diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 596a82a560a72c9440906d911bc71525577d0a68..6c89c650961dc3e6bd139237baaaf2981ec36a7b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -83,6 +83,10 @@ jobs: run: CC=gcc ./config --banner=Configured enable-fips enable-quic --strict-warnings && perl configdata.pm --dump - name: make run: make -s -j4 + - name: get cpu info + run: | + cat /proc/cpuinfo + ./util/opensslwrap.sh version -c - name: make test run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} @@ -96,6 +100,10 @@ jobs: run: CC=clang ./config --banner=Configured no-fips --strict-warnings && perl configdata.pm --dump - name: make run: make -s -j4 + - name: get cpu info + run: | + cat /proc/cpuinfo + ./util/opensslwrap.sh version -c - name: make test run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} @@ -109,6 +117,10 @@ jobs: run: ./config --banner=Configured --strict-warnings no-bulk no-pic no-asm -DOPENSSL_NO_SECURE_MEMORY -DOPENSSL_SMALL_FOOTPRINT && perl configdata.pm --dump - name: make run: make -j4 # verbose, so no -s here + - name: get cpu info + run: | + cat /proc/cpuinfo + ./util/opensslwrap.sh version -c - name: make test run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} @@ -122,6 +134,10 @@ jobs: run: ./config --banner=Configured --strict-warnings no-deprecated enable-fips && perl configdata.pm --dump - name: make run: make -s -j4 + - name: get cpu info + run: | + cat /proc/cpuinfo + ./util/opensslwrap.sh version -c - name: make test run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} @@ -138,6 +154,8 @@ jobs: run: ./config --banner=Configured --strict-warnings no-shared no-fips && perl configdata.pm --dump - name: make run: make -s -j4 + - name: get cpu info + run: ./util/opensslwrap.sh version -c - name: make test run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} @@ -151,6 +169,10 @@ jobs: run: ./config --banner=Configured --debug enable-asan enable-ubsan no-cached-fetch no-fips no-dtls no-tls1 no-tls1-method no-tls1_1 no-tls1_1-method no-async && perl configdata.pm --dump - name: make run: make -s -j4 + - name: get cpu info + run: | + cat /proc/cpuinfo + ./util/opensslwrap.sh version -c - name: make test run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0 TESTS="-test_fuzz* -test_ssl_* -test_sslapi -test_evp -test_cmp_http -test_verify -test_cms -test_store -test_enc -[01][0-9]" @@ -164,6 +186,10 @@ jobs: run: ./config --banner=Configured --debug enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION && perl configdata.pm --dump - name: make run: make -s -j4 + - name: get cpu info + run: | + cat /proc/cpuinfo + ./util/opensslwrap.sh version -c - name: make test run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0 @@ -178,6 +204,10 @@ jobs: run: CC=clang ./config --banner=Configured --debug -O1 -fsanitize=memory -DOSSL_SANITIZE_MEMORY -fno-optimize-sibling-calls enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips && perl configdata.pm --dump - name: make run: make -s -j4 + - name: get cpu info + run: | + cat /proc/cpuinfo + ./util/opensslwrap.sh version -c - name: make test run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0 @@ -191,6 +221,10 @@ jobs: run: CC=clang ./config --banner=Configured no-fips --strict-warnings -fsanitize=thread && perl configdata.pm --dump - name: make run: make -s -j4 + - name: get cpu info + run: | + cat /proc/cpuinfo + ./util/opensslwrap.sh version -c - name: make test run: make V=1 TESTS="test_threads test_internal_provider test_provfetch test_provider test_pbe test_evp_kdf test_pkcs12 test_store test_evp test_quic*" test HARNESS_JOBS=${HARNESS_JOBS:-4} @@ -206,6 +240,10 @@ jobs: run: ./config --banner=Configured --strict-warnings no-ec enable-ssl-trace enable-zlib enable-zlib-dynamic enable-crypto-mdebug enable-crypto-mdebug-backtrace enable-egd enable-ktls enable-fips no-threads && perl configdata.pm --dump - name: make run: make -s -j4 + - name: get cpu info + run: | + cat /proc/cpuinfo + ./util/opensslwrap.sh version -c - name: make test run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} @@ -221,6 +259,10 @@ jobs: run: ./config --banner=Configured --strict-warnings enable-ktls enable-fips && perl configdata.pm --dump - name: make run: make -s -j4 + - name: get cpu info + run: | + cat /proc/cpuinfo + ./util/opensslwrap.sh version -c - name: make test run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} @@ -239,6 +281,10 @@ jobs: run: ./config enable-comp enable-brotli enable-brotli-dynamic && perl configdata.pm --dump - name: make run: make -s -j4 + - name: get cpu info + run: | + cat /proc/cpuinfo + ./util/opensslwrap.sh version -c - name: make test run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} @@ -257,6 +303,10 @@ jobs: run: ./config enable-comp enable-zstd enable-zstd-dynamic && perl configdata.pm --dump - name: make run: make -s -j4 + - name: get cpu info + run: | + cat /proc/cpuinfo + ./util/opensslwrap.sh version -c - name: make test run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} @@ -276,6 +326,10 @@ jobs: run: ./config enable-comp enable-brotli enable-brotli-dynamic enable-zstd enable-zstd-dynamic && perl configdata.pm --dump - name: make run: make -s -j4 + - name: get cpu info + run: | + cat /proc/cpuinfo + ./util/opensslwrap.sh version -c - name: make test run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} @@ -294,6 +348,10 @@ jobs: run: ./config --banner=Configured --debug enable-asan enable-ubsan enable-comp enable-brotli -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -DPEDANTIC && perl configdata.pm --dump - name: make run: make -s -j4 + - name: get cpu info + run: | + cat /proc/cpuinfo + ./util/opensslwrap.sh version -c - name: make test run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0 @@ -312,6 +370,10 @@ jobs: run: ./config --banner=Configured --debug enable-asan enable-ubsan enable-comp enable-zstd -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -DPEDANTIC && perl configdata.pm --dump - name: make run: make -s -j4 + - name: get cpu info + run: | + cat /proc/cpuinfo + ./util/opensslwrap.sh version -c - name: make test run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0 @@ -325,6 +387,10 @@ jobs: run: ./config --banner=Configured --strict-warnings no-legacy enable-fips && perl configdata.pm --dump - name: make run: make -s -j4 + - name: get cpu info + run: | + cat /proc/cpuinfo + ./util/opensslwrap.sh version -c - name: make test run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} @@ -338,6 +404,10 @@ jobs: run: ./config --banner=Configured -Werror --debug no-afalgeng no-shared enable-crypto-mdebug enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-fips && perl configdata.pm --dump - name: make run: make -s -j4 + - name: get cpu info + run: | + cat /proc/cpuinfo + ./util/opensslwrap.sh version -c - name: make test run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} @@ -354,6 +424,8 @@ jobs: run: CC=gcc ./config --banner=Configured enable-tfo --strict-warnings && perl configdata.pm --dump - name: make run: make -s -j4 + - name: get cpu info + run: ./util/opensslwrap.sh version -c - name: make test run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} @@ -367,6 +439,10 @@ jobs: run: ./config --banner=Configured no-asm no-makedepend enable-buildtest-c++ enable-fips --strict-warnings -D_DEFAULT_SOURCE && perl configdata.pm --dump - name: make run: make -s -j4 + - name: get cpu info + run: | + cat /proc/cpuinfo + ./util/opensslwrap.sh version -c - name: make test run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} @@ -389,6 +465,9 @@ jobs: - name: make run: make -s -j4 working-directory: ./build + - name: get cpu info + run: ./util/opensslwrap.sh version -c + working-directory: ./build - name: make test run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} working-directory: ./build @@ -416,6 +495,10 @@ jobs: run: ./config --banner=Configured --strict-warnings --debug no-afalgeng enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 enable-external-tests no-fips && perl configdata.pm --dump - name: make run: make -s -j4 + - name: get cpu info + run: | + cat /proc/cpuinfo + ./util/opensslwrap.sh version -c - name: test external gost-engine run: make test TESTS="test_external_gost_engine" - name: test external krb5 @@ -442,7 +525,7 @@ jobs: - name: make run: make -s -j4 - name: Setup Python - uses: actions/setup-python@v4.7.0 + uses: actions/setup-python@v4.7.1 with: python-version: ${{ matrix.PYTHON }} - uses: actions-rs/toolchain@v1 @@ -451,6 +534,10 @@ jobs: toolchain: ${{ matrix.RUST }} override: true default: true + - name: get cpu info + run: | + cat /proc/cpuinfo + ./util/opensslwrap.sh version -c - name: test external pyca run: make test TESTS="test_external_pyca" VERBOSE=1 @@ -469,5 +556,9 @@ jobs: profile: default toolchain: stable default: true + - name: get cpu info + run: | + cat /proc/cpuinfo + ./util/opensslwrap.sh version -c - name: test external Cloudflare quiche run: make test TESTS="test_external_cf_quiche" VERBOSE=1 diff --git a/.github/workflows/compiler-zoo.yml b/.github/workflows/compiler-zoo.yml index 658d33f082a45da070a3ea9d93168f5477ff0dda..30634fccc3ffec9f7c2c06c4a11b1b419b25f5f0 100644 --- a/.github/workflows/compiler-zoo.yml +++ b/.github/workflows/compiler-zoo.yml @@ -127,5 +127,9 @@ jobs: run: ./configdata.pm --dump - name: make run: make -s -j4 + - name: get cpu info + run: | + cat /proc/cpuinfo + ./util/opensslwrap.sh version -c - name: make test run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} diff --git a/.github/workflows/coveralls.yml b/.github/workflows/coveralls.yml index bdb576fd650a57ff94a1eb2178a1e0b411eabde7..6df0543e5d8637fa4253d83c927cbe53cee6ca78 100644 --- a/.github/workflows/coveralls.yml +++ b/.github/workflows/coveralls.yml @@ -26,13 +26,13 @@ jobs: branches: [ { branch: openssl-3.1, - extra_config: no-afalgeng enable-fips enable-ssl-trace enable-trace enable-zlib enable-rc5 enable-md2 enable-weak-ssl-ciphers enable-ec_nistp_64_gcc_128 + extra_config: no-afalgeng enable-fips }, { branch: openssl-3.0, - extra_config: no-afalgeng enable-fips enable-ssl-trace enable-trace enable-zlib enable-rc5 enable-md2 enable-weak-ssl-ciphers enable-ec_nistp_64_gcc_128 + extra_config: no-afalgeng enable-fips }, { branch: master, - extra_config: no-afalgeng enable-fips enable-ssl-trace enable-trace enable-zlib enable-rc5 enable-md2 enable-weak-ssl-ciphers enable-ec_nistp_64_gcc_128 enable-tfo + extra_config: no-afalgeng enable-fips enable-tfo } ] runs-on: ubuntu-latest @@ -56,15 +56,25 @@ jobs: - name: setup hostname workaround run: sudo hostname localhost - name: config - run: CC=gcc ./config --debug --coverage ${{ matrix.branches.extra_config }} no-asm enable-rc5 enable-md2 enable-ssl3 enable-nextprotoneg enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-shared enable-buildtest-c++ enable-external-tests -DPEDANTIC -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + run: CC=gcc ./config --debug --coverage ${{ matrix.branches.extra_config }} no-asm enable-rc5 enable-md2 enable-ssl3 enable-nextprotoneg enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 enable-buildtest-c++ enable-ssl-trace enable-trace - name: config dump run: ./configdata.pm --dump - name: make run: make -s -j4 + - name: get cpu info + run: | + cat /proc/cpuinfo + ./util/opensslwrap.sh version -c - name: make test run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} TESTS='-test_external_krb5' - name: generate coverage info - run: lcov -d . -c -o ./lcov.info + run: lcov -d . -c + --exclude "${PWD}/test/*" + --exclude "${PWD}/test/helpers/*" + --exclude "${PWD}/test/testutil/*" + --exclude "${PWD}/fuzz/*" + --exclude "/usr/include/*" + -o ./lcov.info - name: Coveralls upload uses: coverallsapp/github-action@v2.2.3 with: diff --git a/.github/workflows/cross-compiles.yml b/.github/workflows/cross-compiles.yml index e2cd6cbb003a91f8602e2d043a54cc3993dcf40c..79af07c7016786a0c0140b050ffc4e6fb23f9453 100644 --- a/.github/workflows/cross-compiles.yml +++ b/.github/workflows/cross-compiles.yml @@ -195,6 +195,9 @@ jobs: run: echo "OPENSSL_${{ matrix.platform.opensslcapsname }}=\ ${{ matrix.platform.opensslcaps }}" >> $GITHUB_ENV + - name: get cpu info + run: cat /proc/cpuinfo + - name: make all tests if: github.event_name == 'push' && matrix.platform.tests == '' run: | diff --git a/.github/workflows/fuzz-checker.yml b/.github/workflows/fuzz-checker.yml index 3e84fdbac6fc641b71587cb98af83564ffb6092c..766a4a1326ecb29d4964eaccb0d44c3c3f0ea648 100644 --- a/.github/workflows/fuzz-checker.yml +++ b/.github/workflows/fuzz-checker.yml @@ -63,6 +63,10 @@ jobs: - name: make sans explicit linker if: matrix.fuzzy.linker == '' run: make -s -j4 + - name: get cpu info + run: | + cat /proc/cpuinfo + ./util/opensslwrap.sh version -c - name: make test restricted if: matrix.fuzzy.tests != '' run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} TESTS="${{ matrix.fuzzy.tests }}" diff --git a/.github/workflows/os-zoo.yml b/.github/workflows/os-zoo.yml index 98fe0c744cc42c84e290300fee1823e34ba7339d..29137bd7c7d89b2c73825b3eb5ec517acd4e6dc1 100644 --- a/.github/workflows/os-zoo.yml +++ b/.github/workflows/os-zoo.yml @@ -43,6 +43,10 @@ jobs: run: ./configdata.pm --dump - name: make run: make -s -j4 + - name: get cpu info + run: | + cat /proc/cpuinfo + ./util/opensslwrap.sh version -c - name: make test run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} @@ -89,6 +93,10 @@ jobs: run: ./configdata.pm --dump - name: make run: make -j4 + - name: get cpu info + run: | + cat /proc/cpuinfo + ./util/opensslwrap.sh version -c - name: make test run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} @@ -111,6 +119,10 @@ jobs: run: ./configdata.pm --dump - name: make run: make -s -j4 + - name: get cpu info + run: | + sysctl machdep.cpu + ./util/opensslwrap.sh version -c - name: make test run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} @@ -141,6 +153,17 @@ jobs: - name: build working-directory: _build run: nmake /S + - name: download coreinfo + uses: suisei-cn/actions-download-file@v1.4.0 + with: + url: "https://download.sysinternals.com/files/Coreinfo.zip" + target: _build/coreinfo/ + - name: get cpu info + working-directory: _build + run: | + 7z.exe x coreinfo/Coreinfo.zip + ./Coreinfo64.exe -accepteula -f + apps/openssl.exe version -c - name: test working-directory: _build run: nmake test VERBOSE_FAILURE=yes HARNESS_JOBS=4 diff --git a/.github/workflows/provider-compatibility.yml b/.github/workflows/provider-compatibility.yml index e95a8475220c86e81912700aa93c7e3e87b3882f..ccb0fbdd7d803aa1f7031f4e1f4e3d8ba846f146 100644 --- a/.github/workflows/provider-compatibility.yml +++ b/.github/workflows/provider-compatibility.yml @@ -10,7 +10,6 @@ name: Provider compatibility across versions - # NOTE: if this is being run on pull_request, it will **not** use the pull # request's branch. It is hardcoded to use the master branch. # @@ -160,6 +159,12 @@ jobs: -providers working-directory: ${{ matrix.branch.dir }} + - name: get cpu info + run: | + cat /proc/cpuinfo + ./util/opensslwrap.sh version -c + working-directory: ${{ matrix.branch.dir }} + - name: make test run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} working-directory: ${{ matrix.branch.dir }} @@ -230,6 +235,12 @@ jobs: -providers working-directory: ${{ matrix.tree_b }} + - name: get cpu info + run: | + cat /proc/cpuinfo + ./util/opensslwrap.sh version -c + working-directory: ${{ matrix.branch.dir }} + - name: run cross validation tests of FIPS from A with tree from B if: steps.early_exit.outcome == 'success' run: | diff --git a/.github/workflows/run-checker-ci.yml b/.github/workflows/run-checker-ci.yml index b4a20bcedd9361bbc40b9884cdc08b20ab7d793e..2b7ca84d86e7694506608c5250e2672cd4d3a6eb 100644 --- a/.github/workflows/run-checker-ci.yml +++ b/.github/workflows/run-checker-ci.yml @@ -50,5 +50,9 @@ jobs: run: ./configdata.pm --dump - name: make run: make -s -j4 + - name: get cpu info + run: | + cat /proc/cpuinfo + ./util/opensslwrap.sh version -c - name: make test run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} diff --git a/.github/workflows/run-checker-daily-sctp.yml b/.github/workflows/run-checker-daily-sctp.yml index d258847e7e5f60b9910b44505001e558ff485311..ba9a5178f02f1fe9bdcc6cc03e2559d463c0c490 100644 --- a/.github/workflows/run-checker-daily-sctp.yml +++ b/.github/workflows/run-checker-daily-sctp.yml @@ -43,6 +43,11 @@ jobs: if: steps.sctp_auth.outcome == 'success' && steps.sctp_auth.conclusion == 'success' run: make -s -j4 + - name: get cpu info + run: | + cat /proc/cpuinfo + ./util/opensslwrap.sh version -c + - name: make test if: steps.sctp_auth.outcome == 'success' && steps.sctp_auth.conclusion == 'success' run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} diff --git a/.github/workflows/run-checker-daily.yml b/.github/workflows/run-checker-daily.yml index fe8a3a8e66c7948d9c1da406794a2df9bde05a46..fdd07294a4a147515083275a1f25ad2767fae3f5 100644 --- a/.github/workflows/run-checker-daily.yml +++ b/.github/workflows/run-checker-daily.yml @@ -144,5 +144,9 @@ jobs: run: ./configdata.pm --dump - name: make run: make -s -j4 + - name: get cpu info + run: | + cat /proc/cpuinfo + ./util/opensslwrap.sh version -c - name: make test run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} diff --git a/.github/workflows/run-checker-merge.yml b/.github/workflows/run-checker-merge.yml index 31148bf0b82d5cf7d324e1c9d423b3663215059a..461f16527d557a0d08411986abc09fbdde44deb0 100644 --- a/.github/workflows/run-checker-merge.yml +++ b/.github/workflows/run-checker-merge.yml @@ -46,5 +46,9 @@ jobs: run: ./configdata.pm --dump - name: make run: make -s -j4 + - name: get cpu info + run: | + cat /proc/cpuinfo + ./util/opensslwrap.sh version -c - name: make test run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 9c32d2689bd2e0b2ac8fa6092e0b02f4478dc718..7125b91f75e54e5f436e3f269b5b19b68786b87b 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -47,6 +47,18 @@ jobs: - name: build working-directory: _build run: nmake /S + - name: download coreinfo + uses: suisei-cn/actions-download-file@v1.4.0 + with: + url: "https://download.sysinternals.com/files/Coreinfo.zip" + target: _build/coreinfo/ + - name: get cpu info + working-directory: _build + continue-on-error: true + run: | + 7z.exe x coreinfo/Coreinfo.zip + ./Coreinfo64.exe -accepteula -f + ./apps/openssl.exe version -c - name: test working-directory: _build run: nmake test VERBOSE_FAILURE=yes TESTS=-test_fuzz* HARNESS_JOBS=4 @@ -80,6 +92,18 @@ jobs: - name: build working-directory: _build run: nmake /S + - name: download coreinfo + uses: suisei-cn/actions-download-file@v1.4.0 + with: + url: "https://download.sysinternals.com/files/Coreinfo.zip" + target: _build/coreinfo/ + - name: get cpu info + working-directory: _build + continue-on-error: true + run: | + 7z.exe x coreinfo/Coreinfo.zip + ./Coreinfo64.exe -accepteula -f + ./apps/openssl.exe version -c - name: test working-directory: _build run: nmake test VERBOSE_FAILURE=yes HARNESS_JOBS=4 @@ -106,6 +130,18 @@ jobs: - name: build working-directory: _build run: nmake # verbose, so no /S here + - name: download coreinfo + uses: suisei-cn/actions-download-file@v1.4.0 + with: + url: "https://download.sysinternals.com/files/Coreinfo.zip" + target: _build/coreinfo/ + - name: get cpu info + working-directory: _build + continue-on-error: true + run: | + 7z.exe x coreinfo/Coreinfo.zip + ./Coreinfo64.exe -accepteula -f + ./apps/openssl.exe version -c - name: test working-directory: _build run: nmake test VERBOSE_FAILURE=yes TESTS=-test_fuzz* HARNESS_JOBS=4 diff --git a/.github/workflows/windows_comp.yml b/.github/workflows/windows_comp.yml index 8f19b812a735027a75c34974c352210ed01ff213..abcc0ad0190b5b984e1edeb502b5d9a3011190b5 100644 --- a/.github/workflows/windows_comp.yml +++ b/.github/workflows/windows_comp.yml @@ -41,6 +41,18 @@ jobs: - name: build working-directory: _build run: nmake + - name: download coreinfo + uses: suisei-cn/actions-download-file@v1.4.0 + with: + url: "https://download.sysinternals.com/files/Coreinfo.zip" + target: _build/coreinfo/ + - name: get cpu info + working-directory: _build + continue-on-error: true + run: | + 7z.exe x coreinfo/Coreinfo.zip + ./Coreinfo64.exe -accepteula -f + ./apps/openssl.exe version -c - name: test working-directory: _build run: | @@ -68,6 +80,18 @@ jobs: - name: build working-directory: _build run: nmake + - name: download coreinfo + uses: suisei-cn/actions-download-file@v1.4.0 + with: + url: "https://download.sysinternals.com/files/Coreinfo.zip" + target: _build/coreinfo/ + - name: get cpu info + working-directory: _build + continue-on-error: true + run: | + 7z.exe x coreinfo/Coreinfo.zip + ./Coreinfo64.exe -accepteula -f + ./apps/openssl.exe version -c - name: test working-directory: _build run: | diff --git a/CHANGES.md b/CHANGES.md index f0b6898511ce189d72f48dccaf4c4d03d8ce3205..af5f3cd2aba9b9b4a0632dd14c4ac007d8252903 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -25,6 +25,17 @@ OpenSSL 3.2 ### Changes between 3.1 and 3.2 [xx XXX xxxx] + * Added a function to delete objects from store by URI - OSSL_STORE_delete() + and the corresponding provider-storemgmt API function + OSSL_FUNC_store_delete(). + + *Dmitry Belyavskiy* + + * Added OSSL_FUNC_store_open_ex() provider-storemgmt API function to pass + a passphrase callback when opening a store. + + *Simo Sorce* + * Changed the default salt length used by PBES2 KDF's (PBKDF2 and scrypt) from 8 bytes to 16 bytes. The PKCS5 (RFC 8018) standard uses a 64 bit salt length for PBE, and diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index 881310cf0897615a9a4724c0984511d966ffa508..3d9ce086f9496a11d4990f52d6dfbda78e56824b 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -1146,7 +1146,7 @@ doc-nits: build_generated_pods ## Evaluate OpenSSL documentation # Finally, there's a Node.js version, which we haven't tried, that # can be found at https://github.com/DavidAnson/markdownlint md-nits: ## Evaluate markdown files via "mdl" - mdl -s util/markdownlint.rb . + mdl -s $(SRCDIR)/util/markdownlint.rb . # Test coverage is a good idea for the future #coverage: $(PROGRAMS) $(TESTPROGRAMS) @@ -1264,7 +1264,7 @@ providers/fips.module.sources.new: configdata.pm crypto/*cap.c; do \ echo "$$x"; \ done \ - ) | sort | uniq > providers/fips.module.sources.new + ) | grep -v sm2p256 | sort | uniq > providers/fips.module.sources.new rm -rf sources-tmp # Set to -force to force a rebuild diff --git a/VERSION.dat b/VERSION.dat index 584de32867eb52bd18b1ce8a43bb6013c9d71a1f..1969c68c3819f213cddc3738be8379813206ef53 100644 --- a/VERSION.dat +++ b/VERSION.dat @@ -1,7 +1,7 @@ MAJOR=3 MINOR=2 PATCH=0 -PRE_RELEASE_TAG=alpha2-dev +PRE_RELEASE_TAG=alpha3-dev BUILD_METADATA= RELEASE_DATE="" SHLIB_VERSION=3 diff --git a/apps/dhparam.c b/apps/dhparam.c index d14c569503013a1484dcf161636f651ba4f7758c..ffe6e6cb8893035b9b8876f99b08a1af0d977c3c 100644 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/apps/gendsa.c b/apps/gendsa.c index b6d1d0f5b3f76ab0b0a6eb1834af77ec6fb3762c..a655c6ea02b2cb7458a2e0079e4d1dd96e53c630 100644 --- a/apps/gendsa.c +++ b/apps/gendsa.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/apps/genrsa.c b/apps/genrsa.c index f71bc6eeb111d7b820f467702c4c35d51f50efd6..54d025e24c2cd7b3d89916e4244b94f54fe562ce 100644 --- a/apps/genrsa.c +++ b/apps/genrsa.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/apps/progs.pl b/apps/progs.pl index 120ae05f07388c3efa3f25c627383f2c719af870..4a1e4be47c692c7914c17fd478bfac1e86fd1e63 100644 --- a/apps/progs.pl +++ b/apps/progs.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/aes/asm/aesp8-ppc.pl b/crypto/aes/asm/aesp8-ppc.pl index 60cf86f52aed20b33101ee69123ca5031d6e92c3..38b9405a283b7fa8c8c8b26fd6817e3e3ce4289a 100755 --- a/crypto/aes/asm/aesp8-ppc.pl +++ b/crypto/aes/asm/aesp8-ppc.pl @@ -99,11 +99,12 @@ rcon: .long 0x1b000000, 0x1b000000, 0x1b000000, 0x1b000000 ?rev .long 0x0d0e0f0c, 0x0d0e0f0c, 0x0d0e0f0c, 0x0d0e0f0c ?rev .long 0,0,0,0 ?asis +.long 0x0f102132, 0x43546576, 0x8798a9ba, 0xcbdcedfe Lconsts: mflr r0 bcl 20,31,\$+4 mflr $ptr #vvvvv "distance between . and rcon - addi $ptr,$ptr,-0x48 + addi $ptr,$ptr,-0x58 mtlr r0 blr .long 0 @@ -2405,7 +2406,7 @@ ___ my $key_=$key2; my ($x00,$x10,$x20,$x30,$x40,$x50,$x60,$x70)=map("r$_",(0,3,26..31)); $x00=0 if ($flavour =~ /osx/); -my ($in0, $in1, $in2, $in3, $in4, $in5 )=map("v$_",(0..5)); +my ($in0, $in1, $in2, $in3, $in4, $in5)=map("v$_",(0..5)); my ($out0, $out1, $out2, $out3, $out4, $out5)=map("v$_",(7,12..16)); my ($twk0, $twk1, $twk2, $twk3, $twk4, $twk5)=map("v$_",(17..22)); my $rndkey0="v23"; # v24-v25 rotating buffer for first found keys @@ -2460,6 +2461,18 @@ _aesp8_xts_encrypt6x: li $x70,0x70 mtspr 256,r0 + # Reverse eighty7 to 0x010101..87 + xxlor 2, 32+$eighty7, 32+$eighty7 + vsldoi $eighty7,$tmp,$eighty7,1 # 0x010101..87 + xxlor 1, 32+$eighty7, 32+$eighty7 + + # Load XOR contents. 0xf102132435465768798a9bacbdcedfe + mr $x70, r6 + bl Lconsts + lxvw4x 0, $x40, r6 # load XOR contents + mr r6, $x70 + li $x70,0x70 + subi $rounds,$rounds,3 # -4 in total lvx $rndkey0,$x00,$key1 # load key schedule @@ -2502,69 +2515,77 @@ Load_xts_enc_key: ?vperm v31,v31,$twk5,$keyperm lvx v25,$x10,$key_ # pre-load round[2] + # Switch to use the following codes with 0x010101..87 to generate tweak. + # eighty7 = 0x010101..87 + # vsrab tmp, tweak, seven # next tweak value, right shift 7 bits + # vand tmp, tmp, eighty7 # last byte with carry + # vaddubm tweak, tweak, tweak # left shift 1 bit (x2) + # xxlor vsx, 0, 0 + # vpermxor tweak, tweak, tmp, vsx + vperm $in0,$inout,$inptail,$inpperm subi $inp,$inp,31 # undo "caller" vxor $twk0,$tweak,$rndkey0 vsrab $tmp,$tweak,$seven # next tweak value vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 vand $tmp,$tmp,$eighty7 vxor $out0,$in0,$twk0 - vxor $tweak,$tweak,$tmp + xxlor 32+$in1, 0, 0 + vpermxor $tweak, $tweak, $tmp, $in1 lvx_u $in1,$x10,$inp vxor $twk1,$tweak,$rndkey0 vsrab $tmp,$tweak,$seven # next tweak value vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 le?vperm $in1,$in1,$in1,$leperm vand $tmp,$tmp,$eighty7 vxor $out1,$in1,$twk1 - vxor $tweak,$tweak,$tmp + xxlor 32+$in2, 0, 0 + vpermxor $tweak, $tweak, $tmp, $in2 lvx_u $in2,$x20,$inp andi. $taillen,$len,15 vxor $twk2,$tweak,$rndkey0 vsrab $tmp,$tweak,$seven # next tweak value vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 le?vperm $in2,$in2,$in2,$leperm vand $tmp,$tmp,$eighty7 vxor $out2,$in2,$twk2 - vxor $tweak,$tweak,$tmp + xxlor 32+$in3, 0, 0 + vpermxor $tweak, $tweak, $tmp, $in3 lvx_u $in3,$x30,$inp sub $len,$len,$taillen vxor $twk3,$tweak,$rndkey0 vsrab $tmp,$tweak,$seven # next tweak value vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 le?vperm $in3,$in3,$in3,$leperm vand $tmp,$tmp,$eighty7 vxor $out3,$in3,$twk3 - vxor $tweak,$tweak,$tmp + xxlor 32+$in4, 0, 0 + vpermxor $tweak, $tweak, $tmp, $in4 lvx_u $in4,$x40,$inp subi $len,$len,0x60 vxor $twk4,$tweak,$rndkey0 vsrab $tmp,$tweak,$seven # next tweak value vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 le?vperm $in4,$in4,$in4,$leperm vand $tmp,$tmp,$eighty7 vxor $out4,$in4,$twk4 - vxor $tweak,$tweak,$tmp + xxlor 32+$in5, 0, 0 + vpermxor $tweak, $tweak, $tmp, $in5 lvx_u $in5,$x50,$inp addi $inp,$inp,0x60 vxor $twk5,$tweak,$rndkey0 vsrab $tmp,$tweak,$seven # next tweak value vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 le?vperm $in5,$in5,$in5,$leperm vand $tmp,$tmp,$eighty7 vxor $out5,$in5,$twk5 - vxor $tweak,$tweak,$tmp + xxlor 32+$in0, 0, 0 + vpermxor $tweak, $tweak, $tmp, $in0 vxor v31,v31,$rndkey0 mtctr $rounds @@ -2590,6 +2611,8 @@ Loop_xts_enc6x: lvx v25,$x10,$key_ # round[4] bdnz Loop_xts_enc6x + xxlor 32+$eighty7, 1, 1 # 0x010101..87 + subic $len,$len,96 # $len-=96 vxor $in0,$twk0,v31 # xor with last round key vcipher $out0,$out0,v24 @@ -2599,7 +2622,6 @@ Loop_xts_enc6x: vaddubm $tweak,$tweak,$tweak vcipher $out2,$out2,v24 vcipher $out3,$out3,v24 - vsldoi $tmp,$tmp,$tmp,15 vcipher $out4,$out4,v24 vcipher $out5,$out5,v24 @@ -2607,7 +2629,8 @@ Loop_xts_enc6x: vand $tmp,$tmp,$eighty7 vcipher $out0,$out0,v25 vcipher $out1,$out1,v25 - vxor $tweak,$tweak,$tmp + xxlor 32+$in1, 0, 0 + vpermxor $tweak, $tweak, $tmp, $in1 vcipher $out2,$out2,v25 vcipher $out3,$out3,v25 vxor $in1,$twk1,v31 @@ -2618,13 +2641,13 @@ Loop_xts_enc6x: and r0,r0,$len vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 vcipher $out0,$out0,v26 vcipher $out1,$out1,v26 vand $tmp,$tmp,$eighty7 vcipher $out2,$out2,v26 vcipher $out3,$out3,v26 - vxor $tweak,$tweak,$tmp + xxlor 32+$in2, 0, 0 + vpermxor $tweak, $tweak, $tmp, $in2 vcipher $out4,$out4,v26 vcipher $out5,$out5,v26 @@ -2638,7 +2661,6 @@ Loop_xts_enc6x: vaddubm $tweak,$tweak,$tweak vcipher $out0,$out0,v27 vcipher $out1,$out1,v27 - vsldoi $tmp,$tmp,$tmp,15 vcipher $out2,$out2,v27 vcipher $out3,$out3,v27 vand $tmp,$tmp,$eighty7 @@ -2646,7 +2668,8 @@ Loop_xts_enc6x: vcipher $out5,$out5,v27 addi $key_,$sp,$FRAME+15 # rewind $key_ - vxor $tweak,$tweak,$tmp + xxlor 32+$in3, 0, 0 + vpermxor $tweak, $tweak, $tmp, $in3 vcipher $out0,$out0,v28 vcipher $out1,$out1,v28 vxor $in3,$twk3,v31 @@ -2655,7 +2678,6 @@ Loop_xts_enc6x: vcipher $out2,$out2,v28 vcipher $out3,$out3,v28 vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 vcipher $out4,$out4,v28 vcipher $out5,$out5,v28 lvx v24,$x00,$key_ # re-pre-load round[1] @@ -2663,7 +2685,8 @@ Loop_xts_enc6x: vcipher $out0,$out0,v29 vcipher $out1,$out1,v29 - vxor $tweak,$tweak,$tmp + xxlor 32+$in4, 0, 0 + vpermxor $tweak, $tweak, $tmp, $in4 vcipher $out2,$out2,v29 vcipher $out3,$out3,v29 vxor $in4,$twk4,v31 @@ -2673,14 +2696,14 @@ Loop_xts_enc6x: vcipher $out5,$out5,v29 lvx v25,$x10,$key_ # re-pre-load round[2] vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 vcipher $out0,$out0,v30 vcipher $out1,$out1,v30 vand $tmp,$tmp,$eighty7 vcipher $out2,$out2,v30 vcipher $out3,$out3,v30 - vxor $tweak,$tweak,$tmp + xxlor 32+$in5, 0, 0 + vpermxor $tweak, $tweak, $tmp, $in5 vcipher $out4,$out4,v30 vcipher $out5,$out5,v30 vxor $in5,$twk5,v31 @@ -2690,7 +2713,6 @@ Loop_xts_enc6x: vcipherlast $out0,$out0,$in0 lvx_u $in0,$x00,$inp # load next input block vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 vcipherlast $out1,$out1,$in1 lvx_u $in1,$x10,$inp vcipherlast $out2,$out2,$in2 @@ -2703,7 +2725,10 @@ Loop_xts_enc6x: vcipherlast $out4,$out4,$in4 le?vperm $in2,$in2,$in2,$leperm lvx_u $in4,$x40,$inp - vxor $tweak,$tweak,$tmp + xxlor 10, 32+$in0, 32+$in0 + xxlor 32+$in0, 0, 0 + vpermxor $tweak, $tweak, $tmp, $in0 + xxlor 32+$in0, 10, 10 vcipherlast $tmp,$out5,$in5 # last block might be needed # in stealing mode le?vperm $in3,$in3,$in3,$leperm @@ -2736,6 +2761,8 @@ Loop_xts_enc6x: mtctr $rounds beq Loop_xts_enc6x # did $len-=96 borrow? + xxlor 32+$eighty7, 2, 2 # 0x870101..01 + addic. $len,$len,0x60 beq Lxts_enc6x_zero cmpwi $len,0x20 @@ -3112,6 +3139,18 @@ _aesp8_xts_decrypt6x: li $x70,0x70 mtspr 256,r0 + # Reverse eighty7 to 0x010101..87 + xxlor 2, 32+$eighty7, 32+$eighty7 + vsldoi $eighty7,$tmp,$eighty7,1 # 0x010101..87 + xxlor 1, 32+$eighty7, 32+$eighty7 + + # Load XOR contents. 0xf102132435465768798a9bacbdcedfe + mr $x70, r6 + bl Lconsts + lxvw4x 0, $x40, r6 # load XOR contents + mr r6, $x70 + li $x70,0x70 + subi $rounds,$rounds,3 # -4 in total lvx $rndkey0,$x00,$key1 # load key schedule @@ -3159,64 +3198,64 @@ Load_xts_dec_key: vxor $twk0,$tweak,$rndkey0 vsrab $tmp,$tweak,$seven # next tweak value vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 vand $tmp,$tmp,$eighty7 vxor $out0,$in0,$twk0 - vxor $tweak,$tweak,$tmp + xxlor 32+$in1, 0, 0 + vpermxor $tweak, $tweak, $tmp, $in1 lvx_u $in1,$x10,$inp vxor $twk1,$tweak,$rndkey0 vsrab $tmp,$tweak,$seven # next tweak value vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 le?vperm $in1,$in1,$in1,$leperm vand $tmp,$tmp,$eighty7 vxor $out1,$in1,$twk1 - vxor $tweak,$tweak,$tmp + xxlor 32+$in2, 0, 0 + vpermxor $tweak, $tweak, $tmp, $in2 lvx_u $in2,$x20,$inp andi. $taillen,$len,15 vxor $twk2,$tweak,$rndkey0 vsrab $tmp,$tweak,$seven # next tweak value vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 le?vperm $in2,$in2,$in2,$leperm vand $tmp,$tmp,$eighty7 vxor $out2,$in2,$twk2 - vxor $tweak,$tweak,$tmp + xxlor 32+$in3, 0, 0 + vpermxor $tweak, $tweak, $tmp, $in3 lvx_u $in3,$x30,$inp sub $len,$len,$taillen vxor $twk3,$tweak,$rndkey0 vsrab $tmp,$tweak,$seven # next tweak value vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 le?vperm $in3,$in3,$in3,$leperm vand $tmp,$tmp,$eighty7 vxor $out3,$in3,$twk3 - vxor $tweak,$tweak,$tmp + xxlor 32+$in4, 0, 0 + vpermxor $tweak, $tweak, $tmp, $in4 lvx_u $in4,$x40,$inp subi $len,$len,0x60 vxor $twk4,$tweak,$rndkey0 vsrab $tmp,$tweak,$seven # next tweak value vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 le?vperm $in4,$in4,$in4,$leperm vand $tmp,$tmp,$eighty7 vxor $out4,$in4,$twk4 - vxor $tweak,$tweak,$tmp + xxlor 32+$in5, 0, 0 + vpermxor $tweak, $tweak, $tmp, $in5 lvx_u $in5,$x50,$inp addi $inp,$inp,0x60 vxor $twk5,$tweak,$rndkey0 vsrab $tmp,$tweak,$seven # next tweak value vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 le?vperm $in5,$in5,$in5,$leperm vand $tmp,$tmp,$eighty7 vxor $out5,$in5,$twk5 - vxor $tweak,$tweak,$tmp + xxlor 32+$in0, 0, 0 + vpermxor $tweak, $tweak, $tmp, $in0 vxor v31,v31,$rndkey0 mtctr $rounds @@ -3242,6 +3281,8 @@ Loop_xts_dec6x: lvx v25,$x10,$key_ # round[4] bdnz Loop_xts_dec6x + xxlor 32+$eighty7, 1, 1 + subic $len,$len,96 # $len-=96 vxor $in0,$twk0,v31 # xor with last round key vncipher $out0,$out0,v24 @@ -3251,7 +3292,6 @@ Loop_xts_dec6x: vaddubm $tweak,$tweak,$tweak vncipher $out2,$out2,v24 vncipher $out3,$out3,v24 - vsldoi $tmp,$tmp,$tmp,15 vncipher $out4,$out4,v24 vncipher $out5,$out5,v24 @@ -3259,7 +3299,8 @@ Loop_xts_dec6x: vand $tmp,$tmp,$eighty7 vncipher $out0,$out0,v25 vncipher $out1,$out1,v25 - vxor $tweak,$tweak,$tmp + xxlor 32+$in1, 0, 0 + vpermxor $tweak, $tweak, $tmp, $in1 vncipher $out2,$out2,v25 vncipher $out3,$out3,v25 vxor $in1,$twk1,v31 @@ -3270,13 +3311,13 @@ Loop_xts_dec6x: and r0,r0,$len vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 vncipher $out0,$out0,v26 vncipher $out1,$out1,v26 vand $tmp,$tmp,$eighty7 vncipher $out2,$out2,v26 vncipher $out3,$out3,v26 - vxor $tweak,$tweak,$tmp + xxlor 32+$in2, 0, 0 + vpermxor $tweak, $tweak, $tmp, $in2 vncipher $out4,$out4,v26 vncipher $out5,$out5,v26 @@ -3290,7 +3331,6 @@ Loop_xts_dec6x: vaddubm $tweak,$tweak,$tweak vncipher $out0,$out0,v27 vncipher $out1,$out1,v27 - vsldoi $tmp,$tmp,$tmp,15 vncipher $out2,$out2,v27 vncipher $out3,$out3,v27 vand $tmp,$tmp,$eighty7 @@ -3298,7 +3338,8 @@ Loop_xts_dec6x: vncipher $out5,$out5,v27 addi $key_,$sp,$FRAME+15 # rewind $key_ - vxor $tweak,$tweak,$tmp + xxlor 32+$in3, 0, 0 + vpermxor $tweak, $tweak, $tmp, $in3 vncipher $out0,$out0,v28 vncipher $out1,$out1,v28 vxor $in3,$twk3,v31 @@ -3307,7 +3348,6 @@ Loop_xts_dec6x: vncipher $out2,$out2,v28 vncipher $out3,$out3,v28 vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 vncipher $out4,$out4,v28 vncipher $out5,$out5,v28 lvx v24,$x00,$key_ # re-pre-load round[1] @@ -3315,7 +3355,8 @@ Loop_xts_dec6x: vncipher $out0,$out0,v29 vncipher $out1,$out1,v29 - vxor $tweak,$tweak,$tmp + xxlor 32+$in4, 0, 0 + vpermxor $tweak, $tweak, $tmp, $in4 vncipher $out2,$out2,v29 vncipher $out3,$out3,v29 vxor $in4,$twk4,v31 @@ -3325,14 +3366,14 @@ Loop_xts_dec6x: vncipher $out5,$out5,v29 lvx v25,$x10,$key_ # re-pre-load round[2] vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 vncipher $out0,$out0,v30 vncipher $out1,$out1,v30 vand $tmp,$tmp,$eighty7 vncipher $out2,$out2,v30 vncipher $out3,$out3,v30 - vxor $tweak,$tweak,$tmp + xxlor 32+$in5, 0, 0 + vpermxor $tweak, $tweak, $tmp, $in5 vncipher $out4,$out4,v30 vncipher $out5,$out5,v30 vxor $in5,$twk5,v31 @@ -3342,7 +3383,6 @@ Loop_xts_dec6x: vncipherlast $out0,$out0,$in0 lvx_u $in0,$x00,$inp # load next input block vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 vncipherlast $out1,$out1,$in1 lvx_u $in1,$x10,$inp vncipherlast $out2,$out2,$in2 @@ -3355,7 +3395,10 @@ Loop_xts_dec6x: vncipherlast $out4,$out4,$in4 le?vperm $in2,$in2,$in2,$leperm lvx_u $in4,$x40,$inp - vxor $tweak,$tweak,$tmp + xxlor 10, 32+$in0, 32+$in0 + xxlor 32+$in0, 0, 0 + vpermxor $tweak, $tweak, $tmp, $in0 + xxlor 32+$in0, 10, 10 vncipherlast $out5,$out5,$in5 le?vperm $in3,$in3,$in3,$leperm lvx_u $in5,$x50,$inp @@ -3386,6 +3429,8 @@ Loop_xts_dec6x: mtctr $rounds beq Loop_xts_dec6x # did $len-=96 borrow? + xxlor 32+$eighty7, 2, 2 + addic. $len,$len,0x60 beq Lxts_dec6x_zero cmpwi $len,0x20 diff --git a/crypto/bio/bio_addr.c b/crypto/bio/bio_addr.c index 2a6f6d522c7a51d848d298b2f8e5e98805d99992..0a64d0749a29b02ee934e614dbaa8e5c82cb533c 100644 --- a/crypto/bio/bio_addr.c +++ b/crypto/bio/bio_addr.