Squashed 'openssl/' changes from 0893a623535..c4da9ac23de

c4da9ac23de Prepare for release of 3.5.3
9dc1518642e make update
c836d8f2b11 Copyright year updates
9a267ece9ba CHANGES.md, NEWS.md: update for 3.5.3
5cc789333c1 Test failure of rsa_encrypt when buffer too short
0b776b5fcfa Harden RSA public encrypt
9b14e143464 OSSL_CALLBACK.pod: add missing info on required return values of callback functions
2fbe8461466 doc: Add missing commas
0369c2e8b5e Add one more trace message to the torture_rcu_high test
ae09a87326d doc/man3/RAND_load_file.pod: RAND_load_file on non-regular files with bytes=-1
c8d905b56c8 crypto/rand/randfile.c: avoid signed integer overflow in RAND_load_file
322be75a18a Make the Unix build process more repeatable
ecdcc7ba285 openssl-enc.pod.in: We actually use PKCS#7 padding
f7f31c45f33 RISC-V: Use address for vlenb CSR
cd31b027a8c Add a helper function to delete the extension list
1a43e10eb26 Clear the extension list when removing the last extension
56011947556 Fix typo in BN_generate_prime docs
e7056b53318 doc: Update documentation of SSL_CTX_set_dh_auto()
55f8bb10132 docs: Be case specific with links to man headers
2e5885d9737 apps: remove chopup_args()
9d8107751c6 hmac: stop using secure memory for the HMAC key
d3dd2c8612d demos/certs: properly handle "$@"
8b690e28182 apps/ocsp.c: avoid using NULL resp
7766151ad16 crypto/x509/t_req.c: avoid exts leaking on error paths
676fbb064a7 test/radix/quic_bindings.c: move locking after child_script_info assignment
fd44a134fdd doc/man1/openssl-enc.pod.in: document 'k' handling for -bufsize
96fa1f32840 apps/enc.c: avoid signed integer overflow on bufsize assignment
f89c3756dc7 slh-dsa: omit test of import PCT
8f395d322b3 import pct: remove import PCTs for most algorithms
a912c48f388 Add missing unlock to ossl_provider_new
e551da690cc Update news and changes for the 3.5.3 release
7e9498b5c7f X509_VERIFY_PARAM_get0(): add check to defend on out-of-bound table access
c9ec0346e15 FIPS: Don't allow SHA512-224 and SHA512-256 for ECDSA/DSA signatures
1d30a87dbfd slh-dsa: enter FIPS error state if pairwise test fails
b7602f10a86 Document the OSSL_SELF_TEST_TYPE_PCT_IMPORT failure state
017a65c59bc ml-kem: convert to transient error state on import failure in FIPS provider
5baef020830 ml-dsa: convert to transient error state on import failure in FIPS provider
119a7f4d808 ecx: convert to transient error state on import failure in FIPS provider
38cfb38a661 ec: convert to transient error state on import failure in FIPS provider
d923468e475 dh: convert to transient error state on import failure in FIPS provider
ee5a29b6756 rsa: convert to transient error state on import failure in FIPS provider
d4dfefef6ab Add OSSL_SELF_TEST_TYPE_PCT_IMPORT transient error state
a6747a8b443 add new error
2ead3ab8ca7 slh-dsa: add a PCT for key import when in FIPS mode
512f1ffd53a NOTES-WINDOWS.md: correct the Windows context macro name
b6ff32f7461 doc: Fix function name in example code
c744216296d aes-s390x.pl: Initialize reserved and unused memory
0798de99fa2 doc/man3/SSL_poll.pod: mention SSL_POLL_EVENT_{EL,IC} in SYNOPSIS
a2eea2926ef Fix: Add free to avoid memory leak.
71e7f4eceab Correct fixed cert validity end date in oqsprovider testing
fcbd13d843a dh: add FIPS 140-3 PCT on key generation
0163c6ad1f7 Fix null pointer check in pkey_dh_derive to ensure both keys are set
7e8d78d5795 Fix: Check for wrong object. The converted sc should be checked instead of the original s
f86e7107ab5 Fix reallocation failure condition in qtx_resize_txe()
65c1c7e6aac Make error checks on RSA_public_decrypt() consistent
cabfbebbd60 Fix a race in by_store_subject
59057effd4f Add a test for accessing an X509_STORE from multiple threads
c4c92f3e8af Don't keep the store open in by_store_ctrl_ex
efa495c92b6 fips: upgrade self-test KATs to reduce SHA-1/SHA-224 usage
a7f52c976c8 Test setting a client to send a key share not allowed in TLSv1.3
610cc1e7ad1 Fail immediately if we have no key shares to send
ffacc17def6 BIO_dgram: Fix BIO_CTRL_DGRAM_QUERY_MTU for IPv4-mapped IPv6 addresses
4376c9571a3 d2i_X509.pod: add missing doc of return value of i2d_ASN1_bio_stream()
e4c515833d5 fix asn1_write_micalg() in asn_mime.c on GostR3411 and SHAKE
3c7812decde apps/cms.c: add missing error message on error writing CMS output (ret == 6)
eea39c1a811 test/ml_kem_internal_test.c: Add EVP_MD_free() in the error path to avoid memory leak
7ba09090bca Add CRYPTO_FREE_REF to ossl_quic_free_token_store
ec5f97a4f1d Add test coverage for PKCS7_TEXT mode
f3b0e8a5180 DH private key size was one bit too large
229bc343130 Correct the synthetisized OPENSSL_VERSION_NUMBER
f2adaa2b60d Remove OSSL_CRYPTO_ALLOC attribute from CRYPTO_*dup routines
85f39c62f59 Add NULL check
5c8a3e06c97 Fix SKEYMGMT enumeration, add tests
71f3205fe4a doc/man3/SSL_CTX_set_domain_flags: fix version in HISTORY section
2ff0180e6b3 test/sanitytest.c: fix setitimer usage in timer disarmament
cf3a4bf1075 Fix memory leak on EVP_CIPHER_param_to_asn1 failure
a0ce39d9fd6 Fix RSA key size validation in EVP_PKEY_RSA_keygen demo
c3572c5f809 crypto/sleep.c: avoid returning early due to signal
0fa07898e1e Ensure that the largest_pn values are migrated to our channel qrx
5cedd0e22d9 quic_channel: Handle HRR and the second transport params extension
6d2772822c0 quicapitest: Check if we can handle HRR
17a20fdcfa4 ssl/quic/quic_channel.c: Fix endianness of supported versions from received version negotiation packets
d4ab1630908 ssl/quic/quic_port.c: Fix endianness of supported versions in sent version negotiation packets
4fb6c93b93f Prepare for 3.5.3

