From e6d621c0e0136209e77f6e3c08ba28f8da03c93e Mon Sep 17 00:00:00 2001
From: Viktor Dukhovni <openssl-users@dukhovni.org>
Date: Sat, 25 Nov 2023 13:26:20 -0500
Subject: [PATCH 01/21] Fix freshly introduced double-free.

We don't need the decoded X.509 Full(0) certificate for the EE usages 1 and 3,
because the leaf certificate is always part of the presented chain, so the
certificate is only validated as well-formed, and then discarded, but the
TLSA record is of course still used after the validation step.

Added DANE test cases for: 3 0 0, 3 1 0, 1 0 0, and 1 1 0

Reported by Claus Assmann.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22821)

(cherry picked from commit f636e7e6bd8e06c6d84e42729b4131b4f5df488f)
Signed-off-by: fly2x <fly2x@hitls.org>
---
 ssl/ssl_lib.c    |  13 +++-
 test/danetest.in | 192 +++++++++++++++++++++++++++++++++++------------
 2 files changed, 156 insertions(+), 49 deletions(-)

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index e5603b9130..b5cc4af2f0 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -355,8 +355,19 @@ static int dane_tlsa_add(SSL_DANE *dane,
             }
 
             if ((DANETLS_USAGE_BIT(usage) & DANETLS_TA_MASK) == 0) {
+                /*
+                 * The Full(0) certificate decodes to a seemingly valid X.509
+                 * object with a plausible key, so the TLSA record is well
+                 * formed.  However, we don't actually need the certifiate for
+                 * usages PKIX-EE(1) or DANE-EE(3), because at least the EE
+                 * certificate is always presented by the peer.  We discard the
+                 * certificate, and just use the TLSA data as an opaque blob
+                 * for matching the raw presented DER octets.
+                 *
+                 * DO NOT FREE `t` here, it will be added to the TLSA record
+                 * list below!
+                 */
                 X509_free(cert);
-                tlsa_free(t);
                 break;
             }
 
diff --git a/test/danetest.in b/test/danetest.in
index 118da21e75..4df32e4258 100644
--- a/test/danetest.in
+++ b/test/danetest.in
@@ -50,7 +50,7 @@
 
 # 1
 1 1 1 0 0
-3 0 1 588FD5F414E3327EAFE3169DC040AE161247D1296BF38304AB9CF464850A1365
+3 0 0 3081ec308193a003020102020101300a06082a8648ce3d0403023000301e170d3135313231343030313033345a170d3135313231333030313033345a30003059301306072a8648ce3d020106082a8648ce3d03010703420004c5a4ffa008eebc0369b974799f9479cb47360544fafc02c4204fb3df31e88a1a4f18c85831e93f985c5b231094541b4316b5cb1c9c0c950886fe1143f39f6109300a06082a8648ce3d040302034800304502206ae7b7a870df21081e9a9896020aaf8560984875c812b36d671631abc879f872022100b0889ad2b3814ee64bddd5a7f6a98dea43cb435049469cb50a4404cbdeee1fd6
 subject=
 issuer=
 notBefore=Dec 14 00:10:34 2015 GMT
@@ -65,7 +65,7 @@ yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN6kPLQ1BJRpy1CkQEy97uH9Y=
 
 # 2
 1 1 1 0 0
-3 1 1 05C66146D7909EAE2379825F6D0F5284146B79598DA12E403DC29C33147CF33E
+3 1 0 3059301306072a8648ce3d020106082a8648ce3d03010703420004c5a4ffa008eebc0369b974799f9479cb47360544fafc02c4204fb3df31e88a1a4f18c85831e93f985c5b231094541b4316b5cb1c9c0c950886fe1143f39f6109
 subject=
 issuer=
 notBefore=Dec 14 00:10:34 2015 GMT
@@ -80,7 +80,7 @@ yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN6kPLQ1BJRpy1CkQEy97uH9Y=
 
 # 3
 1 1 1 0 0
-3 0 2 42BEE929852C8063A0D619B53D0DD35703BBAD2FC25F2055F737C7A14DDFEA544491F8C00F50FA083BD0AD1B5C98529994FF811BBA5E5170CC6EE9F3ED5563E1
+3 0 1 588FD5F414E3327EAFE3169DC040AE161247D1296BF38304AB9CF464850A1365
 subject=
 issuer=
 notBefore=Dec 14 00:10:34 2015 GMT
@@ -95,7 +95,7 @@ yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN6kPLQ1BJRpy1CkQEy97uH9Y=
 
 # 4
 1 1 1 0 0
-3 1 2 D91A3E5DC34879CD77AD1E989F56FA78FACADF05EF8D445EDF5652BD58EE392C87C02F84C0119D62309041F2D5128A73399DF25D1F47BCD497357EAF1A1009A3
+3 1 1 05C66146D7909EAE2379825F6D0F5284146B79598DA12E403DC29C33147CF33E
 subject=
 issuer=
 notBefore=Dec 14 00:10:34 2015 GMT
@@ -109,6 +109,36 @@ yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN6kPLQ1BJRpy1CkQEy97uH9Y=
 -----END CERTIFICATE-----
 
 # 5
+1 1 1 0 0
+3 0 2 42BEE929852C8063A0D619B53D0DD35703BBAD2FC25F2055F737C7A14DDFEA544491F8C00F50FA083BD0AD1B5C98529994FF811BBA5E5170CC6EE9F3ED5563E1
+subject=
+issuer=
+notBefore=Dec 14 00:10:34 2015 GMT
+notAfter=Dec 13 00:10:34 2015 GMT
+-----BEGIN CERTIFICATE-----
+MIHsMIGToAMCAQICAQEwCgYIKoZIzj0EAwIwADAeFw0xNTEyMTQwMDEwMzRaFw0x
+NTEyMTMwMDEwMzRaMAAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATFpP+gCO68
+A2m5dHmflHnLRzYFRPr8AsQgT7PfMeiKGk8YyFgx6T+YXFsjEJRUG0MWtcscnAyV
+CIb+EUPzn2EJMAoGCCqGSM49BAMCA0gAMEUCIGrnt6hw3yEIHpqYlgIKr4VgmEh1
+yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN6kPLQ1BJRpy1CkQEy97uH9Y=
+-----END CERTIFICATE-----
+
+# 6
+1 1 1 0 0
+3 1 2 D91A3E5DC34879CD77AD1E989F56FA78FACADF05EF8D445EDF5652BD58EE392C87C02F84C0119D62309041F2D5128A73399DF25D1F47BCD497357EAF1A1009A3
+subject=
+issuer=
+notBefore=Dec 14 00:10:34 2015 GMT
+notAfter=Dec 13 00:10:34 2015 GMT
+-----BEGIN CERTIFICATE-----
+MIHsMIGToAMCAQICAQEwCgYIKoZIzj0EAwIwADAeFw0xNTEyMTQwMDEwMzRaFw0x
+NTEyMTMwMDEwMzRaMAAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATFpP+gCO68
+A2m5dHmflHnLRzYFRPr8AsQgT7PfMeiKGk8YyFgx6T+YXFsjEJRUG0MWtcscnAyV
+CIb+EUPzn2EJMAoGCCqGSM49BAMCA0gAMEUCIGrnt6hw3yEIHpqYlgIKr4VgmEh1
+yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN6kPLQ1BJRpy1CkQEy97uH9Y=
+-----END CERTIFICATE-----
+
+# 7
 1 1 1 65 -1
 3 0 1 588FD5F414E3327EAFE3169DC040AE161247D1296BF38304AB9CF464850A1366
 subject=
@@ -123,7 +153,7 @@ CIb+EUPzn2EJMAoGCCqGSM49BAMCA0gAMEUCIGrnt6hw3yEIHpqYlgIKr4VgmEh1
 yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN6kPLQ1BJRpy1CkQEy97uH9Y=
 -----END CERTIFICATE-----
 
-# 6
+# 8
 1 1 1 65 -1
 3 1 1 05C66146D7909EAE2379825F6D0F5284146B79598DA12E403DC29C33147CF33F
 subject=
@@ -138,7 +168,7 @@ CIb+EUPzn2EJMAoGCCqGSM49BAMCA0gAMEUCIGrnt6hw3yEIHpqYlgIKr4VgmEh1
 yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN6kPLQ1BJRpy1CkQEy97uH9Y=
 -----END CERTIFICATE-----
 
-# 7
+# 9
 1 1 1 65 -1
 3 0 2 42BEE929852C8063A0D619B53D0DD35703BBAD2FC25F2055F737C7A14DDFEA544491F8C00F50FA083BD0AD1B5C98529994FF811BBA5E5170CC6EE9F3ED5563E2
 subject=
@@ -153,7 +183,7 @@ CIb+EUPzn2EJMAoGCCqGSM49BAMCA0gAMEUCIGrnt6hw3yEIHpqYlgIKr4VgmEh1
 yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN6kPLQ1BJRpy1CkQEy97uH9Y=
 -----END CERTIFICATE-----
 
-# 8
+# 10
 1 1 1 65 -1
 3 1 2 D91A3E5DC34879CD77AD1E989F56FA78FACADF05EF8D445EDF5652BD58EE392C87C02F84C0119D62309041F2D5128A73399DF25D1F47BCD497357EAF1A1009A4
 subject=
@@ -170,7 +200,7 @@ yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN6kPLQ1BJRpy1CkQEy97uH9Y=
 
 ## -- DANE-?? chain tests --
 
-# 9
+# 11
 1 3 0 0 0
 3 0 1 BEDC04764CECAE80AEE454D332758F50847DCA424216466E4012E0DEAE1F2E5F
 subject= /CN=example.com
@@ -217,7 +247,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv
 vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
 -----END CERTIFICATE-----
 
-# 10
+# 12
 1 3 0 0 0
 3 1 1 3111668338043DE264D0256A702248696C9484B6221A42740F920187B4C61838
 subject= /CN=example.com
@@ -264,7 +294,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv
 vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
 -----END CERTIFICATE-----
 
-# 11
+# 13
 1 3 0 0 0
 3 0 2 F756CCD61F3CA50D017653911701CA0052AF0B29E273DD263DD23643D86D4369D03686BD1369EF54BB2DC2DAE3CE4F05AF39D54648F94D54AA86B259AEAD9923
 subject= /CN=example.com
@@ -311,7 +341,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv
 vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
 -----END CERTIFICATE-----
 
-# 12
+# 14
 1 3 0 0 0
 3 1 2 CB861AF6DDED185EE04472A9092052CCC735120C34785E72C996C94B122EBA6F329BE630B1B4C6E2756E7A75392C21E253C6AEACC31FD45FF4595DED375FAF62
 subject= /CN=example.com
@@ -358,7 +388,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv
 vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
 -----END CERTIFICATE-----
 
-# 13
+# 15
 1 3 0 0 1
 2 0 1 0DAA76425A1FC398C55A643D5A2485AE4CC2B64B9515A75054722B2E83C31BBD
 subject= /CN=example.com
@@ -405,7 +435,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv
 vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
 -----END CERTIFICATE-----
 
-# 14
+# 16
 1 3 0 0 1
 2 1 1 65A457617072DA3E7F1152471EB3D406526530097D0A9AA34EB47C990A1FCDA3
 subject= /CN=example.com
@@ -452,7 +482,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv
 vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
 -----END CERTIFICATE-----
 
-# 15
+# 17
 1 3 0 0 1
 2 0 2 6BC0C0F2500320A49392910965263A3EBDD594173D3E36CCE38A003D2EC3FAFBC315EDB776CD3139637DF494FB60359601542A4F821BF0542F926E6270C9762C
 subject= /CN=example.com
@@ -499,7 +529,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv
 vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
 -----END CERTIFICATE-----
 
-# 16
+# 18
 1 3 0 0 1
 2 1 2 1F484106F765B6F1AC483CC509CDAD36486A83D1BA115F562516F407C1109303658408B455824DA0785A252B205DBEECB1AFB5DB869E8AAC242091B63F258F05
 subject= /CN=example.com
@@ -546,7 +576,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv
 vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
 -----END CERTIFICATE-----
 
-# 17
+# 19
 1 3 0 0 2
 2 0 1 FE7C8E01110627A782765E468D8CB4D2CC7907EAC4BA5974CD92B540ED2AAC3C
 subject= /CN=example.com
@@ -593,7 +623,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv
 vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
 -----END CERTIFICATE-----
 
