OpenSSL 3.1.3

Source commit: a5441eb6e959b7a522fbcc9551f8a13b26807af1

libs/openssl/CHANGES.md

@@ -22,6 +22,30 @@ OpenSSL Releases
 OpenSSL 3.1
 -----------
 
+### Changes between 3.1.2 and 3.1.3 [19 Sep 2023]
+
+ * Fix POLY1305 MAC implementation corrupting XMM registers on Windows.
+
+   The POLY1305 MAC (message authentication code) implementation in OpenSSL
+   does not save the contents of non-volatile XMM registers on Windows 64
+   platform when calculating the MAC of data larger than 64 bytes. Before
+   returning to the caller all the XMM registers are set to zero rather than
+   restoring their previous content. The vulnerable code is used only on newer
+   x86_64 processors supporting the AVX512-IFMA instructions.
+
+   The consequences of this kind of internal application state corruption can
+   be various - from no consequences, if the calling application does not
+   depend on the contents of non-volatile XMM registers at all, to the worst
+   consequences, where the attacker could get complete control of the
+   application process. However given the contents of the registers are just
+   zeroized so the attacker cannot put arbitrary values inside, the most likely
+   consequence, if any, would be an incorrect result of some application
+   dependent calculations or a crash leading to a denial of service.
+
+   ([CVE-2023-4807])
+
+   *Bernd Edlinger*
+
 ### Changes between 3.1.1 and 3.1.2 [1 Aug 2023]
 
  * Fix excessive time spent checking DH q parameter value.
@@ -19832,6 +19856,7 @@ ndif
 
 <!-- Links -->
 
+[CVE-2023-4807]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-4807
 [CVE-2023-3817]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3817
 [CVE-2023-3446]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3446
 [CVE-2023-2975]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2975

libs/openssl/Configurations/10-main.conf

@@ -9,19 +9,22 @@ sub vc_win64a_info {
             $vc_win64a_info = { AS        => "nasm",
                                 ASFLAGS   => "-g",
                                 asflags   => "-Ox -f win64 -DNEAR",
-                                asoutflag => "-o " };
+                                asoutflag => "-o ",
+                                perlasm_scheme => "nasm" };
         } elsif ($disabled{asm}) {
             # assembler is still used to compile uplink shim
             $vc_win64a_info = { AS        => "ml64",
                                 ASFLAGS   => "/nologo /Zi",
                                 asflags   => "/c /Cp /Cx",
-                                asoutflag => "/Fo" };
+                                asoutflag => "/Fo",
+                                perlasm_scheme => "masm" };
         } else {
             $die->("NASM not found - make sure it's installed and available on %PATH%\n");
             $vc_win64a_info = { AS        => "{unknown}",
                                 ASFLAGS   => "",
                                 asflags   => "",
-                                asoutflag => "" };
+                                asoutflag => "",
+                                perlasm_scheme => "auto" };
         }
     }
     return $vc_win64a_info;
@@ -1493,7 +1496,7 @@ my %targets = (
         sys_id           => "WIN64A",
         uplink_arch      => 'x86_64',
         asm_arch         => 'x86_64',
-        perlasm_scheme   => "auto",
+        perlasm_scheme   => sub { vc_win64a_info()->{perlasm_scheme} },
         multilib         => "-x64",
     },
     "VC-WIN32" => {

libs/openssl/Configurations/README.md

@@ -233,8 +233,14 @@ In each table entry, the following keys are significant:
                                                 is ILP32;
                            RC4_CHAR             RC4 key schedule is made
                                                 up of 'unsigned char's;
+                                                Note: should not be used
+                                                for new configuration
+                                                targets
                            RC4_INT              RC4 key schedule is made
                                                 up of 'unsigned int's;
+                                                Note: should not be used
+                                                for new configuration
+                                                targets
 
 [1] as part of the target configuration, one can have a key called
   `inherit_from` that indicates what other configurations to inherit

libs/openssl/NEWS.md

@@ -19,6 +19,11 @@ OpenSSL Releases
 OpenSSL 3.1
 -----------
 
+### Major changes between OpenSSL 3.1.2 and OpenSSL 3.1.3 [19 Sep 2023]
+
+  * Fix POLY1305 MAC implementation corrupting XMM registers on Windows
+    ([CVE-2023-4807])
+
 ### Major changes between OpenSSL 3.1.1 and OpenSSL 3.1.2 [1 Aug 2023]
 
   * Fix excessive time spent checking DH q parameter value ([CVE-2023-3817])
@@ -1464,6 +1469,7 @@ OpenSSL 0.9.x
 
 <!-- Links -->
 
+[CVE-2023-4807]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-4807
 [CVE-2023-3817]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3817
 [CVE-2023-3446]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3446
 [CVE-2023-2975]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2975

libs/openssl/README.md

@@ -166,7 +166,7 @@ attempting to develop or distribute cryptographic code.
 Copyright
 =========
 
-Copyright (c) 1998-2022 The OpenSSL Project
+Copyright (c) 1998-2023 The OpenSSL Project
 
 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
 

libs/openssl/VERSION.dat

@@ -1,7 +1,7 @@
 MAJOR=3
 MINOR=1
-PATCH=2
+PATCH=3
 PRE_RELEASE_TAG=
 BUILD_METADATA=
-RELEASE_DATE="1 Aug 2023"
+RELEASE_DATE="19 Sep 2023"
 SHLIB_VERSION=3

libs/openssl/apps/cmp.c

@@ -2512,7 +2512,7 @@ static int get_opts(int argc, char **argv)
             }
             break;
         case OPT_CSR:
-            opt_csr = opt_arg();
+            opt_csr = opt_str();
             break;
         case OPT_OUT_TRUSTED:
             opt_out_trusted = opt_str();

libs/openssl/apps/lib/apps.c

@@ -940,7 +940,7 @@ int load_key_certs_crls(const char *uri, int format, int maybe_stdin,
         BIO *bio;
 
         if (!maybe_stdin) {
-            BIO_printf(bio_err, "No filename or uri specified for loading");
+            BIO_printf(bio_err, "No filename or uri specified for loading\n");
             goto end;
         }
         uri = "<stdin>";
@@ -956,10 +956,8 @@ int load_key_certs_crls(const char *uri, int format, int maybe_stdin,
         ctx = OSSL_STORE_open_ex(uri, libctx, propq, get_ui_method(), &uidata,
                                  params, NULL, NULL);
     }
-    if (ctx == NULL) {
-        BIO_printf(bio_err, "Could not open file or uri for loading");
+    if (ctx == NULL)
         goto end;
-    }
     if (expect > 0 && !OSSL_STORE_expect(ctx, expect))
         goto end;
 
@@ -1940,16 +1938,17 @@ X509_NAME *parse_name(const char *cp, int chtype, int canmulti,
         nid = OBJ_txt2nid(typestr);
         if (nid == NID_undef) {
             BIO_printf(bio_err,
-                       "%s: Skipping unknown %s name attribute \"%s\"\n",
+                       "%s warning: Skipping unknown %s name attribute \"%s\"\n",
                        opt_getprog(), desc, typestr);
             if (ismulti)
                 BIO_printf(bio_err,
-                           "Hint: a '+' in a value string needs be escaped using '\\' else a new member of a multi-valued RDN is expected\n");
+                           "%s hint: a '+' in a value string needs be escaped using '\\' else a new member of a multi-valued RDN is expected\n",
+                           opt_getprog());
             continue;
         }
         if (*valstr == '\0') {
             BIO_printf(bio_err,
-                       "%s: No value provided for %s name attribute \"%s\", skipped\n",
+                       "%s warning: No value provided for %s name attribute \"%s\", skipped\n",
                        opt_getprog(), desc, typestr);
             continue;
         }

libs/openssl/apps/req.c

@@ -990,10 +990,10 @@ int req_main(int argc, char **argv)
         else
             tpubkey = X509_REQ_get0_pubkey(req);
         if (tpubkey == NULL) {
-            fprintf(stdout, "Modulus is unavailable\n");
+            BIO_puts(bio_err, "Modulus is unavailable\n");
             goto end;
         }
-        fprintf(stdout, "Modulus=");
+        BIO_puts(out, "Modulus=");
         if (EVP_PKEY_is_a(tpubkey, "RSA") || EVP_PKEY_is_a(tpubkey, "RSA-PSS")) {
             BIGNUM *n = NULL;
 
@@ -1002,9 +1002,9 @@ int req_main(int argc, char **argv)
             BN_print(out, n);
             BN_free(n);
         } else {
-            fprintf(stdout, "Wrong Algorithm type");
+            BIO_puts(out, "Wrong Algorithm type");
         }
-        fprintf(stdout, "\n");
+        BIO_puts(out, "\n");
     }
 
     if (!noout && !gen_x509) {

libs/openssl/apps/s_server.c

@@ -788,7 +788,7 @@ const OPTIONS s_server_options[] = {
      "second server certificate chain file in PEM format"},
     {"dkey", OPT_DKEY, '<',
      "Second private key file to use (usually for DSA)"},
-    {"dkeyform", OPT_DKEYFORM, 'F',
+    {"dkeyform", OPT_DKEYFORM, 'f',
      "Second key file format (ENGINE, other values ignored)"},
     {"dpass", OPT_DPASS, 's',
      "Second private key and cert file pass phrase source"},

libs/openssl/appveyor.yml

@@ -1,82 +0,0 @@
-image:
-    - Visual Studio 2017
-
-platform:
-    - x64
-    - x86
-
-environment:
-    fast_finish: true
-    matrix:
-        - VSVER: 15
-
-configuration:
-    - shared
-    - minimal
-
-for:
-    -
-        branches:
-            only:
-                - master
-        configuration:
-            - shared
-            - plain
-            - minimal
-
-before_build:
-    - ps: >-
-        Install-Module VSSetup -Scope CurrentUser
-    - ps: >-
-        Get-VSSetupInstance -All
-    - ps: >-
-        If ($env:Platform -Match "x86") {
-            $env:VCVARS_PLATFORM="x86"
-            $env:TARGET="VC-WIN32 no-asm --strict-warnings"
-        } Else {
-            $env:VCVARS_PLATFORM="amd64"
-            $env:TARGET="VC-WIN64A-masm"
-        }
-    - ps: >-
-        If ($env:Configuration -Match "shared") {
-            $env:CONFIG_OPTS="enable-fips"
-        } ElseIf ($env:Configuration -Match "minimal") {
-            $env:CONFIG_OPTS="no-bulk no-asm -DOPENSSL_SMALL_FOOTPRINT"
-        } Else {
-            $env:CONFIG_OPTS="no-fips no-shared"
-        }
-    - call "C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Auxiliary\Build\vcvarsall.bat" %VCVARS_PLATFORM%
-    - mkdir _build
-    - cd _build
-    - perl ..\Configure %TARGET% no-makedepend %CONFIG_OPTS%
-    - perl configdata.pm --dump
-    - cd ..
-    - ps: >-
-        If ($env:BUILDONLY -or $env:MAKEVERBOSE) {
-            $env:NMAKE="nmake"
-        } Else {
-            $env:NMAKE="nmake /S"
-        }
-    - ps: >-
-        gci env:* | sort-object name
-
-build_script:
-    - cd _build
-    - "%NMAKE% build_all_generated"
-    - "%NMAKE% PERL=no-perl"
-    - cd ..
-
-test_script:
-    - cd _build
-    - ps: >-
-        if ($env:Configuration -Match "plain") {
-            cmd /c "%NMAKE% test VERBOSE_FAILURE=yes 2>&1"
-        } Else {
-            cmd /c "%NMAKE% test VERBOSE_FAILURE=yes TESTS=-test_fuzz 2>&1"
-        }
-    - ps: >-
-        if ($env:Configuration -Match "shared") {
-            mkdir ..\_install
-            cmd /c "%NMAKE% install DESTDIR=..\_install 2>&1"
-        }
-    - cd ..

libs/openssl/crypto/aes/asm/vpaes-loongarch64.pl

@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -62,14 +62,14 @@ _vpaes_encrypt_core:
     ld.w      $t5,$a2,240
     vori.b    $vr1,$vr9,0
     la.local  $t0,Lk_ipt
-    vld	      $vr2,$t0,0    # iptlo
+    vld       $vr2,$t0,0    # iptlo
     vandn.v   $vr1,$vr1,$vr0
     vld	      $vr5,$a5,0    # round0 key
     vsrli.w   $vr1,$vr1,4
     vand.v    $vr0,$vr0,$vr9
-    vshuf.b   $vr2,$vr0,$vr2,$vr0
+    vshuf.b   $vr2,$vr18,$vr2,$vr0
     vld       $vr0,$t0,16   # ipthi
-    vshuf.b   $vr0,$vr1,$vr0,$vr1
+    vshuf.b   $vr0,$vr18,$vr0,$vr1
     vxor.v    $vr2,$vr2,$vr5
     addi.d    $a5,$a5,16
     vxor.v    $vr0,$vr0,$vr2
@@ -81,26 +81,26 @@ _vpaes_encrypt_core:
     # middle of middle round
     vori.b    $vr4,$vr13,0           # 4 : sb1u
     vori.b    $vr0,$vr12,0           # 0 : sb1t
-    vshuf.b   $vr4,$vr2,$vr4,$vr2    # 4 = sb1u
-    vshuf.b   $vr0,$vr3,$vr0,$vr3    # 0 = sb1t
+    vshuf.b   $vr4,$vr18,$vr4,$vr2    # 4 = sb1u
+    vshuf.b   $vr0,$vr18,$vr0,$vr3    # 0 = sb1t
     vxor.v    $vr4,$vr4,$vr5         # 4 = sb1u + k
     vori.b    $vr5,$vr15,0           # 4 : sb2u
     vxor.v    $vr0,$vr0,$vr4         # 0 = A
     add.d     $t0,$a7,$a6            # Lk_mc_forward[]
     vld       $vr1,$t0,-0x40
-    vshuf.b   $vr5,$vr2,$vr5,$vr2    # 4 = sb2u
+    vshuf.b   $vr5,$vr18,$vr5,$vr2    # 4 = sb2u
     vld       $vr4,$t0,0             # Lk_mc_backward[]
     vori.b    $vr2,$vr14,0           # 2 : sb2t
-    vshuf.b   $vr2,$vr3,$vr2,$vr3    # 2 = sb2t
+    vshuf.b   $vr2,$vr18,$vr2,$vr3    # 2 = sb2t
     vori.b    $vr3,$vr0,0            # 3 = A
     vxor.v    $vr2,$vr5,$vr2         # 2 = 2A
-    vshuf.b   $vr0,$vr1,$vr0,$vr1    # 0 = B
+    vshuf.b   $vr0,$vr18,$vr0,$vr1    # 0 = B
     addi.d    $a5,$a5,16             # next key
     vxor.v    $vr0,$vr0,$vr2         # 0 = 2A+B
-    vshuf.b   $vr3,$vr4,$vr3,$vr4    # 3 = D
+    vshuf.b   $vr3,$vr18,$vr3,$vr4    # 3 = D
     addi.d    $a7,$a7,16             # next mc
     vxor.v    $vr3,$vr3,$vr0         # 3 = 2A+B+D
-    vshuf.b   $vr0,$vr1,$vr0,$vr1    # 0 = 2B+C
+    vshuf.b   $vr0,$vr18,$vr0,$vr1    # 0 = 2B+C
     andi      $a7,$a7,0x30           # ... mod 4
     addi.d    $t5,$t5,-1             # nr--
     vxor.v    $vr0,$vr0,$vr3         # 0 = 2A+3B+C+D
@@ -112,33 +112,33 @@ _vpaes_encrypt_core:
     vandn.v   $vr1,$vr1,$vr0        # 1 = i<<4
     vsrli.w   $vr1,$vr1,4           # 1 = i
     vand.v    $vr0,$vr0,$vr9        # 0 = k
-    vshuf.b   $vr5,$vr0,$vr5,$vr0   # 2 = a/k
+    vshuf.b   $vr5,$vr18,$vr5,$vr0   # 2 = a/k
     vori.b    $vr3,$vr10,0          # 3 : 1/i
     vxor.v    $vr0,$vr0,$vr1        # 0 = j
-    vshuf.b   $vr3,$vr1,$vr3,$vr1   # 3 = 1/i
+    vshuf.b   $vr3,$vr18,$vr3,$vr1   # 3 = 1/i
     vori.b    $vr4,$vr10,0          # 4 : 1/j
     vxor.v    $vr3,$vr3,$vr5        # 3 = iak = 1/i + a/k
-    vshuf.b   $vr4,$vr0,$vr4,$vr0   # 4 = 1/j
+    vshuf.b   $vr4,$vr18,$vr4,$vr0   # 4 = 1/j
     vori.b    $vr2,$vr10,0          # 2 : 1/iak
     vxor.v    $vr4,$vr4,$vr5        # 4 = jak = 1/j + a/k
-    vshuf.b   $vr2,$vr3,$vr2,$vr3   # 2 = 1/iak
+    vshuf.b   $vr2,$vr18,$vr2,$vr3   # 2 = 1/iak
     vori.b    $vr3,$vr10,0          # 3 : 1/jak
     vxor.v    $vr2,$vr2,$vr0        # 2 = io
-    vshuf.b   $vr3,$vr4,$vr3,$vr4   # 3 = 1/jak
-    vld       $vr5,$a5,	0
+    vshuf.b   $vr3,$vr18,$vr3,$vr4   # 3 = 1/jak
+    vld       $vr5,$a5,0
     vxor.v    $vr3,$vr3,$vr1        # 3 = jo
     bnez      $t5,.Lenc_loop
 
