c | 5 +- crypto/openssl/crypto/x509/v3_timespec.c | 4 +- crypto/openssl/crypto/x509/v3_utl.c | 9 +- crypto/openssl/crypto/x509/x509_vfy.c | 7 +- crypto/openssl/crypto/x509/x_pubkey.c | 6 +- crypto/openssl/doc/build.info | 6 + .../doc/internal/man3/OSSL_SAFE_MATH_SIGNED.pod | 4 +- .../internal/man3/ossl_cmp_msg_check_update.pod | 5 +- crypto/openssl/doc/internal/man7/deprecation.pod | 4 +- crypto/openssl/doc/man1/CA.pl.pod | 4 +- crypto/openssl/doc/man1/openssl-ciphers.pod.in | 777 ++++++++++++--------- crypto/openssl/doc/man1/openssl-cmp.pod.in | 10 +- crypto/openssl/doc/man1/openssl-cms.pod.in | 2 +- crypto/openssl/doc/man1/openssl-format-options.pod | 4 +- crypto/openssl/doc/man1/openssl-pkeyutl.pod.in | 4 +- .../doc/man1/openssl-verification-options.pod | 8 +- crypto/openssl/doc/man1/openssl-verify.pod.in | 7 +- crypto/openssl/doc/man3/ADMISSIONS.pod | 4 +- crypto/openssl/doc/man3/BIO_get_data.pod | 11 +- crypto/openssl/doc/man3/BIO_push.pod | 4 +- crypto/openssl/doc/man3/BIO_read.pod | 6 +- crypto/openssl/doc/man3/EVP_EncryptInit.pod | 10 +- crypto/openssl/doc/man3/OPENSSL_malloc.pod | 6 +- crypto/openssl/doc/man3/OSSL_CMP_CTX_new.pod | 11 +- crypto/openssl/doc/man3/OSSL_HPKE_CTX_new.pod | 6 +- crypto/openssl/doc/man3/PKCS5_PBE_keyivgen.pod | 13 +- crypto/openssl/doc/man3/RSA_set_method.pod | 10 +- crypto/openssl/doc/man3/SSL_CONF_cmd.pod | 18 +- crypto/openssl/doc/man3/SSL_CTX_set1_curves.pod | 125 +++- .../doc/man3/SSL_CTX_set_psk_client_callback.pod | 10 +- crypto/openssl/doc/man3/SSL_get_ciphers.pod | 4 +- crypto/openssl/doc/man3/X509V3_EXT_print.pod | 51 ++ crypto/openssl/doc/man3/X509_NAME_print_ex.pod | 7 +- crypto/openssl/doc/man7/EVP_SIGNATURE-DSA.pod | 4 +- crypto/openssl/doc/man7/EVP_SIGNATURE-ECDSA.pod | 4 +- crypto/openssl/doc/man7/EVP_SIGNATURE-ED25519.pod | 4 +- crypto/openssl/doc/man7/EVP_SIGNATURE-HMAC.pod | 4 +- crypto/openssl/doc/man7/EVP_SIGNATURE-ML-DSA.pod | 6 +- crypto/openssl/doc/man7/EVP_SIGNATURE-RSA.pod | 4 +- crypto/openssl/doc/man7/EVP_SIGNATURE-SLH-DSA.pod | 4 +- crypto/openssl/doc/man7/openssl-env.pod | 9 +- .../doc/man7/ossl-guide-tls-introduction.pod | 4 +- crypto/openssl/doc/man7/property.pod | 34 +- crypto/openssl/doc/man7/provider-base.pod | 5 +- .../openssl/exporters/cmake/OpenSSLConfig.cmake.in | 1 + .../exporters/cmake/OpenSSLConfigVersion.cmake.in | 1 + .../openssl/exporters/pkg-config/libcrypto.pc.in | 1 + crypto/openssl/exporters/pkg-config/libssl.pc.in | 1 + crypto/openssl/exporters/pkg-config/openssl.pc.in | 1 + .../perl/Text-Template-1.56/lib/Text/Template.pm | 4 +- .../lib/Text/Template/Preprocess.pm | 4 +- crypto/openssl/include/crypto/aes_platform.h | 4 +- crypto/openssl/include/crypto/evp.h | 24 +- crypto/openssl/include/crypto/httperr.h | 2 +- crypto/openssl/include/crypto/sparc_arch.h | 14 +- crypto/openssl/include/crypto/sparse_array.h | 4 +- crypto/openssl/include/internal/time.h | 72 +- crypto/openssl/include/openssl/cmp.h.in | 4 +- crypto/openssl/include/openssl/core_dispatch.h | 34 +- crypto/openssl/include/openssl/httperr.h | 3 +- crypto/openssl/include/openssl/macros.h | 3 +- crypto/openssl/include/openssl/rsa.h | 6 +- crypto/openssl/include/openssl/types.h | 4 +- crypto/openssl/providers/fips-sources.checksums | 96 +-- crypto/openssl/providers/fips.checksum | 2 +- crypto/openssl/providers/fips/self_test.c | 4 +- crypto/openssl/providers/fips/self_test_kats.c | 11 +- .../ciphers/cipher_aes_gcm_hw_ppc.inc | 8 +- .../implementations/ciphers/cipher_aes_ocb.c | 4 +- .../implementations/ciphers/ciphercommon.c | 6 +- .../include/prov/ciphercommon_ccm.h | 16 +- .../include/prov/ciphercommon_gcm.h | 14 +- .../providers/implementations/kdfs/pkcs12kdf.c | 11 +- .../providers/implementations/kem/rsa_kem.c | 22 +- .../implementations/keymgmt/ml_kem_kmgmt.c | 4 +- .../providers/implementations/rands/drbg_hmac.c | 4 +- .../providers/implementations/signature/dsa_sig.c | 36 +- .../implementations/signature/ecdsa_sig.c | 47 +- .../providers/implementations/signature/sm2_sig.c | 10 +- .../implementations/storemgmt/file_store.c | 11 +- .../implementations/storemgmt/winstore_store.c | 6 +- crypto/openssl/ssl/quic/quic_impl.c | 47 +- crypto/openssl/ssl/quic/quic_lcidm.c | 14 +- crypto/openssl/ssl/quic/quic_reactor.c | 6 + crypto/openssl/ssl/quic/quic_rx_depack.c | 3 +- crypto/openssl/ssl/quic/quic_srtm.c | 7 +- crypto/openssl/ssl/quic/quic_stream_map.c | 3 +- crypto/openssl/ssl/quic/uint_set.c | 4 +- crypto/openssl/ssl/record/methods/tls_common.c | 17 +- crypto/openssl/ssl/s3_lib.c | 6 +- crypto/openssl/ssl/ssl_asn1.c | 4 +- crypto/openssl/ssl/ssl_lib.c | 22 +- crypto/openssl/ssl/ssl_sess.c | 4 +- crypto/openssl/ssl/statem/statem_dtls.c | 8 +- crypto/openssl/ssl/t1_lib.c | 96 +-- crypto/openssl/test/README-external.md | 2 +- crypto/openssl/test/asn1_decode_test.c | 14 +- crypto/openssl/test/asn1_encode_test.c | 14 +- crypto/openssl/test/asn1_internal_test.c | 20 +- crypto/openssl/test/bntest.c | 49 +- crypto/openssl/test/certs/cve-2026-28388-ca.pem | 19 + crypto/openssl/test/certs/cve-2026-28388-crls.pem | 22 + crypto/openssl/test/certs/cve-2026-28388-leaf.pem | 19 + .../ext-timeSpecification-periodic-no-second.pem | 14 + crypto/openssl/test/certs/mkcert.sh | 4 +- crypto/openssl/test/cmp_client_test.c | 75 +- crypto/openssl/test/evp_extra_test.c | 110 ++- crypto/openssl/test/evp_test.c | 4 +- crypto/openssl/test/fake_rsaprov.c | 5 +- crypto/openssl/test/http_test.c | 22 +- crypto/openssl/test/ossl_store_test.c | 9 +- crypto/openssl/test/pkcs12_api_test.c | 32 +- crypto/openssl/test/quicapitest.c | 10 +- .../openssl/test/recipes/10-test_bn_data/bnmod.txt | 10 +- crypto/openssl/test/recipes/25-test_verify.t | 16 +- crypto/openssl/test/recipes/25-test_x509.t | 10 +- .../openssl/test/recipes/61-test_bio_readbuffer.t | 8 +- .../80-test_cmp_http_data/test_commands.csv | 3 +- crypto/openssl/test/recipes/80-test_cms.t | 47 +- .../test/recipes/80-test_cms_data/dh-cert.pem | 31 + .../test/recipes/80-test_cms_data/dh-key.pem | 15 + .../test/recipes/80-test_cms_data/dh-malformed.der | Bin 0 -> 558 bytes .../test/recipes/80-test_cms_data/ecdh-cert.pem | 10 + .../test/recipes/80-test_cms_data/ecdh-key.pem | 5 + .../recipes/80-test_cms_data/ecdh-malformed.der | Bin 0 -> 275 bytes .../recipes/80-test_cms_data/rsa-malformed.der | Bin 0 -> 526 bytes crypto/openssl/test/recipes/80-test_ocsp.t | 16 +- crypto/openssl/test/sslapitest.c | 98 ++- crypto/openssl/test/tls-provider.c | 5 +- crypto/openssl/test/tls13groupselection_test.c | 39 +- crypto/openssl/util/checkplatformsyms.pl | 40 +- crypto/openssl/util/missingcrypto.txt | 2 - crypto/openssl/util/mkerr.pl | 77 +- crypto/openssl/util/mkinstallvars.pl | 5 +- .../util/platform_symbols/windows-symbols.txt | 339 ++++----- crypto/openssl/util/wrap.pl.in | 1 + 256 files changed, 3690 insertions(+), 2012 deletions(-) diff --cc crypto/openssl/CONTRIBUTING.md index 09416095e64d,000000000000..06dfbaeff1fe mode 100644,000000..100644 --- a/crypto/openssl/CONTRIBUTING.md +++ b/crypto/openssl/CONTRIBUTING.md @@@ -1,112 -1,0 +1,124 @@@ +HOW TO CONTRIBUTE TO OpenSSL +============================ + +Please visit our [Getting Started] page for other ideas about how to contribute. + + [Getting Started]: + +Development is done on GitHub in the [openssl/openssl] repository. + + [openssl/openssl]: + +To request a new feature, ask a question, or report a bug, +please open an [issue on GitHub](https://github.com/openssl/openssl/issues). + +To submit a patch or implement a new feature, please open a +[pull request on GitHub](https://github.com/openssl/openssl/pulls). +If you are thinking of making a large contribution, +open an issue for it before starting work, to get comments from the community. +Someone may be already working on the same thing, +or there may be special reasons why a feature is not implemented. + +Similarly, if you plan to submit many pull requests, please start with +a representative sample (no more than 3 or 4) and open an issue +explaining your process. The OpenSSL project has limited resources, +especially when it comes to reviewers, so we appreciate advanced +communication before submitting many pull requests. In addition, +contributors should personally evaluate potential patches generated by +automated tools. + ++Provide a clear description of the issue or feature being addressed, ++including any relevant implementation details and, for performance ++improvements, benchmark results. ++ ++Pull requests and commits should be self-contained, enabling readers to ++understand what changed and why without needing to reference related ++issues or having prior knowledge. Commit messages should include all ++relevant details to help future contributors follow the git history, ++with clear explanations of what is changing and why. Long descriptions ++are encouraged if they aid understanding. Commit message titles (their ++first line) should be kept to 50-70 characters if possible. ++ +To make it easier to review and accept your pull request, please follow these +guidelines: + + 1. Anything other than a trivial contribution requires a [Contributor + License Agreement] (CLA), giving us permission to use your code. + If your contribution is too small to require a CLA (e.g., fixing a spelling + mistake), then place the text "`CLA: trivial`" on a line by itself below + the rest of your commit message separated by an empty line, like this: + + ``` + One-line summary of trivial change + + Optional main body of commit message. It might contain a sentence + or two explaining the trivial change. + + CLA: trivial + ``` + + It is not sufficient to only place the text "`CLA: trivial`" in the GitHub + pull request description. + + [Contributor License Agreement]: + + To amend a missing "`CLA: trivial`" line after submission, do the following: + + ``` + git commit --amend + # add the line, save and quit the editor + git push -f [ []] + ``` + + 2. All source files should start with the following text (with + appropriate comment characters at the start of each line and the + year(s) updated): + + ``` + Copyright 20xx-20yy The OpenSSL Project Authors. All Rights Reserved. + + Licensed under the Apache License 2.0 (the "License"). You may not use + this file except in compliance with the License. You can obtain a copy + in the file LICENSE in the source distribution or at + https://www.openssl.org/source/license.html + ``` + + 3. Patches should be as current as possible; expect to have to rebase + often. We do not accept merge commits, you will have to remove them + (usually by rebasing) before it will be acceptable. + + 4. Code provided should follow our [coding style] and [documentation policy] + and compile without warnings. + There is a [Perl tool](util/check-format.pl) that helps + finding code formatting mistakes and other coding style nits. + Where `gcc` or `clang` is available, you should use the + `--strict-warnings` `Configure` option. OpenSSL compiles on many varied + platforms: try to ensure you only use portable features. + Clean builds via GitHub Actions are required. They are started automatically + whenever a PR is created or updated by committers. + + [coding style]: https://openssl-library.org/policies/technical/coding-style/ + [documentation policy]: https://openssl-library.org/policies/technical/documentation-policy/ + + 5. When at all possible, code contributions should include tests. These can + either be added to an existing test, or completely new. Please see + [test/README.md](test/README.md) for information on the test framework. + + 6. New features or changed functionality must include + documentation. Please look at the `.pod` files in `doc/man[1357]` for + examples of our style. Run `make doc-nits` to make sure that your + documentation changes are clean. + + 7. For user visible changes (API changes, behaviour changes, ...), + consider adding a note in [CHANGES.md](CHANGES.md). + This could be a summarising description of the change, and could + explain the grander details. + Have a look through existing entries for inspiration. + Please note that this is NOT simply a copy of git-log one-liners. + Also note that security fixes get an entry in [CHANGES.md](CHANGES.md). + This file helps users get more in-depth information of what comes + with a specific release without having to sift through the higher + noise ratio in git-log. + + 8. Guidelines on how to integrate error output of new crypto library modules + can be found in [crypto/err/README.md](crypto/err/README.md). diff --cc crypto/openssl/crypto/bn/asm/armv4-gf2m.pl index 5733a0174660,923e6d4464d2..923e6d4464d2 mode 100755,100644..100755 --- a/crypto/openssl/crypto/bn/asm/armv4-gf2m.pl +++ b/crypto/openssl/crypto/bn/asm/armv4-gf2m.pl diff --cc crypto/openssl/crypto/bn/asm/sparcv9-mont.pl index fe51fcaf81c7,d438af562648..d438af562648 