-# 18
+# 20
 1 3 0 0 2
 2 1 1 91D942E4A2D4226DDAF28CADAA7F13018E4ED0D9A43A529247E51C965188576C
 subject= /CN=example.com
@@ -640,7 +670,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv
 vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
 -----END CERTIFICATE-----
 
-# 19
+# 21
 1 3 0 0 2
 2 0 2 361029F20A3B59DAFAAF05D41811EFC1A9439B972BC6B9D7F13BC5469570E49ACAE0CB0C877C75D58346590EA950AC7A39AED6E8AA8004EA7F5DE3AB9462047E
 subject= /CN=example.com
@@ -687,7 +717,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv
 vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
 -----END CERTIFICATE-----
 
-# 20
+# 22
 1 3 0 0 2
 2 1 2 5F414D4D7BFDF22E39952D9F46C51370FDD050F10C55B4CDB42E40FA98611FDE23EEE9B23315EE1ECDB198C7419E9A2D6742860E4806AF45164507799C3B452E
 subject= /CN=example.com
@@ -736,7 +766,73 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
 
 ## -- PKIX-?? chain tests --
 
-# 21
+# 23
+1 2 0 0 0
+1 0 0 308201943082013ba003020102020102300a06082a8648ce3d04030230143112301006035504030c094973737565722043413020170d3135313231333233323335325a180f33303135303431353233323335325a30163114301206035504030c0b6578616d706c652e636f6d3059301306072a8648ce3d020106082a8648ce3d03010703420004664995f47bde35e7b4de48b258e9e8a07adebbdb863b3d06f481a1946c83da9f56cff4d9389b855d2f364b1585b0c734fcfa263026964ff5a4308b3fc879bdb8a37a3078301d0603551d0e041604145b20ca417d9088c7a4c017cb6c0c1c739bb07d8a301f0603551d230418301680147ab75a3cd295ca5df7c5150916e18ff5cc376a1530090603551d130402300030130603551d25040c300a06082b0601050507030130160603551d11040f300d820b6578616d706c652e636f6d300a06082a8648ce3d0403020347003044021f21c9032a5c8a93872d3f4aef321a9574dd956d43bd93c369944c72d6902858022100c8b3290d7af37e571a84d704dbad339d2987d41852dc5936f212947063911181
+subject= /CN=example.com
+issuer= /CN=Issuer CA
+notBefore=Dec 13 23:23:52 2015 GMT
+notAfter=Apr 15 23:23:52 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg
+Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM
+C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0
+3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk
+MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud
+IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww
+CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID
+RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X
+GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
+-----END CERTIFICATE-----
+subject= /CN=Issuer CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:20:09 2015 GMT
+notAfter=Apr 15 23:20:09 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ
+c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG
+aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY
+XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw
+FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD
+AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1
+GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
+-----END CERTIFICATE-----
+
+# 24
+1 2 0 0 0
+1 1 0 3059301306072a8648ce3d020106082a8648ce3d03010703420004664995f47bde35e7b4de48b258e9e8a07adebbdb863b3d06f481a1946c83da9f56cff4d9389b855d2f364b1585b0c734fcfa263026964ff5a4308b3fc879bdb8
+subject= /CN=example.com
+issuer= /CN=Issuer CA
+notBefore=Dec 13 23:23:52 2015 GMT
+notAfter=Apr 15 23:23:52 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg
+Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM
+C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0
+3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk
+MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud
+IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww
+CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID
+RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X
+GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
+-----END CERTIFICATE-----
+subject= /CN=Issuer CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:20:09 2015 GMT
+notAfter=Apr 15 23:20:09 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ
+c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG
+aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY
+XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw
+FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD
+AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1
+GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
+-----END CERTIFICATE-----
+
+# 25
 1 2 0 0 0
 1 0 1 BEDC04764CECAE80AEE454D332758F50847DCA424216466E4012E0DEAE1F2E5F
 subject= /CN=example.com
@@ -769,7 +865,7 @@ AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1
 GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
 -----END CERTIFICATE-----
 
-# 22
+# 26
 1 2 0 0 0
 1 1 1 3111668338043DE264D0256A702248696C9484B6221A42740F920187B4C61838
 subject= /CN=example.com
@@ -802,7 +898,7 @@ AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1
 GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
 -----END CERTIFICATE-----
 
-# 23
+# 27
 1 3 0 0 0
 1 0 2 F756CCD61F3CA50D017653911701CA0052AF0B29E273DD263DD23643D86D4369D03686BD1369EF54BB2DC2DAE3CE4F05AF39D54648F94D54AA86B259AEAD9923
 subject= /CN=example.com
@@ -849,7 +945,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv
 vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
 -----END CERTIFICATE-----
 
-# 24
+# 28
 1 3 0 0 0
 1 1 2 CB861AF6DDED185EE04472A9092052CCC735120C34785E72C996C94B122EBA6F329BE630B1B4C6E2756E7A75392C21E253C6AEACC31FD45FF4595DED375FAF62
 subject= /CN=example.com
@@ -896,7 +992,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv
 vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
 -----END CERTIFICATE-----
 
-# 25
+# 29
 1 2 0 0 1
 0 0 1 0DAA76425A1FC398C55A643D5A2485AE4CC2B64B9515A75054722B2E83C31BBD
 subject= /CN=example.com
@@ -929,7 +1025,7 @@ AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1
 GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
 -----END CERTIFICATE-----
 
-# 26
+# 30
 1 2 0 0 1
 0 1 1 65A457617072DA3E7F1152471EB3D406526530097D0A9AA34EB47C990A1FCDA3
 subject= /CN=example.com
@@ -962,7 +1058,7 @@ AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1
 GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
 -----END CERTIFICATE-----
 
-# 27
+# 31
 1 3 0 0 1
 0 0 2 6BC0C0F2500320A49392910965263A3EBDD594173D3E36CCE38A003D2EC3FAFBC315EDB776CD3139637DF494FB60359601542A4F821BF0542F926E6270C9762C
 subject= /CN=example.com
@@ -1009,7 +1105,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv
 vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
 -----END CERTIFICATE-----
 
-# 28
+# 32
 1 3 0 0 1
 0 1 2 1F484106F765B6F1AC483CC509CDAD36486A83D1BA115F562516F407C1109303658408B455824DA0785A252B205DBEECB1AFB5DB869E8AAC242091B63F258F05
 subject= /CN=example.com
@@ -1056,7 +1152,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv
 vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
 -----END CERTIFICATE-----
 
-# 29
+# 33
 1 2 0 0 2
 0 0 1 FE7C8E01110627A782765E468D8CB4D2CC7907EAC4BA5974CD92B540ED2AAC3C
 subject= /CN=example.com
@@ -1089,7 +1185,7 @@ AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1
 GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
 -----END CERTIFICATE-----
 
-# 30
+# 34
 1 2 0 0 2
 0 1 1 91D942E4A2D4226DDAF28CADAA7F13018E4ED0D9A43A529247E51C965188576C
 subject= /CN=example.com
@@ -1122,7 +1218,7 @@ AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1
 GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
 -----END CERTIFICATE-----
 
-# 31
+# 35
 1 3 0 0 2
 0 0 2 361029F20A3B59DAFAAF05D41811EFC1A9439B972BC6B9D7F13BC5469570E49ACAE0CB0C877C75D58346590EA950AC7A39AED6E8AA8004EA7F5DE3AB9462047E
 subject= /CN=example.com
@@ -1169,7 +1265,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv
 vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
 -----END CERTIFICATE-----
 
-# 32
+# 36
 1 3 0 0 2
 0 1 2 5F414D4D7BFDF22E39952D9F46C51370FDD050F10C55B4CDB42E40FA98611FDE23EEE9B23315EE1ECDB198C7419E9A2D6742860E4806AF45164507799C3B452E
 subject= /CN=example.com
@@ -1218,7 +1314,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
 
 ## -- PKIX-?? chain failures --
 
-# 33
+# 37
 # Missing intermediate CA
 1 1 0 20 0
 1 0 1 BEDC04764CECAE80AEE454D332758F50847DCA424216466E4012E0DEAE1F2E5F
@@ -1238,7 +1334,7 @@ RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X
 GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
 -----END CERTIFICATE-----
 
-# 34
+# 38
 # Missing PKIX intermediate, provided via DNS
 2 1 0 0 0
 1 1 1 3111668338043DE264D0256A702248696C9484B6221A42740F920187B4C61838
@@ -1259,7 +1355,7 @@ RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X
 GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
 -----END CERTIFICATE-----
 
-# 35
+# 39
 # Wrong leaf digest
 1 3 0 65 -1
 1 0 2 F756CCD61F3CA50D017653911701CA0052AF0B29E273DD263DD23643D86D4369D03686BD1369EF54BB2DC2DAE3CE4F05AF39D54648F94D54AA86B259AEAD9924
@@ -1307,7 +1403,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv
 vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
 -----END CERTIFICATE-----
 
-# 36
+# 40
 # Wrong intermediate digest
 1 2 0 65 -1
 0 0 1 0DAA76425A1FC398C55A643D5A2485AE4CC2B64B9515A75054722B2E83C31BBE
@@ -1341,7 +1437,7 @@ AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1
 GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
 -----END CERTIFICATE-----
 
-# 37
+# 41
 # Wrong root digest
 1 2 0 65 -1
 0 0 1 FE7C8E01110627A782765E468D8CB4D2CC7907EAC4BA5974CD92B540ED2AAC3D
@@ -1377,7 +1473,7 @@ GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
 
 ## -- Mixed usage cases
 
-# 38
+# 42
 # DANE-EE(3) beats DANE-TA(2)
 1 3 0 0 0
 3 1 2 CB861AF6DDED185EE04472A9092052CCC735120C34785E72C996C94B122EBA6F329BE630B1B4C6E2756E7A75392C21E253C6AEACC31FD45FF4595DED375FAF62
@@ -1426,7 +1522,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv
 vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
 -----END CERTIFICATE-----
 
-# 39
+# 43
 # DANE-TA(2) depth 1 beats DANE-TA(2) depth 2
 1 3 0 0 1
 2 1 2 1F484106F765B6F1AC483CC509CDAD36486A83D1BA115F562516F407C1109303658408B455824DA0785A252B205DBEECB1AFB5DB869E8AAC242091B63F258F05
@@ -1475,7 +1571,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv
 vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
 -----END CERTIFICATE-----
 
-# 40
+# 44
 # DANE-TA(2) depth 2 beats PKIX-TA(0) depth 1
 1 3 0 0 2
 2 0 1 FE7C8E01110627A782765E468D8CB4D2CC7907EAC4BA5974CD92B540ED2AAC3C
@@ -1524,7 +1620,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv
 vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
 -----END CERTIFICATE-----
 
-# 41
+# 45
 # DANE-TA(2) depth 2 beats PKIX-EE depth 0
 1 3 0 0 2
 2 0 1 FE7C8E01110627A782765E468D8CB4D2CC7907EAC4BA5974CD92B540ED2AAC3C
@@ -1573,7 +1669,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv
 vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
 -----END CERTIFICATE-----
 
-# 42
+# 46
 # DANE-TA(2) Full(0) root "from DNS":
 1 2 0 0 2
 2 0 0 308201643082010BA003020102020101300A06082A8648CE3D04030230123110300E06035504030C07526F6F742043413020170D3135313231333233313330385A180F33303135303431353233313330385A30123110300E06035504030C07526F6F742043413059301306072A8648CE3D020106082A8648CE3D03010703420004D1DA578FD18FB86456B0D91B5656BDD68D4DDBD250E337571127C75E0560F41D0AF91BFAF8805F80C28C026A14D4FE8C30A9673B9EC0C05A84AA810D1341B76CA350304E301D0603551D0E04160414E4BD405F052A820DDF9883F93D7D3F90AAEC723F301F0603551D23041830168014E4BD405F052A820DDF9883F93D7D3F90AAEC723F300C0603551D13040530030101FF300A06082A8648CE3D040302034700304402206869E6AA9F9B4D4BF308091A5A7AB2C30E3619B0D75E528819468E4BB926F4C9022017F1B8458611966FBC109CAED3582966BF25FC0598EABA6C793C58DCC3537CC5
@@ -1607,7 +1703,7 @@ AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1
 GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
 -----END CERTIFICATE-----
 
