git: cb29db243bd0 - stable/14 - openssl: Import OpenSSL 3.0.16
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 25 Mar 2025 21:09:54 UTC
The branch stable/14 has been updated by ngie:
URL: https://cgit.FreeBSD.org/src/commit/?id=cb29db243bd09d16604435639ae43ef7af0ea254
commit cb29db243bd09d16604435639ae43ef7af0ea254
Author: Enji Cooper <ngie@FreeBSD.org>
AuthorDate: 2025-03-14 06:40:59 +0000
Commit: Enji Cooper <ngie@FreeBSD.org>
CommitDate: 2025-03-25 21:07:59 +0000
openssl: Import OpenSSL 3.0.16
This release incorporates the following bug fixes and mitigations:
- [CVE-2024-13176](https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
- [CVE-2024-9143](https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143)
Release notes can be found at:
https://openssl-library.org/news/openssl-3.0-notes/index.html
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D49296
(cherry picked from commit 0d0c8621fd181e507f0fb50ffcca606faf66a8c2)
---
crypto/openssl/CHANGES.md | 33 ++
crypto/openssl/Configurations/unix-Makefile.tmpl | 2 +-
crypto/openssl/NEWS.md | 16 +
crypto/openssl/NOTES-NONSTOP.md | 7 +-
crypto/openssl/README.md | 28 +-
crypto/openssl/VERSION.dat | 4 +-
crypto/openssl/apps/asn1parse.c | 5 +-
crypto/openssl/apps/cms.c | 39 ++-
crypto/openssl/apps/engine.c | 8 +-
crypto/openssl/apps/lib/http_server.c | 7 +-
crypto/openssl/apps/lib/s_cb.c | 24 +-
crypto/openssl/apps/lib/s_socket.c | 13 +-
crypto/openssl/apps/lib/vms_term_sock.c | 10 +-
crypto/openssl/apps/passwd.c | 3 +-
crypto/openssl/apps/pkcs12.c | 5 +-
crypto/openssl/apps/pkeyutl.c | 5 +-
crypto/openssl/apps/rehash.c | 5 +
crypto/openssl/apps/smime.c | 20 +-
crypto/openssl/apps/speed.c | 373 ++++++++++++++++-----
crypto/openssl/configdata.pm.in | 4 +-
crypto/openssl/crypto/asn1/a_bitstr.c | 41 ++-
crypto/openssl/crypto/asn1/a_strnid.c | 10 +-
crypto/openssl/crypto/asn1/a_time.c | 57 ++--
crypto/openssl/crypto/asn1/asn1_gen.c | 5 +-
crypto/openssl/crypto/asn1/asn_mime.c | 2 +
crypto/openssl/crypto/bio/bio_addr.c | 9 +-
crypto/openssl/crypto/bio/bio_sock.c | 4 +-
crypto/openssl/crypto/bio/bss_log.c | 2 +-
crypto/openssl/crypto/bn/asm/armv8-mont.pl | 4 +-
crypto/openssl/crypto/bn/bn_exp.c | 23 +-
crypto/openssl/crypto/bn/bn_gf2m.c | 28 +-
crypto/openssl/crypto/bn/rsaz_exp_x2.c | 8 +-
crypto/openssl/crypto/cmp/cmp_client.c | 5 +-
crypto/openssl/crypto/cms/cms_asn1.c | 19 +-
crypto/openssl/crypto/cms/cms_dh.c | 2 +-
crypto/openssl/crypto/cms/cms_env.c | 9 -
crypto/openssl/crypto/cms/cms_err.c | 102 +++---
crypto/openssl/crypto/cms/cms_kari.c | 9 +-
crypto/openssl/crypto/cms/cms_lib.c | 15 +-
crypto/openssl/crypto/cms/cms_local.h | 2 +-
crypto/openssl/crypto/cms/cms_rsa.c | 5 +-
crypto/openssl/crypto/cms/cms_sd.c | 20 +-
crypto/openssl/crypto/cms/cms_smime.c | 3 +-
crypto/openssl/crypto/core_fetch.c | 5 +-
crypto/openssl/crypto/dso/dso_dl.c | 13 +-
crypto/openssl/crypto/dso/dso_dlfcn.c | 9 +-
crypto/openssl/crypto/dso/dso_win32.c | 16 +-
crypto/openssl/crypto/ec/ec_asn1.c | 2 +-
crypto/openssl/crypto/ec/ec_backend.c | 8 +-
crypto/openssl/crypto/ec/ec_lib.c | 9 +-
crypto/openssl/crypto/ec/ec_oct.c | 4 +
crypto/openssl/crypto/encode_decode/encoder_pkey.c | 6 +-
crypto/openssl/crypto/err/openssl.txt | 4 +-
crypto/openssl/crypto/evp/ctrl_params_translate.c | 12 +-
crypto/openssl/crypto/evp/m_sigver.c | 12 +-
crypto/openssl/crypto/http/http_client.c | 19 +-
crypto/openssl/crypto/http/http_lib.c | 22 +-
crypto/openssl/crypto/pem/pem_pk8.c | 4 +-
crypto/openssl/crypto/pkcs12/p12_crt.c | 6 +-
crypto/openssl/crypto/pkcs7/pk7_doit.c | 6 +-
crypto/openssl/crypto/pkcs7/pk7_lib.c | 5 +
crypto/openssl/crypto/sm2/sm2_sign.c | 10 +-
crypto/openssl/crypto/srp/srp_vfy.c | 2 +
crypto/openssl/crypto/threads_win.c | 3 +-
crypto/openssl/crypto/trace.c | 2 +-
crypto/openssl/crypto/ui/ui_util.c | 12 +-
crypto/openssl/crypto/x509/v3_admis.c | 34 +-
crypto/openssl/crypto/x509/v3_san.c | 3 +-
crypto/openssl/crypto/x509/x509_cmp.c | 4 +-