git-subtree-dir: openssl
git-subtree-split: c4da9ac23de497ce039a102e6715381047899447

Author: Futaura

CHANGES.md

@@ -28,6 +28,56 @@ OpenSSL Releases
 OpenSSL 3.5
 -----------
 
+### Changes between 3.5.2 and 3.5.3 [16 Sep 2025]
+
+ * Avoided a potential race condition introduced in 3.5.1, where
+   `OSSL_STORE_CTX` kept open during lookup while potentially being used
+   by multiple threads simultaneously, that could lead to potential crashes
+   when multiple concurrent TLS connections are served.
+
+   *Matt Caswell*
+
+ * The FIPS provider no longer performs a PCT on key import for RSA, DH,
+   and EC keys (that was introduced in 3.5.2), following the latest update
+   on that requirement in FIPS 140-3 IG 10.3.A additional comment 1.
+
+   *Dr Paul Dale*
+
+ * Secure memory allocation calls are no longer used for HMAC keys.
+
+   *Dr Paul Dale*
+
+ * `openssl req` no longer generates certificates with an empty extension list
+   when SKID/AKID are set to `none` during generation.
+
+   *David Benjamin*
+
+ * The man page date is now derived from the release date provided
+   in `VERSION.dat` and not the current date for the released builds.
+
+   *Enji Cooper*
+
+ * Hardened the provider implementation of the RSA public key "encrypt"
+   operation to add a missing check that the caller-indicated output buffer
+   size is at least as large as the byte count of the RSA modulus.  The issue
+   was reported by Arash Ale Ebrahim from SYSPWN.
+
+   This operation is typically invoked via `EVP_PKEY_encrypt(3)`.  Callers that
+   in fact provide a sufficiently large buffer, but fail to correctly indicate
+   its size may now encounter unexpected errors.  In applications that attempt
+   RSA public encryption into a buffer that is too small, an out-of-bounds
+   write is now avoided and an error is reported instead.
+
+   *Viktor Dukhovni*
+
+ * Added FIPS 140-3 PCT on DH key generation.
+
+   *Nikola Pajkovsky*
+
+ * Fixed the synthesised `OPENSSL_VERSION_NUMBER`.
+
+   *Richard Levitte*
+
 ### Changes between 3.5.1 and 3.5.2 [5 Aug 2025]
 