     # middle of last round
     vld       $vr4,$a6,	-0x60		# 3 : sbou	Lk_sbo
     vld       $vr0,$a6,	-0x50		# 0 : sbot	Lk_sbo+16
-    vshuf.b   $vr4,$vr2,$vr4,$vr2	# 4 = sbou
+    vshuf.b   $vr4,$vr18,$vr4,$vr2	# 4 = sbou
     vxor.v    $vr4,$vr4,$vr5		# 4 = sb1u + k
-    vshuf.b   $vr0,$vr3,$vr0,$vr3	# 0 = sb1t
+    vshuf.b   $vr0,$vr18,$vr0,$vr3	# 0 = sb1t
     add.d     $t0,$a7,$a6		# Lk_sr[]
-    vld       $vr1,$t0,	0x40
+    vld       $vr1,$t0,0x40
     vxor.v    $vr0,$vr0,$vr4		# 0 = A
-    vshuf.b   $vr0,$vr1,$vr0,$vr1
+    vshuf.b   $vr0,$vr18,$vr0,$vr1
     jr        $ra
 .cfi_endproc
 .size	_vpaes_encrypt_core,.-_vpaes_encrypt_core
@@ -163,11 +163,11 @@ _vpaes_decrypt_core:
     vld       $vr5,$a5,0               # round0 key
     slli.d    $a7,$a7,4
     vand.v    $vr0,$vr9,$vr0
-    vshuf.b   $vr2,$vr0,$vr2,$vr0
+    vshuf.b   $vr2,$vr18,$vr2,$vr0
     vld       $vr0,$t0,16              # ipthi
     xori      $a7,$a7,0x30
     la.local  $a6,Lk_dsbd
-    vshuf.b   $vr0,$vr1,$vr0,$vr1
+    vshuf.b   $vr0,$vr18,$vr0,$vr1
     andi      $a7,$a7,0x30
     vxor.v    $vr2,$vr2,$vr5
     la.local  $t0,Lk_mc_forward
@@ -184,29 +184,29 @@ _vpaes_decrypt_core:
 ##
     vld        $vr4,$a6,-0x20		# 4 : sb9u
     vld        $vr1,$a6,-0x10		# 0 : sb9t
-    vshuf.b    $vr4,$vr2,$vr4,$vr2	# 4 = sb9u
-    vshuf.b    $vr1,$vr3,$vr1,$vr3	# 0 = sb9t
+    vshuf.b    $vr4,$vr18,$vr4,$vr2	# 4 = sb9u
+    vshuf.b    $vr1,$vr18,$vr1,$vr3	# 0 = sb9t
     vxor.v     $vr0,$vr0,$vr4
     vld        $vr4,$a6,0x0		# 4 : sbdu
     vxor.v     $vr0,$vr0,$vr1		# 0 = ch
     vld        $vr1,$a6,0x10		# 0 : sbdt
-    vshuf.b    $vr4,$vr2,$vr4,$vr2	# 4 = sbdu
-    vshuf.b    $vr0,$vr5,$vr0,$vr5	# MC ch
-    vshuf.b    $vr1,$vr3,$vr1,$vr3	# 0 = sbdt
+    vshuf.b    $vr4,$vr18,$vr4,$vr2	# 4 = sbdu
+    vshuf.b    $vr0,$vr18,$vr0,$vr5	# MC ch
+    vshuf.b    $vr1,$vr18,$vr1,$vr3	# 0 = sbdt
     vxor.v     $vr0,$vr0,$vr4		# 4 = ch
     vld        $vr4,$a6,0x20		# 4 : sbbu
     vxor.v     $vr0,$vr0,$vr1		# 0 = ch
     vld        $vr1,$a6,0x30		# 0 : sbbt
-    vshuf.b    $vr4,$vr2,$vr4,$vr2	# 4 = sbbu
-    vshuf.b    $vr0,$vr5,$vr0,$vr5	# MC ch
-    vshuf.b    $vr1,$vr3,$vr1,$vr3	# 0 = sbbt
+    vshuf.b    $vr4,$vr18,$vr4,$vr2	# 4 = sbbu
+    vshuf.b    $vr0,$vr18,$vr0,$vr5	# MC ch
+    vshuf.b    $vr1,$vr18,$vr1,$vr3	# 0 = sbbt
     vxor.v     $vr0,$vr0,$vr4		# 4 = ch
     vld        $vr4,$a6,0x40		# 4 : sbeu
     vxor.v     $vr0,$vr0,$vr1		# 0 = ch
     vld        $vr1,$a6,0x50		# 0 : sbet
-    vshuf.b    $vr4,$vr2,$vr4,$vr2	# 4 = sbeu
-    vshuf.b    $vr0,$vr5,$vr0,$vr5	# MC ch
-    vshuf.b    $vr1,$vr3,$vr1,$vr3	# 0 = sbet
+    vshuf.b    $vr4,$vr18,$vr4,$vr2	# 4 = sbeu
+    vshuf.b    $vr0,$vr18,$vr0,$vr5	# MC ch
+    vshuf.b    $vr1,$vr18,$vr1,$vr3	# 0 = sbet
     vxor.v     $vr0,$vr0,$vr4		# 4 = ch
     addi.d     $a5,$a5,	16		# next round key
     vbsrl.v    $vr16,$vr5,0xc
@@ -222,32 +222,32 @@ _vpaes_decrypt_core:
     vori.b     $vr2,$vr11,0		# 2 : a/k
     vsrli.w    $vr1,$vr1,4		# 1 = i
     vand.v     $vr0,$vr0,$vr9		# 0 = k
-    vshuf.b    $vr2,$vr0,$vr2,$vr0	# 2 = a/k
+    vshuf.b    $vr2,$vr18,$vr2,$vr0	# 2 = a/k
     vori.b     $vr3,$vr10,0		# 3 : 1/i
     vxor.v     $vr0,$vr0,$vr1		# 0 = j
-    vshuf.b    $vr3,$vr1,$vr3,$vr1	# 3 = 1/i
+    vshuf.b    $vr3,$vr18,$vr3,$vr1	# 3 = 1/i
     vori.b     $vr4,$vr10,0		# 4 : 1/j
     vxor.v     $vr3,$vr3,$vr2		# 3 = iak = 1/i + a/k
-    vshuf.b    $vr4,$vr0,$vr4,$vr0	# 4 = 1/j
+    vshuf.b    $vr4,$vr18,$vr4,$vr0	# 4 = 1/j
     vxor.v     $vr4,$vr4,$vr2		# 4 = jak = 1/j + a/k
     vori.b     $vr2,$vr10,0		# 2 : 1/iak
-    vshuf.b    $vr2,$vr3,$vr2,$vr3	# 2 = 1/iak
+    vshuf.b    $vr2,$vr18,$vr2,$vr3	# 2 = 1/iak
     vori.b     $vr3,$vr10,0		# 3 : 1/jak
     vxor.v     $vr2,$vr2,$vr0		# 2 = io
-    vshuf.b    $vr3,$vr4,$vr3,$vr4	# 3 = 1/jak
+    vshuf.b    $vr3,$vr18,$vr3,$vr4	# 3 = 1/jak
     vld        $vr0,$a5,0
     vxor.v     $vr3,$vr3,$vr1		# 3 = jo
     bnez       $t5,.Ldec_loop
 
     # middle of last round
     vld        $vr4,$a6,0x60		# 3 : sbou
-    vshuf.b    $vr4,$vr2,$vr4,$vr2	# 4 = sbou
+    vshuf.b    $vr4,$vr18,$vr4,$vr2	# 4 = sbou
     vxor.v     $vr4,$vr4,$vr0		# 4 = sb1u + k
     vld        $vr0,$a6,0x70		# 0 : sbot
     vld        $vr2,$a7,-0x160		# Lk_sr-.Lk_dsbd=-0x160
-    vshuf.b    $vr0,$vr3,$vr0,$vr3	# 0 = sb1t
+    vshuf.b    $vr0,$vr18,$vr0,$vr3	# 0 = sb1t
     vxor.v     $vr0,$vr0,$vr4		# 0 = A
-    vshuf.b    $vr0,$vr2,$vr0,$vr2
+    vshuf.b    $vr0,$vr18,$vr0,$vr2
     jr         $ra
 .cfi_endproc
 .size	_vpaes_decrypt_core,.-_vpaes_decrypt_core
@@ -292,7 +292,7 @@ _vpaes_schedule_core:
     # decrypting, output zeroth round key after shiftrows
     add.d     $t2,$a4,$a6
     vld       $vr1,$t2,0
-    vshuf.b   $vr3,$vr1,$vr3,$vr1
+    vshuf.b   $vr3,$vr18,$vr3,$vr1
     vst       $vr3,$a2,0
     xori      $a4,$a4,0x30
 
@@ -415,7 +415,7 @@ _vpaes_schedule_core:
      # encrypting
      add.d      $t0,$a4,$a6
      vld        $vr1,$t0,0
-     vshuf.b    $vr0,$vr1,$vr0,$vr1             # output permute
+     vshuf.b    $vr0,$vr18,$vr0,$vr1             # output permute
      la.local   $a7,Lk_opt                      # prepare to output transform
      addi.d     $a2,$a2,32
 
@@ -530,24 +530,24 @@ _vpaes_schedule_low_round:
     vsrli.w     $vr1,$vr1,0x4			# 1 = i
     vand.v      $vr0,$vr0,$vr9			# 0 = k
     vaddi.du    $vr2,$vr11,0x0			# 2 : a/k
-    vshuf.b     $vr2,$vr0,$vr2,$vr0		# 2 = a/k
+    vshuf.b     $vr2,$vr18,$vr2,$vr0		# 2 = a/k
     vxor.v      $vr0,$vr0,$vr1			# 0 = j
     vaddi.du    $vr3,$vr10,0x0			# 3 : 1/i
-    vshuf.b     $vr3,$vr1,$vr3,$vr1		# 3 = 1/i
+    vshuf.b     $vr3,$vr18,$vr3,$vr1		# 3 = 1/i
     vxor.v      $vr3,$vr3,$vr2			# 3 = iak = 1/i + a/k
     vaddi.du    $vr4,$vr10,0x0			# 4 : 1/j
-    vshuf.b     $vr4,$vr0,$vr4,$vr0		# 4 = 1/j
+    vshuf.b     $vr4,$vr18,$vr4,$vr0		# 4 = 1/j
     vxor.v      $vr4,$vr4,$vr2			# 4 = jak = 1/j + a/k
     vaddi.du    $vr2,$vr10,0x0			# 2 : 1/iak
-    vshuf.b     $vr2,$vr3,$vr2,$vr3		# 2 = 1/iak
+    vshuf.b     $vr2,$vr18,$vr2,$vr3		# 2 = 1/iak
     vxor.v      $vr2,$vr2,$vr0			# 2 = io
     vaddi.du    $vr3,$vr10,0x0			# 3 : 1/jak
-    vshuf.b     $vr3,$vr4,$vr3,$vr4		# 3 = 1/jak
+    vshuf.b     $vr3,$vr18,$vr3,$vr4		# 3 = 1/jak
     vxor.v      $vr3,$vr3,$vr1			# 3 = jo
     vaddi.du    $vr4,$vr13,0x0			# 4 : sbou
-    vshuf.b     $vr4,$vr2,$vr4,$vr2		# 4 = sbou
+    vshuf.b     $vr4,$vr18,$vr4,$vr2		# 4 = sbou
     vaddi.du    $vr0,$vr12,0x0			# 0 : sbot
-    vshuf.b     $vr0,$vr3,$vr0,$vr3		# 0 = sb1t
+    vshuf.b     $vr0,$vr18,$vr0,$vr3		# 0 = sb1t
     vxor.v      $vr0,$vr0,$vr4			# 0 = sbox output
 
     # add in smeared stuff
@@ -575,9 +575,9 @@ _vpaes_schedule_transform:
     vsrli.w    $vr1,$vr1,4
     vand.v     $vr0,$vr0,$vr9
     vld        $vr2,$a7,0		# lo
-    vshuf.b    $vr2,$vr0,$vr2,$vr0
+    vshuf.b    $vr2,$vr18,$vr2,$vr0
     vld        $vr0,$a7,16		# hi
-    vshuf.b    $vr0,$vr1,$vr0,$vr1
+    vshuf.b    $vr0,$vr18,$vr0,$vr1
     vxor.v     $vr0,$vr0,$vr2
     jr         $ra
 .cfi_endproc
@@ -620,11 +620,11 @@ _vpaes_schedule_mangle:
     la.local   $t0,Lk_s63
     vld        $vr16,$t0,0
     vxor.v     $vr4,$vr4,$vr16
-    vshuf.b    $vr4,$vr5,$vr4,$vr5
+    vshuf.b    $vr4,$vr18,$vr4,$vr5
     vori.b     $vr3,$vr4,0
-    vshuf.b    $vr4,$vr5,$vr4,$vr5
+    vshuf.b    $vr4,$vr18,$vr4,$vr5
     vxor.v     $vr3,$vr3,$vr4
-    vshuf.b    $vr4,$vr5,$vr4,$vr5
+    vshuf.b    $vr4,$vr18,$vr4,$vr5
     vxor.v     $vr3,$vr3,$vr4
 
     b          .Lschedule_mangle_both
@@ -638,33 +638,33 @@ _vpaes_schedule_mangle:
     vand.v     $vr4,$vr4,$vr9		# 4 = lo
 
     vld        $vr2,$a7,0
-    vshuf.b    $vr2,$vr4,$vr2,$vr4
+    vshuf.b    $vr2,$vr18,$vr2,$vr4
     vld        $vr3,$a7,0x10
-    vshuf.b    $vr3,$vr1,$vr3,$vr1
+    vshuf.b    $vr3,$vr18,$vr3,$vr1
     vxor.v     $vr3,$vr3,$vr2
-    vshuf.b    $vr3,$vr5,$vr3,$vr5
+    vshuf.b    $vr3,$vr18,$vr3,$vr5
 
     vld        $vr2,$a7,0x20
-    vshuf.b    $vr2,$vr4,$vr2,$vr4
+    vshuf.b    $vr2,$vr18,$vr2,$vr4
     vxor.v     $vr2,$vr2,$vr3
     vld        $vr3,$a7,0x30
-    vshuf.b    $vr3,$vr1,$vr3,$vr1
+    vshuf.b    $vr3,$vr18,$vr3,$vr1
     vxor.v     $vr3,$vr3,$vr2
-    vshuf.b    $vr3,$vr5,$vr3,$vr5
+    vshuf.b    $vr3,$vr18,$vr3,$vr5
 
     vld        $vr2,$a7,0x40
-    vshuf.b    $vr2,$vr4,$vr2,$vr4
+    vshuf.b    $vr2,$vr18,$vr2,$vr4
     vxor.v     $vr2,$vr2,$vr3
     vld        $vr3,$a7,0x50
-    vshuf.b    $vr3,$vr1,$vr3,$vr1
+    vshuf.b    $vr3,$vr18,$vr3,$vr1
     vxor.v     $vr3,$vr3,$vr2
-    vshuf.b    $vr3,$vr5,$vr3,$vr5
+    vshuf.b    $vr3,$vr18,$vr3,$vr5
 
     vld        $vr2,$a7,0x60
-    vshuf.b    $vr2,$vr4,$vr2,$vr4
+    vshuf.b    $vr2,$vr18,$vr2,$vr4
     vxor.v     $vr2,$vr2,$vr3
     vld        $vr3,$a7,0x70
-    vshuf.b    $vr3,$vr1,$vr3,$vr1
+    vshuf.b    $vr3,$vr18,$vr3,$vr1
     vxor.v     $vr3,$vr3,$vr2
 
     addi.d     $a2,$a2,-16
@@ -672,7 +672,7 @@ _vpaes_schedule_mangle:
 .Lschedule_mangle_both:
     add.d      $t2,$a4,$a6
     vld        $vr1,$t2,0
-    vshuf.b    $vr3,$vr1,$vr3,$vr1
+    vshuf.b    $vr3,$vr18,$vr3,$vr1
     addi.d     $a4,$a4,-16
     andi       $a4,$a4,0x30
     vst        $vr3,$a2,0
@@ -885,6 +885,7 @@ _vpaes_preheat:
     vld       $vr12,$a6,0x40		# Lk_sb1+16
     vld       $vr15,$a6,0x50		# Lk_sb2
     vld       $vr14,$a6,0x60		# Lk_sb2+16
+    vldi      $vr18,0                   # $vr18 in this program is equal to 0
     jirl      $zero,$ra,0
 .cfi_endproc
 .size	_vpaes_preheat,.-_vpaes_preheat
@@ -899,8 +900,8 @@ $code.=<<___;
 .section .rodata
 .align	6
 Lk_inv:	# inv, inva
-    .quad	0x0E05060F0D080180, 0x040703090A0B0C02
-    .quad	0x01040A060F0B0780, 0x030D0E0C02050809
+    .quad	0x0E05060F0D080110, 0x040703090A0B0C02
+    .quad	0x01040A060F0B0710, 0x030D0E0C02050809
 
 Lk_s0F:	# s0F
     .quad	0x0F0F0F0F0F0F0F0F, 0x0F0F0F0F0F0F0F0F

libs/openssl/crypto/arm_arch.h

@@ -1,5 +1,5 @@
 /*
- * Copyright 2011-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2011-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -102,6 +102,7 @@ extern unsigned int OPENSSL_armv8_rsa_neonized;
 # define ARM_CPU_PART_N1           0xD0C
 # define ARM_CPU_PART_V1           0xD40
 # define ARM_CPU_PART_N2           0xD49
+# define ARM_CPU_PART_V2           0xD4F
 
 # define MIDR_PARTNUM_SHIFT       4
 # define MIDR_PARTNUM_MASK        (0xfffU << MIDR_PARTNUM_SHIFT)

libs/openssl/crypto/armcap.c

@@ -10,17 +10,18 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <setjmp.h>
-#include <signal.h>
 #include <openssl/crypto.h>
 #ifdef __APPLE__
 #include <sys/sysctl.h>
+#else
+#include <setjmp.h>
+#include <signal.h>
 #endif
 #include "internal/cryptlib.h"
-#ifndef _WIN32
-#include <unistd.h>
-#else
+#ifdef _WIN32
 #include <windows.h>
+#else
+#include <unistd.h>
 #endif
 #include "arm_arch.h"
 
@@ -46,7 +47,7 @@ uint32_t OPENSSL_rdtsc(void)
 {
     return 0;
 }
-#elif __ARM_MAX_ARCH__<7
+#elif __ARM_MAX_ARCH__ < 7
 void OPENSSL_cpuid_setup(void)
 {
 }
@@ -55,73 +56,11 @@ uint32_t OPENSSL_rdtsc(void)
 {
     return 0;
 }
-#else
-static sigset_t all_masked;
-
-static sigjmp_buf ill_jmp;
-static void ill_handler(int sig)
-{
-    siglongjmp(ill_jmp, sig);
-}
-
-/*
- * Following subroutines could have been inlined, but it's not all
- * ARM compilers support inline assembler...
- */
-void _armv7_neon_probe(void);
-void _armv8_aes_probe(void);
-void _armv8_sha1_probe(void);
-void _armv8_sha256_probe(void);
-void _armv8_pmull_probe(void);
-# ifdef __aarch64__
-void _armv8_sm3_probe(void);
-void _armv8_sm4_probe(void);
-void _armv8_eor3_probe(void);
-void _armv8_sha512_probe(void);
-unsigned int _armv8_cpuid_probe(void);
-void _armv8_sve_probe(void);
-void _armv8_sve2_probe(void);
-void _armv8_rng_probe(void);
-
-size_t OPENSSL_rndr_asm(unsigned char *buf, size_t len);
-size_t OPENSSL_rndrrs_asm(unsigned char *buf, size_t len);
-
-size_t OPENSSL_rndr_bytes(unsigned char *buf, size_t len);
-size_t OPENSSL_rndrrs_bytes(unsigned char *buf, size_t len);
-
-static size_t OPENSSL_rndr_wrapper(size_t (*func)(unsigned char *, size_t), unsigned char *buf, size_t len)
-{
-    size_t buffer_size = 0;
-    int i;
-
-    for (i = 0; i < 8; i++) {
-        buffer_size = func(buf, len);
-        if (buffer_size == len)
-            break;
-        usleep(5000);  /* 5000 microseconds (5 milliseconds) */
-    }
-    return buffer_size;
-}
+#else /* !_WIN32 && __ARM_MAX_ARCH__ >= 7 */
 
-size_t OPENSSL_rndr_bytes(unsigned char *buf, size_t len)
-{
-    return OPENSSL_rndr_wrapper(OPENSSL_rndr_asm, buf, len);
-}
+ /* 3 ways of handling things here: __APPLE__,  getauxval() or SIGILL detect */
 
-size_t OPENSSL_rndrrs_bytes(unsigned char *buf, size_t len)
-{
-    return OPENSSL_rndr_wrapper(OPENSSL_rndrrs_asm, buf, len);
-}
-# endif
-uint32_t _armv7_tick(void);
-
-uint32_t OPENSSL_rdtsc(void)
-{
-    if (OPENSSL_armcap_P & ARMV7_TICK)
-        return _armv7_tick();
-    else
-        return 0;
-}
+ /* First determine if getauxval() is available (OSSL_IMPLEMENT_GETAUXVAL) */
 
 # if defined(__GNUC__) && __GNUC__>=2
 void OPENSSL_cpuid_setup(void) __attribute__ ((constructor));
@@ -161,10 +100,10 @@ static unsigned long getauxval(unsigned long key)
  * Android: according to https://developer.android.com/ndk/guides/cpu-features,
  * getauxval is supported starting with API level 18
  */
-#  if defined(__ANDROID__) && defined(__ANDROID_API__) && __ANDROID_API__ >= 18
-#   include <sys/auxv.h>
-#   define OSSL_IMPLEMENT_GETAUXVAL
-#  endif
+# if defined(__ANDROID__) && defined(__ANDROID_API__) && __ANDROID_API__ >= 18
+#  include <sys/auxv.h>
+#  define OSSL_IMPLEMENT_GETAUXVAL
+# endif
 