crypto/openssl/crypto/x509/x_all.c | 4 +-
crypto/openssl/demos/cipher/aesccm.c | 2 +-
crypto/openssl/doc/man1/openssl-ca.pod.in | 2 +-
crypto/openssl/doc/man1/openssl-cmp.pod.in | 11 +-
crypto/openssl/doc/man1/openssl-cms.pod.in | 9 +-
crypto/openssl/doc/man1/openssl-fipsinstall.pod.in | 4 +
crypto/openssl/doc/man1/openssl-ocsp.pod.in | 30 +-
crypto/openssl/doc/man1/openssl-pkeyutl.pod.in | 77 +++--
crypto/openssl/doc/man1/openssl-req.pod.in | 4 +-
crypto/openssl/doc/man1/openssl-s_client.pod.in | 77 ++++-
crypto/openssl/doc/man1/openssl-s_server.pod.in | 11 +-
crypto/openssl/doc/man1/openssl-s_time.pod.in | 1 +
crypto/openssl/doc/man1/openssl-smime.pod.in | 4 +-
crypto/openssl/doc/man1/openssl-ts.pod.in | 2 +
.../doc/man1/openssl-verification-options.pod | 194 ++++++-----
crypto/openssl/doc/man1/openssl.pod | 107 +-----
crypto/openssl/doc/man3/ASN1_TIME_set.pod | 10 +-
crypto/openssl/doc/man3/ASN1_aux_cb.pod | 6 +-
crypto/openssl/doc/man3/BIO_s_accept.pod | 6 +-
crypto/openssl/doc/man3/BIO_s_connect.pod | 2 +-
crypto/openssl/doc/man3/ECDSA_sign.pod | 4 +-
crypto/openssl/doc/man3/EVP_EncryptInit.pod | 16 +-
crypto/openssl/doc/man3/EVP_PKEY_decapsulate.pod | 9 +-
crypto/openssl/doc/man3/EVP_PKEY_encapsulate.pod | 7 +-
crypto/openssl/doc/man3/OSSL_CMP_CTX_new.pod | 6 +-
crypto/openssl/doc/man3/OSSL_CMP_validate_msg.pod | 4 +-
crypto/openssl/doc/man3/OSSL_HTTP_parse_url.pod | 11 +-
crypto/openssl/doc/man3/OSSL_HTTP_transfer.pod | 6 +-
crypto/openssl/doc/man3/OSSL_PARAM.pod | 2 +-
crypto/openssl/doc/man3/OSSL_trace_enabled.pod | 8 +-
crypto/openssl/doc/man3/SSL_CTX_new.pod | 10 +-
crypto/openssl/doc/man3/SSL_get_shared_sigalgs.pod | 2 +-
crypto/openssl/doc/man3/SSL_set_bio.pod | 9 +
crypto/openssl/doc/man3/X509V3_set_ctx.pod | 5 +-
crypto/openssl/doc/man3/X509_STORE_CTX_new.pod | 19 +-
crypto/openssl/doc/man3/X509_add_cert.pod | 3 +-
crypto/openssl/doc/man3/X509_load_http.pod | 3 +
crypto/openssl/doc/man7/EVP_KDF-HKDF.pod | 2 +
crypto/openssl/doc/man7/EVP_KDF-KB.pod | 2 +
crypto/openssl/doc/man7/EVP_KDF-PBKDF2.pod | 2 +
crypto/openssl/doc/man7/EVP_KDF-SS.pod | 2 +
crypto/openssl/doc/man7/EVP_KDF-SSHKDF.pod | 2 +
crypto/openssl/doc/man7/EVP_KDF-TLS13_KDF.pod | 2 +
crypto/openssl/doc/man7/EVP_KDF-TLS1_PRF.pod | 2 +
crypto/openssl/doc/man7/EVP_KDF-X942-ASN1.pod | 2 +
crypto/openssl/doc/man7/EVP_KDF-X963.pod | 2 +
crypto/openssl/doc/man7/EVP_SIGNATURE-DSA.pod | 4 +-
crypto/openssl/doc/man7/openssl-env.pod | 93 +++++
crypto/openssl/doc/man7/provider.pod | 12 +
crypto/openssl/engines/e_afalg.c | 4 +-
crypto/openssl/engines/e_loader_attic.c | 2 +-
crypto/openssl/include/crypto/bn.h | 5 +-
crypto/openssl/include/crypto/cmserr.h | 2 +-
crypto/openssl/include/openssl/cmserr.h | 3 +-
crypto/openssl/include/openssl/http.h | 5 +-
crypto/openssl/providers/fips-sources.checksums | 254 +++++++-------
crypto/openssl/providers/fips.checksum | 2 +-
.../implementations/ciphers/cipher_aes_ocb.c | 12 +-
.../encode_decode/encode_key2text.c | 3 +-
.../openssl/providers/implementations/kdfs/hkdf.c | 2 +-
.../providers/implementations/kdfs/scrypt.c | 5 +-
.../providers/implementations/kem/rsa_kem.c | 54 ++-
.../providers/implementations/keymgmt/dsa_kmgmt.c | 2 +-
.../providers/implementations/keymgmt/ecx_kmgmt.c | 2 +-
.../implementations/keymgmt/mac_legacy_kmgmt.c | 6 +-
.../implementations/signature/eddsa_sig.c | 3 +-
.../implementations/storemgmt/file_store.c | 2 +-
crypto/openssl/ssl/statem/extensions_srvr.c | 2 +-
crypto/openssl/ssl/statem/statem_srvr.c | 6 +-
crypto/openssl/test/acvp_test.c | 2 +-
crypto/openssl/test/build.info | 6 +-
crypto/openssl/test/cmactest.c | 8 +-
crypto/openssl/test/conf_include_test.c | 2 +-
crypto/openssl/test/drbgtest.c | 2 +-
crypto/openssl/test/ec_internal_test.c | 51 +++
crypto/openssl/test/enginetest.c | 4 +-
crypto/openssl/test/evp_kdf_test.c | 28 +-
crypto/openssl/test/evp_libctx_test.c | 126 ++++---
crypto/openssl/test/hmactest.c | 12 +-
crypto/openssl/test/memleaktest.c | 4 +-
