl/doc/designs/ddd/ddd-02-conn-nonblocking-threads.c

@@ -119,6 +119,7 @@ APP_CONN *new_conn(SSL_CTX *ctx, const char *hostname)
     if (SSL_set_alpn_protos(ssl, alpn, sizeof(alpn))) {
         /* Note: SSL_set_alpn_protos returns 1 for failure. */
         BIO_free_all(out);
+        free(conn);
         return NULL;
     }
 #endif

libs/openssl/doc/man1/openssl-pkeyutl.pod.in

@@ -237,12 +237,12 @@ This sets the RSA padding mode. Acceptable values for I<mode> are B<pkcs1> for
 PKCS#1 padding, B<none> for no padding, B<oaep>
 for B<OAEP> mode, B<x931> for X9.31 mode and B<pss> for PSS.
 
-In PKCS#1 padding if the message digest is not set then the supplied data is
+In PKCS#1 padding, if the message digest is not set, then the supplied data is
 signed or verified directly instead of using a B<DigestInfo> structure. If a
-digest is set then the a B<DigestInfo> structure is used and its the length
+digest is set, then the B<DigestInfo> structure is used and its length
 must correspond to the digest type.
 
-Note, for B<pkcs1> padding, as a protection against Bleichenbacher attack,
+Note, for B<pkcs1> padding, as a protection against the Bleichenbacher attack,
 the decryption will not fail in case of padding check failures. Use B<none>
 and manual inspection of the decrypted message to verify if the decrypted
 value has correct PKCS#1 v1.5 padding.

libs/openssl/doc/man1/openssl-req.pod.in

@@ -289,7 +289,7 @@ It is implied by the B<-CA> option.
 This option implies the B<-new> flag if B<-in> is not given.
 
 If an existing request is specified with the B<-in> option, it is converted
-to the a certificate; otherwise a request is created from scratch.
+to a certificate; otherwise a request is created from scratch.
 
 Unless specified using the B<-set_serial> option,
 a large random number will be used for the serial number.

libs/openssl/doc/man1/openssl-s_client.pod.in

@@ -629,7 +629,11 @@ Disables support for receiving TLSv1.3 compressed certificate.
 Enables support for SSL/TLS compression.
 This option was introduced in OpenSSL 1.1.0.
 TLS compression is not recommended and is off by default as of
-OpenSSL 1.1.0.
+OpenSSL 1.1.0. TLS compression can only be used in security level 1 or
+lower. From OpenSSL 3.2.0 and above the default security level is 2, so this
+option will have no effect without also changing the security level. Use the
+B<-cipher> option to change the security level. See L<openssl-ciphers(1)> for
+more information.
 
 =item B<-no_comp>
 

libs/openssl/doc/man1/openssl-s_server.pod.in

@@ -626,10 +626,14 @@ OpenSSL 1.1.0.
 
 =item B<-comp>
 
-Enable negotiation of TLS compression.
+Enables support for SSL/TLS compression.
 This option was introduced in OpenSSL 1.1.0.
 TLS compression is not recommended and is off by default as of
-OpenSSL 1.1.0.
+OpenSSL 1.1.0. TLS compression can only be used in security level 1 or
+lower. From OpenSSL 3.2.0 and above the default security level is 2, so this
+option will have no effect without also changing the security level. Use the
+B<-cipher> option to change the security level. See L<openssl-ciphers(1)> for
+more information.
 
 =item B<-no_ticket>
 

libs/openssl/doc/man3/BIO_f_md.pod

@@ -19,7 +19,7 @@ BIO_f_md, BIO_set_md, BIO_get_md, BIO_get_md_ctx - message digest BIO filter
 =head1 DESCRIPTION
 
 BIO_f_md() returns the message digest BIO method. This is a filter
-BIO that digests any data passed through it, it is a BIO wrapper
+BIO that digests any data passed through it.  It is a BIO wrapper
 for the digest routines EVP_DigestInit(), EVP_DigestUpdate()
 and EVP_DigestFinal().
 
@@ -36,8 +36,8 @@ BIO_set_md() sets the message digest of BIO B<b> to B<md>: this
 must be called to initialize a digest BIO before any data is
 passed through it. It is a BIO_ctrl() macro.
 
-BIO_get_md() places the a pointer to the digest BIOs digest method
-in B<mdp>, it is a BIO_ctrl() macro.
+BIO_get_md() places a pointer to the digest BIOs digest method
+in B<mdp>.  It is a BIO_ctrl() macro.
 
 BIO_get_md_ctx() returns the digest BIOs context into B<mdcp>.
 