 /*
  * ARM puts the feature bits for Crypto Extensions in AT_HWCAP2, whereas
@@ -177,40 +116,144 @@ static unsigned long getauxval(unsigned long key)
 #  define AT_HWCAP2              26
 # endif
 # if defined(__arm__) || defined (__arm)
-#  define HWCAP                  AT_HWCAP
-#  define HWCAP_NEON             (1 << 12)
-
-#  define HWCAP_CE               AT_HWCAP2
-#  define HWCAP_CE_AES           (1 << 0)
-#  define HWCAP_CE_PMULL         (1 << 1)
-#  define HWCAP_CE_SHA1          (1 << 2)
-#  define HWCAP_CE_SHA256        (1 << 3)
+#  define OSSL_HWCAP                  AT_HWCAP
+#  define OSSL_HWCAP_NEON             (1 << 12)
+
+#  define OSSL_HWCAP_CE               AT_HWCAP2
+#  define OSSL_HWCAP_CE_AES           (1 << 0)
+#  define OSSL_HWCAP_CE_PMULL         (1 << 1)
+#  define OSSL_HWCAP_CE_SHA1          (1 << 2)
+#  define OSSL_HWCAP_CE_SHA256        (1 << 3)
 # elif defined(__aarch64__)
-#  define HWCAP                  AT_HWCAP
-#  define HWCAP_NEON             (1 << 1)
-
-#  define HWCAP_CE               HWCAP
-#  define HWCAP_CE_AES           (1 << 3)
-#  define HWCAP_CE_PMULL         (1 << 4)
-#  define HWCAP_CE_SHA1          (1 << 5)
-#  define HWCAP_CE_SHA256        (1 << 6)
-#  define HWCAP_CPUID            (1 << 11)
-#  define HWCAP_SHA3             (1 << 17)
-#  define HWCAP_CE_SM3           (1 << 18)
-#  define HWCAP_CE_SM4           (1 << 19)
-#  define HWCAP_CE_SHA512        (1 << 21)
-#  define HWCAP_SVE              (1 << 22)
-                                  /* AT_HWCAP2 */
-#  define HWCAP2                 26
-#  define HWCAP2_SVE2            (1 << 1)
-#  define HWCAP2_RNG             (1 << 16)
+#  define OSSL_HWCAP                  AT_HWCAP
+#  define OSSL_HWCAP_NEON             (1 << 1)
+
+#  define OSSL_HWCAP_CE               AT_HWCAP
+#  define OSSL_HWCAP_CE_AES           (1 << 3)
+#  define OSSL_HWCAP_CE_PMULL         (1 << 4)
+#  define OSSL_HWCAP_CE_SHA1          (1 << 5)
+#  define OSSL_HWCAP_CE_SHA256        (1 << 6)
+#  define OSSL_HWCAP_CPUID            (1 << 11)
+#  define OSSL_HWCAP_SHA3             (1 << 17)
+#  define OSSL_HWCAP_CE_SM3           (1 << 18)
+#  define OSSL_HWCAP_CE_SM4           (1 << 19)
+#  define OSSL_HWCAP_CE_SHA512        (1 << 21)
+#  define OSSL_HWCAP_SVE              (1 << 22)
+                                      /* AT_HWCAP2 */
+#  define OSSL_HWCAP2                 26
+#  define OSSL_HWCAP2_SVE2            (1 << 1)
+#  define OSSL_HWCAP2_RNG             (1 << 16)
+# endif
+
+uint32_t _armv7_tick(void);
+
+uint32_t OPENSSL_rdtsc(void)
+{
+    if (OPENSSL_armcap_P & ARMV7_TICK)
+        return _armv7_tick();
+    else
+        return 0;
+}
+
+# ifdef __aarch64__
+size_t OPENSSL_rndr_asm(unsigned char *buf, size_t len);
+size_t OPENSSL_rndrrs_asm(unsigned char *buf, size_t len);
+
+size_t OPENSSL_rndr_bytes(unsigned char *buf, size_t len);
+size_t OPENSSL_rndrrs_bytes(unsigned char *buf, size_t len);
+
+static size_t OPENSSL_rndr_wrapper(size_t (*func)(unsigned char *, size_t), unsigned char *buf, size_t len)
+{
+    size_t buffer_size = 0;
+    int i;
+
+    for (i = 0; i < 8; i++) {
+        buffer_size = func(buf, len);
+        if (buffer_size == len)
+            break;
+        usleep(5000);  /* 5000 microseconds (5 milliseconds) */
+    }
+    return buffer_size;
+}
+
+size_t OPENSSL_rndr_bytes(unsigned char *buf, size_t len)
+{
+    return OPENSSL_rndr_wrapper(OPENSSL_rndr_asm, buf, len);
+}
+
+size_t OPENSSL_rndrrs_bytes(unsigned char *buf, size_t len)
+{
+    return OPENSSL_rndr_wrapper(OPENSSL_rndrrs_asm, buf, len);
+}
+# endif
+
+# if !defined(__APPLE__) && !defined(OSSL_IMPLEMENT_GETAUXVAL)
+static sigset_t all_masked;
+
+static sigjmp_buf ill_jmp;
+static void ill_handler(int sig)
+{
+    siglongjmp(ill_jmp, sig);
+}
+
+/*
+ * Following subroutines could have been inlined, but not all
+ * ARM compilers support inline assembler, and we'd then have to
+ * worry about the compiler optimising out the detection code...
+ */
+void _armv7_neon_probe(void);
+void _armv8_aes_probe(void);
+void _armv8_sha1_probe(void);
+void _armv8_sha256_probe(void);
+void _armv8_pmull_probe(void);
+#  ifdef __aarch64__
+void _armv8_sm3_probe(void);
+void _armv8_sm4_probe(void);
+void _armv8_sha512_probe(void);
+void _armv8_eor3_probe(void);
+void _armv8_sve_probe(void);
+void _armv8_sve2_probe(void);
+void _armv8_rng_probe(void);
+#  endif
+# endif /* !__APPLE__ && !OSSL_IMPLEMENT_GETAUXVAL */
+
+/* We only call _armv8_cpuid_probe() if (OPENSSL_armcap_P & ARMV8_CPUID) != 0 */
+unsigned int _armv8_cpuid_probe(void);
+
+# if defined(__APPLE__)
+/*
+ * Checks the specified integer sysctl, returning `value` if it's 1, otherwise returning 0.
+ */
+static unsigned int sysctl_query(const char *name, unsigned int value)
+{
+    unsigned int sys_value = 0;
+    size_t len = sizeof(sys_value);
+
+    return (sysctlbyname(name, &sys_value, &len, NULL, 0) == 0 && sys_value == 1) ? value : 0;
+}
+# elif !defined(OSSL_IMPLEMENT_GETAUXVAL)
+/*
+ * Calls a provided probe function, which may SIGILL. If it doesn't, return `value`, otherwise return 0.
+ */
+static unsigned int arm_probe_for(void (*probe)(void), volatile unsigned int value)
+{
+    if (sigsetjmp(ill_jmp, 1) == 0) {
+        probe();
+        return value;
+    } else {
+        /* The probe function gave us SIGILL */
+        return 0;
+    }
+}
 # endif
 
 void OPENSSL_cpuid_setup(void)
 {
     const char *e;
+# if !defined(__APPLE__) && !defined(OSSL_IMPLEMENT_GETAUXVAL)
     struct sigaction ill_oact, ill_act;
     sigset_t oset;
+# endif
     static int trigger = 0;
 
     if (trigger)
@@ -225,7 +268,7 @@ void OPENSSL_cpuid_setup(void)
     }
 
 # if defined(__APPLE__)
-#   if !defined(__aarch64__)
+#  if !defined(__aarch64__)
     /*
      * Capability probing by catching SIGILL appears to be problematic
      * on iOS. But since Apple universe is "monocultural", it's actually
@@ -235,77 +278,82 @@ void OPENSSL_cpuid_setup(void)
         OPENSSL_armcap_P = ARMV7_NEON;
         return;
     }
-    /*
-     * One could do same even for __aarch64__ iOS builds. It's not done
-     * exclusively for reasons of keeping code unified across platforms.
-     * Unified code works because it never triggers SIGILL on Apple
-     * devices...
-     */
-#   else
+#  else
     {
-        unsigned int feature;
-        size_t len = sizeof(feature);
-        char uarch[64];
-
-        if (sysctlbyname("hw.optional.armv8_2_sha512", &feature, &len, NULL, 0) == 0 && feature == 1)
-            OPENSSL_armcap_P |= ARMV8_SHA512;
-        feature = 0;
-        if (sysctlbyname("hw.optional.armv8_2_sha3", &feature, &len, NULL, 0) == 0 && feature == 1) {
-            OPENSSL_armcap_P |= ARMV8_SHA3;
-            len = sizeof(uarch);
+        /*
+         * From
+         * https://github.com/llvm/llvm-project/blob/412237dcd07e5a2afbb1767858262a5f037149a3/llvm/lib/Target/AArch64/AArch64.td#L719
+         * all of these have been available on 64-bit Apple Silicon from the
+         * beginning (the A7).
+         */
+        OPENSSL_armcap_P |= ARMV7_NEON | ARMV8_PMULL | ARMV8_AES | ARMV8_SHA1 | ARMV8_SHA256;
+
+        /* More recent extensions are indicated by sysctls */
+        OPENSSL_armcap_P |= sysctl_query("hw.optional.armv8_2_sha512", ARMV8_SHA512);
+        OPENSSL_armcap_P |= sysctl_query("hw.optional.armv8_2_sha3", ARMV8_SHA3);
+
+        if (OPENSSL_armcap_P & ARMV8_SHA3) {
+            char uarch[64];
+
+            size_t len = sizeof(uarch);
             if ((sysctlbyname("machdep.cpu.brand_string", uarch, &len, NULL, 0) == 0) &&
-                (strncmp(uarch, "Apple M1", 8) == 0))
+               ((strncmp(uarch, "Apple M1", 8) == 0) ||
+                (strncmp(uarch, "Apple M2", 8) == 0))) {
                 OPENSSL_armcap_P |= ARMV8_UNROLL8_EOR3;
+            }
         }
     }
-#   endif
-# endif
+#  endif       /* __aarch64__ */
+
+# elif defined(OSSL_IMPLEMENT_GETAUXVAL)
 
-# ifdef OSSL_IMPLEMENT_GETAUXVAL
-    if (getauxval(HWCAP) & HWCAP_NEON) {
-        unsigned long hwcap = getauxval(HWCAP_CE);
+    if (getauxval(OSSL_HWCAP) & OSSL_HWCAP_NEON) {
+        unsigned long hwcap = getauxval(OSSL_HWCAP_CE);
 
         OPENSSL_armcap_P |= ARMV7_NEON;
 
-        if (hwcap & HWCAP_CE_AES)
+        if (hwcap & OSSL_HWCAP_CE_AES)
             OPENSSL_armcap_P |= ARMV8_AES;
 
-        if (hwcap & HWCAP_CE_PMULL)
+        if (hwcap & OSSL_HWCAP_CE_PMULL)
             OPENSSL_armcap_P |= ARMV8_PMULL;
 
-        if (hwcap & HWCAP_CE_SHA1)
+        if (hwcap & OSSL_HWCAP_CE_SHA1)
             OPENSSL_armcap_P |= ARMV8_SHA1;
 
-        if (hwcap & HWCAP_CE_SHA256)
+        if (hwcap & OSSL_HWCAP_CE_SHA256)
             OPENSSL_armcap_P |= ARMV8_SHA256;
 
 #  ifdef __aarch64__
-        if (hwcap & HWCAP_CE_SM4)
+        if (hwcap & OSSL_HWCAP_CE_SM4)
             OPENSSL_armcap_P |= ARMV8_SM4;
 
-        if (hwcap & HWCAP_CE_SHA512)
+        if (hwcap & OSSL_HWCAP_CE_SHA512)
             OPENSSL_armcap_P |= ARMV8_SHA512;
 
-        if (hwcap & HWCAP_CPUID)
+        if (hwcap & OSSL_HWCAP_CPUID)
             OPENSSL_armcap_P |= ARMV8_CPUID;
 
-        if (hwcap & HWCAP_CE_SM3)
+        if (hwcap & OSSL_HWCAP_CE_SM3)
             OPENSSL_armcap_P |= ARMV8_SM3;
-        if (hwcap & HWCAP_SHA3)
+        if (hwcap & OSSL_HWCAP_SHA3)
             OPENSSL_armcap_P |= ARMV8_SHA3;
 #  endif
     }
 #  ifdef __aarch64__
-        if (getauxval(HWCAP) & HWCAP_SVE)
+        if (getauxval(OSSL_HWCAP) & OSSL_HWCAP_SVE)
             OPENSSL_armcap_P |= ARMV8_SVE;
 
-        if (getauxval(HWCAP2) & HWCAP2_SVE2)
+        if (getauxval(OSSL_HWCAP2) & OSSL_HWCAP2_SVE2)
             OPENSSL_armcap_P |= ARMV8_SVE2;
 
-        if (getauxval(HWCAP2) & HWCAP2_RNG)
+        if (getauxval(OSSL_HWCAP2) & OSSL_HWCAP2_RNG)
             OPENSSL_armcap_P |= ARMV8_RNG;
 #  endif
-# endif
+
+# else /* !__APPLE__ && !OSSL_IMPLEMENT_GETAUXVAL */
+
+    /* If all else fails, do brute force SIGILL-based feature detection */
 
     sigfillset(&all_masked);
     sigdelset(&all_masked, SIGILL);
@@ -321,74 +369,42 @@ void OPENSSL_cpuid_setup(void)
     sigprocmask(SIG_SETMASK, &ill_act.sa_mask, &oset);
     sigaction(SIGILL, &ill_act, &ill_oact);
 
-    /* If we used getauxval, we already have all the values */
-# ifndef OSSL_IMPLEMENT_GETAUXVAL
-    if (sigsetjmp(ill_jmp, 1) == 0) {
-        _armv7_neon_probe();
-        OPENSSL_armcap_P |= ARMV7_NEON;
-        if (sigsetjmp(ill_jmp, 1) == 0) {
-            _armv8_pmull_probe();
-            OPENSSL_armcap_P |= ARMV8_PMULL | ARMV8_AES;
-        } else if (sigsetjmp(ill_jmp, 1) == 0) {
-            _armv8_aes_probe();
-            OPENSSL_armcap_P |= ARMV8_AES;
-        }
-        if (sigsetjmp(ill_jmp, 1) == 0) {
-            _armv8_sha1_probe();
-            OPENSSL_armcap_P |= ARMV8_SHA1;
-        }
-        if (sigsetjmp(ill_jmp, 1) == 0) {
-            _armv8_sha256_probe();
-            OPENSSL_armcap_P |= ARMV8_SHA256;
-        }
-#  if defined(__aarch64__) && !defined(__APPLE__)
-        if (sigsetjmp(ill_jmp, 1) == 0) {
-            _armv8_sm4_probe();
-            OPENSSL_armcap_P |= ARMV8_SM4;
-        }
+    OPENSSL_armcap_P |= arm_probe_for(_armv7_neon_probe, ARMV7_NEON);
 
-        if (sigsetjmp(ill_jmp, 1) == 0) {
-            _armv8_sha512_probe();
-            OPENSSL_armcap_P |= ARMV8_SHA512;
-        }
+    if (OPENSSL_armcap_P & ARMV7_NEON) {
 
-        if (sigsetjmp(ill_jmp, 1) == 0) {
-            _armv8_sm3_probe();
-            OPENSSL_armcap_P |= ARMV8_SM3;
-        }
-        if (sigsetjmp(ill_jmp, 1) == 0) {
-            _armv8_eor3_probe();
-            OPENSSL_armcap_P |= ARMV8_SHA3;
+        OPENSSL_armcap_P |= arm_probe_for(_armv8_pmull_probe, ARMV8_PMULL | ARMV8_AES);
+        if (!(OPENSSL_armcap_P & ARMV8_AES)) {
+            OPENSSL_armcap_P |= arm_probe_for(_armv8_aes_probe, ARMV8_AES);
         }
-#  endif
-    }
-#  if defined(__aarch64__) && !defined(__APPLE__)
-    if (sigsetjmp(ill_jmp, 1) == 0) {
-        _armv8_sve_probe();
-        OPENSSL_armcap_P |= ARMV8_SVE;
-    }
 
-    if (sigsetjmp(ill_jmp, 1) == 0) {
-        _armv8_sve2_probe();
-        OPENSSL_armcap_P |= ARMV8_SVE2;
-    }
+        OPENSSL_armcap_P |= arm_probe_for(_armv8_sha1_probe, ARMV8_SHA1);
+        OPENSSL_armcap_P |= arm_probe_for(_armv8_sha256_probe, ARMV8_SHA256);
 
-    if (sigsetjmp(ill_jmp, 1) == 0) {
-        _armv8_rng_probe();
-        OPENSSL_armcap_P |= ARMV8_RNG;
+#  if defined(__aarch64__)
+        OPENSSL_armcap_P |= arm_probe_for(_armv8_sm3_probe, ARMV8_SM3);
+        OPENSSL_armcap_P |= arm_probe_for(_armv8_sm4_probe, ARMV8_SM4);
+        OPENSSL_armcap_P |= arm_probe_for(_armv8_sha512_probe, ARMV8_SHA512);
+        OPENSSL_armcap_P |= arm_probe_for(_armv8_eor3_probe, ARMV8_SHA3);
+#  endif
     }
+#  ifdef __aarch64__
+    OPENSSL_armcap_P |= arm_probe_for(_armv8_sve_probe, ARMV8_SVE);
+    OPENSSL_armcap_P |= arm_probe_for(_armv8_sve2_probe, ARMV8_SVE2);
+    OPENSSL_armcap_P |= arm_probe_for(_armv8_rng_probe, ARMV8_RNG);
 #  endif
-# endif
 
     /*
      * Probing for ARMV7_TICK is known to produce unreliable results,
-     * so we will only use the feature when the user explicitly enables
-     * it with OPENSSL_armcap.
+     * so we only use the feature when the user explicitly enables it
+     * with OPENSSL_armcap.
      */
 
     sigaction(SIGILL, &ill_oact, NULL);
     sigprocmask(SIG_SETMASK, &oset, NULL);
 
+# endif /* __APPLE__, OSSL_IMPLEMENT_GETAUXVAL */
+
 # ifdef __aarch64__
     if (OPENSSL_armcap_P & ARMV8_CPUID)
         OPENSSL_arm_midr = _armv8_cpuid_probe();
@@ -399,9 +415,10 @@ void OPENSSL_cpuid_setup(void)
             OPENSSL_armv8_rsa_neonized = 1;
     }
     if ((MIDR_IS_CPU_MODEL(OPENSSL_arm_midr, ARM_CPU_IMP_ARM, ARM_CPU_PART_V1) ||
-         MIDR_IS_CPU_MODEL(OPENSSL_arm_midr, ARM_CPU_IMP_ARM, ARM_CPU_PART_N2)) &&
+         MIDR_IS_CPU_MODEL(OPENSSL_arm_midr, ARM_CPU_IMP_ARM, ARM_CPU_PART_N2) ||
+         MIDR_IS_CPU_MODEL(OPENSSL_arm_midr, ARM_CPU_IMP_ARM, ARM_CPU_PART_V2)) &&
         (OPENSSL_armcap_P & ARMV8_SHA3))
         OPENSSL_armcap_P |= ARMV8_UNROLL8_EOR3;
 # endif
 }
-#endif
+#endif /* _WIN32, __ARM_MAX_ARCH__ >= 7 */

libs/openssl/crypto/armv4cpuid.pl

@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -292,8 +292,7 @@ atomic_add_spinlock:
 .word	0
 #endif
 
-.comm	OPENSSL_armcap_P,4,4
-.hidden	OPENSSL_armcap_P
+.extern	OPENSSL_armcap_P
 ___
 
 print $code;

libs/openssl/crypto/asn1/a_strnid.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -129,8 +129,10 @@ ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid)
     int idx;
     ASN1_STRING_TABLE fnd;
 
+#ifndef OPENSSL_NO_AUTOLOAD_CONFIG
     /* "stable" can be impacted by config, so load the config file first */
     OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
+#endif
 
     fnd.nid = nid;
     if (stable) {

libs/openssl/crypto/asn1/asn1_gen.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -698,9 +698,12 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype)
             atmp->value.asn1_string->data = rdata;
             atmp->value.asn1_string->length = rdlen;
             atmp->value.asn1_string->type = utype;
-        } else if (format == ASN1_GEN_FORMAT_ASCII)
-            ASN1_STRING_set(atmp->value.asn1_string, str, -1);
-        else if ((format == ASN1_GEN_FORMAT_BITLIST)
+        } else if (format == ASN1_GEN_FORMAT_ASCII) {
+            if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1)) {
+                ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
+                goto bad_str;
+            }
+        } else if ((format == ASN1_GEN_FORMAT_BITLIST)
                  && (utype == V_ASN1_BIT_STRING)) {
             if (!CONF_parse_list
                 (str, ',', 1, bitstr_cb, atmp->value.bit_string)) {

libs/openssl/crypto/bn/asm/armv4-gf2m.pl

@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2011-2023 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -325,7 +325,7 @@ $code.=<<___;
 .align	5
 