crypto/openssl/test/p_test.c | 34 +-
crypto/openssl/test/pkcs12_format_test.c | 9 +-
crypto/openssl/test/property_test.c | 41 ++-
crypto/openssl/test/recipes/03-test_fipsinstall.t | 4 +
.../openssl/test/recipes/04-test_encoder_decoder.t | 29 +-
crypto/openssl/test/recipes/25-test_verify.t | 8 +-
.../recipes/30-test_evp_data/evpkdf_tls13_kdf.txt | 10 +
crypto/openssl/test/recipes/80-test_cmp_http.t | 4 +-
.../80-test_cmp_http_data/test_connection.csv | 4 +-
crypto/openssl/test/recipes/80-test_cms.t | 81 ++++-
crypto/openssl/test/sslapitest.c | 5 +-
crypto/openssl/test/testutil/tests.c | 3 +-
crypto/openssl/test/threadstest.c | 2 +-
crypto/openssl/util/check-format-commit.sh | 193 ++++++-----
crypto/openssl/util/check-format.pl | 14 +-
crypto/openssl/util/mkbuildinf.pl | 12 +-
crypto/openssl/util/perl/OpenSSL/Template.pm | 9 +
166 files changed, 2042 insertions(+), 1082 deletions(-)
diff --git a/crypto/openssl/CHANGES.md b/crypto/openssl/CHANGES.md
index e41181b5bbb0..5b0193bc3955 100644
--- a/crypto/openssl/CHANGES.md
+++ b/crypto/openssl/CHANGES.md
@@ -28,6 +28,37 @@ breaking changes, and mappings for the large list of deprecated functions.
[Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod
+### Changes between 3.0.15 and 3.0.16 [11 Feb 2025]
+
+ * Fixed timing side-channel in ECDSA signature computation.
+
+ There is a timing signal of around 300 nanoseconds when the top word of
+ the inverted ECDSA nonce value is zero. This can happen with significant
+ probability only for some of the supported elliptic curves. In particular
+ the NIST P-521 curve is affected. To be able to measure this leak, the
+ attacker process must either be located in the same physical computer or
+ must have a very fast network connection with low latency.
+
+ ([CVE-2024-13176])
+
+ *Tomáš Mráz*
+
+ * Fixed possible OOB memory access with invalid low-level GF(2^m) elliptic
+ curve parameters.
+
+ Use of the low-level GF(2^m) elliptic curve APIs with untrusted
+ explicit values for the field polynomial can lead to out-of-bounds memory
+ reads or writes.
+ Applications working with "exotic" explicit binary (GF(2^m)) curve
+ parameters, that make it possible to represent invalid field polynomials
+ with a zero constant term, via the above or similar APIs, may terminate
+ abruptly as a result of reading or writing outside of array bounds. Remote
+ code execution cannot easily be ruled out.
+
+ ([CVE-2024-9143])
+
+ *Viktor Dukhovni*
+
### Changes between 3.0.14 and 3.0.15 [3 Sep 2024]
* Fixed possible denial of service in X.509 name checks.
@@ -19922,6 +19953,8 @@ ndif
<!-- Links -->
+[CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
+[CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143
[CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119
[CVE-2024-5535]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-5535
[CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741
diff --git a/crypto/openssl/Configurations/unix-Makefile.tmpl b/crypto/openssl/Configurations/unix-Makefile.tmpl
index 644540397de5..d2b0797a7edf 100644
--- a/crypto/openssl/Configurations/unix-Makefile.tmpl
+++ b/crypto/openssl/Configurations/unix-Makefile.tmpl
@@ -1688,7 +1688,7 @@ EOF
} elsif ($makedep_scheme eq 'gcc' && !grep /\.rc$/, @srcs) {
$recipe .= <<"EOF";
$obj: $deps
- $cmd $incs $defs $cmdflags -MMD -MF $dep.tmp -MT \$\@ -c -o \$\@ $srcs
+ $cmd $incs $defs $cmdflags -MMD -MF $dep.tmp -c -o \$\@ $srcs
\@touch $dep.tmp
\@if cmp $dep.tmp $dep > /dev/null 2> /dev/null; then \\
rm -f $dep.tmp; \\
diff --git a/crypto/openssl/NEWS.md b/crypto/openssl/NEWS.md
index e0a81703ee8d..007fc9786ef8 100644
--- a/crypto/openssl/NEWS.md
+++ b/crypto/openssl/NEWS.md
@@ -18,6 +18,20 @@ OpenSSL Releases
OpenSSL 3.0
-----------
+### Major changes between OpenSSL 3.0.15 and OpenSSL 3.0.16 [11 Feb 2025]
+
+OpenSSL 3.0.16 is a security patch release. The most severe CVE fixed in this
+release is Low.