libs/openssl/doc/man3/CMS_signed_get_attr.pod

@@ -0,0 +1,214 @@
+=pod
+
+=head1 NAME
+
+CMS_signed_get_attr_count,
+CMS_signed_get_attr_by_NID, CMS_signed_get_attr_by_OBJ, CMS_signed_get_attr,
+CMS_signed_delete_attr,
+CMS_signed_add1_attr, CMS_signed_add1_attr_by_OBJ,
+CMS_signed_add1_attr_by_NID, CMS_signed_add1_attr_by_txt,
+CMS_signed_get0_data_by_OBJ,
+CMS_unsigned_get_attr_count,
+CMS_unsigned_get_attr_by_NID, CMS_unsigned_get_attr_by_OBJ,
+CMS_unsigned_get_attr, CMS_unsigned_delete_attr,
+CMS_unsigned_add1_attr, CMS_unsigned_add1_attr_by_OBJ,
+CMS_unsigned_add1_attr_by_NID, CMS_unsigned_add1_attr_by_txt,
+CMS_unsigned_get0_data_by_OBJ
+- CMS signed and unsigned attribute functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/cms.h>
+
+ int CMS_signed_get_attr_count(const CMS_SignerInfo *si);
+ int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
+                                int lastpos);
+ int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, const ASN1_OBJECT *obj,
+                                int lastpos);
+ X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc);
+ X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc);
+ int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
+ int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si,
+                                 const ASN1_OBJECT *obj, int type,
+                                 const void *bytes, int len);
+ int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si,
+                                 int nid, int type,
+                                 const void *bytes, int len);
+ int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si,
+                                 const char *attrname, int type,
+                                 const void *bytes, int len);
+ void *CMS_signed_get0_data_by_OBJ(const CMS_SignerInfo *si,
+                                   const ASN1_OBJECT *oid,
+                                   int lastpos, int type);
+
+ int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si);
+ int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
+                                  int lastpos);
+ int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si,
+                                  const ASN1_OBJECT *obj, int lastpos);
+ X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc);
+ X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc);
+ int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
+ int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si,
+                                   const ASN1_OBJECT *obj, int type,
+                                   const void *bytes, int len);
+ int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si,
+                                   int nid, int type,
+                                   const void *bytes, int len);
+ int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si,
+                                   const char *attrname, int type,
+                                   const void *bytes, int len);
+ void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
+                                     int lastpos, int type);
+
+=head1 DESCRIPTION
+
+CMS_signerInfo contains separate attribute lists for signed and unsigned
+attributes. Each CMS_signed_XXX() function is used for signed attributes, and
+each CMS_unsigned_XXX() function is used for unsigned attributes.
+Since the CMS_unsigned_XXX() functions work in the same way as the
+CMS_signed_XXX() equivalents, only the CMS_signed_XXX() functions are
+described below.
+
+CMS_signed_get_attr_by_OBJ() finds the location of the first matching object
+I<obj> in the SignerInfo's I<si> signed attribute list. The search starts at the
+position after I<lastpos>. If the returned value is positive then it can be used
+on the next call to CMS_signed_get_attr_by_OBJ() as the value of I<lastpos> in
+order to iterate through the remaining attributes. I<lastpos> can be set to any
+negative value on the first call, in order to start searching from the start of
+the signed attribute list.
+
+CMS_signed_get_attr_by_NID() is similar to CMS_signed_get_attr_by_OBJ() except
+that it passes the numerical identifier (NID) I<nid> associated with the object.
+See <openssl/obj_mac.h> for a list of NID_*.
+
+CMS_signed_get_attr() returns the B<X509_ATTRIBUTE> object at index I<loc> in the
+I<si> signed attribute list. I<loc> should be in the range from 0 to
+CMS_signed_get_attr_count() - 1.
+
+CMS_signed_delete_attr() removes the B<X509_ATTRIBUTE> object at index I<loc> in
+the I<si> signed attribute list. An error occurs if the I<si> attribute list
+is NULL.
+
+CMS_signed_add1_attr() pushes a copy of the passed in B<X509_ATTRIBUTE> object
+to the I<si> signed attribute list. A new signed attribute list is created if
+required. An error occurs if I<attr> is NULL.
+
+CMS_signed_add1_attr_by_OBJ() creates a new signed B<X509_ATTRIBUTE> using
+X509_ATTRIBUTE_set1_object() and X509_ATTRIBUTE_set1_data() to assign a new
+I<obj> with type I<type> and data I<bytes> of length I<len> and then pushes it
+to the I<key> object's attribute list.
+
+CMS_signed_add1_attr_by_NID() is similar to CMS_signed_add1_attr_by_OBJ() except
+that it passes the numerical identifier (NID) I<nid> associated with the object.
+See <openssl/obj_mac.h> for a list of NID_*.
+
+CMS_signed_add1_attr_by_txt() is similar to CMS_signed_add1_attr_by_OBJ()
+except that it passes a name I<attrname> associated with the object.
+See <openssl/obj_mac.h> for a list of SN_* names.
+
+CMS_signed_get0_data_by_OBJ() finds the first attribute in a I<si> signed
+attributes list that matches the I<obj> starting at index I<lastpos>
+and returns the data retrieved from the found attributes first B<ASN1_TYPE>
+object. An error will occur if the attribute type I<type> does not match the
+type of the B<ASN1_TYPE> object OR if I<type> is either B<V_ASN1_BOOLEAN> or
+B<V_ASN1_NULL> OR the attribute is not found.
+If I<lastpos> is less than -1 then an error will occur if there are multiple
+objects in the signed attribute list that match I<obj>.
+If I<lastpos> is less than -2 then an error will occur if there is more than
+one B<ASN1_TYPE> object in the found signed attribute.
+
+Refer to L<X509_ATTRIBUTE(3)> for information related to attributes.
+
+=head1 RETURN VALUES
+
+The CMS_unsigned_XXX() functions return values are similar to those of the
+equivalent CMS_signed_XXX() functions.
+
+CMS_signed_get_attr_count() returns the number of signed attributes in the
+SignerInfo I<si>, or -1 if the signed attribute list is NULL.
+
+CMS_signed_get_attr_by_OBJ() returns -1 if either the signed attribute list of
+I<si> is empty OR if I<obj> is not found, otherwise it returns the location of
+the I<obj> in the SignerInfo's I<si> signed attribute list.
+
+CMS_signed_get_attr_by_NID() is similar to CMS_signed_get_attr_by_OBJ() except
+that it returns -2 if the I<nid> is not known by OpenSSL.
+
+CMS_signed_get_attr() returns either a signed B<X509_ATTRIBUTE> or NULL on error.
+
+CMS_signed_delete_attr() returns either the removed signed B<X509_ATTRIBUTE> or
+NULL if there is a error.
+
+CMS_signed_add1_attr(), CMS_signed_add1_attr_by_OBJ(),
+CMS_signed_add1_attr_by_NID(), CMS_signed_add1_attr_by_txt(),
+return 1 on success or 0 on error.
+
+CMS_signed_get0_data_by_OBJ() returns the data retrieved from the found
+signed attributes first B<ASN1_TYPE> object, or NULL if an error occurs.
+
+=head1 NOTES
+
+Some attributes are added automatically during the signing process.
+
+Calling CMS_SignerInfo_sign() adds the NID_pkcs9_signingTime signed
+attribute.
+
+Calling CMS_final(), CMS_final_digest() or CMS_dataFinal() adds the
+NID_pkcs9_messageDigest signed attribute.
+
+The NID_pkcs9_contentType signed attribute is always added if the
+NID_pkcs9_signingTime attribute is added.
+
+Calling CMS_sign_ex(), CMS_sign_receipt() or CMS_add1_signer() may add
+attributes depending on the flags parameter. See L<CMS_add1_signer(3)> for
+more information.
+
+OpenSSL applies special rules for the following attribute NIDs:
+
+=over 4
+
+=item CMS Signed Attributes
+
+NID_pkcs9_contentType
+NID_pkcs9_messageDigest
+NID_pkcs9_signingTime
+
+=item ESS Signed Attributes
+
+NID_id_smime_aa_signingCertificate
+NID_id_smime_aa_signingCertificateV2
+NID_id_smime_aa_receiptRequest
+
+=item CMS Unsigned Attributes
+
+NID_pkcs9_countersignature
+
+=back
+
+CMS_signed_add1_attr(), CMS_signed_add1_attr_by_OBJ(),
+CMS_signed_add1_attr_by_NID(), CMS_signed_add1_attr_by_txt()
+and the equivalent CMS_unsigned_add1_attrXXX() functions allow
+duplicate attributes to be added. The attribute rules are not checked
+during these function calls, and are deferred until the sign or verify process
+(i.e. during calls to any of CMS_sign_ex(), CMS_sign(), CMS_sign_receipt(),
+CMS_add1_signer(), CMS_Final(), CMS_dataFinal(), CMS_final_digest(),
+CMS_verify(), CMS_verify_receipt() or CMS_SignedData_verify()).
+
+For CMS attribute rules see RFC 5652 Section 11.
+For ESS attribute rules see RFC 2634 Section 1.3.4 and RFC 5035 Section 5.4.
+
+=head1 SEE ALSO
+
+L<X509_ATTRIBUTE(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut

libs/openssl/doc/man3/COMP_CTX_new.pod

@@ -123,7 +123,8 @@ Zstandard may be found at L<https://github.com/facebook/zstd>.
 Compression of SSL/TLS records is not recommended, as it has been
 shown to lead to the CRIME attack L<https://en.wikipedia.org/wiki/CRIME>.
 It is disabled by default, and may be enabled by clearing the
-SSL_OP_NO_COMPRESSION options of the L<SSL_CTX_set_options(3)> or
+SSL_OP_NO_COMPRESSION option and setting the security level as appropriate.
+See the documentation for the L<SSL_CTX_set_options(3)> and
 L<SSL_set_options(3)> functions.
 