-# 43
+# 47
 # DANE-TA(2) Full(0) intermediate "from DNS":
 1 1 0 0 1
 2 0 0 308201683082010DA003020102020102300A06082A8648CE3D04030230123110300E06035504030C07526F6F742043413020170D3135313231333233323030395A180F33303135303431353233323030395A30143112301006035504030C094973737565722043413059301306072A8648CE3D020106082A8648CE3D030107034200047D4BAE18B49F5DC69D0A3C85C66A3E2119DE92CFAD081FAD55C12D510EC97B6C00E13695A8D9713548FE60DF15573390433E2A1BD92DB4B7AA016EC6185DC5AFA350304E301D0603551D0E041604147AB75A3CD295CA5DF7C5150916E18FF5CC376A15301F0603551D23041830168014E4BD405F052A820DDF9883F93D7D3F90AAEC723F300C0603551D13040530030101FF300A06082A8648CE3D0403020349003046022100831DCD882DA8785D50E41020898C0248879DDDF72D701D1DC1DE6BE08155B43E022100B84B2FB519C4CD3CBC791603D4488F7707597DB7980D9C173E7FDD0ECD7CA308
@@ -1627,7 +1723,7 @@ RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X
 GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
 -----END CERTIFICATE-----
 
-# 44
+# 48
 # DANE-TA(2) SPKI(1) Full(0) intermediate "from DNS":
 1 1 0 0 0
 2 1 0 3059301306072A8648CE3D020106082A8648CE3D030107034200047D4BAE18B49F5DC69D0A3C85C66A3E2119DE92CFAD081FAD55C12D510EC97B6C00E13695A8D9713548FE60DF15573390433E2A1BD92DB4B7AA016EC6185DC5AF
@@ -1647,7 +1743,7 @@ RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X
 GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
 -----END CERTIFICATE-----
 
-# 45
+# 49
 # DANE-TA(2) SPKI(1) Full(0) root "from DNS":
 1 2 0 0 1
 2 1 0 3059301306072A8648CE3D020106082A8648CE3D03010703420004D1DA578FD18FB86456B0D91B5656BDD68D4DDBD250E337571127C75E0560F41D0AF91BFAF8805F80C28C026A14D4FE8C30A9673B9EC0C05A84AA810D1341B76C
@@ -1681,7 +1777,7 @@ AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1
 GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
 -----END CERTIFICATE-----
 
-# 46
+# 50
 # Mismatched name "example.org", should still succeed given a
 # DANE-EE(3) match.
 1 3 1 0 0
@@ -1730,7 +1826,7 @@ AgNJADBGAiEAumhPWZ37swl10awM/amX+jv0UlUyJBf8RGA6QMG5bwICIQDbinER
 fEevg+GOsr1P6nNMCAsQd9NwsvTQ+jm+TBArWQ==
 -----END CERTIFICATE-----
 
-# 47
+# 51
 # Mismatched name "example.org", should fail despite a DANE-TA(2)
 # match for the intermediate CA.
 1 3 0 62 1
@@ -1779,7 +1875,7 @@ AgNJADBGAiEAumhPWZ37swl10awM/amX+jv0UlUyJBf8RGA6QMG5bwICIQDbinER
 fEevg+GOsr1P6nNMCAsQd9NwsvTQ+jm+TBArWQ==
 -----END CERTIFICATE-----
 
-# 48
+# 52
 # Mismatched name "example.org", should fail despite a DANE-TA(2)
 # match for the root CA.
 1 3 0 62 2
@@ -1828,7 +1924,7 @@ AgNJADBGAiEAumhPWZ37swl10awM/amX+jv0UlUyJBf8RGA6QMG5bwICIQDbinER
 fEevg+GOsr1P6nNMCAsQd9NwsvTQ+jm+TBArWQ==
 -----END CERTIFICATE-----
 
-# 49
+# 53
 # Mismatched name "example.org", should fail when name checks
 # are not disabled for DANE-EE(3).
 1 3 0 62 0
-- 
Gitee


From 572c6273ad28a7bf5fccf8240d27726b20141ec9 Mon Sep 17 00:00:00 2001
From: Viktor Dukhovni <openssl-users@dukhovni.org>
Date: Mon, 27 Nov 2023 11:23:54 -0500
Subject: [PATCH 02/21] Add last missing TLSA usage/selector/mtype test case

There were no PKIX-TA(0) SPKI(1) Full(0) (i.e. "0 1 0") test cases in
"danetest.in".

There is now at least a success case, which will exercise freeing the public
key after it is sanity checked, since with PKIX-TA(0) there's nothing we can do
with just the raw public key, a full chain to a local trust anchor is in any
case required.

The failure (to match) code path is already well oiled, but failure to decode
while adding malfored TLSA records could still use some additional tests...

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22821)

(cherry picked from commit c8fe4b5948486e792016208f7c8ccea9c380f354)
Signed-off-by: fly2x <fly2x@hitls.org>
---
 test/danetest.in | 79 ++++++++++++++++++++++++++++++++++--------------
 1 file changed, 56 insertions(+), 23 deletions(-)

diff --git a/test/danetest.in b/test/danetest.in
index 4df32e4258..e7aa8c6aba 100644
--- a/test/danetest.in
+++ b/test/danetest.in
@@ -1027,7 +1027,7 @@ GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
 
 # 30
 1 2 0 0 1
-0 1 1 65A457617072DA3E7F1152471EB3D406526530097D0A9AA34EB47C990A1FCDA3
+0 1 0 3059301306072a8648ce3d020106082a8648ce3d030107034200047d4bae18b49f5dc69d0a3c85c66a3e2119de92cfad081fad55c12d510ec97b6c00e13695a8d9713548fe60df15573390433e2a1bd92db4b7aa016ec6185dc5af
 subject= /CN=example.com
 issuer= /CN=Issuer CA
 notBefore=Dec 13 23:23:52 2015 GMT
@@ -1059,6 +1059,39 @@ GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
 -----END CERTIFICATE-----
 
 # 31
+1 2 0 0 1
+0 1 1 65A457617072DA3E7F1152471EB3D406526530097D0A9AA34EB47C990A1FCDA3
+subject= /CN=example.com
+issuer= /CN=Issuer CA
+notBefore=Dec 13 23:23:52 2015 GMT
+notAfter=Apr 15 23:23:52 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg
+Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM
+C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0
+3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk
+MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud
+IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww
+CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID
+RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X
+GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
+-----END CERTIFICATE-----
+subject= /CN=Issuer CA
+issuer= /CN=Root CA
+notBefore=Dec 13 23:20:09 2015 GMT
+notAfter=Apr 15 23:20:09 3015 GMT
+-----BEGIN CERTIFICATE-----
+MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB
+MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ
+c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG
+aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY
+XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw
+FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD
+AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1
+GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
+-----END CERTIFICATE-----
+
+# 32
 1 3 0 0 1
 0 0 2 6BC0C0F2500320A49392910965263A3EBDD594173D3E36CCE38A003D2EC3FAFBC315EDB776CD3139637DF494FB60359601542A4F821BF0542F926E6270C9762C
 subject= /CN=example.com
@@ -1105,7 +1138,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv
 vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
 -----END CERTIFICATE-----
 
-# 32
+# 33
 1 3 0 0 1
 0 1 2 1F484106F765B6F1AC483CC509CDAD36486A83D1BA115F562516F407C1109303658408B455824DA0785A252B205DBEECB1AFB5DB869E8AAC242091B63F258F05
 subject= /CN=example.com
@@ -1152,7 +1185,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv
 vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
 -----END CERTIFICATE-----
 
-# 33
+# 34
 1 2 0 0 2
 0 0 1 FE7C8E01110627A782765E468D8CB4D2CC7907EAC4BA5974CD92B540ED2AAC3C
 subject= /CN=example.com
@@ -1185,7 +1218,7 @@ AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1
 GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
 -----END CERTIFICATE-----
 
-# 34
+# 35
 1 2 0 0 2
 0 1 1 91D942E4A2D4226DDAF28CADAA7F13018E4ED0D9A43A529247E51C965188576C
 subject= /CN=example.com
@@ -1218,7 +1251,7 @@ AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1
 GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
 -----END CERTIFICATE-----
 
-# 35
+# 36
 1 3 0 0 2
 0 0 2 361029F20A3B59DAFAAF05D41811EFC1A9439B972BC6B9D7F13BC5469570E49ACAE0CB0C877C75D58346590EA950AC7A39AED6E8AA8004EA7F5DE3AB9462047E
 subject= /CN=example.com
@@ -1265,7 +1298,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv
 vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
 -----END CERTIFICATE-----
 
-# 36
+# 37
 1 3 0 0 2
 0 1 2 5F414D4D7BFDF22E39952D9F46C51370FDD050F10C55B4CDB42E40FA98611FDE23EEE9B23315EE1ECDB198C7419E9A2D6742860E4806AF45164507799C3B452E
 subject= /CN=example.com
@@ -1314,7 +1347,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
 
 ## -- PKIX-?? chain failures --
 
-# 37
+# 38
 # Missing intermediate CA
 1 1 0 20 0
 1 0 1 BEDC04764CECAE80AEE454D332758F50847DCA424216466E4012E0DEAE1F2E5F
@@ -1334,7 +1367,7 @@ RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X
 GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
 -----END CERTIFICATE-----
 
-# 38
+# 39
 # Missing PKIX intermediate, provided via DNS
 2 1 0 0 0
 1 1 1 3111668338043DE264D0256A702248696C9484B6221A42740F920187B4C61838
@@ -1355,7 +1388,7 @@ RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X
 GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
 -----END CERTIFICATE-----
 
-# 39
+# 40
 # Wrong leaf digest
 1 3 0 65 -1
 1 0 2 F756CCD61F3CA50D017653911701CA0052AF0B29E273DD263DD23643D86D4369D03686BD1369EF54BB2DC2DAE3CE4F05AF39D54648F94D54AA86B259AEAD9924
@@ -1403,7 +1436,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv
 vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
 -----END CERTIFICATE-----
 
-# 40
+# 41
 # Wrong intermediate digest
 1 2 0 65 -1
 0 0 1 0DAA76425A1FC398C55A643D5A2485AE4CC2B64B9515A75054722B2E83C31BBE
@@ -1437,7 +1470,7 @@ AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1
 GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
 -----END CERTIFICATE-----
 
-# 41
+# 42
 # Wrong root digest
 1 2 0 65 -1
 0 0 1 FE7C8E01110627A782765E468D8CB4D2CC7907EAC4BA5974CD92B540ED2AAC3D
@@ -1473,7 +1506,7 @@ GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
 
 ## -- Mixed usage cases
 
-# 42
+# 43
 # DANE-EE(3) beats DANE-TA(2)
 1 3 0 0 0
 3 1 2 CB861AF6DDED185EE04472A9092052CCC735120C34785E72C996C94B122EBA6F329BE630B1B4C6E2756E7A75392C21E253C6AEACC31FD45FF4595DED375FAF62
@@ -1522,7 +1555,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv
 vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
 -----END CERTIFICATE-----
 
-# 43
+# 44
 # DANE-TA(2) depth 1 beats DANE-TA(2) depth 2
 1 3 0 0 1
 2 1 2 1F484106F765B6F1AC483CC509CDAD36486A83D1BA115F562516F407C1109303658408B455824DA0785A252B205DBEECB1AFB5DB869E8AAC242091B63F258F05
@@ -1571,7 +1604,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv
 vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
 -----END CERTIFICATE-----
 
-# 44
+# 45
 # DANE-TA(2) depth 2 beats PKIX-TA(0) depth 1
 1 3 0 0 2
 2 0 1 FE7C8E01110627A782765E468D8CB4D2CC7907EAC4BA5974CD92B540ED2AAC3C
@@ -1620,7 +1653,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv
 vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
 -----END CERTIFICATE-----
 
-# 45
+# 46
 # DANE-TA(2) depth 2 beats PKIX-EE depth 0
 1 3 0 0 2
 2 0 1 FE7C8E01110627A782765E468D8CB4D2CC7907EAC4BA5974CD92B540ED2AAC3C
@@ -1669,7 +1702,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv
 vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF
 -----END CERTIFICATE-----
 