+
+This release incorporates the following bug fixes and mitigations:
+
+ * Fixed timing side-channel in ECDSA signature computation.
+ ([CVE-2024-13176])
+
+ * Fixed possible OOB memory access with invalid low-level GF(2^m) elliptic
+ curve parameters.
+ ([CVE-2024-9143])
+
### Major changes between OpenSSL 3.0.14 and OpenSSL 3.0.15 [3 Sep 2024]
OpenSSL 3.0.15 is a security patch release. The most severe CVE fixed in this
@@ -1495,6 +1509,8 @@ OpenSSL 0.9.x
<!-- Links -->
+[CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
+[CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143
[CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119
[CVE-2024-5535]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-5535
[CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741
diff --git a/crypto/openssl/NOTES-NONSTOP.md b/crypto/openssl/NOTES-NONSTOP.md
index ab13de7d3a76..9441647604c7 100644
--- a/crypto/openssl/NOTES-NONSTOP.md
+++ b/crypto/openssl/NOTES-NONSTOP.md
@@ -119,12 +119,9 @@ correctly, you also need the `COMP_ROOT` set, as in:
`COMP_ROOT` needs to be in Windows form.
-`Configure` must specify the `no-makedepend` option otherwise errors will
-result when running the build because the c99 cross-compiler does not support
-the `gcc -MT` option. An example of a `Configure` command to be run from the
-OpenSSL directory is:
+An example of a `Configure` command to be run from the OpenSSL directory is:
- ./Configure nonstop-nsx_64 no-makedepend --with-rand-seed=rdcpu
+ ./Configure nonstop-nsx_64 --with-rand-seed=rdcpu
Do not forget to include any OpenSSL cross-compiling prefix and certificate
options when creating your libraries.
diff --git a/crypto/openssl/README.md b/crypto/openssl/README.md
index 5184a461bb17..477f5cbb7d12 100644
--- a/crypto/openssl/README.md
+++ b/crypto/openssl/README.md
@@ -59,7 +59,7 @@ For Production Use
------------------
Source code tarballs of the official releases can be downloaded from
-[www.openssl.org/source](https://www.openssl.org/source).
+[openssl-library.org/source/](https://openssl-library.org/source/).
The OpenSSL project does not distribute the toolkit in binary form.
However, for a large variety of operating systems precompiled versions
@@ -75,22 +75,18 @@ the source tarballs, having a local copy of the git repository with
the entire project history gives you much more insight into the
code base.
-The official OpenSSL Git Repository is located at [git.openssl.org].
-There is a GitHub mirror of the repository at [github.com/openssl/openssl],
+The main OpenSSL Git repository is private.
+There is a public GitHub mirror of it at [github.com/openssl/openssl],
which is updated automatically from the former on every commit.
-A local copy of the Git Repository can be obtained by cloning it from
-the original OpenSSL repository using
-
- git clone git://git.openssl.org/openssl.git
-
-or from the GitHub mirror using
+A local copy of the Git repository can be obtained by cloning it from
+the GitHub mirror using
git clone https://github.com/openssl/openssl.git
If you intend to contribute to OpenSSL, either to fix bugs or contribute
-new features, you need to fork the OpenSSL repository openssl/openssl on
-GitHub and clone your public fork instead.
+new features, you need to fork the GitHub mirror and clone your public fork
+instead.
git clone https://github.com/yourname/openssl.git
@@ -166,7 +162,7 @@ attempting to develop or distribute cryptographic code.
Copyright
=========
-Copyright (c) 1998-2024 The OpenSSL Project
+Copyright (c) 1998-2025 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
@@ -178,14 +174,6 @@ All rights reserved.
<https://www.openssl.org>
"OpenSSL Homepage"
-[git.openssl.org]:
- <https://git.openssl.org>
- "OpenSSL Git Repository"
-
-[git.openssl.org]:
- <https://git.openssl.org>
- "OpenSSL Git Repository"
-
[github.com/openssl/openssl]:
<https://github.com/openssl/openssl>
"OpenSSL GitHub Mirror"
diff --git a/crypto/openssl/VERSION.dat b/crypto/openssl/VERSION.dat
index 0942ddc200ca..4b7eb91a451a 100644
--- a/crypto/openssl/VERSION.dat
+++ b/crypto/openssl/VERSION.dat
@@ -1,7 +1,7 @@