 Compression is also used to support certificate compression as described

libs/openssl/doc/man3/EVP_EncryptInit.pod

@@ -373,7 +373,12 @@ exists.
 =item EVP_EncryptUpdate()
 
 Encrypts I<inl> bytes from the buffer I<in> and writes the encrypted version to
-I<out>. This function can be called multiple times to encrypt successive blocks
+I<out>. The pointers I<out> and I<in> may point to the same location, in which
+case the encryption will be done in-place. If I<out> and I<in> point to different
+locations, the two buffers must be disjoint, otherwise the operation might fail
+or the outcome might be undefined.
+
+This function can be called multiple times to encrypt successive blocks
 of data. The amount of data written depends on the block alignment of the
 encrypted data.
 For most ciphers and modes, the amount of data written can be anything
@@ -382,10 +387,9 @@ For wrap cipher modes, the amount of data written can be anything
 from zero bytes to (inl + cipher_block_size) bytes.
 For stream ciphers, the amount of data written can be anything from zero
 bytes to inl bytes.
-Thus, I<out> should contain sufficient room for the operation being performed.
-The actual number of bytes written is placed in I<outl>. It also
-checks if I<in> and I<out> are partially overlapping, and if they are
-0 is returned to indicate failure.
+Thus, the buffer pointed to by I<out> must contain sufficient room for the
+operation being performed.
+The actual number of bytes written is placed in I<outl>.
 
 If padding is enabled (the default) then EVP_EncryptFinal_ex() encrypts
 the "final" data, that is any data that remains in a partial block.

libs/openssl/doc/man3/EVP_MAC.pod

@@ -145,6 +145,9 @@ the key.  If I<key> is NULL, the key must be set via I<params> either
 as part of this call or separately using EVP_MAC_CTX_set_params().
 Providing non-NULL I<params> to this function is equivalent to calling
 EVP_MAC_CTX_set_params() with those I<params> for the same I<ctx> beforehand.
+Note: There are additional requirements for some MAC algorithms during
+re-initalization (i.e. calling EVP_MAC_init() on an EVP_MAC after EVP_MAC_final()
+has been called on the same object).  See the NOTES section below.
 
 EVP_MAC_init() should be called before EVP_MAC_update() and EVP_MAC_final().
 
@@ -342,6 +345,13 @@ not be considered a breaking change to the API.
 The usage of the parameter names "custom", "iv" and "salt" correspond to
 the names used in the standard where the algorithm was defined.
 
+Some MAC algorithms store internal state that cannot be extracted during
+re-initalization.  For example GMAC cannot extract an B<IV> from the
+underlying CIPHER context, and so calling EVP_MAC_init() on an EVP_MAC object
+after EVP_MAC_final() has been called cannot reset its cipher state to what it
+was when the B<IV> was initially generated.  For such instances, an
+B<OSSL_MAC_PARAM_IV> parameter must be passed with each call to EVP_MAC_init().
+
 =head1 RETURN VALUES
 
 EVP_MAC_fetch() returns a pointer to a newly fetched B<EVP_MAC>, or
@@ -481,7 +491,7 @@ These functions were added in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2018-2024 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/EVP_PKEY_get_attr.pod

@@ -0,0 +1,113 @@
+=pod
+
+=head1 NAME
+
+EVP_PKEY_get_attr,
+EVP_PKEY_get_attr_count,
+EVP_PKEY_get_attr_by_NID, EVP_PKEY_get_attr_by_OBJ,
+EVP_PKEY_delete_attr,
+EVP_PKEY_add1_attr,
+EVP_PKEY_add1_attr_by_OBJ, EVP_PKEY_add1_attr_by_NID, EVP_PKEY_add1_attr_by_txt
+- EVP_PKEY B<X509_ATTRIBUTE> functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ int EVP_PKEY_get_attr_count(const EVP_PKEY *key);
+ int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, int lastpos);
+ int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, const ASN1_OBJECT *obj,
+                              int lastpos);
+ X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc);
+ X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc);
+ int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr);
+ int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key,
+                               const ASN1_OBJECT *obj, int type,
+                               const unsigned char *bytes, int len);
+ int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key,
+                               int nid, int type,
+                               const unsigned char *bytes, int len);
+ int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key,
+                               const char *attrname, int type,
+                               const unsigned char *bytes, int len);
+
+=head1 DESCRIPTION
+
+These functions are used by B<PKCS12>.
+
+EVP_PKEY_get_attr_by_OBJ() finds the location of the first matching object I<obj>
+in the I<key> attribute list. The search starts at the position after I<lastpos>.
+If the returned value is positive then it can be used on the next call to
+EVP_PKEY_get_attr_by_OBJ() as the value of I<lastpos> in order to iterate through
+the remaining attributes. I<lastpos> can be set to any negative value on the
+first call, in order to start searching from the start of the attribute list.
+
+EVP_PKEY_get_attr_by_NID() is similar to EVP_PKEY_get_attr_by_OBJ() except that
+it passes the numerical identifier (NID) I<nid> associated with the object.
+See <openssl/obj_mac.h> for a list of NID_*.
+
+EVP_PKEY_get_attr() returns the B<X509_ATTRIBUTE> object at index I<loc> in the
+I<key> attribute list. I<loc> should be in the range from 0 to
+EVP_PKEY_get_attr_count() - 1.
+
+EVP_PKEY_delete_attr() removes the B<X509_ATTRIBUTE> object at index I<loc> in
+the I<key> attribute list.
+
+EVP_PKEY_add1_attr() pushes a copy of the passed in B<X509_ATTRIBUTE> object
+to the I<key> attribute list. A new I<key> attribute list is created if required.
+An error occurs if either I<attr> is NULL, or the attribute already exists.
+
+EVP_PKEY_add1_attr_by_OBJ() creates a new B<X509_ATTRIBUTE> using
+X509_ATTRIBUTE_set1_object() and X509_ATTRIBUTE_set1_data() to assign a new
+I<obj> with type I<type> and data I<bytes> of length I<len> and then pushes it
+to the I<key> object's attribute list. If I<obj> already exists in the attribute
+list then an error occurs.
+
+EVP_PKEY_add1_attr_by_NID() is similar to EVP_PKEY_add1_attr_by_OBJ() except
+that it passes the numerical identifier (NID) I<nid> associated with the object.
+See <openssl/obj_mac.h> for a list of NID_*.
+
+EVP_PKEY_add1_attr_by_txt() is similar to EVP_PKEY_add1_attr_by_OBJ() except
+that it passes a name I<attrname> associated with the object.
+See <openssl/obj_mac.h> for a list of SN_* names.
+
+=head1 RETURN VALUES
+
+EVP_PKEY_get_attr_count() returns the number of attributes in the I<key> object
+attribute list or -1 if the attribute list is NULL.
+
+EVP_PKEY_get_attr_by_OBJ() returns -1 if either the list is empty OR the object
+is not found, otherwise it returns the location of the object in the list.
+
+EVP_PKEY_get_attr_by_NID() is similar to EVP_PKEY_get_attr_by_OBJ(), except that
+it returns -2 if the I<nid> is not known by OpenSSL.
+
+EVP_PKEY_get_attr() returns either a B<X509_ATTRIBUTE> or NULL if there is a
+error.
+
+EVP_PKEY_delete_attr() returns either the removed B<X509_ATTRIBUTE> or NULL if
+there is a error.
+
+EVP_PKEY_add1_attr(), EVP_PKEY_add1_attr_by_OBJ(), EVP_PKEY_add1_attr_by_NID()
+and EVP_PKEY_add1_attr_by_txt() return 1 on success or 0 otherwise.
+
+=head1 NOTES
+
+A B<EVP_PKEY> object's attribute list is initially NULL. All the above functions
+listed will return an error unless EVP_PKEY_add1_attr() is called.
+All functions listed assume that the I<key> is not NULL.
+
+=head1 SEE ALSO
+
+L<X509_ATTRIBUTE(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut

libs/openssl/doc/man3/OPENSSL_LH_COMPFUNC.pod

@@ -8,10 +8,12 @@ LHASH_DOALL_ARG_FN_TYPE,
 IMPLEMENT_LHASH_HASH_FN, IMPLEMENT_LHASH_COMP_FN,
 lh_TYPE_new, lh_TYPE_free, lh_TYPE_flush,
 lh_TYPE_insert, lh_TYPE_delete, lh_TYPE_retrieve,
-lh_TYPE_doall, lh_TYPE_doall_arg, lh_TYPE_error,
+lh_TYPE_doall, lh_TYPE_doall_arg, lh_TYPE_num_items, lh_TYPE_get_down_load,
+lh_TYPE_set_down_load, lh_TYPE_error,
 OPENSSL_LH_new, OPENSSL_LH_free,  OPENSSL_LH_flush,
 OPENSSL_LH_insert, OPENSSL_LH_delete, OPENSSL_LH_retrieve,
-OPENSSL_LH_doall, OPENSSL_LH_doall_arg, OPENSSL_LH_error
+OPENSSL_LH_doall, OPENSSL_LH_doall_arg, OPENSSL_LH_num_items,
+OPENSSL_LH_get_down_load, OPENSSL_LH_set_down_load, OPENSSL_LH_error
 - dynamic hash table
 
 =head1 SYNOPSIS
@@ -36,6 +38,10 @@ OPENSSL_LH_doall, OPENSSL_LH_doall_arg, OPENSSL_LH_error
  void lh_TYPE_doall_arg(LHASH_OF(TYPE) *table, OPENSSL_LH_DOALL_FUNCARG func,
                         TYPE *arg);
 
+ unsigned long lh_TYPE_num_items(OPENSSL_LHASH *lh);
+ unsigned long lh_TYPE_get_down_load(OPENSSL_LHASH *lh);
+ void lh_TYPE_set_down_load(OPENSSL_LHASH *lh, unsigned long dl);
+
  int lh_TYPE_error(LHASH_OF(TYPE) *table);
 
  typedef int (*OPENSSL_LH_COMPFUNC)(const void *, const void *);
@@ -54,8 +60,14 @@ OPENSSL_LH_doall, OPENSSL_LH_doall_arg, OPENSSL_LH_error
  void OPENSSL_LH_doall(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNC func);
  void OPENSSL_LH_doall_arg(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNCARG func, void *arg);
 
+ unsigned long OPENSSL_LH_num_items(OPENSSL_LHASH *lh);
+ unsigned long OPENSSL_LH_get_down_load(OPENSSL_LHASH *lh);
+ void OPENSSL_LH_set_down_load(OPENSSL_LHASH *lh, unsigned long dl);
+
  int OPENSSL_LH_error(OPENSSL_LHASH *lh);
 
+ #define LH_LOAD_MULT   /* integer constant */
+
 The following macro is deprecated:
 
  DEFINE_LHASH_OF(TYPE);
@@ -157,15 +169,6 @@ For example:
  /* Then the hash table itself can be deallocated */
  lh_TYPE_free(hashtable);
 
-When doing this, be careful if you delete entries from the hash table
-in your callbacks: the table may decrease in size, moving the item
-that you are currently on down lower in the hash table - this could
-cause some entries to be skipped during the iteration.  The second
-best solution to this problem is to set hash-E<gt>down_load=0 before
-you start (which will stop the hash table ever decreasing in size).
-The best solution is probably to avoid deleting items from the hash
-table inside a "doall" callback!
-
 B<lh_I<TYPE>_doall_arg>() is the same as B<lh_I<TYPE>_doall>() except that
 I<func> will be called with I<arg> as the second argument and I<func>
 should be of type B<LHASH_DOALL_ARG_FN>(B<I<TYPE>>) (a callback prototype
@@ -187,21 +190,47 @@ that is provided by the caller):
  lh_TYPE_doall_arg(hashtable, LHASH_DOALL_ARG_FN(TYPE_print), BIO,
                    logging_bio);
 
+Note that it is by default B<not> safe to use B<lh_I<TYPE>_delete>() inside a
+callback passed to B<lh_I<TYPE>_doall>() or B<lh_I<TYPE>_doall_arg>(). The
+reason for this is that deleting an item from the hash table may result in the
+hash table being contracted to a smaller size and rehashed.
+B<lh_I<TYPE>_doall>() and B<lh_I<TYPE>_doall_arg>() are unsafe and will exhibit
+undefined behaviour under these conditions, as these functions assume the hash
+table size and bucket pointers do not change during the call.
+
+If it is desired to use B<lh_I<TYPE>_doall>() or B<lh_I<TYPE>_doall_arg>() with
+B<lh_I<TYPE>_delete>(), it is essential that you call
+B<lh_I<TYPE>_set_down_load>() with a I<down_load> argument of 0 first. This
+disables hash table contraction and guarantees that it will be safe to delete
+items from a hash table during a call to B<lh_I<TYPE>_doall>() or
+B<lh_I<TYPE>_doall_arg>().
+
+It is never safe to call B<lh_I<TYPE>_insert>() during a call to
+B<lh_I<TYPE>_doall>() or B<lh_I<TYPE>_doall_arg>().
 
 B<lh_I<TYPE>_error>() can be used to determine if an error occurred in the last
 operation.
 