  * The FIPS provider now performs a PCT on key import for RSA, EC and ECX.

Configurations/unix-Makefile.tmpl

@@ -3,6 +3,8 @@
 ##
 ## {- join("\n## ", @autowarntext) -}
 {-
+     use Time::Piece;
+
      use OpenSSL::Util;
 
      our $makedep_scheme = $config{makedep_scheme};
@@ -74,6 +76,15 @@ FIPSKEY={- $config{FIPSKEY} -}
 
 VERSION={- "$config{full_version}" -}
 VERSION_NUMBER={- "$config{version}" -}
+RELEASE_DATE={- my $t = localtime;
+		if ($config{"release_date"}) {
+			# Provide the user with a more meaningful error message
+			# than the default internal parsing error from
+			# `Time::Piece->strptime(..)`.
+			eval { $t = Time::Piece->strptime($config{"release_date"}, "%d %b %Y"); } ||
+				die "Parsing \$config{release_date} ('$config{release_date}') failed: $@";
+		}
+		$t->strftime("%Y-%m-%d") -}
 MAJOR={- $config{major} -}
 MINOR={- $config{minor} -}
 SHLIB_VERSION_NUMBER={- $config{shlib_version} -}
@@ -1565,7 +1576,8 @@ EOF
           return <<"EOF";
 $args{src}: $pod
 	pod2man --name=$name --section=$section\$(MANSUFFIX) --center=OpenSSL \\
-		--release=\$(VERSION) $pod >\$\@
+		--date=\$(RELEASE_DATE) --release=\$(VERSION) \\
+		$pod >\$\@
 EOF
       } elsif (platform->isdef($args{src})) {
           #

NEWS.md

@@ -23,6 +23,16 @@ OpenSSL Releases
 OpenSSL 3.5
 -----------
 
+### Major changes between OpenSSL 3.5.2 and OpenSSL 3.5.3 [16 Sep 2025]
+
+  * Added FIPS 140-3 PCT on DH key generation.
+
+    *Nikola Pajkovsky*
+
+  * Fixed the synthesised `OPENSSL_VERSION_NUMBER`.
+
+    *Richard Levitte*
+
 ### Major changes between OpenSSL 3.5.1 and OpenSSL 3.5.2 [5 Aug 2025]
 
   * none

NOTES-WINDOWS.md

@@ -125,7 +125,7 @@ format:
 `\\HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432node\OpenSSL-<version>-<ctx>`
 
 Where `<version>` is the major.minor version of the library being
-built, and `<ctx>` is the value specified by `-DOPENSSL_WINCTX`.  This allows
+built, and `<ctx>` is the value specified by `-DOSSL_WINCTX`.  This allows
 for multiple openssl builds to be created and installed on a single system, in
 which each library can use its own set of registry keys.
 