MAJOR=3
MINOR=0
-PATCH=15
+PATCH=16
PRE_RELEASE_TAG=
BUILD_METADATA=
-RELEASE_DATE="3 Sep 2024"
+RELEASE_DATE="11 Feb 2025"
SHLIB_VERSION=3
diff --git a/crypto/openssl/apps/asn1parse.c b/crypto/openssl/apps/asn1parse.c
index f0bfd1d45fc4..129b867c8cc7 100644
--- a/crypto/openssl/apps/asn1parse.c
+++ b/crypto/openssl/apps/asn1parse.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -127,7 +127,8 @@ int asn1parse_main(int argc, char **argv)
dump = strtol(opt_arg(), NULL, 0);
break;
case OPT_STRPARSE:
- sk_OPENSSL_STRING_push(osk, opt_arg());
+ if (sk_OPENSSL_STRING_push(osk, opt_arg()) <= 0)
+ goto end;
break;
case OPT_GENSTR:
genstr = opt_arg();
diff --git a/crypto/openssl/apps/cms.c b/crypto/openssl/apps/cms.c
index abb9f196a760..dce227ef2db5 100644
--- a/crypto/openssl/apps/cms.c
+++ b/crypto/openssl/apps/cms.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2008-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -494,13 +494,15 @@ int cms_main(int argc, char **argv)
if (rr_from == NULL
&& (rr_from = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
- sk_OPENSSL_STRING_push(rr_from, opt_arg());
+ if (sk_OPENSSL_STRING_push(rr_from, opt_arg()) <= 0)
+ goto end;
break;
case OPT_RR_TO:
if (rr_to == NULL
&& (rr_to = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
- sk_OPENSSL_STRING_push(rr_to, opt_arg());
+ if (sk_OPENSSL_STRING_push(rr_to, opt_arg()) <= 0)
+ goto end;
break;
case OPT_PRINT:
noout = print = 1;
@@ -577,13 +579,15 @@ int cms_main(int argc, char **argv)
if (sksigners == NULL
&& (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
- sk_OPENSSL_STRING_push(sksigners, signerfile);
+ if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
+ goto end;
if (keyfile == NULL)
keyfile = signerfile;
if (skkeys == NULL
&& (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
- sk_OPENSSL_STRING_push(skkeys, keyfile);
+ if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
+ goto end;
keyfile = NULL;
}
signerfile = opt_arg();
@@ -601,12 +605,14 @@ int cms_main(int argc, char **argv)
if (sksigners == NULL
&& (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
- sk_OPENSSL_STRING_push(sksigners, signerfile);
+ if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
+ goto end;
signerfile = NULL;
if (skkeys == NULL
&& (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
- sk_OPENSSL_STRING_push(skkeys, keyfile);
+ if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
+ goto end;
}
keyfile = opt_arg();
break;
@@ -660,7 +666,8 @@ int cms_main(int argc, char **argv)
key_param->next = nparam;
key_param = nparam;
}
- sk_OPENSSL_STRING_push(key_param->param, opt_arg());
+ if (sk_OPENSSL_STRING_push(key_param->param, opt_arg()) <= 0)
+ goto end;
break;
case OPT_V_CASES:
if (!opt_verify(o, vpm))
@@ -749,12 +756,14 @@ int cms_main(int argc, char **argv)
if (sksigners == NULL
&& (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
- sk_OPENSSL_STRING_push(sksigners, signerfile);
+ if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
+ goto end;
if (skkeys == NULL && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
if (keyfile == NULL)
keyfile = signerfile;
- sk_OPENSSL_STRING_push(skkeys, keyfile);
+ if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
+ goto end;
}
if (sksigners == NULL) {
BIO_printf(bio_err, "No signer certificate specified\n");
@@ -1014,8 +1023,15 @@ int cms_main(int argc, char **argv)
pwri_tmp = NULL;
}
if (!(flags & CMS_STREAM)) {
- if (!CMS_final(cms, in, NULL, flags))
+ if (!CMS_final(cms, in, NULL, flags)) {
+ if (originator != NULL
+ && ERR_GET_REASON(ERR_peek_error())
+ == CMS_R_ERROR_UNSUPPORTED_STATIC_KEY_AGREEMENT) {
+ BIO_printf(bio_err, "Cannot use originator for encryption\n");
+ goto end;
+ }
goto end;
+ }
}
} else if (operation == SMIME_ENCRYPTED_ENCRYPT) {
cms = CMS_EncryptedData_encrypt_ex(in, cipher, secret_key,
@@ -1261,6 +1277,7 @@ int cms_main(int argc, char **argv)
X509_free(cert);
X509_free(recip);
X509_free(signer);
+ X509_free(originator);
EVP_PKEY_free(key);
EVP_CIPHER_free(cipher);
EVP_CIPHER_free(wrap_cipher);
diff --git a/crypto/openssl/apps/engine.c b/crypto/openssl/apps/engine.c