 #if __ARM_MAX_ARCH__>=7
-.comm	OPENSSL_armcap_P,4,4
+.extern	OPENSSL_armcap_P
 #endif
 ___
 

libs/openssl/crypto/bn/asm/armv4-mont.pl

@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -749,7 +749,7 @@ $code.=<<___;
 .asciz	"Montgomery multiplication for ARMv4/NEON, CRYPTOGAMS by <appro\@openssl.org>"
 .align	2
 #if __ARM_MAX_ARCH__>=7
-.comm	OPENSSL_armcap_P,4,4
+.extern	OPENSSL_armcap_P
 #endif
 ___
 

libs/openssl/crypto/chacha/asm/chacha-armv4.pl

@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -1154,7 +1154,7 @@ $code.=<<___;
 	add		sp,sp,#4*(16+3)
 	ldmia		sp!,{r4-r11,pc}
 .size	ChaCha20_neon,.-ChaCha20_neon
-.comm	OPENSSL_armcap_P,4,4
+.extern	OPENSSL_armcap_P
 #endif
 ___
 }}}

libs/openssl/crypto/chacha/asm/chacha-ia64.pl

@@ -46,6 +46,8 @@ ChaCha20_ctr32:
 	ADDP		@k[11]=4,$key
 	.save		ar.lc,r3
 	mov		r3=ar.lc		}
+{ .mmi;	ADDP		$out=0,$out
+	ADDP		$inp=0,$inp		}
 { .mmi;	ADDP		$key=0,$key
 	ADDP		$counter=0,$counter
 	.save		pr,r14

libs/openssl/crypto/cmp/cmp_asn.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Nokia 2007-2019
  * Copyright Siemens AG 2015-2019
  *
@@ -188,22 +188,22 @@ int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p,
     return 0;
 }
 
-/* get ASN.1 encoded integer, return -1 on error */
+/* get ASN.1 encoded integer, return -2 on error; -1 is valid for certReqId */
 int ossl_cmp_asn1_get_int(const ASN1_INTEGER *a)
 {
     int64_t res;
 
     if (!ASN1_INTEGER_get_int64(&res, a)) {
         ERR_raise(ERR_LIB_CMP, ASN1_R_INVALID_NUMBER);
-        return -1;
+        return -2;
     }
     if (res < INT_MIN) {
         ERR_raise(ERR_LIB_CMP, ASN1_R_TOO_SMALL);
-        return -1;
+        return -2;
     }
     if (res > INT_MAX) {
         ERR_raise(ERR_LIB_CMP, ASN1_R_TOO_LARGE);
-        return -1;
+        return -2;
     }
     return (int)res;
 }

libs/openssl/crypto/cmp/cmp_client.c

@@ -584,7 +584,7 @@ static int cert_response(OSSL_CMP_CTX *ctx, int sleep, int rid,
         return 0;
     if (rid == OSSL_CMP_CERTREQID_NONE) { /* used for OSSL_CMP_PKIBODY_P10CR */
         rid = ossl_cmp_asn1_get_int(crep->certReqId);
-        if (rid != OSSL_CMP_CERTREQID_NONE) {
+        if (rid < OSSL_CMP_CERTREQID_NONE) {
             ERR_raise(ERR_LIB_CMP, CMP_R_BAD_REQUEST_ID);
             return 0;
         }

libs/openssl/crypto/cmp/cmp_status.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2007-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Nokia 2007-2019
  * Copyright Siemens AG 2015-2019
  *
@@ -30,9 +30,12 @@
 
 int ossl_cmp_pkisi_get_status(const OSSL_CMP_PKISI *si)
 {
+    int res ;
+
     if (!ossl_assert(si != NULL && si->status != NULL))
         return -1;
-    return ossl_cmp_asn1_get_int(si->status);
+    res = ossl_cmp_asn1_get_int(si->status);
+    return res == -2 ? -1 : res;
 }
 
 const char *ossl_cmp_PKIStatus_to_string(int status)

libs/openssl/crypto/cms/cms_env.c

@@ -26,7 +26,7 @@ static void cms_env_set_version(CMS_EnvelopedData *env);
 #define CMS_ENVELOPED_STANDARD 1
 #define CMS_ENVELOPED_AUTH     2
 
-static int cms_get_enveloped_type(const CMS_ContentInfo *cms)
+static int cms_get_enveloped_type_simple(const CMS_ContentInfo *cms)
 {
     int nid = OBJ_obj2nid(cms->contentType);
 
@@ -38,11 +38,28 @@ static int cms_get_enveloped_type(const CMS_ContentInfo *cms)
         return CMS_ENVELOPED_AUTH;
 
     default:
-        ERR_raise(ERR_LIB_CMS, CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA);
         return 0;
     }
 }
 
+static int cms_get_enveloped_type(const CMS_ContentInfo *cms)
+{
+    int ret = cms_get_enveloped_type_simple(cms);
+
+    if (ret == 0)
+        ERR_raise(ERR_LIB_CMS, CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA);
+    return ret;
+}
+
+void ossl_cms_env_enc_content_free(const CMS_ContentInfo *cinf)
+{
+    if (cms_get_enveloped_type_simple(cinf) != 0) {
+        CMS_EncryptedContentInfo *ec = ossl_cms_get0_env_enc_content(cinf);
+        if (ec != NULL)
+            OPENSSL_clear_free(ec->key, ec->keylen);
+    }
+}
+
 CMS_EnvelopedData *ossl_cms_get0_enveloped(CMS_ContentInfo *cms)
 {
     if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped) {

libs/openssl/crypto/cms/cms_lib.c

@@ -75,10 +75,7 @@ CMS_ContentInfo *CMS_ContentInfo_new(void)
 void CMS_ContentInfo_free(CMS_ContentInfo *cms)
 {
     if (cms != NULL) {
-        CMS_EncryptedContentInfo *ec = ossl_cms_get0_env_enc_content(cms);
-
-        if (ec != NULL)
-            OPENSSL_clear_free(ec->key, ec->keylen);
+        ossl_cms_env_enc_content_free(cms);
         OPENSSL_free(cms->ctx.propq);
         ASN1_item_free((ASN1_VALUE *)cms, ASN1_ITEM_rptr(CMS_ContentInfo));
     }

libs/openssl/crypto/cms/cms_local.h

@@ -1,5 +1,5 @@
 /*
- * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -444,6 +444,7 @@ BIO *ossl_cms_EnvelopedData_init_bio(CMS_ContentInfo *cms);
 int ossl_cms_EnvelopedData_final(CMS_ContentInfo *cms, BIO *chain);
 BIO *ossl_cms_AuthEnvelopedData_init_bio(CMS_ContentInfo *cms);
 int ossl_cms_AuthEnvelopedData_final(CMS_ContentInfo *cms, BIO *cmsbio);
+void ossl_cms_env_enc_content_free(const CMS_ContentInfo *cinf);
 CMS_EnvelopedData *ossl_cms_get0_enveloped(CMS_ContentInfo *cms);
 CMS_AuthEnvelopedData *ossl_cms_get0_auth_enveloped(CMS_ContentInfo *cms);
 CMS_EncryptedContentInfo *ossl_cms_get0_env_enc_content(const CMS_ContentInfo *cms);

libs/openssl/crypto/cms/cms_sd.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -264,13 +264,13 @@ static int cms_sd_asn1_ctrl(CMS_SignerInfo *si, int cmd)
     int i;
 
     if (EVP_PKEY_is_a(pkey, "DSA") || EVP_PKEY_is_a(pkey, "EC"))
-        return cms_generic_sign(si, cmd);
+        return cms_generic_sign(si, cmd) > 0;
     else if (EVP_PKEY_is_a(pkey, "RSA") || EVP_PKEY_is_a(pkey, "RSA-PSS"))
-        return ossl_cms_rsa_sign(si, cmd);
+        return ossl_cms_rsa_sign(si, cmd) > 0;
 
     /* Now give engines, providers, etc a chance to handle this */
     if (pkey->ameth == NULL || pkey->ameth->pkey_ctrl == NULL)
-        return cms_generic_sign(si, cmd);
+        return cms_generic_sign(si, cmd) > 0;
     i = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_CMS_SIGN, cmd, si);
     if (i == -2) {
         ERR_raise(ERR_LIB_CMS, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);

libs/openssl/crypto/conf/conf_sap.c

@@ -65,7 +65,8 @@ int ossl_config_int(const OPENSSL_INIT_SETTINGS *settings)
 #endif
 
 #ifndef OPENSSL_SYS_UEFI
-    ret = CONF_modules_load_file(filename, appname, flags);
+    ret = CONF_modules_load_file_ex(OSSL_LIB_CTX_get0_global_default(),
+                                    filename, appname, flags);
 #else
     ret = 1;
 #endif

libs/openssl/crypto/ec/ec_key.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -543,11 +543,6 @@ int ossl_ec_key_public_check(const EC_KEY *eckey, BN_CTX *ctx)
         ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
         goto err;
     }
-    /* Perform a second check on the public key */
-    if (!EC_POINT_mul(eckey->group, point, NULL, eckey->pub_key, order, ctx)) {
-        ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
-        goto err;
-    }
     if (!EC_POINT_is_at_infinity(eckey->group, point)) {
         ERR_raise(ERR_LIB_EC, EC_R_WRONG_ORDER);
         goto err;

libs/openssl/crypto/encode_decode/decoder_lib.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -750,10 +750,11 @@ static int decoder_process(const OSSL_PARAM params[], void *arg)
                            (void *)new_data.ctx, LEVEL, rv);
             } OSSL_TRACE_END(DECODER);
 
-            data->flag_construct_called = 1;
             ok = (rv > 0);
-            if (ok)
+            if (ok) {
+                data->flag_construct_called = 1;
                 goto end;
+            }
         }
 
         /* The constructor didn't return success */

libs/openssl/crypto/encode_decode/decoder_pkey.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -152,7 +152,11 @@ static int decoder_construct_pkey(OSSL_DECODER_INSTANCE *decoder_inst,
 
             import_data.keymgmt = keymgmt;
             import_data.keydata = NULL;
-            import_data.selection = data->selection;
+            if (data->selection == 0)
+                /* import/export functions do not tolerate 0 selection */
+                import_data.selection = OSSL_KEYMGMT_SELECT_ALL;
+            else
+                import_data.selection = data->selection;
 
             /*
              * No need to check for errors here, the value of

libs/openssl/crypto/encode_decode/encoder_pkey.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -286,8 +286,10 @@ static int ossl_encoder_ctx_setup_for_pkey(OSSL_ENCODER_CTX *ctx,
         end = sk_OPENSSL_CSTRING_num(encoder_data.names);
         if (end > 0) {
             encoder_data.id_names = OPENSSL_malloc(end * sizeof(int));
-            if (encoder_data.id_names == NULL)
+            if (encoder_data.id_names == NULL) {
+                sk_OPENSSL_CSTRING_free(keymgmt_data.names);
                 goto err;
+            }
             for (i = 0; i < end; ++i) {
                 const char *name = sk_OPENSSL_CSTRING_value(keymgmt_data.names, i);
 

libs/openssl/crypto/engine/eng_lib.c

@@ -133,28 +133,34 @@ static ENGINE_CLEANUP_ITEM *int_cleanup_item(ENGINE_CLEANUP_CB *cb)
     return item;
 }
 
-void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb)
+int engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb)
 {
     ENGINE_CLEANUP_ITEM *item;
 
     if (!int_cleanup_check(1))
-        return;
+        return 0;
     item = int_cleanup_item(cb);
-    if (item != NULL)
-        if (sk_ENGINE_CLEANUP_ITEM_insert(cleanup_stack, item, 0) <= 0)
-            OPENSSL_free(item);
+    if (item != NULL) {
+        if (sk_ENGINE_CLEANUP_ITEM_insert(cleanup_stack, item, 0))
+            return 1;
+        OPENSSL_free(item);
+    }
+    return 0;
 }
 
-void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb)
+int engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb)
 {
     ENGINE_CLEANUP_ITEM *item;
+
     if (!int_cleanup_check(1))
-        return;
+        return 0;
     item = int_cleanup_item(cb);
     if (item != NULL) {
-        if (sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item) <= 0)
-            OPENSSL_free(item);
+        if (sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item) > 0)
+            return 1;
+        OPENSSL_free(item);
     }
+    return 0;
 }
 
 /* The API function that performs all cleanup */

libs/openssl/crypto/engine/eng_list.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -78,12 +78,15 @@ static int engine_list_add(ENGINE *e)
             ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INTERNAL_LIST_ERROR);
             return 0;
         }
-        engine_list_head = e;
-        e->prev = NULL;
         /*
          * The first time the list allocates, we should register the cleanup.
          */
-        engine_cleanup_add_last(engine_list_cleanup);
+        if (!engine_cleanup_add_last(engine_list_cleanup)) {
+            ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INTERNAL_LIST_ERROR);
+            return 0;
+        }
+        engine_list_head = e;
+        e->prev = NULL;
     } else {
         /* We are adding to the tail of an existing list. */
         if ((engine_list_tail == NULL) || (engine_list_tail->next != NULL)) {

libs/openssl/crypto/engine/eng_local.h

@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -46,8 +46,8 @@ typedef struct st_engine_cleanup_item {
     ENGINE_CLEANUP_CB *cb;
 } ENGINE_CLEANUP_ITEM;
 DEFINE_STACK_OF(ENGINE_CLEANUP_ITEM)
-void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb);
-void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb);
+int engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb);
+int engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb);
 
 /* We need stacks of ENGINEs for use in eng_table.c */
 DEFINE_STACK_OF(ENGINE)

libs/openssl/crypto/engine/eng_table.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -93,9 +93,11 @@ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
         added = 1;
     if (!int_table_check(table, 1))
         goto end;
-    if (added)
-        /* The cleanup callback needs to be added */
-        engine_cleanup_add_first(cleanup);
+    /* The cleanup callback needs to be added */
+    if (added && !engine_cleanup_add_first(cleanup)) {
+        lh_ENGINE_PILE_free(&(*table)->piles);
+        *table = NULL;
+    }
     while (num_nids--) {
         tmplate.nid = *nids;
         fnd = lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate);
@@ -201,8 +203,10 @@ ENGINE *ossl_engine_table_select(ENGINE_TABLE **table, int nid,
     ENGINE_PILE tmplate, *fnd = NULL;
     int initres, loop = 0;
 
+#ifndef OPENSSL_NO_AUTOLOAD_CONFIG
     /* Load the config before trying to check if engines are available */
     OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
+#endif
 
     if (!(*table)) {
         OSSL_TRACE3(ENGINE_TABLE,

libs/openssl/crypto/evp/ctrl_params_translate.c

@@ -1786,7 +1786,8 @@ static int get_rsa_payload_n(enum state state,
 {
     const BIGNUM *bn = NULL;
 
-    if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA)
+    if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA
+        && EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA_PSS)
         return 0;
     bn = RSA_get0_n(EVP_PKEY_get0_RSA(ctx->p2));
 
@@ -1799,7 +1800,8 @@ static int get_rsa_payload_e(enum state state,
 {
     const BIGNUM *bn = NULL;
 
-    if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA)
+    if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA
+        && EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA_PSS)
         return 0;
     bn = RSA_get0_e(EVP_PKEY_get0_RSA(ctx->p2));
 
@@ -1812,7 +1814,8 @@ static int get_rsa_payload_d(enum state state,
 {
     const BIGNUM *bn = NULL;
 
-    if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA)
+    if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA
+        && EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA_PSS)
         return 0;
     bn = RSA_get0_d(EVP_PKEY_get0_RSA(ctx->p2));
 
@@ -1912,7 +1915,8 @@ static int get_rsa_payload_coefficient(enum state state,
                          const struct translation_st *translation,      \
                          struct translation_ctx_st *ctx)                \
     {                                                                   \
-        if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA)              \
+        if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA               \
+            && EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA_PSS)       \
             return 0;                                                   \
         return get_rsa_payload_factor(state, translation, ctx, n - 1);  \
     }
@@ -1923,7 +1927,8 @@ static int get_rsa_payload_coefficient(enum state state,
                          const struct translation_st *translation,      \
                          struct translation_ctx_st *ctx)                \
     {                                                                   \
-        if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA)              \
+        if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA               \
+            && EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA_PSS)       \
             return 0;                                                   \
         return get_rsa_payload_exponent(state, translation, ctx,        \
                                         n - 1);                         \
@@ -1935,7 +1940,8 @@ static int get_rsa_payload_coefficient(enum state state,
                          const struct translation_st *translation,      \
                          struct translation_ctx_st *ctx)                \
     {                                                                   \
-        if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA)              \
+        if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA               \
+            && EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA_PSS)       \
             return 0;                                                   \
         return get_rsa_payload_coefficient(state, translation, ctx,     \
                                            n - 1);                      \
@@ -2271,10 +2277,10 @@ static const struct translation_st evp_pkey_ctx_translations[] = {
     { SET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN,
       EVP_PKEY_CTRL_RSA_KEYGEN_BITS, "rsa_keygen_bits", NULL,
       OSSL_PKEY_PARAM_RSA_BITS, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
-    { SET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_KEYGEN,
+    { SET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN,
       EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, "rsa_keygen_pubexp", NULL,
       OSSL_PKEY_PARAM_RSA_E, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
-    { SET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_KEYGEN,
+    { SET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN,
       EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES, "rsa_keygen_primes", NULL,
       OSSL_PKEY_PARAM_RSA_PRIMES, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
 

libs/openssl/crypto/evp/p_lib.c

@@ -717,6 +717,7 @@ static void detect_foreign_key(EVP_PKEY *pkey)
 {
     switch (pkey->type) {
     case EVP_PKEY_RSA:
+    case EVP_PKEY_RSA_PSS:
         pkey->foreign = pkey->pkey.rsa != NULL
                         && ossl_rsa_is_foreign(pkey->pkey.rsa);
         break;
@@ -1075,6 +1076,7 @@ int EVP_PKEY_can_sign(const EVP_PKEY *pkey)
     if (pkey->keymgmt == NULL) {
         switch (EVP_PKEY_get_base_id(pkey)) {
         case EVP_PKEY_RSA:
+        case EVP_PKEY_RSA_PSS:
             return 1;
 # ifndef OPENSSL_NO_DSA
         case EVP_PKEY_DSA:

libs/openssl/crypto/http/http_client.c

@@ -165,7 +165,8 @@ void OSSL_HTTP_REQ_CTX_set_max_response_length(OSSL_HTTP_REQ_CTX *rctx,
 
 /*
  * Create request line using |rctx| and |path| (or "/" in case |path| is NULL).
- * Server name (and port) must be given if and only if plain HTTP proxy is used.
+ * Server name (and optional port) must be given if and only if
+ * a plain HTTP proxy is used and |path| does not begin with 'http://'.
  */
 int OSSL_HTTP_REQ_CTX_set_request_line(OSSL_HTTP_REQ_CTX *rctx, int method_POST,
                                        const char *server, const char *port,
@@ -194,11 +195,17 @@ int OSSL_HTTP_REQ_CTX_set_request_line(OSSL_HTTP_REQ_CTX *rctx, int method_POST,
             return 0;
     }
 
-    /* Make sure path includes a forward slash */
-    if (path == NULL)
+    /* Make sure path includes a forward slash (abs_path) */
+    if (path == NULL)  {
         path = "/";
-    if (path[0] != '/' && BIO_printf(rctx->mem, "/") <= 0)
+    } else if (HAS_PREFIX(path, "http://")) { /* absoluteURI for proxy use */
+        if (server != NULL) {
+            ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_INVALID_ARGUMENT);
+            return 0;
+        }
+    } else if (path[0] != '/' && BIO_printf(rctx->mem, "/") <= 0) {
         return 0;
+    }
     /*
      * Add (the rest of) the path and the HTTP version,
      * which is fixed to 1.0 for straightforward implementation of keep-alive

libs/openssl/crypto/loongarch_arch.h

@@ -9,7 +9,10 @@
 #ifndef OSSL_CRYPTO_LOONGARCH_ARCH_H
 # define OSSL_CRYPTO_LOONGARCH_ARCH_H
 