+B<lh_I<TYPE>_num_items>() returns the number of items in the hash table.
+
+B<lh_I<TYPE>_get_down_load>() and B<lh_I<TYPE>_set_down_load>() get and set the
+factor used to determine when the hash table is contracted. The factor is the
+load factor at or below which hash table contraction will occur, multiplied by
+B<LH_LOAD_MULT>, where the load factor is the number of items divided by the
+number of nodes. Setting this value to 0 disables hash table contraction.
+
 OPENSSL_LH_new() is the same as the B<lh_I<TYPE>_new>() except that it is not
 type specific. So instead of returning an B<LHASH_OF(I<TYPE>)> value it returns
 a B<void *>. In the same way the functions OPENSSL_LH_free(),
 OPENSSL_LH_flush(), OPENSSL_LH_insert(), OPENSSL_LH_delete(),
-OPENSSL_LH_retrieve(), OPENSSL_LH_doall(), OPENSSL_LH_doall_arg(), and
-OPENSSL_LH_error() are equivalent to the similarly named B<lh_I<TYPE>> functions
-except that they return or use a B<void *> where the equivalent B<lh_I<TYPE>>
-function returns or uses a B<I<TYPE> *> or B<LHASH_OF(I<TYPE>) *>. B<lh_I<TYPE>>
-functions are implemented as type checked wrappers around the B<OPENSSL_LH>
-functions. Most applications should not call the B<OPENSSL_LH> functions
-directly.
+OPENSSL_LH_retrieve(), OPENSSL_LH_doall(), OPENSSL_LH_doall_arg(),
+OPENSSL_LH_num_items(), OPENSSL_LH_get_down_load(), OPENSSL_LH_set_down_load()
+and OPENSSL_LH_error() are equivalent to the similarly named B<lh_I<TYPE>>
+functions except that they return or use a B<void *> where the equivalent
+B<lh_I<TYPE>> function returns or uses a B<I<TYPE> *> or B<LHASH_OF(I<TYPE>) *>.
+B<lh_I<TYPE>> functions are implemented as type checked wrappers around the
+B<OPENSSL_LH> functions. Most applications should not call the B<OPENSSL_LH>
+functions directly.
 
 =head1 RETURN VALUES
 

libs/openssl/doc/man3/OSSL_PARAM_int.pod

@@ -112,7 +112,7 @@ OSSL_PARAM_UNMODIFIED, OSSL_PARAM_modified, OSSL_PARAM_set_all_unmodified
 A collection of utility functions that simplify and add type safety to the
 L<OSSL_PARAM(3)> arrays.  The following B<I<TYPE>> names are supported:
 
-=over 1
+=over 2
 
 =item *
 

libs/openssl/doc/man3/PKCS12_create.pod

@@ -72,9 +72,15 @@ export grade software which could use signing only keys of arbitrary size but
 had restrictions on the permissible sizes of keys which could be used for
 encryption.
 
-If a certificate contains an I<alias> or I<keyid> then this will be
-used for the corresponding B<friendlyName> or B<localKeyID> in the
-PKCS12 structure.
+If I<name> is B<NULL> and I<cert> contains an I<alias> then this will be
+used for the corresponding B<friendlyName> in the PKCS12 structure instead.
+Similarly, if I<pkey> is NULL and I<cert> contains a I<keyid> then this will be
+used for the corresponding B<localKeyID> in the PKCS12 structure instead of the
+id calculated from the I<pkey>.
+
+For all certificates in I<ca> then if a certificate contains an I<alias> or
+I<keyid> then this will be used for the corresponding B<friendlyName> or
+B<localKeyID> in the PKCS12 structure.
 
 Either I<pkey>, I<cert> or both can be B<NULL> to indicate that no key or
 certificate is required. In previous versions both had to be present or
@@ -120,7 +126,7 @@ standards.
 
 =head1 COPYRIGHT
 
-Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2002-2024 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/SSL_CONF_cmd.pod

@@ -46,7 +46,10 @@ As of OpenSSL 1.1.0, compression is off by default.
 Enables support for SSL/TLS compression, same as clearing
 B<SSL_OP_NO_COMPRESSION>.
 This command was introduced in OpenSSL 1.1.0.
-As of OpenSSL 1.1.0, compression is off by default.
+As of OpenSSL 1.1.0, compression is off by default. TLS compression can only be
+used in security level 1 or lower. From OpenSSL 3.2.0 and above the default
+security level is 2, so this option will have no effect without also changing
+the security level. See L<SSL_CTX_set_security_level(3)>.
 
 =item B<-no_ticket>
 

libs/openssl/doc/man3/SSL_CTX_set_options.pod

@@ -250,8 +250,12 @@ and compressed certificates will not be accepted from the peer.
 
 =item SSL_OP_NO_COMPRESSION
 
-Do not use compression even if it is supported. This option is set by default.
-To switch it off use SSL_clear_options().
+Do not use TLS record compression even if it is supported. This option is set by
+default. To switch it off use SSL_clear_options(). Note that TLS record
+compression is not recommended and is not available at security level 2 or
+above. From OpenSSL 3.2 the default security level is 2, so clearing this option
+will have no effect without also changing the default security level. See
+L<SSL_CTX_set_security_level(3)>.
 
 =item SSL_OP_NO_ENCRYPT_THEN_MAC
 

libs/openssl/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod

@@ -42,8 +42,8 @@ ticket construction state according to RFC5077 Section 4 such that per session
 state is unnecessary and a small set of cryptographic variables needs to be
 maintained by the callback function implementation.
 
-In order to reuse a session, a TLS client must send the a session ticket
-extension to the server. The client can only send exactly one session ticket.
+In order to reuse a session, a TLS client must send the session ticket
+extension to the server. The client must send exactly one session ticket.
 The server, through the callback function, either agrees to reuse the session
 ticket information or it starts a full TLS handshake to create a new session
 ticket.

libs/openssl/doc/man3/SSL_CTX_set_tmp_dh_callback.pod

@@ -55,7 +55,7 @@ As generating DH parameters is extremely time consuming, an application
 should not generate the parameters on the fly. DH parameters can be reused, as
 the actual key is newly generated during the negotiation.
 
-Typically applications should use well know DH parameters that have built-in
+Typically applications should use well known DH parameters that have built-in
 support in OpenSSL. The macros SSL_CTX_set_dh_auto() and SSL_set_dh_auto()
 configure OpenSSL to use the default built-in DH parameters for the B<SSL_CTX>
 and B<SSL> objects respectively. Passing a value of 1 in the I<onoff> parameter

libs/openssl/doc/man3/SSL_get_error.pod

@@ -32,7 +32,9 @@ Some TLS implementations do not send a close_notify alert on shutdown.
 On an unexpected EOF, versions before OpenSSL 3.0 returned
 B<SSL_ERROR_SYSCALL>, nothing was added to the error stack, and errno was 0.
 Since OpenSSL 3.0 the returned error is B<SSL_ERROR_SSL> with a meaningful
-error on the error stack.
+error on the error stack (SSL_R_UNEXPECTED_EOF_WHILE_READING). This error reason
+code may be used for control flow decisions (see the man page for
+L<ERR_GET_REASON(3)> for further details on this).
 
 =head1 RETURN VALUES
 
@@ -73,7 +75,7 @@ for a blocking B<BIO>.
 See L<SSL_read(3)> for more information.
 
 For non-QUIC SSL objects, B<SSL_ERROR_WANT_WRITE> is returned when the last
-operation was a write to a nonblocking B<BIO> and it was unable to sent all data
+operation was a write to a nonblocking B<BIO> and it was unable to send all data
 to the B<BIO>. When the B<BIO> is writable again, the same function can be
 called again.
 