index 1b0f64309c6f..c83bdfc150c3 100644
--- a/crypto/openssl/apps/engine.c
+++ b/crypto/openssl/apps/engine.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -352,10 +352,12 @@ int engine_main(int argc, char **argv)
test_avail++;
break;
case OPT_PRE:
- sk_OPENSSL_STRING_push(pre_cmds, opt_arg());
+ if (sk_OPENSSL_STRING_push(pre_cmds, opt_arg()) <= 0)
+ goto end;
break;
case OPT_POST:
- sk_OPENSSL_STRING_push(post_cmds, opt_arg());
+ if (sk_OPENSSL_STRING_push(post_cmds, opt_arg()) <= 0)
+ goto end;
break;
}
}
diff --git a/crypto/openssl/apps/lib/http_server.c b/crypto/openssl/apps/lib/http_server.c
index a7fe5e1a58b0..33ae886d4a1c 100644
--- a/crypto/openssl/apps/lib/http_server.c
+++ b/crypto/openssl/apps/lib/http_server.c
@@ -220,14 +220,17 @@ BIO *http_server_init_bio(const char *prog, const char *port)
{
BIO *acbio = NULL, *bufbio;
int asock;
+ char name[40];
+ snprintf(name, sizeof(name), "[::]:%s", port); /* port may be "0" */
bufbio = BIO_new(BIO_f_buffer());
if (bufbio == NULL)
goto err;
acbio = BIO_new(BIO_s_accept());
if (acbio == NULL
- || BIO_set_bind_mode(acbio, BIO_BIND_REUSEADDR) < 0
- || BIO_set_accept_port(acbio, port) < 0) {
+ || BIO_set_accept_ip_family(acbio, BIO_FAMILY_IPANY) <= 0 /* IPv4/6 */
+ || BIO_set_bind_mode(acbio, BIO_BIND_REUSEADDR) <= 0
+ || BIO_set_accept_name(acbio, name) <= 0) {
log_message(prog, LOG_ERR, "Error setting up accept BIO");
goto err;
}
diff --git a/crypto/openssl/apps/lib/s_cb.c b/crypto/openssl/apps/lib/s_cb.c
index 6440b496099e..9f33c24c4e35 100644
--- a/crypto/openssl/apps/lib/s_cb.c
+++ b/crypto/openssl/apps/lib/s_cb.c
@@ -240,10 +240,10 @@ static const char *get_sigtype(int nid)
return "ECDSA";
case NID_ED25519:
- return "Ed25519";
+ return "ed25519";
case NID_ED448:
- return "Ed448";
+ return "ed448";
case NID_id_GostR3410_2001:
return "gost2001";
@@ -288,6 +288,26 @@ static int do_print_sigalgs(BIO *out, SSL *s, int shared)
SSL_get_sigalgs(s, i, &sign_nid, &hash_nid, NULL, &rsign, &rhash);
if (i)
BIO_puts(out, ":");
+ switch (rsign | rhash << 8) {
+ case 0x0809:
+ BIO_puts(out, "rsa_pss_pss_sha256");
+ continue;
+ case 0x080a:
+ BIO_puts(out, "rsa_pss_pss_sha384");
+ continue;
+ case 0x080b:
+ BIO_puts(out, "rsa_pss_pss_sha512");
+ continue;
+ case 0x081a:
+ BIO_puts(out, "ecdsa_brainpoolP256r1_sha256");
+ continue;
+ case 0x081b:
+ BIO_puts(out, "ecdsa_brainpoolP384r1_sha384");
+ continue;
+ case 0x081c:
+ BIO_puts(out, "ecdsa_brainpoolP512r1_sha512");
+ continue;
+ }
sstr = get_sigtype(sign_nid);
if (sstr)
BIO_printf(out, "%s", sstr);
diff --git a/crypto/openssl/apps/lib/s_socket.c b/crypto/openssl/apps/lib/s_socket.c
index 059afe47b904..8c6020d01692 100644
--- a/crypto/openssl/apps/lib/s_socket.c
+++ b/crypto/openssl/apps/lib/s_socket.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -380,6 +380,12 @@ int do_server(int *accept_sock, const char *host, const char *port,
BIO_closesocket(asock);
break;
}
+
+ if (naccept != -1)
+ naccept--;
+ if (naccept == 0)
+ BIO_closesocket(asock);
+
BIO_set_tcp_ndelay(sock, 1);
i = (*cb)(sock, type, protocol, context);
@@ -410,11 +416,12 @@ int do_server(int *accept_sock, const char *host, const char *port,
BIO_closesocket(sock);
} else {
+ if (naccept != -1)
+ naccept--;
+
i = (*cb)(asock, type, protocol, context);
}
- if (naccept != -1)
- naccept--;
if (i < 0 || naccept == 0) {
BIO_closesocket(asock);
ret = i;
diff --git a/crypto/openssl/apps/lib/vms_term_sock.c b/crypto/openssl/apps/lib/vms_term_sock.c
index 97fb3943265c..1a413376b20b 100644
--- a/crypto/openssl/apps/lib/vms_term_sock.c
+++ b/crypto/openssl/apps/lib/vms_term_sock.c
@@ -353,7 +353,7 @@ static int CreateSocketPair (int SocketFamily,
/*
** Get the binary (64-bit) time of the specified timeout value
*/
- sprintf (AscTimeBuff, "0 0:0:%02d.00", SOCKET_PAIR_TIMEOUT_VALUE);
+ BIO_snprintf(AscTimeBuff, sizeof(AscTimeBuff), "0 0:0:%02d.00", SOCKET_PAIR_TIMEOUT_VALUE);
AscTimeDesc.dsc$w_length = strlen (AscTimeBuff);
AscTimeDesc.dsc$a_pointer = AscTimeBuff;
status = sys$bintim (&AscTimeDesc, BinTimeBuff);
@@ -567,10 +567,10 @@ static void LogMessage (char *msg, ...)