+# ifndef __ASSEMBLER__
 extern unsigned int OPENSSL_loongarch_hwcap_P;
+# endif
+
 # define LOONGARCH_HWCAP_LSX  (1 << 4)
 # define LOONGARCH_HWCAP_LASX (1 << 5)
 

libs/openssl/crypto/mem.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -195,7 +195,6 @@ void *CRYPTO_zalloc(size_t num, const char *file, int line)
     void *ret;
 
     ret = CRYPTO_malloc(num, file, line);
-    FAILTEST();
     if (ret != NULL)
         memset(ret, 0, num);
 
@@ -208,7 +207,6 @@ void *CRYPTO_realloc(void *str, size_t num, const char *file, int line)
     if (realloc_impl != CRYPTO_realloc)
         return realloc_impl(str, num, file, line);
 
-    FAILTEST();
     if (str == NULL)
         return CRYPTO_malloc(num, file, line);
 
@@ -217,6 +215,7 @@ void *CRYPTO_realloc(void *str, size_t num, const char *file, int line)
         return NULL;
     }
 
+    FAILTEST();
     return realloc(str, num);
 }
 

libs/openssl/crypto/objects/obj_dat.c

@@ -81,8 +81,10 @@ DEFINE_RUN_ONCE_STATIC(obj_lock_initialise)
 
 static ossl_inline int ossl_init_added_lock(void)
 {
+#ifndef OPENSSL_NO_AUTOLOAD_CONFIG
     /* Make sure we've loaded config before checking for any "added" objects */
     OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
+#endif
     return RUN_ONCE(&ossl_obj_lock_init, obj_lock_initialise);
 }
 

libs/openssl/crypto/pem/pem_pkey.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -366,10 +366,19 @@ int PEM_write_bio_PrivateKey_traditional(BIO *bp, const EVP_PKEY *x,
     return ret;
 }
 
+static int no_password_cb(char *buf, int num, int rwflag, void *userdata)
+{
+    return -1;
+}
+
 EVP_PKEY *PEM_read_bio_Parameters_ex(BIO *bp, EVP_PKEY **x,
                                      OSSL_LIB_CTX *libctx, const char *propq)
 {
-    return pem_read_bio_key(bp, x, NULL, NULL, libctx, propq,
+    /*
+     * PEM_read_bio_Parameters(_ex) should never ask for a password. Any attempt
+     * to get a password just fails.
+     */
+    return pem_read_bio_key(bp, x, no_password_cb, NULL, libctx, propq,
                             EVP_PKEY_KEY_PARAMETERS);
 }
 

libs/openssl/crypto/perlasm/arm-xlate.pl

@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -170,9 +170,8 @@ while(my $line=<>) {
     }
 
     {
-	$line =~ s|(^[\.\w]+)\:\s*||;
-	my $label = $1;
-	if ($label) {
+	if ($line =~ s|(^[\.\w]+)\:\s*||) {
+	    my $label = $1;
 	    printf "%s:",($GLOBALS{$label} or $label);
 	}
     }

libs/openssl/crypto/pkcs12/p12_crt.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -14,6 +14,12 @@
 
 static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags,
                           PKCS12_SAFEBAG *bag);
+static PKCS12_SAFEBAG *pkcs12_add_cert_bag(STACK_OF(PKCS12_SAFEBAG) **pbags,
+                                           X509 *cert,
+                                           const char *name,
+                                           int namelen,
+                                           unsigned char *keyid,
+                                           int keyidlen);
 
 static int copy_bag_attr(PKCS12_SAFEBAG *bag, EVP_PKEY *pkey, int nid)
 {
@@ -40,6 +46,9 @@ PKCS12 *PKCS12_create_ex(const char *pass, const char *name, EVP_PKEY *pkey,
     int i;
     unsigned char keyid[EVP_MAX_MD_SIZE];
     unsigned int keyidlen = 0;
+    int namelen = -1;
+    unsigned char *pkeyid = NULL;
+    int pkeyidlen = -1;
 
     /* Set defaults */
     if (nid_cert == NID_undef)
@@ -64,11 +73,16 @@ PKCS12 *PKCS12_create_ex(const char *pass, const char *name, EVP_PKEY *pkey,
     }
 
     if (cert) {
-        bag = PKCS12_add_cert(&bags, cert);
-        if (name && !PKCS12_add_friendlyname(bag, name, -1))
-            goto err;
-        if (keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
-            goto err;
+        if (name == NULL)
+            name = (char *)X509_alias_get0(cert, &namelen);
+        if (keyidlen > 0) {
+            pkeyid = keyid;
+            pkeyidlen = keyidlen;
+        } else {
+            pkeyid = X509_keyid_get0(cert, &pkeyidlen);
+        }
+
+        bag = pkcs12_add_cert_bag(&bags, cert, name, namelen, pkeyid, pkeyidlen);
     }
 
     /* Add all other certificates */
@@ -139,30 +153,23 @@ PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, X509 *
                             iter, mac_iter, keytype, NULL, NULL);
 }
 
-PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert)
+static PKCS12_SAFEBAG *pkcs12_add_cert_bag(STACK_OF(PKCS12_SAFEBAG) **pbags,
+                                           X509 *cert,
+                                           const char *name,
+                                           int namelen,
+                                           unsigned char *keyid,
+                                           int keyidlen)
 {
     PKCS12_SAFEBAG *bag = NULL;
-    char *name;
-    int namelen = -1;
-    unsigned char *keyid;
-    int keyidlen = -1;
 
     /* Add user certificate */
     if ((bag = PKCS12_SAFEBAG_create_cert(cert)) == NULL)
         goto err;
 
-    /*
-     * Use friendlyName and localKeyID in certificate. (if present)
-     */
-
-    name = (char *)X509_alias_get0(cert, &namelen);
-
-    if (name && !PKCS12_add_friendlyname(bag, name, namelen))
+    if (name != NULL && !PKCS12_add_friendlyname(bag, name, namelen))
         goto err;
 
-    keyid = X509_keyid_get0(cert, &keyidlen);
-
-    if (keyid && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
+    if (keyid != NULL && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
         goto err;
 
     if (!pkcs12_add_bag(pbags, bag))
@@ -173,7 +180,22 @@ PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert)
  err:
     PKCS12_SAFEBAG_free(bag);
     return NULL;
+}
+
+PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert)
+{
+    char *name = NULL;
+    int namelen = -1;
+    unsigned char *keyid = NULL;
+    int keyidlen = -1;
+
+    /*
+     * Use friendlyName and localKeyID in certificate. (if present)
+     */
+    name = (char *)X509_alias_get0(cert, &namelen);
+    keyid = X509_keyid_get0(cert, &keyidlen);
 
+    return pkcs12_add_cert_bag(pbags, cert, name, namelen, keyid, keyidlen);
 }
 
 PKCS12_SAFEBAG *PKCS12_add_key_ex(STACK_OF(PKCS12_SAFEBAG) **pbags,

libs/openssl/crypto/poly1305/asm/poly1305-armv4.pl

@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -1239,7 +1239,7 @@ $code.=<<___;
 .asciz	"Poly1305 for ARMv4/NEON, CRYPTOGAMS by <appro\@openssl.org>"
 .align	2
 #if	__ARM_MAX_ARCH__>=7
-.comm   OPENSSL_armcap_P,4,4
+.extern   OPENSSL_armcap_P
 #endif
 ___
 

libs/openssl/crypto/poly1305/asm/poly1305-x86_64.pl

@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -195,7 +195,7 @@ $code.=<<___	if ($avx>1);
 	bt	\$`5+32`,%r9		# AVX2?
 	cmovc	%rax,%r10
 ___
-$code.=<<___	if ($avx>3);
+$code.=<<___	if ($avx>3 && !$win64);
 	mov	\$`(1<<31|1<<21|1<<16)`,%rax
 	shr	\$32,%r9
 	and	%rax,%r9
@@ -2724,7 +2724,7 @@ $code.=<<___;
 .cfi_endproc
 .size	poly1305_blocks_avx512,.-poly1305_blocks_avx512
 ___
-if ($avx>3) {
+if ($avx>3 && !$win64) {
 ########################################################################
 # VPMADD52 version using 2^44 radix.
 #

libs/openssl/crypto/property/property.c

@@ -124,11 +124,11 @@ void *ossl_ctx_global_properties_new(OSSL_LIB_CTX *ctx)
 }
 
 OSSL_PROPERTY_LIST **ossl_ctx_global_properties(OSSL_LIB_CTX *libctx,
-                                                int loadconfig)
+                                                ossl_unused int loadconfig)
 {
     OSSL_GLOBAL_PROPERTIES *globp;
 
-#ifndef FIPS_MODULE
+#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_AUTOLOAD_CONFIG)
     if (loadconfig && !OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL))
         return NULL;
 #endif
@@ -505,7 +505,7 @@ int ossl_method_store_fetch(OSSL_METHOD_STORE *store,
     if (nid <= 0 || method == NULL || store == NULL)
         return 0;
 
-#ifndef FIPS_MODULE
+#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_AUTOLOAD_CONFIG)
     if (ossl_lib_ctx_is_default(store->ctx)
             && !OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL))
         return 0;

libs/openssl/crypto/provider_core.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -400,7 +400,7 @@ int ossl_provider_info_add_to_store(OSSL_LIB_CTX *libctx,
 }
 
 OSSL_PROVIDER *ossl_provider_find(OSSL_LIB_CTX *libctx, const char *name,
-                                  int noconfig)
+                                  ossl_unused int noconfig)
 {
     struct provider_store_st *store = NULL;
     OSSL_PROVIDER *prov = NULL;
@@ -409,7 +409,7 @@ OSSL_PROVIDER *ossl_provider_find(OSSL_LIB_CTX *libctx, const char *name,
         OSSL_PROVIDER tmpl = { 0, };
         int i;
 
-#ifndef FIPS_MODULE
+#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_AUTOLOAD_CONFIG)
         /*
          * Make sure any providers are loaded from config before we try to find
          * them.
@@ -1348,7 +1348,7 @@ int ossl_provider_doall_activated(OSSL_LIB_CTX *ctx,
     struct provider_store_st *store = get_provider_store(ctx);
     STACK_OF(OSSL_PROVIDER) *provs = NULL;
 
-#ifndef FIPS_MODULE
+#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_AUTOLOAD_CONFIG)
     /*
      * Make sure any providers are loaded from config before we try to use
      * them.

libs/openssl/crypto/rsa/rsa_ameth.c

@@ -60,13 +60,16 @@ static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
     if (!rsa_param_encode(pkey, &str, &strtype))
         return 0;
     penclen = i2d_RSAPublicKey(pkey->pkey.rsa, &penc);
-    if (penclen <= 0)
+    if (penclen <= 0) {
+        ASN1_STRING_free(str);
         return 0;
+    }
     if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(pkey->ameth->pkey_id),
                                strtype, str, penc, penclen))
         return 1;
 
     OPENSSL_free(penc);
+    ASN1_STRING_free(str);
     return 0;
 }
 

libs/openssl/crypto/sha/asm/sha1-armv4-large.pl

@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -707,7 +707,7 @@ ___
 }}}
 $code.=<<___;
 #if __ARM_MAX_ARCH__>=7
-.comm	OPENSSL_armcap_P,4,4
+.extern	OPENSSL_armcap_P
 #endif
 ___
 

libs/openssl/crypto/sha/asm/sha256-armv4.pl

@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -693,7 +693,7 @@ $code.=<<___;
 .asciz  "SHA256 block transform for ARMv4/NEON/ARMv8, CRYPTOGAMS by <appro\@openssl.org>"
 .align	2
 #if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__)
-.comm   OPENSSL_armcap_P,4,4
+.extern   OPENSSL_armcap_P
 #endif
 ___
 

libs/openssl/crypto/sha/asm/sha512-armv4.pl

@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -660,7 +660,7 @@ $code.=<<___;
 .asciz	"SHA512 block transform for ARMv4/NEON, CRYPTOGAMS by <appro\@openssl.org>"
 .align	2
 #if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__)
-.comm	OPENSSL_armcap_P,4,4
+.extern	OPENSSL_armcap_P
 #endif
 ___
 

libs/openssl/crypto/sm4/asm/vpsm4-armv8.pl

@@ -470,9 +470,9 @@ _vpsm4_consts:
 	.long 0xA0A7AEB5, 0xBCC3CAD1, 0xD8DFE6ED, 0xF4FB0209
 	.long 0x10171E25, 0x2C333A41, 0x484F565D, 0x646B7279
 .Lfk:
-	.dword 0x56aa3350a3b1bac6,0xb27022dc677d9197
+	.quad 0x56aa3350a3b1bac6,0xb27022dc677d9197
 .Lshuffles:
-	.dword 0x0B0A090807060504,0x030201000F0E0D0C
+	.quad 0x0B0A090807060504,0x030201000F0E0D0C
 
 .size	_vpsm4_consts,.-_vpsm4_consts
 ___

libs/openssl/crypto/srp/srp_vfy.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2004-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2004, EdelKey Project. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -283,6 +283,7 @@ SRP_VBASE *SRP_VBASE_new(char *seed_key)
         return NULL;
     if ((vb->users_pwd = sk_SRP_user_pwd_new_null()) == NULL
         || (vb->gN_cache = sk_SRP_gN_cache_new_null()) == NULL) {
+        sk_SRP_user_pwd_free(vb->users_pwd);
         OPENSSL_free(vb);
         return NULL;
     }

libs/openssl/crypto/store/store_lib.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -428,14 +428,14 @@ OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx)
 
             load_data.v = NULL;
             load_data.ctx = ctx;
+            ctx->error_flag = 0;
 
             if (!ctx->fetched_loader->p_load(ctx->loader_ctx,
                                              ossl_store_handle_load_result,
                                              &load_data,
                                              ossl_pw_passphrase_callback_dec,
                                              &ctx->pwdata)) {
-                if (!OSSL_STORE_eof(ctx))
-                    ctx->error_flag = 1;
+                ctx->error_flag = 1;
                 return NULL;
             }
             v = load_data.v;

libs/openssl/crypto/threads_pthread.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -72,8 +72,6 @@ CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void)
 #  if !defined (__TANDEM) && !defined (_SPT_MODEL_)
 #   if !defined(NDEBUG) && !defined(OPENSSL_NO_MUTEX_ERRORCHECK)
     pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_ERRORCHECK);
-#   else
-    pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_NORMAL);
 #   endif
 #  else
     /* The SPT Thread Library does not define MUTEX attributes. */

libs/openssl/crypto/x509/v3_ist.c

@@ -51,25 +51,25 @@ static ISSUER_SIGN_TOOL *v2i_issuer_sign_tool(X509V3_EXT_METHOD *method, X509V3_
         if (strcmp(cnf->name, "signTool") == 0) {
             ist->signTool = ASN1_UTF8STRING_new();
             if (ist->signTool == NULL || !ASN1_STRING_set(ist->signTool, cnf->value, strlen(cnf->value))) {
-                ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
+                ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
                 goto err;
             }
         } else if (strcmp(cnf->name, "cATool") == 0) {
             ist->cATool = ASN1_UTF8STRING_new();
             if (ist->cATool == NULL || !ASN1_STRING_set(ist->cATool, cnf->value, strlen(cnf->value))) {
-                ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
+                ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
                 goto err;
             }
         } else if (strcmp(cnf->name, "signToolCert") == 0) {
             ist->signToolCert = ASN1_UTF8STRING_new();
             if (ist->signToolCert == NULL || !ASN1_STRING_set(ist->signToolCert, cnf->value, strlen(cnf->value))) {
-                ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
+                ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
                 goto err;
             }
         } else if (strcmp(cnf->name, "cAToolCert") == 0) {
             ist->cAToolCert = ASN1_UTF8STRING_new();
             if (ist->cAToolCert == NULL || !ASN1_STRING_set(ist->cAToolCert, cnf->value, strlen(cnf->value))) {
-                ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
+                ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
                 goto err;
             }
         } else {

libs/openssl/crypto/x509/x509_cmp.c

@@ -292,12 +292,13 @@ unsigned long X509_NAME_hash_ex(const X509_NAME *x, OSSL_LIB_CTX *libctx,
     unsigned long ret = 0;
     unsigned char md[SHA_DIGEST_LENGTH];
     EVP_MD *sha1 = EVP_MD_fetch(libctx, "SHA1", propq);
+    int i2d_ret;
 
     /* Make sure X509_NAME structure contains valid cached encoding */
-    i2d_X509_NAME(x, NULL);
+    i2d_ret = i2d_X509_NAME(x, NULL);
     if (ok != NULL)
         *ok = 0;
-    if (sha1 != NULL
+    if (i2d_ret >= 0 && sha1 != NULL
         && EVP_Digest(x->canon_enc, x->canon_enclen, md, NULL, sha1, NULL)) {
         ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) |
                ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L)
@@ -325,7 +326,9 @@ unsigned long X509_NAME_hash_old(const X509_NAME *x)
         goto end;
 
     /* Make sure X509_NAME structure contains valid cached encoding */
-    i2d_X509_NAME(x, NULL);
+    if (i2d_X509_NAME(x, NULL) < 0)
+        goto end;
+
     if (EVP_DigestInit_ex(md_ctx, md5, NULL)
         && EVP_DigestUpdate(md_ctx, x->bytes->data, x->bytes->length)
         && EVP_DigestFinal_ex(md_ctx, md, NULL))

libs/openssl/doc/man1/openssl-cmp.pod.in

@@ -659,11 +659,12 @@ is typically used when authenticating with pre-shared key (password-based MAC).
 
 =item B<-secret> I<arg>
 
-Prefer PBM-based message protection with given source of a secret value.
-The secret is used for creating PBM-based protection of outgoing messages
-and (as far as needed) for validating PBM-based protection of incoming messages.
-PBM stands for Password-Based Message Authentication Code.
+Provides the source of a secret value to use with MAC-based message protection.
 This takes precedence over the B<-cert> and B<-key> options.
+The secret is used for creating MAC-based protection of outgoing messages
+and for validating incoming messages that have MAC-based protection.
+The algorithm used by default is Password-Based Message Authentication Code (PBM)
+as defined in RFC 4210 section 5.1.3.1.
 
 For more information about the format of I<arg> see
 L<openssl-passphrase-options(1)>.
@@ -682,7 +683,8 @@ while the subject of B<-oldcert> or B<-subjectName> may provide fallback values.
 The issuer of this certificate is used as one of the recipient fallback values
 and as fallback issuer entry in the certificate template of IR/CR/KUR messages.
 
-When using signature-based message protection, this "protection certificate"
+When performing signature-based message protection,
+this "protection certificate", also called "signer certificate",
 will be included first in the extraCerts field of outgoing messages
 and the signature is done with the corresponding key.
 In Initialization Request (IR) messages this can be used for authenticating
@@ -713,8 +715,8 @@ have no effect on the certificate verification enabled via this option.
 
 The corresponding private key file for the client's current certificate given in
 the B<-cert> option.
-This will be used for signature-based message protection unless
-the B<-secret> option indicating PBM or B<-unprotected_requests> is given.
+This will be used for signature-based message protection unless the B<-secret>
+option indicating MAC-based protection or B<-unprotected_requests> is given.
 
 It is also used as a fallback for the B<-newkey> option with IR/CR/KUR messages.
 
@@ -730,7 +732,7 @@ L<openssl-passphrase-options(1)>.
 =item B<-digest> I<name>
 
 Specifies name of supported digest to use in RFC 4210's MSG_SIG_ALG
-and as the one-way function (OWF) in MSG_MAC_ALG.
+and as the one-way function (OWF) in C<MSG_MAC_ALG>.
 If applicable, this is used for message protection and
 proof-of-possession (POPO) signatures.
 To see the list of supported digests, use C<openssl list -digest-commands>.
@@ -738,7 +740,7 @@ Defaults to C<sha256>.
 
 =item B<-mac> I<name>
 
-Specifies the name of the MAC algorithm in MSG_MAC_ALG.
+Specifies the name of the MAC algorithm in C<MSG_MAC_ALG>.
 To get the names of supported MAC algorithms use C<openssl list -mac-algorithms>
 and possibly combine such a name with the name of a supported digest algorithm,
 e.g., hmacWithSHA256.
@@ -1097,6 +1099,13 @@ only affect the certificate verification enabled via the B<-out_trusted> option.
 