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c index 3f57de539f4516fc3450316b2d888edf0a900ca5..5195634fdfa766f8b16099cbf750ff0bd56d2c63 100644 --- a/crypto/bio/bss_dgram.c +++ b/crypto/bio/bss_dgram.c @@ -216,11 +216,13 @@ typedef struct bio_dgram_sctp_save_message_st { int length; } bio_dgram_sctp_save_message; +/* + * Note: bio_dgram_data must be first here + * as we use dgram_ctrl for underlying dgram operations + * which will cast this struct to a bio_dgram_data + */ typedef struct bio_dgram_sctp_data_st { - BIO_ADDR peer; - unsigned int connected; - unsigned int _errno; - unsigned int mtu; + bio_dgram_data dgram; struct bio_dgram_sctp_sndinfo sndinfo; struct bio_dgram_sctp_rcvinfo rcvinfo; struct bio_dgram_sctp_prinfo prinfo; @@ -2101,7 +2103,7 @@ static int dgram_sctp_read(BIO *b, char *out, int outl) if (ret < 0) { if (BIO_dgram_should_retry(ret)) { BIO_set_retry_read(b); - data->_errno = get_last_socket_error(); + data->dgram._errno = get_last_socket_error(); } } @@ -2253,7 +2255,7 @@ static int dgram_sctp_write(BIO *b, const char *in, int inl) if (ret <= 0) { if (BIO_dgram_should_retry(ret)) { BIO_set_retry_write(b); - data->_errno = get_last_socket_error(); + data->dgram._errno = get_last_socket_error(); } } return ret; @@ -2275,16 +2277,16 @@ static long dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr) * Set to maximum (2^14) and ignore user input to enable transport * protocol fragmentation. Returns always 2^14. */ - data->mtu = 16384; - ret = data->mtu; + data->dgram.mtu = 16384; + ret = data->dgram.mtu; break; case BIO_CTRL_DGRAM_SET_MTU: /* * Set to maximum (2^14) and ignore input to enable transport * protocol fragmentation. Returns always 2^14. */ - data->mtu = 16384; - ret = data->mtu; + data->dgram.mtu = 16384; + ret = data->dgram.mtu; break; case BIO_CTRL_DGRAM_SET_CONNECTED: case BIO_CTRL_DGRAM_CONNECT: diff --git a/crypto/bio/bss_sock.c b/crypto/bio/bss_sock.c index 4ff4defadff46fe6af5c1771cc683952fb6fdde8..82f7be85ae0c305acb19694d07065f9c8029594e 100644 --- a/crypto/bio/bss_sock.c +++ b/crypto/bio/bss_sock.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bn/bn_gcd.c b/crypto/bn/bn_gcd.c index 519bb4e951d7dc019d3500b74ab95acd01a93182..2cd8ee35e034a38f1200e25a38d5dfb180cd0189 100644 --- a/crypto/bn/bn_gcd.c +++ b/crypto/bn/bn_gcd.c @@ -642,9 +642,9 @@ int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx) for (i = 0; i < m; i++) { /* conditionally flip signs if delta is positive and g is odd */ - cond = (-delta >> (8 * sizeof(delta) - 1)) & g->d[0] & 1 + cond = ((unsigned int)-delta >> (8 * sizeof(delta) - 1)) & g->d[0] & 1 /* make sure g->top > 0 (i.e. if top == 0 then g == 0 always) */ - & (~((g->top - 1) >> (sizeof(g->top) * 8 - 1))); + & (~((unsigned int)(g->top - 1) >> (sizeof(g->top) * 8 - 1))); delta = (-cond & -delta) | ((cond - 1) & delta); r->neg ^= cond; /* swap */ @@ -656,7 +656,7 @@ int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx) goto err; BN_consttime_swap(g->d[0] & 1 /* g is odd */ /* make sure g->top > 0 (i.e. if top == 0 then g == 0 always) */ - & (~((g->top - 1) >> (sizeof(g->top) * 8 - 1))), + & (~((unsigned int)(g->top - 1) >> (sizeof(g->top) * 8 - 1))), g, temp, top); if (!BN_rshift1(g, g)) goto err; diff --git a/crypto/cpuid.c b/crypto/cpuid.c index e5db03f3f6af2c33b218d0adc1469cb8e2342460..51cbe5ea090eebc5830e3b5b793a8caba2f91afe 100644 --- a/crypto/cpuid.c +++ b/crypto/cpuid.c @@ -1,5 +1,5 @@ /* - * Copyright 1998-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index bc26cee303e970e2eccc6a082e37bc5a325a9786..8ab75e06d719e03005dfcb98ed7bd2ce0f01b8d9 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -194,7 +194,6 @@ static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, static int dh_init(DH *dh) { dh->flags |= DH_FLAG_CACHE_MONT_P; - ossl_ffc_params_init(&dh->params); dh->dirty_cnt++; return 1; } diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index e2eb53961cb6593d070d20824de2bbf8ac50343e..9d5a6b0b6c2baa7951fdf770ce70057cdfba023b 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -119,6 +119,8 @@ static DH *dh_new_intern(ENGINE *engine, OSSL_LIB_CTX *libctx) goto err; #endif /* FIPS_MODULE */ + ossl_ffc_params_init(&ret->params); + if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { ERR_raise(ERR_LIB_DH, ERR_R_INIT_FAIL); goto err; diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index b18fda33782705c055c245f193d7d05df38acb91..7997c2ac25e459d04acf71828864ed3ac3a5f939 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -179,6 +179,8 @@ static DSA *dsa_new_intern(ENGINE *engine, OSSL_LIB_CTX *libctx) goto err; #endif + ossl_ffc_params_init(&ret->params); + if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { ERR_raise(ERR_LIB_DSA, ERR_R_INIT_FAIL); goto err; diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index 29e2a8057250b16d40c0b7a9595e4496869433f7..234362b6d7499b9ab7098a14a51e0c2e6318d7e2 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -462,7 +462,6 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, static int dsa_init(DSA *dsa) { dsa->flags |= DSA_FLAG_CACHE_MONT_P; - ossl_ffc_params_init(&dsa->params); dsa->dirty_cnt++; return 1; } diff --git a/crypto/ec/curve448/point_448.h b/crypto/ec/curve448/point_448.h index 597ded42114098e42f2ba0db4dd56b7575a46b43..96a54558d6b30bd50e74e5e000e69e1814b034a1 100644 --- a/crypto/ec/curve448/point_448.h +++ b/crypto/ec/curve448/point_448.h @@ -1,5 +1,5 @@ /* - * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2015-2016 Cryptography Research, Inc. * * Licensed under the Apache License 2.0 (the "License"). You may not use diff --git a/crypto/ec/ecp_s390x_nistp.c b/crypto/ec/ecp_s390x_nistp.c index eae0b52c4e69bdb6a2fdc31f81cffbf8ed418c18..f13f8bed242d975c0700e1311176c089b9f4192b 100644 --- a/crypto/ec/ecp_s390x_nistp.c +++ b/crypto/ec/ecp_s390x_nistp.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/engine/eng_pkey.c b/crypto/engine/eng_pkey.c index 6e6d6df35b2b9a1a51a32654c009bdc13e576101..a8f1371a792fed8708e237c105e72243c63f86de 100644 --- a/crypto/engine/eng_pkey.c +++ b/crypto/engine/eng_pkey.c @@ -79,6 +79,48 @@ EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, ERR_raise(ERR_LIB_ENGINE, ENGINE_R_FAILED_LOADING_PRIVATE_KEY); return NULL; } + /* We enforce check for legacy key */ + switch (EVP_PKEY_get_id(pkey)) { + case EVP_PKEY_RSA: + { + RSA *rsa = EVP_PKEY_get1_RSA(pkey); + EVP_PKEY_set1_RSA(pkey, rsa); + RSA_free(rsa); + } + break; +# ifndef OPENSSL_NO_EC + case EVP_PKEY_SM2: + case EVP_PKEY_EC: + { + EC_KEY *ec = EVP_PKEY_get1_EC_KEY(pkey); + EVP_PKEY_set1_EC_KEY(pkey, ec); + EC_KEY_free(ec); + } + break; +# endif +# ifndef OPENSSL_NO_DSA + case EVP_PKEY_DSA: + { + DSA *dsa = EVP_PKEY_get1_DSA(pkey); + EVP_PKEY_set1_DSA(pkey, dsa); + DSA_free(dsa); + } + break; +#endif +# ifndef OPENSSL_NO_DH + case EVP_PKEY_DH: + { + DH *dh = EVP_PKEY_get1_DH(pkey); + EVP_PKEY_set1_DH(pkey, dh); + DH_free(dh); + } + break; +#endif + default: + /*Do nothing */ + break; + } + return pkey; } diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c index 68b216f10cb456402a3be51fc9916603f4106ebb..731c1a1dc70c8f1ab362c38913e780089060c39b 100644 --- a/crypto/evp/e_chacha20_poly1305.c +++ b/crypto/evp/e_chacha20_poly1305.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 84ce108b2540ebd52acfb422d457d299f05ed1ec..e1d3eeef641f8f489836670b9f1d58dbcca02f98 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -200,7 +200,12 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx, #endif } - if (cipher->prov != NULL) { + if (!ossl_assert(cipher->prov != NULL)) { + ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); + return 0; + } + + if (cipher != ctx->fetched_cipher) { if (!EVP_CIPHER_up_ref((EVP_CIPHER *)cipher)) { ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); return 0; diff --git a/crypto/evp/legacy_blake2.c b/crypto/evp/legacy_blake2.c index 4301ae4857913556f94880e4cca0c19964003d51..5a5f05044ceedb8937e0f5f967856208e21d4a0a 100644 --- a/crypto/evp/legacy_blake2.c +++ b/crypto/evp/legacy_blake2.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index bd9e5a91003f85c4ce634c655f4a7272f9106029..eb937d52ca5f6235e41ef17bfae75f358f1bd259 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -1201,7 +1201,7 @@ int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey, int indent, ASN1_PCTX *pctx) { - return print_pkey(pkey, out, indent, EVP_PKEY_KEYPAIR, NULL, + return print_pkey(pkey, out, indent, EVP_PKEY_PRIVATE_KEY, NULL, (pkey->ameth != NULL ? pkey->ameth->priv_print : NULL), pctx); } diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c index 6a38fe511a6362adc412fcb59b24481e939ed915..74cca96f4d78208e25c86b9fa3ea580b41648d35 100644 --- a/crypto/evp/pmeth_gn.c +++ b/crypto/evp/pmeth_gn.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/initthread.c b/crypto/initthread.c index 23ad0a07391071f07a72add10da4ff8815d87fed..ae234cd205e5cdcaf3aef41a7e938b9637a5370a 100644 --- a/crypto/initthread.c +++ b/crypto/initthread.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/lhash/lh_stats.c b/crypto/lhash/lh_stats.c index 36a177129ec45edf9d6149243f32280c3ba1a376..ea0a3252a6ba8d28ca6ed9cdf2ad38e4c80885b1 100644 --- a/crypto/lhash/lh_stats.c +++ b/crypto/lhash/lh_stats.c @@ -23,7 +23,7 @@ #include "lhash_local.h" # ifndef OPENSSL_NO_STDIO -# ifndef OPENSSL_NO_DEPRECATED_3_2 +# ifndef OPENSSL_NO_DEPRECATED_3_1 void OPENSSL_LH_stats(const OPENSSL_LHASH *lh, FILE *fp) { BIO *bp; @@ -62,7 +62,7 @@ void OPENSSL_LH_node_usage_stats(const OPENSSL_LHASH *lh, FILE *fp) # endif # endif -# ifndef OPENSSL_NO_DEPRECATED_3_2 +# ifndef OPENSSL_NO_DEPRECATED_3_1 /* * These functions are implemented as separate static functions as they are * called from the stdio functions above and calling deprecated functions will diff --git a/crypto/lhash/lhash.c b/crypto/lhash/lhash.c index 9d2b284ae0fa2777f9b205a1bc32b6728f446b8d..0a475b71d8e2a70865af338333aea377f3385de0 100644 --- a/crypto/lhash/lhash.c +++ b/crypto/lhash/lhash.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/o_str.c b/crypto/o_str.c index 274b8476140b14ca9cc3f369a1797941c625961a..f1aacda5e3526c24c4e77dd884a1f5e276663173 100644 --- a/crypto/o_str.c +++ b/crypto/o_str.c @@ -1,5 +1,5 @@ /* - * Copyright 2003-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2003-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/objects/obj_xref.h b/crypto/objects/obj_xref.h index fff70400757e5853083a41b17a1ff238bc129ad1..913606f1754d463427f20ccf0e2ae669710a6565 100644 --- a/crypto/objects/obj_xref.h +++ b/crypto/objects/obj_xref.h @@ -75,6 +75,10 @@ static const nid_triple sigoid_srt[] = { NID_id_GostR3410_2012_512}, {NID_ED25519, NID_undef, NID_ED25519}, {NID_ED448, NID_undef, NID_ED448}, + {NID_ecdsa_with_SHA3_224, NID_sha3_224, NID_X9_62_id_ecPublicKey}, + {NID_ecdsa_with_SHA3_256, NID_sha3_256, NID_X9_62_id_ecPublicKey}, + {NID_ecdsa_with_SHA3_384, NID_sha3_384, NID_X9_62_id_ecPublicKey}, + {NID_ecdsa_with_SHA3_512, NID_sha3_512, NID_X9_62_id_ecPublicKey}, {NID_RSA_SHA3_224, NID_sha3_224, NID_rsaEncryption}, {NID_RSA_SHA3_256, NID_sha3_256, NID_rsaEncryption}, {NID_RSA_SHA3_384, NID_sha3_384, NID_rsaEncryption}, @@ -122,9 +126,13 @@ static const nid_triple *const sigoid_srt_xref[] = { &sigoid_srt[28], &sigoid_srt[40], &sigoid_srt[41], + &sigoid_srt[48], &sigoid_srt[44], + &sigoid_srt[49], &sigoid_srt[45], + &sigoid_srt[50], &sigoid_srt[46], + &sigoid_srt[51], &sigoid_srt[47], - &sigoid_srt[48], + &sigoid_srt[52], }; diff --git a/crypto/objects/obj_xref.txt b/crypto/objects/obj_xref.txt index 2a61d4db59275d5e31cd1004b8a7e7f7541f0782..31c6eb99281699f12becf35e98d1d74f8823633d 100644 --- a/crypto/objects/obj_xref.txt +++ b/crypto/objects/obj_xref.txt @@ -42,6 +42,10 @@ ecdsa_with_SHA384 sha384 X9_62_id_ecPublicKey ecdsa_with_SHA512 sha512 X9_62_id_ecPublicKey ecdsa_with_Recommended undef X9_62_id_ecPublicKey ecdsa_with_Specified undef X9_62_id_ecPublicKey +ecdsa_with_SHA3_224 sha3_224 X9_62_id_ecPublicKey +ecdsa_with_SHA3_256 sha3_256 X9_62_id_ecPublicKey +ecdsa_with_SHA3_384 sha3_384 X9_62_id_ecPublicKey +ecdsa_with_SHA3_512 sha3_512 X9_62_id_ecPublicKey dsa_with_SHA224 sha224 dsa dsa_with_SHA256 sha256 dsa diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c index d8aaebe72f58638db8707ba59608ef35eeff7cf1..ed7905661bbfe5379535cdb5e45e4a26a057a967 100644 --- a/crypto/pem/pvkfmt.c +++ b/crypto/pem/pvkfmt.c @@ -1,5 +1,5 @@ /* - * Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/pkcs12/p12_crt.c b/crypto/pkcs12/p12_crt.c index 7681731207b151dd2434df98db9b728ade61f33b..2e40dd93c28414e2cb1a0b1652654307b4140aa2 100644 --- a/crypto/pkcs12/p12_crt.c +++ b/crypto/pkcs12/p12_crt.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/property/property_parse.c b/crypto/property/property_parse.c index b2bf3cd63180a92fa23f2db3c8b986ec2cf7262a..983f07e070cab9fcb482e5e39235e2033763119e 100644 --- a/crypto/property/property_parse.c +++ b/crypto/property/property_parse.c @@ -588,15 +588,38 @@ static void put_char(char ch, char **buf, size_t *remain, size_t *needed) static void put_str(const char *str, char **buf, size_t *remain, size_t *needed) { - size_t olen, len; + size_t olen, len, i; + char quote = '\0'; + int quotes; len = olen = strlen(str); *needed += len; - if (*remain == 0) + /* + * Check to see if we need quotes or not. + * Characters that are legal in a PropertyName don't need quoting. + * We simply assume all others require quotes. + */ + for (i = 0; i < len; i++) + if (!ossl_isalnum(str[i]) && str[i] != '.' && str[i] != '_') { + /* Default to single quotes ... */ + if (quote == '\0') + quote = '\''; + /* ... but use double quotes if a single is present */ + if (str[i] == '\'') + quote = '"'; + } + + quotes = quote != '\0'; + if (*remain == 0) { + *needed += 2 * quotes; return; + } - if (*remain < len + 1) + if (quotes) + put_char(quote, buf, remain, needed); + + if (*remain < len + 1 + quotes) len = *remain - 1; if (len > 0) { @@ -605,6 +628,9 @@ static void put_str(const char *str, char **buf, size_t *remain, size_t *needed) *remain -= len; } + if (quotes) + put_char(quote, buf, remain, needed); + if (len < olen && *remain == 1) { **buf = '\0'; ++*buf; diff --git a/crypto/rand/prov_seed.c b/crypto/rand/prov_seed.c index 96c73f7e66020f5bbc00b14b3e4a286aacd09dfd..af35e0247595a7df70a6fa6f610e638bcb120942 100644 --- a/crypto/rand/prov_seed.c +++ b/crypto/rand/prov_seed.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index 46e294a37835e0cd4fb13ef8aed4b74cd7a1e9fa..14999540abc2938d7428cacdfeeaaf67b6bfb039 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -536,13 +536,14 @@ static EVP_RAND_CTX *rand_new_seed(OSSL_LIB_CTX *libctx) EVP_RAND *rand; RAND_GLOBAL *dgbl = rand_get_global(libctx); EVP_RAND_CTX *ctx = NULL; - const char *propq = dgbl->seed_propq; + const char *propq; char *name, *props = NULL; size_t props_len; OSSL_PROPERTY_LIST *pl1, *pl2, *pl3 = NULL; if (dgbl == NULL) return NULL; + propq = dgbl->seed_propq; if (dgbl->seed_name != NULL) { name = dgbl->seed_name; } else { @@ -608,7 +609,6 @@ static EVP_RAND_CTX *rand_new_seed(OSSL_LIB_CTX *libctx) } if (!EVP_RAND_instantiate(ctx, 0, 0, NULL, 0, NULL)) { ERR_raise(ERR_LIB_RAND, RAND_R_ERROR_INSTANTIATING_DRBG); - EVP_RAND_CTX_free(ctx); goto err; } OPENSSL_free(props); diff --git a/crypto/sha/keccak1600.c b/crypto/sha/keccak1600.c index 062111b6380ca6ed2b2accd3ca858e4789d4578c..c15bc42aaa826cc8aa176d8ebfd82ab939ab9ba2 100644 --- a/crypto/sha/keccak1600.c +++ b/crypto/sha/keccak1600.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c index 2ca515396b7189ec49904a0e5845a8f9e1fefce8..e89f58b2000acbe3c58fac274c92dee3c1962b30 100644 --- a/crypto/srp/srp_vfy.c +++ b/crypto/srp/srp_vfy.c @@ -1,5 +1,5 @@ /* - * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2004, EdelKey Project. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use diff --git a/crypto/store/store_lib.c b/crypto/store/store_lib.c index d0561f636cfde859e852355d7809a70ef1f30406..05a8044f895b95af40487100ff40a94f02e8667e 100644 --- a/crypto/store/store_lib.c +++ b/crypto/store/store_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/ext_dat.h b/crypto/x509/ext_dat.h index 8325aacfa5306aa47315eef6f93976c06d46150d..1ffc816e5eea3372f1cf4557d136dd293292e2b9 100644 --- a/crypto/x509/ext_dat.h +++ b/crypto/x509/ext_dat.h @@ -1,5 +1,5 @@ /* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/standard_exts.h b/crypto/x509/standard_exts.h index e5c9e3f9e01ac6f8e6dd91685df9d6a70e9b1e8b..87a564b238d6b200817ee395da5e7c8f7bcc5b67 100644 --- a/crypto/x509/standard_exts.h +++ b/crypto/x509/standard_exts.h @@ -1,5 +1,5 @@ /* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/doc/designs/fetching-composite-algorithms.md b/doc/designs/fetching-composite-algorithms.md new file mode 100644 index 0000000000000000000000000000000000000000..1e3fa9996876d15ef8e90abf78e9d32566794d36 --- /dev/null +++ b/doc/designs/fetching-composite-algorithms.md @@ -0,0 +1,187 @@ +Fetching composite algorithms and using them - adding the bits still missing +============================================================================ + +Quick background +---------------- + +We currently support - at least in the public libcrypto API - explicitly +fetching composite algorithms (such as AES-128-CBC or HMAC-SHA256), and +using them in most cases. In some cases (symmetric ciphers), our providers +also provide them. + +However, there is one class of algorithms where the support for *using* +explicitly fetched algorithms is lacking: asymmetric algorithms. + +For a longer background and explanation, see +[Background / tl;dr](#background-tldr) at the end of this design. + +Public API - Add variants of `EVP_PKEY_CTX` initializers +-------------------------------------------------------- + +As far as this design is concerned, these API sets are affected: + +- SIGNATURE (DigestSign and DigestVerify) +- ASYM_CIPHER +- KEYEXCH + +The proposal is to add these functions: + +``` C +EVP_DigestSignInit_ex2(EVP_PKEY_CTX **pctx, + EVP_SIGNATURE *sig, EVP_PKEY *pkey, + OSSL_LIB_CTX *libctx, const OSSL_PARAM params[]); +EVP_DigestVerifyInit_ex2(EVP_PKEY_CTX **pctx, + EVP_SIGNATURE *sig, EVP_PKEY *pkey, + OSSL_LIB_CTX *libctx, const OSSL_PARAM params[]); + +int EVP_PKEY_encrypt_init_ex2(EVP_PKEY_CTX *ctx, EVP_ASYM_CIPHER *asymciph, + const OSSL_PARAM params[]); +int EVP_PKEY_decrypt_init_ex2(EVP_PKEY_CTX *ctx, EVP_ASYM_CIPHER *asymciph, + const OSSL_PARAM params[]); + +int EVP_PKEY_derive_init_ex2(EVP_PKEY_CTX *ctx, EVP_KEYEXCH *exchange, + const OSSL_PARAM params[]); +``` + +Because `EVP_SIGNATURE`, `EVP_ASYM_CIPHER` and `EVP_KEYEXCH` aren't limited +to composite algorithms, these functions can be used just as well with +explicit fetches of simple algorithms, say "RSA". In that case, the caller +will need to pass necessary auxiliary parameters through the `OSSL_PARAM` or +a call to a corresponding `set_params` function. + +Requirements on the providers +----------------------------- + +Because it's not immediately obvious from a composite algorithm name what +key type it requires / supports, at least in code, allowing the use of an +explicitly fetched implementation of a composite algorithm requires that +providers cooperate by declaring what key type is required / supported by +each algorithm. + +For non-composite operation algorithms (like "RSA"), this is not necessary, +see the fallback strategies below. + +There are two ways this could be implemented: + +1. through an added provider function that would work like keymgmt's + `query_operation_name` function, but would return a key type name + instead: + + ``` C + # define OSSL_FUNC_SIGNATURE_QUERY_KEY_TYPE 26 + OSSL_CORE_MAKE_FUNC(const char *, signature_query_key_type, (void)) + + # define OSSL_FUNC ASYM_CIPHER_QUERY_KEY_TYPE 12 + OSSL_CORE_MAKE_FUNC(const char *, asym_cipher_query_key_type, (void)) + + # define OSSL_FUNC_KEYEXCH_QUERY_KEY_TYPE 11 + OSSL_CORE_MAKE_FUNC(const char *, keyexch_query_key_type, (void)) + ``` + +2. through a gettable `OSSL_PARAM`, using the param identity "keytype" + +Fallback strategies +------------------- + +Because existing providers haven't been updated to declare composite +algorithms, or to respond to the key type query, some fallback strategies +will be needed to find out if the `EVP_PKEY` key type is possible to use +with the fetched algorithm: + +- Check if the fetched operation name matches the key type (keymgmt name) + of the `EVP_PKEY` that's involved in the operation. For example, this + is useful when someone fetched the `EVP_SIGNATURE` "RSA". +- Check if the fetched algorithm name matches the name returned by the + keymgmt's `query_operation_name` function. For example, this is useful + when someone fetched the `EVP_SIGNATURE` "ECDSA", for which the key type + to use is "EC". +- libcrypto currently has knowledge of some composite algorithm names and + what they are composed of, accessible with `OBJ_find_sigid_algs` and + similar functionality. This knowledge is regarded legacy, but can be + used to figure out the key type. + +If none of these strategies work out, the operation initialization should +fail. + +These strategies have their limitations, but the built-in legacy knowledge +we currently have in libcrypto should be enough to cover most bases. + +----- + +----- + +Background / tl;dr +------------------ + +### What is a composite algorithm? + +A composite algorithm is an algorithm that's composed of more than one other +algorithm. In OpenSSL parlance with a focus on signatures, they have been +known as "sigalgs", but this is really broader than just signature algorithms. +Examples are: + +- AES-128-CBC +- hmacWithSHA256 +- sha256WithRSAEncryption + +### The connection with AlgorithmIdentifiers + +AlgorithmIdentifier is an ASN.1 structure that defines an algorithm as an +OID, along with parameters that should be passed to that algorithm. + +It is expected that an application should be able to take that OID and +fetch it directly, after conversion to string form (either a name if the +application or libcrypto happens to know it, or the OID itself in canonical +numerical form). To enable this, explicit fetching is necessary. + +### What we have today + +As a matter of fact, we already have built-in support for fetching +composite algorithms, although our providers do not fully participate in +that support, and *most of the time*, we also have public APIs to use the +fetched result, commonly known as support for explicit fetching. + +The idea is that providers can declare the different compositions of a base +algorithm in the `OSSL_ALGORITHM` array, each pointing to different +`OSSL_DISPATCH` tables, which would in turn refer to pretty much the same +functions, apart from the constructor function. + +For example, we already do this with symmetric ciphers. + +Another example, which we could implement in our providers today, would be +compositions of HMAC: + +``` C +static const OSSL_ALGORITHM deflt_macs[] = { + /* ... */ + { "HMAC-SHA1:hmacWithSHA1:1.2.840.113549.2.7", + "provider=default", ossl_hmac_sha1_functions }, + { "HMAC-SHA224:hmacWithSHA224:1.2.840.113549.2.8", + "provider=default", ossl_hmac_sha224_functions }, + { "HMAC-SHA256:hmacWithSHA256:1.2.840.113549.2.9", + "provider=default", ossl_hmac_sha256_functions }, + { "HMAC-SHA384:hmacWithSHA384:1.2.840.113549.2.10", + "provider=default", ossl_hmac_sha384_functions }, + { "HMAC-SHA512:hmacWithSHA512:1.2.840.113549.2.11", + "provider=default", ossl_hmac_sha512_functions }, + /* ... */ +``` + +### What we don't have today + +There are some classes of algorithms for which we have no support for using +the result of explicit fetching. So for example, while it's possible for a +provider to declare composite algorithms through the `OSSL_ALGORITHM` array, +there's currently no way for an application to use them. + +This all revolves around asymmetric algorithms, where we currently only +support implicit fetching. + +This is hurtful in multiple ways: + +- It fails the provider authors in terms being able to consistently + declare all algorithms through `OSSL_ALGORITHM` arrays. +- It fails the applications in terms of being able to fetch algorithms and + use the result. +- It fails discoverability, for example through the `openssl list` + command. diff --git a/doc/designs/passing-algorithmidentifier-parameters.md b/doc/designs/passing-algorithmidentifier-parameters.md new file mode 100644 index 0000000000000000000000000000000000000000..bb3821e33713b6a301dd288a916d8e8e5377a854 --- /dev/null +++ b/doc/designs/passing-algorithmidentifier-parameters.md @@ -0,0 +1,156 @@ +Passing AlgorithmIdentifier parameters to operations +==================================================== + +Quick background +---------------- + +We currently only support passing the AlgorithmIdentifier (`X509_ALGOR`) +parameter field to symmetric cipher provider implementations. + +We do support passing them to legacy implementations of other types of +operation algorithms as well, but it's done in a way that can't be supported +with providers, because it involves sharing specific structures between +libcrypto and the backend implementation. + +For a longer background and explanation, see +[Background / tl;dr](#background-tldr) at the end of this design. + +Establish an OSSL_PARAM key that any algorithms may become aware of +------------------------------------------------------------------- + +We already have a parameter key, but it's currently only specified for +`EVP_CIPHER`, in support of `EVP_CIPHER_param_to_asn1()` and +`EVP_CIPHER_asn1_to_param()`. + +"alg_id_param", also known as the macro `OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS` + +This parameter can be used in the exact same manner with other operations, +with the value of the AlgorithmIdentifier parameter as an octet string, to +be interpreted by the implementations in whatever way they see fit. + +Applications can choose to add these in an `OSSL_PARAM` array, to be passed +with the multitude of initialization functions that take such an array, or +using specific operation `OSSL_PARAM` setters and getters (such as +`EVP_PKEY_CTX_set_params`), or using other available convenience functions +(see below). + +This parameter will have to be documented in the following files: + +- `doc/man7/provider-asym_cipher.pod` +- `doc/man7/provider-cipher.pod` +- `doc/man7/provider-digest.pod` +- `doc/man7/provider-kdf.pod` +- `doc/man7/provider-kem.pod` +- `doc/man7/provider-keyexch.pod` +- `doc/man7/provider-mac.pod` +- `doc/man7/provider-signature.pod` + +That should cover all algorithms that are, or should be possible to fetch by +AlgorithmIdentifier.algorithm, and for which there's potentially a relevant +AlgorithmIdentifier.parameters field. + +We may arguably want to consider `doc/man7/provider-keymgmt.pod` too, but +an AlgorithmIdentifier that's attached directly to a key is usually part of +a PrivKeyInfo or SubjectPublicKeyInfo structure, and those are handled by +encoders and decoders as those see fit, and there's no tangible reason why +that would have to change. + +Public convenience API +---------------------- + +For convenience, the following set of functions would be added to pass the +AlgorithmIdentifier parameter data to diverse operations, or to retrieve +such parameter data from them. + +``` C +/* + * These two would essentially be aliases for EVP_CIPHER_param_to_asn1() + * and EVP_CIPHER_asn1_to_param(). + */ +EVP_CIPHER_CTX_set_algor_param(EVP_PKEY_CTX *ctx, X509_ALGOR *alg); +EVP_CIPHER_CTX_get_algor_param(EVP_PKEY_CTX *ctx, X509_ALGOR *alg); + +EVP_MD_CTX_set_algor_param(EVP_PKEY_CTX *ctx, X509_ALGOR *alg); +EVP_MD_CTX_get_algor_param(EVP_PKEY_CTX *ctx, X509_ALGOR *alg); + +EVP_MAC_CTX_set_algor_param(EVP_PKEY_CTX *ctx, X509_ALGOR *alg); +EVP_MAC_CTX_get_algor_param(EVP_PKEY_CTX *ctx, X509_ALGOR *alg); + +EVP_KDF_CTX_set_algor_param(EVP_PKEY_CTX *ctx, X509_ALGOR *alg); +EVP_KDF_CTX_get_algor_param(EVP_PKEY_CTX *ctx, X509_ALGOR *alg); + +EVP_PKEY_CTX_set_algor_param(EVP_PKEY_CTX *ctx, X509_ALGOR *alg); +EVP_PKEY_CTX_get_algor_param(EVP_PKEY_CTX *ctx, X509_ALGOR *alg); +``` + +Note that all might not need to be added immediately, depending on if they +are considered useful or not. For future proofing, however, they should +probably all be added. + +Requirements on the providers +----------------------------- + +Providers that implement ciphers or any operation that uses asymmetric keys +will have to implement support for passing AlgorithmIdentifier parameter +data, and will have to process that data in whatever manner that's necessary +to meet the standards for that operation. + +Fallback strategies +------------------- + +There are no possible fallback strategies, which is fine, considering that +current provider functionality doesn't support passing AlgorithmIdentifier +parameter data at all (except for `EVP_CIPHER`), and therefore do not work +at all when such parameter data needs to be passed. + +----- + +----- + +Background / tl;dr +------------------ + +### AlgorithmIdenfier parameter and how it's used + +OpenSSL has historically done a few tricks to not have to pass +AlgorithmIdenfier parameter data to the backend implementations of +cryptographic operations: + +- In some cases, they were passed as part of the lower level key structure + (for example, the `RSA` structure can also carry RSA-PSS parameters). +- In the `EVP_CIPHER` case, there is functionality to pass the parameter + data specifically. +- For asymmetric key operations, PKCS#7 and CMS support was added as + `EVP_PKEY` ctrls. + +With providers, some of that support was retained, but not others. Most +crucially, the `EVP_PKEY` ctrls for PKCS#7 and CMS were not retained, +because the way they were implemented violated the principle that provider +implementations *MUST NOT* share complex OpenSSL specific structures with +libcrypto. + +### Usage examples + +Quite a lot of the available examples today revolve around CMS, with a +number of RFCs that specify what parameters should be passed with certain +operations / algorithms. This list is not exhaustive, the reader is +encouraged to research further usages. + +- [DSA](https://www.rfc-editor.org/rfc/rfc3370#section-3.1) signatures + typically have the domain parameters *p*, *q* and *g*. +- [RC2 key wrap](https://www.rfc-editor.org/rfc/rfc3370#section-4.3.2) +- [PBKDF2](https://www.rfc-editor.org/rfc/rfc3370#section-4.4.1) +- [3DES-CBC](https://www.rfc-editor.org/rfc/rfc3370#section-5.1) +- [RC2-CBC](https://www.rfc-editor.org/rfc/rfc3370#section-5.2) + +- [GOST 28147-89](https://www.rfc-editor.org/rfc/rfc4490.html#section-5.1) + +- [RSA-OAEP](https://www.rfc-editor.org/rfc/rfc8017#appendix-A.2.1) +- [RSA-PSS](https://www.rfc-editor.org/rfc/rfc8017#appendix-A.2.3) + +- [XOR-MD5](https://www.rfc-editor.org/rfc/rfc6210.html) is experimental, + but it does demonstrate the possibility of a parametrized hash algorithm. + +Some of it can be claimed to already have support in OpenSSL. However, this +is with old libcrypto code that has special knowledge of the algorithms that +are involved. diff --git a/doc/designs/quic-design/quic-api-ssl-funcs.md b/doc/designs/quic-design/quic-api-ssl-funcs.md index 6b226b089705efd81dab10a96118b1e0b340b229..ab8d68f912e6c315d6728ed216853f9582b600fc 100644 --- a/doc/designs/quic-design/quic-api-ssl-funcs.md +++ b/doc/designs/quic-design/quic-api-ssl-funcs.md @@ -91,744 +91,744 @@ Notes: which is never used for QUIC, they do not require changes, and we can allow