/*
** Format the message buffer
*/
- sprintf (MsgBuff, "%02d-%s-%04d %02d:%02d:%02d [%08X] %s\n",
- LocTime->tm_mday, Month[LocTime->tm_mon],
- (LocTime->tm_year + 1900), LocTime->tm_hour, LocTime->tm_min,
- LocTime->tm_sec, pid, msg);
+ BIO_snprintf(MsgBuff, sizeof(MsgBuff), "%02d-%s-%04d %02d:%02d:%02d [%08X] %s\n",
+ LocTime->tm_mday, Month[LocTime->tm_mon],
+ (LocTime->tm_year + 1900), LocTime->tm_hour, LocTime->tm_min,
+ LocTime->tm_sec, pid, msg);
/*
** Get any variable arguments and add them to the print of the message
diff --git a/crypto/openssl/apps/passwd.c b/crypto/openssl/apps/passwd.c
index 64b2e76c147a..31d8bdd87cb6 100644
--- a/crypto/openssl/apps/passwd.c
+++ b/crypto/openssl/apps/passwd.c
@@ -589,7 +589,8 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt)
OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf));
if (rounds_custom) {
char tmp_buf[80]; /* "rounds=999999999" */
- sprintf(tmp_buf, "rounds=%u", rounds);
+
+ BIO_snprintf(tmp_buf, sizeof(tmp_buf), "rounds=%u", rounds);
#ifdef CHARSET_EBCDIC
/* In case we're really on a ASCII based platform and just pretend */
if (tmp_buf[0] != 0x72) /* ASCII 'r' */
diff --git a/crypto/openssl/apps/pkcs12.c b/crypto/openssl/apps/pkcs12.c
index ab78903ee9cd..5146699f1672 100644
--- a/crypto/openssl/apps/pkcs12.c
+++ b/crypto/openssl/apps/pkcs12.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -305,7 +305,8 @@ int pkcs12_main(int argc, char **argv)
if (canames == NULL
&& (canames = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
- sk_OPENSSL_STRING_push(canames, opt_arg());
+ if (sk_OPENSSL_STRING_push(canames, opt_arg()) <= 0)
+ goto end;
break;
case OPT_IN:
infile = opt_arg();
diff --git a/crypto/openssl/apps/pkeyutl.c b/crypto/openssl/apps/pkeyutl.c
index 3c9f9025a160..5e5047137632 100644
--- a/crypto/openssl/apps/pkeyutl.c
+++ b/crypto/openssl/apps/pkeyutl.c
@@ -81,10 +81,11 @@ const OPTIONS pkeyutl_options[] = {
OPT_SECTION("Output"),
{"out", OPT_OUT, '>', "Output file - default stdout"},
- {"asn1parse", OPT_ASN1PARSE, '-', "asn1parse the output data"},
+ {"asn1parse", OPT_ASN1PARSE, '-',
+ "parse the output as ASN.1 data to check its DER encoding and print errors"},
{"hexdump", OPT_HEXDUMP, '-', "Hex dump output"},
{"verifyrecover", OPT_VERIFYRECOVER, '-',
- "Verify with public key, recover original data"},
+ "Verify RSA signature, recovering original signature input data"},
OPT_SECTION("Signing/Derivation"),
{"digest", OPT_DIGEST, 's',
diff --git a/crypto/openssl/apps/rehash.c b/crypto/openssl/apps/rehash.c
index 85eee3857942..6e0ca3642c40 100644
--- a/crypto/openssl/apps/rehash.c
+++ b/crypto/openssl/apps/rehash.c
@@ -559,6 +559,11 @@ int rehash_main(int argc, char **argv)
} else if ((env = getenv(X509_get_default_cert_dir_env())) != NULL) {
char lsc[2] = { LIST_SEPARATOR_CHAR, '\0' };
m = OPENSSL_strdup(env);
+ if (m == NULL) {
+ BIO_puts(bio_err, "out of memory\n");
+ errs = 1;
+ goto end;
+ }
for (e = strtok(m, lsc); e != NULL; e = strtok(NULL, lsc))
errs += do_dir(e, h);
OPENSSL_free(m);
diff --git a/crypto/openssl/apps/smime.c b/crypto/openssl/apps/smime.c
index 651294e46daa..790a8d06ad0c 100644
--- a/crypto/openssl/apps/smime.c
+++ b/crypto/openssl/apps/smime.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -279,13 +279,15 @@ int smime_main(int argc, char **argv)
if (sksigners == NULL
&& (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
- sk_OPENSSL_STRING_push(sksigners, signerfile);
+ if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
+ goto end;
if (keyfile == NULL)
keyfile = signerfile;
if (skkeys == NULL
&& (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
- sk_OPENSSL_STRING_push(skkeys, keyfile);
+ if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
+ goto end;
keyfile = NULL;
}
signerfile = opt_arg();
@@ -310,12 +312,14 @@ int smime_main(int argc, char **argv)
if (sksigners == NULL
&& (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
- sk_OPENSSL_STRING_push(sksigners, signerfile);
+ if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
+ goto end;
signerfile = NULL;
if (skkeys == NULL
&& (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
- sk_OPENSSL_STRING_push(skkeys, keyfile);
+ if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
+ goto end;
}
keyfile = opt_arg();
break;
@@ -390,12 +394,14 @@ int smime_main(int argc, char **argv)
if (sksigners == NULL
&& (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
- sk_OPENSSL_STRING_push(sksigners, signerfile);
+ if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
+ goto end;
if (!skkeys && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
if (!keyfile)
keyfile = signerfile;
- sk_OPENSSL_STRING_push(skkeys, keyfile);
+ if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
+ goto end;
}
if (sksigners == NULL) {
BIO_printf(bio_err, "No signer certificate specified\n");
diff --git a/crypto/openssl/apps/speed.c b/crypto/openssl/apps/speed.c
index d8e2c70e6128..bafcacf7775e 100644
--- a/crypto/openssl/apps/speed.c
+++ b/crypto/openssl/apps/speed.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -456,6 +456,14 @@ static double sm2_results[SM2_NUM][2]; /* 2 ops: sign then verify */
#define COND(unused_cond) (run && count < INT_MAX)
#define COUNT(d) (count)
+#define TAG_LEN 16
+
+static unsigned int mode_op; /* AE Mode of operation */
+static unsigned int aead = 0; /* AEAD flag */
+static unsigned char aead_iv[12]; /* For AEAD modes */
+static unsigned char aad[EVP_AEAD_TLS1_AAD_LEN] = { 0xcc };
+static int aead_ivlen = sizeof(aead_iv);
+
typedef struct loopargs_st {
ASYNC_JOB *inprogress_job;
ASYNC_WAIT_CTX *wait_ctx;
@@ -464,6 +472,7 @@ typedef struct loopargs_st {
unsigned char *buf_malloc;
unsigned char *buf2_malloc;
unsigned char *key;
+ unsigned char tag[TAG_LEN];
size_t buflen;
size_t sigsize;
EVP_PKEY_CTX *rsa_sign_ctx[RSA_NUM];
@@ -727,12 +736,8 @@ static int EVP_Update_loop(void *args)
unsigned char *buf = tempargs->buf;
EVP_CIPHER_CTX *ctx = tempargs->ctx;
int outl, count, rc;
- unsigned char faketag[16] = { 0xcc };
if (decrypt) {
- if (EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER) {
- (void)EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(faketag), faketag);
- }
for (count = 0; COND(c[D_EVP][testnum]); count++) {
rc = EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
if (rc != 1) {
@@ -757,74 +762,159 @@ static int EVP_Update_loop(void *args)
}
/*
+ * To make AEAD benchmarking more relevant perform TLS-like operations,
+ * 13-byte AAD followed by payload. But don't use TLS-formatted AAD, as
+ * payload length is not actually limited by 16KB...