mode 100755,100644..100755 --- a/crypto/openssl/crypto/bn/asm/sparcv9-mont.pl +++ b/crypto/openssl/crypto/bn/asm/sparcv9-mont.pl diff --cc crypto/openssl/crypto/modes/asm/ghash-armv4.pl index 044f86f143f9,4ab6d8cb2b42..4ab6d8cb2b42 mode 100755,100644..100755 --- a/crypto/openssl/crypto/modes/asm/ghash-armv4.pl +++ b/crypto/openssl/crypto/modes/asm/ghash-armv4.pl diff --cc crypto/openssl/doc/man3/X509V3_EXT_print.pod index 000000000000,0727d35f88e5..0727d35f88e5 mode 000000,100644..100644 --- a/crypto/openssl/doc/man3/X509V3_EXT_print.pod +++ b/crypto/openssl/doc/man3/X509V3_EXT_print.pod diff --cc crypto/openssl/test/certs/cve-2026-28388-ca.pem index 000000000000,9e36d11c4b4b..9e36d11c4b4b mode 000000,100644..100644 --- a/crypto/openssl/test/certs/cve-2026-28388-ca.pem +++ b/crypto/openssl/test/certs/cve-2026-28388-ca.pem diff --cc crypto/openssl/test/certs/cve-2026-28388-crls.pem index 000000000000,46cbd7876dcd..46cbd7876dcd mode 000000,100644..100644 --- a/crypto/openssl/test/certs/cve-2026-28388-crls.pem +++ b/crypto/openssl/test/certs/cve-2026-28388-crls.pem diff --cc crypto/openssl/test/certs/cve-2026-28388-leaf.pem index 000000000000,02b22997cdd8..02b22997cdd8 mode 000000,100644..100644 --- a/crypto/openssl/test/certs/cve-2026-28388-leaf.pem +++ b/crypto/openssl/test/certs/cve-2026-28388-leaf.pem diff --cc crypto/openssl/test/certs/ext-timeSpecification-periodic-no-second.pem index 000000000000,9b23ddbb162c..9b23ddbb162c mode 000000,100644..100644 --- a/crypto/openssl/test/certs/ext-timeSpecification-periodic-no-second.pem +++ b/crypto/openssl/test/certs/ext-timeSpecification-periodic-no-second.pem diff --cc crypto/openssl/test/recipes/80-test_cms_data/dh-cert.pem index 000000000000,f5fb90b9009b..f5fb90b9009b mode 000000,100644..100644 --- a/crypto/openssl/test/recipes/80-test_cms_data/dh-cert.pem +++ b/crypto/openssl/test/recipes/80-test_cms_data/dh-cert.pem diff --cc crypto/openssl/test/recipes/80-test_cms_data/dh-key.pem index 000000000000,16010785214e..16010785214e mode 000000,100644..100644 --- a/crypto/openssl/test/recipes/80-test_cms_data/dh-key.pem +++ b/crypto/openssl/test/recipes/80-test_cms_data/dh-key.pem diff --cc crypto/openssl/test/recipes/80-test_cms_data/dh-malformed.der index 000000000000,20a5ed84bde9..20a5ed84bde9 mode 000000,100644..100644 Binary files differ diff --cc crypto/openssl/test/recipes/80-test_cms_data/ecdh-cert.pem index 000000000000,3a0ab6624ca2..3a0ab6624ca2 mode 000000,100644..100644 --- a/crypto/openssl/test/recipes/80-test_cms_data/ecdh-cert.pem +++ b/crypto/openssl/test/recipes/80-test_cms_data/ecdh-cert.pem diff --cc crypto/openssl/test/recipes/80-test_cms_data/ecdh-key.pem index 000000000000,ef9488b3c516..ef9488b3c516 mode 000000,100644..100644 --- a/crypto/openssl/test/recipes/80-test_cms_data/ecdh-key.pem +++ b/crypto/openssl/test/recipes/80-test_cms_data/ecdh-key.pem diff --cc crypto/openssl/test/recipes/80-test_cms_data/ecdh-malformed.der index 000000000000,14ddc1dea290..14ddc1dea290 mode 000000,100644..100644 Binary files differ diff --cc crypto/openssl/test/recipes/80-test_cms_data/rsa-malformed.der index 000000000000,4182a465ce79..4182a465ce79 mode 000000,100644..100644 Binary files differ