applications to configure these lists freely, as they will be ignored. -| API Item | Cat. | Sema. | Appl. | Impl. Req. | Status | -|----------|----------|-----------|---------------|----------------|--------| -| **⇒ Global Information and Functions** | | -| `OSSL_default_cipher_list` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | -| `OSSL_default_ciphersuites` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | -| `ERR_load_SSL_strings` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | -| `OPENSSL_init_ssl` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | -| `OPENSSL_cipher_name` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | -| `SSL_alert_desc_string` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | -| `SSL_alert_desc_string_long` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | -| `SSL_alert_type_string` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | -| `SSL_alert_type_string_long` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | -| `SSL_extension_supported` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | -| `SSL_add_ssl_module` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | -| `SSL_test_functions` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | -| `SSL_select_next_proto` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | -| **⇒ Methods** | | -| `SSLv3_method` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | -| `SSLv3_client_method` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | -| `SSLv3_server_method` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | -| `TLS_method` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | -| `TLS_client_method` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | -| `TLS_server_method` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | -| `TLSv1_method` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | -| `TLSv1_client_method` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | -| `TLSv1_server_method` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | -| `TLSv1_1_method` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | -| `TLSv1_1_client_method` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | -| `TLSv1_1_server_method` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | -| `TLSv1_2_client_method` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | -| `TLSv1_2_server_method` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | -| `TLSv1_2_method` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | -| `DTLS_method` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | -| `DTLS_client_method` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | -| `DTLS_server_method` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | -| `DTLSv1_client_method` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | -| `DTLSv1_server_method` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | -| `DTLSv1_method` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | -| `DTLSv1_2_method` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | -| `DTLSv1_2_client_method` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | -| `DTLSv1_2_server_method` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | -| `OSSL_QUIC_client_method` | Global | 🟩U | 🟦U | 🟥QSA | 🟢Done | -| `OSSL_QUIC_client_thread_method` | Global | 🟩U | 🟦U | 🟥QSA | 🟢Done | -| `OSSL_QUIC_server_method` | Global | 🟩U | 🟦U | 🟥QSA | 🟠Design TBD | -| **⇒ Instantiation** | | -| `BIO_f_ssl` | Object | 🟩U | 🟩A | 🟩NC | 🟢Done | -| `BIO_new_ssl` | Object | 🟩U | 🟩A | 🟩NC | 🟢Done | -| `SSL_CTX_new` | Object | 🟩U | 🟩A | 🟩NC | 🟢Done | -| `SSL_CTX_new_ex` | Object | 🟩U | 🟩A | 🟩NC | 🟢Done | -| `SSL_CTX_up_ref` | Object | 🟩U | 🟩A | 🟩NC | 🟢Done | -| `SSL_CTX_free` | Object | 🟩U | 🟩A | 🟩NC | 🟢Done | -| `SSL_new` | Object | 🟩U | 🟩A | 🟧QSI | 🟢Done | -| `SSL_dup` | Object | 🟩U | 🟩A | 🟥FC | 🟢Done | -| `SSL_up_ref` | Object | 🟩U | 🟩A | 🟩NC | 🟢Done | -| `SSL_free` | Object | 🟩U | 🟩A | 🟧QSI | 🟢Done | -| `SSL_is_dtls` | Object | 🟩U | 🟩A | 🟩NC | 🟢Done | -| `SSL_CTX_get_ex_data` | Object | 🟩U | 🟩A | 🟩NC | 🟢Done | -| `SSL_CTX_set_ex_data` | Object | 🟩U | 🟩A | 🟩NC | 🟢Done | -| `SSL_get_ex_data` | Object | 🟩U | 🟩A | 🟩NC | 🟢Done | -| `SSL_set_ex_data` | Object | 🟩U | 🟩A | 🟩NC | 🟢Done | -| `SSL_get_SSL_CTX` | Object | 🟩U | 🟩A | 🟩NC | 🟢Done | -| `SSL_set_SSL_CTX` | Object | 🟩U | 🟩A | 🟩NC | 🟢Done | -| **⇒ Method Manipulation** | | -| `SSL_CTX_get_ssl_method` | Object | 🟩U | 🟩A | 🟩NC | 🟢Done | -| `SSL_get_ssl_method` | Object | 🟩U | 🟩A | 🟩NC | 🟢Done | -| `SSL_set_ssl_method` | Object | 🟩U | 🟥FC | 🟧QSI | 🟢Done | -| **⇒ SRTP** | | -| `SSL_get_selected_srtp_profile` | HL | 🟩U | 🟧NO | 🟨C\* | 🟢Done | -| `SSL_get_srtp_profiles` | HL | 🟩U | 🟧NO | 🟨C\* | 🟢Done | -| `SSL_CTX_set_tlsext_use_srtp` | HL | 🟩U | 🟥FC | 🟨C\* | 🟢Done | -| `SSL_set_tlsext_use_srtp` | HL | 🟩U | 🟥FC | 🟩NC\* | 🟢Done | -| **⇒ Ciphersuite Configuration** | | -| `SSL_CTX_set_cipher_list` | HL | 🟩U | 🟩A | 🟩NC\* †11 | 🟢Done | -| `SSL_CTX_set_ciphersuites` | HL | 🟩U | 🟩A | 🟨C\* †1 | 🟢Done | -| `SSL_CTX_get_ciphers` | HL | 🟩U | 🟩A |🟩NC\* | 🟢Done | -| `SSL_set_ciphersuites` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_get1_supported_ciphers` | HL | 🟩U | 🟩A | 🟨C\* †1 | 🟢Done | -| `SSL_bytes_to_cipher_list` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_get_ciphers` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_get_cipher_list` | HL | 🟩U | 🟩A | 🟩NC\* †11 | 🟢Done | -| `SSL_set_cipher_list` | HL | 🟩U | 🟩A | 🟩NC\* †11 | 🟢Done | -| **⇒ Negotiated Ciphersuite Queries** | | -| `SSL_get_current_cipher` | HL | 🟩U | 🟩A |🟩NC\* †9 | 🟢Done | -| `SSL_get_pending_cipher` | HL | 🟩U | 🟩A | 🟩NC\* †9 | 🟢Done | -| `SSL_get_shared_ciphers` | HL | 🟩U | 🟩A | 🟩NC\* †9 | 🟢Done | -| `SSL_get_client_ciphers` | HL | 🟩U | 🟩A | 🟩NC\* †9 | 🟢Done | -| `SSL_get_current_compression` | HL | 🟩U | 🟩A | 🟩HLNC | 🟢Done | -| `SSL_get_current_expansion` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_get_shared_sigalgs` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_get_sigalgs` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_get_peer_signature_nid` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_get_peer_signature_type_nid` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_get_signature_nid` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_get_signature_type_nid` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| **⇒ ALPN** | †2 | -| `SSL_SESSION_set1_alpn_selected` | HL | 🟩U | 🟩A | 🟨C\* †2 | 🟢Done | -| `SSL_SESSION_get0_alpn_selected` | HL | 🟩U | 🟩A | 🟨C\* †2 | 🟢Done | -| `SSL_CTX_set_alpn_select_cb` | HL | 🟩U | 🟩A | 🟨C\* †2 | 🟢Done | -| `SSL_set_alpn_protos` | HL | 🟩U | 🟩A | 🟨C\* †2 | 🟢Done | -| `SSL_get0_alpn_selected` | HL | 🟩U | 🟩A | 🟨C\* †2 | 🟢Done | -| `SSL_CTX_set_alpn_protos` | HL | 🟩U | 🟩A | 🟨C\* †2 | 🟢Done | -| **⇒ NPN** | †3 | -| `SSL_CTX_set_next_proto_select_cb` | HL | 🟩U | 🟥FC | 🟨C\* †3 | 🟢Done | -| `SSL_CTX_set_next_protos_advertised_cb` | HL | 🟩U | 🟥FC | 🟨C\* †3 | 🟢Done | -| `SSL_get0_next_proto_negotiated` | HL | 🟩U | 🟥FC | 🟩NC\* †3 | 🟢Done | -| **⇒ Narrow Waist Interface** | †4 | -| `SSL_CTX_ctrl` | Object | 🟩U | 🟩A | 🟩NC\* †4 | 🟢Done | -| `SSL_ctrl` | Object | 🟩U | 🟩A | 🟩NC\* †4 | 🟢Done | -| `SSL_CTX_callback_ctrl` | Object | 🟩U | 🟩A | 🟩NC\* †4 | 🟢Done | -| `SSL_callback_ctrl` | Object | 🟩U | 🟩A | 🟩NC\* †4 | 🟢Done | -| **⇒ Miscellaneous Accessors** | | -| `SSL_get_server_random` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_get_client_random` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_get_finished` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_get_peer_finished` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| **⇒ Ciphersuite Information** | | -| `SSL_CIPHER_description` | Global | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CIPHER_find` | Global | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CIPHER_get_auth_nid` | Global | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CIPHER_get_bits` | Global | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CIPHER_get_cipher_nid` | Global | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CIPHER_get_digest_nid` | Global | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CIPHER_get_handshake_digest` | Global | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CIPHER_get_id` | Global | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CIPHER_get_kx_nid` | Global | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CIPHER_get_name` | Global | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CIPHER_get_protocol_id` | Global | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CIPHER_get_version` | Global | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CIPHER_is_aead` | Global | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CIPHER_standard_name` | Global | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_group_to_name` | Global | 🟩U | 🟦U | 🟩NC\* | 🟢Done | -| **⇒ Version Queries** | | -| `SSL_get_version` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_version` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_client_version` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| **⇒ Certificate Chain Management** | | -| `SSL_get_certificate` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_use_certificate` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_use_certificate_chain_file` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_use_certificate_chain_file` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_use_certificate_file` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_load_verify_file` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_load_verify_dir` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_load_verify_store` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_load_verify_locations` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `CertSSL_use_cert_and_key` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_use_certificate_ASN1` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_use_PrivateKey` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_use_PrivateKey_ASN1` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_use_PrivateKey_file` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_use_RSAPrivateKey` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_use_RSAPrivateKey_ASN1` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_use_RSAPrivateKey_file` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_set_default_verify_dir` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_set_default_verify_file` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_set_default_verify_paths` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_set_default_verify_store` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_use_cert_and_key` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_use_certificate` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_use_certificate_ASN1` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_use_certificate_file` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_use_PrivateKey` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_use_PrivateKey_ASN1` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_use_PrivateKey_file` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_use_RSAPrivateKey` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_use_RSAPrivateKey_ASN1` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_use_RSAPrivateKey_file` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_check_chain` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_check_private_key` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_check_private_key` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_add_client_CA` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_add1_to_CA_list` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_add_dir_cert_subjects_to_stack` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_add_file_cert_subjects_to_stack` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_add_store_cert_subjects_to_stack` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_load_client_CA_file` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_load_client_CA_file_ex` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_dup_CA_list` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_set0_CA_list` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_get0_CA_list` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_set_client_CA_list` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_add_client_CA` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_get0_CA_list` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_get0_certificate` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_get0_privatekey` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_get_cert_store` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_set1_cert_store` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_get_client_CA_list` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_add1_to_CA_list` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_set0_CA_list` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_get_client_cert_cb` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_get_default_passwd_cb` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_get_default_passwd_cb_userdata` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_get_client_CA_list` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_get_privatekey` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| **⇒ Certificate Compression** | | -| `SSL_CTX_set1_cert_comp_preference` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_set1_cert_comp_preference` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_compress_certs` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_compress_certs` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_set1_compressed_cert` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_set1_compressed_cert` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_get1_compressed_cert` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_get1_compressed_cert` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| **⇒ Certificate Verification** | | -| `SSL_set1_host` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_add1_host` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_set_hostflags` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_set_verify` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_set_verify` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_set_verify_depth` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_set_verify_result` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_get_verify_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_get_verify_depth` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_get_verify_mode` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_get_verify_result` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_get0_peer_CA_list` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_get0_peer_certificate` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_get0_verified_chain` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_get1_peer_certificate` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_get_peer_cert_chain` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_get_peer_certificate` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_certs_clear` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_get0_param` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_get0_param` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_get_verify_mode` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_get_verify_depth` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_set_verify_depth` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_get0_peername` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_set1_param` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_set1_param` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_get0_param` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_get0_param` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_set_purpose` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_set_purpose` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_set_trust` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_set_trust` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| **⇒ PSK** | | -| `SSL_use_psk_identity_hint` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_use_psk_identity_hint` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_set_psk_client_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_set_psk_find_session_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_set_psk_server_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_set_psk_use_session_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_get_psk_identity` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_get_psk_identity_hint` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| **⇒ SRP** | | -| `SSL_SRP_CTX_init` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_SRP_CTX_init` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_SRP_CTX_free` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_SRP_CTX_free` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_set_srp_client_pwd_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_set_srp_password` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_get_srp_g` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_set_srp_cb_arg` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_get_srp_N` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_set_srp_username_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_get_srp_username` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_set_srp_server_param` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_get_srp_userinfo` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_srp_server_param_with_username` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_set_srp_strength` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_set_srp_verify_param_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_set_srp_server_param_pw` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_set_srp_username` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SRP_Calc_A_param` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| **⇒ DANE** | | -| `SSL_CTX_dane_enable` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_get0_dane_tlsa` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_dane_set_flags` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_dane_set_flags` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_dane_clear_flags` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_dane_clear_flags` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_get0_dane` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_dane_enable` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_get0_dane_authority` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_dane_mtype_set` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_dane_tlsa_add` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| **⇒ Certificate Transparency** | | -| `SSL_CTX_enable_ct` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_ct_is_enabled` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_set_ctlog_list_file` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_set_default_ctlog_list_file` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_set_ct_validation_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_set0_ctlog_store` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_get0_ctlog_store` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_enable_ct` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_ct_is_enabled` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_get0_peer_scts` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_set_ct_validation_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| **⇒ Compression** | | -| `SSL_COMP_add_compression_method` | HL | 🟩U | 🟩A | 🟩NC\* †5 | 🟢Done | -| `SSL_COMP_get0_name` | HL | 🟩U | 🟩A | 🟩NC\* †5 | 🟢Done | -| `SSL_COMP_get_compression_methods` | HL | 🟩U | 🟩A | 🟩NC\* †5 | 🟢Done | -| `SSL_COMP_get_id` | HL | 🟩U | 🟩A | 🟩NC\* †5 | 🟢Done | -| `SSL_COMP_get_name` | HL | 🟩U | 🟩A | 🟩NC\* †5 | 🟢Done | -| `SSL_COMP_set0_compression_methods` | HL | 🟩U | 🟩A | 🟩NC\* †5 | 🟢Done | -| **⇒ Exporters** | | -| `SSL_export_keying_material` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_export_keying_material_early` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| **⇒ Renegotiation** | | -| `SSL_renegotiate` | HL | 🟩U | 🟥FC | 🟩NC\* †5 | 🟢Done | -| `SSL_renegotiate_abbreviated` | HL | 🟩U | 🟥FC | 🟩NC\* †5 | 🟢Done | -| `SSL_renegotiate_pending` | HL | 🟩U | 🟧NO | 🟩NC\* †5 | 🟢Done | -| **⇒ Options** | | -| `SSL_CTX_clear_options` | HL | 🟩U | 🟩A | 🟨C\* | 🟢Done | -| `SSL_CTX_set_options` | HL | 🟩U | 🟩A | 🟨C\* | 🟢Done | -| `SSL_CTX_get_options` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_clear_options` | HL | 🟩U | 🟩A | 🟨C\* | 🟢Done | -| `SSL_set_options` | HL | 🟩U | 🟩A | 🟨C\* | 🟢Done | -| `SSL_get_options` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| **⇒ Configuration** | | -| `SSL_CONF_CTX_new` | Global | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CONF_CTX_free` | Global | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CONF_CTX_set_ssl` | Global | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CONF_CTX_set_ssl_ctx` | Global | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CONF_CTX_set1_prefix` | Global | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CONF_CTX_set_flags` | Global | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CONF_CTX_clear_flags` | Global | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CONF_CTX_finish` | Global | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CONF_cmd` | Global | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CONF_cmd_argv` | Global | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CONF_cmd_value_type` | Global | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_config` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_config` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| **⇒ Callbacks** | | -| `SSL_CTX_set_cert_cb` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_set_cert_store` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_set_cert_verify_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_set_client_CA_list` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_set_client_cert_cb` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_set_client_cert_engine` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_set_client_hello_cb` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_set_cookie_generate_cb` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_set_cookie_verify_cb` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_set_default_passwd_cb` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_set_default_passwd_cb_userdata` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_set_default_read_buffer_len` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_get_info_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_set_info_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_get_info_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_set_info_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_set_msg_callback` | HL | 🟩U | 🟩A | 🟩NC\* †6 | 🟢Done | -| `SSL_set_cert_cb` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_set_default_passwd_cb` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_set_default_passwd_cb_userdata` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_get_default_passwd_cb` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_get_default_passwd_cb_userdata` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_set_keylog_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_get_keylog_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_set_psk_client_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_set_psk_find_session_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_set_psk_server_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_set_psk_use_session_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_get_verify_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_set_not_resumable_session_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_set_not_resumable_session_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_set_session_secret_cb` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| **⇒ Session Management** | | -| `d2i_SSL_SESSION` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `i2d_SSL_SESSION` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `PEM_read_bio_SSL_SESSION` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `PEM_read_SSL_SESSION` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `PEM_write_bio_SSL_SESSION` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `PEM_write_SSL_SESSION` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_SESSION_new` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_SESSION_up_ref` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_SESSION_dup` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_SESSION_free` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_SESSION_print` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_SESSION_print_fp` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_SESSION_print_keylog` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_SESSION_get0_cipher` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_SESSION_set_cipher` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_SESSION_get0_hostname` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_SESSION_set1_hostname` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_SESSION_get0_id_context` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_SESSION_set1_id_context` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_SESSION_get0_peer` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_SESSION_get0_ticket` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_SESSION_get0_ticket_appdata` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_SESSION_set1_ticket_appdata` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_SESSION_has_ticket` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_SESSION_get_protocol_version` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_SESSION_set_protocol_version` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_SESSION_get_compress_id` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_SESSION_get_id` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_SESSION_set1_id` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_SESSION_get_time` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_SESSION_set_time` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_SESSION_get_timeout` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_SESSION_set_timeout` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_SESSION_get_ex_data` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_SESSION_set_ex_data` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_SESSION_get0_hostname` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_SESSION_set1_hostname` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_SESSION_get_master_key` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_SESSION_get_master_key` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_SESSION_is_resumable` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_SESSION_get_max_early_data` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_SESSION_get_max_early_data` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_SESSION_get_max_fragment_length` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_SESSION_get_ticket_lifetime_hint` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_add_session` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_remove_session` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_get1_session` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_get_session` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_set_session` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_sess_get_get_cb` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_sess_set_get_cb` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_sess_get_new_cb` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_sess_set_new_cb` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_sess_get_remove_cb` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_sess_set_remove_cb` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_set_session_id_context` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_set_session_id_context` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_set_generate_session_id` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_set_generate_session_id` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_has_matching_session_id` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_flush_sessions` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_session_reused` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_get_timeout` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_set_timeout` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_get_default_timeout` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_sessions` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| **⇒ Session Ticket Management** | | -| `SSL_get_num_tickets` | HL | 🟩U | 🟩A | 🟩NC\* †7 | 🟢Done | -| `SSL_set_num_tickets` | HL | 🟩U | 🟩A | 🟩NC\* †7 | 🟢Done | -| `SSL_CTX_get_num_tickets` | HL | 🟩U | 🟩A | 🟩NC\* †7 | 🟢Done | -| `SSL_CTX_set_num_tickets` | HL | 🟩U | 🟩A | 🟩NC\* †7 | 🟢Done | -| `SSL_new_session_ticket` | HL | 🟩U | 🟩A | 🟩NC\* †7 | 🟢Done | -| `SSL_set_session_ticket_ext` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_set_session_ticket_ext_cb` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_set_tlsext_ticket_key_evp_cb` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| **⇒ Security Levels** | | -| `SSL_CTX_get_security_level` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_set_security_level` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_get_security_level` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_set_security_level` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_get_security_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_set_security_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SS_get_security_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SS_set_security_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_get0_security_ex_data` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_set0_security_ex_data` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_get0_security_ex_data` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_set0_security_ex_data` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| **⇒ Custom Extensions** | | -| `SSL_CTX_add_custom_ext` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_add_client_custom_ext` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_add_server_custom_ext` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_has_client_custom_ext` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| **⇒ Early ClientHello Processing** | | -| `SSL_client_hello_get_extension_order` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_client_hello_get0_ciphers` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_client_hello_get0_compression_methods` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_client_hello_get0_ext` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_client_hello_get0_legacy_version` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_client_hello_get0_random` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_client_hello_get0_session_id` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_client_hello_get1_extensions_present` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_client_hello_isv2` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| **⇒ SNI** | | -| `SSL_get_servername` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_get_servername_type` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| **⇒ Server Info** | | -| `SSL_CTX_use_serverinfo` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_use_serverinfo_ex` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_use_serverinfo_file` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| **⇒ Post-Handshake Authentication** | | -| `SSL_verify_client_post_handshake` | HL | 🟩U | 🟥FC | 🟨C* †8 | 🟢Done | -| `SSL_CTX_set_post_handshake_auth` | HL | 🟩U | 🟥FC | 🟨C* †8 | 🟢Done | -| `SSL_set_post_handshake_auth` | HL | 🟩U | 🟥FC | 🟨C* †8 | 🟢Done | -| **⇒ DH Parameters** | | -| `SSL_CTX_set_dh_auto` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_set_dh_auto` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_set0_tmp_dh_pkey` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_set0_tmp_dh_pkey` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_set_tmp_dh_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_set_tmp_dh_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_CTX_set_tmp_dh` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_set_tmp_dh` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| **⇒ State Queries** | | -| `SSL_in_init` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_in_before` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_is_init_finished` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_get_state` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_rstate_string` | HL | 🟩U | 🟩A | 🟧QSI | 🟢Done | -| `SSL_rstate_string_long` | HL | 🟩U | 🟩A | 🟧QSI | 🟢Done | -| `SSL_state_string` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_state_string_long` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| **⇒ Data Path and CSSM** | | -| `SSL_set_connect_state` | CSSM | 🟩U | 🟩A | 🟧QSI | 🟢Done | -| `SSL_set_accept_state` | CSSM | 🟩U | 🟩A | 🟧QSI | 🟢Done | -| `SSL_is_server` | CSSM | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_peek` | ADP | 🟩U | 🟩A | 🟧QSI | 🟢Done | -| `SSL_peek_ex` | ADP | 🟩U | 🟩A | 🟧QSI | 🟢Done | -| `SSL_read` | ADP | 🟩U | 🟩A | 🟧QSI | 🟢Done | -| `SSL_read_ex` | ADP | 🟩U | 🟩A | 🟧QSI | 🟢Done | -| `SSL_write` | ADP | 🟩U | 🟩A | 🟧QSI | 🟢Done | -| `SSL_write_ex` | ADP | 🟩U | 🟩A | 🟧QSI | 🟢Done | -| `SSL_sendfile` | ADP | 🟩U | 🟥FC | 🟩NC\* | 🟢Done | -| `SSL_pending` | ADP | 🟩U | 🟩A | 🟧QSI | 🟢Done | -| `SSL_has_pending` | ADP | 🟧C | 🟩A | 🟧QSI | 🟢Done | -| `SSL_accept` | CSSM | 🟩U | 🟩A | 🟧QSI | 🟢Done | -| `SSL_connect` | CSSM | 🟩U | 🟩A | 🟧QSI | 🟢Done | -| `SSL_do_handshake` | CSSM | 🟩U | 🟩A | 🟧QSI | 🟢Done | -| `SSL_set0_wbio` | NDP | 🟩U | 🟩A | 🟧QSI | 🟢Done | -| `SSL_set0_rbio` | NDP | 🟧C | 🟩A | 🟧QSI | 🟢Done | -| `SSL_set_bio` | NDP | 🟧C | 🟩A | 🟧QSI | 🟢Done | -| `SSL_get_wbio` | NDP | 🟧C | 🟩A | 🟧QSI | 🟢Done | -| `SSL_get_rbio` | NDP | 🟧C | 🟩A | 🟧QSI | 🟢Done | -| `SSL_get_error` | NDP | 🟩U | 🟩A | 🟧QSI | 🟢Done | -| `SSL_get_rfd` | NDP | 🟩U | 🟩A | 🟩NC | 🟢Done | -| `SSL_get_wfd` | NDP | 🟩U | 🟩A | 🟩NC | 🟢Done | -| `SSL_get_fd` | NDP | 🟩U | 🟩A | 🟩NC | 🟢Done | -| `SSL_set_rfd` | NDP | 🟧C | 🟩A | 🟧QSI | 🟢Done | -| `SSL_set_wfd` | NDP | 🟧C | 🟩A | 🟧QSI | 🟢Done | -| `SSL_set_fd` | NDP | 🟩U | 🟩A | 🟧QSI | 🟢Done | -| `SSL_key_update` | RL | 🟩U | 🟩A | 🟧QSI | 🟢Done | -| `SSL_get_key_update_type` | RL | 🟩U | 🟩A | 🟧QSI | 🟢Done | -| `SSL_clear` (connection) | CSSM | 🟩U | 🟥FC | 🟧QSI | 🟢Done | -| `SSL_clear` (stream) | CSSM | 🟩U | 🟥FC | 🟧QSI | 🟢Done | -| `SSL_shutdown` | CSSM | 🟧C | 🟩A | 🟧QSI | 🟢Done | -| `SSL_want` | ADP | 🟧C | 🟩A | 🟧QSI | 🟢Done | -| `BIO_new_ssl_connect` | Global | 🟩U | 🟩A | 🟧QSI | 🟢Done | -| `BIO_new_buffer_ssl_connect` | Global | 🟩U | 🟦U | 🟧QSI | 🟢Done | -| `SSL_get_shutdown` | CSSM | 🟩U | 🟩A | 🟧QSI | 🟢Done | -| `SSL_set_shutdown` | CSSM | 🟩U | 🟩A | 🟧QSI | 🟢Done | -| **⇒ New APIs** | | -| `SSL_is_tls` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | -| `SSL_is_quic` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | -| `SSL_handle_events` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | -| `SSL_get_event_timeout` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | -| `SSL_get_blocking_mode` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | -| `SSL_set_blocking_mode` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | -| `SSL_get_rpoll_descriptor` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | -| `SSL_get_wpoll_descriptor` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | -| `SSL_net_read_desired` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | -| `SSL_net_write_desired` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | -| `SSL_set1_initial_peer_addr` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | -| `SSL_shutdown_ex` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | -| `SSL_stream_conclude` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | -| `SSL_stream_reset` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | -| `SSL_get_stream_read_state` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | -| `SSL_get_stream_write_state` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | -| `SSL_get_stream_read_error_code` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | -| `SSL_get_stream_write_error_code` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | -| `SSL_get_conn_close_info` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | -| `SSL_inject_net_dgram` | NDP | 🟦N | 🟩A | 🟥QSA | 🟢Done | -| **⇒ New APIs for Multi-Stream** | | -| `SSL_get0_connection` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | -| `SSL_is_connection` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | -| `SSL_get_stream_id` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | -| `SSL_get_stream_type` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | -| `SSL_is_stream_local` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | -| `SSL_new_stream` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | -| `SSL_accept_stream` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | -| `SSL_get_accept_stream_queue_len` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | -| `SSL_set_default_stream_mode` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | -| `SSL_set_incoming_stream_policy` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | -| **⇒ Currently Not Supported** | | -| `SSL_copy_session_id` | Special | 🟩U | 🟥FC | 🟨C* | 🟢Done | -| `BIO_ssl_copy_session_id` | Special | 🟩U | 🟥FC | 🟨C* | 🟢Done | -| `SSL_CTX_set_quiet_shutdown` | CSSM | 🟩U | 🟦U | 🟩NC | 🟢Done | -| `SSL_CTX_get_quiet_shutdown` | CSSM | 🟩U | 🟦U | 🟩NC | 🟢Done | -| `SSL_set_quiet_shutdown` | CSSM | 🟩U | 🟥FC | 🟨C | 🟢Done | -| `SSL_get_quiet_shutdown` | CSSM | 🟩U | 🟧NO | 🟨C | 🟢Done | -| `SSL_CTX_set_ssl_version` | HL | 🟩U | 🟥FC | 🟨C | 🟢Done | -| **⇒ Async** | | -| `SSL_CTX_set_async_callback` | Async | 🟩U | 🟧NO | 🟩NC* †10 | 🟢Done | -| `SSL_set_async_callback` | Async | 🟩U | 🟧NO | 🟩NC* †10 | 🟢Done | -| `SSL_CTX_set_async_callback_arg` | Async | 🟩U | 🟧NO | 🟩NC* †10 | 🟢Done | -| `SSL_set_async_callback_arg` | Async | 🟩U | 🟧NO | 🟩NC* †10 | 🟢Done | -| `SSL_waiting_for_async` | Async | 🟩U | 🟧NO | 🟩NC* †10 | 🟢Done | -| `SSL_get_async_status` | Async | 🟩U | 🟧NO | 🟩NC* †10 | 🟢Done | -| `SSL_get_all_async_fds` | Async | 🟩U | 🟧NO | 🟩NC* †10 | 🟢Done | -| `SSL_get_changed_async_fds` | Async | 🟩U | 🟧NO | 🟩NC* †10 | 🟢Done | -| **⇒ Readahead** | | -| `SSL_CTX_get_default_read_ahead` | RL | 🟩U | 🟧NO | 🟩NC* | 🟢Done | -| `SSL_CTX_get_read_ahead` | RL | 🟩U | 🟧NO | 🟩NC* |🟢Done | -| `SSL_CTX_set_read_ahead` | RL | 🟩U | 🟧NO | 🟨C* |🟢Done | -| `SSL_get_read_ahead` | RL | 🟩U | 🟧NO | 🟨C* |🟢Done | -| `SSL_set_read_ahead` | RL | 🟩U | 🟧NO | 🟨C* | 🟢Done | -| `SSL_CTX_set_default_read_buffer_len` | RL | 🟩U | 🟧NO | 🟩NC* | 🟢Done | -| `SSL_set_default_read_buffer_len` | RL | 🟩U | 🟧NO | 🟨C* | 🟢Done | -| **⇒ Record Padding and Fragmentation** | | -| `SSL_CTX_set_record_padding_callback` | RL | 🟩U | 🟥FC | 🟩NC* | 🟢Done | -| `SSL_set_record_padding_callback` | RL | 🟩U | 🟥FC | 🟨C* | 🟢Done | -| `SSL_CTX_get_record_padding_callback_arg` | RL | 🟩U | 🟥FC | 🟩NC* | 🟢Done | -| `SSL_CTX_set_record_padding_callback_arg` | RL | 🟩U | 🟥FC | 🟩NC* | 🟢Done | -| `SSL_get_record_padding_callback_arg` | RL | 🟩U | 🟥FC | 🟩NC* | 🟢Done | -| `SSL_set_record_padding_callback_arg` | RL | 🟩U | 🟥FC |🟩NC* | 🟢Done | -| `SSL_CTX_set_block_padding` | RL | 🟩U | 🟥FC | 🟩NC* | 🟢Done | -| `SSL_set_block_padding` | RL | 🟩U | 🟥FC | 🟨C* | 🟢Done | -| `SSL_CTX_set_tlsext_max_fragment_length` | RL | 🟩U | 🟥FC | 🟩NC* | 🟢Done | -| `SSL_set_tlsext_max_fragment_length` | RL | 🟩U | 🟥FC | 🟨C* | 🟢Done | -| **⇒ Stateless/HelloRetryRequest** | | -| `SSL_stateless` | RL | 🟩U | 🟥FC | 🟨C* | 🟢Done | -| `SSL_CTX_set_stateless_cookie_generate_cb` | RL | 🟩U | 🟥FC | 🟩NC* | 🟢Done | -| `SSL_CTX_set_stateless_cookie_verify_cb` | RL | 🟩U | 🟥FC | 🟩NC* | 🟢Done | -| **⇒ Early Data/0-RTT** | | -| `SSL_CTX_set_allow_early_data_cb` | 0-RTT | 🟩U | 🟥FC | 🟩NC* | 🟢Done | -| `SSL_set_allow_early_data_cb` | 0-RTT | 🟩U | 🟥FC | 🟨C* |🟢Done | -| `SSL_CTX_get_recv_max_early_data` | 0-RTT | 🟩U | 🟥FC | 🟩NC* | 🟢Done | -| `SSL_CTX_set_recv_max_early_data` | 0-RTT | 🟩U | 🟥FC | 🟩NC* | 🟢Done | -| `SSL_get_recv_max_early_data` | 0-RTT | 🟩U | 🟥FC | 🟩NC* | 🟢Done | -| `SSL_set_recv_max_early_data` | 0-RTT | 🟩U | 🟥FC | 🟨C* | 🟢Done | -| `SSL_CTX_get_max_early_data` | 0-RTT | 🟩U | 🟥FC | 🟩NC* | 🟢Done | -| `SSL_CTX_set_max_early_data` | 0-RTT | 🟩U | 🟥FC | 🟩NC* | 🟢Done | -| `SSL_get_max_early_data` | 0-RTT | 🟩U | 🟥FC | 🟩NC* | 🟢Done | -| `SSL_set_max_early_data` | 0-RTT | 🟩U | 🟥FC | 🟨C* | 🟢Done | -| `SSL_read_early_data` | 0-RTT | 🟩U | 🟥FC | 🟨C* | 🟢Done | -| `SSL_write_early_data` | 0-RTT | 🟩U | 🟥FC | 🟨C* | 🟢Done | -| `SSL_get_early_data_status` | 0-RTT | 🟩U | 🟥FC | 🟩NC* | 🟢Done | -| **⇒ Miscellaneous** | | -| `DTLSv1_listen` | RL | 🟩U | 🟦U | 🟩NC | 🟢Done | -| `DTLS_set_timer_cb` | NDP | 🟩U | 🟦U | 🟩NC | 🟢Done | -| `DTLS_get_data_mtu` | NDP | 🟩U | 🟦U | 🟩NC | 🟢Done | -| `SSL_get_ex_data_X509_STORE_CTX_idx` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | -| `BIO_ssl_shutdown` | Global | 🟩U | 🟩A | 🟩NC | 🟢Done | -| `SSL_alloc_buffers` | HL | 🟩U | 🟩A | 🟨C\* | 🟢Done | -| `SSL_free_buffers` | HL | 🟩U | 🟩A | 🟨C\* | 🟢Done | -| `SSL_trace` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| `SSL_set_debug` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | -| **⇒ Controls** | | -| `SSL_CTRL_MODE` | Special | 🟩U | 🟩A | 🟧QSI | 🟢Done | -| `SSL_CTRL_CLEAR_MODE` | Special | 🟩U | 🟩A | 🟧QSI | 🟢Done | -| `SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS` | HL | 🟩U | 🟧NO | 🟩NC* | 🟢Done | -| `SSL_CTRL_GET_NUM_RENEGOTIATIONS` | HL | 🟩U | 🟧NO | 🟩NC* | 🟢Done | -| `SSL_CTRL_GET_TOTAL_RENEGOTIATIONS` | HL | 🟩U | 🟧NO | 🟩NC* | 🟢Done | -| `SSL_CTRL_GET_RI_SUPPORT` | HL | 🟩U | 🟧NO | 🟩NC* | 🟢Done | -| `SSL_CTRL_GET_READ_AHEAD` | HL | 🟩U | 🟧NO | 🟩NC* | 🟢Done | -| `SSL_CTRL_SET_READ_AHEAD` | HL | 🟩U | 🟥FC | 🟨C* |🟢Done | -| `SSL_CTRL_SET_MAX_PIPELINES` | RL | 🟩U | 🟥FC | 🟨C* | 🟢Done | -| `SSL_CTRL_SET_MAX_SEND_FRAGMENT` | RL | 🟩U | 🟥FC | 🟨C* | 🟢Done | -| `SSL_CTRL_SET_SPLIT_SEND_FRAGMENT` | RL | 🟩U | 🟥FC | 🟨C* | 🟢Done | -| `SSL_CTRL_SET_MTU` | RL | 🟩U | 🟥FC | 🟩NC* | 🟢Done | -| `SSL_CTRL_SET_MAX_PROTO_VERSION` | HL | 🟩U | 🟩A | 🟨C* | 🟢Done | -| `SSL_CTRL_SET_MIN_PROTO_VERSION` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_GET_MAX_PROTO_VERSION` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_GET_MIN_PROTO_VERSION` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_BUILD_CERT_CHAIN` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_CERT_FLAGS` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_CHAIN` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_CHAIN_CERT` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_CLEAR_CERT_FLAGS` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_EXTRA_CHAIN_CERT` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_GET_CHAIN_CERTS` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_GET_CHAIN_CERT_STORE` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_GET_CLIENT_CERT_REQUEST` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_GET_CLIENT_CERT_TYPES` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_GET_EC_POINT_FORMATS` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_GET_EXTMS_SUPPORT` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_GET_EXTRA_CHAIN_CERTS` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_GET_FLAGS` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_GET_GROUPS` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_GET_IANA_GROUPS` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_GET_MAX_CERT_LIST` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_GET_NEGOTIATED_GROUP` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_GET_PEER_SIGNATURE_NID` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_GET_PEER_TMP_KEY` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_GET_RAW_CIPHERLIST` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_GET_SESS_CACHE_MODE` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_GET_SESS_CACHE_SIZE` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_GET_SHARED_GROUP` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_GET_SIGNATURE_NID` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_GET_TLSEXT_TICKET_KEYS` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_GET_TMP_KEY` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_GET_VERIFY_CERT_STORE` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_SELECT_CURRENT_CERT` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_SESS_ACCEPT` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_SESS_ACCEPT_GOOD` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_SESS_ACCEPT_RENEGOTIATE` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_SESS_CACHE_FULL` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_SESS_CB_HIT` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_SESS_CONNECT` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_SESS_CONNECT_GOOD` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_SESS_CONNECT_RENEGOTIATE` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_SESS_HIT` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_SESS_MISSES` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_SESS_NUMBER` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_SESS_TIMEOUTS` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_SET_CHAIN_CERT_STORE` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_SET_CLIENT_CERT_TYPES` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_SET_CLIENT_SIGALGS` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_SET_CLIENT_SIGALGS_LIST` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_SET_CURRENT_CERT` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_SET_DH_AUTO` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_SET_GROUPS` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_SET_GROUPS_LIST` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_SET_MAX_CERT_LIST` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_SET_MSG_CALLBACK` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_SET_MSG_CALLBACK_ARG` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_SET_RETRY_VERIFY` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_SET_SESS_CACHE_MODE` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_SET_SESS_CACHE_SIZE` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_SET_SIGALGS` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_SET_SIGALGS_LIST` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_SET_SRP_ARG` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_SET_SRP_VERIFY_PARAM_CB` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_SET_TLSEXT_DEBUG_ARG` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_SET_TLSEXT_DEBUG_CB` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_SET_TLSEXT_HOSTNAME` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_SET_TLSEXT_SERVERNAME_CB` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_SET_TLS_EXT_SRP_USERNAME` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_SET_TLSEXT_TICKET_KEYS` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_SET_TMP_DH` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_SET_TMP_DH_CB` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_SET_TMP_ECDH` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| `SSL_CTRL_SET_VERIFY_CERT_STORE` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | -| **⇒ SSL Modes** | | -| `SSL_MODE_ENABLE_PARTIAL_WRITE` | ADP | 🟩U | 🟩A | 🟧QSI | 🟢Done | -| `SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER` | ADP | 🟩U | 🟩A | 🟧QSI | 🟢Done | -| `SSL_MODE_RELEASE_BUFFERS` | ADP | 🟩U | 🟧NO | 🟩NC | 🟢Done | -| `SSL_MODE_ASYNC` | ADP | 🟩U | 🟧NO | 🟩NC | 🟢Done | -| `SSL_MODE_AUTO_RETRY` | ADP | 🟩U | 🟧NO | 🟩NC | 🟢Done | -| `SSL_MODE_SEND_FALLBACK_SCSV` | HL | 🟩U | 🟩U | 🟩NC | 🟢Done | +| API Item | Cat. | Sema. | Appl. | Impl. Req. | Status | +|----------------------------------------------|---------|-------|-------|------------|--------------| +| **⇒ Global Information and Functions** | | | | | | +| `OSSL_default_cipher_list` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | +| `OSSL_default_ciphersuites` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | +| `ERR_load_SSL_strings` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | +| `OPENSSL_init_ssl` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | +| `OPENSSL_cipher_name` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | +| `SSL_alert_desc_string` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | +| `SSL_alert_desc_string_long` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | +| `SSL_alert_type_string` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | +| `SSL_alert_type_string_long` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | +| `SSL_extension_supported` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | +| `SSL_add_ssl_module` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | +| `SSL_test_functions` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | +| `SSL_select_next_proto` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | +| **⇒ Methods** | | | | | | +| `SSLv3_method` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | +| `SSLv3_client_method` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | +| `SSLv3_server_method` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | +| `TLS_method` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | +| `TLS_client_method` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | +| `TLS_server_method` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | +| `TLSv1_method` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | +| `TLSv1_client_method` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | +| `TLSv1_server_method` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | +| `TLSv1_1_method` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | +| `TLSv1_1_client_method` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | +| `TLSv1_1_server_method` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | +| `TLSv1_2_client_method` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | +| `TLSv1_2_server_method` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | +| `TLSv1_2_method` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | +| `DTLS_method` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | +| `DTLS_client_method` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | +| `DTLS_server_method` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | +| `DTLSv1_client_method` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | +| `DTLSv1_server_method` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | +| `DTLSv1_method` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | +| `DTLSv1_2_method` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | +| `DTLSv1_2_client_method` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | +| `DTLSv1_2_server_method` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | +| `OSSL_QUIC_client_method` | Global | 🟩U | 🟦U | 🟥QSA | 🟢Done | +| `OSSL_QUIC_client_thread_method` | Global | 🟩U | 🟦U | 🟥QSA | 🟢Done | +| `OSSL_QUIC_server_method` | Global | 🟩U | 🟦U | 🟥QSA | 🟠Design TBD | +| **⇒ Instantiation** | | | | | | +| `BIO_f_ssl` | Object | 🟩U | 🟩A | 🟩NC | 🟢Done | +| `BIO_new_ssl` | Object | 🟩U | 🟩A | 🟩NC | 🟢Done | +| `SSL_CTX_new` | Object | 🟩U | 🟩A | 🟩NC | 🟢Done | +| `SSL_CTX_new_ex` | Object | 🟩U | 🟩A | 🟩NC | 🟢Done | +| `SSL_CTX_up_ref` | Object | 🟩U | 🟩A | 🟩NC | 🟢Done | +| `SSL_CTX_free` | Object | 🟩U | 🟩A | 🟩NC | 🟢Done | +| `SSL_new` | Object | 🟩U | 🟩A | 🟧QSI | 🟢Done | +| `SSL_dup` | Object | 🟩U | 🟩A | 🟥FC | 🟢Done | +| `SSL_up_ref` | Object | 🟩U | 🟩A | 🟩NC | 🟢Done | +| `SSL_free` | Object | 🟩U | 🟩A | 🟧QSI | 🟢Done | +| `SSL_is_dtls` | Object | 🟩U | 🟩A | 🟩NC | 🟢Done | +| `SSL_CTX_get_ex_data` | Object | 🟩U | 🟩A | 🟩NC | 🟢Done | +| `SSL_CTX_set_ex_data` | Object | 🟩U | 🟩A | 🟩NC | 🟢Done | +| `SSL_get_ex_data` | Object | 🟩U | 🟩A | 🟩NC | 🟢Done | +| `SSL_set_ex_data` | Object | 🟩U | 🟩A | 🟩NC | 🟢Done | +| `SSL_get_SSL_CTX` | Object | 🟩U | 🟩A | 🟩NC | 🟢Done | +| `SSL_set_SSL_CTX` | Object | 🟩U | 🟩A | 🟩NC | 🟢Done | +| **⇒ Method Manipulation** | | | | | | +| `SSL_CTX_get_ssl_method` | Object | 🟩U | 🟩A | 🟩NC | 🟢Done | +| `SSL_get_ssl_method` | Object | 🟩U | 🟩A | 🟩NC | 🟢Done | +| `SSL_set_ssl_method` | Object | 🟩U | 🟥FC | 🟧QSI | 🟢Done | +| **⇒ SRTP** | | | | | | +| `SSL_get_selected_srtp_profile` | HL | 🟩U | 🟧NO | 🟨C\* | 🟢Done | +| `SSL_get_srtp_profiles` | HL | 🟩U | 🟧NO | 🟨C\* | 🟢Done | +| `SSL_CTX_set_tlsext_use_srtp` | HL | 🟩U | 🟥FC | 🟨C\* | 🟢Done | +| `SSL_set_tlsext_use_srtp` | HL | 🟩U | 🟥FC | 🟩NC\* | 🟢Done | +| **⇒ Ciphersuite Configuration** | | | | | | +| `SSL_CTX_set_cipher_list` | HL | 🟩U | 🟩A | 🟩NC\* †11 | 🟢Done | +| `SSL_CTX_set_ciphersuites` | HL | 🟩U | 🟩A | 🟨C\* †1 | 🟢Done | +| `SSL_CTX_get_ciphers` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_set_ciphersuites` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_get1_supported_ciphers` | HL | 🟩U | 🟩A | 🟨C\* †1 | 🟢Done | +| `SSL_bytes_to_cipher_list` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_get_ciphers` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_get_cipher_list` | HL | 🟩U | 🟩A | 🟩NC\* †11 | 🟢Done | +| `SSL_set_cipher_list` | HL | 🟩U | 🟩A | 🟩NC\* †11 | 🟢Done | +| **⇒ Negotiated Ciphersuite Queries** | | | | | | +| `SSL_get_current_cipher` | HL | 🟩U | 🟩A | 🟩NC\* †9 | 🟢Done | +| `SSL_get_pending_cipher` | HL | 🟩U | 🟩A | 🟩NC\* †9 | 🟢Done | +| `SSL_get_shared_ciphers` | HL | 🟩U | 🟩A | 🟩NC\* †9 | 🟢Done | +| `SSL_get_client_ciphers` | HL | 🟩U | 🟩A | 🟩NC\* †9 | 🟢Done | +| `SSL_get_current_compression` | HL | 🟩U | 🟩A | 🟩HLNC | 🟢Done | +| `SSL_get_current_expansion` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_get_shared_sigalgs` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_get_sigalgs` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_get_peer_signature_nid` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_get_peer_signature_type_nid` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_get_signature_nid` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_get_signature_type_nid` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| **⇒ ALPN** | †2 | | | | | +| `SSL_SESSION_set1_alpn_selected` | HL | 🟩U | 🟩A | 🟨C\* †2 | 🟢Done | +| `SSL_SESSION_get0_alpn_selected` | HL | 🟩U | 🟩A | 🟨C\* †2 | 🟢Done | +| `SSL_CTX_set_alpn_select_cb` | HL | 🟩U | 🟩A | 🟨C\* †2 | 🟢Done | +| `SSL_set_alpn_protos` | HL | 🟩U | 🟩A | 🟨C\* †2 | 🟢Done | +| `SSL_get0_alpn_selected` | HL | 🟩U | 🟩A | 🟨C\* †2 | 🟢Done | +| `SSL_CTX_set_alpn_protos` | HL | 🟩U | 🟩A | 🟨C\* †2 | 🟢Done | +| **⇒ NPN** | †3 | | | | | +| `SSL_CTX_set_next_proto_select_cb` | HL | 🟩U | 🟥FC | 🟨C\* †3 | 🟢Done | +| `SSL_CTX_set_next_protos_advertised_cb` | HL | 🟩U | 🟥FC | 🟨C\* †3 | 🟢Done | +| `SSL_get0_next_proto_negotiated` | HL | 🟩U | 🟥FC | 🟩NC\* †3 | 🟢Done | +| **⇒ Narrow Waist Interface** | †4 | | | | | +| `SSL_CTX_ctrl` | Object | 🟩U | 🟩A | 🟩NC\* †4 | 🟢Done | +| `SSL_ctrl` | Object | 🟩U | 🟩A | 🟩NC\* †4 | 🟢Done | +| `SSL_CTX_callback_ctrl` | Object | 🟩U | 🟩A | 🟩NC\* †4 | 🟢Done | +| `SSL_callback_ctrl` | Object | 🟩U | 🟩A | 🟩NC\* †4 | 🟢Done | +| **⇒ Miscellaneous Accessors** | | | | | | +| `SSL_get_server_random` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_get_client_random` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_get_finished` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_get_peer_finished` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| **⇒ Ciphersuite Information** | | | | | | +| `SSL_CIPHER_description` | Global | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CIPHER_find` | Global | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CIPHER_get_auth_nid` | Global | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CIPHER_get_bits` | Global | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CIPHER_get_cipher_nid` | Global | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CIPHER_get_digest_nid` | Global | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CIPHER_get_handshake_digest` | Global | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CIPHER_get_id` | Global | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CIPHER_get_kx_nid` | Global | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CIPHER_get_name` | Global | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CIPHER_get_protocol_id` | Global | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CIPHER_get_version` | Global | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CIPHER_is_aead` | Global | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CIPHER_standard_name` | Global | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_group_to_name` | Global | 🟩U | 🟦U | 🟩NC\* | 🟢Done | +| **⇒ Version Queries** | | | | | | +| `SSL_get_version` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_version` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_client_version` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| **⇒ Certificate Chain Management** | | | | | | +| `SSL_get_certificate` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_use_certificate` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_use_certificate_chain_file` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_use_certificate_chain_file` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_use_certificate_file` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_load_verify_file` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_load_verify_dir` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_load_verify_store` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_load_verify_locations` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `CertSSL_use_cert_and_key` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_use_certificate_ASN1` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_use_PrivateKey` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_use_PrivateKey_ASN1` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_use_PrivateKey_file` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_use_RSAPrivateKey` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_use_RSAPrivateKey_ASN1` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_use_RSAPrivateKey_file` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_set_default_verify_dir` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_set_default_verify_file` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_set_default_verify_paths` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_set_default_verify_store` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_use_cert_and_key` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_use_certificate` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_use_certificate_ASN1` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_use_certificate_file` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_use_PrivateKey` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_use_PrivateKey_ASN1` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_use_PrivateKey_file` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_use_RSAPrivateKey` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_use_RSAPrivateKey_ASN1` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_use_RSAPrivateKey_file` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_check_chain` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_check_private_key` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_check_private_key` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_add_client_CA` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_add1_to_CA_list` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_add_dir_cert_subjects_to_stack` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_add_file_cert_subjects_to_stack` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_add_store_cert_subjects_to_stack` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_load_client_CA_file` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_load_client_CA_file_ex` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_dup_CA_list` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_set0_CA_list` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_get0_CA_list` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_set_client_CA_list` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_add_client_CA` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_get0_CA_list` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_get0_certificate` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_get0_privatekey` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_get_cert_store` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_set1_cert_store` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_get_client_CA_list` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_add1_to_CA_list` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_set0_CA_list` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_get_client_cert_cb` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_get_default_passwd_cb` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_get_default_passwd_cb_userdata` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_get_client_CA_list` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_get_privatekey` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| **⇒ Certificate Compression** | | | | | | +| `SSL_CTX_set1_cert_comp_preference` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_set1_cert_comp_preference` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_compress_certs` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_compress_certs` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_set1_compressed_cert` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_set1_compressed_cert` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_get1_compressed_cert` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_get1_compressed_cert` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| **⇒ Certificate Verification** | | | | | | +| `SSL_set1_host` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_add1_host` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_set_hostflags` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_set_verify` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_set_verify` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_set_verify_depth` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_set_verify_result` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_get_verify_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_get_verify_depth` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_get_verify_mode` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_get_verify_result` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_get0_peer_CA_list` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_get0_peer_certificate` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_get0_verified_chain` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_get1_peer_certificate` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_get_peer_cert_chain` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_get_peer_certificate` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_certs_clear` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_get0_param` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_get0_param` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_get_verify_mode` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_get_verify_depth` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_set_verify_depth` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_get0_peername` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_set1_param` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_set1_param` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_get0_param` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_get0_param` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_set_purpose` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_set_purpose` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_set_trust` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_set_trust` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| **⇒ PSK** | | | | | | +| `SSL_use_psk_identity_hint` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_use_psk_identity_hint` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_set_psk_client_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_set_psk_find_session_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_set_psk_server_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_set_psk_use_session_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_get_psk_identity` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_get_psk_identity_hint` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| **⇒ SRP** | | | | | | +| `SSL_SRP_CTX_init` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_SRP_CTX_init` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_SRP_CTX_free` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_SRP_CTX_free` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_set_srp_client_pwd_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_set_srp_password` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_get_srp_g` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_set_srp_cb_arg` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_get_srp_N` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_set_srp_username_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_get_srp_username` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_set_srp_server_param` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_get_srp_userinfo` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_srp_server_param_with_username` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_set_srp_strength` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_set_srp_verify_param_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_set_srp_server_param_pw` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_set_srp_username` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SRP_Calc_A_param` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| **⇒ DANE** | | | | | | +| `SSL_CTX_dane_enable` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_get0_dane_tlsa` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_dane_set_flags` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_dane_set_flags` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_dane_clear_flags` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_dane_clear_flags` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_get0_dane` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_dane_enable` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_get0_dane_authority` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_dane_mtype_set` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_dane_tlsa_add` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| **⇒ Certificate