 =head1 NOTES
 
+When a client obtains from a CMP server CA certificates that it is going to
+trust, for instance via the C<caPubs> field of a certificate response,
+authentication of the CMP server is particularly critical.
+So special care must be taken setting up server authentication
+using B<-trusted> and related options for certificate-based authentication
+or B<-secret> for MAC-based protection.
+
 When setting up CMP configurations and experimenting with enrollment options
 typically various errors occur until the configuration is correct and complete.
 When the CMP server reports an error the client will by default
@@ -1170,7 +1179,7 @@ In order to update the enrolled certificate one may call
 
   openssl cmp -section insta,kur
 
-using with PBM-based protection or
+using MAC-based protection with PBM or
 
   openssl cmp -section insta,kur,signature
 
@@ -1229,7 +1238,7 @@ Then it can start using the new cert and key.
     -newkey cl_key_new.pem -certout cl_cert.pem
   cp cl_key_new.pem cl_key.pem
 
-This command sequence can be repated as often as needed.
+This command sequence can be repeated as often as needed.
 
 =head2 Requesting information from CMP server
 

libs/openssl/doc/man1/openssl-cms.pod.in

@@ -391,7 +391,7 @@ option.
 =item I<recipient-cert> ...
 
 This is an alternative to using the B<-recip> option when encrypting a message.
-One or more certificate filennames may be given.
+One or more certificate filenames may be given.
 
 =item B<-I<cipher>>
 
@@ -902,7 +902,7 @@ The B<-engine> option was deprecated in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man1/openssl-ts.pod.in

@@ -490,7 +490,7 @@ Default is no.  (Optional)
 =item B<ess_cert_id_alg>
 
 This option specifies the hash function to be used to calculate the TSA's
-public key certificate identifier. Default is sha256. (Optional)
+public key certificate identifier. Default is sha1. (Optional)
 
 =back
 
@@ -652,7 +652,7 @@ L<ossl_store-file(7)>
 
 =head1 COPYRIGHT
 
-Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/BIO_s_mem.pod

@@ -59,6 +59,8 @@ positive return value B<v> should be set to a negative value, typically -1.
 
 BIO_get_mem_data() sets *B<pp> to a pointer to the start of the memory BIOs data
 and returns the total amount of data available. It is implemented as a macro.
+Note the pointer returned by this call is informative, no transfer of ownership
+of this memory is implied.  See notes on BIO_set_close().
 
 BIO_set_mem_buf() sets the internal BUF_MEM structure to B<bm> and sets the
 close flag to B<c>, that is B<c> should be either BIO_CLOSE or BIO_NOCLOSE.
@@ -114,6 +116,10 @@ preceding that write operation cannot be undone.
 Calling BIO_get_mem_ptr() prior to a BIO_reset() call with
 BIO_FLAGS_NONCLEAR_RST set has the same effect as a write operation.
 
+Calling BIO_set_close() with BIO_NOCLOSE orphans the BUF_MEM internal to the
+BIO, _not_ its actual data buffer. See the examples section for the proper
+method for claiming ownership of the data pointer for a deferred free operation.
+
 =head1 BUGS
 
 There should be an option to set the maximum size of a memory BIO.
@@ -151,10 +157,24 @@ Extract the BUF_MEM structure from a memory BIO and then free up the BIO:
  BIO_set_close(mem, BIO_NOCLOSE); /* So BIO_free() leaves BUF_MEM alone */
  BIO_free(mem);
 
+Extract the BUF_MEM ptr, claim ownership of the internal data and free the BIO
+and BUF_MEM structure:
+
+ BUF_MEM *bptr;
+ char *data;
+
+ BIO_get_mem_data(bio, &data);
+ BIO_get_mem_ptr(bio, &bptr);
+ BIO_set_close(mem, BIO_NOCLOSE); /* So BIO_free orphans BUF_MEM */
+ BIO_free(bio);
+ bptr->data = NULL; /* Tell BUF_MEM to orphan data */
+ BUF_MEM_free(bptr);
+ ...
+ free(data);
 
 =head1 COPYRIGHT
 
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/CMS_sign.pod

@@ -105,7 +105,7 @@ The function CMS_sign() is a basic CMS signing function whose output will be
 suitable for many purposes. For finer control of the output format the
 B<certs>, B<signcert> and B<pkey> parameters can all be B<NULL> and the
 B<CMS_PARTIAL> flag set. Then one or more signers can be added using the
-function CMS_sign_add1_signer(), non default digests can be used and custom
+function CMS_add1_signer(), non default digests can be used and custom
 attributes added. CMS_final() must then be called to finalize the
 structure if streaming is not enabled.
 
@@ -132,7 +132,7 @@ The CMS_sign_ex() method was added in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/EVP_MAC.pod

@@ -181,7 +181,7 @@ EVP_MAC_CTX_set_params() passes chosen parameters to the underlying
 context, given a context I<ctx>.
 The set of parameters given with I<params> determine exactly what
 parameters are passed down.
-If I<params> are NULL, the unterlying context should do nothing and return 1.
+If I<params> are NULL, the underlying context should do nothing and return 1.
 Note that a parameter that is unknown in the underlying context is
 simply ignored.
 Also, what happens when a needed parameter isn't passed down is
@@ -481,7 +481,7 @@ These functions were added in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/EVP_SIGNATURE.pod

@@ -61,7 +61,7 @@ EVP_SIGNATURE_get0_provider() returns the provider that I<signature> was
 fetched from.
 
 EVP_SIGNATURE_do_all_provided() traverses all SIGNATURE implemented by all
-activated roviders in the given library context I<libctx>, and for each of the
+activated providers in the given library context I<libctx>, and for each of the
 implementations, calls the given function I<fn> with the implementation method
 and the given I<arg> as argument.
 
@@ -106,7 +106,7 @@ The functions described here were added in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/OSSL_CMP_CTX_new.pod

@@ -182,7 +182,7 @@ clearing the internal CMP transaction (aka session) status, PKIStatusInfo,
 and any previous results (newCert, newChain, caPubs, and extraCertsIn)
 from the last executed transaction.
 It also clears any ITAVs that were added by OSSL_CMP_CTX_push0_genm_ITAV().
-All other field values (i.e., CMP options) are retained for potential re-use.
+All other field values (i.e., CMP options) are retained for potential reuse.
 
 OSSL_CMP_CTX_set_option() sets the given value for the given option
 (e.g., OSSL_CMP_OPT_IMPLICIT_CONFIRM) in the given OSSL_CMP_CTX structure.
@@ -260,12 +260,12 @@ The following options can be set:
 
 =item B<OSSL_CMP_OPT_OWF_ALGNID>
         The NID of the digest algorithm to be used as one-way function (OWF)
-        in RFC 4210's MSG_MAC_ALG for PBM-based message protection.
+        for MAC-based message protection with password-based MAC (PBM).
+        See RFC 4210 section 5.1.3.1 for details.
         Default is SHA256.
 
 =item B<OSSL_CMP_OPT_MAC_ALGNID>
-        The NID of the MAC algorithm to be used in RFC 4210's MSG_MAC_ALG
-        for PBM-based message protection.
+        The NID of the MAC algorithm to be used for message protection with PBM.
         Default is HMAC-SHA1 as per RFC 4210.
 
 =item B<OSSL_CMP_OPT_REVOCATION_REASON>
@@ -450,8 +450,8 @@ The reference counts of those certificates handled successfully are increased.
 OSSL_CMP_CTX_get0_untrusted(OSSL_CMP_CTX *ctx) returns a pointer to the
 list of untrusted certs, which may be empty if unset.
 
-OSSL_CMP_CTX_set1_cert() sets the CMP signer certificate
-related to the private key used for CMP message protection.
+OSSL_CMP_CTX_set1_cert() sets the CMP signer certificate, also called protection
+certificate, related to the private key for signature-based message protection.
 Therefore the public key of this I<cert> must correspond to
 the private key set before or thereafter via OSSL_CMP_CTX_set1_pkey().
 When using signature-based protection of CMP request messages
@@ -481,15 +481,15 @@ OSSL_CMP_CTX_set1_pkey() sets the client's private key corresponding to the
 CMP signer certificate set via OSSL_CMP_CTX_set1_cert().
 This key is used create signature-based protection (protectionAlg = MSG_SIG_ALG)
 of outgoing messages
-unless a PBM secret has been set via OSSL_CMP_CTX_set1_secretValue().
+unless a symmetric secret has been set via OSSL_CMP_CTX_set1_secretValue().
 The I<pkey> argument may be NULL to clear the entry.
 
-OSSL_CMP_CTX_set1_secretValue() sets the byte string I<sec> with length I<len>
-as PBM secret in the given I<ctx> or clears it if the I<sec> argument is NULL.
-If present, this secret is used to create PBM-based protection of outgoing
-messages and to verify any PBM-based protection of incoming messages
-(protectionAlg = MSG_MAC_ALG). PBM stands for Password-Based MAC.
-PBM-based protection takes precedence over signature-based protection.
+OSSL_CMP_CTX_set1_secretValue() sets in I<ctx> the byte string I<sec> of length
+I<len> to use as pre-shared secret, or clears it if the I<sec> argument is NULL.
+If present, this secret is used to create MAC-based authentication and integrity
+protection (rather than applying signature-based protection)
+of outgoing messages and to verify authenticity and integrity of incoming
+messages that have MAC-based protection (protectionAlg = C<MSG_MAC_ALG>).
 
 OSSL_CMP_CTX_set1_referenceValue() sets the given referenceValue I<ref> with
 length I<len> in the given I<ctx> or clears it if the I<ref> argument is NULL.
@@ -500,7 +500,7 @@ then the sender field will contain the NULL-DN
 and the senderKID field of the CMP message header must be set.
 When signature-based protection is used the senderKID will be set to
 the subjectKeyIdentifier of the CMP signer certificate as far as present.
-If not present or when PBM-based protection is used
+If not present or when MAC-based protection is used
 the I<ref> value is taken as the fallback value for the senderKID.
 
 OSSL_CMP_CTX_set1_recipient() sets the recipient name that will be used in the
@@ -731,7 +731,7 @@ Set up a CMP client context for sending requests and verifying responses:
     OSSL_CMP_CTX_set1_serverPath(cmp_ctx, path_or_alias);
     OSSL_CMP_CTX_set0_trustedStore(cmp_ctx, ts);
 
-Set up client credentials for password-based protection (PBM):
+Set up symmetric credentials for MAC-based message protection such as PBM:
 
     OSSL_CMP_CTX_set1_referenceValue(cmp_ctx, ref, ref_len);
     OSSL_CMP_CTX_set1_secretValue(cmp_ctx, sec, sec_len);

libs/openssl/doc/man3/OSSL_CMP_exec_certreq.pod

@@ -42,7 +42,7 @@ client-server transactions, i.e., sequences of CMP requests and responses.
 
 All functions take a populated OSSL_CMP_CTX structure as their first argument.
 Usually the server name, port, and path ("CMP alias") need to be set, as well as
-credentials the client can use for authenticating itself to the client.
+credentials the client can use for authenticating itself to the server.
 In order to authenticate the server the client typically needs a trust store.
 The functions return their respective main results directly, while there are
 also accessor functions for retrieving various results and status information
@@ -72,7 +72,7 @@ and need to be filled in using L<OSSL_CMP_CTX_set1_subjectName(3)>,
 L<OSSL_CMP_CTX_set0_newPkey(3)>, L<OSSL_CMP_CTX_set1_oldCert(3)>, etc.
 For P10CR, L<OSSL_CMP_CTX_set1_p10CSR(3)> needs to be used instead.
 The enrollment session may be blocked by sleeping until the addressed
-CA (or an intermedate PKI component) can fully process and answer the request.
+CA (or an intermediate PKI component) can fully process and answer the request.
 
 OSSL_CMP_try_certreq() is an alternative to the above functions that is
 more flexible regarding what to do after receiving a checkAfter value.
@@ -119,9 +119,17 @@ See RFC 4210 section 5.3.19 and appendix E.5 for details.
 
 CMP is defined in RFC 4210 (and CRMF in RFC 4211).
 
-So far the CMP client implementation is limited to one request per CMP message
+The CMP client implementation is limited to one request per CMP message
 (and consequently to at most one response component per CMP message).
 
+When a client obtains from a CMP server CA certificates that it is going to
+trust, for instance via the caPubs field of a certificate response,
+authentication of the CMP server is particularly critical.
+So special care must be taken setting up server authentication in I<ctx>
+using functions such as
+L<OSSL_CMP_CTX_set0_trustedStore(3)> (for certificate-based authentication) or
+L<OSSL_CMP_CTX_set1_secretValue(3)> (for MAC-based protection).
+
 =head1 RETURN VALUES
 
 OSSL_CMP_exec_certreq(), OSSL_CMP_exec_IR_ses(), OSSL_CMP_exec_CR_ses(),
@@ -163,7 +171,7 @@ The OpenSSL CMP support was added in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2007-2022 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/OSSL_HTTP_REQ_CTX.pod

@@ -72,12 +72,16 @@ which collects the HTTP request header lines.
 OSSL_HTTP_REQ_CTX_free() frees up the HTTP request context I<rctx>.
 The I<rbio> is not free'd, I<wbio> will be free'd if I<free_wbio> is set.
 
-OSSL_HTTP_REQ_CTX_set_request_line() adds the HTTP request line to the context.
+OSSL_HTTP_REQ_CTX_set_request_line() adds the 1st HTTP request line to I<rctx>.
 The HTTP method is determined by I<method_POST>,
 which should be 1 to indicate C<POST> or 0 to indicate C<GET>.
-I<server> and I<port> may be set to indicate a proxy server and port
-that the request should go through, otherwise they should be left NULL.
-I<path> is the HTTP request path; if left NULL, C</> is used.
+I<server> and I<port> may be set to give the server and the optional port that
+an HTTP proxy shall forward the request to, otherwise they must be left NULL.
+I<path> provides the HTTP request path; if left NULL, C</> is used.
+For backward compatibility, I<path> may begin with C<http://> and thus convey
+an absoluteURI. In this case it indicates HTTP proxy use and provides also the
+server (and optionally the port) that the proxy shall forward the request to.
+In this case the I<server> and I<port> arguments must be NULL.
 
 OSSL_HTTP_REQ_CTX_add1_header() adds header I<name> with value I<value> to the
 context I<rctx>. It can be called more than once to add multiple header lines.
@@ -264,7 +268,7 @@ The functions described here were added in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/OSSL_HTTP_transfer.pod

@@ -161,8 +161,11 @@ NULL) to print additional diagnostic information in a user-oriented way.
 
 OSSL_HTTP_set1_request() sets up in I<rctx> the request header and content data
 and expectations on the response using the following parameters.
-If <rctx> indicates using a proxy for HTTP (but not HTTPS), the server hostname
-(and optionally port) needs to be placed in the header and thus must be present.
+If <rctx> indicates using a proxy for HTTP (but not HTTPS), the server host
+(and optionally port) needs to be placed in the header; thus it must be present
+in I<rctx>.
+For backward compatibility, the server (and optional port) may also be given in
+the I<path> argument beginning with C<http://> (thus giving an absoluteURI).
 If I<path> is NULL it defaults to "/".
 If I<req> is NULL the HTTP GET method will be used to send the request
 else HTTP POST with the contents of I<req> and optional I<content_type>, where
@@ -279,7 +282,7 @@ All the functions described here were added in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/PKCS12_create.pod

@@ -42,7 +42,8 @@ can all be set to zero and sensible defaults will be used.
 These defaults are: AES password based encryption (PBES2 with PBKDF2 and
 AES-256-CBC) for private keys and certificates, the PBKDF2 and MAC key
 derivation iteration count of B<PKCS12_DEFAULT_ITER> (currently 2048), and
-MAC algorithm HMAC with SHA2-256.
+MAC algorithm HMAC with SHA2-256. The MAC key derivation algorithm used
+for the outer PKCS#12 structure is PKCS12KDF.
 
 The default MAC iteration count is 1 in order to retain compatibility with
 old software which did not interpret MAC iteration counts. If such compatibility
@@ -68,6 +69,8 @@ I<nid_key> or I<nid_cert> can be set to -1 indicating that no encryption
 should be used.
 
 I<mac_iter> can be set to -1 and the MAC will then be omitted entirely.
+This can be useful when running with the FIPS provider as the PKCS12KDF
+is not a FIPS approvable algorithm.
 
 PKCS12_create() makes assumptions regarding the encoding of the given pass
 phrase.
@@ -83,7 +86,9 @@ IETF RFC 7292 (L<https://tools.ietf.org/html/rfc7292>)
 
 =head1 SEE ALSO
 
+L<EVP_KDF-PKCS12KDF(7)>,
 L<d2i_PKCS12(3)>,
+L<OSSL_PROVIDER-FIPS(7)>,
 L<passphrase-encoding(7)>
 
 =head1 HISTORY
@@ -96,7 +101,7 @@ standards.
 
 =head1 COPYRIGHT
 
-Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/PKCS12_gen_mac.pod

@@ -22,6 +22,7 @@ PKCS12_verify_mac - Functions to create and manipulate a PKCS#12 structure
 
 PKCS12_gen_mac() generates an HMAC over the entire PKCS#12 object using the
 supplied password along with a set of already configured parameters.
+The default key generation mechanism used is PKCS12KDF.
 
 PKCS12_verify_mac() verifies the PKCS#12 object's HMAC using the supplied
 password.
@@ -57,12 +58,13 @@ IETF RFC 7292 (L<https://tools.ietf.org/html/rfc7292>)
 =head1 SEE ALSO
 
 L<d2i_PKCS12(3)>,
+L<EVP_KDF-PKCS12KDF(7)>,
 L<PKCS12_create(3)>,
 L<passphrase-encoding(7)>
 
 =head1 COPYRIGHT
 
-Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/SSL_new.pod

@@ -35,7 +35,7 @@ MUST NOT have yet started the SSL handshake.  For connections that are not in
 their initial state SSL_dup() just increments an internal
 reference count and returns the I<same> handle.  It may be possible to
 use L<SSL_clear(3)> to recycle an SSL handle that is not in its initial
-state for re-use, but this is best avoided.  Instead, save and restore
+state for reuse, but this is best avoided.  Instead, save and restore
 the session, if desired, and construct a fresh handle for each connection.
 
 The subset of settings in I<s> that are duplicated are:
@@ -124,7 +124,7 @@ L<ssl(7)>
 
 =head1 COPYRIGHT
 
-Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/d2i_RSAPrivateKey.pod

@@ -28,7 +28,6 @@ d2i_RSA_PUBKEY_fp,
 d2i_DHparams,
 d2i_DHparams_bio,
 d2i_DHparams_fp,
-d2i_ECPKParameters,
 d2i_ECParameters,
 d2i_ECPrivateKey,
 d2i_ECPrivateKey_bio,
@@ -56,7 +55,6 @@ i2d_DSA_PUBKEY,
 i2d_DSA_PUBKEY_bio,
 i2d_DSA_PUBKEY_fp,
 i2d_DSAparams,
-i2d_ECPKParameters,
 i2d_ECParameters,
 i2d_ECPrivateKey,
 i2d_ECPrivateKey_bio,
@@ -205,7 +203,7 @@ I<selection> and I<structure> as follows:
 
 =item B<i2d_I<TYPE>PrivateKey>() translates into:
 
- int selection = EVP_PKEY_PRIVATE_KEY;
+ int selection = EVP_PKEY_KEYPAIR;
  const char *structure = "type-specific";
 
 =item B<i2d_I<TYPE>PublicKey>() translates into:
@@ -309,7 +307,7 @@ L<i2d_PUBKEY(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/d2i_X509.pod

@@ -53,6 +53,7 @@ d2i_DIST_POINT,
 d2i_DIST_POINT_NAME,
 d2i_DSA_SIG,
 d2i_ECDSA_SIG,
+d2i_ECPKParameters,
 d2i_EDIPARTYNAME,
 d2i_ESS_CERT_ID,
 d2i_ESS_CERT_ID_V2,
@@ -223,6 +224,7 @@ i2d_DIST_POINT,
 i2d_DIST_POINT_NAME,
 i2d_DSA_SIG,
 i2d_ECDSA_SIG,
+i2d_ECPKParameters,
 i2d_EDIPARTYNAME,
 i2d_ESS_CERT_ID,
 i2d_ESS_CERT_ID_V2,

libs/openssl/doc/man5/x509v3_config.pod

@@ -93,7 +93,7 @@ numeric identifier, as shown here:
  email.2 = [email protected]
 
 The syntax of raw extensions is defined by the source code that parses
-the extension but should be documened.
+the extension but should be documented.
 See L</Certificate Policies> for an example of a raw extension.
 