* CCM does not support streaming. For the purpose of performance measurement,
* each message is encrypted using the same (key,iv)-pair. Do not use this
* code in your application.
*/
-static int EVP_Update_loop_ccm(void *args)
+static int EVP_Update_loop_aead_enc(void *args)
{
loopargs_t *tempargs = *(loopargs_t **) args;
unsigned char *buf = tempargs->buf;
+ unsigned char *key = tempargs->key;
EVP_CIPHER_CTX *ctx = tempargs->ctx;
- int outl, count;
- unsigned char tag[12];
-
- if (decrypt) {
- for (count = 0; COND(c[D_EVP][testnum]); count++) {
- (void)EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(tag),
- tag);
- /* reset iv */
- (void)EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv);
- /* counter is reset on every update */
- (void)EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
+ int outl, count, realcount = 0;
+
+ for (count = 0; COND(c[D_EVP][testnum]); count++) {
+ /* Set length of iv (Doesn't apply to SIV mode) */
+ if (mode_op != EVP_CIPH_SIV_MODE) {
+ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN,
+ aead_ivlen, NULL)) {
+ BIO_printf(bio_err, "\nFailed to set iv length\n");
+ ERR_print_errors(bio_err);
+ exit(1);
+ }
}
- } else {
- for (count = 0; COND(c[D_EVP][testnum]); count++) {
- /* restore iv length field */
- (void)EVP_EncryptUpdate(ctx, NULL, &outl, NULL, lengths[testnum]);
- /* counter is reset on every update */
- (void)EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
+ /* Set tag_len (Not for GCM/SIV at encryption stage) */
+ if (mode_op != EVP_CIPH_GCM_MODE
+ && mode_op != EVP_CIPH_SIV_MODE) {
+ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
+ TAG_LEN, NULL)) {
+ BIO_printf(bio_err, "\nFailed to set tag length\n");
+ ERR_print_errors(bio_err);
+ exit(1);
+ }
+ }
+ if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, aead_iv, -1)) {
+ BIO_printf(bio_err, "\nFailed to set key and iv\n");
+ ERR_print_errors(bio_err);
+ exit(1);
+ }
+ /* Set total length of input. Only required for CCM */
+ if (mode_op == EVP_CIPH_CCM_MODE) {
+ if (!EVP_EncryptUpdate(ctx, NULL, &outl,
+ NULL, lengths[testnum])) {
+ BIO_printf(bio_err, "\nCouldn't set input text length\n");
+ ERR_print_errors(bio_err);
+ exit(1);
+ }
}
+ if (aead) {
+ if (!EVP_EncryptUpdate(ctx, NULL, &outl, aad, sizeof(aad))) {
+ BIO_printf(bio_err, "\nCouldn't insert AAD when encrypting\n");
+ ERR_print_errors(bio_err);
+ exit(1);
+ }
+ }
+ if (!EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum])) {
+ BIO_printf(bio_err, "\nFailed to encrypt the data\n");
+ ERR_print_errors(bio_err);
+ exit(1);
+ }
+ if (EVP_EncryptFinal_ex(ctx, buf, &outl))
+ realcount++;
}
- if (decrypt)
- (void)EVP_DecryptFinal_ex(ctx, buf, &outl);
- else
- (void)EVP_EncryptFinal_ex(ctx, buf, &outl);
- return count;
+ return realcount;
}
/*
* To make AEAD benchmarking more relevant perform TLS-like operations,
* 13-byte AAD followed by payload. But don't use TLS-formatted AAD, as
* payload length is not actually limited by 16KB...
+ * CCM does not support streaming. For the purpose of performance measurement,
+ * each message is decrypted using the same (key,iv)-pair. Do not use this
+ * code in your application.
+ * For decryption, we will use buf2 to preserve the input text in buf.
*/
-static int EVP_Update_loop_aead(void *args)
+static int EVP_Update_loop_aead_dec(void *args)
{
loopargs_t *tempargs = *(loopargs_t **) args;
unsigned char *buf = tempargs->buf;
+ unsigned char *outbuf = tempargs->buf2;
+ unsigned char *key = tempargs->key;
+ unsigned char tag[TAG_LEN];
EVP_CIPHER_CTX *ctx = tempargs->ctx;
- int outl, count;
- unsigned char aad[13] = { 0xcc };
- unsigned char faketag[16] = { 0xcc };
+ int outl, count, realcount = 0;
+
+ for (count = 0; COND(c[D_EVP][testnum]); count++) {
+ /* Set the length of iv (Doesn't apply to SIV mode) */
+ if (mode_op != EVP_CIPH_SIV_MODE) {
*** 6017 LINES SKIPPED ***