Transparency** | | | | | | +| `SSL_CTX_enable_ct` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_ct_is_enabled` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_set_ctlog_list_file` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_set_default_ctlog_list_file` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_set_ct_validation_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_set0_ctlog_store` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_get0_ctlog_store` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_enable_ct` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_ct_is_enabled` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_get0_peer_scts` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_set_ct_validation_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| **⇒ Compression** | | | | | | +| `SSL_COMP_add_compression_method` | HL | 🟩U | 🟩A | 🟩NC\* †5 | 🟢Done | +| `SSL_COMP_get0_name` | HL | 🟩U | 🟩A | 🟩NC\* †5 | 🟢Done | +| `SSL_COMP_get_compression_methods` | HL | 🟩U | 🟩A | 🟩NC\* †5 | 🟢Done | +| `SSL_COMP_get_id` | HL | 🟩U | 🟩A | 🟩NC\* †5 | 🟢Done | +| `SSL_COMP_get_name` | HL | 🟩U | 🟩A | 🟩NC\* †5 | 🟢Done | +| `SSL_COMP_set0_compression_methods` | HL | 🟩U | 🟩A | 🟩NC\* †5 | 🟢Done | +| **⇒ Exporters** | | | | | | +| `SSL_export_keying_material` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_export_keying_material_early` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| **⇒ Renegotiation** | | | | | | +| `SSL_renegotiate` | HL | 🟩U | 🟥FC | 🟩NC\* †5 | 🟢Done | +| `SSL_renegotiate_abbreviated` | HL | 🟩U | 🟥FC | 🟩NC\* †5 | 🟢Done | +| `SSL_renegotiate_pending` | HL | 🟩U | 🟧NO | 🟩NC\* †5 | 🟢Done | +| **⇒ Options** | | | | | | +| `SSL_CTX_clear_options` | HL | 🟩U | 🟩A | 🟨C\* | 🟢Done | +| `SSL_CTX_set_options` | HL | 🟩U | 🟩A | 🟨C\* | 🟢Done | +| `SSL_CTX_get_options` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_clear_options` | HL | 🟩U | 🟩A | 🟨C\* | 🟢Done | +| `SSL_set_options` | HL | 🟩U | 🟩A | 🟨C\* | 🟢Done | +| `SSL_get_options` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| **⇒ Configuration** | | | | | | +| `SSL_CONF_CTX_new` | Global | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CONF_CTX_free` | Global | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CONF_CTX_set_ssl` | Global | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CONF_CTX_set_ssl_ctx` | Global | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CONF_CTX_set1_prefix` | Global | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CONF_CTX_set_flags` | Global | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CONF_CTX_clear_flags` | Global | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CONF_CTX_finish` | Global | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CONF_cmd` | Global | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CONF_cmd_argv` | Global | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CONF_cmd_value_type` | Global | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_config` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_config` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| **⇒ Callbacks** | | | | | | +| `SSL_CTX_set_cert_cb` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_set_cert_store` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_set_cert_verify_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_set_client_CA_list` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_set_client_cert_cb` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_set_client_cert_engine` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_set_client_hello_cb` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_set_cookie_generate_cb` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_set_cookie_verify_cb` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_set_default_passwd_cb` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_set_default_passwd_cb_userdata` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_set_default_read_buffer_len` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_get_info_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_set_info_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_get_info_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_set_info_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_set_msg_callback` | HL | 🟩U | 🟩A | 🟩NC\* †6 | 🟢Done | +| `SSL_set_cert_cb` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_set_default_passwd_cb` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_set_default_passwd_cb_userdata` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_get_default_passwd_cb` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_get_default_passwd_cb_userdata` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_set_keylog_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_get_keylog_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_set_psk_client_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_set_psk_find_session_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_set_psk_server_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_set_psk_use_session_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_get_verify_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_set_not_resumable_session_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_set_not_resumable_session_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_set_session_secret_cb` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| **⇒ Session Management** | | | | | | +| `d2i_SSL_SESSION` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `i2d_SSL_SESSION` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `PEM_read_bio_SSL_SESSION` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `PEM_read_SSL_SESSION` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `PEM_write_bio_SSL_SESSION` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `PEM_write_SSL_SESSION` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_SESSION_new` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_SESSION_up_ref` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_SESSION_dup` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_SESSION_free` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_SESSION_print` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_SESSION_print_fp` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_SESSION_print_keylog` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_SESSION_get0_cipher` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_SESSION_set_cipher` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_SESSION_get0_hostname` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_SESSION_set1_hostname` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_SESSION_get0_id_context` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_SESSION_set1_id_context` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_SESSION_get0_peer` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_SESSION_get0_ticket` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_SESSION_get0_ticket_appdata` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_SESSION_set1_ticket_appdata` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_SESSION_has_ticket` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_SESSION_get_protocol_version` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_SESSION_set_protocol_version` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_SESSION_get_compress_id` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_SESSION_get_id` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_SESSION_set1_id` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_SESSION_get_time` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_SESSION_set_time` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_SESSION_get_timeout` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_SESSION_set_timeout` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_SESSION_get_ex_data` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_SESSION_set_ex_data` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_SESSION_get0_hostname` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_SESSION_set1_hostname` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_SESSION_get_master_key` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_SESSION_get_master_key` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_SESSION_is_resumable` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_SESSION_get_max_early_data` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_SESSION_get_max_early_data` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_SESSION_get_max_fragment_length` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_SESSION_get_ticket_lifetime_hint` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_add_session` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_remove_session` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_get1_session` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_get_session` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_set_session` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_sess_get_get_cb` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_sess_set_get_cb` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_sess_get_new_cb` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_sess_set_new_cb` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_sess_get_remove_cb` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_sess_set_remove_cb` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_set_session_id_context` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_set_session_id_context` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_set_generate_session_id` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_set_generate_session_id` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_has_matching_session_id` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_flush_sessions` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_session_reused` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_get_timeout` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_set_timeout` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_get_default_timeout` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_sessions` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| **⇒ Session Ticket Management** | | | | | | +| `SSL_get_num_tickets` | HL | 🟩U | 🟩A | 🟩NC\* †7 | 🟢Done | +| `SSL_set_num_tickets` | HL | 🟩U | 🟩A | 🟩NC\* †7 | 🟢Done | +| `SSL_CTX_get_num_tickets` | HL | 🟩U | 🟩A | 🟩NC\* †7 | 🟢Done | +| `SSL_CTX_set_num_tickets` | HL | 🟩U | 🟩A | 🟩NC\* †7 | 🟢Done | +| `SSL_new_session_ticket` | HL | 🟩U | 🟩A | 🟩NC\* †7 | 🟢Done | +| `SSL_set_session_ticket_ext` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_set_session_ticket_ext_cb` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_set_tlsext_ticket_key_evp_cb` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| **⇒ Security Levels** | | | | | | +| `SSL_CTX_get_security_level` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_set_security_level` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_get_security_level` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_set_security_level` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_get_security_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_set_security_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_get_security_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_set_security_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_get0_security_ex_data` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_set0_security_ex_data` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_get0_security_ex_data` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_set0_security_ex_data` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| **⇒ Custom Extensions** | | | | | | +| `SSL_CTX_add_custom_ext` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_add_client_custom_ext` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_add_server_custom_ext` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_has_client_custom_ext` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| **⇒ Early ClientHello Processing** | | | | | | +| `SSL_client_hello_get_extension_order` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_client_hello_get0_ciphers` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_client_hello_get0_compression_methods` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_client_hello_get0_ext` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_client_hello_get0_legacy_version` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_client_hello_get0_random` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_client_hello_get0_session_id` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_client_hello_get1_extensions_present` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_client_hello_isv2` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| **⇒ SNI** | | | | | | +| `SSL_get_servername` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_get_servername_type` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| **⇒ Server Info** | | | | | | +| `SSL_CTX_use_serverinfo` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_use_serverinfo_ex` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_use_serverinfo_file` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| **⇒ Post-Handshake Authentication** | | | | | | +| `SSL_verify_client_post_handshake` | HL | 🟩U | 🟥FC | 🟨C* †8 | 🟢Done | +| `SSL_CTX_set_post_handshake_auth` | HL | 🟩U | 🟥FC | 🟨C* †8 | 🟢Done | +| `SSL_set_post_handshake_auth` | HL | 🟩U | 🟥FC | 🟨C* †8 | 🟢Done | +| **⇒ DH Parameters** | | | | | | +| `SSL_CTX_set_dh_auto` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_set_dh_auto` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_set0_tmp_dh_pkey` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_set0_tmp_dh_pkey` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_set_tmp_dh_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_set_tmp_dh_callback` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_CTX_set_tmp_dh` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_set_tmp_dh` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| **⇒ State Queries** | | | | | | +| `SSL_in_init` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_in_before` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_is_init_finished` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_get_state` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_rstate_string` | HL | 🟩U | 🟩A | 🟧QSI | 🟢Done | +| `SSL_rstate_string_long` | HL | 🟩U | 🟩A | 🟧QSI | 🟢Done | +| `SSL_state_string` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_state_string_long` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| **⇒ Data Path and CSSM** | | | | | | +| `SSL_set_connect_state` | CSSM | 🟩U | 🟩A | 🟧QSI | 🟢Done | +| `SSL_set_accept_state` | CSSM | 🟩U | 🟩A | 🟧QSI | 🟢Done | +| `SSL_is_server` | CSSM | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_peek` | ADP | 🟩U | 🟩A | 🟧QSI | 🟢Done | +| `SSL_peek_ex` | ADP | 🟩U | 🟩A | 🟧QSI | 🟢Done | +| `SSL_read` | ADP | 🟩U | 🟩A | 🟧QSI | 🟢Done | +| `SSL_read_ex` | ADP | 🟩U | 🟩A | 🟧QSI | 🟢Done | +| `SSL_write` | ADP | 🟩U | 🟩A | 🟧QSI | 🟢Done | +| `SSL_write_ex` | ADP | 🟩U | 🟩A | 🟧QSI | 🟢Done | +| `SSL_sendfile` | ADP | 🟩U | 🟥FC | 🟩NC\* | 🟢Done | +| `SSL_pending` | ADP | 🟩U | 🟩A | 🟧QSI | 🟢Done | +| `SSL_has_pending` | ADP | 🟧C | 🟩A | 🟧QSI | 🟢Done | +| `SSL_accept` | CSSM | 🟩U | 🟩A | 🟧QSI | 🟢Done | +| `SSL_connect` | CSSM | 🟩U | 🟩A | 🟧QSI | 🟢Done | +| `SSL_do_handshake` | CSSM | 🟩U | 🟩A | 🟧QSI | 🟢Done | +| `SSL_set0_wbio` | NDP | 🟩U | 🟩A | 🟧QSI | 🟢Done | +| `SSL_set0_rbio` | NDP | 🟧C | 🟩A | 🟧QSI | 🟢Done | +| `SSL_set_bio` | NDP | 🟧C | 🟩A | 🟧QSI | 🟢Done | +| `SSL_get_wbio` | NDP | 🟧C | 🟩A | 🟧QSI | 🟢Done | +| `SSL_get_rbio` | NDP | 🟧C | 🟩A | 🟧QSI | 🟢Done | +| `SSL_get_error` | NDP | 🟩U | 🟩A | 🟧QSI | 🟢Done | +| `SSL_get_rfd` | NDP | 🟩U | 🟩A | 🟩NC | 🟢Done | +| `SSL_get_wfd` | NDP | 🟩U | 🟩A | 🟩NC | 🟢Done | +| `SSL_get_fd` | NDP | 🟩U | 🟩A | 🟩NC | 🟢Done | +| `SSL_set_rfd` | NDP | 🟧C | 🟩A | 🟧QSI | 🟢Done | +| `SSL_set_wfd` | NDP | 🟧C | 🟩A | 🟧QSI | 🟢Done | +| `SSL_set_fd` | NDP | 🟩U | 🟩A | 🟧QSI | 🟢Done | +| `SSL_key_update` | RL | 🟩U | 🟩A | 🟧QSI | 🟢Done | +| `SSL_get_key_update_type` | RL | 🟩U | 🟩A | 🟧QSI | 🟢Done | +| `SSL_clear` (connection) | CSSM | 🟩U | 🟥FC | 🟧QSI | 🟢Done | +| `SSL_clear` (stream) | CSSM | 🟩U | 🟥FC | 🟧QSI | 🟢Done | +| `SSL_shutdown` | CSSM | 🟧C | 🟩A | 🟧QSI | 🟢Done | +| `SSL_want` | ADP | 🟧C | 🟩A | 🟧QSI | 🟢Done | +| `BIO_new_ssl_connect` | Global | 🟩U | 🟩A | 🟧QSI | 🟢Done | +| `BIO_new_buffer_ssl_connect` | Global | 🟩U | 🟦U | 🟧QSI | 🟢Done | +| `SSL_get_shutdown` | CSSM | 🟩U | 🟩A | 🟧QSI | 🟢Done | +| `SSL_set_shutdown` | CSSM | 🟩U | 🟩A | 🟧QSI | 🟢Done | +| **⇒ New APIs** | | | | | | +| `SSL_is_tls` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | +| `SSL_is_quic` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | +| `SSL_handle_events` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | +| `SSL_get_event_timeout` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | +| `SSL_get_blocking_mode` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | +| `SSL_set_blocking_mode` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | +| `SSL_get_rpoll_descriptor` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | +| `SSL_get_wpoll_descriptor` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | +| `SSL_net_read_desired` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | +| `SSL_net_write_desired` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | +| `SSL_set1_initial_peer_addr` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | +| `SSL_shutdown_ex` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | +| `SSL_stream_conclude` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | +| `SSL_stream_reset` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | +| `SSL_get_stream_read_state` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | +| `SSL_get_stream_write_state` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | +| `SSL_get_stream_read_error_code` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | +| `SSL_get_stream_write_error_code` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | +| `SSL_get_conn_close_info` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | +| `SSL_inject_net_dgram` | NDP | 🟦N | 🟩A | 🟥QSA | 🟢Done | +| **⇒ New APIs for Multi-Stream** | | | | | | +| `SSL_get0_connection` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | +| `SSL_is_connection` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | +| `SSL_get_stream_id` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | +| `SSL_get_stream_type` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | +| `SSL_is_stream_local` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | +| `SSL_new_stream` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | +| `SSL_accept_stream` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | +| `SSL_get_accept_stream_queue_len` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | +| `SSL_set_default_stream_mode` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | +| `SSL_set_incoming_stream_policy` | CSSM | 🟦N | 🟩A | 🟥QSA | 🟢Done | +| **⇒ Currently Not Supported** | | | | | | +| `SSL_copy_session_id` | Special | 🟩U | 🟥FC | 🟨C* | 🟢Done | +| `BIO_ssl_copy_session_id` | Special | 🟩U | 🟥FC | 🟨C* | 🟢Done | +| `SSL_CTX_set_quiet_shutdown` | CSSM | 🟩U | 🟦U | 🟩NC | 🟢Done | +| `SSL_CTX_get_quiet_shutdown` | CSSM | 🟩U | 🟦U | 🟩NC | 🟢Done | +| `SSL_set_quiet_shutdown` | CSSM | 🟩U | 🟥FC | 🟨C | 🟢Done | +| `SSL_get_quiet_shutdown` | CSSM | 🟩U | 🟧NO | 🟨C | 🟢Done | +| `SSL_CTX_set_ssl_version` | HL | 🟩U | 🟥FC | 🟨C | 🟢Done | +| **⇒ Async** | | | | | | +| `SSL_CTX_set_async_callback` | Async | 🟩U | 🟧NO | 🟩NC* †10 | 🟢Done | +| `SSL_set_async_callback` | Async | 🟩U | 🟧NO | 🟩NC* †10 | 🟢Done | +| `SSL_CTX_set_async_callback_arg` | Async | 🟩U | 🟧NO | 🟩NC* †10 | 🟢Done | +| `SSL_set_async_callback_arg` | Async | 🟩U | 🟧NO | 🟩NC* †10 | 🟢Done | +| `SSL_waiting_for_async` | Async | 🟩U | 🟧NO | 🟩NC* †10 | 🟢Done | +| `SSL_get_async_status` | Async | 🟩U | 🟧NO | 🟩NC* †10 | 🟢Done | +| `SSL_get_all_async_fds` | Async | 🟩U | 🟧NO | 🟩NC* †10 | 🟢Done | +| `SSL_get_changed_async_fds` | Async | 🟩U | 🟧NO | 🟩NC* †10 | 🟢Done | +| **⇒ Readahead** | | | | | | +| `SSL_CTX_get_default_read_ahead` | RL | 🟩U | 🟧NO | 🟩NC* | 🟢Done | +| `SSL_CTX_get_read_ahead` | RL | 🟩U | 🟧NO | 🟩NC* | 🟢Done | +| `SSL_CTX_set_read_ahead` | RL | 🟩U | 🟧NO | 🟨C* | 🟢Done | +| `SSL_get_read_ahead` | RL | 🟩U | 🟧NO | 🟨C* | 🟢Done | +| `SSL_set_read_ahead` | RL | 🟩U | 🟧NO | 🟨C* | 🟢Done | +| `SSL_CTX_set_default_read_buffer_len` | RL | 🟩U | 🟧NO | 🟩NC* | 🟢Done | +| `SSL_set_default_read_buffer_len` | RL | 🟩U | 🟧NO | 🟨C* | 🟢Done | +| **⇒ Record Padding and Fragmentation** | | | | | | +| `SSL_CTX_set_record_padding_callback` | RL | 🟩U | 🟥FC | 🟩NC* | 🟢Done | +| `SSL_set_record_padding_callback` | RL | 🟩U | 🟥FC | 🟨C* | 🟢Done | +| `SSL_CTX_get_record_padding_callback_arg` | RL | 🟩U | 🟥FC | 🟩NC* | 🟢Done | +| `SSL_CTX_set_record_padding_callback_arg` | RL | 🟩U | 🟥FC | 🟩NC* | 🟢Done | +| `SSL_get_record_padding_callback_arg` | RL | 🟩U | 🟥FC | 🟩NC* | 🟢Done | +| `SSL_set_record_padding_callback_arg` | RL | 🟩U | 🟥FC | 🟩NC* | 🟢Done | +| `SSL_CTX_set_block_padding` | RL | 🟩U | 🟥FC | 🟩NC* | 🟢Done | +| `SSL_set_block_padding` | RL | 🟩U | 🟥FC | 🟨C* | 🟢Done | +| `SSL_CTX_set_tlsext_max_fragment_length` | RL | 🟩U | 🟥FC | 🟩NC* | 🟢Done | +| `SSL_set_tlsext_max_fragment_length` | RL | 🟩U | 🟥FC | 🟨C* | 🟢Done | +| **⇒ Stateless/HelloRetryRequest** | | | | | | +| `SSL_stateless` | RL | 🟩U | 🟥FC | 🟨C* | 🟢Done | +| `SSL_CTX_set_stateless_cookie_generate_cb` | RL | 🟩U | 🟥FC | 🟩NC* | 🟢Done | +| `SSL_CTX_set_stateless_cookie_verify_cb` | RL | 🟩U | 🟥FC | 🟩NC* | 🟢Done | +| **⇒ Early Data/0-RTT** | | | | | | +| `SSL_CTX_set_allow_early_data_cb` | 0-RTT | 🟩U | 🟥FC | 🟩NC* | 🟢Done | +| `SSL_set_allow_early_data_cb` | 0-RTT | 🟩U | 🟥FC | 🟨C* | 🟢Done | +| `SSL_CTX_get_recv_max_early_data` | 0-RTT | 🟩U | 🟥FC | 🟩NC* | 🟢Done | +| `SSL_CTX_set_recv_max_early_data` | 0-RTT | 🟩U | 🟥FC | 🟩NC* | 🟢Done | +| `SSL_get_recv_max_early_data` | 0-RTT | 🟩U | 🟥FC | 🟩NC* | 🟢Done | +| `SSL_set_recv_max_early_data` | 0-RTT | 🟩U | 🟥FC | 🟨C* | 🟢Done | +| `SSL_CTX_get_max_early_data` | 0-RTT | 🟩U | 🟥FC | 🟩NC* | 🟢Done | +| `SSL_CTX_set_max_early_data` | 0-RTT | 🟩U | 🟥FC | 🟩NC* | 🟢Done | +| `SSL_get_max_early_data` | 0-RTT | 🟩U | 🟥FC | 🟩NC* | 🟢Done | +| `SSL_set_max_early_data` | 0-RTT | 🟩U | 🟥FC | 🟨C* | 🟢Done | +| `SSL_read_early_data` | 0-RTT | 🟩U | 🟥FC | 🟨C* | 🟢Done | +| `SSL_write_early_data` | 0-RTT | 🟩U | 🟥FC | 🟨C* | 🟢Done | +| `SSL_get_early_data_status` | 0-RTT | 🟩U | 🟥FC | 🟩NC* | 🟢Done | +| **⇒ Miscellaneous** | | | | | | +| `DTLSv1_listen` | RL | 🟩U | 🟦U | 🟩NC | 🟢Done | +| `DTLS_set_timer_cb` | NDP | 🟩U | 🟦U | 🟩NC | 🟢Done | +| `DTLS_get_data_mtu` | NDP | 🟩U | 🟦U | 🟩NC | 🟢Done | +| `SSL_get_ex_data_X509_STORE_CTX_idx` | Global | 🟩U | 🟦U | 🟩NC | 🟢Done | +| `BIO_ssl_shutdown` | Global | 🟩U | 🟩A | 🟩NC | 🟢Done | +| `SSL_alloc_buffers` | HL | 🟩U | 🟩A | 🟨C\* | 🟢Done | +| `SSL_free_buffers` | HL | 🟩U | 🟩A | 🟨C\* | 🟢Done | +| `SSL_trace` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| `SSL_set_debug` | HL | 🟩U | 🟩A | 🟩NC\* | 🟢Done | +| **⇒ Controls** | | | | | | +| `SSL_CTRL_MODE` | Special | 🟩U | 🟩A | 🟧QSI | 🟢Done | +| `SSL_CTRL_CLEAR_MODE` | Special | 🟩U | 🟩A | 🟧QSI | 🟢Done | +| `SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS` | HL | 🟩U | 🟧NO | 🟩NC* | 🟢Done | +| `SSL_CTRL_GET_NUM_RENEGOTIATIONS` | HL | 🟩U | 🟧NO | 🟩NC* | 🟢Done | +| `SSL_CTRL_GET_TOTAL_RENEGOTIATIONS` | HL | 🟩U | 🟧NO | 🟩NC* | 🟢Done | +| `SSL_CTRL_GET_RI_SUPPORT` | HL | 🟩U | 🟧NO | 🟩NC* | 🟢Done | +| `SSL_CTRL_GET_READ_AHEAD` | HL | 🟩U | 🟧NO | 🟩NC* | 🟢Done | +| `SSL_CTRL_SET_READ_AHEAD` | HL | 🟩U | 🟥FC | 🟨C* | 🟢Done | +| `SSL_CTRL_SET_MAX_PIPELINES` | RL | 🟩U | 🟥FC | 🟨C* | 🟢Done | +| `SSL_CTRL_SET_MAX_SEND_FRAGMENT` | RL | 🟩U | 🟥FC | 🟨C* | 🟢Done | +| `SSL_CTRL_SET_SPLIT_SEND_FRAGMENT` | RL | 🟩U | 🟥FC | 🟨C* | 🟢Done | +| `SSL_CTRL_SET_MTU` | RL | 🟩U | 🟥FC | 🟩NC* | 🟢Done | +| `SSL_CTRL_SET_MAX_PROTO_VERSION` | HL | 🟩U | 🟩A | 🟨C* | 🟢Done | +| `SSL_CTRL_SET_MIN_PROTO_VERSION` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_GET_MAX_PROTO_VERSION` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_GET_MIN_PROTO_VERSION` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_BUILD_CERT_CHAIN` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_CERT_FLAGS` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_CHAIN` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_CHAIN_CERT` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_CLEAR_CERT_FLAGS` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_EXTRA_CHAIN_CERT` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_GET_CHAIN_CERTS` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_GET_CHAIN_CERT_STORE` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_GET_CLIENT_CERT_REQUEST` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_GET_CLIENT_CERT_TYPES` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_GET_EC_POINT_FORMATS` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_GET_EXTMS_SUPPORT` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_GET_EXTRA_CHAIN_CERTS` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_GET_FLAGS` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_GET_GROUPS` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_GET_IANA_GROUPS` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_GET_MAX_CERT_LIST` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_GET_NEGOTIATED_GROUP` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_GET_PEER_SIGNATURE_NID` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_GET_PEER_TMP_KEY` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_GET_RAW_CIPHERLIST` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_GET_SESS_CACHE_MODE` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_GET_SESS_CACHE_SIZE` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_GET_SHARED_GROUP` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_GET_SIGNATURE_NID` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_GET_TLSEXT_TICKET_KEYS` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_GET_TMP_KEY` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_GET_VERIFY_CERT_STORE` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_SELECT_CURRENT_CERT` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_SESS_ACCEPT` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_SESS_ACCEPT_GOOD` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_SESS_ACCEPT_RENEGOTIATE` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_SESS_CACHE_FULL` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_SESS_CB_HIT` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_SESS_CONNECT` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_SESS_CONNECT_GOOD` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_SESS_CONNECT_RENEGOTIATE` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_SESS_HIT` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_SESS_MISSES` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_SESS_NUMBER` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_SESS_TIMEOUTS` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_SET_CHAIN_CERT_STORE` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_SET_CLIENT_CERT_TYPES` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_SET_CLIENT_SIGALGS` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_SET_CLIENT_SIGALGS_LIST` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_SET_CURRENT_CERT` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_SET_DH_AUTO` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_SET_GROUPS` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_SET_GROUPS_LIST` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_SET_MAX_CERT_LIST` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_SET_MSG_CALLBACK` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_SET_MSG_CALLBACK_ARG` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_SET_RETRY_VERIFY` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_SET_SESS_CACHE_MODE` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_SET_SESS_CACHE_SIZE` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_SET_SIGALGS` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_SET_SIGALGS_LIST` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_SET_SRP_ARG` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_SET_SRP_VERIFY_PARAM_CB` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_SET_TLSEXT_DEBUG_ARG` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_SET_TLSEXT_DEBUG_CB` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_SET_TLSEXT_HOSTNAME` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_SET_TLSEXT_SERVERNAME_CB` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_SET_TLS_EXT_SRP_USERNAME` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_SET_TLSEXT_TICKET_KEYS` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_SET_TMP_DH` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_SET_TMP_DH_CB` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_SET_TMP_ECDH` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| `SSL_CTRL_SET_VERIFY_CERT_STORE` | HL | 🟩U | 🟩A | 🟩NC* | 🟢Done | +| **⇒ SSL Modes** | | | | | | +| `SSL_MODE_ENABLE_PARTIAL_WRITE` | ADP | 🟩U | 🟩A | 🟧QSI | 🟢Done | +| `SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER` | ADP | 🟩U | 🟩A | 🟧QSI | 🟢Done | +| `SSL_MODE_RELEASE_BUFFERS` | ADP | 🟩U | 🟧NO | 🟩NC | 🟢Done | +| `SSL_MODE_ASYNC` | ADP | 🟩U | 🟧NO | 🟩NC | 🟢Done | +| `SSL_MODE_AUTO_RETRY` | ADP | 🟩U | 🟧NO | 🟩NC | 🟢Done | +| `SSL_MODE_SEND_FALLBACK_SCSV` | HL | 🟩U | 🟩U | 🟩NC | 🟢Done | Q&A For TLS-Related Calls ------------------------- diff --git a/doc/designs/quic-design/tx-packetiser.md b/doc/designs/quic-design/tx-packetiser.md index f2d7e69a160a6d53047849b8accda9b73ada8e20..38e9def5e923372d801563528c4cdcb2149d8965 100644 --- a/doc/designs/quic-design/tx-packetiser.md +++ b/doc/designs/quic-design/tx-packetiser.md @@ -258,39 +258,39 @@ Packetisation and Processing Frames are taken from [RFC 9000 12.4 Frames and Frame Types]. -| Type | Name | I | H | 0 | 1 | N | C | P | F | -| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | -| 0x00 | padding | ✓ | ✓ | ✓ | ✓ | ✓ | | ✓ -| 0x01 | ping | ✓ | ✓ | ✓ | ✓ | | | | | -| 0x02 | ack 0x02 | ✓ | ✓ | | ✓ | ✓ | ✓ | | | -| 0x03 | ack 0x03 | ✓ | ✓ | | ✓ | ✓ | ✓ | | | -| 0x04 | reset_stream | | | ✓ | ✓ | | | | | -| 0x05 | stop_sending | | | ✓ | ✓ | | | | | -| 0x06 | crypto | ✓ | ✓ | | ✓ | | | | | -| 0x07 | new_token | | | | ✓ | | | | | -| 0x08 | stream 0x08 | | | ✓ | ✓ | | | | ✓ | -| 0x09 | stream 0x09 | | | ✓ | ✓ | | | | ✓ | -| 0x0A | stream 0x0A | | | ✓ | ✓ | | | | ✓ | -| 0x0B | stream 0x0B | | | ✓ | ✓ | | | | ✓ | -| 0x0C | stream 0x0C | | | ✓ | ✓ | | | | ✓ | -| 0x0D | stream 0x0D | | | ✓ | ✓ | | | | ✓ | -| 0x0E | stream 0x0E | | | ✓ | ✓ | | | | ✓ | -| 0x0F | stream 0x0F | | | ✓ | ✓ | | | | ✓ | -| 0x10 | max_data | | | ✓ | ✓ | | | | | -| 0x11 | max_stream_data | | | ✓ | ✓ | | | | | -| 0x12 | max_streams 0x12 | | | ✓ | ✓ | | | | | -| 0x13 | max_streams 0x13 | | | ✓ | ✓ | | | | | -| 0x14 | data_blocked | | | ✓ | ✓ | | | | | -| 0x15 | stream_data_blocked | | | ✓ | ✓ | | | | | -| 0x16 | streams_blocked 0x16 | | | ✓ | ✓ | | | | | -| 0x17 | streams_blocked 0x17 | | | ✓ | ✓ | | | | | -| 0x18 | new_connection_id | | | ✓ | ✓ | | | ✓ | | -| 0x19 | retire_connection_id | | | ✓ | ✓ | | | | | -| 0x1A | path_challenge | | | ✓ | ✓ | | | ✓ | | -| 0x1B | path_response | | | | ✓ | | | ✓ | | -| 0x1C | connection_close 0x1C | ✓ | ✓ | ✓ | ✓ | ✓ -| 0x1D | connection_close 0x1D | | | ✓ | ✓ | ✓ | | | | -| 0x1E | handshake_done | | | | ✓ | | | | | +| Type | Name | I | H | 0 | 1 | N | C | P | F | +|------|-----------------------|---------|---------|---------|---------|---------|---------|---------|---------| +| 0x00 | padding | ✓ | ✓ | ✓ | ✓ | ✓ | | ✓ | | +| 0x01 | ping | ✓ | ✓ | ✓ | ✓ | | | | | +| 0x02 | ack 0x02 | ✓ | ✓ | | ✓ | ✓ | ✓ | | | +| 0x03 | ack 0x03 | ✓ | ✓ | | ✓ | ✓ | ✓ | | | +| 0x04 | reset_stream | | | ✓ | ✓ | | | | | +| 0x05 | stop_sending | | | ✓ | ✓ | | | | | +| 0x06 | crypto | ✓ | ✓ | | ✓ | | | | | +| 0x07 | new_token | | | | ✓ | | | | | +| 0x08 | stream 0x08 | | | ✓ | ✓ | | | | ✓ | +| 0x09 | stream 0x09 | | | ✓ | ✓ | | | | ✓ | +| 0x0A | stream 0x0A | | | ✓ | ✓ | | | | ✓ | +| 0x0B | stream 0x0B | | | ✓ | ✓ | | | | ✓ | +| 0x0C | stream 0x0C | | | ✓ | ✓ | | | | ✓ | +| 0x0D | stream 0x0D | | | ✓ | ✓ | | | | ✓ | +| 0x0E | stream 0x0E | | | ✓ | ✓ | | | | ✓ | +| 0x0F | stream 0x0F | | | ✓ | ✓ | | | | ✓ | +| 0x10 | max_data | | | ✓ | ✓ | | | | | +| 0x11 | max_stream_data | | | ✓ | ✓ | | | | | +| 0x12 | max_streams 0x12 | | | ✓ | ✓ | | | | | +| 0x13 | max_streams 0x13 | | | ✓ | ✓ | | | | | +| 0x14 | data_blocked | | | ✓ | ✓ | | | | | +| 0x15 | stream_data_blocked | | | ✓ | ✓ | | | | | +| 0x16 | streams_blocked 0x16 | | | ✓ | ✓ | | | | | +| 0x17 | streams_blocked 0x17 | | | ✓ | ✓ | | | | | +| 0x18 | new_connection_id | | | ✓ | ✓ | | | ✓ | | +| 0x19 | retire_connection_id | | | ✓ | ✓ | | | | | +| 0x1A | path_challenge | | | ✓ | ✓ | | | ✓ | | +| 0x1B | path_response | | | | ✓ | | | ✓ | | +| 0x1C | connection_close 0x1C | ✓ | ✓ | ✓ | ✓ | ✓ | | | | +| 0x1D | connection_close 0x1D | | | ✓ | ✓ | ✓ | | | | +| 0x1E | handshake_done | | | | ✓ | | | | | The various fields are as defined in RFC 9000. diff --git a/doc/internal/man3/ossl_provider_new.pod b/doc/internal/man3/ossl_provider_new.pod index d30e400894376a9d7f0be7d4d9aa4209aa29c653..2c406381e9d86893acf545ee1bae4a969241773e 100644 --- a/doc/internal/man3/ossl_provider_new.pod +++ b/doc/internal/man3/ossl_provider_new.pod @@ -384,7 +384,7 @@ The functions described here were all added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/internal/man3/ossl_rand_get_entropy.pod b/doc/internal/man3/ossl_rand_get_entropy.pod index 