-# 46
+# 47
 # DANE-TA(2) Full(0) root "from DNS":
 1 2 0 0 2
 2 0 0 308201643082010BA003020102020101300A06082A8648CE3D04030230123110300E06035504030C07526F6F742043413020170D3135313231333233313330385A180F33303135303431353233313330385A30123110300E06035504030C07526F6F742043413059301306072A8648CE3D020106082A8648CE3D03010703420004D1DA578FD18FB86456B0D91B5656BDD68D4DDBD250E337571127C75E0560F41D0AF91BFAF8805F80C28C026A14D4FE8C30A9673B9EC0C05A84AA810D1341B76CA350304E301D0603551D0E04160414E4BD405F052A820DDF9883F93D7D3F90AAEC723F301F0603551D23041830168014E4BD405F052A820DDF9883F93D7D3F90AAEC723F300C0603551D13040530030101FF300A06082A8648CE3D040302034700304402206869E6AA9F9B4D4BF308091A5A7AB2C30E3619B0D75E528819468E4BB926F4C9022017F1B8458611966FBC109CAED3582966BF25FC0598EABA6C793C58DCC3537CC5
@@ -1703,7 +1736,7 @@ AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1
 GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
 -----END CERTIFICATE-----
 
-# 47
+# 48
 # DANE-TA(2) Full(0) intermediate "from DNS":
 1 1 0 0 1
 2 0 0 308201683082010DA003020102020102300A06082A8648CE3D04030230123110300E06035504030C07526F6F742043413020170D3135313231333233323030395A180F33303135303431353233323030395A30143112301006035504030C094973737565722043413059301306072A8648CE3D020106082A8648CE3D030107034200047D4BAE18B49F5DC69D0A3C85C66A3E2119DE92CFAD081FAD55C12D510EC97B6C00E13695A8D9713548FE60DF15573390433E2A1BD92DB4B7AA016EC6185DC5AFA350304E301D0603551D0E041604147AB75A3CD295CA5DF7C5150916E18FF5CC376A15301F0603551D23041830168014E4BD405F052A820DDF9883F93D7D3F90AAEC723F300C0603551D13040530030101FF300A06082A8648CE3D0403020349003046022100831DCD882DA8785D50E41020898C0248879DDDF72D701D1DC1DE6BE08155B43E022100B84B2FB519C4CD3CBC791603D4488F7707597DB7980D9C173E7FDD0ECD7CA308
@@ -1723,7 +1756,7 @@ RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X
 GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
 -----END CERTIFICATE-----
 
-# 48
+# 49
 # DANE-TA(2) SPKI(1) Full(0) intermediate "from DNS":
 1 1 0 0 0
 2 1 0 3059301306072A8648CE3D020106082A8648CE3D030107034200047D4BAE18B49F5DC69D0A3C85C66A3E2119DE92CFAD081FAD55C12D510EC97B6C00E13695A8D9713548FE60DF15573390433E2A1BD92DB4B7AA016EC6185DC5AF
@@ -1743,7 +1776,7 @@ RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X
 GoTXBNutM50ph9QYUtxZNvISlHBjkRGB
 -----END CERTIFICATE-----
 
-# 49
+# 50
 # DANE-TA(2) SPKI(1) Full(0) root "from DNS":
 1 2 0 0 1
 2 1 0 3059301306072A8648CE3D020106082A8648CE3D03010703420004D1DA578FD18FB86456B0D91B5656BDD68D4DDBD250E337571127C75E0560F41D0AF91BFAF8805F80C28C026A14D4FE8C30A9673B9EC0C05A84AA810D1341B76C
@@ -1777,7 +1810,7 @@ AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1
 GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA==
 -----END CERTIFICATE-----
 
-# 50
+# 51
 # Mismatched name "example.org", should still succeed given a
 # DANE-EE(3) match.
 1 3 1 0 0
@@ -1826,7 +1859,7 @@ AgNJADBGAiEAumhPWZ37swl10awM/amX+jv0UlUyJBf8RGA6QMG5bwICIQDbinER
 fEevg+GOsr1P6nNMCAsQd9NwsvTQ+jm+TBArWQ==
 -----END CERTIFICATE-----
 
-# 51
+# 52
 # Mismatched name "example.org", should fail despite a DANE-TA(2)
 # match for the intermediate CA.
 1 3 0 62 1
@@ -1875,7 +1908,7 @@ AgNJADBGAiEAumhPWZ37swl10awM/amX+jv0UlUyJBf8RGA6QMG5bwICIQDbinER
 fEevg+GOsr1P6nNMCAsQd9NwsvTQ+jm+TBArWQ==
 -----END CERTIFICATE-----
 
-# 52
+# 53
 # Mismatched name "example.org", should fail despite a DANE-TA(2)
 # match for the root CA.
 1 3 0 62 2
@@ -1924,7 +1957,7 @@ AgNJADBGAiEAumhPWZ37swl10awM/amX+jv0UlUyJBf8RGA6QMG5bwICIQDbinER
 fEevg+GOsr1P6nNMCAsQd9NwsvTQ+jm+TBArWQ==
 -----END CERTIFICATE-----
 
-# 53
+# 54
 # Mismatched name "example.org", should fail when name checks
 # are not disabled for DANE-EE(3).
 1 3 0 62 0
-- 
Gitee


From 6e959a08d44f6dcca82d2c44924dd1d8561e06a2 Mon Sep 17 00:00:00 2001
From: Dmitry Misharov <dmitry@openssl.org>
Date: Thu, 23 Nov 2023 14:22:35 +0100
Subject: [PATCH 03/21] Add self-hosted runners

Added self-hosted runners for freebsd-x86_64 and ubuntu-aarch64.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Anton Arapov <anton@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22804)

(cherry picked from commit 6b7a11d8aa7abe50e6ebdd09a238e0a0df8cd228)
Signed-off-by: fly2x <fly2x@hitls.org>
---
 .github/workflows/ci.yml | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index e9882d3298..830e2d75f7 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -92,6 +92,25 @@ jobs:
     - name: make test
       run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
 
+  self-hosted:
+    strategy:
+      matrix:
+        os: [freebsd-13.2, ubuntu-arm64-22.04]
+    runs-on: ${{ matrix.os }}-self-hosted
+    continue-on-error: true
+    steps:
+    - uses: actions/checkout@v4
+    - name: config
+      run: ./config enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace
+    - name: config dump
+      run: ./configdata.pm --dump
+    - name: make
+      run: make -j4
+    - name: get cpu info
+      run: ./util/opensslwrap.sh version -c
+    - name: make test
+      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
+
   minimal:
     runs-on: ubuntu-latest
     steps:
-- 
Gitee


From c151736aa731f8fb8edc41d842b0c69a2f03971b Mon Sep 17 00:00:00 2001
From: Jamie Cui <jamie.cui@outlook.com>
Date: Wed, 29 Nov 2023 01:28:58 +0000
Subject: [PATCH 04/21] Fix EVP_RAND-SEED-SRC documentation example

Fixes #22810

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22857)

(cherry picked from commit 58d926213f00ba7046d0868de8b37929aa067a1f)
Signed-off-by: fly2x <fly2x@hitls.org>
---
 doc/man7/EVP_RAND-SEED-SRC.pod | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/doc/man7/EVP_RAND-SEED-SRC.pod b/doc/man7/EVP_RAND-SEED-SRC.pod
index 516fa64f57..56f4acd2b8 100644
--- a/doc/man7/EVP_RAND-SEED-SRC.pod
+++ b/doc/man7/EVP_RAND-SEED-SRC.pod
@@ -49,9 +49,10 @@ A context for the seed source can be obtained by calling:
  OSSL_PARAM params[2], *p = params;
  unsigned int strength = 128;
 
- /* Create a seed source */
+ /* Create and instantiate a seed source */
  rand = EVP_RAND_fetch(NULL, "SEED-SRC", NULL);
  seed = EVP_RAND_CTX_new(rand, NULL);
+ EVP_RAND_instantiate(seed, strength, 0, NULL, 0, NULL);
  EVP_RAND_free(rand);
 
  /* Feed this into a DRBG */
-- 
Gitee


From 44b417dde88799d9d1824bcaf8aff75bfba40b63 Mon Sep 17 00:00:00 2001
From: Xi Ruoyao <xry111@xry111.site>
Date: Sat, 25 Nov 2023 16:14:35 +0800
Subject: [PATCH 05/21] bn_nist: Fix strict-aliasing violations in
 little-endian optimizations

The little-endian optimization is doing some type-punning in a way
violating the C standard aliasing rule by loading or storing through a
lvalue with type "unsigned int" but the memory location has effective
type "unsigned long" or "unsigned long long" (BN_ULONG).  Convert these
accesses to use memcpy instead, as memcpy is defined as-is "accessing
through the lvalues with type char" and char is aliasing with all types.

GCC does a good job to optimize away the temporary copies introduced
with the change.  Ideally copying to a temporary unsigned int array,
doing the calculation, and then copying back to `r_d` will make the code
look better, but unfortunately GCC would fail to optimize away this
temporary array then.

I've not touched the LE optimization in BN_nist_mod_224 because it's
guarded by BN_BITS2!=64, then BN_BITS2 must be 32 and BN_ULONG must be
unsigned int, thus there is no aliasing issue in BN_nist_mod_224.

Fixes #12247.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22816)

(cherry picked from commit 990d9ff508070757912c000f0c4132dbb5a0bb0a)
Signed-off-by: fly2x <fly2x@hitls.org>
---
 crypto/bn/bn_nist.c | 126 ++++++++++++++++++++++++++------------------
 1 file changed, 74 insertions(+), 52 deletions(-)

diff --git a/crypto/bn/bn_nist.c b/crypto/bn/bn_nist.c
index 3d4d9a2fb2..d761e5702d 100644
--- a/crypto/bn/bn_nist.c
+++ b/crypto/bn/bn_nist.c
@@ -319,6 +319,28 @@ static void nist_cp_bn(BN_ULONG *dst, const BN_ULONG *src, int top)
 # endif
 #endif                          /* BN_BITS2 != 64 */
 
+#ifdef NIST_INT64
+/* Helpers to load/store a 32-bit word (uint32_t) from/into a memory
+ * location and avoid potential aliasing issue.  */
+static ossl_inline uint32_t load_u32(const void *ptr)
+{
+    uint32_t tmp;
+
+    memcpy(&tmp, ptr, sizeof(tmp));
+    return tmp;
+}
+
+static ossl_inline void store_lo32(void *ptr, NIST_INT64 val)
+{
+    /* A cast is needed for big-endian system: on a 32-bit BE system
+     * NIST_INT64 may be defined as well if the compiler supports 64-bit
+     * long long.  */
+    uint32_t tmp = (uint32_t)val;
+
+    memcpy(ptr, &tmp, sizeof(tmp));
+}
+#endif /* NIST_INT64 */
+
 #define nist_set_192(to, from, a1, a2, a3) \
         { \
         bn_cp_64(to, 0, from, (a3) - 3) \
@@ -374,42 +396,42 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         unsigned int *rp = (unsigned int *)r_d;
         const unsigned int *bp = (const unsigned int *)buf.ui;
 
-        acc = rp[0];
+        acc = load_u32(&rp[0]);
         acc += bp[3 * 2 - 6];
         acc += bp[5 * 2 - 6];
-        rp[0] = (unsigned int)acc;
+        store_lo32(&rp[0], acc);
         acc >>= 32;
 
-        acc += rp[1];
+        acc += load_u32(&rp[1]);
         acc += bp[3 * 2 - 5];
         acc += bp[5 * 2 - 5];
-        rp[1] = (unsigned int)acc;
+        store_lo32(&rp[1], acc);
         acc >>= 32;
 
-        acc += rp[2];
+        acc += load_u32(&rp[2]);
         acc += bp[3 * 2 - 6];
         acc += bp[4 * 2 - 6];
         acc += bp[5 * 2 - 6];
-        rp[2] = (unsigned int)acc;
+        store_lo32(&rp[2], acc);
         acc >>= 32;
 
-        acc += rp[3];
+        acc += load_u32(&rp[3]);
         acc += bp[3 * 2 - 5];
         acc += bp[4 * 2 - 5];
         acc += bp[5 * 2 - 5];
-        rp[3] = (unsigned int)acc;
+        store_lo32(&rp[3], acc);
         acc >>= 32;
 
-        acc += rp[4];
+        acc += load_u32(&rp[4]);
         acc += bp[4 * 2 - 6];
         acc += bp[5 * 2 - 6];
-        rp[4] = (unsigned int)acc;
+        store_lo32(&rp[4], acc);
         acc >>= 32;
 