 If an extension type is unsupported, then the I<arbitrary> extension syntax
@@ -590,7 +590,7 @@ L<ASN1_generate_nconf(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2004-2023 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man7/EVP_KDF-PKCS12KDF.pod

@@ -46,6 +46,9 @@ RFC 7292 section B.3.
 
 =head1 NOTES
 
+This algorithm is not available in the FIPS provider as it is not FIPS
+approvable.
+
 A typical application of this algorithm is to derive keying material for an
 encryption algorithm from a password in the "pass", a salt in "salt",
 and an iteration count.
@@ -68,7 +71,8 @@ L<EVP_KDF_CTX_new(3)>,
 L<EVP_KDF_CTX_free(3)>,
 L<EVP_KDF_CTX_set_params(3)>,
 L<EVP_KDF_derive(3)>,
-L<EVP_KDF(3)/PARAMETERS>
+L<EVP_KDF(3)/PARAMETERS>,
+L<OSSL_PROVIDER-FIPS(7)>
 
 =head1 HISTORY
 
@@ -76,7 +80,7 @@ This functionality was added in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man7/migration_guide.pod

@@ -326,6 +326,15 @@ context and property query and will call an extended version of the key/IV
 derivation function which supports these parameters. This includes
 L<EVP_PBE_CipherInit_ex(3)>, L<EVP_PBE_find_ex(3)> and L<EVP_PBE_scrypt_ex(3)>.
 
+=head4 PKCS#12 KDF versus FIPS
+
+Unlike in 1.x.y, the PKCS12KDF algorithm used when a PKCS#12 structure
+is created with a MAC that does not work with the FIPS provider as the PKCS12KDF
+is not a FIPS approvable mechanism.
+
+See L<EVP_KDF-PKCS12KDF(7)>, L<PKCS12_create(3)>, L<openssl-pkcs12(1)>,
+L<OSSL_PROVIDER-FIPS(7)>.
+
 =head4 Windows thread synchronization changes
 
 Windows thread synchronization uses read/write primitives (SRWLock) when

libs/openssl/fuzz/build.info

@@ -9,7 +9,7 @@
 -}
 
 IF[{- !$disabled{"fuzz-afl"} || !$disabled{"fuzz-libfuzzer"} -}]
-  PROGRAMS{noinst}=asn1 asn1parse bignum bndiv client conf crl server x509
+  PROGRAMS{noinst}=asn1 asn1parse bignum bndiv client conf crl server
   PROGRAMS{noinst}=punycode
 
   IF[{- !$disabled{"cmp"} -}]
@@ -24,6 +24,10 @@ IF[{- !$disabled{"fuzz-afl"} || !$disabled{"fuzz-libfuzzer"} -}]
     PROGRAMS{noinst}=ct
   ENDIF
 
+  IF[{- !$disabled{"ocsp"} -}]
+    PROGRAMS{noinst}=x509
+  ENDIF
+
   SOURCE[asn1]=asn1.c driver.c fuzz_rand.c
   INCLUDE[asn1]=../include {- $ex_inc -}
   DEPEND[asn1]=../libcrypto ../libssl {- $ex_lib -}
@@ -78,7 +82,7 @@ IF[{- !$disabled{"fuzz-afl"} || !$disabled{"fuzz-libfuzzer"} -}]
 ENDIF
 
 IF[{- !$disabled{tests} -}]
-  PROGRAMS{noinst}=asn1-test asn1parse-test bignum-test bndiv-test client-test conf-test crl-test server-test x509-test
+  PROGRAMS{noinst}=asn1-test asn1parse-test bignum-test bndiv-test client-test conf-test crl-test server-test
   PROGRAMS{noinst}=punycode-test
 
   IF[{- !$disabled{"cmp"} -}]
@@ -93,6 +97,10 @@ IF[{- !$disabled{tests} -}]
     PROGRAMS{noinst}=ct-test
   ENDIF
 
+  IF[{- !$disabled{"ocsp"} -}]
+    PROGRAMS{noinst}=x509-test
+  ENDIF
+
   SOURCE[asn1-test]=asn1.c test-corpus.c fuzz_rand.c
   INCLUDE[asn1-test]=../include
   DEPEND[asn1-test]=../libcrypto ../libssl

libs/openssl/fuzz/x509.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -9,6 +9,7 @@
  */
 
 #include <openssl/x509.h>
+#include <openssl/ocsp.h>
 #include <openssl/bio.h>
 #include <openssl/err.h>
 #include <openssl/rand.h>
@@ -17,31 +18,131 @@
 int FuzzerInitialize(int *argc, char ***argv)
 {
     FuzzerSetRand();
-    OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+    OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS
+       | OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
     ERR_clear_error();
     CRYPTO_free_ex_index(0, -1);
     return 1;
 }
 
+static int cb(int ok, X509_STORE_CTX *ctx)
+{
+    return 1;
+}
+
 int FuzzerTestOneInput(const uint8_t *buf, size_t len)
 {
     const unsigned char *p = buf;
+    size_t orig_len = len;
     unsigned char *der = NULL;
+    BIO *bio = NULL;
+    X509 *x509_1 = NULL, *x509_2 = NULL;
+    X509_STORE *store = NULL;
+    X509_VERIFY_PARAM *param = NULL;
+    X509_STORE_CTX *ctx = NULL;
+    X509_CRL *crl = NULL;
+    STACK_OF(X509_CRL) *crls = NULL;
+    STACK_OF(X509) *certs = NULL;
+    OCSP_RESPONSE *resp = NULL;
+    OCSP_BASICRESP *bs = NULL;
+    OCSP_CERTID *id = NULL;
+
+    x509_1 = d2i_X509(NULL, &p, len);
+    if (x509_1 == NULL)
+        goto err;
+
+    bio = BIO_new(BIO_s_null());
+    if (bio == NULL)
+        goto err;
+
+    /* This will load and print the public key as well as extensions */
+    X509_print(bio, x509_1);
+    BIO_free(bio);
+
+    X509_issuer_and_serial_hash(x509_1);
+
+    i2d_X509(x509_1, &der);
+    OPENSSL_free(der);
+
+    len = orig_len - (p - buf);
+    x509_2 = d2i_X509(NULL, &p, len);
+    if (x509_2 == NULL)
+        goto err;
+
+    len = orig_len - (p - buf);
+    crl = d2i_X509_CRL(NULL, &p, len);
+    if (crl == NULL)
+        goto err;
+
+    len = orig_len - (p - buf);
+    resp = d2i_OCSP_RESPONSE(NULL, &p, len);
+
+    store = X509_STORE_new();
+    X509_STORE_add_cert(store, x509_2);
 
-    X509 *x509 = d2i_X509(NULL, &p, len);
-    if (x509 != NULL) {
-        BIO *bio = BIO_new(BIO_s_null());
-        /* This will load and print the public key as well as extensions */
-        X509_print(bio, x509);
-        BIO_free(bio);
+    param = X509_VERIFY_PARAM_new();
+    X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_NO_CHECK_TIME);
+    X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_X509_STRICT);
+    X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_PARTIAL_CHAIN);
+    X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
 
-        X509_issuer_and_serial_hash(x509);
+    X509_STORE_set1_param(store, param);
 
-        i2d_X509(x509, &der);
-        OPENSSL_free(der);
+    X509_STORE_set_verify_cb(store, cb);
 
-        X509_free(x509);
+    ctx = X509_STORE_CTX_new();
+    if (ctx == NULL)
+        goto err;
+
+    X509_STORE_CTX_init(ctx, store, x509_1, NULL);
+
+    if (crl != NULL) {
+        crls = sk_X509_CRL_new_null();
+        if (crls == NULL)
+            goto err;
+
+        sk_X509_CRL_push(crls, crl);
+        X509_STORE_CTX_set0_crls(ctx, crls);
     }
+
+    X509_verify_cert(ctx);
+
+    if (resp != NULL)
+        bs = OCSP_response_get1_basic(resp);
+
+    if (bs != NULL) {
+        int status, reason;
+        ASN1_GENERALIZEDTIME *revtime, *thisupd, *nextupd;
+
+        certs = sk_X509_new_null();
+        if (certs == NULL)
+            goto err;
+
+        sk_X509_push(certs, x509_1);
+        sk_X509_push(certs, x509_2);
+
+        OCSP_basic_verify(bs, certs, store, OCSP_PARTIAL_CHAIN);
+
+        id = OCSP_cert_to_id(NULL, x509_1, x509_2);
+        if (id == NULL)
+            goto err;
+        OCSP_resp_find_status(bs, id, &status, &reason, &revtime, &thisupd,
+                              &nextupd);
+    }
+
+err:
+    X509_STORE_CTX_free(ctx);
+    X509_VERIFY_PARAM_free(param);
+    X509_STORE_free(store);
+    X509_free(x509_1);
+    X509_free(x509_2);
+    X509_CRL_free(crl);
+    OCSP_CERTID_free(id);
+    OCSP_BASICRESP_free(bs);
+    OCSP_RESPONSE_free(resp);
+    sk_X509_CRL_free(crls);
+    sk_X509_free(certs);
+
     ERR_clear_error();
     return 0;
 }

libs/openssl/providers/fips-sources.checksums

@@ -29,18 +29,18 @@ e397a5781893e97dd90a5a52049633be12a43f379ec5751bca2a6350c39444c8  crypto/aes/asm
 5ee643fd833120756300d92722fa9c8fe2ab58764d64b11350f86c41687b8d7a  crypto/aes/asm/bsaes-armv8.pl
 0726a2c4c15c27a12b2f7d5e16863df4a1b1daa7b7d9b728f621b2b224d290e6  crypto/aes/asm/bsaes-x86_64.pl
 762cadf988080f45d1a2f1232058688ac3f5afe76767649d15513a7a5eedcf38  crypto/aes/asm/vpaes-armv8.pl
-4b723628a4ea14a763c3b21afa2439534ccf9d21480f2d0e3a0f5ee270169c23  crypto/aes/asm/vpaes-loongarch64.pl
+14146589f53dc898fa86aeffd0e0ba36737b04da26ab0b14c1da09a28836c8f8  crypto/aes/asm/vpaes-loongarch64.pl
 c3541865cd02d81101cdbab4877ed82772e6980d2c677b9008b38fa1b26d36d4  crypto/aes/asm/vpaes-ppc.pl
 3ec24185750a995377516bc2fb2eae8b1c52094c6fff093bff591837fc12d6c3  crypto/aes/asm/vpaes-x86.pl
 060bb6620f50af9afecdf97df051b45b9a50be9daf343dfec1cbb29693ce00a4  crypto/aes/asm/vpaes-x86_64.pl
 2bc67270155e2d6c7da87d9070e005ee79cea18311004907edfd6a078003532a  crypto/alphacpuid.pl
 269e52f8867c13ca75d2f88ec1f89b692cb8c6c3ee89abe2fd3c1821925191d8  crypto/arm64cpuid.pl
-e9194b598c77a5090408bfb6adf729ea85d3a234ed7a4b5fcb22dadb4f88dfcf  crypto/armcap.c
-a43f2c1eef16146943745f684f2add7d186924932a47abf7fb0760cba02804e6  crypto/armv4cpuid.pl
+7144d95f74d8f84b5c32fe5b343c1d6d958a96ffcf9d0374a343cd82e599d753  crypto/armcap.c
+b0f528db5658d7c98657eb322bf78e326202f43da88f7c56ada053a494be9977  crypto/armv4cpuid.pl
 16739d54200fb81ca7835b5814f965022a2ab41589c7787e2697e3ea72d4fafa  crypto/asn1_dsa.c
 819c9fd2b0cae9aab81c3cbd1815c2e22949d75f132f649b5883812d0bbaa39a  crypto/bn/asm/alpha-mont.pl
-0070595128b250b9ebdebe48ce53d2d27ca16ec4f7c6c8bd169ab2e4a913b2d1  crypto/bn/asm/armv4-gf2m.pl
-8c1c53a725b8a4f92b8a353bfeeb393be94198df41c912e3270f9e654417b250  crypto/bn/asm/armv4-mont.pl
+ccca12612deaa8b3792ade2fc912731fad1b5b7e8b39875e51159fec97b93d9e  crypto/bn/asm/armv4-gf2m.pl
+281767fa5ad336aca9887867012fbee9003340c59ff0b39340870ccd8124d976  crypto/bn/asm/armv4-mont.pl
 12203c1af986c729fc227832ed03b103e56bdac2568878e5635ab037be01609a  crypto/bn/asm/armv8-mont.pl
 cb4ad7b7461fcb8e2a0d52881158d0211b79544842d4eae36fc566869a2d62c8  crypto/bn/asm/bn-586.pl
 636da7e2a66272a81f9c99e90b36c6f132ad6236c739e8b9f2e7315f30b72edd  crypto/bn/asm/c64xplus-gf2m.pl
@@ -177,7 +177,7 @@ ae1637d89287c9d22a34bdc0d67f6e01262a2f8dcef9b61369dba8c334f5a80d  crypto/ec/ec2_
 86e2becf9b3870979e2abefa1bd318e1a31820d275e2b50e03b17fc287abb20a  crypto/ec/ec_check.c
 265f911b9d4aada326a2d52cd8a589b556935c8b641598dcd36c6f85d29ce655  crypto/ec/ec_curve.c
 8cfd0dcfb5acbf6105691a2d5e2826dba1ff3906707bc9dd6ff9bffcc306468f  crypto/ec/ec_cvt.c
-ec6b509d9fa3af18c7ca83624d3426ffdd63a9936bcabddb9c23eddc142f2b2d  crypto/ec/ec_key.c
+0139b6fc533a885b4a8c2929c3b9c61c676d53e32ddda05c57618714724fa9f7  crypto/ec/ec_key.c
 7e40fc646863e0675bbb90f075b809f61bdf0600d8095c8366858d9533ab7700  crypto/ec/ec_kmeth.c
 57c6107e235ace603498eadde6bcb03ede2e2e828c0041ed2084a42aa5eb7144  crypto/ec/ec_lib.c
 a8a4690e42b4af60aad822aa8b16196df337906af53ea4db926707f7b596ff27  crypto/ec/ec_local.h
@@ -272,12 +272,12 @@ a0097ff2da8955fe15ba204cb54f3fd48a06f846e2b9826f507b26acf65715c3  crypto/params_
 98eb56498937aca2d4fca8670760485f8b342b7dcd84442f8e114d47310eacbf  crypto/ppccap.c
 46fa4994a6234a98a2845d9337475913f6bc229f1928abc82224de7edf2784b8  crypto/ppccpuid.pl
 467c416422ecf61e3b713c5eb259fdbcb4aa73ae8dee61804d0b85cfd3fff4f7  crypto/property/defn_cache.c
-7b3e6585a25db7f3c51b33037de050118ef0cc70dd1f931d476c3002bc309524  crypto/property/property.c
+0d6df2dfb9896ed00c27e97f190ccd9d581e54e16fb1cbaba587ad1b34c5f1b2  crypto/property/property.c
 66da4f28d408133fb544b14aeb9ad4913e7c5c67e2826e53f0dc5bf4d8fada26  crypto/property/property_local.h
 988e14f794b50729aa9e809e1160d7c52cc77bc891df037ac19cefa946df20cc  crypto/property/property_parse.c
 a7cefda6a117550e2c76e0f307565ce1e11640b11ba10c80e469a837fd1212a3  crypto/property/property_query.c
 20e69b9d594dfc443075eddbb0e6bcc0ed36ca51993cd50cc5a4f86eb31127f8  crypto/property/property_string.c
-0d2fba9cbb87ad30e0238727662b01e8e7c20a341e6658d26b8c162aea912878  crypto/provider_core.c
+8bf2a635dbd2977f8e52506fc23392c9be78d1928114c1754c8d577916645082  crypto/provider_core.c
 d0af10d4091b2032aac1b7db80f8c2e14fa7176592716b25b9437ab6b53c0a89  crypto/provider_local.h
 5ba2e1c74ddcd0453d02e32612299d1eef18eff8493a7606c15d0dc3738ad1d9  crypto/provider_predefined.c
 470406e440ed0f117743fb645e4c9ac5319df03a06863675f88ebfd3be820a64  crypto/rand/rand_lib.c
@@ -319,7 +319,7 @@ a859fc8cb073b2d0012a93f3155a75fb6eb677441462b0de4f8cf8df1445e970  crypto/sha/asm
 831b8b02ab25d78ba6300ce960d96c13439bfba5844e13061e19c4e25cbacc3d  crypto/sha/asm/keccak1600p8-ppc.pl
 75d832db9bf0e98e7a5c522169060a6dd276c5118cfb297fc3f1111f55cd4007  crypto/sha/asm/sha1-586.pl
 c96e87d4f5311cd73bbdf499acc03418588be12426d878e157dd67e0099e0219  crypto/sha/asm/sha1-alpha.pl
-4ba6d1c7f12fe76bf39babea966f0a4b7f8769e0c0510cbfc2c46a65dd62d45c  crypto/sha/asm/sha1-armv4-large.pl
+ab1b54d71393dabba340438f5e2a34517d5d7de6030a67d71fcad744b3b7c036  crypto/sha/asm/sha1-armv4-large.pl
 3ca053a2a27550b6076d2f12579899b027b2eadc0f30bef867c3eeae03e5e8bf  crypto/sha/asm/sha1-armv8.pl
 11d332b4e058e9fa418d6633316d2e9f9bf520a08b2d933e877bdf38b2edefcf  crypto/sha/asm/sha1-c64xplus.pl
 32ff0e701a7b8f25bcfe8477b20795de54f536527bd87d3ce694fd9aaae356d4  crypto/sha/asm/sha1-ia64.pl
@@ -333,11 +333,11 @@ b5ffd7b6dbb04c05de7efa2945adb67ea845e7e61a3bf163a532f7b6acdf4267  crypto/sha/asm
 74d197cdd72400cabbff7e173f72c8976723081508b095dc995e8cd1abf3daa6  crypto/sha/asm/sha1-thumb.pl
 a59a86293e28f5600609dc8af2b39c5285580ae8636520990b000eeeb67bb889  crypto/sha/asm/sha1-x86_64.pl
 c099059ef107f548ea2c2bab64a4eb8c277070ce6d74c4d32bb9808dc19c5fa3  crypto/sha/asm/sha256-586.pl
-b9cee5c5a283f61f601d2dba68a7a76e7aba10bfafffc1a5c4987f9c0aa6f87d  crypto/sha/asm/sha256-armv4.pl
+b320fa75cf2dda0e7081071aeb46452040ec3946ac7272ed5659b3d72f84b804  crypto/sha/asm/sha256-armv4.pl
 93ddc97651ee3e779144a3c6b3e46a1bc4aa81e75cd7b9df068a2aef8743d25f  crypto/sha/asm/sha256-c64xplus.pl
 8be5c5d69733ecb16774aa8410b4bcb3623a9f060d2be103d8aa67bf6e4c5843  crypto/sha/asm/sha256-mb-x86_64.pl
 dd82e1311703abb019975fc7b61fb87d67e1ed916dddd065aced051e851114b9  crypto/sha/asm/sha512-586.pl
-8d84164f3cfd53290c0c14bb5655510b7a9238857866328c0604d64b4e76fe21  crypto/sha/asm/sha512-armv4.pl
+a1140ec67c33909c13b2eba62fd465c2043d83d86721add4da29ce55b8fcc0d6  crypto/sha/asm/sha512-armv4.pl
 e840aeed694a04153364585989f09a791422c95260cfe5b89c3f8c57e0916a1c  crypto/sha/asm/sha512-armv8.pl
 6f548a088feae3b6faa179653ba449df9d3f5cda1e0561e5b5f120b32274d1eb  crypto/sha/asm/sha512-c64xplus.pl
 9fa54fbc34fd881f4b344374b9b4f8fb15b641424be7af9a31c71af89ae5d577  crypto/sha/asm/sha512-ia64.pl
@@ -360,7 +360,7 @@ c50c584c55e56347bb43aca4b796b5344d70daece3061f586b79c871c21f5d1a  crypto/sparse_
 8da78169fa8c09dc3c29c9bf1602b22e88c5eac4815e274ba1864c166e31584b  crypto/stack/stack.c
 67ba8d87fbbb7c9a9e438018e7ecfd1cedd4d00224be05755580d044f5f1317a  crypto/threads_lib.c
 a41ae93a755e2ec89b3cb5b4932e2b508fdda92ace2e025a2650a6da0e9e972c  crypto/threads_none.c
-2637a8727dee790812b000f2e02b336f7907949df633dda72938bbaafdb204fe  crypto/threads_pthread.c
+3729e2bd36f945808b578e0d89fac0fcb3114e4fc9381614bcbd8a9869991716  crypto/threads_pthread.c
 88423960f0414f6fd41fba4f4c67f9f7260c2741e4788adcd52493e895ec8027  crypto/threads_win.c
 fd6c27cf7c6b5449b17f2b725f4203c4c10207f1973db09fd41571efe5de08fd  crypto/x86_64cpuid.pl
 bbec287bb9bf35379885f8f8998b7fd9e8fc22efee9e1b299109af0f33a7ee16  crypto/x86cpuid.pl
@@ -586,13 +586,13 @@ abe2b0f3711eaa34846e155cffc9242e4051c45de896f747afd5ac9d87f637dc  providers/impl
 a66987548504bbe5bb81b80e7c1e190ab68abd852fb04f59ae40fd4e93160841  providers/implementations/kdfs/tls1_prf.c
 1e5aaa6dc3bb52b0b5a07e662386b71e0e3ee7c83b9f15a4144ab24264c7431c  providers/implementations/kdfs/x942kdf.c
 8e8b9094c757c78638f60d7bde822a035adeecde11f9565cbd24c1322ec7e06b  providers/implementations/kem/rsa_kem.c
-37120f8a420de0e44b7dc1f31b50d59520e5318cf546e83684e0c3de5c7b76c5  providers/implementations/keymgmt/dh_kmgmt.c
-2a4493c9e68f41d37d7ec69c272005c6df7b1a34db2d49663f52e836e4fd888c  providers/implementations/keymgmt/dsa_kmgmt.c
+9d5eb7e056e790b1b4292ec7af03fbf0b26e34625c70eb36643451965bcfc696  providers/implementations/keymgmt/dh_kmgmt.c
+a329f57cb041cd03907e9d996fbc2f378ee116c7f8d7fbf1ea08b7a5df7e0304  providers/implementations/keymgmt/dsa_kmgmt.c
 9bc88451d3ae110c7a108ee73d3b3b6bda801ec3494d2dfb9c9970b85c2d34fe  providers/implementations/keymgmt/ec_kmgmt.c
 258ae17bb2dd87ed1511a8eb3fe99eed9b77f5c2f757215ff6b3d0e8791fc251  providers/implementations/keymgmt/ec_kmgmt_imexport.inc
-d77ece2494e6b12a6201a2806ee5fb24a6dc2fa3e1891a46012a870e0b781ab1  providers/implementations/keymgmt/ecx_kmgmt.c
+011c36aad6834729043f23eacab417732541ee23916d9afa5bb9164862be00bb  providers/implementations/keymgmt/ecx_kmgmt.c
 053a2be39a87f50b877ebdbbf799cf5faf8b2de33b04311d819d212ee1ea329b  providers/implementations/keymgmt/kdf_legacy_kmgmt.c
-e30357311e4a3e1c78266af6315fd1fc99584bfb09f4a7cd0ddc7261cf1e17e1  providers/implementations/keymgmt/mac_legacy_kmgmt.c
+1646b477fa231dd0f6c22444c99098f9b447cab0d39ff69b811262469d4dbe09  providers/implementations/keymgmt/mac_legacy_kmgmt.c
 19f22fc70a6321441e56d5bd4aab3d01d52d17069d4e4b5cefce0f411ecece75  providers/implementations/keymgmt/rsa_kmgmt.c
 d0eff68c72e177c3fe0c77bc8c38eded7e3ce41f72042e2c034c706a12284dd5  providers/implementations/macs/cmac_prov.c
 e69aa06f8f3c6f5a26702b9f44a844b8589b99dc0ee590953a29e8b9ef10acbe  providers/implementations/macs/gmac_prov.c