48343b6fe04938efce4f2b0b964183fb88a80569..5c7a076336df0ded05dc6527672331b3aac29036 100644 --- a/doc/internal/man3/ossl_rand_get_entropy.pod +++ b/doc/internal/man3/ossl_rand_get_entropy.pod @@ -83,7 +83,7 @@ The remaining functions described here were all added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/internal/man7/deprecation.pod b/doc/internal/man7/deprecation.pod index 87cdcb13c81175db016717d6e72c8e6270f96c48..de34c30fa22f2b14b25bc6dc46b3bdb245f647a0 100644 --- a/doc/internal/man7/deprecation.pod +++ b/doc/internal/man7/deprecation.pod @@ -2,7 +2,7 @@ =head1 NAME -OPENSSL_NO_DEPRECATED_3_2, OSSL_DEPRECATEDIN_3_2, +OPENSSL_NO_DEPRECATED_3_1, OSSL_DEPRECATEDIN_3_1, OPENSSL_NO_DEPRECATED_3_0, OSSL_DEPRECATEDIN_3_0, OPENSSL_NO_DEPRECATED_1_1_1, OSSL_DEPRECATEDIN_1_1_1, OPENSSL_NO_DEPRECATED_1_1_0, OSSL_DEPRECATEDIN_1_1_0, diff --git a/doc/man1/openssl-cms.pod.in b/doc/man1/openssl-cms.pod.in index a3ef9c01812055b4b35662ce9de3e2bcdfffdf89..78be2e6c09006907a460ff597573bee657c7eea1 100644 --- a/doc/man1/openssl-cms.pod.in +++ b/doc/man1/openssl-cms.pod.in @@ -915,7 +915,7 @@ The B<-digest> option was added in OpenSSL 3.2. =head1 COPYRIGHT -Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BIO_ADDR.pod b/doc/man3/BIO_ADDR.pod index 20cd364d48aeea20f6991102da8da522a550d841..eb5a4a8fe7fbde07e57367dbd96cdb413b4d0a51 100644 --- a/doc/man3/BIO_ADDR.pod +++ b/doc/man3/BIO_ADDR.pod @@ -131,7 +131,7 @@ BIO_ADDR_copy() and BIO_ADDR_dup() were added in OpenSSL 3.2. =head1 COPYRIGHT -Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/DH_generate_parameters.pod b/doc/man3/DH_generate_parameters.pod index bbcfe24ae6b4d200d7c7a89178cadf769cb40b49..e677885597ae6a5a90522c1b5e6dd64769a26b30 100644 --- a/doc/man3/DH_generate_parameters.pod +++ b/doc/man3/DH_generate_parameters.pod @@ -128,6 +128,10 @@ The parameter B is invalid. =back +If 0 is returned or B<*codes> is set to a nonzero value the supplied +parameters should not be used for Diffie-Hellman operations otherwise +the security properties of the key exchange are not guaranteed. + DH_check_ex(), DH_check_params() and DH_check_pub_key_ex() are similar to DH_check() and DH_check_params() respectively, but the error reasons are added to the thread's error queue instead of provided as return values from the diff --git a/doc/man3/DSA_generate_parameters.pod b/doc/man3/DSA_generate_parameters.pod index 415c4c8b82ce74f63a612bbccf54ec551a3f5237..32eecb6891fa8c5af7677c1d9a6ada2856224a7d 100644 --- a/doc/man3/DSA_generate_parameters.pod +++ b/doc/man3/DSA_generate_parameters.pod @@ -51,7 +51,7 @@ called as shown below. For information on the BN_GENCB structure and the BN_GENCB_call function discussed below, refer to L. -DSA_generate_prime() is similar to DSA_generate_prime_ex() but +DSA_generate_parameters() is similar to DSA_generate_parameters_ex() but expects an old-style callback function; see L for information on the old-style callback. diff --git a/doc/man3/EVP_MAC.pod b/doc/man3/EVP_MAC.pod index 8fd237599e29d2765029009e9171573e6de25062..56ac92a486728ef9661720dd031b75d02aa73dd7 100644 --- a/doc/man3/EVP_MAC.pod +++ b/doc/man3/EVP_MAC.pod @@ -481,7 +481,7 @@ These functions were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_SIGNATURE.pod b/doc/man3/EVP_SIGNATURE.pod index a4ee9c4807d7aa034bdf632f9f785f5756b20049..1f534ef33810eb92b848890e2c3d510bdbef6bcf 100644 --- a/doc/man3/EVP_SIGNATURE.pod +++ b/doc/man3/EVP_SIGNATURE.pod @@ -106,7 +106,7 @@ The functions described here were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_aes_128_gcm.pod b/doc/man3/EVP_aes_128_gcm.pod index 09cae9912950492ce89a743707c4acaf572f56ae..067f17e8fc183df413a0aabb11dead4ff7f0f1b9 100644 --- a/doc/man3/EVP_aes_128_gcm.pod +++ b/doc/man3/EVP_aes_128_gcm.pod @@ -134,13 +134,7 @@ section for details. EVP_aes_192_wrap(), EVP_aes_256_wrap(), EVP_aes_128_wrap_pad(), -EVP_aes_128_wrap(), -EVP_aes_192_wrap(), -EVP_aes_256_wrap(), EVP_aes_192_wrap_pad(), -EVP_aes_128_wrap(), -EVP_aes_192_wrap(), -EVP_aes_256_wrap(), EVP_aes_256_wrap_pad() AES key wrap with 128, 192 and 256 bit keys, as according to RFC 3394 section diff --git a/doc/man3/OPENSSL_LH_COMPFUNC.pod b/doc/man3/OPENSSL_LH_COMPFUNC.pod index e1eba6b965fc45b186b0070b3dfe19b077b8a079..d3091f6a562a388d795cece28e002de546e5806d 100644 --- a/doc/man3/OPENSSL_LH_COMPFUNC.pod +++ b/doc/man3/OPENSSL_LH_COMPFUNC.pod @@ -280,7 +280,7 @@ L In OpenSSL 1.0.0, the lhash interface was revamped for better type checking. -In OpenSSL 3.2, B() was introduced and B() +In OpenSSL 3.1, B() was introduced and B() was deprecated. =head1 COPYRIGHT diff --git a/doc/man3/OPENSSL_LH_stats.pod b/doc/man3/OPENSSL_LH_stats.pod index 01381e92167c20ee1469bf4bca9223727a1b3087..fb95928d8f200b36764f35e12915a90cd14900c3 100644 --- a/doc/man3/OPENSSL_LH_stats.pod +++ b/doc/man3/OPENSSL_LH_stats.pod @@ -10,16 +10,16 @@ OPENSSL_LH_node_stats_bio, OPENSSL_LH_node_usage_stats_bio - LHASH statistics #include +The following functions have been deprecated since OpenSSL 3.1, and can be +hidden entirely by defining B with a suitable version value, +see L: + void OPENSSL_LH_node_stats(LHASH *table, FILE *out); void OPENSSL_LH_node_usage_stats(LHASH *table, FILE *out); void OPENSSL_LH_node_stats_bio(LHASH *table, BIO *out); void OPENSSL_LH_node_usage_stats_bio(LHASH *table, BIO *out); -The following functions have been deprecated since OpenSSL 3.2, and can be -hidden entirely by defining B with a suitable version value, -see L: - void OPENSSL_LH_stats(LHASH *table, FILE *out); void OPENSSL_LH_stats_bio(LHASH *table, BIO *out); @@ -48,8 +48,7 @@ record a miss. OPENSSL_LH_stats_bio(), OPENSSL_LH_node_stats_bio() and OPENSSL_LH_node_usage_stats_bio() are the same as the above, except that the output goes to a B. -OPENSSH_LH_stats() and OPENSSH_LH_stats_bio() are deprecated and should no -longer be used. +These functions are deprecated and should no longer be used. =head1 RETURN VALUES @@ -61,13 +60,14 @@ These calls should be made under a read lock. Refer to L for more details about the locks required when using the LHASH data structure. -The functions OPENSSH_LH_stats() and OPENSSH_LH_stats_bio() were deprecated in -version 3.2. - =head1 SEE ALSO L, L +=head1 HISTORY + +These functions were deprecated in version 3.1. + =head1 COPYRIGHT Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man3/OSSL_CMP_validate_msg.pod b/doc/man3/OSSL_CMP_validate_msg.pod index 7dbe3f74ca1ebf3c9625eaf1efd33678aa30f22c..c416a49d777205a994691f996dfa8261aee42ba5 100644 --- a/doc/man3/OSSL_CMP_validate_msg.pod +++ b/doc/man3/OSSL_CMP_validate_msg.pod @@ -76,7 +76,7 @@ The OpenSSL CMP support was added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OSSL_STORE_open.pod b/doc/man3/OSSL_STORE_open.pod index 8e4a9a79267850b87dbe960dc20983f1a9290f05..1b3b0764aeca84106eb32e27ec152d51e1c5d49b 100644 --- a/doc/man3/OSSL_STORE_open.pod +++ b/doc/man3/OSSL_STORE_open.pod @@ -182,7 +182,7 @@ OSSL_STORE_ctrl() and OSSL_STORE_vctrl() were deprecated in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/PKCS12_create.pod b/doc/man3/PKCS12_create.pod index 993e50777e1d9bb154a47d2be5ee5900c2c11f2b..5291338d3c4d0c165f27ceb37b3a72cc943a7094 100644 --- a/doc/man3/PKCS12_create.pod +++ b/doc/man3/PKCS12_create.pod @@ -120,7 +120,7 @@ standards. =head1 COPYRIGHT -Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/PKCS12_gen_mac.pod b/doc/man3/PKCS12_gen_mac.pod index 07f8855ecf7f62e86fd1b2b5909747bacbea7283..a72df145fedd70ac5863b722bcf5778e2cf751f6 100644 --- a/doc/man3/PKCS12_gen_mac.pod +++ b/doc/man3/PKCS12_gen_mac.pod @@ -64,7 +64,7 @@ L =head1 COPYRIGHT -Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/PKCS5_PBKDF2_HMAC.pod b/doc/man3/PKCS5_PBKDF2_HMAC.pod index 0984e993daefa579b8964a530f4dbd57ac86237a..3da271bdbff7706f6facd28955293affddeb0754 100644 --- a/doc/man3/PKCS5_PBKDF2_HMAC.pod +++ b/doc/man3/PKCS5_PBKDF2_HMAC.pod @@ -33,7 +33,8 @@ be NULL terminated. B is the iteration count and its value should be greater than or equal to 1. RFC 2898 suggests an iteration count of at least 1000. Any -B less than 1 is treated as a single iteration. +B value less than 1 is invalid; such values will result in failure +and raise the PROV_R_INVALID_ITERATION_COUNT error. B is the message digest function used in the derivation. PKCS5_PBKDF2_HMAC_SHA1() calls PKCS5_PBKDF2_HMAC() with EVP_sha1(). diff --git a/doc/man3/SSL_CONF_CTX_set_ssl_ctx.pod b/doc/man3/SSL_CONF_CTX_set_ssl_ctx.pod index b74c869b83d2dc99df397e9ef00a8f85ac00dc96..3913ea9390079df01867675cea8e2a448c4f6564 100644 --- a/doc/man3/SSL_CONF_CTX_set_ssl_ctx.pod +++ b/doc/man3/SSL_CONF_CTX_set_ssl_ctx.pod @@ -55,7 +55,7 @@ These functions were added in OpenSSL 1.0.2. =head1 COPYRIGHT -Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2012-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set_info_callback.pod b/doc/man3/SSL_CTX_set_info_callback.pod index 9cee6420738486fd5057d3488f95e413a38a0dc5..99f59b063c2248d6d84932cdda76f4b382f06385 100644 --- a/doc/man3/SSL_CTX_set_info_callback.pod +++ b/doc/man3/SSL_CTX_set_info_callback.pod @@ -12,11 +12,15 @@ SSL_get_info_callback #include - void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*callback)()); - void (*SSL_CTX_get_info_callback(const SSL_CTX *ctx))(); + void SSL_CTX_set_info_callback(SSL_CTX *ctx, + void (*callback) (const SSL *ssl, int type, int val)); - void SSL_set_info_callback(SSL *ssl, void (*callback)()); - void (*SSL_get_info_callback(const SSL *ssl))(); + void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type, int val); + + void SSL_set_info_callback(SSL *ssl, + void (*callback) (const SSL *ssl, int type, int val)); + + void (*SSL_get_info_callback(const SSL *ssl)) (const SSL *ssl, int type, int val); =head1 DESCRIPTION @@ -119,7 +123,7 @@ SSL_get_info_callback() returns the current setting. The following example callback function prints state strings, information about alerts being handled and error messages to the B BIO. - void apps_ssl_info_callback(SSL *s, int where, int ret) + void apps_ssl_info_callback(const SSL *s, int where, int ret) { const char *str; int w = where & ~SSL_ST_MASK; diff --git a/doc/man3/SSL_CTX_set_msg_callback.pod b/doc/man3/SSL_CTX_set_msg_callback.pod index 7484773afe6534a9fa1e6f4e3fbce6d1bdb7e4d8..f046c77b535b9d4febbae49e6bb8aff4288a52be 100644 --- a/doc/man3/SSL_CTX_set_msg_callback.pod +++ b/doc/man3/SSL_CTX_set_msg_callback.pod @@ -58,8 +58,9 @@ when a protocol message has been sent. The protocol version according to which the protocol message is interpreted by the library such as B, B, -B etc. This is set to 0 for the SSL3_RT_HEADER pseudo -content type (see NOTES below). +B etc. For the SSL3_RT_HEADER pseudo +content type (see NOTES below) this value will be the decoded +version/legacy_version field of the record header. =item I @@ -172,6 +173,12 @@ The pseudo content types B, B, B, B and B were added in OpenSSL 3.2. +In versions previous to OpenSSL 3.0 I was called with 0 as I for +the pseudo content type B for TLS records. + +In versions previous to OpenSSL 3.2 I was called with 0 as I for +the pseudo content type B for DTLS records. + =head1 COPYRIGHT Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man3/d2i_PKCS8PrivateKey_bio.pod b/doc/man3/d2i_PKCS8PrivateKey_bio.pod index 5b5371b70f19cdacd2a4329021b6ec761d779c71..55ec34657504025c7a954c9e4743c2d7f9814626 100644 --- a/doc/man3/d2i_PKCS8PrivateKey_bio.pod +++ b/doc/man3/d2i_PKCS8PrivateKey_bio.pod @@ -8,7 +8,7 @@ i2d_PKCS8PrivateKey_nid_bio, i2d_PKCS8PrivateKey_nid_fp - PKCS#8 format private =head1 SYNOPSIS - #include + #include EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u); EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u); diff --git a/doc/man3/d2i_X509.pod b/doc/man3/d2i_X509.pod index 9226ef77c3946b0f5e181c03d86200ffd2957b11..00efb60358166186dad4267a84ba2629bb5abd44 100644 --- a/doc/man3/d2i_X509.pod +++ b/doc/man3/d2i_X509.pod @@ -390,10 +390,12 @@ to the returned structure is also written to I<*a>. If an error occurred then NULL is returned. On a successful return, if I<*a> is not NULL then it is assumed that I<*a> -contains a valid B> structure and an attempt is made to reuse it. This -"reuse" capability is present for historical compatibility but its use is -B (see BUGS below, and the discussion in the RETURN -VALUES section). +contains a valid B> structure and an attempt is made to reuse it. +For B> structures where it matters it is possible to set up a library +context on the decoded structure this way (see the B section). +However using the "reuse" capability for other purposes is B (see B below, and the discussion in the B +section). B_bio>() is similar to B>() except it attempts to parse data from BIO I. @@ -538,6 +540,22 @@ Alternative technique: if (d2i_X509(&x, &p, len) == NULL) /* error */ +Setting up a library context and property query: + + X509 *x; + unsigned char *buf; + const unsigned char *p; + int len; + OSSL_LIB_CTX *libctx = ....; + const char *propq = ....; + + /* Set up buf and len to point to the input buffer. */ + p = buf; + x = X509_new_ex(libctx, propq); + + if (d2i_X509(&x, &p, len) == NULL) + /* error, x was freed and NULL assigned to it (see RETURN VALUES) */ + =head1 WARNINGS Using a temporary variable is mandatory. A common diff --git a/doc/man7/EVP_KDF-PKCS12KDF.pod b/doc/man7/EVP_KDF-PKCS12KDF.pod index 05d4e902bd30f0b00db1c1f5bdad59f58fde04cd..986536569864274a7801524196f05e54848d27a2 100644 --- a/doc/man7/EVP_KDF-PKCS12KDF.pod +++ b/doc/man7/EVP_KDF-PKCS12KDF.pod @@ -80,7 +80,7 @@ This functionality was added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/EVP_RAND-TEST-RAND.pod b/doc/man7/EVP_RAND-TEST-RAND.pod index feab01431d928decda8e7ca636fe70f7ed6e0bde..b7a0e0b43c481810a4044a08d0266f70044814f3 100644 --- a/doc/man7/EVP_RAND-TEST-RAND.pod +++ b/doc/man7/EVP_RAND-TEST-RAND.pod @@ -113,7 +113,7 @@ This functionality was added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/provider-storemgmt.pod b/doc/man7/provider-storemgmt.pod index a8ce43c4bb2b5202789503d6d686abb3dccada9a..81d407a4b8b91051bd2a2801c911d5a77c940bf7 100644 --- a/doc/man7/provider-storemgmt.pod +++ b/doc/man7/provider-storemgmt.pod @@ -212,7 +212,7 @@ OSSL_FUNC_store_delete() callback was added in OpenSSL 3.2 =head1 COPYRIGHT -Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/include/crypto/asn1.h b/include/crypto/asn1.h index 180238526b92d7827618193a266c86aabdca6d08..36af1d7689293cbf0bb17ae91241c2d77ce4d2e4 100644 --- a/include/crypto/asn1.h +++ b/include/crypto/asn1.h @@ -1,5 +1,5 @@ /* - * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/crypto/context.h b/include/crypto/context.h index af81e15e1dc515803adb3247ab713f119576c8bf..7369a730fb81278bcfa4dc86e2147e06c9a6ee09 100644 --- a/include/crypto/context.h +++ b/include/crypto/context.h @@ -1,5 +1,5 @@ /* - * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/crypto/rand.h b/include/crypto/rand.h index 730be8b5d0245302769b450398b271ff0ae2f5e4..5841cccaa66e9faa557da2fbcbed760d102a973b 100644 --- a/include/crypto/rand.h +++ b/include/crypto/rand.h @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/evp.h b/include/openssl/evp.h index f343eccbffa199e308edac6a80562e2c3089d7fe..dbe6c72969fed8afc251f387fb763b74bde32e50 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -85,6 +85,8 @@ /* Easy to use macros for EVP_PKEY related selections */ # define EVP_PKEY_KEY_PARAMETERS \ ( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ) +# define EVP_PKEY_PRIVATE_KEY \ + ( EVP_PKEY_KEY_PARAMETERS | OSSL_KEYMGMT_SELECT_PRIVATE_KEY ) # define EVP_PKEY_PUBLIC_KEY \ ( EVP_PKEY_KEY_PARAMETERS | OSSL_KEYMGMT_SELECT_PUBLIC_KEY ) # define EVP_PKEY_KEYPAIR \ diff --git a/include/openssl/lhash.h.in b/include/openssl/lhash.h.in index 780639bd49083128a625ebe9329dc2385c686619..97dd3a4b84b24d2c06606e47701563c619f9f778 100644 --- a/include/openssl/lhash.h.in +++ b/include/openssl/lhash.h.in @@ -97,16 +97,16 @@ unsigned long OPENSSL_LH_get_down_load(const OPENSSL_LHASH *lh); void OPENSSL_LH_set_down_load(OPENSSL_LHASH *lh, unsigned long down_load); # ifndef OPENSSL_NO_STDIO -# ifndef OPENSSL_NO_DEPRECATED_3_2 -OSSL_DEPRECATEDIN_3_2 void OPENSSL_LH_stats(const OPENSSL_LHASH *lh, FILE *fp); -OSSL_DEPRECATEDIN_3_2 void OPENSSL_LH_node_stats(const OPENSSL_LHASH *lh, FILE *fp); -OSSL_DEPRECATEDIN_3_2 void OPENSSL_LH_node_usage_stats(const OPENSSL_LHASH *lh, FILE *fp); +# ifndef OPENSSL_NO_DEPRECATED_3_1 +OSSL_DEPRECATEDIN_3_1 void OPENSSL_LH_stats(const OPENSSL_LHASH *lh, FILE *fp); +OSSL_DEPRECATEDIN_3_1 void OPENSSL_LH_node_stats(const OPENSSL_LHASH *lh, FILE *fp); +OSSL_DEPRECATEDIN_3_1 void OPENSSL_LH_node_usage_stats(const OPENSSL_LHASH *lh, FILE *fp); # endif # endif -# ifndef OPENSSL_NO_DEPRECATED_3_2 -OSSL_DEPRECATEDIN_3_2 void OPENSSL_LH_stats_bio(const OPENSSL_LHASH *lh, BIO *out); -OSSL_DEPRECATEDIN_3_2 void OPENSSL_LH_node_stats_bio(const OPENSSL_LHASH *lh, BIO *out); -OSSL_DEPRECATEDIN_3_2 void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, BIO *out); +# ifndef OPENSSL_NO_DEPRECATED_3_1 +OSSL_DEPRECATEDIN_3_1 void OPENSSL_LH_stats_bio(const OPENSSL_LHASH *lh, BIO *out); +OSSL_DEPRECATEDIN_3_1 void OPENSSL_LH_node_stats_bio(const OPENSSL_LHASH *lh, BIO *out); +OSSL_DEPRECATEDIN_3_1 void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, BIO *out); # endif # ifndef OPENSSL_NO_DEPRECATED_1_1_0 @@ -181,7 +181,7 @@ OSSL_DEPRECATEDIN_3_2 void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH * } \ LHASH_OF(type) -# ifndef OPENSSL_NO_DEPRECATED_3_2 +# ifndef OPENSSL_NO_DEPRECATED_3_1 # define DEFINE_LHASH_OF_DEPRECATED(type) \ static ossl_unused ossl_inline void \ lh_##type##_node_stats_bio(const LHASH_OF(type) *lh, BIO *out) \ diff --git a/include/openssl/macros.h b/include/openssl/macros.h index 66fa4eec2e730f8ee79a3e33aaedb1497f314250..e9ef9387470c1fa2b4a63eedb1f303b33707fcd6 100644 --- a/include/openssl/macros.h +++ b/include/openssl/macros.h @@ -169,7 +169,7 @@ * 'no-deprecated'. */ -# undef OPENSSL_NO_DEPRECATED_3_2 +# undef OPENSSL_NO_DEPRECATED_3_1 # undef OPENSSL_NO_DEPRECATED_3_0 # undef OPENSSL_NO_DEPRECATED_1_1_1 # undef OPENSSL_NO_DEPRECATED_1_1_0 @@ -178,16 +178,16 @@ # undef OPENSSL_NO_DEPRECATED_1_0_0 # undef OPENSSL_NO_DEPRECATED_0_9_8 -# if OPENSSL_API_LEVEL >= 30200 +# if OPENSSL_API_LEVEL >= 30100 # ifndef OPENSSL_NO_DEPRECATED -# define OSSL_DEPRECATEDIN_3_2 OSSL_DEPRECATED(3.2) -# define OSSL_DEPRECATEDIN_3_2_FOR(msg) OSSL_DEPRECATED_FOR(3.2, msg) +# define OSSL_DEPRECATEDIN_3_1 OSSL_DEPRECATED(3.1) +# define OSSL_DEPRECATEDIN_3_1_FOR(msg) OSSL_DEPRECATED_FOR(3.1, msg) # else -# define OPENSSL_NO_DEPRECATED_3_2 +# define OPENSSL_NO_DEPRECATED_3_1 # endif # else -# define OSSL_DEPRECATEDIN_3_2 -# define OSSL_DEPRECATEDIN_3_2_FOR(msg) +# define OSSL_DEPRECATEDIN_3_1 +# define OSSL_DEPRECATEDIN_3_1_FOR(msg) # endif # if OPENSSL_API_LEVEL >= 30000 # ifndef OPENSSL_NO_DEPRECATED diff --git a/include/openssl/store.h b/include/openssl/store.h index 46fb4d40f0fd490fafe475a8383e81d46d3f2424..e6ea3cf87886af2f3aff9341edb54dd2e8100042 100644 --- a/include/openssl/store.h +++ b/include/openssl/store.h @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/common/provider_seeding.c b/providers/common/provider_seeding.c index f6463f8ada30cc29d2342b0aacffc12a58858297..c7b2ea6da62a30848ca16ca123cc1734ff15b055 100644 --- a/providers/common/provider_seeding.c +++ b/providers/common/provider_seeding.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums index db0dda5af6d5c66c35cb49de124b31967185159c..fc38dce27e395d8530d031de99eeec27d4b15e79 100644 --- a/providers/fips-sources.checksums +++ b/providers/fips-sources.checksums @@ -117,7 +117,7 @@ a6e8cf30340ffaec8aec41dfbef7341afe21e7b13e48899403c529368c0ec6fa crypto/context 67c2367871b9350a7f7af5be903d6bcca9ebdbff0e9a9bd9f61b56bef5b76696 crypto/core_algorithm.c f0fd9eb38bf7f196bbb4d26ce8fdf86d0a4f9db219157e66b2c0ffefb4f42005 crypto/core_fetch.c 2f03908edadddc55a61e4cfb4d76751a342f61aad564971df37a6b90c7b2a26f crypto/core_namemap.c -fe83e1d30a9ef0aa86c1342b4228380dea7e90f9f3cc8d28f5423dfbc1ded011 crypto/cpuid.c +a7f86c1495a140e5dc2acb737c5ff835691ead833842e0a37bbfc2116530b246 crypto/cpuid.c a6732e22ccb49cf51fc9dbf23f6059774b70ecc3d7e848c5df112a2d3c179027 crypto/cryptlib.c 66dbfc58916709d5a6913777346083247942a8d9458ee9b2bf443f0ea4988d64 crypto/ctype.c 51e56541daea6d4a26d5bae2ea458414063bf08b045bab8df370f6695903e0a5 crypto/der_writer.c @@ -161,7 +161,7 @@ ee897e230964511baa0d1bf95fb938312407a40a88ebe01476879c2763e5f732 crypto/ec/asm/ 063dac1e4a9573c47532123e9e03e3532a7473cc3e146521ba9ec6f486ddf3b1 crypto/ec/curve448/arch_64/arch_intrinsics.h 43423b7ee85a5c740c1d81499ee06f4a17732c7731a598e7429d5e402ee77cf4 crypto/ec/curve448/arch_64/f_impl.h c3146bb6777776d39b89647e3dd3e8afc3d19338c75ff294d6986289cef59c40 crypto/ec/curve448/arch_64/f_impl64.c -a3803940dcb1e53358edac1bc05fe8777b8007668d5aa11af5812b97d4f94c63 crypto/ec/curve448/curve448.c +cba11345e742cd4eedead0505f92062916ece6fa688cdbdf6466fbea12a7b16c crypto/ec/curve448/curve448.c a6c70707c520234ccd111562f012e1abf83c43b20b3b36c339ef1ea0369a9e5f crypto/ec/curve448/curve448_local.h 178fb9863c33174b633c2e7607160b1bedb506d66cc06d53382d87431441f306 crypto/ec/curve448/curve448_tables.c f30e13bba5a136ab9ba5225c98b9b94c2cd73fb3aef60f9dcde3cd471cfa1ca4 crypto/ec/curve448/curve448utils.h @@ -169,7 +169,7 @@ f30e13bba5a136ab9ba5225c98b9b94c2cd73fb3aef60f9dcde3cd471cfa1ca4 crypto/ec/curv 498fda3e0f2d261ab9729ae4de05ff1b496af4582aa019f507570f852d5a2726 crypto/ec/curve448/eddsa.c 9f712e7397b10f1dc88a6d18ff38dcda13d09c02775f3682f2b8698715b1095a crypto/ec/curve448/f_generic.c 070daafb9a532ebb8bc0af8b1341254f0cd3e8932a8c8a2dca7baeef6678768b crypto/ec/curve448/field.h -2ad8331e893b5db33198e27603891587686c0dfdab29706dc52a7097c5d6f219 crypto/ec/curve448/point_448.h +514014f9fa7835056aab1e6df5511fd7de8ecef3cfcada8e0eadec9b727b419c crypto/ec/curve448/point_448.h 1ff6e467d72530c71d21c310180d04a24f0a9cb41168fba94b43309ecdda3888 crypto/ec/curve448/scalar.c 3052a044afae2e91b677542fc8b34b3ec9d033e0c6562b0d43098cfb34ab3c9d crypto/ec/curve448/word.h ae1637d89287c9d22a34bdc0d67f6e01262a2f8dcef9b61369dba8c334f5a80d crypto/ec/ec2_oct.c @@ -222,7 +222,7 @@ c4c8a30541a51d50872f03994829419a72d52c8207f9047fdc6fd28dfd43c057 crypto/evp/key 759573aea2a4cc7b6f763b440e6868bfcfcb7ca94d812fa61ab24a194be2cb36 crypto/evp/pmeth_gn.c 7d9dfc974d15a2b7e2c1c6c54a594f0a14ccdfe5e2e1afe84a3a52130ac8097b crypto/evp/pmeth_lib.c 76d005962440945c127571ca3b3ece7c55944828b41d48c0bd1b819bd40408ab crypto/evp/signature.c -49059c31a933b2cc173ea0e3b5778e3cde9cf209fff624827c0915dc9f0324d7 crypto/ex_data.c +64f7e366e681930ba10267272b87dba223b9744a01c27ba0504a4941802a580d crypto/ex_data.c d986ec74995b05ff65a68df320ab45894ba35d7be4906f8d78ca5fca294a4e6c crypto/ffc/ffc_backend.c a12af33e605315cdddd6d759e70cd9632f0f33682b9aa7103ed1ecd354fc7e55 crypto/ffc/ffc_dh.c 854378f57707e31ad02cca6eec94369f91f327288d3665713e249c12f7b13211 crypto/ffc/ffc_key_generate.c @@ -233,8 +233,8 @@ c9c635805b26d85e8c0c7720592fb04b674cde4339fcd94712a4403e8677cb41 crypto/ffc/ffc 0a4fc92e408b0562cf95c480df93a9907a318a2c92356642903a5d50ed04fd88 crypto/hmac/hmac.c 0395c1b0834f2f4a0ca1756385f4dc1a4ef6fb925b2db3743df7f57256c5166f crypto/hmac/hmac_local.h 0e2d6129504d15ffaf5baa63158ccec0e4b6193a8275333956d8f868ef35127e crypto/ia64cpuid.S -5b38180a8ed150ab1be44a86cacd0c6668d2e6ba3de6b0c3420c8056543af54d crypto/initthread.c -6259c0e543faadc1c06a16095df38e9e4ce74a25b74e2951e601f9d4ea9bfb77 crypto/lhash/lhash.c +3f123f7de496711fa60c47aeaef96640571dbcb1657b23901307e04c3d712579 crypto/initthread.c +ee895c071ffb217e0f223d5546ae84cadde6701af67e718e9af7f06af531fa42 crypto/lhash/lhash.c 5d49ce00fc06df1b64cbc139ef45c71e0faf08a33f966bc608c82d574521a49e crypto/lhash/lhash_local.h a4f8f200ca749db91da97735c107836dfb2b623424b15c020ec6e48d874f4564 crypto/loongarch64cpuid.pl 460a7af09cde89a820b091522ada1310cfcec99c60aee505f94c48c35e9a29e8 crypto/loongarchcap.c @@ -265,14 +265,14 @@ bdf25257b15eca206be4d950d2dd807ca5f058f91f54edbd7a0d312ed83eef8e crypto/modes/o e55a816c356b2d526bc6e40c8b81afa02576e4d44c7d7b6bbe444fb8b01aad41 crypto/modes/wrap128.c 608a04f387be2a509b4d4ad414b7015ab833e56b85020e692e193160f36883a2 crypto/modes/xts128.c fb874ea18e9754dde11ef1c2993818074ff7cd8a74a981598745f7e11317bb91 crypto/modes/xts128gb.c -e49f44c0c91789015fd45f9260eafe3139e6b73ca2af612df4aa21b71c637ca1 crypto/o_str.c +f89e6864ebbff6321e360a6543d45b5f30773a86217ef37c7dfc146b7aa49d4b crypto/o_str.c b0decda3aae1d3e07cf3cbe9153cdde9deafe65fae346cd208951b4d7dec512e crypto/packet.c fb60966da0d636a59921c7eeadebedb79caa9667eb1622330ab7e1f31a8d24eb crypto/param_build.c fa2062acdb901c9b15904b5c8f805247bba8b0eaa935c35fdfbe8d53ff463a7a crypto/param_build_set.c a267f41a7dead2b1f7ea35ad7d2d04db50cb75d0fb20fbc2fa72ba7ea4dc34a0 crypto/params.c bb7b79b5a070050f5e7dfc66b5635f0891bc278e3e24eec3583b769b33bef657 crypto/params_dup.c b2bd2b5cf3de2fe130223470da22fe4c1b08e75f0c10fcb7d0c089c9f9851f78 crypto/params_from_text.c -e7bdda0dcbf7aa6d4b9d55efd7c59e78bc68aca644d64a7c316a044bccf20505 crypto/params_idx.c +9e9b831ae8f2f2ef75b29152a0b65bc157f4717f928d23a403fa49e11432daf8 crypto/params_idx.c c27b8c1659274be74e2d6e9fd76980df499d1331c0c2d51f41b3ad547ba88d59 crypto/ppccap.c 46fa4994a6234a98a2845d9337475913f6bc229f1928abc82224de7edf2784b8 crypto/ppccpuid.pl 467c416422ecf61e3b713c5eb259fdbcb4aa73ae8dee61804d0b85cfd3fff4f7 crypto/property/defn_cache.c @@ -284,7 +284,7 @@ a7cefda6a117550e2c76e0f307565ce1e11640b11ba10c80e469a837fd1212a3 crypto/propert bf5e9f8e49672afc09f4130ba300844d4412f9e3467985f693da70e34f1a4f3a crypto/provider_core.c d0af10d4091b2032aac1b7db80f8c2e14fa7176592716b25b9437ab6b53c0a89 crypto/provider_local.h 5ba2e1c74ddcd0453d02e32612299d1eef18eff8493a7606c15d0dc3738ad1d9 crypto/provider_predefined.c -ba5c07983cb1d18e6d3e97f8ea16f99175c5461efe99d160051c6bd2886c0217 crypto/rand/rand_lib.c +d2851ce0930b36e6f1fbc593a756d9a7c8097eb6b0ace163cecd917c8e9637dd crypto/rand/rand_lib.c fd03b9bb2c23470fa40880ed3bf9847bb17d50592101a78c0ad7a0f121209788 crypto/rand/rand_local.h f67fcf8351b046a00cf1baea29aefab3b4fc9521e0ba508abdd1a9ca44de40c3 crypto/riscv32cpuid.pl c0ff6a8ca7f52f759a945c4d475d00168b12386324e8177f301127b405ca793e crypto/riscv64cpuid.pl @@ -352,7 +352,7 @@ fb06844e7c3b014a58dccc8ec6020c71843cfdc5be08288bc7d204f0a840c474 crypto/sha/asm 0611845c52091b0208dd41f22ddef9dd1e68d3d92fa4c4360738b840a6314de6 crypto/sha/asm/sha512-sparcv9.pl f64d16c1e5c3fa4a7969de494a8372127502171a517c14be7a1e3a43a7308699 crypto/sha/asm/sha512-x86_64.pl 8725cabb8d695c576619f19283b034074a3fa0f1c0be952a9dbe9793be15b907 crypto/sha/asm/sha512p8-ppc.pl -b69b8a21115f4167641ef94f30846e367f479a2153a5de2991f0a34c564ce4b1 crypto/sha/keccak1600.c +83d52563e8b85ebf9e3448392c0b535a8564b7aaafc595e7a6653035a4511155 crypto/sha/keccak1600.c 306cacd3f86e5cacaca74c58ef862516515e5c0cafaff48636d537fd84f1c2fb crypto/sha/sha1dgst.c af4756bfeeabca490834f51e45e3fd726b5bbb35bb682b73d857a8c2e080c64f crypto/sha/sha256.c 3d972a11be18bfbfcd45790028635d63548bfe0a2e45d2fc56b6051b759d22f0 crypto/sha/sha3.c @@ -375,13 +375,13 @@ e29e0fc64feaa71c68da6e5f2fa8a00853f9b2d6a8b516eb474bde51e23065f6 crypto/threads 8b45f948303045d8f753858b1b892e3da13bebe1bdac500db91fbb54a0ac07da crypto/time.c fd6c27cf7c6b5449b17f2b725f4203c4c10207f1973db09fd41571efe5de08fd crypto/x86_64cpuid.pl bbec287bb9bf35379885f8f8998b7fd9e8fc22efee9e1b299109af0f33a7ee16 crypto/x86cpuid.pl -f24620e63469b36f9e015841fdabde2af35982268e61183fafcbd6fbdeeeca1d include/crypto/aes_platform.h -99e3f29e2f7f78a4f43f634c5c56a74e3b64b05ad077249eba64976bc47d6d37 include/crypto/asn1.h +492e7ba619c2e23a454503a7eaccf455af638484090d4671258203739666c644 include/crypto/aes_platform.h +68f6c521b1dbfacb99d75cb1ffdbcd1795d6e0157df69c6c6a7c04f85ea715ec include/crypto/asn1.h 8c6f308c1ca774e6127e325c3b80511dbcdc99631f032694d8db53a5c02364ee include/crypto/asn1_dsa.h d95af0a278bc2edef9c3e1129fc6e7b1577b1ea95249b05ef39c4a4847e9ddac include/crypto/bn.h 1c46818354d42bd1b1c4e5fdae9e019814936e775fd8c918ca49959c2a6416df include/crypto/bn_conf.h.in 7a43a4898fcc8446065e6c99249bcc14e475716e8c1d40d50408c0ab179520e6 include/crypto/bn_dh.h -9a7c2ed3703a83e14d25440dc63ef933b21a7225dfc28314a2a23e31706153e9 include/crypto/context.h +a6957475e4c7ae80c06537c3fd3b63f2368b664da54a96befd0a6fa38de27b4a include/crypto/context.h e69b2b20fb415e24b970941c84a62b752b5d0175bc68126e467f7cc970495504 include/crypto/cryptlib.h 6c72cfa9e59d276c1debcfd36a0aff277539b43d2272267147fad4165d72747c include/crypto/ctype.h 09a27585de4638577b482ec9102a0e70d843dee6297a2d45e27d888f6de5e27f include/crypto/decoder.h @@ -394,7 +394,7 @@ c7aafee54cc3ace0c563f15aa5af2cdce13e2cfc4f9a9a133952825fb7c8faf5 include/crypto bbe5e52d84e65449a13e42cd2d6adce59b8ed6e73d6950917aa77dc1f3f5dff6 include/crypto/lhash.h 906bc2316e4f4651e5db7a8273ec3bb4bcbfb55f0f484bebdae4f6d0ce033bdf include/crypto/md32_common.h 6e7762e7fb63f56d25b24f70209f4dc834c59a87f74467531ec81646f565dbe3 include/crypto/modes.h -8aa4f71ebd9753baceed428e323d5f550d74aff43ab9a55eda7c096d838b8f49 include/crypto/rand.h +38fdd544efa495426cc684894727cf05a0f125f5cf6e11de133d43f785d5bcce include/crypto/rand.h 90930fc8788d6e04e57829346e0405293ac7a678c3cef23d0692c742e9586d09 include/crypto/rand_pool.h 2f502340909e531a9a7c71451400eb68a53bf62015c17b0169b1efffb0703882 include/crypto/rsa.h 32f0149ab1d82fddbdfbbc44e3078b4a4cc6936d35187e0f8d02cc0bc19f2401 include/crypto/security_bits.h @@ -411,7 +411,7 @@ dc5afb955d810feb5af9f8d25cd8a92118abef320fee95c07b04f301c4e0d96c include/intern 8059e715f981fbe02b5731610ed24bb6ae617a55e90b03f4260cbb6ccd71e8de include/internal/deterministic_nonce.h fd1722d6b79520ee4ac477280d5131eb1b744c3b422fd15f5e737ef966a97c3b include/internal/dso.h f144daebef828a5bd4416466257a50f06b894e0ce0adf1601aa381f34f25a9e7 include/internal/dsoerr.h -6b15a2abd526a0c09aedd122b4e7bd4a1c132d586f7ac11837b05549a28a4b31 include/internal/e_os.h +99276e4650bfdcddac06eaa70dd2e255b30b61ebd8ef948384e28b1dd17ddb61 include/internal/e_os.h 70d3e0d5a1bd8db58dcc57bea4d1c3ed816c735fe0e6b2f4b07073712d2dc5ef include/internal/endian.h 19b0b6356921484359c2e5e7839ffc476fe48a31fbae31595545a58c920ae224 include/internal/ffc.h 55c4102496ed5ab16de11afe38c328a1396c3b6e2c7e44add4a38855103c19da include/internal/namemap.h @@ -440,7 +440,7 @@ ef96b731db0e0998c11a297d601f5b37c02525774d532fb4f92160e9069c7dfc include/intern 47fd81a330f042baf3675f4154c6276ab7a8cf76efaf01288abe41f119ec5588 include/openssl/asn1.h.in d4733dcd490b3a2554eaf859d1ea964fe76f7d24f78e42be1094bdad6dee7429 include/openssl/asn1err.h 1550474ee05423896ec4abfb6346f1bc44c7be22329efac9ea25de10e81d549c include/openssl/asn1t.h.in -96c3b90a890f5dce1c9186c8d5bc26769bb8e1f0254d304fc9f1ae018344b497 include/openssl/bio.h.in +5610c3cb39f1c6d6dc071836b4b92f686f1c5931bfc11de0ba9a9bcd0bdc995b include/openssl/bio.h.in fe5ab4bc904b7c77e5411c4b7dda6d29595eb60a87f00e30ab32f48391f98b44 include/openssl/bioerr.h 9caa80699882befcce556446a45e5ffde5aa938aa2aae0e8ecd46c9c6a3fe419 include/openssl/bn.h 9ad8b04764797f5138f01f549ba18b44cf698ffc7fe795fef42c1822d84a6ff4 include/openssl/bnerr.h @@ -452,7 +452,7 @@ f20c3c845129a129f5e0b1dae970d86a5c96ab49f2e3f6f364734521e9e1abe3 include/openss 69d98c5230b1c2a1b70c3e6b244fcfd8460a80ebf548542ea43bb1a57fe6cf57 include/openssl/configuration.h.in 6b3810dac6c9d6f5ee36a10ad6d895a5e4553afdfb9641ce9b7dc5db7eef30b7 include/openssl/conftypes.h 28c6f0ede39c821dcf4abeeb4e41972038ebb3e3c9d0a43ffdf28edb559470e1 include/openssl/core.h -99d507e9aa0b4ad94b191b1aba2cb5d426b8fe130910e6f9c86a8ca62f42f8cc include/openssl/core_dispatch.h +6876672a5dc96fbf25162b48615ea8f827f3ac3e7982bd09b0d0a7a2dd74cfc0 include/openssl/core_dispatch.h 8b4027cf19ce2a7cbad506cde61552123818b6eae62d5fbdae34e9f68660e6f8 include/openssl/core_names.h.in 371413ef13841f1245a225c8ec1cec463629c42bfc33254f979d2a8672112f9a include/openssl/crypto.h.in 2f9570c2514b4d1b2a86fbdf30ced879e5c52e62f1d3691cb3da37ce4f6a98dd include/openssl/cryptoerr.h @@ -491,7 +491,7 @@ ed785c451189aa5f7299f9f32a841e7f25b67c4ee937c8de8491a39240f5bd9d include/openss 08980b1dbc01e2926fc59707d867030fc7a3d37dc625c0e1edf2d31bdf71b2fb include/openssl/proverr.h 03bda8974476f0f038a7cfa0cb30f0b8210d55c74c6e7e853fd1564dca3e2b14 include/openssl/provider.h e512ab2e492d968a9bf8b2b048f79ac5dfe11bddf3c00f2eec6e9c6ecc57d330 include/openssl/rand.h -108966f56c82fedff53df76a4aa7861c82be4db1fd1ddafb59dc086ea155831c include/openssl/randerr.h +5be9d723cf368b48ab35bda5db1a3e83bda6e9e38218dd0b020be1a5427e7488 include/openssl/randerr.h 2f4f0106e9b2db6636491dbe3ef81b80dbf01aefe6f73d19663423b7fcd54466 include/openssl/rsa.h 2f339ba2f22b8faa406692289a6e51fdbbb04b03f85cf3ca849835e58211ad23 include/openssl/rsaerr.h 6586f2187991731835353de0ffad0b6b57609b495e53d0f32644491ece629eb2 include/openssl/safestack.h.in @@ -533,29 +533,29 @@ e1ef8b2be828a54312d6561b37751a5b6e9d5ebdb6c3e63589728c3d8adca7dc providers/comm c2b4301a9f835c0b3776ad3afba7121d00cd7ae6387fe11c96269a37da08027c providers/common/include/prov/securitycheck.h 737cc1228106e555e9bab24e3c2438982e04e05b0d5b9ee6995d71df16c49143 providers/common/provider_ctx.c 3f5656c405ec57a261df7af940c1512990555361f69488a28d65e16f6b865a1d providers/common/provider_err.c -2f334bf2292bc394778eacaec57e7419e62d0918c166098cc65a09e8c3f5171e providers/common/provider_seeding.c +101d50bfdd8a9aaf096f5d0d80b874d9c59f9c0c4433159cda96426777aae09f providers/common/provider_seeding.c 6e833d259d04cdedc007e6cda52fd706527edcf4b4432dbd88cbf45c3f7a4442 providers/common/provider_util.c 5b94312727ca33e4f5c038f4caaae8417bf584cfde22df83d91f3c55c30c81ee providers/common/securitycheck.c bc4370324c4c8791ea6de8641d255073c6745ee984e18912d535e155d9815244 providers/common/securitycheck_fips.c abd5997bc33b681a4ab275978b92aebca0806a4a3f0c2f41dacf11b3b6f4e101 providers/fips/fips_entry.c -5d4c2e93c2aef3f74aea56e6680bc1735081f680102f09d7d0b22d1df53767fb providers/fips/fipsprov.c -bf247e11ce05e274ab668e80e6e86ed3747b2848570e20b993e68b54559334a3 providers/fips/self_test.c +42cd9a91e687784eb44be472075f3ed5f6ec60a47fc1db7ef5b577949cbbee85 providers/fips/fipsprov.c +029fad3c27617c725e516621c2f6c3a0e1dca0fa22f4e89a1a6b9a977c8d935d providers/fips/self_test.c f822a03138e8b83ccaa910b89d72f31691da6778bf6638181f993ec7ae1167e3 