-        acc += rp[5];
+        acc += load_u32(&rp[5]);
         acc += bp[4 * 2 - 5];
         acc += bp[5 * 2 - 5];
-        rp[5] = (unsigned int)acc;
+        store_lo32(&rp[5], acc);
 
         carry = (int)(acc >> 32);
     }
@@ -683,36 +705,36 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         unsigned int *rp = (unsigned int *)r_d;
         const unsigned int *bp = (const unsigned int *)buf.ui;
 
-        acc = rp[0];
+        acc = load_u32(&rp[0]);
         acc += bp[8 - 8];
         acc += bp[9 - 8];
         acc -= bp[11 - 8];
         acc -= bp[12 - 8];
         acc -= bp[13 - 8];
         acc -= bp[14 - 8];
-        rp[0] = (unsigned int)acc;
+        store_lo32(&rp[0], acc);
         acc >>= 32;
 
-        acc += rp[1];
+        acc += load_u32(&rp[1]);
         acc += bp[9 - 8];
         acc += bp[10 - 8];
         acc -= bp[12 - 8];
         acc -= bp[13 - 8];
         acc -= bp[14 - 8];
         acc -= bp[15 - 8];
-        rp[1] = (unsigned int)acc;
+        store_lo32(&rp[1], acc);
         acc >>= 32;
 
-        acc += rp[2];
+        acc += load_u32(&rp[2]);
         acc += bp[10 - 8];
         acc += bp[11 - 8];
         acc -= bp[13 - 8];
         acc -= bp[14 - 8];
         acc -= bp[15 - 8];
-        rp[2] = (unsigned int)acc;
+        store_lo32(&rp[2], acc);
         acc >>= 32;
 
-        acc += rp[3];
+        acc += load_u32(&rp[3]);
         acc += bp[11 - 8];
         acc += bp[11 - 8];
         acc += bp[12 - 8];
@@ -721,10 +743,10 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         acc -= bp[15 - 8];
         acc -= bp[8 - 8];
         acc -= bp[9 - 8];
-        rp[3] = (unsigned int)acc;
+        store_lo32(&rp[3], acc);
         acc >>= 32;
 
-        acc += rp[4];
+        acc += load_u32(&rp[4]);
         acc += bp[12 - 8];
         acc += bp[12 - 8];
         acc += bp[13 - 8];
@@ -732,10 +754,10 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         acc += bp[14 - 8];
         acc -= bp[9 - 8];
         acc -= bp[10 - 8];
-        rp[4] = (unsigned int)acc;
+        store_lo32(&rp[4], acc);
         acc >>= 32;
 
-        acc += rp[5];
+        acc += load_u32(&rp[5]);
         acc += bp[13 - 8];
         acc += bp[13 - 8];
         acc += bp[14 - 8];
@@ -743,10 +765,10 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         acc += bp[15 - 8];
         acc -= bp[10 - 8];
         acc -= bp[11 - 8];
-        rp[5] = (unsigned int)acc;
+        store_lo32(&rp[5], acc);
         acc >>= 32;
 
-        acc += rp[6];
+        acc += load_u32(&rp[6]);
         acc += bp[14 - 8];
         acc += bp[14 - 8];
         acc += bp[15 - 8];
@@ -755,10 +777,10 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         acc += bp[13 - 8];
         acc -= bp[8 - 8];
         acc -= bp[9 - 8];
-        rp[6] = (unsigned int)acc;
+        store_lo32(&rp[6], acc);
         acc >>= 32;
 
-        acc += rp[7];
+        acc += load_u32(&rp[7]);
         acc += bp[15 - 8];
         acc += bp[15 - 8];
         acc += bp[15 - 8];
@@ -767,7 +789,7 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         acc -= bp[11 - 8];
         acc -= bp[12 - 8];
         acc -= bp[13 - 8];
-        rp[7] = (unsigned int)acc;
+        store_lo32(&rp[7], acc);
 
         carry = (int)(acc >> 32);
     }
@@ -920,32 +942,32 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         unsigned int *rp = (unsigned int *)r_d;
         const unsigned int *bp = (const unsigned int *)buf.ui;
 
-        acc = rp[0];
+        acc = load_u32(&rp[0]);
         acc += bp[12 - 12];
         acc += bp[21 - 12];
         acc += bp[20 - 12];
         acc -= bp[23 - 12];
-        rp[0] = (unsigned int)acc;
+        store_lo32(&rp[0], acc);
         acc >>= 32;
 
-        acc += rp[1];
+        acc += load_u32(&rp[1]);
         acc += bp[13 - 12];
         acc += bp[22 - 12];
         acc += bp[23 - 12];
         acc -= bp[12 - 12];
         acc -= bp[20 - 12];
-        rp[1] = (unsigned int)acc;
+        store_lo32(&rp[1], acc);
         acc >>= 32;
 
-        acc += rp[2];
+        acc += load_u32(&rp[2]);
         acc += bp[14 - 12];
         acc += bp[23 - 12];
         acc -= bp[13 - 12];
         acc -= bp[21 - 12];
-        rp[2] = (unsigned int)acc;
+        store_lo32(&rp[2], acc);
         acc >>= 32;
 
-        acc += rp[3];
+        acc += load_u32(&rp[3]);
         acc += bp[15 - 12];
         acc += bp[12 - 12];
         acc += bp[20 - 12];
@@ -953,10 +975,10 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         acc -= bp[14 - 12];
         acc -= bp[22 - 12];
         acc -= bp[23 - 12];
-        rp[3] = (unsigned int)acc;
+        store_lo32(&rp[3], acc);
         acc >>= 32;
 
-        acc += rp[4];
+        acc += load_u32(&rp[4]);
         acc += bp[21 - 12];
         acc += bp[21 - 12];
         acc += bp[16 - 12];
@@ -967,10 +989,10 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         acc -= bp[15 - 12];
         acc -= bp[23 - 12];
         acc -= bp[23 - 12];
-        rp[4] = (unsigned int)acc;
+        store_lo32(&rp[4], acc);
         acc >>= 32;
 
-        acc += rp[5];
+        acc += load_u32(&rp[5]);
         acc += bp[22 - 12];
         acc += bp[22 - 12];
         acc += bp[17 - 12];
@@ -979,10 +1001,10 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         acc += bp[21 - 12];
         acc += bp[23 - 12];
         acc -= bp[16 - 12];
-        rp[5] = (unsigned int)acc;
+        store_lo32(&rp[5], acc);
         acc >>= 32;
 
-        acc += rp[6];
+        acc += load_u32(&rp[6]);
         acc += bp[23 - 12];
         acc += bp[23 - 12];
         acc += bp[18 - 12];
@@ -990,48 +1012,48 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         acc += bp[14 - 12];
         acc += bp[22 - 12];
         acc -= bp[17 - 12];
-        rp[6] = (unsigned int)acc;
+        store_lo32(&rp[6], acc);
         acc >>= 32;
 
-        acc += rp[7];
+        acc += load_u32(&rp[7]);
         acc += bp[19 - 12];
         acc += bp[16 - 12];
         acc += bp[15 - 12];
         acc += bp[23 - 12];
         acc -= bp[18 - 12];
-        rp[7] = (unsigned int)acc;
+        store_lo32(&rp[7], acc);
         acc >>= 32;
 
-        acc += rp[8];
+        acc += load_u32(&rp[8]);
         acc += bp[20 - 12];
         acc += bp[17 - 12];
         acc += bp[16 - 12];
         acc -= bp[19 - 12];
-        rp[8] = (unsigned int)acc;
+        store_lo32(&rp[8], acc);
         acc >>= 32;
 
-        acc += rp[9];
+        acc += load_u32(&rp[9]);
         acc += bp[21 - 12];
         acc += bp[18 - 12];
         acc += bp[17 - 12];
         acc -= bp[20 - 12];
-        rp[9] = (unsigned int)acc;
+        store_lo32(&rp[9], acc);
         acc >>= 32;
 
-        acc += rp[10];
+        acc += load_u32(&rp[10]);
         acc += bp[22 - 12];
         acc += bp[19 - 12];
         acc += bp[18 - 12];
         acc -= bp[21 - 12];
-        rp[10] = (unsigned int)acc;
+        store_lo32(&rp[10], acc);
         acc >>= 32;
 
-        acc += rp[11];
+        acc += load_u32(&rp[11]);
         acc += bp[23 - 12];
         acc += bp[20 - 12];
         acc += bp[19 - 12];
         acc -= bp[22 - 12];
-        rp[11] = (unsigned int)acc;
+        store_lo32(&rp[11], acc);
 
         carry = (int)(acc >> 32);
     }
-- 
Gitee


From 4366ffb8674554e66919546431f90158c722763a Mon Sep 17 00:00:00 2001
From: lan1120 <lanming@huawei.com>
Date: Wed, 22 Nov 2023 09:45:25 +0800
Subject: [PATCH 06/21] Initialize dstctx->mgf1_md to NULL in rsa_dupctx
 function

Signed-off-by: lan1120 <lanming@huawei.com>

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22795)

(cherry picked from commit f95e3a09173b13dcfae668be6103e64c02222f08)
Signed-off-by: fly2x <fly2x@hitls.org>
---
 providers/implementations/signature/rsa_sig.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
index cd5de6bd51..5876158d27 100644
--- a/providers/implementations/signature/rsa_sig.c
+++ b/providers/implementations/signature/rsa_sig.c
@@ -1011,6 +1011,7 @@ static void *rsa_dupctx(void *vprsactx)
     *dstctx = *srcctx;
     dstctx->rsa = NULL;
     dstctx->md = NULL;
+    dstctx->mgf1_md = NULL;
     dstctx->mdctx = NULL;
     dstctx->tbuf = NULL;
     dstctx->propq = NULL;
-- 
Gitee


From 60bd5d63bf74fcf7b173feaa56f9c9951f357fda Mon Sep 17 00:00:00 2001
From: Sean Bright <sean@seanbright.com>
Date: Mon, 20 Nov 2023 15:08:19 -0500
Subject: [PATCH 07/21] doc: Minor typo in SSL_CTX_set_tmp_dh_callback docs.

well know -> well known

CLA: trivial

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22778)

(cherry picked from commit db04cf25f3e0dda77a3b054ae12ae1874b1ae977)
Signed-off-by: fly2x <fly2x@hitls.org>
---
 doc/man3/SSL_CTX_set_tmp_dh_callback.pod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/man3/SSL_CTX_set_tmp_dh_callback.pod b/doc/man3/SSL_CTX_set_tmp_dh_callback.pod
index c0d69f6f6a..a14f334cfc 100644
--- a/doc/man3/SSL_CTX_set_tmp_dh_callback.pod
+++ b/doc/man3/SSL_CTX_set_tmp_dh_callback.pod
@@ -55,7 +55,7 @@ As generating DH parameters is extremely time consuming, an application
 should not generate the parameters on the fly. DH parameters can be reused, as
 the actual key is newly generated during the negotiation.
 
-Typically applications should use well know DH parameters that have built-in
+Typically applications should use well known DH parameters that have built-in
 support in OpenSSL. The macros SSL_CTX_set_dh_auto() and SSL_set_dh_auto()
 configure OpenSSL to use the default built-in DH parameters for the B<SSL_CTX>
 and B<SSL> objects respectively. Passing a value of 1 in the I<onoff> parameter
-- 
Gitee


From 48ac385c7df1e9c3ca041b72442c2172cf6de3ff Mon Sep 17 00:00:00 2001
From: James Muir <james@openssl.org>
Date: Wed, 29 Nov 2023 12:37:44 -0500
Subject: [PATCH 08/21] rsa-doc: fix typo

"d_i in RFC8017" -> "d_i" in RFC8017

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22868)

(cherry picked from commit c89b553bdc2587b483f38aa1ab2b142cc078343d)
Signed-off-by: fly2x <fly2x@hitls.org>
---
 doc/man7/EVP_PKEY-RSA.pod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/man7/EVP_PKEY-RSA.pod b/doc/man7/EVP_PKEY-RSA.pod
index 161e9d4d71..dcd38fcee8 100644
--- a/doc/man7/EVP_PKEY-RSA.pod
+++ b/doc/man7/EVP_PKEY-RSA.pod
@@ -80,7 +80,7 @@ Up to eight additional "r_i" prime factors are supported.
 =item "rsa-exponent10" (B<OSSL_PKEY_PARAM_RSA_EXPONENT10>) <unsigned integer>
 
 RSA CRT (Chinese Remainder Theorem) exponents. The exponents are known
-as "dP", "dQ" and "d_i in RFC8017".
+as "dP", "dQ" and "d_i" in RFC8017.
 Up to eight additional "d_i" exponents are supported.
 