@@ -190,7 +192,7 @@ The SSL_ERROR_WANT_CLIENT_HELLO_CB error code was added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/SSL_get_peer_certificate.pod

@@ -10,10 +10,15 @@ SSL_get1_peer_certificate - get the X509 certificate of the peer
 
  #include <openssl/ssl.h>
 
- X509 *SSL_get_peer_certificate(const SSL *ssl);
  X509 *SSL_get0_peer_certificate(const SSL *ssl);
  X509 *SSL_get1_peer_certificate(const SSL *ssl);
 
+The following function has been deprecated since OpenSSL 3.0,
+and can be hidden entirely by defining B<OPENSSL_API_COMPAT> with a suitable
+version value, see L<openssl_user_macros(7)>:
+
+ X509 *SSL_get_peer_certificate(const SSL *ssl);
+
 =head1 DESCRIPTION
 
 These functions return a pointer to the X509 certificate the
@@ -69,7 +74,7 @@ SSL_get_peer_certificate() was deprecated in 3.0.0.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/X509_ATTRIBUTE.pod

@@ -0,0 +1,263 @@
+=pod
+
+=head1 NAME
+
+X509_ATTRIBUTE, X509at_get_attr,
+X509at_get_attr_count, X509at_get_attr_by_NID, X509at_get_attr_by_OBJ,
+X509at_delete_attr,
+X509at_add1_attr,
+X509at_add1_attr_by_OBJ, X509at_add1_attr_by_NID, X509at_add1_attr_by_txt,
+X509at_get0_data_by_OBJ,
+X509_ATTRIBUTE_create, X509_ATTRIBUTE_create_by_NID,
+X509_ATTRIBUTE_create_by_OBJ, X509_ATTRIBUTE_create_by_txt,
+X509_ATTRIBUTE_set1_object, X509_ATTRIBUTE_set1_data,
+X509_ATTRIBUTE_count,
+X509_ATTRIBUTE_get0_data, X509_ATTRIBUTE_get0_object, X509_ATTRIBUTE_get0_type
+- X509 attribute functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ typedef struct x509_attributes_st X509_ATTRIBUTE;
+
+ int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x);
+ int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
+                            int lastpos);
+ int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk,
+                            const ASN1_OBJECT *obj, int lastpos);
+ X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc);
+ X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc);
+ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
+                                            X509_ATTRIBUTE *attr);
+ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE)
+                                                   **x, const ASN1_OBJECT *obj,
+                                                   int type,
+                                                   const unsigned char *bytes,
+                                                   int len);
+ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE)
+                                                   **x, int nid, int type,
+                                                   const unsigned char *bytes,
+                                                   int len);
+ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE)
+                                                   **x, const char *attrname,
+                                                   int type,
+                                                   const unsigned char *bytes,
+                                                   int len);
+ void *X509at_get0_data_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *x,
+                               const ASN1_OBJECT *obj, int lastpos, int type);
+ X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value);
+ X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
+                                              int atrtype, const void *data,
+                                              int len);
+ X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
+                                              const ASN1_OBJECT *obj,
+                                              int atrtype, const void *data,
+                                              int len);
+ X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
+                                              const char *atrname, int type,
+                                              const unsigned char *bytes,
+                                              int len);
+ int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj);
+ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
+                              const void *data, int len);
+ void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, int atrtype,
+                                void *data);
+ int X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr);
+ ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr);
+ ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx);
+
+=head1 DESCRIPTION
+
+B<X509_ATTRIBUTE> objects are used by many standards including X509, X509_REQ,
+PKCS12, PKCS8, PKCS7 and CMS.
+
+The B<X509_ATTRIBUTE> object is used to represent the ASN.1 Attribute as defined
+in RFC 5280, i.e.
+
+ Attribute ::= SEQUENCE {
+   type             AttributeType,
+   values    SET OF AttributeValue }
+
+ AttributeType ::= OBJECT IDENTIFIER
+ AttributeValue ::= ANY -- DEFINED BY AttributeType
+
+For example CMS defines the signing-time attribute as:
+
+  id-signingTime OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+      us(840) rsadsi(113549) pkcs(1) pkcs9(9) 5 }
+
+  SigningTime ::= Time
+
+  Time ::= CHOICE {
+    utcTime UTCTime,
+    generalizedTime GeneralizedTime }
+
+In OpenSSL B<AttributeType> maps to an B<ASN1_OBJECT> object
+and B<AttributeValue> maps to a list of B<ASN1_TYPE> objects.
+
+The following functions are used for B<X509_ATTRIBUTE> objects.
+
+X509at_get_attr_by_OBJ() finds the location of the first matching object I<obj>
+in a list of attributes I<sk>. The search starts at the position after I<lastpos>.
+If the returned value is positive then it can be used on the next call to
+X509at_get_attr_by_OBJ() as the value of I<lastpos> in order to iterate through
+the remaining attributes. I<lastpos> can be set to any negative value on the
+first call, in order to start searching from the start of the list.
+
+X509at_get_attr_by_NID() is similar to X509at_get_attr_by_OBJ() except that it
+passes the numerical identifier (NID) I<nid> associated with the object.
+See <openssl/obj_mac.h> for a list of NID_*.
+
+X509at_get_attr() returns the B<X509_ATTRIBUTE> object at index I<loc> in the
+list of attributes I<x>. I<loc> should be in the range from 0 to
+X509at_get_attr_count() - 1.
+
+X509at_delete_attr() removes the B<X509_ATTRIBUTE> object at index I<loc> in
+the list of attributes I<x>.
+