VERSION.dat

@@ -1,7 +1,7 @@
 MAJOR=3
 MINOR=5
-PATCH=2
+PATCH=3
 PRE_RELEASE_TAG=
 BUILD_METADATA=
-RELEASE_DATE="5 Aug 2025"
+RELEASE_DATE="16 Sep 2025"
 SHLIB_VERSION=3

apps/cms.c

@@ -1280,6 +1280,7 @@ int cms_main(int argc, char **argv)
             goto end;
         }
         if (ret <= 0) {
+            BIO_printf(bio_err, "Error writing CMS output\n");
             ret = 6;
             goto end;
         }

apps/enc.c

@@ -260,6 +260,8 @@ int enc_main(int argc, char **argv)
                 goto opthelp;
             if (k)
                 n *= 1024;
+            if (n > INT_MAX)
+                goto opthelp;
             bsize = (int)n;
             break;
         case OPT_K:

apps/include/apps.h

@@ -103,7 +103,6 @@ int wrap_password_callback(char *buf, int bufsiz, int verify, void *cb_data);
 /* progress callback for dsaparam, dhparam, req, genpkey, etc. */
 int progress_cb(EVP_PKEY_CTX *ctx);
 
-int chopup_args(ARGS *arg, char *buf);
 void dump_cert_text(BIO *out, X509 *x);
 void print_name(BIO *out, const char *title, const X509_NAME *nm);
 void print_bignum_var(BIO *, const BIGNUM *, const char *,

apps/lib/apps.c

@@ -83,55 +83,6 @@ static int set_multi_opts(unsigned long *flags, const char *arg,
                           const NAME_EX_TBL *in_tbl);
 int app_init(long mesgwin);
 
-int chopup_args(ARGS *arg, char *buf)
-{
-    int quoted;
-    char c = '\0', *p = NULL;
-
-    arg->argc = 0;
-    if (arg->size == 0) {
-        arg->size = 20;
-        arg->argv = app_malloc(sizeof(*arg->argv) * arg->size, "argv space");
-    }
-
-    for (p = buf;;) {
-        /* Skip whitespace. */
-        while (*p && isspace(_UC(*p)))
-            p++;
-        if (*p == '\0')
-            break;
-
-        /* The start of something good :-) */
-        if (arg->argc >= arg->size) {
-            char **tmp;
-
-            arg->size += 20;
-            tmp = OPENSSL_realloc(arg->argv, sizeof(*arg->argv) * arg->size);
-            if (tmp == NULL)
-                return 0;
-            arg->argv = tmp;
-        }
-        quoted = *p == '\'' || *p == '"';
-        if (quoted)
-            c = *p++;
-        arg->argv[arg->argc++] = p;
-
-        /* now look for the end of this */
-        if (quoted) {
-            while (*p && *p != c)
-                p++;
-            *p++ = '\0';
-        } else {
-            while (*p && !isspace(_UC(*p)))
-                p++;
-            if (*p)
-                *p++ = '\0';
-        }
-    }
-    arg->argv[arg->argc] = NULL;
-    return 1;
-}
-
 #ifndef APP_INIT
 int app_init(long mesgwin)
 {

apps/ocsp.c

@@ -662,7 +662,8 @@ int ocsp_main(int argc, char **argv)
                 resp =
                     OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST,
                                          NULL);
-                send_ocsp_response(cbio, resp);
+                if (resp != NULL)
+                    send_ocsp_response(cbio, resp);
             }
             goto done_resp;
         }
@@ -764,16 +765,18 @@ int ocsp_main(int argc, char **argv)
         BIO_free(derbio);
     }
 
-    i = OCSP_response_status(resp);
-    if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
-        BIO_printf(out, "Responder Error: %s (%d)\n",
-                   OCSP_response_status_str(i), i);
-        if (!ignore_err)
+    if (resp != NULL) {
+        i = OCSP_response_status(resp);
+        if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
+            BIO_printf(out, "Responder Error: %s (%d)\n",
+                       OCSP_response_status_str(i), i);
+            if (!ignore_err)
                 goto end;
-    }
+        }
 
-    if (resp_text)
-        OCSP_RESPONSE_print(out, resp, 0);
+        if (resp_text)
+            OCSP_RESPONSE_print(out, resp, 0);
+    }
 
     /* If running as responder don't verify our own response */
     if (cbio != NULL) {