 =item "rsa-coefficient1" (B<OSSL_PKEY_PARAM_RSA_COEFFICIENT1>) <unsigned integer>
-- 
Gitee


From 50af63fcc5e4ef958e3133884031f9ab63a509e1 Mon Sep 17 00:00:00 2001
From: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Wed, 15 Nov 2023 20:49:51 +0100
Subject: [PATCH 09/21] Fix a possible use after free in
 X509v3_asid_add_id_or_range

And clean up partially created choice objects, which have
still the default type = -1 from ASIdentifierChoice_new().

Fixes #22700

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22745)

(cherry picked from commit 49e9436af3d85963fd6156b7d6f33e0734bf5ba9)
Signed-off-by: fly2x <fly2x@hitls.org>
---
 crypto/x509/v3_asid.c | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/crypto/x509/v3_asid.c b/crypto/x509/v3_asid.c
index 86577d6ca4..4a719d4d11 100644
--- a/crypto/x509/v3_asid.c
+++ b/crypto/x509/v3_asid.c
@@ -169,8 +169,11 @@ int X509v3_asid_add_inherit(ASIdentifiers *asid, int which)
     if (*choice == NULL) {
         if ((*choice = ASIdentifierChoice_new()) == NULL)
             return 0;
-        if (((*choice)->u.inherit = ASN1_NULL_new()) == NULL)
+        if (((*choice)->u.inherit = ASN1_NULL_new()) == NULL) {
+            ASIdentifierChoice_free(*choice);
+            *choice = NULL;
             return 0;
+        }
         (*choice)->type = ASIdentifierChoice_inherit;
     }
     return (*choice)->type == ASIdentifierChoice_inherit;
@@ -196,18 +199,23 @@ int X509v3_asid_add_id_or_range(ASIdentifiers *asid,
     default:
         return 0;
     }
-    if (*choice != NULL && (*choice)->type == ASIdentifierChoice_inherit)
+    if (*choice != NULL && (*choice)->type != ASIdentifierChoice_asIdsOrRanges)
         return 0;
     if (*choice == NULL) {
         if ((*choice = ASIdentifierChoice_new()) == NULL)
             return 0;
         (*choice)->u.asIdsOrRanges = sk_ASIdOrRange_new(ASIdOrRange_cmp);
-        if ((*choice)->u.asIdsOrRanges == NULL)
+        if ((*choice)->u.asIdsOrRanges == NULL) {
+            ASIdentifierChoice_free(*choice);
+            *choice = NULL;
             return 0;
+        }
         (*choice)->type = ASIdentifierChoice_asIdsOrRanges;
     }
     if ((aor = ASIdOrRange_new()) == NULL)
         return 0;
+    if (!sk_ASIdOrRange_reserve((*choice)->u.asIdsOrRanges, 1))
+        goto err;
     if (max == NULL) {
         aor->type = ASIdOrRange_id;
         aor->u.id = min;
@@ -220,7 +228,8 @@ int X509v3_asid_add_id_or_range(ASIdentifiers *asid,
         ASN1_INTEGER_free(aor->u.range->max);
         aor->u.range->max = max;
     }
-    if (!(sk_ASIdOrRange_push((*choice)->u.asIdsOrRanges, aor)))
+    /* Cannot fail due to the reservation above */
+    if (!ossl_assert(sk_ASIdOrRange_push((*choice)->u.asIdsOrRanges, aor)))
         goto err;
     return 1;
 
-- 
Gitee


From 98e3387a16dd2d19045a14d8d8250c313842263f Mon Sep 17 00:00:00 2001
From: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Wed, 15 Nov 2023 19:31:28 +0100
Subject: [PATCH 10/21] Fix a possible memory leak in make_receipt_request

When the CMS_ReceiptRequest cannot be created,
the rct_to and rct_from may be leaked.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22742)

(cherry picked from commit bed7a878107818c297301c6602013d364b266c67)
Signed-off-by: fly2x <fly2x@hitls.org>
---
 apps/cms.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/apps/cms.c b/apps/cms.c
index 0d1730c56f..12095b9641 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -1413,6 +1413,7 @@ static CMS_ReceiptRequest
                       STACK_OF(OPENSSL_STRING) *rr_from)
 {
     STACK_OF(GENERAL_NAMES) *rct_to = NULL, *rct_from = NULL;
+    CMS_ReceiptRequest *rr;
 
     rct_to = make_names_stack(rr_to);
     if (rct_to == NULL)
@@ -1424,10 +1425,14 @@ static CMS_ReceiptRequest
     } else {
         rct_from = NULL;
     }
-    return CMS_ReceiptRequest_create0_ex(NULL, -1, rr_allorfirst, rct_from,
-                                         rct_to, app_get0_libctx());
+    rr = CMS_ReceiptRequest_create0_ex(NULL, -1, rr_allorfirst, rct_from,
+                                       rct_to, app_get0_libctx());
+    if (rr == NULL)
+        goto err;
+    return rr;
  err:
     sk_GENERAL_NAMES_pop_free(rct_to, GENERAL_NAMES_free);
+    sk_GENERAL_NAMES_pop_free(rct_from, GENERAL_NAMES_free);
     return NULL;
 }
 
-- 
Gitee


From 0c543ec6c8f8ca90d03ea069920462281db3503d Mon Sep 17 00:00:00 2001
From: James Muir <james@openssl.org>
Date: Tue, 28 Nov 2023 22:43:52 -0500
Subject: [PATCH 11/21] evp-cmac: do not seg-fault when getting mac-size before
 init

Add null check to cmac_size().  This avoids a seg-fault encountered
with cmac when EVP_MAC_CTX_get_mac_size() is called before init.

Extend mac testing in evp_test.c to check that the sizes returned by
EVP_MAC_CTX_get_mac_size() before and after init make sense (this also
ensures that we no longer seg-fault).

Fixes #22842

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22858)

(cherry picked from commit ff181969e28c1503b077b47a9ded3683524b3fd8)
Signed-off-by: fly2x <fly2x@hitls.org>
---
 providers/implementations/macs/cmac_prov.c |  6 +++++-
 test/evp_test.c                            | 23 +++++++++++++++++++++-
 2 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/providers/implementations/macs/cmac_prov.c b/providers/implementations/macs/cmac_prov.c
index fc9f911beb..ba89616398 100644
--- a/providers/implementations/macs/cmac_prov.c
+++ b/providers/implementations/macs/cmac_prov.c
@@ -101,8 +101,12 @@ static void *cmac_dup(void *vsrc)
 static size_t cmac_size(void *vmacctx)
 {
     struct cmac_data_st *macctx = vmacctx;
+    const EVP_CIPHER_CTX *cipherctx = CMAC_CTX_get0_cipher_ctx(macctx->ctx);
 
-    return EVP_CIPHER_CTX_get_block_size(CMAC_CTX_get0_cipher_ctx(macctx->ctx));
+    if (EVP_CIPHER_CTX_get0_cipher(cipherctx) == NULL)
+        return 0;
+
+    return EVP_CIPHER_CTX_get_block_size(cipherctx);
 }
 
 static int cmac_setkey(struct cmac_data_st *macctx,
diff --git a/test/evp_test.c b/test/evp_test.c
index 280e19c0b8..90ff676a62 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -1427,6 +1427,7 @@ static int mac_test_run_mac(EVP_TEST *t)
     EVP_MAC_CTX *ctx = NULL;
     unsigned char *got = NULL;
     size_t got_len = 0, size = 0;
+    size_t size_before_init, size_after_init, size_val = 0;
     int i, block_size = -1, output_size = -1;
     OSSL_PARAM params[21], sizes[3], *psizes = sizes;
     size_t params_n = 0;
@@ -1523,6 +1524,9 @@ static int mac_test_run_mac(EVP_TEST *t)
         }
         params_n++;
 
+        if (strcmp(tmpkey, "size") == 0)
+            size_val = (size_t)strtoul(tmpval, NULL, 0);
+
         OPENSSL_free(tmpkey);
     }
     params[params_n] = OSSL_PARAM_construct_end();
@@ -1531,11 +1535,28 @@ static int mac_test_run_mac(EVP_TEST *t)
         t->err = "MAC_CREATE_ERROR";
         goto err;
     }
-
+    size_before_init = EVP_MAC_CTX_get_mac_size(ctx);
     if (!EVP_MAC_init(ctx, expected->key, expected->key_len, params)) {
         t->err = "MAC_INIT_ERROR";
         goto err;
     }
+    size_after_init = EVP_MAC_CTX_get_mac_size(ctx);
+    if (!TEST_false(size_before_init == 0 && size_after_init == 0)) {
+        t->err = "MAC SIZE not set";
+        goto err;
+    }
+    if (size_before_init != 0) {
+        /* mac-size not modified by init params */
+        if (size_val == 0 && !TEST_size_t_eq(size_before_init, size_after_init)) {
+            t->err = "MAC SIZE check failed";
+            goto err;
+        }
+        /* mac-size modified by init params */
+        if (size_val != 0 && !TEST_size_t_eq(size_val, size_after_init)) {
+            t->err = "MAC SIZE check failed";
+            goto err;
+        }
+    }
     if (expected->output_size >= 0)
         *psizes++ = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_SIZE,
                                              &output_size);
-- 
Gitee


From 5586cdf58bb16ea129e4b15c6816ff493f8e87b8 Mon Sep 17 00:00:00 2001
From: Neil Horman <nhorman@openssl.org>
Date: Wed, 22 Nov 2023 14:20:39 -0500
Subject: [PATCH 12/21] Add locking to CRYPTO_secure_used

Coverity issue 1551719 noted CRYPTO_secure_used referenced a shared
variable without taking the appropriate read lock.  Add that.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22802)

(cherry picked from commit 7eae6ee0e503b0961d4f2e75baac981f2766b892)
Signed-off-by: fly2x <fly2x@hitls.org>
---
 crypto/mem_sec.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/crypto/mem_sec.c b/crypto/mem_sec.c
index e1a3193477..b6bdb6bb43 100644
--- a/crypto/mem_sec.c
+++ b/crypto/mem_sec.c
@@ -238,11 +238,17 @@ int CRYPTO_secure_allocated(const void *ptr)
 
 size_t CRYPTO_secure_used(void)
 {
+    size_t ret = 0;
+
 #ifndef OPENSSL_NO_SECURE_MEMORY
-    return secure_mem_used;
-#else
-    return 0;
+    if (!CRYPTO_THREAD_read_lock(sec_malloc_lock))
+        return 0;
+
+    ret = secure_mem_used;
+
+    CRYPTO_THREAD_unlock(sec_malloc_lock);
 #endif /* OPENSSL_NO_SECURE_MEMORY */
+    return ret;
 }
 
 size_t CRYPTO_secure_actual_size(void *ptr)
-- 
Gitee


From 672b5fb7d912b154b8b340f0191ea0dd4ec7bf93 Mon Sep 17 00:00:00 2001
From: Neil Horman <nhorman@openssl.org>
Date: Wed, 22 Nov 2023 12:16:54 -0500
Subject: [PATCH 13/21] Don't free aliased pointers in ctx cmp_ctx tests

Coverity recorded issues 1551739 and 1551737, a potential double free in the
tests.  It occurs when the DUP operation fails in such a way val3_read is
returned as the same pointer as val2_read.  Ideally it should never
happen, but resetting val3_read to 0 should satisfy coverity that there
is no issue here

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22800)