+X509at_add1_attr() pushes a copy of the passed in B<X509_ATTRIBUTE> object
+to the list I<x>.
+Both I<x> and I<attr> must be non NULL or an error will occur.
+If I<*x> is NULL then a new list is created, otherwise it uses the
+passed in list. An error will occur if an existing attribute (with the same
+attribute type) already exists in the attribute list.
+
+X509at_add1_attr_by_OBJ() creates a new B<X509_ATTRIBUTE> using
+X509_ATTRIBUTE_set1_object() and X509_ATTRIBUTE_set1_data() to assign a new
+I<obj> with type I<type> and data I<bytes> of length I<len> and then pushes it
+to the attribute list I<x>. Both I<x> and I<attr> must be non NULL or an error
+will occur. If I<*x> is NULL then a new attribute list is created. If I<obj>
+already exists in the attribute list then an error occurs.
+
+X509at_add1_attr_by_NID() is similar to X509at_add1_attr_by_OBJ() except that it
+passes the numerical identifier (NID) I<nid> associated with the object.
+See <openssl/obj_mac.h> for a list of NID_*.
+
+X509at_add1_attr_by_txt() is similar to X509at_add1_attr_by_OBJ() except that it
+passes a name I<attrname> associated with the object.
+See <openssl/obj_mac.h> for a list of SN_* names.
+
+X509_ATTRIBUTE_set1_object() assigns a B<ASN1_OBJECT> I<obj>
+to the attribute I<attr>. If I<attr> contained an existing B<ASN1_OBJECT> then
+it is freed. An error occurs if either I<attr> or I<obj> are NULL, or if
+the passed in I<obj> cannot be duplicated.
+
+X509_ATTRIBUTE_set1_data() pushes a new B<ASN1_TYPE> object onto the I<attr>
+attributes list. The new object is assigned a copy of the data in I<data> of
+size I<len>.
+If I<attrtype> has flag I<MBSTRING_FLAG> set then a table lookup using the
+I<attr> attributes NID is used to set an B<ASN1_STRING> using
+ASN1_STRING_set_by_NID(), and the passed in I<data> must be in the format
+required for that object type or an error will occur.
+If I<len> is not -1 then internally ASN1_STRING_type_new() is
+used with the passed in I<attrtype>.
+If I<attrtype> is 0 the call does nothing except return 1.
+
+X509_ATTRIBUTE_create() creates a new B<X509_ATTRIBUTE> using the I<nid>
+to set the B<ASN1_OBJECT> OID and the I<atrtype> and I<value> to set the
+B<ASN1_TYPE>.
+
+X509_ATTRIBUTE_create_by_OBJ() uses X509_ATTRIBUTE_set1_object() and
+X509_ATTRIBUTE_set1_data() to assign a new I<obj> with type I<atrtype> and
+data I<data> of length I<len>. If the passed in attribute I<attr> OR I<*attr> is
+NULL then a new B<X509_ATTRIBUTE> will be returned, otherwise the passed in
+B<X509_ATTRIBUTE> is used. Note that the ASN1_OBJECT I<obj> is pushed onto the
+attributes existing list of objects, which could be an issue if the attributes
+<ASN1_OBJECT> was different.
+
+X509_ATTRIBUTE_create_by_NID() is similar to X509_ATTRIBUTE_create_by_OBJ()
+except that it passes the numerical identifier (NID) I<nid> associated with the
+object. See <openssl/obj_mac.h> for a list of NID_*.
+
+X509_ATTRIBUTE_create_by_txt() is similar to X509_ATTRIBUTE_create_by_OBJ()
+except that it passes a name I<atrname> associated with the
+object. See <openssl/obj_mac.h> for a list of SN_* names.
+
+X509_ATTRIBUTE_count() returns the number of B<ASN1_TYPE> objects in an
+attribute I<attr>.
+
+X509_ATTRIBUTE_get0_type() returns the B<ASN1_TYPE> object at index I<idx> in
+the attribute list I<attr>. I<idx> should be in the
+range of 0 to X509_ATTRIBUTE_count() - 1 or an error will occur.
+
+X509_ATTRIBUTE_get0_data() returns the data of an B<ASN1_TYPE> object at
+index I<idx> in the attribute I<attr>. I<data> is unused and can be set to NULL.
+An error will occur if the attribute type I<atrtype> does not match the type of
+the B<ASN1_TYPE> object at index I<idx> OR if I<atrtype> is either
+B<V_ASN1_BOOLEAN> or B<V_ASN1_NULL> OR if the I<idx> is not in the
+range 0 to X509_ATTRIBUTE_count() - 1.
+
+X509at_get0_data_by_OBJ() finds the first attribute in an attribute list I<x>
+that matches the I<obj> starting at index I<lastpos> and returns the data
+retrieved from the found attributes first B<ASN1_TYPE> object. An error will
+occur if the attribute type I<type> does not match the type of the B<ASN1_TYPE>
+object OR if I<type> is either B<V_ASN1_BOOLEAN> or B<V_ASN1_NULL> OR the
+attribute is not found.
+If I<lastpos> is less than -1 then an error will occur if there are multiple
+objects in the list I<x> that match I<obj>.
+If I<lastpos> is less than -2 then an error will occur if there is more than
+one B<ASN1_TYPE> object in the found attribute.
+
+=head1 RETURN VALUES
+
+X509at_get_attr_count() returns the number of attributes in the list I<x> or -1
+if I<x> is NULL.
+
+X509at_get_attr_by_OBJ() returns -1 if either the list is empty OR the object
+is not found, otherwise it returns the location of the object in the list.
+
+X509at_get_attr_by_NID() is similar to X509at_get_attr_by_OBJ(), except that
+it returns -2 if the I<nid> is not known by OpenSSL.
+
+X509at_get_attr() returns either an B<X509_ATTRIBUTE> or NULL if there is a error.
+
+X509at_delete_attr() returns either the removed B<X509_ATTRIBUTE> or NULL if
+there is a error.
+
+X509_ATTRIBUTE_count() returns -1 on error, otherwise it returns the number
+of B<ASN1_TYPE> elements.
+
+X509_ATTRIBUTE_get0_type() returns NULL on error, otherwise it returns a
+B<ASN1_TYPE> object.
+
+X509_ATTRIBUTE_get0_data() returns NULL if an error occurs,
+otherwise it returns the data associated with an B<ASN1_TYPE> object.
+
+X509_ATTRIBUTE_set1_object() and X509_ATTRIBUTE_set1_data() returns 1 on
+success, or 0 otherwise.
+
+X509_ATTRIBUTE_create(), X509_ATTRIBUTE_create_by_OBJ(),
+X509_ATTRIBUTE_create_by_NID() and X509_ATTRIBUTE_create_by_txt() return either
+a B<X509_ATTRIBUTE> on success, or NULL if there is a error.
+
+X509at_add1_attr(), X509at_add1_attr_by_OBJ(), X509at_add1_attr_by_NID() and
+X509at_add1_attr_by_txt() return NULL on error, otherwise they return a list
+of B<X509_ATTRIBUTE>.
+
+X509at_get0_data_by_OBJ() returns the data retrieved from the found attributes
+first B<ASN1_TYPE> object, or NULL if an error occurs.
+
+=head1 SEE ALSO
+
+L<ASN1_TYPE_get(3)>,
+L<ASN1_INTEGER_get(3)>,
+L<ASN1_ENUMERATED_get(3)>,
+L<ASN1_STRING_get0_data(3)>,
+L<ASN1_STRING_length(3)>,
+L<ASN1_STRING_type(3)>,
+L<X509_REQ_get_attr(3)>,
+L<EVP_PKEY_get_attr(3)>,
+L<CMS_signed_get_attr(3)>,
+L<PKCS8_pkey_get0_attrs(3)>,
+
+=head1 COPYRIGHT
+
+Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut

libs/openssl/doc/man3/X509_REQ_get_attr.pod

@@ -0,0 +1,111 @@
+=pod
+
+=head1 NAME
+
+X509_REQ_get_attr_count,
+X509_REQ_get_attr_by_NID, X509_REQ_get_attr_by_OBJ, X509_REQ_get_attr,
+X509_REQ_delete_attr,
+X509_REQ_add1_attr, X509_REQ_add1_attr_by_OBJ, X509_REQ_add1_attr_by_NID,
+X509_REQ_add1_attr_by_txt
+- B<X509_ATTRIBUTE> support for signed certificate requests
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ int X509_REQ_get_attr_count(const X509_REQ *req);
+ int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos);
+ int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, const ASN1_OBJECT *obj,
+                              int lastpos);
+ X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc);
+ X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc);
+ int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr);
+ int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
+                               const ASN1_OBJECT *obj, int type,
+                               const unsigned char *bytes, int len);
+ int X509_REQ_add1_attr_by_NID(X509_REQ *req,
+                               int nid, int type,
+                               const unsigned char *bytes, int len);
+ int X509_REQ_add1_attr_by_txt(X509_REQ *req,
+                               const char *attrname, int type,
+                               const unsigned char *bytes, int len);
+
+=head1 DESCRIPTION
+
+X509_REQ_get_attr_by_OBJ() finds the location of the first matching object I<obj>
+in the I<req> attribute list. The search starts at the position after I<lastpos>.
+If the returned value is positive then it can be used on the next call to
+X509_REQ_get_attr_by_OBJ() as the value of I<lastpos> in order to iterate through
+the remaining attributes. I<lastpos> can be set to any negative value on the
+first call, in order to start searching from the start of the attribute list.
+
+X509_REQ_get_attr_by_NID() is similar to X509_REQ_get_attr_by_OBJ() except that
+it passes the numerical identifier (NID) I<nid> associated with the object.
+See <openssl/obj_mac.h> for a list of NID_*.
+
+X509_REQ_get_attr() returns the B<X509_ATTRIBUTE> object at index I<loc> in the
+I<req> attribute list. I<loc> should be in the range from 0 to
+X509_REQ_get_attr_count() - 1.
+
+X509_REQ_delete_attr() removes the B<X509_ATTRIBUTE> object at index I<loc> in
+the I<req> objects list of attributes. An error occurs if I<req> is NULL.
+
+X509_REQ_add1_attr() pushes a copy of the passed in B<X509_ATTRIBUTE> I<>attr>
+to the I<req> object's attribute list. An error will occur if either the
+attribute list is NULL or the attribute already exists.
+
+X509_REQ_add1_attr_by_OBJ() creates a new B<X509_ATTRIBUTE> using
+X509_ATTRIBUTE_set1_object() and X509_ATTRIBUTE_set1_data() to assign a new
+I<obj> with type I<type> and data I<bytes> of length I<len> and then pushes it
+to the I<req> object's attribute list. I<req> must be non NULL or an error
+will occur. If I<obj> already exists in the attribute list then an error occurs.
+
+X509_REQ_add1_attr_by_NID() is similar to X509_REQ_add1_attr_by_OBJ() except
+that it passes the numerical identifier (NID) I<nid> associated with the object.
+See <openssl/obj_mac.h> for a list of NID_*.
+
+X509_REQ_add1_attr_by_txt() is similar to X509_REQ_add1_attr_by_OBJ() except
+that it passes a name I<attrname> associated with the object.
+See <openssl/obj_mac.h> for a list of SN_* names.
+
+Refer to L<X509_ATTRIBUTE(3)> for information related to attributes.
+
+=head1 RETURN VALUES
+
+X509_REQ_get_attr_count() returns the number of attributes in the I<req> object
+attribute list or -1 if the attribute list is NULL.
+
+X509_REQ_get_attr_by_OBJ() returns -1 if either the I<req> object's attribute
+list is empty OR I<obj> is not found, otherwise it returns the location of the
+I<obj> in the attribute list.
+
+X509_REQ_get_attr_by_NID() is similar to X509_REQ_get_attr_by_OBJ(), except that
+it returns -2 if the I<nid> is not known by OpenSSL.
+
+X509_REQ_get_attr() returns either an B<X509_ATTRIBUTE> or NULL on error.
+
+X509_REQ_delete_attr() returns either the removed B<X509_ATTRIBUTE> or NULL if
+there is a error.
+
+X509_REQ_add1_attr(), X509_REQ_add1_attr_by_OBJ(), X509_REQ_add1_attr_by_NID()
+and X509_REQ_add1_attr_by_txt() return 1 on success or 0 on error.
+
+=head1 NOTES
+
+Any functions that modify the attributes (add or delete) internally set a flag
+to indicate the ASN.1 encoding has been modified.
+
+=head1 SEE ALSO
+
+L<X509_ATTRIBUTE(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut

libs/openssl/doc/man3/X509_dup.pod

@@ -359,6 +359,15 @@ algorithms from providers. This created object can then be used when loading
 binary data using B<d2i_I<TYPE>>().
 
 B<I<TYPE>_dup>() copies an existing object, leaving it untouched.
+Note, however, that the internal representation of the object
+may contain (besides the ASN.1 structure) further data, which is not copied.
+For instance, an B<X509> object usually is augmented by cached information
+on X.509v3 extensions, etc., and losing it can lead to wrong validation results.
+To avoid such situations, better use B<I<TYPE>_up_ref>() if available.
+For the case of B<X509> objects, an alternative to using L<X509_up_ref(3)>
+may be to still call B<I<TYPE>_dup>(), e.g., I<copied_cert = X509_dup(cert)>,
+followed by I<X509_check_purpose(copied_cert, -1, 0)>,
+which re-builds the cached data.
 
 B<I<TYPE>_free>() releases the object and all pointers and sub-objects
 within it.
@@ -376,6 +385,10 @@ the object or NULL on failure.
 
 B<I<TYPE>_print_ctx>() returns 1 on success or zero on failure.
 
+=head1 SEE ALSO
+
+L<X509_up_ref(3)>
+
 =head1 HISTORY
 
 The functions X509_REQ_new_ex(), X509_CRL_new_ex(), PKCS7_new_ex() and
@@ -386,7 +399,7 @@ deprecated in 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man7/EVP_CIPHER-AES.pod

@@ -63,6 +63,19 @@ FIPS provider:
 This implementation supports the parameters described in
 L<EVP_EncryptInit(3)/PARAMETERS>.
 
+=head1 NOTES
+
+The AES-SIV and AES-WRAP mode implementations do not support streaming. That
+means to obtain correct results there can be only one L<EVP_EncryptUpdate(3)>
+or L<EVP_DecryptUpdate(3)> call after the initialization of the context.
+
+The AES-XTS implementations allow streaming to be performed, but each
+L<EVP_EncryptUpdate(3)> or L<EVP_DecryptUpdate(3)> call requires each input
+to be a multiple of the blocksize. Only the final EVP_EncryptUpdate() or
+EVP_DecryptUpdate() call can optionally have an input that is not a multiple
+of the blocksize but is larger than one block. In that case ciphertext
+stealing (CTS) is used to fill the block.
+
 =head1 SEE ALSO
 
 L<provider-cipher(7)>, L<OSSL_PROVIDER-FIPS(7)>, L<OSSL_PROVIDER-default(7)>

libs/openssl/doc/man7/EVP_CIPHER-SM4.pod

@@ -37,6 +37,15 @@ The following algorithms are available in the default provider:
 This implementation supports the parameters described in
 L<EVP_EncryptInit(3)/PARAMETERS>.
 
+=head1 NOTES
+
+The SM4-XTS implementation allows streaming to be performed, but each
+L<EVP_EncryptUpdate(3)> or L<EVP_DecryptUpdate(3)> call requires each input
+to be a multiple of the blocksize. Only the final EVP_EncryptUpdate() or
+EVP_DecryptUpdate() call can optionally have an input that is not a multiple
+of the blocksize but is larger than one block. In that case ciphertext
+stealing (CTS) is used to fill the block.
+
 =head1 SEE ALSO
 
 L<provider-cipher(7)>, L<OSSL_PROVIDER-default(7)>

libs/openssl/doc/man7/EVP_KDF-ARGON2.pod

@@ -21,7 +21,7 @@ primary seek to address trade-off (side-channel) attacks.
 
 Argon2id is a hybrid construction which, in the first two slices of the first
 pass, generates reference addresses data-independently as in Argon2i, whereas
-in later slices and next passess it generates them data-dependently as in
+in later slices and next passes it generates them data-dependently as in
 Argon2d.
 
 Sbox-hardened version Argon2ds is not supported.