providers/fips/self_test.h 551631b909f8d173eafcccac782a44c8aed92bb8463bfccdb936b7f3aee2a48b providers/fips/self_test_data.inc -ed6dc106e223a422b133f774f94079fcd404899d7fad624179dd152354dbb500 providers/fips/self_test_kats.c +5b6d8dbc1365974eb9a5d417b2276d40fa7b9e733bb224200d20a61b4b025973 providers/fips/self_test_kats.c 4428a56f5d195547348c743df0c14ac9c97cd7b60ce09b76cffe5e7c9296daec providers/implementations/asymciphers/rsa_enc.c c2f1b12c64fc369dfc3b9bc9e76a76de7280e6429adaee55d332eb1971ad1879 providers/implementations/ciphers/cipher_aes.c f9d4b30e7110c90064b990c07430bb79061f4436b06ccaa981b25c306cfbfaa2 providers/implementations/ciphers/cipher_aes.h -480c1f44157dff5fc65369f5c29a5369528061576c00a6454f3e54b37f9f8af1 providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c +20494fb9eb9f0578a3a574e0c6406108cfb28d7895a1891d57b3238420ec4f7b providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c 7668e5c1cac474ad7b0f28aa78ca885edf44815fe4a606a6cd328b3c02fac25a providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.h 26e0f28523b416ba4067e471061f5a11fd76f5dc8bfe57ce37a137cf5667630b providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c 6d2ab2e059ef38fad342d4c65eebd533c08a2092bb174ff3566c6604e175c5a4 providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c -6d6bf36329af3b77f457898294be05fea3940a61cdaf0ed60cfb8d091a94186e providers/implementations/ciphers/cipher_aes_ccm.c +f37c3cf9e2e6fcfcbed941f3670b790fe09990349db72eb065bef51705d46e96 providers/implementations/ciphers/cipher_aes_ccm.c 00f36bf48e522dbb5ec71df0ec13e387955fa3672e6ff90e8a412ae95c4a642f providers/implementations/ciphers/cipher_aes_ccm.h 17b9d63357824c24b48c889e27f74e8882bfce740f4c755ae5843def46abe650 providers/implementations/ciphers/cipher_aes_ccm_hw.c 302b3819ff9fdfed750185421616b248b0e1233d75b45a065490fe4762b42f55 providers/implementations/ciphers/cipher_aes_ccm_hw_aesni.inc a8eaca99a71521ff8ac4ffcf08315e59220f7e0b7f505ecddad04fadd021ec14 providers/implementations/ciphers/cipher_aes_cts.inc -710ee60704dd9dffa2a11e2e96596af1f7f84f915cedcedeec7292e0d978317a providers/implementations/ciphers/cipher_aes_gcm.c +7e886ecc088b5903aa082eac72a4c46f9064392bdf5723a592368ecebfeb71c0 providers/implementations/ciphers/cipher_aes_gcm.c 79f5a732820d2512a7f4fc2a99ece7e6e2523a51e62561eb67a4b70d5538b0c4 providers/implementations/ciphers/cipher_aes_gcm.h 986450da9f87b3cea00880c5bb5b0908b201ba27f68942b9f8bfff393610b3bb providers/implementations/ciphers/cipher_aes_gcm_hw.c be18c20e0197f25fe7b9e0268657a2271a69d216b89cb100f082fa5fcaad1e07 providers/implementations/ciphers/cipher_aes_gcm_hw_aesni.inc @@ -565,7 +565,7 @@ be18c20e0197f25fe7b9e0268657a2271a69d216b89cb100f082fa5fcaad1e07 providers/impl 5eb2b02ac65ed2c537c5be65779065077d141dd16730666a2bb00ca08b05f861 providers/implementations/ciphers/cipher_aes_ocb.c 88138a1aff9705e608c0557653be92eb4de65b152555a2b79ec8b2a8fae73e8f providers/implementations/ciphers/cipher_aes_ocb.h 5840571376d5e32681644224ef25e70ca771357f9e8ce152eada6a15df113731 providers/implementations/ciphers/cipher_aes_ocb_hw.c -be3e7c7069aa177f8a3485cf3e2d0e2f5ac28196372e8b6471e756580b7ac3ae providers/implementations/ciphers/cipher_aes_wrp.c +110f14e06311883d5e312b37e9d87c51f809592d3092ecd8eb449ea4bc7cac38 providers/implementations/ciphers/cipher_aes_wrp.c a79fde91348c9df6bb359e5353a442800ca514a1ffcb68e5cc5f7afe7d57d5ec providers/implementations/ciphers/cipher_aes_xts.c c4a2499b214d7cf786dafaaee5c8c6963b3d5d1c27c144eec4b460f839074a3b providers/implementations/ciphers/cipher_aes_xts.h 281157d1da4d7285d878978e6d42d0d33b3a6bc16e3bc5b6879e39093a7d70da providers/implementations/ciphers/cipher_aes_xts_fips.c @@ -586,13 +586,13 @@ bb67eaa7a98494ca938726f9218213870fc97dd87b56bda950626cc794baf20b providers/impl c4b1cb143de15acc396ce2e03fdd165defd25ebc831de9cdfacf408ea883c666 providers/implementations/ciphers/ciphercommon_local.h 39b47b6ef9d71852964c26e07ef0e9b23f04c7493b1b16ba7c3dba7074b6b70d providers/implementations/digests/digestcommon.c 5f41dd1bf77bd08d287a875f9d6e5a423bf286524694ae7ee133cdd03ee763c0 providers/implementations/digests/sha2_prov.c -9aa1ab14059f0b3db8091c7bb900e5f1487c0d0e925a71d79d7575f4a7a60444 providers/implementations/digests/sha3_prov.c +66a8eef0ecb12df2d38111735a7cb3257b85039c34fda6fc0e41db96e2d328cb providers/implementations/digests/sha3_prov.c 4b774bf9267ebe05bf90076bc18e19a21e03ee2716bdb8fc4e6458774e9a820c providers/implementations/exchange/dh_exch.c b2d80c38dd62b46f2dd71e81a5684f54f43200d3ddbb86178081760ecc93525c providers/implementations/exchange/ecdh_exch.c 4994df237719649b086a032bd64c1cf38ceb4e67dd8ec98da20edf5bc3eadb0b providers/implementations/exchange/ecx_exch.c 2c8421ca27626472fd263172c76188b8b3eeda996dc925d052a8809543a33c11 providers/implementations/exchange/kdf_exch.c 24b784d29c46f6f7fd6d775ecef6a96bfd5faaa7a555f0aa0c97e94b74f09bc1 providers/implementations/include/prov/ciphercommon.h -c83f3f7a45738aa10465b8371ad38827009273322bcd62969322bc4ab4bc81a2 providers/implementations/include/prov/ciphercommon_aead.h +a5ea831a23c0f52a37660437f6c61f129c3f8428daf6f8cd8dd458f358c56937 providers/implementations/include/prov/ciphercommon_aead.h a07b9c86346100feef15c9abb57e48a6099bc9fa782724a2283f17910ef192fb providers/implementations/include/prov/ciphercommon_ccm.h 45e45a82a91751b27cf5160f14b6407bce3372591dc965e565d8091e46179e6b providers/implementations/include/prov/ciphercommon_gcm.h b9a61ce951c1904d8315b1bb26c0ab0aaadb47e71d4ead5df0a891608c728c4b providers/implementations/include/prov/digestcommon.h @@ -627,11 +627,11 @@ f29f282463f5bc432129850619edc427fe1d6cc8aa107b5703b11858b48790da providers/impl 145f3d5d5ebd5fb3bbe32705d7d71ff03e35b776f1c77d2f43781263ccc6a808 providers/implementations/macs/kmac_prov.c 3034074f99b02db045f2ccecc8782322e876dad07a3c169bdb24168b6b1f8cbd providers/implementations/rands/crngt.c 51688b34a8ba14234cf91c318ce9f97b8a54dbb501d6f56aa53d472f877d3660 providers/implementations/rands/drbg.c -b436b9f1c5525884e9adcc941726e0cf4bb135517f4dc403f24fec128c9cae8c providers/implementations/rands/drbg_ctr.c -118c2f62f765c0324695cb286670ae024cbeaacd989666da8e3daa8d0ec44c65 providers/implementations/rands/drbg_hash.c -3096525926ee80fec225c16e89fc9d58867de5f63b1e7a0736ed56ca09f19f2b providers/implementations/rands/drbg_hmac.c -e65a6972711303a71636ee7e31cab6dfd1734a97e25b4dce119060c1487bbe33 providers/implementations/rands/drbg_local.h -26d86b55837f515684865cb0e327aea435a9b7f27bf296287d44209f9a5df6ff providers/implementations/rands/test_rng.c +c18ec061bfb908dadebd47ee49fd4aa3fd0d320a0ed85a0f8ae841be4be787d6 providers/implementations/rands/drbg_ctr.c +52df0b9fa3d9357364a27773418aba82def6ac3a3bf027f0e14398cf4e10a247 providers/implementations/rands/drbg_hash.c +989aae213883f4d21480a09273cc21b0ca5d482f4e2ebf6e513ce8853a7c727f providers/implementations/rands/drbg_hmac.c +df266cab55613a7515fa1eed7212bd07281d1d36bffcab436d2cb01cf514dd3d providers/implementations/rands/drbg_local.h +9fd2c79b264eed85ae750a70354fa9dfdfc54e8df72df6ceff403d68772214e8 providers/implementations/rands/test_rng.c a9aa31d091df5b8f6710dd36761dfe7d32b6da1881f8581bed85ad4e171b0969 providers/implementations/signature/dsa_sig.c 6c8b5f325c997014bd71331c9eb6c185838cd81c10c3ad74dd65289ae923d629 providers/implementations/signature/ecdsa_sig.c d9d4bbbb0af0d1db6f586a36fd63236e4becdd52468a1e6510994e80988400aa providers/implementations/signature/eddsa_sig.c diff --git a/providers/fips.checksum b/providers/fips.checksum index 5697105a43261fb1d77b8cc2c23b0bd2da7d618f..844a7f7b2bd7249c87006f37e72f7658181452b9 100644 --- a/providers/fips.checksum +++ b/providers/fips.checksum @@ -1 +1 @@ -91f820645394cd8895d6fef399ee8e0df13817aa5430eda3ce8fbfb14ccfd3fc providers/fips-sources.checksums +179decb772ecd0063d75b578b699896a9b795033b891f520cc3577a2590d98b9 providers/fips-sources.checksums diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c index 82a7ac78fb01341ff682fcb35711dbf6e51f61f5..f13c41abd671a4fce75dbbb51d760d8e53662a0f 100644 --- a/providers/fips/self_test_kats.c +++ b/providers/fips/self_test_kats.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/ciphers/cipher_aes_ccm.c b/providers/implementations/ciphers/cipher_aes_ccm.c index 3930f52d60650e5ab4ab8adf0771c465f9094f48..8c96328096ac77ca03f7cf8658f211e164ded34c 100644 --- a/providers/implementations/ciphers/cipher_aes_ccm.c +++ b/providers/implementations/ciphers/cipher_aes_ccm.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/ciphers/cipher_aes_gcm.c b/providers/implementations/ciphers/cipher_aes_gcm.c index edc3cc262ef958133f4d50b0aa9ce6e5e0544c80..1114bd874063c1082068e1446159cad4c455f84f 100644 --- a/providers/implementations/ciphers/cipher_aes_gcm.c +++ b/providers/implementations/ciphers/cipher_aes_gcm.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/ciphers/cipher_aria_ccm.c b/providers/implementations/ciphers/cipher_aria_ccm.c index 5fae5934698a2d7a43ec43a156c8386623a0a94e..0a0f52cdcc1b07b5431e052194de5762a72564b1 100644 --- a/providers/implementations/ciphers/cipher_aria_ccm.c +++ b/providers/implementations/ciphers/cipher_aria_ccm.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/ciphers/cipher_aria_gcm.c b/providers/implementations/ciphers/cipher_aria_gcm.c index f9eb64cc194f6f1b5a307adaca2d166bd4ce4ec2..e794a80a00a4919c40766976e41229479d72afa6 100644 --- a/providers/implementations/ciphers/cipher_aria_gcm.c +++ b/providers/implementations/ciphers/cipher_aria_gcm.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/ciphers/cipher_sm4_ccm.c b/providers/implementations/ciphers/cipher_sm4_ccm.c index 47fc6e103cce00b84281e37eb2c8e2acee6dd07a..3af84d85b7dc19d1d88fb33135e8b23e0f3e4cc2 100644 --- a/providers/implementations/ciphers/cipher_sm4_ccm.c +++ b/providers/implementations/ciphers/cipher_sm4_ccm.c @@ -1,5 +1,5 @@ /* - * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/ciphers/cipher_sm4_gcm.c b/providers/implementations/ciphers/cipher_sm4_gcm.c index e8fcf5787e48986e9850e575b6c176a0ec7b7de7..1128f659393e03ed9f7663529f526be21712f9d1 100644 --- a/providers/implementations/ciphers/cipher_sm4_gcm.c +++ b/providers/implementations/ciphers/cipher_sm4_gcm.c @@ -1,5 +1,5 @@ /* - * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/digests/blake2_prov.c b/providers/implementations/digests/blake2_prov.c index 298bc66de65a5b3179e80a308c6705896dd09671..34bbd7ed37d5468d8cda1fef997bb522a344b0f8 100644 --- a/providers/implementations/digests/blake2_prov.c +++ b/providers/implementations/digests/blake2_prov.c @@ -23,8 +23,11 @@ static int ossl_blake2s256_init(void *ctx) static int ossl_blake2b512_init(void *ctx) { struct blake2b_md_data_st *mdctx = ctx; + uint8_t digest_length = mdctx->params.digest_length; ossl_blake2b_param_init(&mdctx->params); + if (digest_length != 0) + mdctx->params.digest_length = digest_length; return ossl_blake2b_init(&mdctx->ctx, &mdctx->params); } diff --git a/providers/implementations/digests/blake2b_prov.c b/providers/implementations/digests/blake2b_prov.c index 8125dab41f415dc46357063e7f500c738d74a3d8..0e3e894a43bd44f1eee1e978897e15288de69211 100644 --- a/providers/implementations/digests/blake2b_prov.c +++ b/providers/implementations/digests/blake2b_prov.c @@ -121,8 +121,7 @@ static void blake2b_init_param(BLAKE2B_CTX *S, const BLAKE2B_PARAM *P) /* Initialize the parameter block with default values */ void ossl_blake2b_param_init(BLAKE2B_PARAM *P) { - if (P->digest_length == 0) - P->digest_length = BLAKE2B_DIGEST_LENGTH; + P->digest_length = BLAKE2B_DIGEST_LENGTH; P->key_length = 0; P->fanout = 1; P->depth = 1; diff --git a/providers/implementations/encode_decode/encode_key2text.c b/providers/implementations/encode_decode/encode_key2text.c index f335870a4cf5dceb1cbcc833b48c14e915a7d67f..c0c292328592fe033db6af972cd996d17bf1aed9 100644 --- a/providers/implementations/encode_decode/encode_key2text.c +++ b/providers/implementations/encode_decode/encode_key2text.c @@ -241,7 +241,7 @@ static int dh_to_text(BIO *out, const void *key, int selection) return 0; } } - if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { + if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { pub_key = DH_get0_pub_key(dh); if (pub_key == NULL) { ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY); @@ -316,7 +316,7 @@ static int dsa_to_text(BIO *out, const void *key, int selection) return 0; } } - if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { + if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { pub_key = DSA_get0_pub_key(dsa); if (pub_key == NULL) { ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY); @@ -526,7 +526,7 @@ static int ec_to_text(BIO *out, const void *key, int selection) if (priv_len == 0) goto err; } - if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { + if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { const EC_POINT *pub_pt = EC_KEY_get0_public_key(ec); if (pub_pt == NULL) { @@ -577,26 +577,31 @@ static int ecx_to_text(BIO *out, const void *key, int selection) return 0; } + switch (ecx->type) { + case ECX_KEY_TYPE_X25519: + type_label = "X25519"; + break; + case ECX_KEY_TYPE_X448: + type_label = "X448"; + break; + case ECX_KEY_TYPE_ED25519: + type_label = "ED25519"; + break; + case ECX_KEY_TYPE_ED448: + type_label = "ED448"; + break; + } + if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { if (ecx->privkey == NULL) { ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PRIVATE_KEY); return 0; } - switch (ecx->type) { - case ECX_KEY_TYPE_X25519: - type_label = "X25519 Private-Key"; - break; - case ECX_KEY_TYPE_X448: - type_label = "X448 Private-Key"; - break; - case ECX_KEY_TYPE_ED25519: - type_label = "ED25519 Private-Key"; - break; - case ECX_KEY_TYPE_ED448: - type_label = "ED448 Private-Key"; - break; - } + if (BIO_printf(out, "%s Private-Key:\n", type_label) <= 0) + return 0; + if (!print_labeled_buf(out, "priv:", ecx->privkey, ecx->keylen)) + return 0; } else if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { /* ecx->pubkey is an array, not a pointer... */ if (!ecx->haspubkey) { @@ -604,29 +609,11 @@ static int ecx_to_text(BIO *out, const void *key, int selection) return 0; } - switch (ecx->type) { - case ECX_KEY_TYPE_X25519: - type_label = "X25519 Public-Key"; - break; - case ECX_KEY_TYPE_X448: - type_label = "X448 Public-Key"; - break; - case ECX_KEY_TYPE_ED25519: - type_label = "ED25519 Public-Key"; - break; - case ECX_KEY_TYPE_ED448: - type_label = "ED448 Public-Key"; - break; - } + if (BIO_printf(out, "%s Public-Key:\n", type_label) <= 0) + return 0; } - if (BIO_printf(out, "%s:\n", type_label) <= 0) - return 0; - if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0 - && !print_labeled_buf(out, "priv:", ecx->privkey, ecx->keylen)) - return 0; - if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0 - && !print_labeled_buf(out, "pub:", ecx->pubkey, ecx->keylen)) + if (!print_labeled_buf(out, "pub:", ecx->pubkey, ecx->keylen)) return 0; return 1; diff --git a/providers/implementations/rands/test_rng.c b/providers/implementations/rands/test_rng.c index 0006468d06638aa76b79b4c297ead1b8b0e03319..57b36469caa58e560f3e68f4cdc744f4bc7c3417 100644 --- a/providers/implementations/rands/test_rng.c +++ b/providers/implementations/rands/test_rng.c @@ -47,6 +47,7 @@ typedef struct { unsigned char *entropy, *nonce; size_t entropy_len, entropy_pos, nonce_len; CRYPTO_RWLOCK *lock; + uint32_t seed; } PROV_TEST_RNG; static void *test_rng_new(void *provctx, void *parent, @@ -88,6 +89,7 @@ static int test_rng_instantiate(void *vtest, unsigned int strength, t->state = EVP_RAND_STATE_READY; t->entropy_pos = 0; + t->seed = 221953166; /* Value doesn't matter, so long as it isn't zero */ return 1; } @@ -103,7 +105,22 @@ static int test_rng_uninstantiate(void *vtest) static unsigned char gen_byte(PROV_TEST_RNG *t) { - return rand() & 0xff; + uint32_t n; + + /* + * Implement the 32 bit xorshift as suggested by George Marsaglia in: + * https://doi.org/10.18637/jss.v008.i14 + * + * This is a very fast PRNG so there is no need to extract bytes one at a + * time and use the entire value each time. + */ + n = t->seed; + n ^= n << 13; + n ^= n >> 17; + n ^= n << 5; + t->seed = n; + + return n & 0xff; } static int test_rng_generate(void *vtest, unsigned char *out, size_t outlen, diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index 8bbabd8f413ef0ce45380c3825809fbb865af4b3..be4ff02a897cd02e8c5e109a40e0488738a6410b 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -411,7 +411,7 @@ int DTLSv1_listen(SSL *ssl, BIO_ADDR *client) const unsigned char *data; unsigned char *buf = NULL, *wbuf; size_t fragoff, fraglen, msglen; - unsigned int rectype, versmajor, msgseq, msgtype, clientvers, cookielen; + unsigned int rectype, versmajor, versminor, msgseq, msgtype, clientvers, cookielen; BIO *rbio, *wbio; BIO_ADDR *tmpclient = NULL; PACKET pkt, msgpkt, msgpayload, session, cookiepkt; @@ -496,17 +496,18 @@ int DTLSv1_listen(SSL *ssl, BIO_ADDR *client) goto end; } - if (s->msg_callback) - s->msg_callback(0, 0, SSL3_RT_HEADER, buf, - DTLS1_RT_HEADER_LENGTH, ssl, s->msg_callback_arg); - /* Get the record header */ if (!PACKET_get_1(&pkt, &rectype) - || !PACKET_get_1(&pkt, &versmajor)) { + || !PACKET_get_1(&pkt, &versmajor) + || !PACKET_get_1(&pkt, &versminor)) { ERR_raise(ERR_LIB_SSL, SSL_R_LENGTH_MISMATCH); goto end; } + if (s->msg_callback) + s->msg_callback(0, (versmajor << 8) | versminor, SSL3_RT_HEADER, buf, + DTLS1_RT_HEADER_LENGTH, ssl, s->msg_callback_arg); + if (rectype != SSL3_RT_HANDSHAKE) { ERR_raise(ERR_LIB_SSL, SSL_R_UNEXPECTED_MESSAGE); goto end; @@ -521,9 +522,8 @@ int DTLSv1_listen(SSL *ssl, BIO_ADDR *client) goto end; } - if (!PACKET_forward(&pkt, 1) - /* Save the sequence number: 64 bits, with top 2 bytes = epoch */ - || !PACKET_copy_bytes(&pkt, seq, SEQ_NUM_SIZE) + /* Save the sequence number: 64 bits, with top 2 bytes = epoch */ + if (!PACKET_copy_bytes(&pkt, seq, SEQ_NUM_SIZE) || !PACKET_get_length_prefixed_2(&pkt, &msgpkt)) { ERR_raise(ERR_LIB_SSL, SSL_R_LENGTH_MISMATCH); goto end; diff --git a/ssl/record/methods/dtls_meth.c b/ssl/record/methods/dtls_meth.c index fd89038eb0c469f4975125b96571b69e5f9f9cc0..258dbd3b14a0b2dc76fb902a1a1256c0ebf7bba0 100644 --- a/ssl/record/methods/dtls_meth.c +++ b/ssl/record/methods/dtls_meth.c @@ -383,7 +383,6 @@ int dtls_get_more_records(OSSL_RECORD_LAYER *rl) size_t more, n; TLS_RL_RECORD *rr; unsigned char *p = NULL; - unsigned short version; DTLS_BITMAP *bitmap; unsigned int is_next_epoch; @@ -430,15 +429,11 @@ int dtls_get_more_records(OSSL_RECORD_LAYER *rl) p = rl->packet; - if (rl->msg_callback != NULL) - rl->msg_callback(0, 0, SSL3_RT_HEADER, p, DTLS1_RT_HEADER_LENGTH, - rl->cbarg); - /* Pull apart the header into the DTLS1_RECORD */ rr->type = *(p++); ssl_major = *(p++); ssl_minor = *(p++); - version = (ssl_major << 8) | ssl_minor; + rr->rec_version = (ssl_major << 8) | ssl_minor; /* sequence number is 64 bits, with top 2 bytes = epoch */ n2s(p, rr->epoch); @@ -448,12 +443,16 @@ int dtls_get_more_records(OSSL_RECORD_LAYER *rl) n2s(p, rr->length); + if (rl->msg_callback != NULL) + rl->msg_callback(0, rr->rec_version, SSL3_RT_HEADER, rl->packet, DTLS1_RT_HEADER_LENGTH, + rl->cbarg); + /* * Lets check the version. We tolerate alerts that don't have the exact * version number (e.g. because of protocol version errors) */ if (!rl->is_first_record && rr->type != SSL3_RT_ALERT) { - if (version != rl->version) { + if (rr->rec_version != rl->version) { /* unexpected version, silently discard */ rr->length = 0; rl->packet_length = 0; @@ -569,6 +568,11 @@ int dtls_get_more_records(OSSL_RECORD_LAYER *rl) goto again; /* get another record */ } + if (rl->funcs->post_process_record && !rl->funcs->post_process_record(rl, rr)) { + /* RLAYERfatal already called */ + return OSSL_RECORD_RETURN_FATAL; + } + rl->num_recs = 1; return OSSL_RECORD_RETURN_SUCCESS; } diff --git a/ssl/ssl_init.c b/ssl/ssl_init.c index a2d759508955983c317abc28e7dc2cce8d05fbea..70e567b72c149c000db419d4f7fb4c00d05be956 100644 --- a/ssl/ssl_init.c +++ b/ssl/ssl_init.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/afalgtest.c b/test/afalgtest.c index 429e2da3c9e46aa6ea54cc800fe53073487b096f..764f07e927709caf4923174cdcd9cdfdfe8e0e9a 100644 --- a/test/afalgtest.c +++ b/test/afalgtest.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/bio_addr_test.c b/test/bio_addr_test.c index a985d03b14c1a131e598b18c6e8c21eb54a036b4..9ca007e51195dfa3d955d7de2607ba99af9b445a 100644 --- a/test/bio_addr_test.c +++ b/test/bio_addr_test.c @@ -31,7 +31,7 @@ static BIO_ADDR *make_dummy_addr(int family) struct sockaddr_in6 sin6; #endif #ifndef OPENSSL_NO_UNIX_SOCK - struct sockaddr_un sun; + struct sockaddr_un sunaddr; #endif } sa; void *where; @@ -51,9 +51,9 @@ static BIO_ADDR *make_dummy_addr(int family) #endif #ifndef OPENSSL_NO_UNIX_SOCK case AF_UNIX: - where = &(sa.sun.sun_path); + where = &(sa.sunaddr.sun_path); /* BIO_ADDR_rawmake needs an extra byte for a NUL-terminator*/ - wherelen = sizeof(sa.sun.sun_path) - 1; + wherelen = sizeof(sa.sunaddr.sun_path) - 1; break; #endif default: diff --git a/test/certs/ee-cert-ec-sha3-224.pem b/test/certs/ee-cert-ec-sha3-224.pem new file mode 100644 index 0000000000000000000000000000000000000000..047517d0253cca6d9b3b6469cf01ac8dfb05473a --- /dev/null +++ b/test/certs/ee-cert-ec-sha3-224.pem @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBezCCASCgAwIBAgIBAjALBglghkgBZQMEAwkwDTELMAkGA1UEAwwCQ0EwIBcN +MjMwOTI4MDk1NjI1WhgPMjEyMzA5MjkwOTU2MjVaMBkxFzAVBgNVBAMMDnNlcnZl +ci5leGFtcGxlMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEtGFOe/kRUVsa/365 +y/rzmJGN4fa6Cp78QhtO8CubXrxGLUnSs9CrB7wwQ2rcNa9yTb/ptqeeP9wKhTwG +d+W9D6NiMGAwHQYDVR0OBBYEFMqcqbma1JdARJm7oXyaaN0BTSL1MB8GA1UdIwQY +MBaAFGOKBTlETPwvB/WIPqYAtWGwchqeMAkGA1UdEwQCMAAwEwYDVR0lBAwwCgYI +KwYBBQUHAwEwCwYJYIZIAWUDBAMJA0gAMEUCIG/6DFqC+WzrYaZzZ4RbsZNNtb1Z +MwN3GXj+S8LM4c83AiEA3V5/mXHWaDi2JfjycScqnDC++awvc26rMa9vk9ZwVYM= +-----END CERTIFICATE----- diff --git a/test/certs/ee-cert-ec-sha3-256.pem b/test/certs/ee-cert-ec-sha3-256.pem new file mode 100644 index 0000000000000000000000000000000000000000..2112ba15ced95863435c7ad8a6e9961b9fc76b77 --- /dev/null +++ b/test/certs/ee-cert-ec-sha3-256.pem @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBejCCASCgAwIBAgIBAjALBglghkgBZQMEAwowDTELMAkGA1UEAwwCQ0EwIBcN +MjMwOTI4MDk1NjI1WhgPMjEyMzA5MjkwOTU2MjVaMBkxFzAVBgNVBAMMDnNlcnZl +ci5leGFtcGxlMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEtGFOe/kRUVsa/365 +y/rzmJGN4fa6Cp78QhtO8CubXrxGLUnSs9CrB7wwQ2rcNa9yTb/ptqeeP9wKhTwG +d+W9D6NiMGAwHQYDVR0OBBYEFMqcqbma1JdARJm7oXyaaN0BTSL1MB8GA1UdIwQY +MBaAFGOKBTlETPwvB/WIPqYAtWGwchqeMAkGA1UdEwQCMAAwEwYDVR0lBAwwCgYI +KwYBBQUHAwEwCwYJYIZIAWUDBAMKA0cAMEQCIFToMNgLf3+sW1oHDhDrCQWpIzLE +PgAdgDdtbBO7OerTAiB3vkCvu/Vs8v/6Ys/OQOsHbX0tT5NUMWZfP3X8CYUfmA== +-----END CERTIFICATE----- diff --git a/test/certs/ee-cert-ec-sha3-384.pem b/test/certs/ee-cert-ec-sha3-384.pem new file mode 100644 index 0000000000000000000000000000000000000000..0397280f294b4e311238dd86f54681b7f98d1a55 --- /dev/null +++ b/test/certs/ee-cert-ec-sha3-384.pem @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBezCCASCgAwIBAgIBAjALBglghkgBZQMEAwswDTELMAkGA1UEAwwCQ0EwIBcN +MjMwOTI1MTU0NTIxWhgPMjEyMzA5MjYxNTQ1MjFaMBkxFzAVBgNVBAMMDnNlcnZl +ci5leGFtcGxlMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEtGFOe/kRUVsa/365 +y/rzmJGN4fa6Cp78QhtO8CubXrxGLUnSs9CrB7wwQ2rcNa9yTb/ptqeeP9wKhTwG +d+W9D6NiMGAwHQYDVR0OBBYEFMqcqbma1JdARJm7oXyaaN0BTSL1MB8GA1UdIwQY +MBaAFGOKBTlETPwvB/WIPqYAtWGwchqeMAkGA1UdEwQCMAAwEwYDVR0lBAwwCgYI +KwYBBQUHAwEwCwYJYIZIAWUDBAMLA0gAMEUCIGq8RYriO3scZLij8fglpZOZdZRZ +DfzsopaAvzQrwcS9AiEA0JDYvat1hiygjXUxZmWPD2cDrxogvCSsoi3QW7YtP/o= +-----END CERTIFICATE----- diff --git a/test/certs/ee-cert-ec-sha3-512.pem b/test/certs/ee-cert-ec-sha3-512.pem new file mode 100644 index 0000000000000000000000000000000000000000..f528f8fd95d45a1c6a4f3ea5ab4d10896be815b4 --- /dev/null +++ b/test/certs/ee-cert-ec-sha3-512.pem @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBezCCASCgAwIBAgIBAjALBglghkgBZQMEAwwwDTELMAkGA1UEAwwCQ0EwIBcN +MjMwOTI4MDk1NjQyWhgPMjEyMzA5MjkwOTU2NDJaMBkxFzAVBgNVBAMMDnNlcnZl +ci5leGFtcGxlMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEtGFOe/kRUVsa/365 +y/rzmJGN4fa6Cp78QhtO8CubXrxGLUnSs9CrB7wwQ2rcNa9yTb/ptqeeP9wKhTwG +d+W9D6NiMGAwHQYDVR0OBBYEFMqcqbma1JdARJm7oXyaaN0BTSL1MB8GA1UdIwQY +MBaAFGOKBTlETPwvB/WIPqYAtWGwchqeMAkGA1UdEwQCMAAwEwYDVR0lBAwwCgYI +KwYBBQUHAwEwCwYJYIZIAWUDBAMMA0gAMEUCIQCXnpYI3xKBcJkb5M/3vo4/xf2a +Cdurg8zR8WyPRXdS8QIgT0DMnX5W3ZbVK4p2nd+uyZ/o29TKBLpEtsyuiiZCsS0= +-----END CERTIFICATE----- diff --git a/test/certs/setup.sh b/test/certs/setup.sh index bd8d49337d91a60181c7ecd417ac06e69bd9d4bd..d5173843019759f8e0a5db9f88150ddd04ae0d72 100755 --- a/test/certs/setup.sh +++ b/test/certs/setup.sh @@ -471,3 +471,9 @@ OPENSSL_SIGALG=ED448 OPENSSL_KEYALG=ed448 ./mkcert.sh genee ed448 \ ./mkcert.sh geneeextra server.example ee-key ee-cert-policies ca-key ca-cert "certificatePolicies=1.3.6.1.4.1.16604.998855.1" # We can create a cert with a duplicate policy oid - but its actually invalid! ./mkcert.sh geneeextra server.example ee-key ee-cert-policies-bad ca-key ca-cert "certificatePolicies=1.3.6.1.4.1.16604.998855.1,1.3.6.1.4.1.16604.998855.1" + +# EC cert signed by curve ca with SHA3-224, SHA3-256, SHA3-384, SHA3-512 +OPENSSL_SIGALG="sha3-224" ./mkcert.sh genee server.example ee-key-ec-named-named ee-cert-ec-sha3-224 ca-key-ec-named ca-cert-ec-named +OPENSSL_SIGALG="sha3-256" ./mkcert.sh genee server.example ee-key-ec-named-named ee-cert-ec-sha3-256 ca-key-ec-named ca-cert-ec-named +OPENSSL_SIGALG="sha3-384" ./mkcert.sh genee server.example ee-key-ec-named-named ee-cert-ec-sha3-384 ca-key-ec-named ca-cert-ec-named +OPENSSL_SIGALG="sha3-512" ./mkcert.sh genee server.example ee-key-ec-named-named ee-cert-ec-sha3-512 ca-key-ec-named ca-cert-ec-named diff --git a/test/chacha_internal_test.c b/test/chacha_internal_test.c index d52479b6584d893ee1b976140ed727ef49220597..d316bfd7b361705271e5cf23cbb7f45b098ccfb0 100644 --- a/test/chacha_internal_test.c +++ b/test/chacha_internal_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/drbgtest.c b/test/drbgtest.c index bb2a9f1b99a688df8df2b9713023a8d7814cf42a..13bc62a4c0db5233968ef77aa603003578c3221f 100644 --- a/test/drbgtest.c +++ b/test/drbgtest.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index bec16144f994a8ac34f85272c7b2ae20fc07b23a..a0724981de34e55f15145ae896e5f7b0a14333ef 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -1267,11 +1267,11 @@ static int test_EVP_PKEY_sign(int tst) if (tst == 0) { if (!TEST_ptr(pkey = load_example_rsa_key())) - goto out; + goto out; } else if (tst == 1) { #ifndef OPENSSL_NO_DSA if (!TEST_ptr(pkey = load_example_dsa_key())) - goto out; + goto out; #else ret = 1; goto out; @@ -1279,7 +1279,82 @@ static int test_EVP_PKEY_sign(int tst) } else { #ifndef OPENSSL_NO_EC if (!TEST_ptr(pkey = load_example_ec_key())) + goto out; +#else + ret = 1; + goto out; +#endif + } + + ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL); + if (!TEST_ptr(ctx) + || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0) + || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs, + sizeof(tbs)), 0)) + goto out; + sig = OPENSSL_malloc(sig_len); + if (!TEST_ptr(sig) + /* Test sending a signature buffer that is too short is rejected */ + || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs, + sizeof(tbs)), 0) + || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)), + 0) + /* Test the signature round-trips */ + || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0) + || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)), + 0)) + goto out; + + ret = 1; + out: + EVP_PKEY_CTX_free(ctx); + OPENSSL_free(sig); + EVP_PKEY_free(pkey); + return ret; +} + +#ifndef OPENSSL_NO_DEPRECATED_3_0 +static int test_EVP_PKEY_sign_with_app_method(int tst) +{ + int ret = 0; + EVP_PKEY *pkey = NULL; + RSA *rsa = NULL; + RSA_METHOD *rsa_meth = NULL; +#ifndef OPENSSL_NO_DSA + DSA *dsa = NULL; + DSA_METHOD *dsa_meth = NULL; +#endif + unsigned char *sig = NULL; + size_t sig_len = 0, shortsig_len = 1; + EVP_PKEY_CTX *ctx = NULL; + unsigned char tbs[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, + 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13 + }; + + if (tst == 0) { + if (!TEST_ptr(pkey = load_example_rsa_key())) + goto out; + if (!TEST_ptr(rsa_meth = RSA_meth_dup(RSA_get_default_method()))) + goto out; + + if (!TEST_ptr(rsa = EVP_PKEY_get1_RSA(pkey)) + || !TEST_int_gt(RSA_set_method(rsa, rsa_meth), 0) + || !TEST_int_gt(EVP_PKEY_assign_RSA(pkey, rsa), 0)) + goto out; + rsa = NULL; /* now owned by the pkey */ + } else { +#ifndef OPENSSL_NO_DSA + if (!TEST_ptr(pkey = load_example_dsa_key())) goto out; + if (!TEST_ptr(dsa_meth = DSA_meth_dup(DSA_get_default_method()))) + goto out; + + if (!TEST_ptr(dsa = EVP_PKEY_get1_DSA(pkey)) + || !TEST_int_gt(DSA_set_method(dsa, dsa_meth), 0) + || !TEST_int_gt(EVP_PKEY_assign_DSA(pkey, dsa), 0)) + goto out; + dsa = NULL; /* now owned by the pkey */ #else ret = 1; goto out; @@ -1310,8 +1385,15 @@ static int test_EVP_PKEY_sign(int tst) EVP_PKEY_CTX_free(ctx); OPENSSL_free(sig); EVP_PKEY_free(pkey); + RSA_free(rsa); + RSA_meth_free(rsa_meth); +#ifndef OPENSSL_NO_DSA + DSA_free(dsa); + DSA_meth_free(dsa_meth); +#endif return ret; } +#endif /* !OPENSSL_NO_DEPRECATED_3_0 */ /* * n = 0 => test using legacy cipher @@ -4973,6 +5055,9 @@ int setup_tests(void) ADD_TEST(test_EVP_Digest); ADD_TEST(test_EVP_md_null); ADD_ALL_TESTS(test_EVP_PKEY_sign, 3); +#ifndef OPENSSL_NO_DEPRECATED_3_0 + ADD_ALL_TESTS(test_EVP_PKEY_sign_with_app_method, 2); +#endif ADD_ALL_TESTS(test_EVP_Enveloped, 2); ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata)); ADD_TEST(test_privatekey_to_pkcs8); diff --git a/test/fake_rsaprov.h b/test/fake_rsaprov.h index 9c353b386f3b6b817c1cb2c8f310ab6dc14b7a55..cb2e66eb68ef200c5e71aa75872270474a7014ce 100644 --- a/test/fake_rsaprov.h +++ b/test/fake_rsaprov.h @@ -1,5 +1,5 @@ /* - * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/helpers/handshake_srp.c b/test/helpers/handshake_srp.c index 95fb101059f2e4d1fecb6a4aa97fc032e041972e..8522388a47f00a54b3bfd68b37e548109761bb2f 100644 --- a/test/helpers/handshake_srp.c +++ b/test/helpers/handshake_srp.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/helpers/noisydgrambio.c b/test/helpers/noisydgrambio.c index 8b68726dd2b4c4fa1751c4588d43850fd4786195..445ae3c4ad1b3712d99b6265250ee3295db11824 100644 --- a/test/helpers/noisydgrambio.c +++ b/test/helpers/noisydgrambio.c @@ -17,6 +17,7 @@ struct noisy_dgram_st { uint64_t this_dgram; BIO_MSG msg; uint64_t reinject_dgram; + int backoff; }; static long noisy_dgram_ctrl(BIO *bio, int cmd, long num, void *ptr) @@ -31,6 +32,16 @@ static long noisy_dgram_ctrl(BIO *bio, int cmd, long num, void *ptr) case BIO_CTRL_DUP: ret = 0L; break; + case BIO_CTRL_NOISE_BACK_OFF: { + struct noisy_dgram_st *data; + + data = BIO_get_data(bio); + if (!TEST_ptr(data)) + return 0; + data->backoff = 1; + ret = 1; + break; + } default: ret = BIO_ctrl(next, cmd, num, ptr); break; @@ -64,7 +75,8 @@ static int noisy_dgram_sendmmsg(BIO *bio, BIO_MSG *msg, size_t stride, #define NOISE_TYPE_DROP 0 #define NOISE_TYPE_DUPLICATE 1 #define NOISE_TYPE_DELAY 2 -#define NUM_NOISE_TYPES 3 +#define NOISE_TYPE_BITFLIPS 3 +#define NUM_NOISE_TYPES 4 /* * When a duplicate occurs we reinject the new datagram after up to @@ -78,10 +90,13 @@ static int noisy_dgram_sendmmsg(BIO *bio, BIO_MSG *msg, size_t stride, */ #define MAX_DGRAM_REINJECT 4 -static void get_noise(uint64_t *reinject, int *should_drop) +static void get_noise(int long_header, uint64_t *reinject, int *should_drop, + uint16_t *flip, size_t *flip_offset) { uint32_t type; + *flip = 0; + if (test_random() % NOISE_RATE != 0) { *reinject = 0; *should_drop = 0; @@ -91,7 +106,7 @@ static void get_noise(uint64_t *reinject, int *should_drop) type = test_random() % NUM_NOISE_TYPES; /* - * Of noisy datagrams, 33% drop, 33% duplicate, 33% delay + * Of noisy datagrams, 25% drop, 25% duplicate, 25% delay, 25% flip bits * A duplicated datagram keeps the current datagram and reinjects a new * identical one after up to MAX_DGRAM_DELAY datagrams have been sent. * A delayed datagram is implemented as both a reinject and a drop, i.e. an @@ -104,16 +119,50 @@ static void get_noise(uint64_t *reinject, int *should_drop) * Where a duplicate occurs we reinject the copy of the datagram up to * MAX_DGRAM_DELAY datagrams later */ - *reinject = (type == NOISE_TYPE_DROP) - ? 