(cherry picked from commit c8ca810da9c47d8cb6988fd14e1cb4e20b0877e8)
Signed-off-by: fly2x <fly2x@hitls.org>
---
 test/cmp_ctx_test.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/test/cmp_ctx_test.c b/test/cmp_ctx_test.c
index 71fa679ff4..4a10653fc8 100644
--- a/test/cmp_ctx_test.c
+++ b/test/cmp_ctx_test.c
@@ -391,6 +391,7 @@ execute_CTX_##SETN##_##GETN##_##FIELD(OSSL_CMP_CTX_TEST_FIXTURE *fixture) \
     } else { \
         if (DUP && val1_read == val1) { \
             TEST_error("first set did not dup the value"); \
+            val1_read = 0; \
             res = 0; \
         } \
         if (DEFAULT(val1_read)) { \
@@ -419,6 +420,7 @@ execute_CTX_##SETN##_##GETN##_##FIELD(OSSL_CMP_CTX_TEST_FIXTURE *fixture) \
     } else { \
         if (DUP && val2_read == val2) { \
             TEST_error("second set did not dup the value"); \
+            val2_read = 0; \
             res = 0; \
         } \
         if (val2 == val1) { \
@@ -448,6 +450,7 @@ execute_CTX_##SETN##_##GETN##_##FIELD(OSSL_CMP_CTX_TEST_FIXTURE *fixture) \
     } else { \
         if (DUP && val3_read == val2_read) { \
             TEST_error("third get did not create a new dup"); \
+            val3_read = 0; \
             res = 0; \
         } \
     } \
-- 
Gitee


From b7262435f9cbbbb86b3b603b1e71d0b92beec349 Mon Sep 17 00:00:00 2001
From: James Muir <james@openssl.org>
Date: Fri, 24 Nov 2023 12:37:36 -0500
Subject: [PATCH 14/21] doc: improve display of KECCAK-KMAC128, KECCAK-KMAC256
 defs

Do not allow mid-expression line breaks.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22814)

(cherry picked from commit 8da20b30da42fa8ceb070c6d293fe85e70e68428)
Signed-off-by: fly2x <fly2x@hitls.org>
---
 doc/man7/EVP_MD-SHAKE.pod | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/man7/EVP_MD-SHAKE.pod b/doc/man7/EVP_MD-SHAKE.pod
index fa18027869..fc1822f962 100644
--- a/doc/man7/EVP_MD-SHAKE.pod
+++ b/doc/man7/EVP_MD-SHAKE.pod
@@ -25,14 +25,14 @@ provider, and includes the following varieties:
 
 Known names are "KECCAK-KMAC-128" and "KECCAK-KMAC128".  This is used
 by L<EVP_MAC-KMAC128(7)>.  Using the notation from NIST FIPS 202
-(Section 6.2), we have KECCAK-KMAC-128(M, d) = KECCAK[256](M || 00, d)
+(Section 6.2), we have S<KECCAK-KMAC-128(M, d)> = S<KECCAK[256](M || 00, d)>
 (see the description of KMAC128 in Appendix A of NIST SP 800-185).
 
 =item KECCAK-KMAC-256
 
 Known names are "KECCAK-KMAC-256" and "KECCAK-KMAC256".  This is used
 by L<EVP_MAC-KMAC256(7)>.  Using the notation from NIST FIPS 202
-(Section 6.2), we have KECCAK-KMAC-256(M, d) = KECCAK[512](M || 00, d)
+(Section 6.2), we have S<KECCAK-KMAC-256(M, d)> = S<KECCAK[512](M || 00, d)>
 (see the description of KMAC256 in Appendix A of NIST SP 800-185).
 
 =item SHAKE-128
-- 
Gitee


From 755916ef20b65ed28e1ad9c38411d3d0566d21d9 Mon Sep 17 00:00:00 2001
From: Michael Osipov <michael.osipov@siemens.com>
Date: Thu, 30 Nov 2023 17:07:03 +0100
Subject: [PATCH 15/21] Fix detection on HP-UX (IA64)

HPE has a weird preference to prefix letters and zero-padding. Properly trim
them before processing.

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22891)

(cherry picked from commit 253c5667a92efbbd1498b2f5b883da23c11b8930)
Signed-off-by: fly2x <fly2x@hitls.org>
---
 util/perl/OpenSSL/config.pm | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/util/perl/OpenSSL/config.pm b/util/perl/OpenSSL/config.pm
index b574f82f43..5da9282d6b 100755
--- a/util/perl/OpenSSL/config.pm
+++ b/util/perl/OpenSSL/config.pm
@@ -82,7 +82,7 @@ my $guess_patterns = [
     [ 'HP-UX:.*',
       sub {
           my $HPUXVER = $RELEASE;
-          $HPUXVER = s/[^.]*.[0B]*//;
+          $HPUXVER =~ s/[^.]*.[0B]*//;
           # HPUX 10 and 11 targets are unified
           return "${MACHINE}-hp-hpux1x" if $HPUXVER =~ m@1[0-9]@;
           return "${MACHINE}-hp-hpux";
@@ -321,6 +321,7 @@ sub determine_compiler_settings {
 
             # If we got a version number, process it
             if ($v) {
+                $v =~ s/[^.]*.0*// if $SYSTEM eq 'HP-UX';
                 $CCVENDOR = $k;
 
                 # The returned version is expected to be one of
-- 
Gitee


From a6e812be7b419baf83af0f629c0dc53357d56b85 Mon Sep 17 00:00:00 2001
From: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Wed, 15 Nov 2023 19:14:54 +0100
Subject: [PATCH 16/21] Fix a possible memory leak in CMS_add_simple_smimecap

The return code of X509_ALGOR_set0 was not checked,
and if it fails the key will be leaked.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22741)

Signed-off-by: fly2x <fly2x@hitls.org>
---
 crypto/cms/cms_sd.c | 31 ++++++++++++++++---------------
 1 file changed, 16 insertions(+), 15 deletions(-)

diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c
index cfac556957..9788322f8d 100644
--- a/crypto/cms/cms_sd.c
+++ b/crypto/cms/cms_sd.c
@@ -1068,31 +1068,32 @@ int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs)
 int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
                             int algnid, int keysize)
 {
-    X509_ALGOR *alg;
+    X509_ALGOR *alg = NULL;
     ASN1_INTEGER *key = NULL;
 
     if (keysize > 0) {
         key = ASN1_INTEGER_new();
-        if (key == NULL || !ASN1_INTEGER_set(key, keysize)) {
-            ASN1_INTEGER_free(key);
-            return 0;
-        }
+        if (key == NULL || !ASN1_INTEGER_set(key, keysize))
+            goto err;
     }
     alg = X509_ALGOR_new();
-    if (alg == NULL) {
-        ASN1_INTEGER_free(key);
-        return 0;
-    }
+    if (alg == NULL)
+        goto err;
 
-    X509_ALGOR_set0(alg, OBJ_nid2obj(algnid),
-                    key ? V_ASN1_INTEGER : V_ASN1_UNDEF, key);
+    if (!X509_ALGOR_set0(alg, OBJ_nid2obj(algnid),
+                         key ? V_ASN1_INTEGER : V_ASN1_UNDEF, key))
+        goto err;
+    key = NULL;
     if (*algs == NULL)
         *algs = sk_X509_ALGOR_new_null();
-    if (*algs == NULL || !sk_X509_ALGOR_push(*algs, alg)) {
-        X509_ALGOR_free(alg);
-        return 0;
-    }
+    if (*algs == NULL || !sk_X509_ALGOR_push(*algs, alg))
+        goto err;
     return 1;
+
+ err:
+    ASN1_INTEGER_free(key);
+    X509_ALGOR_free(alg);
+    return 0;
 }
 
 /* Check to see if a cipher exists and if so add S/MIME capabilities */
-- 
Gitee


From ddf5db952d079ca16104af59a80b902ca010a5c3 Mon Sep 17 00:00:00 2001
From: Richard Levitte <levitte@openssl.org>
Date: Wed, 29 Nov 2023 14:06:51 +0100
Subject: [PATCH 17/21] After initializing a provider, check if its output
 dispatch table is NULL

If the provider's output dispatch table is NULL, trying to parse it causes a
crash.  Let's not do that.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22866)

(cherry picked from commit 8fa65a6648554087a67102372e5e6c8b0fae0158)
Signed-off-by: fly2x <fly2x@hitls.org>
---
 crypto/provider_core.c | 70 ++++++++++++++++++++++--------------------
 1 file changed, 36 insertions(+), 34 deletions(-)

diff --git a/crypto/provider_core.c b/crypto/provider_core.c
index 6627501b00..e90b63b303 100644
--- a/crypto/provider_core.c
+++ b/crypto/provider_core.c
@@ -928,44 +928,46 @@ static int provider_init(OSSL_PROVIDER *prov)
     prov->provctx = tmp_provctx;
     prov->dispatch = provider_dispatch;
 
-    for (; provider_dispatch->function_id != 0; provider_dispatch++) {
-        switch (provider_dispatch->function_id) {
-        case OSSL_FUNC_PROVIDER_TEARDOWN:
-            prov->teardown =
-                OSSL_FUNC_provider_teardown(provider_dispatch);
-            break;
-        case OSSL_FUNC_PROVIDER_GETTABLE_PARAMS:
-            prov->gettable_params =
-                OSSL_FUNC_provider_gettable_params(provider_dispatch);
-            break;
-        case OSSL_FUNC_PROVIDER_GET_PARAMS:
-            prov->get_params =
-                OSSL_FUNC_provider_get_params(provider_dispatch);
-            break;
-        case OSSL_FUNC_PROVIDER_SELF_TEST:
-            prov->self_test =
-                OSSL_FUNC_provider_self_test(provider_dispatch);
-            break;
-        case OSSL_FUNC_PROVIDER_GET_CAPABILITIES:
-            prov->get_capabilities =
-                OSSL_FUNC_provider_get_capabilities(provider_dispatch);
-            break;
-        case OSSL_FUNC_PROVIDER_QUERY_OPERATION:
-            prov->query_operation =
-                OSSL_FUNC_provider_query_operation(provider_dispatch);
-            break;
-        case OSSL_FUNC_PROVIDER_UNQUERY_OPERATION:
-            prov->unquery_operation =
-                OSSL_FUNC_provider_unquery_operation(provider_dispatch);
-            break;
+    if (provider_dispatch != NULL) {
+        for (; provider_dispatch->function_id != 0; provider_dispatch++) {
+            switch (provider_dispatch->function_id) {
+            case OSSL_FUNC_PROVIDER_TEARDOWN:
+                prov->teardown =
+                    OSSL_FUNC_provider_teardown(provider_dispatch);
+                break;
+            case OSSL_FUNC_PROVIDER_GETTABLE_PARAMS:
+                prov->gettable_params =
+                    OSSL_FUNC_provider_gettable_params(provider_dispatch);
+                break;
+            case OSSL_FUNC_PROVIDER_GET_PARAMS:
+                prov->get_params =
+                    OSSL_FUNC_provider_get_params(provider_dispatch);
+                break;
+            case OSSL_FUNC_PROVIDER_SELF_TEST:
+                prov->self_test =
+                    OSSL_FUNC_provider_self_test(provider_dispatch);
+                break;
+            case OSSL_FUNC_PROVIDER_GET_CAPABILITIES:
+                prov->get_capabilities =
+                    OSSL_FUNC_provider_get_capabilities(provider_dispatch);
+                break;
+            case OSSL_FUNC_PROVIDER_QUERY_OPERATION:
+                prov->query_operation =
+                    OSSL_FUNC_provider_query_operation(provider_dispatch);
+                break;
+            case OSSL_FUNC_PROVIDER_UNQUERY_OPERATION:
+                prov->unquery_operation =
+                    OSSL_FUNC_provider_unquery_operation(provider_dispatch);
+                break;
 #ifndef OPENSSL_NO_ERR
 # ifndef FIPS_MODULE
-        case OSSL_FUNC_PROVIDER_GET_REASON_STRINGS:
-            p_get_reason_strings =
-                OSSL_FUNC_provider_get_reason_strings(provider_dispatch);
-            break;
+            case OSSL_FUNC_PROVIDER_GET_REASON_STRINGS:
+                p_get_reason_strings =
+                    OSSL_FUNC_provider_get_reason_strings(provider_dispatch);
+                break;
 # endif
 #endif
+            }
         }
     }
 
-- 
Gitee


From 01c58fe5f45bcab78f3d8845f0d36d1664ec0361 Mon Sep 17 00:00:00 2001
From: Richard Levitte <levitte@openssl.org>
Date: Wed, 29 Nov 2023 14:24:18 +0100
Subject: [PATCH 18/21] Add a minimal test provider

We test its validity by trying to load it.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22866)

(cherry picked from commit 31c2c12f2dada75c334f6a9aa60c8424cf4fd040)
Signed-off-by: fly2x <fly2x@hitls.org>
---
 test/build.info                 |  7 +++++++
 test/p_minimal.c                | 24 ++++++++++++++++++++++++
 test/recipes/04-test_provider.t |  9 ++++++++-
 3 files changed, 39 insertions(+), 1 deletion(-)
 create mode 100644 test/p_minimal.c

diff --git a/test/build.info b/test/build.info
index f2f911323c..9bed40eeb1 100644
--- a/test/build.info
+++ b/test/build.info
@@ -852,6 +852,13 @@ IF[{- !$disabled{tests} -}]
       SOURCE[p_test]=p_test.ld
       GENERATE[p_test.ld]=../util/providers.num
     ENDIF
+    MODULES{noinst}=p_minimal
+    SOURCE[p_minimal]=p_minimal.c
+    INCLUDE[p_minimal]=../include ..
+    IF[{- defined $target{shared_defflag} -}]
+      SOURCE[p_minimal]=p_minimal.ld
+      GENERATE[p_minimal.ld]=../util/providers.num
+    ENDIF
   ENDIF
   IF[{- $disabled{module} || !$target{dso_scheme} -}]
     DEFINE[provider_test]=NO_PROVIDER_MODULE
diff --git a/test/p_minimal.c b/test/p_minimal.c
new file mode 100644
index 0000000000..0bff9823f8
--- /dev/null
+++ b/test/p_minimal.c
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This is the most minimal provider imaginable.  It can be loaded, and does
+ * absolutely nothing else.
+ */
+
+#include <openssl/core.h>
+
+OSSL_provider_init_fn OSSL_provider_init; /* Check the function signature */
+int OSSL_provider_init(const OSSL_CORE_HANDLE *handle,
+                       const OSSL_DISPATCH *oin,
+                       const OSSL_DISPATCH **out,
+                       void **provctx)
+{
+    return 1;
+}
diff --git a/test/recipes/04-test_provider.t b/test/recipes/04-test_provider.t
index 312def7757..1233cc4f93 100644
--- a/test/recipes/04-test_provider.t
+++ b/test/recipes/04-test_provider.t
@@ -12,10 +12,17 @@ use OpenSSL::Test::Utils;
 
 setup("test_provider");
 
-plan tests => 2;
+plan tests => 3;
 
 ok(run(test(['provider_test'])), "provider_test");
 
 $ENV{"OPENSSL_MODULES"} = bldtop_dir("test");
 
 ok(run(test(['provider_test', '-loaded'])), "provider_test -loaded");
+
+ SKIP: {
+     skip "no module support", 1 if disabled("module");
+
+     ok(run(app(['openssl', 'list', '-provider', 'p_minimal',
+                 '-providers', '-verbose'])));
+}
-- 
Gitee


From ce521443793a76463a1a3203f5b7c6cfc190b54b Mon Sep 17 00:00:00 2001
From: Richard Levitte <levitte@openssl.org>
Date: Wed, 29 Nov 2023 14:32:10 +0100
Subject: [PATCH 19/21] Make 'openssl list' less sensitive for providers
 without params

When a provider can't return parameters, make that a warning instead of an
error, and continue to list further providers.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22866)

(cherry picked from commit 7ebaab7689f66ede1f960c42be3446922e3f5e21)
Signed-off-by: fly2x <fly2x@hitls.org>
---
 apps/list.c | 37 ++++++++++++++++++++-----------------
 1 file changed, 20 insertions(+), 17 deletions(-)

diff --git a/apps/list.c b/apps/list.c
index b9439c9e54..0fcbcbb083 100644
--- a/apps/list.c
+++ b/apps/list.c
@@ -1238,6 +1238,9 @@ static void list_provider_info(void)
     sk_OSSL_PROVIDER_sort(providers);
     for (i = 0; i < sk_OSSL_PROVIDER_num(providers); i++) {
         const OSSL_PROVIDER *prov = sk_OSSL_PROVIDER_value(providers, i);
+        const char *provname = OSSL_PROVIDER_get0_name(prov);
+
+        BIO_printf(bio_out, "  %s\n", provname);
 
         /* Query the "known" information parameters, the order matches below */
         params[0] = OSSL_PARAM_construct_utf8_ptr(OSSL_PROV_PARAM_NAME,
@@ -1250,23 +1253,23 @@ static void list_provider_info(void)
         params[4] = OSSL_PARAM_construct_end();
         OSSL_PARAM_set_all_unmodified(params);
         if (!OSSL_PROVIDER_get_params(prov, params)) {
-            BIO_printf(bio_err, "ERROR: Unable to query provider parameters\n");
-            return;
-        }
-
-        /* Print out the provider information, the params order matches above */
-        BIO_printf(bio_out, "  %s\n", OSSL_PROVIDER_get0_name(prov));
-        if (OSSL_PARAM_modified(params))
-            BIO_printf(bio_out, "    name: %s\n", name);
-        if (OSSL_PARAM_modified(params + 1))
-            BIO_printf(bio_out, "    version: %s\n", version);
-        if (OSSL_PARAM_modified(params + 2))
-            BIO_printf(bio_out, "    status: %sactive\n", status ? "" : "in");
-        if (verbose) {
-            if (OSSL_PARAM_modified(params + 3))
-                BIO_printf(bio_out, "    build info: %s\n", buildinfo);
-            print_param_types("gettable provider parameters",
-                              OSSL_PROVIDER_gettable_params(prov), 4);
+            BIO_printf(bio_err,
+                       "WARNING: Unable to query provider parameters for %s\n",
+                       provname);
+        } else {
+            /* Print out the provider information, the params order matches above */
+            if (OSSL_PARAM_modified(params))
+                BIO_printf(bio_out, "    name: %s\n", name);
+            if (OSSL_PARAM_modified(params + 1))
+                BIO_printf(bio_out, "    version: %s\n", version);
+            if (OSSL_PARAM_modified(params + 2))
+                BIO_printf(bio_out, "    status: %sactive\n", status ? "" : "in");
+            if (verbose) {
+                if (OSSL_PARAM_modified(params + 3))
+                    BIO_printf(bio_out, "    build info: %s\n", buildinfo);
+                print_param_types("gettable provider parameters",
+                                  OSSL_PROVIDER_gettable_params(prov), 4);
+            }
         }
     }
     sk_OSSL_PROVIDER_free(providers);
-- 
Gitee


From 6c41b5437583bb1529c7ea537b42edbea8c4a9cc Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Thu, 30 Nov 2023 15:55:57 +0100
Subject: [PATCH 20/21] rehash.c: Do not use NAME_MAX limit

On some systems it is too small although the system allows longer
filenames.

Fixes #22886

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22889)

(cherry picked from commit de8e0851a1c0d22533801f081781a9f0be56c2c2)
Signed-off-by: fly2x <fly2x@hitls.org>
---
 apps/rehash.c | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/apps/rehash.c b/apps/rehash.c
index 9696aa9f4e..d63a0909a2 100644
--- a/apps/rehash.c
+++ b/apps/rehash.c
@@ -45,9 +45,6 @@
 # ifndef PATH_MAX
 #  define PATH_MAX 4096
 # endif
-# ifndef NAME_MAX
-#  define NAME_MAX 255
-# endif
 # define MAX_COLLISIONS  256
 
 # if defined(OPENSSL_SYS_VXWORKS)
@@ -356,10 +353,10 @@ static int do_dir(const char *dirname, enum Hash h)
     struct stat st;
     unsigned char idmask[MAX_COLLISIONS / 8];
     int n, numfiles, nextid, dirlen, buflen, errs = 0;
-    size_t i;
+    size_t i, fname_max_len = 20; /* maximum length of "%08x.r%d" */
     const char *pathsep = "";
     const char *filename;
-    char *buf, *copy = NULL;
+    char *buf = NULL, *copy = NULL;
     STACK_OF(OPENSSL_STRING) *files = NULL;
 
     if (app_access(dirname, W_OK) < 0) {
@@ -371,8 +368,6 @@ static int do_dir(const char *dirname, enum Hash h)
         pathsep = "/";
         dirlen++;
     }
-    buflen = dirlen + NAME_MAX + 1;
-    buf = app_malloc(buflen, "filename buffer");
 
     if (verbose)
         BIO_printf(bio_out, "Doing %s\n", dirname);
@@ -383,6 +378,8 @@ static int do_dir(const char *dirname, enum Hash h)
         goto err;
     }
     while ((filename = OPENSSL_DIR_read(&d, dirname)) != NULL) {
+        size_t fname_len = strlen(filename);
+
         if ((copy = OPENSSL_strdup(filename)) == NULL
                 || sk_OPENSSL_STRING_push(files, copy) == 0) {
             OPENSSL_free(copy);
@@ -390,10 +387,15 @@ static int do_dir(const char *dirname, enum Hash h)
             errs = 1;
             goto err;
         }
+        if (fname_len > fname_max_len)
+            fname_max_len = fname_len;
     }
     OPENSSL_DIR_end(&d);
     sk_OPENSSL_STRING_sort(files);
 
+    buflen = dirlen + fname_max_len + 1;
+    buf = app_malloc(buflen, "filename buffer");
+
     numfiles = sk_OPENSSL_STRING_num(files);
     for (n = 0; n < numfiles; ++n) {
         filename = sk_OPENSSL_STRING_value(files, n);
-- 
Gitee


From ae0874b699732a84086b5fd0ddcf27034e2f8ec9 Mon Sep 17 00:00:00 2001
From: Neil Horman <nhorman@openssl.org>
Date: Thu, 30 Nov 2023 11:20:34 -0500
Subject: [PATCH 21/21] Statically link legacy provider to evp_extra_test

Like in #17345, evp_extra_test links libcrypto statically, but also has
a dynamic/shared load via the legacy provider, which leads to ambiguous
behavior in evp_extra_test on some platforms, usually a crash (SIGSEGV)
on exit via the atexit handlers.  Statically link the legacy provider to
avoid this.

Fixes #22819

Helped-by: Neil Horman <nhorman@openssl.org>
Helped-by: Tomas Mraz <tomas@openssl.org>
Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca>

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22904)

(cherry picked from commit 426d34fc1302eb0d2f5a6152621c105ea2d198b6)
Signed-off-by: fly2x <fly2x@hitls.org>
---
 test/build.info       |  8 ++++++++
 test/evp_extra_test.c | 13 +++++++++++++
 2 files changed, 21 insertions(+)

diff --git a/test/build.info b/test/build.info
index 9bed40eeb1..82740dcb6e 100644
--- a/test/build.info
+++ b/test/build.info
@@ -172,6 +172,14 @@ IF[{- !$disabled{tests} -}]
   SOURCE[evp_extra_test]=evp_extra_test.c
   INCLUDE[evp_extra_test]=../include ../apps/include
   DEPEND[evp_extra_test]=../libcrypto.a libtestutil.a
+  IF[{- !$disabled{module} && !$disabled{legacy} -}]
+    DEFINE[evp_extra_test]=STATIC_LEGACY
+    SOURCE[evp_extra_test]=../providers/legacyprov.c
+    INCLUDE[evp_extra_test]=../providers/common/include \
+                            ../providers/implementations/include
+    DEPEND[evp_extra_test]=../providers/liblegacy.a \
+                           ../providers/libcommon.a
+  ENDIF
 
   SOURCE[evp_extra_test2]=evp_extra_test2.c
   INCLUDE[evp_extra_test2]=../include ../apps/include
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index e8700ca8d1..72892261bd 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -37,6 +37,10 @@
 #include "internal/sizes.h"
 #include "crypto/evp.h"
 
+#ifdef STATIC_LEGACY
+OSSL_provider_init_fn ossl_legacy_provider_init;
+#endif
+
 static OSSL_LIB_CTX *testctx = NULL;
 static char *testpropq = NULL;
 
@@ -5237,6 +5241,15 @@ int setup_tests(void)
             testctx = OSSL_LIB_CTX_new();
             if (!TEST_ptr(testctx))
                 return 0;
+#ifdef STATIC_LEGACY
+	    /*
+	     * This test is always statically linked against libcrypto. We must not
+	     * attempt to load legacy.so that might be dynamically linked against
+	     * libcrypto. Instead we use a built-in version of the legacy provider.
+	     */
+	    if (!OSSL_PROVIDER_add_builtin(testctx, "legacy", ossl_legacy_provider_init))
+		return 0;
+#endif
             /* Swap the libctx to test non-default context only */
             nullprov = OSSL_PROVIDER_load(NULL, "null");
             deflprov = OSSL_PROVIDER_load(testctx, "default");
-- 
Gitee