libs/openssl/providers/fips.checksum

@@ -1 +1 @@
-89f749c416427df81cbc7fed9e9bfebb65bb201ae4a383b647cc5d774ced0129  providers/fips-sources.checksums
+21be74107ee92b5ab2e205c5cd5f34303808b27bfd9fe17c17650e7c2c0aad38  providers/fips-sources.checksums

libs/openssl/providers/implementations/ciphers/cipher_chacha20.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -21,6 +21,7 @@
 
 static OSSL_FUNC_cipher_newctx_fn chacha20_newctx;
 static OSSL_FUNC_cipher_freectx_fn chacha20_freectx;
+static OSSL_FUNC_cipher_dupctx_fn chacha20_dupctx;
 static OSSL_FUNC_cipher_get_params_fn chacha20_get_params;
 static OSSL_FUNC_cipher_get_ctx_params_fn chacha20_get_ctx_params;
 static OSSL_FUNC_cipher_set_ctx_params_fn chacha20_set_ctx_params;
@@ -64,6 +65,25 @@ static void chacha20_freectx(void *vctx)
     }
 }
 
+static void *chacha20_dupctx(void *vctx)
+{
+    PROV_CHACHA20_CTX *ctx = (PROV_CHACHA20_CTX *)vctx;
+    PROV_CHACHA20_CTX *dupctx = NULL;
+
+    if (ctx != NULL) {
+        dupctx = OPENSSL_memdup(ctx, sizeof(*dupctx));
+        if (dupctx != NULL && dupctx->base.tlsmac != NULL && dupctx->base.alloced) {
+            dupctx->base.tlsmac = OPENSSL_memdup(dupctx->base.tlsmac,
+                                                 dupctx->base.tlsmacsize);
+            if (dupctx->base.tlsmac == NULL) {
+                OPENSSL_free(dupctx);
+                dupctx = NULL;
+            }
+        }
+    }
+    return dupctx;
+}
+
 static int chacha20_get_params(OSSL_PARAM params[])
 {
     return ossl_cipher_generic_get_params(params, 0, CHACHA20_FLAGS,
@@ -187,6 +207,7 @@ int ossl_chacha20_dinit(void *vctx, const unsigned char *key, size_t keylen,
 const OSSL_DISPATCH ossl_chacha20_functions[] = {
     { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))chacha20_newctx },
     { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))chacha20_freectx },
+    { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))chacha20_dupctx },
     { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))ossl_chacha20_einit },
     { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))ossl_chacha20_dinit },
     { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))chacha20_update },

libs/openssl/providers/implementations/encode_decode/decode_der2key.c

@@ -317,10 +317,14 @@ static int der2key_export_object(void *vctx,
     void *keydata;
 
     if (reference_sz == sizeof(keydata) && export != NULL) {
+        int selection = ctx->selection;
+
+        if (selection == 0)
+            selection = OSSL_KEYMGMT_SELECT_ALL;
         /* The contents of the reference is the address to our object */
         keydata = *(void **)reference;
 
-        return export(keydata, ctx->selection, export_cb, export_cbarg);
+        return export(keydata, selection, export_cb, export_cbarg);
     }
     return 0;
 }

libs/openssl/providers/implementations/encode_decode/decode_msblob2key.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -79,6 +79,18 @@ static void msblob2key_freectx(void *vctx)
     OPENSSL_free(ctx);
 }
 
+static int msblob2key_does_selection(void *provctx, int selection)
+{
+    if (selection == 0)
+        return 1;
+
+    if ((selection & (OSSL_KEYMGMT_SELECT_PRIVATE_KEY
+                      | OSSL_KEYMGMT_SELECT_PUBLIC_KEY))  != 0)
+        return 1;
+
+    return 0;
+}
+
 static int msblob2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
                              OSSL_CALLBACK *data_cb, void *data_cbarg,
                              OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
@@ -211,10 +223,14 @@ msblob2key_export_object(void *vctx,
     void *keydata;
 
     if (reference_sz == sizeof(keydata) && export != NULL) {
+        int selection = ctx->selection;
+
+        if (selection == 0)
+            selection = OSSL_KEYMGMT_SELECT_ALL;
         /* The contents of the reference is the address to our object */
         keydata = *(void **)reference;
 
-        return export(keydata, ctx->selection, export_cb, export_cbarg);
+        return export(keydata, selection, export_cb, export_cbarg);
     }
     return 0;
 }
@@ -260,6 +276,8 @@ static void rsa_adjust(void *key, struct msblob2key_ctx_st *ctx)
           (void (*)(void))msblob2##keytype##_newctx },                  \
         { OSSL_FUNC_DECODER_FREECTX,                                    \
           (void (*)(void))msblob2key_freectx },                         \
+        { OSSL_FUNC_DECODER_DOES_SELECTION,                             \
+          (void (*)(void))msblob2key_does_selection },                  \
         { OSSL_FUNC_DECODER_DECODE,                                     \
           (void (*)(void))msblob2key_decode },                          \
         { OSSL_FUNC_DECODER_EXPORT_OBJECT,                              \

libs/openssl/providers/implementations/encode_decode/decode_pvk2key.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -79,6 +79,17 @@ static void pvk2key_freectx(void *vctx)
     OPENSSL_free(ctx);
 }
 
+static int pvk2key_does_selection(void *provctx, int selection)
+{
+    if (selection == 0)
+        return 1;
+
+    if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY)  != 0)
+        return 1;
+
+    return 0;
+}
+
 static int pvk2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
                          OSSL_CALLBACK *data_cb, void *data_cbarg,
                          OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
@@ -179,10 +190,14 @@ static int pvk2key_export_object(void *vctx,
     void *keydata;
 
     if (reference_sz == sizeof(keydata) && export != NULL) {
+        int selection = ctx->selection;
+
+        if (selection == 0)
+            selection = OSSL_KEYMGMT_SELECT_ALL;
         /* The contents of the reference is the address to our object */
         keydata = *(void **)reference;
 
-        return export(keydata, ctx->selection, export_cb, export_cbarg);
+        return export(keydata, selection, export_cb, export_cbarg);
     }
     return 0;
 }
@@ -226,6 +241,8 @@ static void rsa_adjust(void *key, struct pvk2key_ctx_st *ctx)
           (void (*)(void))pvk2##keytype##_newctx },                     \
         { OSSL_FUNC_DECODER_FREECTX,                                    \
           (void (*)(void))pvk2key_freectx },                            \
+        { OSSL_FUNC_DECODER_DOES_SELECTION,                             \
+          (void (*)(void))pvk2key_does_selection },                     \
         { OSSL_FUNC_DECODER_DECODE,                                     \
           (void (*)(void))pvk2key_decode },                             \
         { OSSL_FUNC_DECODER_EXPORT_OBJECT,                              \

libs/openssl/providers/implementations/encode_decode/encode_key2any.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -858,14 +858,17 @@ static int prepare_rsa_params(const void *rsa, int nid, int save,
                 case 1:
                     if ((str = OPENSSL_malloc(str_sz)) == NULL
                         || !WPACKET_init_der(&pkt, str, str_sz)) {
+                        WPACKET_cleanup(&pkt);
                         goto err;
                     }
                     break;
                 }
                 if (!ossl_DER_w_RSASSA_PSS_params(&pkt, -1, pss)
                     || !WPACKET_finish(&pkt)
-                    || !WPACKET_get_total_written(&pkt, &str_sz))
+                    || !WPACKET_get_total_written(&pkt, &str_sz)) {
+                    WPACKET_cleanup(&pkt);
                     goto err;
+                }
                 WPACKET_cleanup(&pkt);
 
                 /*

libs/openssl/providers/implementations/keymgmt/dh_kmgmt.c

@@ -222,6 +222,9 @@ static int dh_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
     if (!ossl_prov_is_running() || dh == NULL)
         return 0;
 
+    if ((selection & DH_POSSIBLE_SELECTIONS) == 0)
+        return 0;
+
     tmpl = OSSL_PARAM_BLD_new();
     if (tmpl == NULL)
         return 0;

libs/openssl/providers/implementations/keymgmt/dsa_kmgmt.c

@@ -223,6 +223,9 @@ static int dsa_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
     if (!ossl_prov_is_running() || dsa == NULL)
         return 0;
 
+    if ((selection & DSA_POSSIBLE_SELECTIONS) == 0)
+        return 0;
+
     tmpl = OSSL_PARAM_BLD_new();
     if (tmpl == NULL)
         return 0;

libs/openssl/providers/implementations/keymgmt/ecx_kmgmt.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -238,6 +238,9 @@ static int ecx_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
     if (!ossl_prov_is_running() || key == NULL)
         return 0;
 
+    if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0)
+        return 0;
+
     tmpl = OSSL_PARAM_BLD_new();
     if (tmpl == NULL)
         return 0;

libs/openssl/providers/implementations/keymgmt/mac_legacy_kmgmt.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -281,6 +281,9 @@ static int mac_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
     if (!ossl_prov_is_running() || key == NULL)
         return 0;
 
+    if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) == 0)
+        return 0;
+
     tmpl = OSSL_PARAM_BLD_new();
     if (tmpl == NULL)
         return 0;

libs/openssl/ssl/ssl_lib.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -583,7 +583,7 @@ int SSL_clear(SSL *s)
     OPENSSL_free(s->psksession_id);
     s->psksession_id = NULL;
     s->psksession_id_len = 0;
-    s->hello_retry_request = 0;
+    s->hello_retry_request = SSL_HRR_NONE;
     s->sent_tickets = 0;
 
     s->error = 0;
@@ -2810,14 +2810,14 @@ char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size)
         if (sk_SSL_CIPHER_find(srvrsk, c) < 0)
             continue;
 
-        n = strlen(c->name);
-        if (n + 1 > size) {
+        n = OPENSSL_strnlen(c->name, size);
+        if (n >= size) {
             if (p != buf)
                 --p;
             *p = '\0';
             return buf;
         }
-        strcpy(p, c->name);
+        memcpy(p, c->name, n);
         p += n;
         *(p++) = ':';
         size -= n + 1;

libs/openssl/ssl/ssl_sess.c

@@ -200,8 +200,11 @@ SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket)
     dest->references = 1;
 
     dest->lock = CRYPTO_THREAD_lock_new();
-    if (dest->lock == NULL)
+    if (dest->lock == NULL) {
+        OPENSSL_free(dest);
+        dest = NULL;
         goto err;
+    }
 
     if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, dest, &dest->ex_data))
         goto err;

libs/openssl/ssl/statem/extensions_srvr.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -883,7 +883,7 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
     }
 
     /* Act as if this ClientHello came after a HelloRetryRequest */
-    s->hello_retry_request = 1;
+    s->hello_retry_request = SSL_HRR_PENDING;
 
     s->ext.cookieok = 1;
 #endif

libs/openssl/test/README-dev.md

@@ -130,7 +130,11 @@ Generic form of C test executables
     int setup_tests(void)
     {
         ADD_TEST(my_test);                  /* Add each test separately     */
-        return 1;                           /* Indicate success             */
+        return 1;                           /* Indicates success.  Return 0 */
+                                            /* to produce an error with a   */
+                                            /* usage message and -1 for     */
+                                            /* failure to set up with no    */
+                                            /* usage message.               */
     }
 
 You should use the `TEST_xxx` macros provided by `testutil.h` to test all failure

libs/openssl/test/chacha_internal_test.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -181,7 +181,7 @@ static int test_cha_cha_internal(int n)
 
 int setup_tests(void)
 {
-#ifdef CPUID_OBJ
+#ifdef OPENSSL_CPUID_OBJ
     OPENSSL_cpuid_setup();
 #endif
 

libs/openssl/test/cmp_asn_test.c

@@ -42,16 +42,28 @@ static void tear_down(CMP_ASN_TEST_FIXTURE *fixture)
 
 static int execute_cmp_asn1_get_int_test(CMP_ASN_TEST_FIXTURE *fixture)
 {
-    int res;
+    int res = 0;
     ASN1_INTEGER *asn1integer = ASN1_INTEGER_new();
+    const int good_int = 77;
+    const int64_t max_int = INT_MAX;
 
     if (!TEST_ptr(asn1integer))
-        return 0;
-    if (!TEST_true(ASN1_INTEGER_set(asn1integer, 77))) {
+        return res;
+
+    if (!TEST_true(ASN1_INTEGER_set(asn1integer, good_int))) {
         ASN1_INTEGER_free(asn1integer);
         return 0;
     }
-    res = TEST_int_eq(77, ossl_cmp_asn1_get_int(asn1integer));
+    res = TEST_int_eq(good_int, ossl_cmp_asn1_get_int(asn1integer));
+    if (res == 0)
+        goto err;
+
+    res = 0;
+    if (!TEST_true(ASN1_INTEGER_set_int64(asn1integer, max_int + 1)))
+        goto err;
+    res = TEST_int_eq(-2, ossl_cmp_asn1_get_int(asn1integer));
+
+ err:
     ASN1_INTEGER_free(asn1integer);
     return res;
 }

libs/openssl/test/cmsapitest.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -56,7 +56,7 @@ static int test_encrypt_decrypt(const EVP_CIPHER *cipher)
     BIO_free(outmsgbio);
     CMS_ContentInfo_free(content);
 
-    return testresult;
+    return testresult && TEST_int_eq(ERR_peek_error(), 0);
 }
 
 static int test_encrypt_decrypt_aes_cbc(void)
@@ -286,7 +286,7 @@ static int test_d2i_CMS_bio_NULL(void)
                                   CMS_NO_SIGNER_CERT_VERIFY));
     CMS_ContentInfo_free(cms);
     BIO_free(bio);
-    return ret;
+    return ret && TEST_int_eq(ERR_peek_error(), 0);
 }
 
 static unsigned char *read_all(BIO *bio, long *p_len)

libs/openssl/test/endecode_test.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -162,6 +162,7 @@ static int test_encode_decode(const char *file, const int line,
     void *encoded = NULL;
     long encoded_len = 0;
     EVP_PKEY *pkey2 = NULL;
+    EVP_PKEY *pkey3 = NULL;
     void *encoded2 = NULL;
     long encoded2_len = 0;
     int ok = 0;
@@ -189,15 +190,25 @@ static int test_encode_decode(const char *file, const int line,
                                 output_type, output_structure,
                                 (flags & FLAG_DECODE_WITH_TYPE ? type : NULL),
                                 selection, pass))
+        || ((output_structure == NULL
+             || strcmp(output_structure, "type-specific") != 0)
+            && !TEST_true(decode_cb(file, line, (void **)&pkey3, encoded, encoded_len,
+                                    output_type, output_structure,
+                                    (flags & FLAG_DECODE_WITH_TYPE ? type : NULL),
+                                    0, pass)))
         || !TEST_true(encode_cb(file, line, &encoded2, &encoded2_len, pkey2, selection,
                                 output_type, output_structure, pass, pcipher)))
         goto end;
 
     if (selection == OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) {
-        if (!TEST_int_eq(EVP_PKEY_parameters_eq(pkey, pkey2), 1))
+        if (!TEST_int_eq(EVP_PKEY_parameters_eq(pkey, pkey2), 1)
+            || (pkey3 != NULL
+                && !TEST_int_eq(EVP_PKEY_parameters_eq(pkey, pkey3), 1)))
             goto end;
     } else {
-        if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
+        if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1)
+            || (pkey3 != NULL
+                && !TEST_int_eq(EVP_PKEY_eq(pkey, pkey3), 1)))
             goto end;
     }
 
@@ -222,6 +233,7 @@ static int test_encode_decode(const char *file, const int line,
     OPENSSL_free(encoded);
     OPENSSL_free(encoded2);
     EVP_PKEY_free(pkey2);
+    EVP_PKEY_free(pkey3);
     return ok;
 }