0 - : (uint64_t)((test_random() % MAX_DGRAM_REINJECT) + 1); + *reinject = (type == NOISE_TYPE_DUPLICATE || type == NOISE_TYPE_DELAY) + ? (uint64_t)((test_random() % MAX_DGRAM_REINJECT) + 1) + : 0; /* * No point in reinjecting after 1 datagram if the current datagram is also * dropped (i.e. this is a delay not a duplicate), so we reinject after an * extra datagram in that case */ - *reinject += (uint64_t)(*should_drop); + *reinject += type == NOISE_TYPE_DELAY; + + /* flip some bits in the header */ + if (type == NOISE_TYPE_BITFLIPS) { + /* we flip at most 8 bits of the 16 bit value at once */ + *flip = (test_random() % 255 + 1) << (test_random() % 8); + /* + * 25/50 bytes of guesstimated header size (it depends on CID length) + * It does not matter much if it is overestimated. + */ + *flip_offset = test_random() % (25 * (1 + long_header)); + } +} + +static void flip_bits(unsigned char *msg, size_t msg_len, uint16_t flip, + size_t flip_offset) +{ + if (flip == 0) + return; + + /* None of these border conditions should happen but check them anyway */ + if (msg_len < 2) + return; + if (msg_len < flip_offset + 2) + flip_offset = msg_len - 2; + +#ifdef OSSL_NOISY_DGRAM_DEBUG + printf("**Flipping bits in a datagram at offset %u\n", + (unsigned int)flip_offset); + BIO_dump_fp(stdout, msg, msg_len); + printf("\n"); +#endif + + msg[flip_offset] ^= flip >> 8; + msg[flip_offset + 1] ^= flip & 0xff; } static int noisy_dgram_recvmmsg(BIO *bio, BIO_MSG *msg, size_t stride, @@ -170,6 +219,8 @@ static int noisy_dgram_recvmmsg(BIO *bio, BIO_MSG *msg, size_t stride, i++, thismsg++, data->this_dgram++) { uint64_t reinject; int should_drop; + uint16_t flip; + size_t flip_offset; /* If we have a message to reinject then insert it now */ if (data->reinject_dgram > 0 @@ -194,7 +245,25 @@ static int noisy_dgram_recvmmsg(BIO *bio, BIO_MSG *msg, size_t stride, data->reinject_dgram = 0; } - get_noise(&reinject, &should_drop); + get_noise(/* long header */ (((uint8_t *)thismsg->data)[0] & 0x80) != 0, + &reinject, &should_drop, &flip, &flip_offset); + if (data->backoff) { + /* + * We might be asked to back off on introducing too much noise if + * there is a danger that the connection will fail. In that case + * we always ensure that the next datagram does not get dropped so + * that the connection always survives. After that we can resume + * with normal noise + */ +#ifdef OSSL_NOISY_DGRAM_DEBUG + printf("**Back off applied\n"); +#endif + should_drop = 0; + flip = 0; + data->backoff = 0; + } + + flip_bits(thismsg->data, thismsg->data_len, flip, flip_offset); /* * We ignore reinjection if a message is already waiting to be diff --git a/test/helpers/quictestlib.c b/test/helpers/quictestlib.c index 8d71d6002f6607e7e55ca9de15f4b4630c376423..26cd67e23630ab73f20186cc88ab1ae0a028ec52 100644 --- a/test/helpers/quictestlib.c +++ b/test/helpers/quictestlib.c @@ -26,6 +26,13 @@ #define GROWTH_ALLOWANCE 1024 +struct noise_args_data_st { + BIO *cbio; + BIO *sbio; + BIO *tracebio; + int flags; +}; + struct qtest_fault { QUIC_TSERVER *qtserv; @@ -62,6 +69,7 @@ struct qtest_fault { BIO_MSG msg; /* Allocated size of msg data buffer */ size_t msgalloc; + struct noise_args_data_st noiseargs; }; static void packet_plain_finish(void *arg); @@ -75,6 +83,41 @@ static OSSL_TIME fake_now_cb(void *arg) return fake_now; } +static void noise_msg_callback(int write_p, int version, int content_type, + const void *buf, size_t len, SSL *ssl, + void *arg) +{ + struct noise_args_data_st *noiseargs = (struct noise_args_data_st *)arg; + + if (content_type == SSL3_RT_QUIC_FRAME_FULL) { + PACKET pkt; + uint64_t frame_type; + + if (!PACKET_buf_init(&pkt, buf, len)) + return; + + if (!ossl_quic_wire_peek_frame_header(&pkt, &frame_type, NULL)) + return; + + if (frame_type == OSSL_QUIC_FRAME_TYPE_PING) { + /* + * If either endpoint issues a ping frame then we are in danger + * of our noise being too much such that the connection itself + * fails. We back off on the noise for a bit to avoid that. + */ + (void)BIO_ctrl(noiseargs->cbio, BIO_CTRL_NOISE_BACK_OFF, 0, NULL); + (void)BIO_ctrl(noiseargs->sbio, BIO_CTRL_NOISE_BACK_OFF, 0, NULL); + } + } + +#ifndef OPENSSL_NO_SSL_TRACE + if ((noiseargs->flags & QTEST_FLAG_CLIENT_TRACE) != 0 + && !SSL_is_server(ssl)) + SSL_trace(write_p, version, content_type, buf, len, ssl, + noiseargs->tracebio); +#endif +} + int qtest_create_quic_objects(OSSL_LIB_CTX *libctx, SSL_CTX *clientctx, SSL_CTX *serverctx, char *certfile, char *keyfile, int flags, QUIC_TSERVER **qtserv, SSL **cssl, @@ -89,15 +132,19 @@ int qtest_create_quic_objects(OSSL_LIB_CTX *libctx, SSL_CTX *clientctx, BIO *tmpbio = NULL; *qtserv = NULL; - if (fault != NULL) - *fault = NULL; - if (*cssl == NULL) { *cssl = SSL_new(clientctx); if (!TEST_ptr(*cssl)) return 0; } + if (fault != NULL) { + *fault = OPENSSL_zalloc(sizeof(**fault)); + if (*fault == NULL) + goto err; + } + +#ifndef OPENSSL_NO_SSL_TRACE if ((flags & QTEST_FLAG_CLIENT_TRACE) != 0) { tmpbio = BIO_new_fp(stdout, BIO_NOCLOSE); if (!TEST_ptr(tmpbio)) @@ -106,6 +153,7 @@ int qtest_create_quic_objects(OSSL_LIB_CTX *libctx, SSL_CTX *clientctx, SSL_set_msg_callback(*cssl, SSL_trace); SSL_set_msg_callback_arg(*cssl, tmpbio); } +#endif if (tracebio != NULL) *tracebio = tmpbio; @@ -168,7 +216,15 @@ int qtest_create_quic_objects(OSSL_LIB_CTX *libctx, SSL_CTX *clientctx, } if ((flags & QTEST_FLAG_NOISE) != 0) { - BIO *noisebio = BIO_new(bio_f_noisy_dgram_filter()); + BIO *noisebio; + + /* + * It is an error to not have a QTEST_FAULT object when introducing noise + */ + if (!TEST_ptr(fault)) + goto err; + + noisebio = BIO_new(bio_f_noisy_dgram_filter()); if (!TEST_ptr(noisebio)) goto err; @@ -179,6 +235,22 @@ int qtest_create_quic_objects(OSSL_LIB_CTX *libctx, SSL_CTX *clientctx, if (!TEST_ptr(noisebio)) goto err; sbio = BIO_push(noisebio, sbio); + /* + * TODO(QUIC SERVER): + * Currently the simplistic handler of the quic tserver cannot cope + * with noise introduced in the first packet received from the + * client. This needs to be removed once we have proper server side + * handling. + */ + (void)BIO_ctrl(sbio, BIO_CTRL_NOISE_BACK_OFF, 0, NULL); + + (*fault)->noiseargs.cbio = cbio; + (*fault)->noiseargs.sbio = sbio; + (*fault)->noiseargs.tracebio = tmpbio; + (*fault)->noiseargs.flags = flags; + + SSL_set_msg_callback(*cssl, noise_msg_callback); + SSL_set_msg_callback_arg(*cssl, &(*fault)->noiseargs); } SSL_set_bio(*cssl, cbio, cbio); @@ -190,12 +262,6 @@ int qtest_create_quic_objects(OSSL_LIB_CTX *libctx, SSL_CTX *clientctx, if (!TEST_true(SSL_set1_initial_peer_addr(*cssl, peeraddr))) goto err; - if (fault != NULL) { - *fault = OPENSSL_zalloc(sizeof(**fault)); - if (*fault == NULL) - goto err; - } - fisbio = BIO_new(qtest_get_bio_method()); if (!TEST_ptr(fisbio)) goto err; @@ -235,6 +301,10 @@ int qtest_create_quic_objects(OSSL_LIB_CTX *libctx, SSL_CTX *clientctx, sbio = NULL; fisbio = NULL; + if ((flags & QTEST_FLAG_NOISE) != 0) + ossl_quic_tserver_set_msg_callback(*qtserv, noise_msg_callback, + &(*fault)->noiseargs); + if (fault != NULL) (*fault)->qtserv = *qtserv; diff --git a/test/helpers/quictestlib.h b/test/helpers/quictestlib.h index f090299b22798a1263913524d07cea8828859d63..d1ac350c244610c3c2ae5bc50fcb0f6cc5b7b68d 100644 --- a/test/helpers/quictestlib.h +++ b/test/helpers/quictestlib.h @@ -245,6 +245,8 @@ int qtest_fault_resize_datagram(QTEST_FAULT *fault, size_t newlen); /* Copy a BIO_MSG */ int bio_msg_copy(BIO_MSG *dst, BIO_MSG *src); +#define BIO_CTRL_NOISE_BACK_OFF 1001 + /* BIO filter for simulating a noisy UDP socket */ const BIO_METHOD *bio_f_noisy_dgram_filter(void); diff --git a/test/ocspapitest.c b/test/ocspapitest.c index a448731380ecc1ec403591d245c0dd4b999d5f7b..13026d6b4a42b5f10135a1b18c3ac2cc0e3a9bfb 100644 --- a/test/ocspapitest.c +++ b/test/ocspapitest.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/pkcs12_format_test.c b/test/pkcs12_format_test.c index e2048bc27e75b8cd047864013422f2108c56b805..2c28040a3e9f62630c6e2445df0afe3c69120226 100644 --- a/test/pkcs12_format_test.c +++ b/test/pkcs12_format_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/property_test.c b/test/property_test.c index 45b1db3e855b6a4b19d12c06c4f622c6b1d7abdd..bba96fac0a0191613a181805a6c1dfafacb0a7a6 100644 --- a/test/property_test.c +++ b/test/property_test.c @@ -645,6 +645,9 @@ static struct { { "", "" }, { "fips=3", "fips=3" }, { "fips=-3", "fips=-3" }, + { "provider='foo bar'", "provider='foo bar'" }, + { "provider=\"foo bar'\"", "provider=\"foo bar'\"" }, + { "provider=abc***", "provider='abc***'" }, { NULL, "" } }; diff --git a/test/provider_pkey_test.c b/test/provider_pkey_test.c index 7d5fcfa647e78948bbb18408aa389f1e15f3a564..4abbdd33ec4d6a1077c0bc05fe839abbf974481d 100644 --- a/test/provider_pkey_test.c +++ b/test/provider_pkey_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/quic_multistream_test.c b/test/quic_multistream_test.c index 2ad4ef292e2d8ab60bc4693ef74289e03713d794..58b0831ebb9ae9c86f95aa8a44186eac51407eac 100644 --- a/test/quic_multistream_test.c +++ b/test/quic_multistream_test.c @@ -1053,7 +1053,7 @@ static int run_script_worker(struct helper *h, const struct script_op *script, first = 0; offset = 0; op_start_time = ossl_time_now(); - op_deadline = ossl_time_add(op_start_time, ossl_ms2time(8000)); + op_deadline = ossl_time_add(op_start_time, ossl_ms2time(60000)); } if (!TEST_int_le(ossl_time_compare(ossl_time_now(), op_deadline), 0)) { diff --git a/test/quic_tserver_test.c b/test/quic_tserver_test.c index 980c9a83ff0acee7ace72709fb5a1768c6dbacb4..b2b09354bb6c6261a0f39663cdd6cd80a94a2367 100644 --- a/test/quic_tserver_test.c +++ b/test/quic_tserver_test.c @@ -73,7 +73,6 @@ static int do_test(int use_thread_assist, int use_fake_time, int use_inject) int s_begin_write = 0; OSSL_TIME start_time; unsigned char alpn[] = { 8, 'o', 's', 's', 'l', 't', 'e', 's', 't' }; - OSSL_TIME (*now_cb)(void *arg) = use_fake_time ? fake_now : real_now; size_t limit_ms = 1000; #if defined(OPENSSL_NO_QUIC_THREAD_ASSIST) @@ -194,10 +193,14 @@ static int do_test(int use_thread_assist, int use_fake_time, int use_inject) if (!TEST_true(SSL_set_blocking_mode(c_ssl, 0))) goto err; - start_time = now_cb(NULL); + /* + * We use real time for the timeout not fake time. Otherwise with fake time + * we could hit a hang if we never increment the fake time + */ + start_time = real_now(NULL); for (;;) { - if (ossl_time_compare(ossl_time_subtract(now_cb(NULL), start_time), + if (ossl_time_compare(ossl_time_subtract(real_now(NULL), start_time), ossl_ms2time(limit_ms)) >= 0) { TEST_error("timeout while attempting QUIC server test"); goto err; @@ -305,6 +308,9 @@ static int do_test(int use_thread_assist, int use_fake_time, int use_inject) if (c_start_idle_test && !c_done_idle_test) { /* This is more than our default idle timeout of 30s. */ if (idle_units_done < 600) { + struct timeval tv; + int isinf; + if (!TEST_true(CRYPTO_THREAD_write_lock(fake_time_lock))) goto err; fake_time = ossl_time_add(fake_time, ossl_ms2time(100)); @@ -312,7 +318,16 @@ static int do_test(int use_thread_assist, int use_fake_time, int use_inject) ++idle_units_done; ossl_quic_conn_force_assist_thread_wake(c_ssl); - OSSL_sleep(100); /* Ensure CPU scheduling for test purposes */ + + /* + * If the event timeout has expired then give the assistance + * thread a chance to catch up + */ + if (!TEST_true(SSL_get_event_timeout(c_ssl, &tv, &isinf))) + goto err; + if (!isinf && ossl_time_compare(ossl_time_zero(), + ossl_time_from_timeval(tv)) >= 0) + OSSL_sleep(100); /* Ensure CPU scheduling for test purposes */ } else { c_done_idle_test = 1; } diff --git a/test/quicapitest.c b/test/quicapitest.c index b02db15d65cbc07febe8e3c3cce06523c90ae8b6..81c8c215bd43a9666754f0228a0efe39d60148b9 100644 --- a/test/quicapitest.c +++ b/test/quicapitest.c @@ -24,16 +24,18 @@ static OSSL_LIB_CTX *libctx = NULL; static OSSL_PROVIDER *defctxnull = NULL; static char *certsdir = NULL; static char *cert = NULL; +static char *ccert = NULL; +static char *cauthca = NULL; static char *privkey = NULL; +static char *cprivkey = NULL; static char *datadir = NULL; static int is_fips = 0; /* The ssltrace test assumes some options are switched on/off */ -#if !defined(OPENSSL_NO_SSL_TRACE) && !defined(OPENSSL_NO_EC) \ - && defined(OPENSSL_NO_ZLIB) && defined(OPENSSL_NO_BROTLI) \ - && defined(OPENSSL_NO_ZSTD) && !defined(OPENSSL_NO_ECX) \ - && !defined(OPENSSL_NO_DH) +#if !defined(OPENSSL_NO_SSL_TRACE) \ + && defined(OPENSSL_NO_BROTLI) && defined(OPENSSL_NO_ZSTD) \ + && !defined(OPENSSL_NO_ECX) && !defined(OPENSSL_NO_DH) # define DO_SSL_TRACE_TEST #endif @@ -423,7 +425,11 @@ static int compare_with_file(BIO *membio) int ret = 0; size_t i; +#ifdef OPENSSL_NO_ZLIB reffile = test_mk_file_path(datadir, "ssltraceref.txt"); +#else + reffile = test_mk_file_path(datadir, "ssltraceref-zlib.txt"); +#endif if (!TEST_ptr(reffile)) goto err; @@ -1192,6 +1198,83 @@ static int test_quic_psk(void) return testresult; } +static int test_client_auth(int idx) +{ + SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()); + SSL_CTX *sctx = SSL_CTX_new_ex(libctx, NULL, TLS_method()); + SSL *clientquic = NULL; + QUIC_TSERVER *qtserv = NULL; + int testresult = 0; + unsigned char buf[20]; + static char *msg = "A test message"; + size_t msglen = strlen(msg); + size_t numbytes = 0; + + if (!TEST_ptr(cctx) || !TEST_ptr(sctx)) + goto err; + + SSL_CTX_set_verify(sctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT + | SSL_VERIFY_CLIENT_ONCE, NULL); + + if (!TEST_true(SSL_CTX_load_verify_file(sctx, cauthca))) + goto err; + + if (idx > 0 + && (!TEST_true(SSL_CTX_use_certificate_chain_file(cctx, ccert)) + || !TEST_true(SSL_CTX_use_PrivateKey_file(cctx, cprivkey, + SSL_FILETYPE_PEM)))) + goto err; + + if (!TEST_true(qtest_create_quic_objects(libctx, cctx, sctx, cert, + privkey, 0, &qtserv, + &clientquic, NULL, NULL))) + goto err; + + if (idx == 0) { + if (!TEST_false(qtest_create_quic_connection(qtserv, clientquic))) + goto err; + + /* negative test passed */ + testresult = 1; + goto err; + } + + if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic))) + goto err; + + /* Check that sending and receiving app data is ok */ + if (!TEST_true(SSL_write_ex(clientquic, msg, msglen, &numbytes)) + || !TEST_size_t_eq(numbytes, msglen)) + goto err; + + ossl_quic_tserver_tick(qtserv); + if (!TEST_true(ossl_quic_tserver_write(qtserv, 0, + (unsigned char *)msg, + msglen, &numbytes))) + goto err; + + ossl_quic_tserver_tick(qtserv); + SSL_handle_events(clientquic); + + if (!TEST_true(SSL_read_ex(clientquic, buf, sizeof(buf), &numbytes)) + || !TEST_size_t_eq(numbytes, msglen) + || !TEST_mem_eq(buf, numbytes, msg, msglen)) + goto err; + + if (!TEST_true(qtest_shutdown(qtserv, clientquic))) + goto err; + + testresult = 1; + + err: + SSL_free(clientquic); + ossl_quic_tserver_free(qtserv); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + + return testresult; +} + /* * Test that we correctly handle ALPN supplied by the application * Test 0: ALPN is provided @@ -1327,6 +1410,7 @@ static int test_noisy_dgram(int idx) size_t msglen = strlen(msg), written, readbytes, i, j; unsigned char buf[80]; int flags = QTEST_FLAG_NOISE | QTEST_FLAG_FAKE_TIME; + QTEST_FAULT *fault = NULL; if (idx == 1) flags |= QTEST_FLAG_PACKET_SPLIT; @@ -1335,7 +1419,7 @@ static int test_noisy_dgram(int idx) || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert, privkey, flags, &qtserv, - &clientquic, NULL, NULL))) + &clientquic, &fault, NULL))) goto err; if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic))) @@ -1355,11 +1439,11 @@ static int test_noisy_dgram(int idx) qtest_add_time(1); /* - * Send data from the server to the client. Some datagrams may get lost, - * dropped or re-ordered. We repeat 10 times to ensure we are sending - * enough datagrams for problems to be noticed. - */ - for (i = 0; i < 10; i++) { + * Send data from the server to the client. Some datagrams may get + * lost, modified, dropped or re-ordered. We repeat 20 times to ensure + * we are sending enough datagrams for problems to be noticed. + */ + for (i = 0; i < 20; i++) { if (!TEST_true(ossl_quic_tserver_write(qtserv, sid, (unsigned char *)msg, msglen, &written)) @@ -1369,10 +1453,10 @@ static int test_noisy_dgram(int idx) qtest_add_time(1); /* - * Since the underlying BIO is now noisy we may get failures that - * need to be retried - so we use unreliable_client_read() to handle - * that - */ + * Since the underlying BIO is now noisy we may get failures that + * need to be retried - so we use unreliable_client_read() to + * handle that + */ if (!TEST_true(unreliable_client_read(clientquic, &stream[j], buf, sizeof(buf), &readbytes, qtserv)) @@ -1381,7 +1465,7 @@ static int test_noisy_dgram(int idx) } /* Send data from the client to the server */ - for (i = 0; i < 10; i++) { + for (i = 0; i < 20; i++) { if (!TEST_true(SSL_write_ex(stream[j], (unsigned char *)msg, msglen, &written)) || !TEST_size_t_eq(msglen, written)) @@ -1391,10 +1475,10 @@ static int test_noisy_dgram(int idx) qtest_add_time(1); /* - * Since the underlying BIO is now noisy we may get failures that - * need to be retried - so we use unreliable_server_read() to handle - * that - */ + * Since the underlying BIO is now noisy we may get failures that + * need to be retried - so we use unreliable_server_read() to + * handle that + */ if (!TEST_true(unreliable_server_read(qtserv, sid, buf, sizeof(buf), &readbytes, clientquic)) || !TEST_mem_eq(msg, msglen, buf, readbytes)) @@ -1409,6 +1493,7 @@ static int test_noisy_dgram(int idx) SSL_free(stream[1]); SSL_free(clientquic); SSL_CTX_free(cctx); + qtest_fault_free(fault); return testresult; } @@ -1465,10 +1550,22 @@ int setup_tests(void) if (cert == NULL) goto err; + ccert = test_mk_file_path(certsdir, "ee-client-chain.pem"); + if (ccert == NULL) + goto err; + + cauthca = test_mk_file_path(certsdir, "root-cert.pem"); + if (cauthca == NULL) + goto err; + privkey = test_mk_file_path(certsdir, "serverkey.pem"); if (privkey == NULL) goto err; + cprivkey = test_mk_file_path(certsdir, "ee-key.pem"); + if (privkey == NULL) + goto err; + ADD_ALL_TESTS(test_quic_write_read, 3); ADD_TEST(test_fin_only_blocking); ADD_TEST(test_ciphersuites); @@ -1486,6 +1583,7 @@ int setup_tests(void) ADD_TEST(test_multiple_dgrams); ADD_ALL_TESTS(test_non_io_retry, 2); ADD_TEST(test_quic_psk); + ADD_ALL_TESTS(test_client_auth, 2); ADD_ALL_TESTS(test_alpn, 2); ADD_ALL_TESTS(test_noisy_dgram, 2); @@ -1501,6 +1599,9 @@ void cleanup_tests(void) bio_f_pkt_split_dgram_filter_free(); OPENSSL_free(cert); OPENSSL_free(privkey); + OPENSSL_free(ccert); + OPENSSL_free(cauthca); + OPENSSL_free(cprivkey); OSSL_PROVIDER_unload(defctxnull); OSSL_LIB_CTX_free(libctx); } diff --git a/test/recipes/15-test_genec.t b/test/recipes/15-test_genec.t index 3e8c55071c4b1fb2ea04341369feff30d7e6d32f..4d5090fa398a8211c83ba6a9623979367e88c4a4 100644 --- a/test/recipes/15-test_genec.t +++ b/test/recipes/15-test_genec.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t index c69dcb2239319c5dfac5f539faac3a54b0303d49..48af75ab2eb4f71a26f54419bbd3879281ffe0d4 100644 --- a/test/recipes/25-test_verify.t +++ b/test/recipes/25-test_verify.t @@ -29,7 +29,7 @@ sub verify { run(app([@args])); } -plan tests => 185; +plan tests => 193; # Canonical success ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]), @@ -339,7 +339,7 @@ ok(!verify("ee-cert-md5", "", ["root-cert"], ["ca-cert"]), # Explicit vs named curve tests SKIP: { - skip "EC is not supported by this OpenSSL build", 3 + skip "EC is not supported by this OpenSSL build", 7 if disabled("ec"); ok(!verify("ee-cert-ec-explicit", "", ["root-cert"], ["ca-cert-ec-named"]), @@ -350,6 +350,14 @@ SKIP: { ok(verify("ee-cert-ec-named-named", "", ["root-cert"], ["ca-cert-ec-named"]), "accept named curve leaf with named curve intermediate"); + ok(verify("ee-cert-ec-sha3-224", "", ["root-cert"], ["ca-cert-ec-named"], ), + "accept cert generated with EC and SHA3-224"); + ok(verify("ee-cert-ec-sha3-256", "", ["root-cert"], ["ca-cert-ec-named"], ), + "accept cert generated with EC and SHA3-256"); + ok(verify("ee-cert-ec-sha3-384", "", ["root-cert"], ["ca-cert-ec-named"], ), + "accept cert generated with EC and SHA3-384"); + ok(verify("ee-cert-ec-sha3-512", "", ["root-cert"], ["ca-cert-ec-named"], ), + "accept cert generated with EC and SHA3-512"); } # Same as above but with base provider used for decoding SKIP: { @@ -358,7 +366,7 @@ SKIP: { my $provpath = bldtop_dir("providers"); my @prov = ("-provider-path", $provpath); - skip "EC is not supported or FIPS is disabled", 3 + skip "EC is not supported or FIPS is disabled", 7 if disabled("ec") || $no_fips; run(test(["fips_version_test", "-config", $provconf, ">3.0.0"]), @@ -377,6 +385,14 @@ SKIP: { ok(verify("ee-cert-ec-named-named", "", ["root-cert"], ["ca-cert-ec-named"], @prov), "accept named curve leaf with named curve intermediate w/fips"); + ok(verify("ee-cert-ec-sha3-224", "", ["root-cert"], ["ca-cert-ec-named"], @prov), + "accept cert generated with EC and SHA3-224 w/fips"); + ok(verify("ee-cert-ec-sha3-256", "", ["root-cert"], ["ca-cert-ec-named"], @prov), + "accept cert generated with EC and SHA3-256 w/fips"); + ok(verify("ee-cert-ec-sha3-384", "", ["root-cert"], ["ca-cert-ec-named"], @prov), + "accept cert generated with EC and SHA3-384 w/fips"); + ok(verify("ee-cert-ec-sha3-512", "", ["root-cert"], ["ca-cert-ec-named"], @prov), + "accept cert generated with EC and SHA3-512 w/fips"); delete $ENV{OPENSSL_CONF}; } diff --git a/test/recipes/75-test_quicapi_data/ssltraceref-zlib.txt b/test/recipes/75-test_quicapi_data/ssltraceref-zlib.txt new file mode 100644 index 0000000000000000000000000000000000000000..e8bdee624fbcc4154ddcc89bb206cae0b25406d4 --- /dev/null +++ b/test/recipes/75-test_quicapi_data/ssltraceref-zlib.txt @@ -0,0 +1,302 @@ +Sent TLS Record +Header: + Version = TLS 1.0 (0x301) + Content Type = Handshake (22) + Length = 263 + ClientHello, Length=259 + client_version=0x303 (TLS 1.2) + Random: + gmt_unix_time=0x???????? + random_bytes (len=28): ???????????????????????????????????????????????????????? + session_id (len=0): + cipher_suites (len=2) + {0x13, 0x01} TLS_AES_128_GCM_SHA256 + compression_methods (len=1) + No Compression (0x00) + extensions, length = 216 + extension_type=UNKNOWN(57), length=49 + 0000 - 0c 00 0f 00 01 04 80 00-75 30 03 02 44 b0 0e ........u0..D.. + 000f - 01 02 04 04 80 0c 00 00-05 04 80 08 00 00 06 ............... + 001e - 04 80 08 00 00 07 04 80-08 00 00 08 02 40 64 .............@d + 002d - 09 02 40 64 ..@d + extension_type=ec_point_formats(11), length=4 + uncompressed (0) + ansiX962_compressed_prime (1) + ansiX962_compressed_char2 (2) + extension_type=supported_groups(10), length=22 + ecdh_x25519 (29) + secp256r1 (P-256) (23) + ecdh_x448 (30) + secp521r1 (P-521) (25) + secp384r1 (P-384) (24) + ffdhe2048 (256) + ffdhe3072 (257) + ffdhe4096 (258) + ffdhe6144 (259) + ffdhe8192 (260) + extension_type=session_ticket(35), length=0 + extension_type=application_layer_protocol_negotiation(16), length=11 + ossltest + extension_type=encrypt_then_mac(22), length=0 + extension_type=extended_master_secret(23), length=0 + extension_type=signature_algorithms(13), length=36 + ecdsa_secp256r1_sha256 (0x0403) + ecdsa_secp384r1_sha384 (0x0503) + ecdsa_secp521r1_sha512 (0x0603) + ed25519 (0x0807) + ed448 (0x0808) + ecdsa_brainpoolP256r1_sha256 (0x081a) + ecdsa_brainpoolP384r1_sha384 (0x081b) + ecdsa_brainpoolP512r1_sha512 (0x081c) + rsa_pss_pss_sha256 (0x0809) + rsa_pss_pss_sha384 (0x080a) + rsa_pss_pss_sha512 (0x080b) + rsa_pss_rsae_sha256 (0x0804) + rsa_pss_rsae_sha384 (0x0805) + rsa_pss_rsae_sha512 (0x0806) + rsa_pkcs1_sha256 (0x0401) + rsa_pkcs1_sha384 (0x0501) + rsa_pkcs1_sha512 (0x0601) + extension_type=supported_versions(43), length=3 + TLS 1.3 (772) + extension_type=psk_key_exchange_modes(45), length=2 + psk_dhe_ke (1) + extension_type=key_share(51), length=38 + NamedGroup: ecdh_x25519 (29) + key_exchange: (len=32): ???????????????????????????????????????????????????????????????? + extension_type=compress_certificate(27), length=3 + zlib (1) + +Sent Frame: Crypto + Offset: 0 + Len: 263 +Sent Frame: Padding +Sent Packet + Packet Type: Initial + Version: 0x00000001 + Destination Conn Id: 0x???????????????? + Source Conn Id: + Payload length: 1178 + Token: + Packet Number: 0x00000000 +Sent Datagram + Length: 1200 +Received Datagram + Length: 1200 +Received Datagram + Length: 234 +Received Packet + Packet Type: Initial + Version: 0x00000001 + Destination Conn Id: + Source Conn Id: 0x???????????????? + Payload length: 115 + Token: + Packet Number: 0x00000000 +Received Frame: Ack (without ECN) + Largest acked: 0 + Ack delay (raw) 0 + Ack range count: 0 + First ack range: 0 +Received Frame: Crypto + Offset: 0 + Len: 90 +Received TLS Record +Header: + Version = TLS 1.2 (0x303) + Content Type = Handshake (22) + Length = 90 + Inner Content Type = Handshake (22) + ServerHello, Length=86 + server_version=0x303 (TLS 1.2) + Random: + gmt_unix_time=0x???????? + random_bytes (len=28): ???????????????????????????????????????????????????????? + session_id (len=0): + cipher_suite {0x13, 0x01} TLS_AES_128_GCM_SHA256 + compression_method: No Compression (0x00) + extensions, length = 46 + extension_type=supported_versions(43), length=2 + TLS 1.3 (772) + extension_type=key_share(51), length=36 + NamedGroup: ecdh_x25519 (29) + key_exchange: (len=32): ???????????????????????????????????????????????????????????????? + +Received Packet + Packet Type: Handshake + Version: 0x00000001 + Destination Conn Id: + Source Conn Id: 0x???????????????? + Payload length: 213 + Packet Number: 0x00000001 +Received Packet + Packet Type: Handshake + Version: 0x00000001 + Destination Conn Id: + Source Conn Id: 0x???????????????? + Payload length: 1042 + Packet Number: 0x00000000 +Received Frame: Crypto + Offset: 1022 + Len: 192 +Received Frame: Crypto + Offset: 0 + Len: 1022 +Received TLS Record +Header: + Version = TLS 1.2 (0x303) + Content Type = ApplicationData (23) + Length = 1022 + Inner Content Type = Handshake (22) + EncryptedExtensions, Length=88 + extensions, length = 86 + extension_type=UNKNOWN(57), length=67 + 0000 - 0c 00 00 08 ?? ?? ?? ??-?? ?? ?? ?? 0f 08 ?? ....????????..? + 000f - ?? ?? ?? ?? ?? ?? ?? 01-04 80 00 75 30 03 02 ???????....u0.. + 001e - 44 b0 0e 01 02 04 04 80-0c 00 00 05 04 80 08 D.............. + 002d - 00 00 06 04 80 08 00 00-07 04 80 08 00 00 08 ............... + 003c - 02 40 64 09 02 40 64 .@d..@d + extension_type=application_layer_protocol_negotiation(16), length=11 + ossltest + + Certificate, Length=818 + context (len=0): + certificate_list, length=814 + ASN.1Cert, length=809 +------details----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN = Root CA + Validity + Not Before: Jan 14 22:29:46 2016 GMT + Not After : Jan 15 22:29:46 2116 GMT + Subject: CN = server.example + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:d5:5d:60:6a:df:fc:61:ee:48:aa:8c:11:48:43: + a5:6d:b6:52:5d:aa:98:49:b1:61:92:35:b1:fc:3a: + 04:25:0c:6d:79:ff:b4:d5:c9:e9:5c:1c:3b:e0:ab: + b3:b8:7d:a3:de:6d:bd:e0:dd:d7:5a:bf:14:47:11: + 42:5e:a6:82:d0:61:c1:7f:dd:13:46:e6:09:85:07: + 0e:f2:d4:fc:1a:64:d2:0a:ad:20:ab:20:6b:96:f0: + ad:cc:c4:19:53:55:dc:01:1d:a4:b3:ef:8a:b4:49: + 53:5d:8a:05:1c:f1:dc:e1:44:bf:c5:d7:e2:77:19: + 57:5c:97:0b:75:ee:88:43:71:0f:ca:6c:c1:b4:b2: + 50:a7:77:46:6c:58:0f:11:bf:f1:76:24:5a:ae:39: + 42:b7:51:67:29:e1:d0:55:30:6f:17:e4:91:ea:ad: + f8:28:c2:43:6f:a2:64:a9:fb:9d:98:92:62:48:3e: + eb:0d:4f:82:4a:8a:ff:3f:72:ee:96:b5:ae:a1:c1: + 98:ba:ef:7d:90:75:6d:ff:5a:52:9e:ab:f5:c0:7e: + d0:87:43:db:85:07:07:0f:7d:38:7a:fd:d1:d3:ee: + 65:1d:d3:ea:39:6a:87:37:ee:4a:d3:e0:0d:6e:f5: + 70:ac:c2:bd:f1:6e:f3:92:95:5e:a9:f0:a1:65:95: + 93:8d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + C0:E7:84:BF:E8:59:27:33:10:B0:52:4F:51:52:2F:06:D6:C0:7A:CD + X509v3 Authority Key Identifier: + 70:7F:2E:AE:83:68:59:98:04:23:2A:CD:EB:3E:17:CD:24:DD:01:49 + X509v3 Basic Constraints: + CA:FALSE + X509v3 Extended Key Usage: + TLS Web Server Authentication + X509v3 Subject Alternative Name: + DNS:server.example + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 7b:d3:04:43:75:8a:0f:11:ae:c4:fb:d7:a1:a2:9e:fe:20:18: + d5:f4:2f:31:88:46:b6:75:8c:ee:e5:9b:97:a6:b9:a3:cd:60: + 9a:46:c3:48:97:e5:97:68:f7:5a:86:35:73:d9:69:9e:f9:5f: + 74:b9:e6:94:13:01:cb:6a:dc:e3:c4:04:e9:65:da:9c:a4:8b: + 28:f3:f9:9a:7f:bf:97:1f:45:92:e5:05:b1:56:e6:0b:f6:47: + de:1e:89:b6:2b:e1:4d:df:4a:7e:01:d3:23:dc:97:8c:47:fe: + 5f:c7:cc:98:46:0e:c4:83:5b:ca:8a:f1:52:09:be:6b:ec:3f: + 09:8b:d0:93:02:bf:e1:51:e7:d1:7e:34:56:19:74:d0:ff:28: + 25:de:b7:9f:56:52:91:7d:20:29:85:0a:80:44:5f:71:32:25: + 71:0f:c2:16:e2:5f:6b:1d:3f:32:5b:0a:3c:74:1c:b9:62:f1: + ed:07:50:a3:6d:b4:b4:31:0a:c0:53:44:6a:3a:88:84:8b:2d: + a9:b0:37:8e:e6:18:36:bd:9a:20:40:0f:01:92:8b:3d:aa:61: + e7:ae:2c:ed:36:cd:3a:07:86:74:3a:29:b3:d7:3a:b4:00:a9: + c2:f5:92:78:0e:e2:0f:a3:fe:bb:be:e0:06:53:84:59:1d:90: + 69:e5:b6:f9 +-----BEGIN CERTIFICATE----- +MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDExNDIyMjk0NloYDzIxMTYwMTE1MjIyOTQ2WjAZMRcwFQYDVQQD +DA5zZXJ2ZXIuZXhhbXBsZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +ANVdYGrf/GHuSKqMEUhDpW22Ul2qmEmxYZI1sfw6BCUMbXn/tNXJ6VwcO+Crs7h9 +o95tveDd11q/FEcRQl6mgtBhwX/dE0bmCYUHDvLU/Bpk0gqtIKsga5bwrczEGVNV +3AEdpLPvirRJU12KBRzx3OFEv8XX4ncZV1yXC3XuiENxD8pswbSyUKd3RmxYDxG/ +8XYkWq45QrdRZynh0FUwbxfkkeqt+CjCQ2+iZKn7nZiSYkg+6w1PgkqK/z9y7pa1 +rqHBmLrvfZB1bf9aUp6r9cB+0IdD24UHBw99OHr90dPuZR3T6jlqhzfuStPgDW71 +cKzCvfFu85KVXqnwoWWVk40CAwEAAaN9MHswHQYDVR0OBBYEFMDnhL/oWSczELBS +T1FSLwbWwHrNMB8GA1UdIwQYMBaAFHB/Lq6DaFmYBCMqzes+F80k3QFJMAkGA1Ud +EwQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGQYDVR0RBBIwEIIOc2VydmVyLmV4 +YW1wbGUwDQYJKoZIhvcNAQELBQADggEBAHvTBEN1ig8RrsT716Ginv4gGNX0LzGI +RrZ1jO7lm5emuaPNYJpGw0iX5Zdo91qGNXPZaZ75X3S55pQTActq3OPEBOll2pyk +iyjz+Zp/v5cfRZLlBbFW5gv2R94eibYr4U3fSn4B0yPcl4xH/l/HzJhGDsSDW8qK +8VIJvmvsPwmL0JMCv+FR59F+NFYZdND/KCXet59WUpF9ICmFCoBEX3EyJXEPwhbi +X2sdPzJbCjx0HLli8e0HUKNttLQxCsBTRGo6iISLLamwN47mGDa9miBADwGSiz2q +YeeuLO02zToHhnQ6KbPXOrQAqcL1kngO4g+j/ru+4AZThFkdkGnltvk= +-----END CERTIFICATE----- +------------------ + No extensions + +Received TLS Record +Header: + Version = TLS 1.2 (0x303) + Content Type = ApplicationData (23) + Length = 192 + Inner Content Type = Handshake (22) + CertificateVerify, Length=260 + Signature Algorithm: rsa_pss_rsae_sha256 (0x0804) + Signature (len=256): ???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? + + Finished, Length=32 + verify_data (len=32): ???????????????????????????????????????????????????????????????? + +Sent TLS Record +Header: + Version = TLS 1.2 (0x303) + Content Type = ApplicationData (23) + Length = 36 + Inner Content Type = Handshake (22) + Finished, Length=32 + verify_data (len=32): ???????????????????????????????????????????????????????????????? + +Sent Frame: Ack (without ECN) + Largest acked: 0 + Ack delay (raw) 0 + Ack range count: 0 + First ack range: 0 +Sent Frame: Ack (without ECN) + Largest acked: 1 + Ack delay (raw) 0 + Ack range count: 0 + First ack range: 1 +Sent Frame: Crypto + Offset: 0 + Len: 36 +Sent Frame: Padding +Sent Packet + Packet Type: Initial + Version: 0x00000001 + Destination Conn Id: 0x???????????????? + Source Conn Id: + Payload length: 1097 + Token: + Packet Number: 0x00000001 +Sent Packet + Packet Type: Handshake + Version: 0x00000001 + Destination Conn Id: 0x???????????????? + Source Conn Id: + Payload length: 60 + Packet Number: 0x00000000 +Sent Datagram + Length: 1200 diff --git a/test/testutil/driver.c b/test/testutil/driver.c index 033be2fcc5e0eb59281a380b9e0a483b5504ee2a..346092b0046d8504aaf4e2f75b5d85b53dd99ad6 100644 --- a/test/testutil/driver.c +++ b/test/testutil/driver.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/testutil/tests.c b/test/testutil/tests.c index efc4fd2b649a7910a13c453c6d899335dffa057f..42afab1ada1f199331e6c857366f8a5c4572cd4e 100644 --- a/test/testutil/tests.c +++ b/test/testutil/tests.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/util/libcrypto.num b/util/libcrypto.num index 6af1fe1707b9a349745f8a1fc5789b80ef93347b..a16f93db47ee4f2c66071da29249242036145903 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -1178,7 +1178,7 @@ OPENSSL_uni2asc 1205 3_0_0 EXIST::FUNCTION: SCT_validation_status_string 1206 3_0_0 EXIST::FUNCTION:CT PKCS7_add_attribute 1207 3_0_0 EXIST::FUNCTION: ENGINE_register_DSA 1208 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE -OPENSSL_LH_node_stats 1209 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_2,STDIO +OPENSSL_LH_node_stats 1209 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_1,STDIO X509_policy_tree_free 1210 3_0_0 EXIST::FUNCTION: EC_GFp_simple_method 1211 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC X509_it 1212 3_0_0 EXIST::FUNCTION: @@ -1317,7 +1317,7 @@ BIO_f_linebuffer 1346 3_0_0 EXIST::FUNCTION: ASN1_item_d2i_bio 1347 3_0_0 EXIST::FUNCTION: ENGINE_get_flags 1348 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE OCSP_resp_find 1349 3_0_0 EXIST::FUNCTION:OCSP -OPENSSL_LH_node_usage_stats_bio 1350 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_2 +OPENSSL_LH_node_usage_stats_bio 1350 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_1 EVP_PKEY_encrypt 1351 3_0_0 EXIST::FUNCTION: CRYPTO_cfb128_8_encrypt 1352 3_0_0 EXIST::FUNCTION: SXNET_get_id_INTEGER 1353 3_0_0 EXIST::FUNCTION: @@ -1790,7 +1790,7 @@ X509V3_EXT_REQ_add_conf 1832 3_0_0 EXIST::FUNCTION: ASN1_STRING_to_UTF8 1833 3_0_0 EXIST::FUNCTION: EVP_MD_meth_set_update 1835 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 EVP_camellia_192_cbc 1836 3_0_0 EXIST::FUNCTION:CAMELLIA -OPENSSL_LH_stats_bio 1837 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_2 +OPENSSL_LH_stats_bio 1837 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_1 PKCS7_set_signed_attributes 1838 3_0_0 EXIST::FUNCTION: EC_KEY_priv2buf 1839 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC BN_BLINDING_free 1840 3_0_0 EXIST::FUNCTION: @@ -1973,7 +1973,7 @@ i2d_TS_REQ_fp 2019 3_0_0 EXIST::FUNCTION:STDIO,TS i2d_OTHERNAME 2020 3_0_0 EXIST::FUNCTION: EC_KEY_get0_private_key 2021 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC SCT_get0_extensions 2022 3_0_0 EXIST::FUNCTION:CT -OPENSSL_LH_node_stats_bio 2023 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_2 +OPENSSL_LH_node_stats_bio 2023 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_1 i2d_DIRECTORYSTRING 2024 3_0_0 EXIST::FUNCTION: BN_X931_derive_prime_ex 2025 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 ENGINE_get_pkey_asn1_meth_str 2026 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE @@ -2553,7 +2553,7 @@ EVP_DecodeUpdate 2609 3_0_0 EXIST::FUNCTION: ENGINE_get_default_RAND 2610 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE ERR_peek_last_error_line 2611 3_0_0 EXIST::FUNCTION: ENGINE_get_ssl_client_cert_function 2612 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE -OPENSSL_LH_node_usage_stats 2613 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_2,STDIO +OPENSSL_LH_node_usage_stats 2613 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_1,STDIO DIRECTORYSTRING_it 2614 3_0_0 EXIST::FUNCTION: BIO_write 2615 3_0_0 EXIST::FUNCTION: OCSP_ONEREQ_get_ext_by_OBJ 2616 3_0_0 EXIST::FUNCTION:OCSP @@ -3073,7 +3073,7 @@ TXT_DB_free 3139 3_0_0 EXIST::FUNCTION: ASN1_STRING_set 3140 3_0_0 EXIST::FUNCTION: d2i_ESS_CERT_ID 3141 3_0_0 EXIST::FUNCTION: EVP_PKEY_meth_set_derive 3142 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 -OPENSSL_LH_stats 3143 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_2,STDIO +OPENSSL_LH_stats 3143 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_1,STDIO NCONF_dump_fp 3144 3_0_0 EXIST::FUNCTION:STDIO TS_STATUS_INFO_print_bio 3145 3_0_0 EXIST::FUNCTION:TS OPENSSL_sk_dup 3146 3_0_0 EXIST::FUNCTION: