开源软件构建与测试

We truncated the diff of some files because they were too big. If you want to see the full diff for every file, click here.

Changes of Revision 2

_service:tar_scm:astyle.spec Deleted

@@ -1,77 +0,0 @@
-Name:           astyle
-Version:        3.1
-Release:        1
-Summary:        Source code formatter for C-like programming languages
-
-%global majorversion    3
-%global soversion       3.1.0
-
-License:        LGPLv3+
-URL:            http://astyle.sourceforge.net/
-Source0:        https://downloads.sourceforge.net/%{name}/%{name}_%{version}_linux.tar.gz
-
-BuildRequires:  gcc-c++
-
-Patch1:         astyle-html-help.patch
-Patch2:         astyle-r655-gcc8-vector-at-end.patch
-
-%description
-Artistic Style is a source code indenter, source code formatter, and
-source code beautifier for the C, C++, C# and Java programming
-languages.
-
-%package devel
-Summary:        Source code formatter for C-like programming languages
-Requires:       %{name}%{?_isa} = %{version}-%{release}
-
-%description devel
-Artistic Style is a source code indenter, source code formatter, and
-source code beautifier for the C, C++, C# and Java programming
-languages.
-
-This package contains the shared library.
-
-
-%prep
-%setup -q -n %{name}
-%patch1 -p1
-%patch2 -p1
-
-find . -type f -exec chmod a-x {} \;
-
-
-%build
-pushd src
-    # fix compling instead of patching the makefile.
-    g++ %{build_cxxflags} -DASTYLE_LIB -fPIC -c ASBeautifier.cpp ASEnhancer.cpp ASFormatter.cpp ASResource.cpp astyle_main.cpp
-    g++ %{build_ldflags} -shared -o libastyle.so.%{soversion} *.o -Wl,-soname,libastyle.so.%{majorversion}
-    ln -s libastyle.so.%{soversion} libastyle.so
-    g++ %{build_cxxflags} -c ASLocalizer.cpp astyle_main.cpp
-    g++ %{build_ldflags} -o astyle ASLocalizer.o astyle_main.o -L. -lastyle
-popd
-
-%install
-pushd src
-    mkdir -p %{buildroot}{%{_bindir},%{_libdir},%{_includedir}}
-
-    install -p -m 755 astyle %{buildroot}%{_bindir}
-    install -p -m 755 libastyle.so.%{soversion} %{buildroot}%{_libdir}
-    cp -P libastyle.so %{buildroot}%{_libdir}
-    install -p -m 644 astyle.h %{buildroot}%{_includedir}
-popd
-
-%ldconfig_scriptlets
-
-%files
-%license LICENSE.md
-%doc doc/*.html
-%{_bindir}/astyle
-%{_libdir}/libastyle.so.*
-
-%files devel
-%{_libdir}/libastyle.so
-%{_includedir}/astyle.h
-
-%changelog
-* Wed Jul 20 2022 misaka00251 <misaka00251@misakanet.cn> - 3.1-1
-- Init package

_service:tar_scm:compat-openssl11.spec Added

@@ -0,0 +1,258 @@
+%define soversion 1.1
+Name:        compat-openssl11
+Version:     1.1.1m
+Release:     8
+Epoch:       1
+Summary:     Cryptography and SSL/TLS Toolkit
+License:     OpenSSL and SSLeay
+URL:         https://www.openssl.org/
+Source0:     https://www.openssl.org/source/openssl-%{version}.tar.gz
+Source1:     Makefile.certificate
+Patch1:      openssl-1.1.1-build.patch
+Patch2:      openssl-1.1.1-fips.patch
+Patch3:      CVE-2022-0778-Add-a-negative-testcase-for-BN_mod_sqrt.patch
+Patch4:      CVE-2022-0778-Fix-possible-infinite-loop-in-BN_mod_sqrt.patch
+Patch5:      CVE-2022-1292.patch
+Patch6:      Backport-Support-raw-input-data-in-apps-pkeyutl.patch
+Patch7:      Backport-Fix-no-ec-no-sm2-and-no-sm3.patch
+Patch8:      Backport-Support-SM2-certificate-verification.patch
+Patch9:      Backport-Guard-some-SM2-functions-with-OPENSSL_NO_SM2.patch
+Patch10:     Backport-Add-test-cases-for-SM2-cert-verification.patch
+Patch11:     Backport-Add-documents-for-SM2-cert-verification.patch
+Patch12:     Backport-Fix-a-memleak-in-apps-verify.patch
+Patch13:     Backport-Skip-the-correct-number-of-tests-if-SM2-is-disabled.patch
+Patch14:     Backport-Make-X509_set_sm2_id-consistent-with-other-setters.patch
+Patch15:     Backport-Support-SM2-certificate-signing.patch
+Patch16:     Backport-Support-parsing-of-SM2-ID-in-hexdecimal.patch
+Patch17:     Backport-Fix-a-double-free-issue-when-signing-SM2-cert.patch
+Patch18:     Backport-Fix-a-document-description-in-apps-req.patch
+Patch19:     Backport-Update-expired-SCT-certificates.patch
+Patch20:     Backport-ct_test.c-Update-the-epoch-time.patch
+Patch21:     Feature-Support-TLCP-protocol.patch
+Patch22:     Feature-X509-command-supports-SM2-certificate-signing-with-default-sm2id.patch
+Patch23:     CVE-2022-2068-Fix-file-operations-in-c_rehash.patch
+Patch24:     CVE-2022-2097-Fix-AES-OCB-encrypt-decrypt-for-x86-AES-NI.patch
+Patch25:     Feature-add-ARMv8-implementations-of-SM4-in-ECB-and-XTS.patch
+Patch26:     Fix-reported-performance-degradation-on-aarch64.patch
+Patch27:     Feature-PKCS7-sign-and-verify-support-SM2-algorithm.patch
+Patch28:     Backport-SM3-acceleration-with-SM3-hardware-instruction-on-aa.patch
+Patch29:     Backport-SM4-optimization-for-ARM-by-HW-instruction.patch
+Patch30:     Feature-SM4-XTS-optimization-for-ARM-by-HW-instruction.patch
+Patch31:     backport-Fix-failure-to-check-result-of-bn_rshift_fixed_top.patch
+Patch32:     backport-Test-processing-of-a-duplicated-HRR.patch
+Patch33:     backport-tls_process_server_hello-Disallow-repeated-HRR.patch
+Patch34:     backport-Avoid-potential-memory-leak.patch
+Patch35:     backport-Fix-NULL-pointer-dereference-for-BN_mod_exp2_mont.patch
+Patch36:     backport-crypto-x509-v3_utl.c-Add-missing-check-for-OPENSSL_s.patch
+Patch37:     backport-Fix-password_callback-to-handle-short-passwords.patch
+Patch38:     backport-Fix-usage-of-SSLfatal.patch
+Patch39:     backport-Fix-integer-overflow-in-evp_EncryptDecryptUpdate.patch
+Patch40:     backport-Fix-Coverity-1201763-uninitialised-pointer-read.patch
+Patch41:     backport-Fix-Coverity-1498611-1498608-uninitialised-read.patch
+Patch42:     backport-Fix-coverity-1498607-uninitialised-value.patch
+Patch43:     backport-Check-password-length-only-when-verify-is-enabled.patch
+Patch44:     backport-Fix-issue-where-OBJ_nid2obj-doesn-t-always-raise-an-.patch
+Patch45:     backport-Set-protocol-in-init_client.patch
+Patch46:     backport-Fix-a-crash-in-ssl_security_cert_chain.patch
+Patch47:     backport-Fix-undefined-behaviour-in-EC_GROUP_new_from_ecparam.patch
+Patch48:     backport-Fix-a-memory-leak-in-ec_key_simple_oct2priv.patch
+Patch49:     backport-Fix-a-crash-in-asn1_item_embed_new.patch
+Patch50:     backport-Fix-leakage-when-the-cacheline-is-32-bytes-in-CBC_MA.patch
+Patch51:     backport-Add-test-for-empty-supported-groups-extension.patch
+Patch52:     backport-Do-not-send-an-empty-supported-groups-extension.patch
+Patch53:     backport-x509-use-actual-issuer-name-if-a-CA-is-used.patch
+Patch54:     backport-ticket_lifetime_hint-may-exceed-1-week-in-TLSv1.3.patch
+Patch55:     backport-Fix-a-memory-leak-in-crl_set_issuers.patch
+Patch56:     backport-Fix-a-DTLS-server-hangup-due-to-TLS13_AD_MISSING_EXT.patch
+Patch57:     backport-Fix-an-assertion-in-the-DTLS-server-code.patch
+Patch58:     backport-Fix-a-memory-leak-in-X509_issuer_and_serial_hash.patch
+Patch59:     backport-Fix-strict-client-chain-check-with-TLS-1.3.patch
+Patch60:     backport-Fix-a-crash-in-X509v3_asid_subset.patch
+Patch61:     backport-Fix-a-memory-leak-in-EC_GROUP_new_from_ecparameters.patch
+Patch62:     backport-Fix-range_should_be_prefix-to-actually-return-the-co.patch
+Patch63:     backport-v3_sxnet-add-a-check-for-the-return-of-i2s_ASN1_INTE.patch
+Patch64:     backport-Fix-bn_gcd-code-to-check-return-value-when-calling-B.patch
+Patch65:     backport-Add-missing-header-for-memcmp.patch
+Patch66:     backport-Fix-a-memory-leak-in-tls13_generate_secret.patch
+Patch67:     backport-Make-the-DRBG-seed-propagation-thread-safe.patch
+Patch68:     backport-Fix-memory-leak-in-X509V3_add1_i2d-when-flag-is-X509.patch
+Patch69:     fix-add-loongarch64-target.patch
+Patch70:     backport-APPS-x509-With-CA-but-both-CAserial-and-CAcreateseri.patch
+Patch71:     backport-Fix-verify_callback-in-the-openssl-s_client-s_server.patch
+Patch72:     backport-Fix-re-signing-certificates-with-different-key-sizes.patch
+Patch73:     backport-Fix-ipv4_from_asc-behavior-on-invalid-Ip-addresses.patch
+Patch74:     backport-Test-case-for-a2i_IPADDRESS.patch
+Patch75:     backport-Fix-test-case-for-a2i_IPADDRESS.patch
+Patch76:     backport-Fix-a-crash-in-v2i_IPAddrBlocks.patch
+Patch77:     backport-Fixes-segfault-occurrence-in-PEM_write.patch
+Patch78:     backport-X509_REQ_get_extensions-Return-empty-stack-if-no-ext.patch
+Patch79:     backport-Fix-EC_KEY_set_private_key-priv_key-regression.patch
+Patch80:     backport-Add-test-for-EC_KEY_set_private_key.patch
+Patch81:     backport-Fix-SSL_pending-and-SSL_has_pending-with-DTLS.patch
+Patch82:     backport-Test-that-swapping-the-first-app-data-record-with-Fi.patch
+Patch83:     backport-Always-end-BN_mod_exp_mont_consttime-with-normal-Mon.patch
+Patch84:     backport-Add-an-extra-reduction-step-to-RSAZ-mod_exp-implemen.patch
+Patch85:     backport-Coverity-1508534-1508540-misuses-of-time_t.patch
+Patch86:     backport-Moving-notify-check-after-the-no-time-check.patch
+Patch87:     backport-Convert-serverinfo-in-SSL_CTX_use_serverinfo-to-v2.patch
+Patch88:     backport-X509-x509_req.c-Set-modified-flag-when-X509_req_info.patch
+Patch89:     backport-ssl_cipher_process_rulestr-don-t-read-outside-rule_s.patch
+Patch90:     backport-CVE-2022-4304-Fix-Timing-Oracle-in-RSA-decryption.patch
+Patch91:     backport-CVE-2022-4450-Avoid-dangling-ptrs-in-header-and-data-params-for-PE.patch
+Patch92:     backport-CVE-2023-0215-Check-CMS-failure-during-BIO-setup-with-stream-is-ha.patch
+Patch93:     backport-CVE-2023-0215-Fix-a-UAF-resulting-from-a-bug-in-BIO_new_NDEF.patch
+Patch94:     backport-CVE-2023-0286-Fix-GENERAL_NAME_cmp-for-x400Address-1.patch
+Patch95:     Fix-SM4-XTS-build-failure-using-clang.patch
+Patch96:     backport-test-add-test-cases-for-the-policy-resource-overuse.patch
+Patch97:     backport-x509-excessive-resource-use-verifying-policy-constra.patch
+Patch98:     backport-Ensure-that-EXFLAG_INVALID_POLICY-is-checked-even-in.patch
+Patch99:     backport-Fix-documentation-of-X509_VERIFY_PARAM_add0_policy.patch
+
+BuildRequires: gcc perl make lksctp-tools-devel coreutils util-linux zlib-devel
+
+%description
+OpenSSL is a robust, commercial-grade, and full-featured toolkit for the
+Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.
+
+%package libs
+Summary:      A general purpose cryptography library with TLS implementation
+Group:        System Environment/Libraries
+Requires:     ca-certificates >= 2008-5
+Requires:     crypto-policies >= 20180730
+Conflicts:    openssl-libs < 1:3.0
+
+%description libs
+The openssl-libs package contains the libraries that are used
+by various applications which support cryptographic algorithms
+and protocols.
+
+
+%package devel
+Summary:   Development files for openssl
+Requires:  %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
+Requires: krb5-devel zlib-devel pkgconfig
+Conflicts: openssl-devel
+%description devel
+%{summary}.
+
+%prep
+%autosetup -n openssl-%{version} -p1
+
+%build
+
+sslarch=%{_os}-%{_target_cpu}
+%ifarch x86_64 aarch64
+sslflags=enable-ec_nistp_64_gcc_128
+%endif
+%ifarch loongarch64 riscv64
+sslflags="--libdir=%{_libdir}"
+%endif
+%ifarch riscv64
+sslarch=%{_os}64-%{_target_cpu}
+%endif
+
+RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -DPURIFY $RPM_LD_FLAGS"
+./Configure \
+    --prefix=%{_prefix} \
+    --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
+    zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \
+    enable-cms enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method \
+    enable-weak-ssl-ciphers \
+    no-mdc2 no-ec2m enable-sm2 enable-sm3 enable-sm4 enable-tlcp \
+    shared ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\""'
+
+%make_build all
+
+%define __spec_install_post \
+    %{?__debug_package:%{__debug_install_post}} \
+    %{__arch_install_post} \
+    %{__os_install_post} \
+%{nil}
+
+%install
+
+%make_install
+
+# rename so name with actual version
+rename so.%{soversion} so.%{version} $RPM_BUILD_ROOT%{_libdir}/*.so.%{soversion}
+# create symbolic link
+for lib in $RPM_BUILD_ROOT%{_libdir}/*.so.%{version} ; do
+     ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`
+     ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`.%{soversion}
+done
+
+# Next step of gradual disablement of ssl3.
+# Make SSL3 disappear to newly built dependencies.
+sed -i '/^\#ifndef OPENSSL_NO_SSL_TRACE/i\
+#ifndef OPENSSL_NO_SSL3\
+# define OPENSSL_NO_SSL3\
+#endif' $RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf.h
+
+# Delete configuration files
+rm -rf  $RPM_BUILD_ROOT/%{_sysconfdir}/pki/tls/*
+
+# Delete man pages
+rm -rf $RPM_BUILD_ROOT/%{_mandir}/*
+rm -rf $RPM_BUILD_ROOT/%{_datadir}/doc
+
+# Remove binaries
+rm -rf $RPM_BUILD_ROOT/%{_bindir}

_service:tar_scm:Backport-Add-documents-for-SM2-cert-verification.patch Added

@@ -0,0 +1,108 @@
+From 400e9ffc906d66318e4f9364494809d5a519c718 Mon Sep 17 00:00:00 2001
+From: Paul Yang <yang.yang@baishancloud.com>
+Date: Wed, 13 Mar 2019 17:22:31 +0800
+Subject: PATCH 06/15 Add documents for SM2 cert verification
+
+This follows #8321 which added the SM2 certificate verification feature.
+This commit adds the related docs - the newly added 2 APIs and options
+in apps/verify.
+
+Reviewed-by: Paul Dale <paul.dale@oracle.com>
+(Merged from https://github.com/openssl/openssl/pull/8465)
+---
+ doc/man1/verify.pod           | 14 ++++++++++++
+ doc/man3/X509_get0_sm2_id.pod | 43 +++++++++++++++++++++++++++++++++++
+ 2 files changed, 57 insertions(+)
+ create mode 100644 doc/man3/X509_get0_sm2_id.pod
+
+diff --git a/doc/man1/verify.pod b/doc/man1/verify.pod
+index da2b702..a6b6b2b 100644
+--- a/doc/man1/verify.pod
++++ b/doc/man1/verify.pod
+@@ -50,6 +50,8 @@ B<openssl> B<verify>
+ B<-verify_name name>
+ B<-x509_strict>
+ B<-show_chain>
++B<-sm2-id string>
++B<-sm2-hex-id hex-string>
+ B<->
+ certificates
+ 
+@@ -319,6 +321,16 @@ Display information about the certificate chain that has been built (if
+ successful). Certificates in the chain that came from the untrusted list will be
+ flagged as "untrusted".
+ 
++=item B<-sm2-id>
++
++Specify the ID string to use when verifying an SM2 certificate. The ID string is
++required by the SM2 signature algorithm for signing and verification.
++
++=item B<-sm2-hex-id>
++
++Specify a binary ID string to use when signing or verifying using an SM2
++certificate. The argument for this option is string of hexadecimal digits.
++
+ =item B<->
+ 
+ Indicates the last option. All arguments following this are assumed to be
+@@ -774,6 +786,8 @@ The B<-show_chain> option was added in OpenSSL 1.1.0.
+ The B<-issuer_checks> option is deprecated as of OpenSSL 1.1.0 and
+ is silently ignored.
+ 
++The B<-sm2-id> and B<-sm2-hex-id> options were added in OpenSSL 3.0.0.
++
+ =head1 COPYRIGHT
+ 
+ Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+diff --git a/doc/man3/X509_get0_sm2_id.pod b/doc/man3/X509_get0_sm2_id.pod
+new file mode 100644
+index 0000000..84da71e
+--- /dev/null
++++ b/doc/man3/X509_get0_sm2_id.pod
+@@ -0,0 +1,43 @@
++=pod
++
++=head1 NAME
++
++X509_get0_sm2_id, X509_set_sm2_id - get or set SM2 ID for certificate operations
++
++=head1 SYNOPSIS
++
++ #include <openssl/x509.h>
++
++ ASN1_OCTET_STRING *X509_get0_sm2_id(X509 *x);
++ void X509_set_sm2_id(X509 *x, ASN1_OCTET_STRING *sm2_id);
++
++=head1 DESCRIPTION
++
++X509_get0_sm2_id() gets the ID value of an SM2 certificate B<x> by returning an
++B<ASN1_OCTET_STRING> object which should not be freed by the caller.
++X509_set_sm2_id() sets the B<sm2_id> value to an SM2 certificate B<x>.
++
++=head1 NOTES
++
++SM2 signature algorithm requires an ID value when generating and verifying a
++signature. The functions described in this manual provide the user with the
++ability to set and retrieve the SM2 ID value.
++
++=head1 RETURN VALUES
++
++X509_set_sm2_id() does not return a value.
++
++=head1 SEE ALSO
++
++L<X509_verify(3)>, L<SM2(7)>
++
++=head1 COPYRIGHT
++
++Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
++
++Licensed under the Apache License 2.0 (the "License").  You may not use
++this file except in compliance with the License.  You can obtain a copy
++in the file LICENSE in the source distribution or at
++L<https://www.openssl.org/source/license.html>.
++
++=cut
+-- 
+2.20.1 (Apple Git-117)
+

_service:tar_scm:Backport-Add-test-cases-for-SM2-cert-verification.patch Added

@@ -0,0 +1,127 @@
+From c08251384c0405c151a90b315b8f333c38c74eb2 Mon Sep 17 00:00:00 2001
+From: Paul Yang <yang.yang@baishancloud.com>
+Date: Wed, 13 Mar 2019 16:54:11 +0800
+Subject: PATCH 05/15 Add test cases for SM2 cert verification
+
+This follows #8321 which added the SM2 certificate verification feature.
+This commit adds some test cases for #8321.
+
+Reviewed-by: Paul Dale <paul.dale@oracle.com>
+(Merged from https://github.com/openssl/openssl/pull/8465)
+---
+ test/certs/sm2-ca-cert.pem      | 14 +++++++++++++
+ test/certs/{sm2.crt => sm2.pem} |  0
+ test/recipes/20-test_pkeyutl.t  | 37 +++++++++++++--------------------
+ test/recipes/25-test_verify.t   | 14 ++++++++++++-
+ 4 files changed, 42 insertions(+), 23 deletions(-)
+ create mode 100644 test/certs/sm2-ca-cert.pem
+ rename test/certs/{sm2.crt => sm2.pem} (100%)
+
+diff --git a/test/certs/sm2-ca-cert.pem b/test/certs/sm2-ca-cert.pem
+new file mode 100644
+index 0000000..5677ac6
+--- /dev/null
++++ b/test/certs/sm2-ca-cert.pem
+@@ -0,0 +1,14 @@
++-----BEGIN CERTIFICATE-----
++MIICJDCCAcqgAwIBAgIJAOlkpDpSrmVbMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT
++AkNOMQswCQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRl
++c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAe
++Fw0xOTAyMTkwNzA1NDhaFw0yMzAzMzAwNzA1NDhaMGgxCzAJBgNVBAYTAkNOMQsw
++CQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRlc3QgT3Jn
++MRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTBZMBMGByqG
++SM49AgEGCCqBHM9VAYItA0IABHRYnqErofBdXPptvvO7+BSVJxcpHuTGnZ+UPrbU
++5kVEUMaUnNOeMJZl/vRGimZCm/AkReJmRfnb15ESHR+ssp6jXTBbMB0GA1UdDgQW
++BBTFjcWu/zJgSZ5SKUlU5Vx4/0W5dDAfBgNVHSMEGDAWgBTFjcWu/zJgSZ5SKUlU
++5Vx4/0W5dDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqgRzPVQGDdQNI
++ADBFAiEAs6byi1nSQtFELOw/2tQIv5AEsZFR5MJ/oB2ztXzs2LYCIEfIw4xlUH6X
++YFhs4RnIa0K9Ng1ebsGPrifYkudwBIk3
++-----END CERTIFICATE-----
+diff --git a/test/certs/sm2.crt b/test/certs/sm2.pem
+similarity index 100%
+rename from test/certs/sm2.crt
+rename to test/certs/sm2.pem
+diff --git a/test/recipes/20-test_pkeyutl.t b/test/recipes/20-test_pkeyutl.t
+index 1457530..a36d41e 100644
+--- a/test/recipes/20-test_pkeyutl.t
++++ b/test/recipes/20-test_pkeyutl.t
+@@ -17,32 +17,25 @@ setup("test_pkeyutl");
+ 
+ plan tests => 2;
+ 
+-sub sign
+-{
+-    # Utilize the sm2.crt as the TBS file
+-    return run(app(( 'openssl', 'pkeyutl', '-sign',
+-                      '-in', srctop_file('test', 'certs', 'sm2.crt'),
+-                      '-inkey', srctop_file('test', 'certs', 'sm2.key'),
+-                      '-out', 'signature.sm2', '-rawin',
+-                      '-digest', 'sm3', '-pkeyopt', 'sm2_id:someid')));
+-}
+-
+-sub verify
+-{
+-    # Utilize the sm2.crt as the TBS file
+-    return run(app(( 'openssl', 'pkeyutl', '-verify', '-certin',
+-                      '-in', srctop_file('test', 'certs', 'sm2.crt'),
+-                      '-inkey', srctop_file('test', 'certs', 'sm2.crt'),
+-                      '-sigfile', 'signature.sm2', '-rawin',
+-                      '-digest', 'sm3', '-pkeyopt', 'sm2_id:someid')));
+-}
++# For the tests below we use the cert itself as the TBS file
+ 
+ SKIP: {
+     skip "Skipping tests that require EC, SM2 or SM3", 2
+         if disabled("ec") || disabled("sm2") || disabled("sm3");
+ 
+-    ok(sign, "Sign a piece of data using SM2");
+-    ok(verify, "Verify an SM2 signature against a piece of data");
++    # SM2
++    ok(run(app(( 'openssl', 'pkeyutl', '-sign',
++                      '-in', srctop_file('test', 'certs', 'sm2.pem'),
++                      '-inkey', srctop_file('test', 'certs', 'sm2.key'),
++                      '-out', 'signature.dat', '-rawin',
++                      '-digest', 'sm3', '-pkeyopt', 'sm2_id:someid'))),
++                      "Sign a piece of data using SM2");
++    ok(run(app(( 'openssl', 'pkeyutl', '-verify', '-certin',
++                      '-in', srctop_file('test', 'certs', 'sm2.pem'),
++                      '-inkey', srctop_file('test', 'certs', 'sm2.pem'),
++                      '-sigfile', 'signature.dat', '-rawin',
++                      '-digest', 'sm3', '-pkeyopt', 'sm2_id:someid'))),
++                      "Verify an SM2 signature against a piece of data");
+ }
+ 
+-unlink 'signature.sm2';
++unlink 'signature.dat';
+diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t
+index ffa48ed..b340833 100644
+--- a/test/recipes/25-test_verify.t
++++ b/test/recipes/25-test_verify.t
+@@ -27,7 +27,7 @@ sub verify {
+     run(app(@args));
+ }
+ 
+-plan tests => 146;
++plan tests => 148;
+ 
+ # Canonical success
+ ok(verify("ee-cert", "sslserver", "root-cert", "ca-cert"),
+@@ -409,3 +409,15 @@ SKIP: {
+        "ED25519 signature");
+ 
+ }
++
++SKIP: {
++    skip "SM2 is not supported by this OpenSSL build", 1
++	      if disabled("sm2");
++
++   # Test '-sm2-id' and '-sm2-hex-id'  option
++   ok(verify("sm2", "any", "sm2-ca-cert", , "-sm2-id", "1234567812345678"),
++       "SM2 ID test");
++   ok(verify("sm2", "any", "sm2-ca-cert", , "-sm2-hex-id",
++             "31323334353637383132333435363738"),
++       "SM2 hex ID test");
++}
+-- 
+2.20.1 (Apple Git-117)
+

_service:tar_scm:Backport-Fix-a-document-description-in-apps-req.patch Added

@@ -0,0 +1,29 @@
+From 7e64be50900c4aa8cd040c4e3999540883bdeeb6 Mon Sep 17 00:00:00 2001
+From: Paul Yang <kaishen.yy@antfin.com>
+Date: Thu, 26 Sep 2019 10:57:23 +0800
+Subject: PATCH 13/15 Fix a document description in apps/req
+
+Reviewed-by: Matt Caswell <matt@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/9958)
+---
+ doc/man1/req.pod | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/doc/man1/req.pod b/doc/man1/req.pod
+index 7b00bad..e117ec6 100644
+--- a/doc/man1/req.pod
++++ b/doc/man1/req.pod
+@@ -348,8 +348,8 @@ string is required by the SM2 signature algorithm for signing and verification.
+ 
+ =item B<-sm2-hex-id>
+ 
+-Specify a binary ID string to use when signing or verifying using an SM2
+-certificate. The argument for this option is string of hexadecimal digits.
++Specify a binary ID string to use when verifying an SM2 certificate request. The
++argument for this option is string of hexadecimal digits.
+ 
+ =back
+ 
+-- 
+2.20.1 (Apple Git-117)
+

_service:tar_scm:Backport-Fix-a-double-free-issue-when-signing-SM2-cert.patch Added

@@ -0,0 +1,121 @@
+From a63238684c1d2e15f417f766f44418a8b52ef383 Mon Sep 17 00:00:00 2001
+From: Paul Yang <kaishen.yy@antfin.com>
+Date: Sat, 21 Sep 2019 00:32:57 +0800
+Subject: PATCH 12/15 Fix a double free issue when signing SM2 cert
+
+If the SM2 ID value has not been passed correctly when signing an SM2
+certificate/certificate request, a double free occurs. For instance:
+
+  openssl req -x509 ... -sm2-id 1234567812345678
+
+The '-sm2-id' should not be used in this scenario, while the '-sigopt' is
+the correct one to use. Documentation has also been updated to make the
+options more clear.
+
+Reviewed-by: Matt Caswell <matt@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/9958)
+---
+ apps/req.c       | 48 ++++++++++++++++++++++++++++++------------------
+ doc/man1/req.pod |  4 ++--
+ 2 files changed, 32 insertions(+), 20 deletions(-)
+
+diff --git a/apps/req.c b/apps/req.c
+index 96f1edd..95dd0e4 100644
+--- a/apps/req.c
++++ b/apps/req.c
+@@ -1756,15 +1756,19 @@ int do_X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md,
+ #endif
+ 
+     rv = do_sign_init(mctx, pkey, md, sigopts);
+-    if (rv > 0)
++    if (rv > 0) {
+         rv = X509_sign_ctx(x, mctx);
+ #ifndef OPENSSL_NO_SM2
+-    /* only in SM2 case we need to free the pctx explicitly */
+-    if (ec_pkey_is_sm2(pkey)) {
+-        pctx = EVP_MD_CTX_pkey_ctx(mctx);
+-        EVP_PKEY_CTX_free(pctx);
+-    }
++        /*
++         * only in SM2 case we need to free the pctx explicitly
++         * if do_sign_init() fails, pctx is already freed in it
++         */
++        if (ec_pkey_is_sm2(pkey)) {
++            pctx = EVP_MD_CTX_pkey_ctx(mctx);
++            EVP_PKEY_CTX_free(pctx);
++        }
+ #endif
++    }
+     EVP_MD_CTX_free(mctx);
+     return rv > 0 ? 1 : 0;
+ }
+@@ -1779,15 +1783,19 @@ int do_X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md,
+ #endif
+ 
+     rv = do_sign_init(mctx, pkey, md, sigopts);
+-    if (rv > 0)
++    if (rv > 0) {
+         rv = X509_REQ_sign_ctx(x, mctx);
+ #ifndef OPENSSL_NO_SM2
+-    /* only in SM2 case we need to free the pctx explicitly */
+-    if (ec_pkey_is_sm2(pkey)) {
+-        pctx = EVP_MD_CTX_pkey_ctx(mctx);
+-        EVP_PKEY_CTX_free(pctx);
+-    }
++        /*
++         * only in SM2 case we need to free the pctx explicitly
++         * if do_sign_init() fails, pctx is already freed in it
++         */
++        if (ec_pkey_is_sm2(pkey)) {
++            pctx = EVP_MD_CTX_pkey_ctx(mctx);
++            EVP_PKEY_CTX_free(pctx);
++        }
+ #endif
++    }
+     EVP_MD_CTX_free(mctx);
+     return rv > 0 ? 1 : 0;
+ }
+@@ -1802,15 +1810,19 @@ int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md,
+ #endif
+ 
+     rv = do_sign_init(mctx, pkey, md, sigopts);
+-    if (rv > 0)
++    if (rv > 0) {
+         rv = X509_CRL_sign_ctx(x, mctx);
+ #ifndef OPENSSL_NO_SM2
+-    /* only in SM2 case we need to free the pctx explicitly */
+-    if (ec_pkey_is_sm2(pkey)) {
+-        pctx = EVP_MD_CTX_pkey_ctx(mctx);
+-        EVP_PKEY_CTX_free(pctx);
+-    }
++        /*
++         * only in SM2 case we need to free the pctx explicitly
++         * if do_sign_init() fails, no need to double free pctx
++         */
++        if (ec_pkey_is_sm2(pkey)) {
++            pctx = EVP_MD_CTX_pkey_ctx(mctx);
++            EVP_PKEY_CTX_free(pctx);
++        }
+ #endif
++    }
+     EVP_MD_CTX_free(mctx);
+     return rv > 0 ? 1 : 0;
+ }
+diff --git a/doc/man1/req.pod b/doc/man1/req.pod
+index 3b9fcc3..7b00bad 100644
+--- a/doc/man1/req.pod
++++ b/doc/man1/req.pod
+@@ -343,8 +343,8 @@ for key generation operations.
+ 
+ =item B<-sm2-id>
+ 
+-Specify the ID string to use when verifying an SM2 certificate. The ID string is
+-required by the SM2 signature algorithm for signing and verification.
++Specify the ID string to use when verifying an SM2 certificate request. The ID
++string is required by the SM2 signature algorithm for signing and verification.
+ 
+ =item B<-sm2-hex-id>
+ 
+-- 
+2.20.1 (Apple Git-117)
+

_service:tar_scm:Backport-Fix-a-memleak-in-apps-verify.patch Added

@@ -0,0 +1,43 @@
+From 1c243548ef736329b08344ad9191803e5a93ec17 Mon Sep 17 00:00:00 2001
+From: Paul Yang <yang.yang@baishancloud.com>
+Date: Wed, 13 Mar 2019 18:04:05 +0800
+Subject: PATCH 07/15 Fix a memleak in apps/verify
+
+Reviewed-by: Paul Dale <paul.dale@oracle.com>
+(Merged from https://github.com/openssl/openssl/pull/8465)
+---
+ apps/verify.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/apps/verify.c b/apps/verify.c
+index 09b31cf..5052d80 100644
+--- a/apps/verify.c
++++ b/apps/verify.c
+@@ -80,6 +80,7 @@ int verify_main(int argc, char **argv)
+     OPTION_CHOICE o;
+     unsigned char *sm2_id = NULL;
+     size_t sm2_idlen = 0;
++    int sm2_free = 0;
+ 
+     if ((vpm = X509_VERIFY_PARAM_new()) == NULL)
+         goto end;
+@@ -174,6 +175,7 @@ int verify_main(int argc, char **argv)
+             break;
+         case OPT_SM2HEXID:
+             /* try to parse the input as hex string first */
++            sm2_free = 1;
+             sm2_id = OPENSSL_hexstr2buf(opt_arg(), (long *)&sm2_idlen);
+             if (sm2_id == NULL) {
+                 BIO_printf(bio_err, "Invalid hex string input\n");
+@@ -216,6 +218,8 @@ int verify_main(int argc, char **argv)
+     }
+ 
+  end:
++    if (sm2_free)
++        OPENSSL_free(sm2_id);
+     X509_VERIFY_PARAM_free(vpm);
+     X509_STORE_free(store);
+     sk_X509_pop_free(untrusted, X509_free);
+-- 
+2.20.1 (Apple Git-117)
+

_service:tar_scm:Backport-Fix-no-ec-no-sm2-and-no-sm3.patch Added

@@ -0,0 +1,67 @@
+From 380cf570be1ded495141e16ceab7afb7f7c57ab7 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Thu, 28 Feb 2019 13:47:26 +0000
+Subject: PATCH 02/15 Fix no-ec, no-sm2 and no-sm3
+
+Reviewed-by: Richard Levitte <levitte@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/8372)
+---
+ apps/pkeyutl.c                 | 11 +++++++----
+ test/recipes/20-test_pkeyutl.t |  9 +++++++--
+ 2 files changed, 14 insertions(+), 6 deletions(-)
+
+diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
+index bca0464..1d3d57b 100644
+--- a/apps/pkeyutl.c
++++ b/apps/pkeyutl.c
+@@ -473,14 +473,16 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
+         }
+         ctx = EVP_PKEY_CTX_new_id(kdfnid, impl);
+     } else {
+-        EC_KEY *eckey = NULL;
+-        const EC_GROUP *group = NULL;
+-        int nid;
+-
+         if (pkey == NULL)
+             goto end;
++
++#ifndef OPENSSL_NO_EC
+         /* SM2 needs a special treatment */
+         if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) {
++            EC_KEY *eckey = NULL;
++            const EC_GROUP *group = NULL;
++            int nid;
++
+             if ((eckey = EVP_PKEY_get0_EC_KEY(pkey)) == NULL
+                     || (group = EC_KEY_get0_group(eckey)) == NULL
+                     || (nid = EC_GROUP_get_curve_name(group)) == 0)
+@@ -488,6 +490,7 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
+             if (nid == NID_sm2)
+                 EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2);
+         }
++#endif
+         *pkeysize = EVP_PKEY_size(pkey);
+         ctx = EVP_PKEY_CTX_new(pkey, impl);
+         if (ppkey != NULL)
+diff --git a/test/recipes/20-test_pkeyutl.t b/test/recipes/20-test_pkeyutl.t
+index a051138..1457530 100644
+--- a/test/recipes/20-test_pkeyutl.t
++++ b/test/recipes/20-test_pkeyutl.t
+@@ -37,7 +37,12 @@ sub verify
+                       '-digest', 'sm3', '-pkeyopt', 'sm2_id:someid')));
+ }
+ 
+-ok(sign, "Sign a piece of data using SM2");
+-ok(verify, "Verify an SM2 signature against a piece of data");
++SKIP: {
++    skip "Skipping tests that require EC, SM2 or SM3", 2
++        if disabled("ec") || disabled("sm2") || disabled("sm3");
++
++    ok(sign, "Sign a piece of data using SM2");
++    ok(verify, "Verify an SM2 signature against a piece of data");
++}
+ 
+ unlink 'signature.sm2';
+-- 
+2.20.1 (Apple Git-117)
+

_service:tar_scm:Backport-Guard-some-SM2-functions-with-OPENSSL_NO_SM2.patch Added

@@ -0,0 +1,44 @@
+From 908570d02b683195ddfdc8e8c324638bfaa0d2c2 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Thu, 14 Mar 2019 11:14:38 +0000
+Subject: PATCH 04/15 Guard some SM2 functions with OPENSSL_NO_SM2
+
+Fixes the no-ec build
+
+Reviewed-by: Richard Levitte <levitte@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/8481)
+---
+ include/openssl/x509.h | 2 ++
+ util/libcrypto.num     | 4 ++--
+ 2 files changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/include/openssl/x509.h b/include/openssl/x509.h
+index 5f17057..5c88251 100644
+--- a/include/openssl/x509.h
++++ b/include/openssl/x509.h
+@@ -573,8 +573,10 @@ void X509_get0_signature(const ASN1_BIT_STRING **psig,
+                          const X509_ALGOR **palg, const X509 *x);
+ int X509_get_signature_nid(const X509 *x);
+ 
++# ifndef OPENSSL_NO_SM2
+ void X509_set_sm2_id(X509 *x, ASN1_OCTET_STRING *sm2_id);
+ ASN1_OCTET_STRING *X509_get0_sm2_id(X509 *x);
++# endif
+ 
+ int X509_trusted(const X509 *x);
+ int X509_alias_set1(X509 *x, const unsigned char *name, int len);
+diff --git a/util/libcrypto.num b/util/libcrypto.num
+index 8635ac4..233d1c7 100644
+--- a/util/libcrypto.num
++++ b/util/libcrypto.num
+@@ -4626,5 +4626,5 @@ FIPS_drbg_get_strength                  6379	1_1_0g	EXIST::FUNCTION:
+ FIPS_rand_strength                      6380	1_1_0g	EXIST::FUNCTION:
+ FIPS_drbg_get_blocklength               6381	1_1_0g	EXIST::FUNCTION:
+ FIPS_drbg_init                          6382	1_1_0g	EXIST::FUNCTION:
+-X509_set_sm2_id                         6383	1_1_1m	EXIST::FUNCTION:
+-X509_get0_sm2_id                        6384	1_1_1m	EXIST::FUNCTION:
++X509_set_sm2_id                         6383	1_1_1m	EXIST::FUNCTION:SM2
++X509_get0_sm2_id                        6384	1_1_1m	EXIST::FUNCTION:SM2
+-- 
+2.20.1 (Apple Git-117)
+

_service:tar_scm:Backport-Make-X509_set_sm2_id-consistent-with-other-setters.patch Added

@@ -0,0 +1,320 @@
+From 0717cc33d72b011cce4f53661c58d628b684275c Mon Sep 17 00:00:00 2001
+From: Paul Yang <yang.yang@baishancloud.com>
+Date: Mon, 1 Apr 2019 10:21:53 +0900
+Subject: PATCH 09/15 Make X509_set_sm2_id consistent with other setters
+
+This commit makes the X509_set_sm2_id to 'set0' behaviour, which means
+the memory management is passed to X509 and user doesn't need to free
+the sm2_id parameter later. API name also changes to X509_set0_sm2_id.
+
+Document and test case are also updated.
+
+Reviewed-by: Matt Caswell <matt@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/8626)
+---
+ apps/verify.c                 | 40 +++++++++++++++++++-----------
+ crypto/x509/x_all.c           |  5 +++-
+ crypto/x509/x_x509.c          | 13 +++++++---
+ doc/man3/X509_get0_sm2_id.pod | 12 ++++++---
+ include/crypto/x509.h         |  2 +-
+ include/openssl/x509.h        |  2 +-
+ test/verify_extra_test.c      | 46 +++++++++++++++++++++++++++++++++++
+ util/libcrypto.num            |  2 +-
+ 8 files changed, 97 insertions(+), 25 deletions(-)
+
+diff --git a/apps/verify.c b/apps/verify.c
+index 5052d80..9000567 100644
+--- a/apps/verify.c
++++ b/apps/verify.c
+@@ -246,27 +246,37 @@ static int check(X509_STORE *ctx, const char *file,
+ 
+     if (sm2id != NULL) {
+ #ifndef OPENSSL_NO_SM2
+-        ASN1_OCTET_STRING v;
++        ASN1_OCTET_STRING *v;
+ 
+-        v.data = sm2id;
+-        v.length = sm2idlen;
++        v = ASN1_OCTET_STRING_new();
++        if (v == NULL) {
++            BIO_printf(bio_err, "error: SM2 ID allocation failed\n");
++            goto end;
++        }
+ 
+-        X509_set_sm2_id(x, &v);
++        if (!ASN1_OCTET_STRING_set(v, sm2id, sm2idlen)) {
++            BIO_printf(bio_err, "error: setting SM2 ID failed\n");
++            ASN1_OCTET_STRING_free(v);
++            goto end;
++        }
++
++        X509_set0_sm2_id(x, v);
+ #endif
+     }
+ 
+     csc = X509_STORE_CTX_new();
+     if (csc == NULL) {
+-        printf("error %s: X.509 store context allocation failed\n",
+-               (file == NULL) ? "stdin" : file);
++        BIO_printf(bio_err, "error %s: X.509 store context allocation failed\n",
++                   (file == NULL) ? "stdin" : file);
+         goto end;
+     }
+ 
+     X509_STORE_set_flags(ctx, vflags);
+     if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) {
+         X509_STORE_CTX_free(csc);
+-        printf("error %s: X.509 store context initialization failed\n",
+-               (file == NULL) ? "stdin" : file);
++        BIO_printf(bio_err,
++                   "error %s: X.509 store context initialization failed\n",
++                   (file == NULL) ? "stdin" : file);
+         goto end;
+     }
+     if (tchain != NULL)
+@@ -275,28 +285,30 @@ static int check(X509_STORE *ctx, const char *file,
+         X509_STORE_CTX_set0_crls(csc, crls);
+     i = X509_verify_cert(csc);
+     if (i > 0 && X509_STORE_CTX_get_error(csc) == X509_V_OK) {
+-        printf("%s: OK\n", (file == NULL) ? "stdin" : file);
++        BIO_printf(bio_out, "%s: OK\n", (file == NULL) ? "stdin" : file);
+         ret = 1;
+         if (show_chain) {
+             int j;
+ 
+             chain = X509_STORE_CTX_get1_chain(csc);
+             num_untrusted = X509_STORE_CTX_get_num_untrusted(csc);
+-            printf("Chain:\n");
++            BIO_printf(bio_out, "Chain:\n");
+             for (j = 0; j < sk_X509_num(chain); j++) {
+                 X509 *cert = sk_X509_value(chain, j);
+-                printf("depth=%d: ", j);
++                BIO_printf(bio_out, "depth=%d: ", j);
+                 X509_NAME_print_ex_fp(stdout,
+                                       X509_get_subject_name(cert),
+                                       0, get_nameopt());
+                 if (j < num_untrusted)
+-                    printf(" (untrusted)");
+-                printf("\n");
++                    BIO_printf(bio_out, " (untrusted)");
++                BIO_printf(bio_out, "\n");
+             }
+             sk_X509_pop_free(chain, X509_free);
+         }
+     } else {
+-        printf("error %s: verification failed\n", (file == NULL) ? "stdin" : file);
++        BIO_printf(bio_err,
++                   "error %s: verification failed\n",
++                   (file == NULL) ? "stdin" : file);
+     }
+     X509_STORE_CTX_free(csc);
+ 
+diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c
+index 60a2892..9c8aea5 100644
+--- a/crypto/x509/x_all.c
++++ b/crypto/x509/x_all.c
+@@ -72,7 +72,10 @@ static int x509_verify_sm2(X509 *x, EVP_PKEY *pkey, int mdnid, int pknid)
+         ret = 0;
+         goto err;
+     }
+-    if (EVP_PKEY_CTX_set1_id(pctx, x->sm2_id.data, x->sm2_id.length) != 1) {
++    /* NOTE: we tolerate no actual ID, to provide maximum flexibility */
++    if (x->sm2_id != NULL
++            && EVP_PKEY_CTX_set1_id(pctx, x->sm2_id->data,
++                                    x->sm2_id->length) != 1) {
+         X509err(X509_F_X509_VERIFY_SM2, ERR_R_EVP_LIB);
+         ret = 0;
+         goto err;
+diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c
+index 1beab78..fb03bb2 100644
+--- a/crypto/x509/x_x509.c
++++ b/crypto/x509/x_x509.c
+@@ -72,6 +72,9 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+ #ifndef OPENSSL_NO_RFC3779
+         ret->rfc3779_addr = NULL;
+         ret->rfc3779_asid = NULL;
++#endif
++#ifndef OPENSSL_NO_SM2
++        ret->sm2_id = NULL;
+ #endif
+         ret->aux = NULL;
+         ret->crldp = NULL;
+@@ -91,6 +94,9 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+ #ifndef OPENSSL_NO_RFC3779
+         sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free);
+         ASIdentifiers_free(ret->rfc3779_asid);
++#endif
++#ifndef OPENSSL_NO_SM2
++        ASN1_OCTET_STRING_free(ret->sm2_id);
+ #endif
+         break;
+ 
+@@ -247,13 +253,14 @@ int X509_get_signature_nid(const X509 *x)
+ }
+ 
+ #ifndef OPENSSL_NO_SM2
+-void X509_set_sm2_id(X509 *x, ASN1_OCTET_STRING *sm2_id)
++void X509_set0_sm2_id(X509 *x, ASN1_OCTET_STRING *sm2_id)
+ {
+-    x->sm2_id = *sm2_id;
++    ASN1_OCTET_STRING_free(x->sm2_id);
++    x->sm2_id = sm2_id;
+ }
+ 
+ ASN1_OCTET_STRING *X509_get0_sm2_id(X509 *x)
+ {
+-    return &x->sm2_id;
++    return x->sm2_id;
+ }
+ #endif
+diff --git a/doc/man3/X509_get0_sm2_id.pod b/doc/man3/X509_get0_sm2_id.pod
+index 84da71e..9698c86 100644
+--- a/doc/man3/X509_get0_sm2_id.pod
++++ b/doc/man3/X509_get0_sm2_id.pod
+@@ -2,20 +2,24 @@
+ 
+ =head1 NAME
+ 
+-X509_get0_sm2_id, X509_set_sm2_id - get or set SM2 ID for certificate operations
++X509_get0_sm2_id, X509_set0_sm2_id - get or set SM2 ID for certificate operations
+ 
+ =head1 SYNOPSIS
+ 
+  #include <openssl/x509.h>
+ 
+  ASN1_OCTET_STRING *X509_get0_sm2_id(X509 *x);
+- void X509_set_sm2_id(X509 *x, ASN1_OCTET_STRING *sm2_id);
++ void X509_set0_sm2_id(X509 *x, ASN1_OCTET_STRING *sm2_id);
+ 
+ =head1 DESCRIPTION
+ 
+ X509_get0_sm2_id() gets the ID value of an SM2 certificate B<x> by returning an
+ B<ASN1_OCTET_STRING> object which should not be freed by the caller.
+-X509_set_sm2_id() sets the B<sm2_id> value to an SM2 certificate B<x>.
++
++X509_set0_sm2_id() sets the B<sm2_id> value to an SM2 certificate B<x>. Calling
++this function transfers the memory management of the value to the X509 object,
++and therefore the value that has been passed in should not be freed by the
++caller after this function has been called.
+

_service:tar_scm:Backport-SM3-acceleration-with-SM3-hardware-instruction-on-aa.patch Added

@@ -0,0 +1,492 @@
+From 4d2e328357ac4b468d4762a5a5f615d7e7bf46a6 Mon Sep 17 00:00:00 2001
+From: Xu Yizhou <xuyizhou1@huawei.com>
+Date: Thu, 27 Oct 2022 20:49:34 +0800
+Subject: PATCH 1/3 SM3 acceleration with SM3 hardware instruction on aarch64
+
+This patch contains the following two PRs,
+
+1. SM3 acceleration with SM3 hardware instruction on aarch64
+
+SM3 hardware instruction is optional feature of crypto extension for
+aarch64. This implementation accelerates SM3 via SM3 instructions. For
+the platform not supporting SM3 instruction, the original C
+implementation still works. Thanks to AliBaba for testing and reporting
+the following perf numbers for Yitian710:
+
+Benchmark on T-Head Yitian-710 2.75GHz:
+
+Before:
+type  16 bytes     64 bytes    256 bytes    1024 bytes   8192 bytes   16384 bytes
+sm3   49297.82k   121062.63k   223106.05k   283371.52k   307574.10k   309400.92k
+
+After (33% - 74% faster):
+type  16 bytes     64 bytes    256 bytes    1024 bytes   8192 bytes   16384 bytes
+sm3   65640.01k   179121.79k   359854.59k   481448.96k   534055.59k   538274.47k
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/17454)
+
+2. Fix sm3ss1 translation issue in sm3-armv8.pl
+
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Paul Dale <pauli@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/17542)
+
+Signed-off-by: Xu Yizhou <xuyizhou1@huawei.com>
+---
+ Configurations/00-base-templates.conf |   1 +
+ Configure                             |   4 +
+ crypto/arm64cpuid.pl                  |   7 +
+ crypto/arm_arch.h                     |   1 +
+ crypto/armcap.c                       |  10 +
+ crypto/sm3/asm/sm3-armv8.pl           | 280 ++++++++++++++++++++++++++
+ crypto/sm3/build.info                 |  15 +-
+ crypto/sm3/sm3_local.h                |  16 +-
+ 8 files changed, 332 insertions(+), 2 deletions(-)
+ create mode 100644 crypto/sm3/asm/sm3-armv8.pl
+
+diff --git a/Configurations/00-base-templates.conf b/Configurations/00-base-templates.conf
+index 1d35012..a67ae65 100644
+--- a/Configurations/00-base-templates.conf
++++ b/Configurations/00-base-templates.conf
+@@ -322,6 +322,7 @@ my %targets=(
+ 	poly1305_asm_src=> "poly1305-armv8.S",
+ 	keccak1600_asm_src	=> "keccak1600-armv8.S",
+ 	sm4_asm_src     =>  "vpsm4_ex-armv8.S",
++	sm3_asm_src     =>  "sm3-armv8.S",
+     },
+     parisc11_asm => {
+ 	template	=> 1,
+diff --git a/Configure b/Configure
+index 3bfe360..fce460d 100755
+--- a/Configure
++++ b/Configure
+@@ -1423,6 +1423,9 @@ unless ($disabled{asm}) {
+     if ($target{sm4_asm_src} ne "") {
+         push @{$config{lib_defines}}, "VPSM4_EX_ASM";
+     }
++    if ($target{sm3_asm_src} ne "") {
++        push @{$config{lib_defines}}, "SM3_ASM";
++    }
+ }
+ 
+ my %predefined_C = compiler_predefined($config{CROSS_COMPILE}.$config{CC});
+@@ -3379,6 +3382,7 @@ sub print_table_entry
+         "multilib",
+         "build_scheme",
+         "sm4_asm_src",
++        "sm3_asm_src",
+         );
+ 
+     if ($type eq "TABLE") {
+diff --git a/crypto/arm64cpuid.pl b/crypto/arm64cpuid.pl
+index 319927e..1e9b167 100755
+--- a/crypto/arm64cpuid.pl
++++ b/crypto/arm64cpuid.pl
+@@ -78,6 +78,13 @@ _armv8_sha512_probe:
+ 	ret
+ .size	_armv8_sha512_probe,.-_armv8_sha512_probe
+ 
++.globl	_armv8_sm3_probe
++.type	_armv8_sm3_probe,%function
++_armv8_sm3_probe:
++	.long	0xce63c004	// sm3partw1 v4.4s, v0.4s, v3.4s
++	ret
++.size	_armv8_sm3_probe,.-_armv8_sm3_probe
++
+ .globl	OPENSSL_cleanse
+ .type	OPENSSL_cleanse,%function
+ .align	5
+diff --git a/crypto/arm_arch.h b/crypto/arm_arch.h
+index 8b71055..8839b21 100644
+--- a/crypto/arm_arch.h
++++ b/crypto/arm_arch.h
+@@ -80,5 +80,6 @@ extern unsigned int OPENSSL_armcap_P;
+ # define ARMV8_SHA256    (1<<4)
+ # define ARMV8_PMULL     (1<<5)
+ # define ARMV8_SHA512    (1<<6)
++# define ARMV8_SM3       (1<<9)
+ 
+ #endif
+diff --git a/crypto/armcap.c b/crypto/armcap.c
+index 48c5d4d..8b2f4a5 100644
+--- a/crypto/armcap.c
++++ b/crypto/armcap.c
+@@ -47,6 +47,7 @@ void _armv8_sha1_probe(void);
+ void _armv8_sha256_probe(void);
+ void _armv8_pmull_probe(void);
+ # ifdef __aarch64__
++void _armv8_sm3_probe(void);
+ void _armv8_sha512_probe(void);
+ # endif
+ uint32_t _armv7_tick(void);
+@@ -130,6 +131,7 @@ static unsigned long getauxval(unsigned long key)
+ #  define HWCAP_CE_PMULL         (1 << 4)
+ #  define HWCAP_CE_SHA1          (1 << 5)
+ #  define HWCAP_CE_SHA256        (1 << 6)
++#  define HWCAP_CE_SM3           (1 << 18)
+ #  define HWCAP_CE_SHA512        (1 << 21)
+ # endif
+ 
+@@ -190,6 +192,9 @@ void OPENSSL_cpuid_setup(void)
+ #  ifdef __aarch64__
+         if (hwcap & HWCAP_CE_SHA512)
+             OPENSSL_armcap_P |= ARMV8_SHA512;
++
++        if (hwcap & HWCAP_CE_SM3)
++            OPENSSL_armcap_P |= ARMV8_SM3;
+ #  endif
+     }
+ # endif
+@@ -233,6 +238,11 @@ void OPENSSL_cpuid_setup(void)
+             _armv8_sha512_probe();
+             OPENSSL_armcap_P |= ARMV8_SHA512;
+         }
++
++        if (sigsetjmp(ill_jmp, 1) == 0) {
++            _armv8_sm3_probe();
++            OPENSSL_armcap_P |= ARMV8_SM3;
++        }
+ #  endif
+     }
+ # endif
+diff --git a/crypto/sm3/asm/sm3-armv8.pl b/crypto/sm3/asm/sm3-armv8.pl
+new file mode 100644
+index 0000000..677ca52
+--- /dev/null
++++ b/crypto/sm3/asm/sm3-armv8.pl
+@@ -0,0 +1,280 @@
++#! /usr/bin/env perl
++# Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved.
++#
++# Licensed under the Apache License 2.0 (the "License").  You may not use
++# this file except in compliance with the License.  You can obtain a copy
++# in the file LICENSE in the source distribution or at
++# https://www.openssl.org/source/license.html
++#
++# This module implements support for Armv8 SM3 instructions
++
++# $output is the last argument if it looks like a file (it has an extension)
++# $flavour is the first argument if it doesn't look like a file
++$output = $#ARGV >= 0 && $ARGV$#ARGV =~ m|\.\w+$| ? pop : undef;
++$flavour = $#ARGV >= 0 && $ARGV0 !~ m|\.| ? shift : undef;
++
++$0 =~ m/(.*\/\\)^\/\\+$/; $dir=$1;
++( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
++( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
++die "can't locate arm-xlate.pl";
++
++open OUT,"| \"$^X\" $xlate $flavour \"$output\""
++    or die "can't call $xlate: $!";
++*STDOUT=*OUT;
++
++# Message expanding:
++#	Wj <- P1(Wj-16^Wj-9^(Wj-3<<<15))^(Wj-13<<<7)^Wj-6
++# Input: s0, s1, s2, s3
++#	s0 = w0  | w1  | w2  | w3
++#	s1 = w4  | w5  | w6  | w7
++#	s2 = w8  | w9  | w10 | w11
++#	s3 = w12 | w13 | w14 | w15
++# Output: s4
++sub msg_exp () {
++my $s0 = shift;
++my $s1 = shift;
++my $s2 = shift;
++my $s3 = shift;
++my $s4 = shift;
++my $vtmp1 = shift;

_service:tar_scm:Backport-SM4-optimization-for-ARM-by-HW-instruction.patch Added

@@ -0,0 +1,1032 @@
+From 4f7e522f7fda2c55c4915396d08f8c9cf3b3fba8 Mon Sep 17 00:00:00 2001
+From: Xu Yizhou <xuyizhou1@huawei.com>
+Date: Fri, 28 Oct 2022 11:24:28 +0800
+Subject: PATCH 2/3 SM4 optimization for ARM by HW instruction
+
+This patch is a copy of the following PR, with
+some extra supporting code.
+
+1. SM4 optimization for ARM by HW instruction
+
+This patch implements the SM4 optimization for ARM processor,
+using SM4 HW instruction, which is an optional feature of
+crypto extension for aarch64 V8.
+
+Tested on some modern ARM micro-architectures with SM4 support, the
+performance uplift can be observed around 8X~40X over existing
+C implementation in openssl. Algorithms that can be parallelized
+(like CTR, ECB, CBC decryption) are on higher end, with algorithm
+like CBC encryption on lower end (due to inter-block dependency)
+
+Perf data on Yitian-710 2.75GHz hardware, before and after optimization:
+
+Before:
+type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
+SM4-CTR 105787.80k 107837.87k 108380.84k 108462.08k 108549.46k 108554.92k
+SM4-ECB 111924.58k 118173.76k 119776.00k 120093.70k 120264.02k 120274.94k
+SM4-CBC 106428.09k 109190.98k 109674.33k 109774.51k 109827.41k 109827.41k
+
+After (7.4x - 36.6x faster):
+type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
+SM4-CTR 781979.02k 2432994.28k 3437753.86k 3834177.88k 3963715.58k 3974556.33k
+SM4-ECB 937590.69k 2941689.02k 3945751.81k 4328655.87k 4459181.40k 4468692.31k
+SM4-CBC 890639.88k 1027746.58k 1050621.78k 1056696.66k 1058613.93k 1058701.31k
+
+Signed-off-by: Daniel Hu <Daniel.Hu@arm.com>
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/17455\)
+
+Signed-off-by: Xu Yizhou <xuyizhou1@huawei.com>
+---
+ Configurations/00-base-templates.conf |   2 +-
+ Configure                             |   3 +-
+ crypto/arm64cpuid.pl                  |   7 +
+ crypto/arm_arch.h                     |   1 +
+ crypto/armcap.c                       |  10 +
+ crypto/evp/e_sm4.c                    |  88 ++--
+ crypto/sm4/asm/sm4-armv8.pl           | 629 ++++++++++++++++++++++++++
+ crypto/sm4/build.info                 |  13 +-
+ include/crypto/sm4_platform.h         |  70 +++
+ 9 files changed, 788 insertions(+), 35 deletions(-)
+ create mode 100644 crypto/sm4/asm/sm4-armv8.pl
+ create mode 100644 include/crypto/sm4_platform.h
+
+diff --git a/Configurations/00-base-templates.conf b/Configurations/00-base-templates.conf
+index a67ae65..a26d081 100644
+--- a/Configurations/00-base-templates.conf
++++ b/Configurations/00-base-templates.conf
+@@ -321,7 +321,7 @@ my %targets=(
+ 	chacha_asm_src  => "chacha-armv8.S",
+ 	poly1305_asm_src=> "poly1305-armv8.S",
+ 	keccak1600_asm_src	=> "keccak1600-armv8.S",
+-	sm4_asm_src     =>  "vpsm4_ex-armv8.S",
++	sm4_asm_src     =>  "sm4-armv8.S vpsm4_ex-armv8.S",
+ 	sm3_asm_src     =>  "sm3-armv8.S",
+     },
+     parisc11_asm => {
+diff --git a/Configure b/Configure
+index fce460d..d013204 100755
+--- a/Configure
++++ b/Configure
+@@ -1421,7 +1421,8 @@ unless ($disabled{asm}) {
+         push @{$config{lib_defines}}, "POLY1305_ASM";
+     }
+     if ($target{sm4_asm_src} ne "") {
+-        push @{$config{lib_defines}}, "VPSM4_EX_ASM";
++        push @{$config{lib_defines}}, "SM4_ASM" if ($target{sm4_asm_src} =~ m/sm4/);
++        push @{$config{lib_defines}}, "VPSM4_EX_ASM" if ($target{sm4_asm_src} =~ m/vpsm4_ex/);
+     }
+     if ($target{sm3_asm_src} ne "") {
+         push @{$config{lib_defines}}, "SM3_ASM";
+diff --git a/crypto/arm64cpuid.pl b/crypto/arm64cpuid.pl
+index 1e9b167..341167b 100755
+--- a/crypto/arm64cpuid.pl
++++ b/crypto/arm64cpuid.pl
+@@ -71,6 +71,13 @@ _armv8_pmull_probe:
+ 	ret
+ .size	_armv8_pmull_probe,.-_armv8_pmull_probe
+ 
++.globl	_armv8_sm4_probe
++.type	_armv8_sm4_probe,%function
++_armv8_sm4_probe:
++	.long	0xcec08400	// sm4e	v0.4s, v0.4s
++	ret
++.size	_armv8_sm4_probe,.-_armv8_sm4_probe
++
+ .globl	_armv8_sha512_probe
+ .type	_armv8_sha512_probe,%function
+ _armv8_sha512_probe:
+diff --git a/crypto/arm_arch.h b/crypto/arm_arch.h
+index 8839b21..0f6f7ca 100644
+--- a/crypto/arm_arch.h
++++ b/crypto/arm_arch.h
+@@ -81,5 +81,6 @@ extern unsigned int OPENSSL_armcap_P;
+ # define ARMV8_PMULL     (1<<5)
+ # define ARMV8_SHA512    (1<<6)
+ # define ARMV8_SM3       (1<<9)
++# define ARMV8_SM4       (1<<10)
+ 
+ #endif
+diff --git a/crypto/armcap.c b/crypto/armcap.c
+index 8b2f4a5..73bcad1 100644
+--- a/crypto/armcap.c
++++ b/crypto/armcap.c
+@@ -48,6 +48,7 @@ void _armv8_sha256_probe(void);
+ void _armv8_pmull_probe(void);
+ # ifdef __aarch64__
+ void _armv8_sm3_probe(void);
++void _armv8_sm4_probe(void);
+ void _armv8_sha512_probe(void);
+ # endif
+ uint32_t _armv7_tick(void);
+@@ -132,6 +133,7 @@ static unsigned long getauxval(unsigned long key)
+ #  define HWCAP_CE_SHA1          (1 << 5)
+ #  define HWCAP_CE_SHA256        (1 << 6)
+ #  define HWCAP_CE_SM3           (1 << 18)
++#  define HWCAP_CE_SM4           (1 << 19)
+ #  define HWCAP_CE_SHA512        (1 << 21)
+ # endif
+ 
+@@ -190,6 +192,9 @@ void OPENSSL_cpuid_setup(void)
+             OPENSSL_armcap_P |= ARMV8_SHA256;
+ 
+ #  ifdef __aarch64__
++        if (hwcap & HWCAP_CE_SM4)
++            OPENSSL_armcap_P |= ARMV8_SM4;
++
+         if (hwcap & HWCAP_CE_SHA512)
+             OPENSSL_armcap_P |= ARMV8_SHA512;
+ 
+@@ -234,6 +239,11 @@ void OPENSSL_cpuid_setup(void)
+             OPENSSL_armcap_P |= ARMV8_SHA256;
+         }
+ #  if defined(__aarch64__) && !defined(__APPLE__)
++        if (sigsetjmp(ill_jmp, 1) == 0) {
++            _armv8_sm4_probe();
++            OPENSSL_armcap_P |= ARMV8_SM4;
++        }
++
+         if (sigsetjmp(ill_jmp, 1) == 0) {
+             _armv8_sha512_probe();
+             OPENSSL_armcap_P |= ARMV8_SHA512;
+diff --git a/crypto/evp/e_sm4.c b/crypto/evp/e_sm4.c
+index 169d6c7..eaa5ba0 100644
+--- a/crypto/evp/e_sm4.c
++++ b/crypto/evp/e_sm4.c
+@@ -15,17 +15,11 @@
+ # include <openssl/modes.h>
+ # include "crypto/sm4.h"
+ # include "crypto/evp.h"
++# include "crypto/sm4_platform.h"
+ # include "evp_local.h"
+ # include "modes_local.h"
+ 
+-#if defined(OPENSSL_CPUID_OBJ) && (defined(__arm__) || defined(__arm) || defined(__aarch64__))
+-# include "arm_arch.h"
+-# if __ARM_MAX_ARCH__>=7
+-#  if defined(VPSM4_EX_ASM)
+-#   define VPSM4_EX_CAPABLE (OPENSSL_armcap_P & ARMV8_AES)
+-#  endif
+-# endif
+-#endif
++
+ 
+ typedef struct {
+     union {
+@@ -35,28 +29,11 @@ typedef struct {
+     block128_f block;
+     union {
+         ecb128_f ecb;
++        cbc128_f cbc;
++        ctr128_f ctr;
+     } stream;
+ } EVP_SM4_KEY;
+ 
+-#ifdef VPSM4_EX_CAPABLE
+-void vpsm4_ex_set_encrypt_key(const unsigned char *userKey, SM4_KEY *key);
+-void vpsm4_ex_set_decrypt_key(const unsigned char *userKey, SM4_KEY *key);
+-#define vpsm4_ex_encrypt SM4_encrypt
+-#define vpsm4_ex_decrypt SM4_encrypt
+-void vpsm4_ex_ecb_encrypt(
+-    const unsigned char *in, unsigned char *out, size_t length, const SM4_KEY *key, const int enc);
+-/* xts mode in GB/T 17964-2021 */
+-void vpsm4_ex_xts_encrypt_gb(const unsigned char *in, unsigned char *out, size_t length, const SM4_KEY *key1,
+-    const SM4_KEY *key2, const uint8_t iv16);
+-void vpsm4_ex_xts_decrypt_gb(const unsigned char *in, unsigned char *out, size_t length, const SM4_KEY *key1,
+-    const SM4_KEY *key2, const uint8_t iv16);
+-/* xts mode in IEEE Std 1619-2007 */

_service:tar_scm:Backport-Skip-the-correct-number-of-tests-if-SM2-is-disabled.patch Added

_service:tar_scm:Backport-Support-SM2-certificate-signing.patch Added

@@ -0,0 +1,1189 @@
+From 0bacd53ecedfef3ca8af4a8884c46ec8e47c83fa Mon Sep 17 00:00:00 2001
+From: Paul Yang <yang.yang@baishancloud.com>
+Date: Wed, 5 Jun 2019 14:46:48 +0800
+Subject: PATCH 10/15 Support SM2 certificate signing
+
+SM2 certificate signing request can be created and signed by OpenSSL
+now, both in library and apps.
+
+Documentation and test cases are added.
+
+Reviewed-by: Tim Hudson <tjh@openssl.org>
+Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
+(Merged from https://github.com/openssl/openssl/pull/9085)
+---
+ CHANGES                             |   3 +
+ apps/ca.c                           |  68 ++++++++++++-
+ apps/req.c                          | 149 ++++++++++++++++++++++++++--
+ crypto/asn1/a_sign.c                |  13 ++-
+ crypto/ec/ec_pmeth.c                |   3 +-
+ crypto/err/openssl.txt              |   3 +
+ crypto/x509/x509_err.c              |   4 +
+ crypto/x509/x_all.c                 |  85 ++++++++++++----
+ crypto/x509/x_req.c                 |  38 ++++++-
+ crypto/x509/x_x509.c                |   3 +
+ doc/man1/ca.pod                     |  16 +++
+ doc/man1/req.pod                    |  21 ++++
+ doc/man3/X509_get0_sm2_id.pod       |  12 ++-
+ include/crypto/x509.h               |   3 +
+ include/openssl/x509.h              |   2 +
+ include/openssl/x509err.h           |   3 +
+ test/certs/sm2-csr.pem              |   9 ++
+ test/certs/sm2-root.crt             |  14 +++
+ test/certs/sm2-root.key             |   5 +
+ test/recipes/25-test_req.t          |  21 +++-
+ test/recipes/70-test_verify_extra.t |   3 +-
+ test/recipes/80-test_ca.t           |  20 +++-
+ test/verify_extra_test.c            |  45 ++++++++-
+ util/libcrypto.num                  |   2 +
+ 24 files changed, 501 insertions(+), 44 deletions(-)
+ create mode 100644 test/certs/sm2-csr.pem
+ create mode 100644 test/certs/sm2-root.crt
+ create mode 100644 test/certs/sm2-root.key
+
+diff --git a/CHANGES b/CHANGES
+index 9d58cb0..6ab70fe 100644
+--- a/CHANGES
++++ b/CHANGES
+@@ -9,6 +9,9 @@
+ 
+  Changes between 1.1.1l and 1.1.1m 14 Dec 2021
+ 
++  *) Support SM2 signing and verification schemes with X509 certificate.
++     Paul Yang
++
+   *) Avoid loading of a dynamic engine twice.
+ 
+      Bernd Edlinger
+diff --git a/apps/ca.c b/apps/ca.c
+index 390ac37..795ee2c 100755
+--- a/apps/ca.c
++++ b/apps/ca.c
+@@ -96,7 +96,8 @@ static int certify(X509 **xret, const char *infile, EVP_PKEY *pkey, X509 *x509,
+                    const char *enddate,
+                    long days, int batch, const char *ext_sect, CONF *conf,
+                    int verbose, unsigned long certopt, unsigned long nameopt,
+-                   int default_op, int ext_copy, int selfsign);
++                   int default_op, int ext_copy, int selfsign,
++                   unsigned char *sm2_id, size_t sm2idlen);
+ static int certify_cert(X509 **xret, const char *infile, EVP_PKEY *pkey, X509 *x509,
+                         const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
+                         STACK_OF(CONF_VALUE) *policy, CA_DB *db,
+@@ -147,7 +148,7 @@ typedef enum OPTION_choice {
+     OPT_INFILES, OPT_SS_CERT, OPT_SPKAC, OPT_REVOKE, OPT_VALID,
+     OPT_EXTENSIONS, OPT_EXTFILE, OPT_STATUS, OPT_UPDATEDB, OPT_CRLEXTS,
+     OPT_RAND_SERIAL,
+-    OPT_R_ENUM,
++    OPT_R_ENUM, OPT_SM2ID, OPT_SM2HEXID,
+     /* Do not change the order here; see related case statements below */
+     OPT_CRL_REASON, OPT_CRL_HOLD, OPT_CRL_COMPROMISE, OPT_CRL_CA_COMPROMISE
+ } OPTION_CHOICE;
+@@ -217,6 +218,12 @@ const OPTIONS ca_options = {
+     OPT_R_OPTIONS,
+ #ifndef OPENSSL_NO_ENGINE
+     {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
++#endif
++#ifndef OPENSSL_NO_SM2
++    {"sm2-id", OPT_SM2ID, 's',
++     "Specify an ID string to verify an SM2 certificate request"},
++    {"sm2-hex-id", OPT_SM2HEXID, 's',
++     "Specify a hex ID string to verify an SM2 certificate request"},
+ #endif
+     {NULL}
+ };
+@@ -262,6 +269,9 @@ int ca_main(int argc, char **argv)
+     REVINFO_TYPE rev_type = REV_NONE;
+     X509_REVOKED *r = NULL;
+     OPTION_CHOICE o;
++    unsigned char *sm2_id = NULL;
++    size_t sm2_idlen = 0;
++    int sm2_free = 0;
+ 
+     prog = opt_init(argc, argv, ca_options);
+     while ((o = opt_next()) != OPT_EOF) {
+@@ -425,6 +435,30 @@ opthelp:
+         case OPT_ENGINE:
+             e = setup_engine(opt_arg(), 0);
+             break;
++        case OPT_SM2ID:
++            /* we assume the input is not a hex string */
++            if (sm2_id != NULL) {
++                BIO_printf(bio_err,
++                           "Use one of the options 'sm2-hex-id' or 'sm2-id'\n");
++                goto end;
++            }
++            sm2_id = (unsigned char *)opt_arg();
++            sm2_idlen = strlen((const char *)sm2_id);
++            break;
++        case OPT_SM2HEXID:
++            /* try to parse the input as hex string first */
++            if (sm2_id != NULL) {
++                BIO_printf(bio_err,
++                           "Use one of the options 'sm2-hex-id' or 'sm2-id'\n");
++                goto end;
++            }
++            sm2_free = 1;
++            sm2_id = OPENSSL_hexstr2buf(opt_arg(), (long *)&sm2_idlen);
++            if (sm2_id == NULL) {
++                BIO_printf(bio_err, "Invalid hex string input\n");
++                goto end;
++            }
++            break;
+         }
+     }
+ end_of_options:
+@@ -913,7 +947,8 @@ end_of_options:
+             j = certify(&x, infile, pkey, x509p, dgst, sigopts, attribs, db,
+                         serial, subj, chtype, multirdn, email_dn, startdate,
+                         enddate, days, batch, extensions, conf, verbose,
+-                        certopt, get_nameopt(), default_op, ext_copy, selfsign);
++                        certopt, get_nameopt(), default_op, ext_copy, selfsign,
++                        sm2_id, sm2_idlen);
+             if (j < 0)
+                 goto end;
+             if (j > 0) {
+@@ -932,7 +967,8 @@ end_of_options:
+             j = certify(&x, argvi, pkey, x509p, dgst, sigopts, attribs, db,
+                         serial, subj, chtype, multirdn, email_dn, startdate,
+                         enddate, days, batch, extensions, conf, verbose,
+-                        certopt, get_nameopt(), default_op, ext_copy, selfsign);
++                        certopt, get_nameopt(), default_op, ext_copy, selfsign,
++                        sm2_id, sm2_idlen);
+             if (j < 0)
+                 goto end;
+             if (j > 0) {
+@@ -1230,6 +1266,8 @@ end_of_options:
+     ret = 0;
+ 
+  end:
++    if (sm2_free)
++        OPENSSL_free(sm2_id);
+     if (ret)
+         ERR_print_errors(bio_err);
+     BIO_free_all(Sout);
+@@ -1268,7 +1306,8 @@ static int certify(X509 **xret, const char *infile, EVP_PKEY *pkey, X509 *x509,
+                    const char *enddate,
+                    long days, int batch, const char *ext_sect, CONF *lconf,
+                    int verbose, unsigned long certopt, unsigned long nameopt,
+-                   int default_op, int ext_copy, int selfsign)
++                   int default_op, int ext_copy, int selfsign,
++                   unsigned char *sm2id, size_t sm2idlen)
+ {
+     X509_REQ *req = NULL;
+     BIO *in = NULL;
+@@ -1300,6 +1339,25 @@ static int certify(X509 **xret, const char *infile, EVP_PKEY *pkey, X509 *x509,
+         BIO_printf(bio_err, "error unpacking public key\n");
+         goto end;
+     }
++    if (sm2id != NULL) {
++#ifndef OPENSSL_NO_SM2
++        ASN1_OCTET_STRING *v;
++
++        v = ASN1_OCTET_STRING_new();
++        if (v == NULL) {
++            BIO_printf(bio_err, "error: SM2 ID allocation failed\n");
++            goto end;
++        }
++
++        if (!ASN1_OCTET_STRING_set(v, sm2id, sm2idlen)) {
++            BIO_printf(bio_err, "error: setting SM2 ID failed\n");
++            ASN1_OCTET_STRING_free(v);
++            goto end;
++        }
++
++        X509_REQ_set0_sm2_id(req, v);
++#endif
++    }
+     i = X509_REQ_verify(req, pktmp);
+     pktmp = NULL;
+     if (i < 0) {

_service:tar_scm:Backport-Support-SM2-certificate-verification.patch Added

@@ -0,0 +1,579 @@
+From 7d86ccd1282aeff8f6d564c5d37625ffcc048f2d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?=E6=9D=A8=E6=B4=8B?= <yang.yang@baishancloud.com>
+Date: Fri, 26 Oct 2018 21:34:08 +0800
+Subject: PATCH 03/15 Support SM2 certificate verification
+
+Reviewed-by: Tim Hudson <tjh@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/8321)
+---
+ apps/verify.c               |  45 +++++++++++++--
+ crypto/asn1/a_verify.c      |   3 +-
+ crypto/err/openssl.txt      |   2 +
+ crypto/objects/obj_dat.h    |  17 ++++--
+ crypto/objects/obj_mac.num  |   1 +
+ crypto/objects/obj_xref.h   |   4 +-
+ crypto/objects/obj_xref.txt |   2 +
+ crypto/objects/objects.txt  |   2 +
+ crypto/x509/x509_err.c      |   2 +
+ crypto/x509/x_all.c         | 110 ++++++++++++++++++++++++++++++++++++
+ crypto/x509/x_x509.c        |  12 ++++
+ fuzz/oids.txt               |   1 +
+ include/crypto/x509.h       |   5 +-
+ include/openssl/obj_mac.h   |   7 ++-
+ include/openssl/x509.h      |   3 +
+ include/openssl/x509err.h   |   2 +
+ util/libcrypto.num          |   2 +
+ 17 files changed, 204 insertions(+), 16 deletions(-)
+
+diff --git a/apps/verify.c b/apps/verify.c
+index 1f93856..09b31cf 100644
+--- a/apps/verify.c
++++ b/apps/verify.c
+@@ -21,7 +21,8 @@
+ static int cb(int ok, X509_STORE_CTX *ctx);
+ static int check(X509_STORE *ctx, const char *file,
+                  STACK_OF(X509) *uchain, STACK_OF(X509) *tchain,
+-                 STACK_OF(X509_CRL) *crls, int show_chain);
++                 STACK_OF(X509_CRL) *crls, int show_chain,
++                 unsigned char *sm2id, size_t sm2idlen);
+ static int v_verbose = 0, vflags = 0;
+ 
+ typedef enum OPTION_choice {
+@@ -29,7 +30,7 @@ typedef enum OPTION_choice {
+     OPT_ENGINE, OPT_CAPATH, OPT_CAFILE, OPT_NOCAPATH, OPT_NOCAFILE,
+     OPT_UNTRUSTED, OPT_TRUSTED, OPT_CRLFILE, OPT_CRL_DOWNLOAD, OPT_SHOW_CHAIN,
+     OPT_V_ENUM, OPT_NAMEOPT,
+-    OPT_VERBOSE
++    OPT_VERBOSE, OPT_SM2ID, OPT_SM2HEXID
+ } OPTION_CHOICE;
+ 
+ const OPTIONS verify_options = {
+@@ -56,6 +57,12 @@ const OPTIONS verify_options = {
+     OPT_V_OPTIONS,
+ #ifndef OPENSSL_NO_ENGINE
+     {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
++#endif
++#ifndef OPENSSL_NO_SM2
++    {"sm2-id", OPT_SM2ID, 's',
++     "Specify an ID string to verify an SM2 certificate"},
++    {"sm2-hex-id", OPT_SM2HEXID, 's',
++     "Specify a hex ID string to verify an SM2 certificate"},
+ #endif
+     {NULL}
+ };
+@@ -71,6 +78,8 @@ int verify_main(int argc, char **argv)
+     int noCApath = 0, noCAfile = 0;
+     int vpmtouched = 0, crl_download = 0, show_chain = 0, i = 0, ret = 1;
+     OPTION_CHOICE o;
++    unsigned char *sm2_id = NULL;
++    size_t sm2_idlen = 0;
+ 
+     if ((vpm = X509_VERIFY_PARAM_new()) == NULL)
+         goto end;
+@@ -158,6 +167,19 @@ int verify_main(int argc, char **argv)
+         case OPT_VERBOSE:
+             v_verbose = 1;
+             break;
++        case OPT_SM2ID:
++            /* we assume the input is not a hex string */
++            sm2_id = (unsigned char *)opt_arg();
++            sm2_idlen = strlen((const char *)sm2_id);
++            break;
++        case OPT_SM2HEXID:
++            /* try to parse the input as hex string first */
++            sm2_id = OPENSSL_hexstr2buf(opt_arg(), (long *)&sm2_idlen);
++            if (sm2_id == NULL) {
++                BIO_printf(bio_err, "Invalid hex string input\n");
++                goto end;
++            }
++            break;
+         }
+     }
+     argc = opt_num_rest();
+@@ -183,12 +205,13 @@ int verify_main(int argc, char **argv)
+ 
+     ret = 0;
+     if (argc < 1) {
+-        if (check(store, NULL, untrusted, trusted, crls, show_chain) != 1)
++        if (check(store, NULL, untrusted, trusted, crls, show_chain,
++                  sm2_id, sm2_idlen) != 1)
+             ret = -1;
+     } else {
+         for (i = 0; i < argc; i++)
+             if (check(store, argvi, untrusted, trusted, crls,
+-                      show_chain) != 1)
++                      show_chain, sm2_id, sm2_idlen) != 1)
+                 ret = -1;
+     }
+ 
+@@ -204,7 +227,8 @@ int verify_main(int argc, char **argv)
+ 
+ static int check(X509_STORE *ctx, const char *file,
+                  STACK_OF(X509) *uchain, STACK_OF(X509) *tchain,
+-                 STACK_OF(X509_CRL) *crls, int show_chain)
++                 STACK_OF(X509_CRL) *crls, int show_chain,
++                 unsigned char *sm2id, size_t sm2idlen)
+ {
+     X509 *x = NULL;
+     int i = 0, ret = 0;
+@@ -216,6 +240,17 @@ static int check(X509_STORE *ctx, const char *file,
+     if (x == NULL)
+         goto end;
+ 
++    if (sm2id != NULL) {
++#ifndef OPENSSL_NO_SM2
++        ASN1_OCTET_STRING v;
++
++        v.data = sm2id;
++        v.length = sm2idlen;
++
++        X509_set_sm2_id(x, &v);
++#endif
++    }
++
+     csc = X509_STORE_CTX_new();
+     if (csc == NULL) {
+         printf("error %s: X.509 store context allocation failed\n",
+diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c
+index 4b5f542..f543aa1 100644
+--- a/crypto/asn1/a_verify.c
++++ b/crypto/asn1/a_verify.c
+@@ -94,7 +94,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
+     int mdnid, pknid;
+     size_t inll = 0;
+ 
+-    if (!pkey) {
++    if (pkey == NULL) {
+         ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
+         return -1;
+     }
+@@ -150,7 +150,6 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
+             ret = 0;
+             goto err;
+         }
+-
+     }
+ 
+     inl = ASN1_item_i2d(asn, &buf_in, it);
+diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
+index 902e97b..5e71e65 100644
+--- a/crypto/err/openssl.txt
++++ b/crypto/err/openssl.txt
+@@ -1766,8 +1766,10 @@ X509_F_X509_STORE_NEW:158:X509_STORE_new
+ X509_F_X509_TO_X509_REQ:126:X509_to_X509_REQ
+ X509_F_X509_TRUST_ADD:133:X509_TRUST_add
+ X509_F_X509_TRUST_SET:141:X509_TRUST_set
++X509_F_X509_VERIFY:161:X509_verify
+ X509_F_X509_VERIFY_CERT:127:X509_verify_cert
+ X509_F_X509_VERIFY_PARAM_NEW:159:X509_VERIFY_PARAM_new
++X509_F_X509_VERIFY_SM2:162:x509_verify_sm2
+ 
+ #Reason codes
+ ASN1_R_ADDING_OBJECT:171:adding object
+diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
+index 24b49a2..eb4cce4 100644
+--- a/crypto/objects/obj_dat.h
++++ b/crypto/objects/obj_dat.h
+@@ -2,7 +2,7 @@
+  * WARNING: do not edit!
+  * Generated by crypto/objects/obj_dat.pl
+  *
+- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
++ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+  * Licensed under the OpenSSL license (the "License").  You may not use
+  * this file except in compliance with the License.  You can obtain a copy
+  * in the file LICENSE in the source distribution or at
+@@ -10,7 +10,7 @@
+  */
+ 
+ /* Serialized OID's */
+-static const unsigned char so7762 = {
++static const unsigned char so7770 = {
+     0x2A,0x86,0x48,0x86,0xF7,0x0D,                 /*     0 OBJ_rsadsi */
+     0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,            /*     6 OBJ_pkcs */
+     0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02,       /*    13 OBJ_md2 */
+@@ -1076,9 +1076,10 @@ static const unsigned char so7762 = {
+     0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,0x04,  /*  7736 OBJ_id_tc26_gost_3410_2012_256_paramSetD */
+     0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0C,       /*  7745 OBJ_hmacWithSHA512_224 */
+     0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0D,       /*  7753 OBJ_hmacWithSHA512_256 */
++    0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x75,       /*  7761 OBJ_SM2_with_SM3 */

_service:tar_scm:Backport-Support-parsing-of-SM2-ID-in-hexdecimal.patch Added

@@ -0,0 +1,127 @@
+From 1d9e832e41858b13a96899d842afd183f1c66c48 Mon Sep 17 00:00:00 2001
+From: Paul Yang <kaishen.yy@antfin.com>
+Date: Tue, 30 Jul 2019 23:05:44 +0800
+Subject: PATCH 11/15 Support parsing of SM2 ID in hexdecimal
+
+The current EVP_PEKY_ctrl for SM2 has no capability of parsing an ID
+input in hexdecimal.
+
+The newly added ctrl string is called: sm2_hex_id
+
+Test cases and documentation are updated.
+
+Reviewed-by: Tim Hudson <tjh@openssl.org>
+Reviewed-by: Richard Levitte <levitte@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/9584)
+---
+ crypto/sm2/sm2_pmeth.c     | 19 +++++++++++++++++++
+ doc/man1/pkeyutl.pod       |  7 +++++++
+ include/openssl/ec.h       |  1 -
+ test/recipes/25-test_req.t | 15 +++++++++++++--
+ 4 files changed, 39 insertions(+), 3 deletions(-)
+
+diff --git a/crypto/sm2/sm2_pmeth.c b/crypto/sm2/sm2_pmeth.c
+index 837bdc1..9551d70 100644
+--- a/crypto/sm2/sm2_pmeth.c
++++ b/crypto/sm2/sm2_pmeth.c
+@@ -232,6 +232,10 @@ static int pkey_sm2_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+ static int pkey_sm2_ctrl_str(EVP_PKEY_CTX *ctx,
+                              const char *type, const char *value)
+ {
++    uint8_t *hex_id;
++    long hex_len = 0;
++    int ret = 0;
++
+     if (strcmp(type, "ec_paramgen_curve") == 0) {
+         int nid = NID_undef;
+ 
+@@ -255,6 +259,21 @@ static int pkey_sm2_ctrl_str(EVP_PKEY_CTX *ctx,
+     } else if (strcmp(type, "sm2_id") == 0) {
+         return pkey_sm2_ctrl(ctx, EVP_PKEY_CTRL_SET1_ID,
+                              (int)strlen(value), (void *)value);
++    } else if (strcmp(type, "sm2_hex_id") == 0) {
++        /*
++         * TODO(3.0): reconsider the name "sm2_hex_id", OR change
++         * OSSL_PARAM_construct_from_text() / OSSL_PARAM_allocate_from_text()
++         * to handle infix "_hex_"
++         */
++        hex_id = OPENSSL_hexstr2buf((const char *)value, &hex_len);
++        if (hex_id == NULL) {
++            SM2err(SM2_F_PKEY_SM2_CTRL_STR, ERR_R_PASSED_INVALID_ARGUMENT);
++            return 0;
++        }
++        ret = pkey_sm2_ctrl(ctx, EVP_PKEY_CTRL_SET1_ID, (int)hex_len,
++                            (void *)hex_id);
++        OPENSSL_free(hex_id);
++        return ret;
+     }
+ 
+     return -2;
+diff --git a/doc/man1/pkeyutl.pod b/doc/man1/pkeyutl.pod
+index f0f80af..1a742ab 100644
+--- a/doc/man1/pkeyutl.pod
++++ b/doc/man1/pkeyutl.pod
+@@ -329,6 +329,13 @@ This sets the ID string used in SM2 sign or verify operations. While verifying
+ an SM2 signature, the ID string must be the same one used when signing the data.
+ Otherwise the verification will fail.
+ 
++=item B<sm2_hex_id:hex_string>
++
++This sets the ID string used in SM2 sign or verify operations. While verifying
++an SM2 signature, the ID string must be the same one used when signing the data.
++Otherwise the verification will fail. The ID string provided with this option
++should be a valid hexadecimal value.
++
+ =back
+ 
+ =head1 EXAMPLES
+diff --git a/include/openssl/ec.h b/include/openssl/ec.h
+index 24baf53..e8c8869 100644
+--- a/include/openssl/ec.h
++++ b/include/openssl/ec.h
+@@ -1444,7 +1444,6 @@ void EC_KEY_METHOD_get_verify(const EC_KEY_METHOD *meth,
+ # define EVP_PKEY_CTX_set1_id(ctx, id, id_len) \
+         EVP_PKEY_CTX_ctrl(ctx, -1, -1, \
+                                 EVP_PKEY_CTRL_SET1_ID, (int)id_len, (void*)(id))
+-
+ # define EVP_PKEY_CTX_get1_id(ctx, id) \
+         EVP_PKEY_CTX_ctrl(ctx, -1, -1, \
+                                 EVP_PKEY_CTRL_GET1_ID, 0, (void*)(id))
+diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t
+index 8289959..d53e577 100644
+--- a/test/recipes/25-test_req.t
++++ b/test/recipes/25-test_req.t
+@@ -182,10 +182,10 @@ subtest "generating certificate requests" => sub {
+ };
+ 
+ subtest "generating SM2 certificate requests" => sub {
+-    plan tests => 2;
++    plan tests => 4;
+ 
+     SKIP: {
+-        skip "SM2 is not supported by this OpenSSL build", 2
++        skip "SM2 is not supported by this OpenSSL build", 4
+         if disabled("sm2");
+         ok(run(app("openssl", "req", "-config", srctop_file("test", "test.cnf"),
+                     "-new", "-key", srctop_file("test", "certs", "sm2.key"),
+@@ -197,6 +197,17 @@ subtest "generating SM2 certificate requests" => sub {
+                     "-verify", "-in", "testreq.pem", "-noout",
+                     "-sm2-id", "1234567812345678", "-sm3")),
+            "Verifying signature on SM2 certificate request");
++
++        ok(run(app("openssl", "req", "-config", srctop_file("test", "test.cnf"),
++                    "-new", "-key", srctop_file("test", "certs", "sm2.key"),
++                    "-sigopt", "sm2_hex_id:DEADBEEF",
++                    "-out", "testreq.pem", "-sm3")),
++           "Generating SM2 certificate request with hex id");
++
++        ok(run(app("openssl", "req", "-config", srctop_file("test", "test.cnf"),
++                    "-verify", "-in", "testreq.pem", "-noout",
++                    "-sm2-hex-id", "DEADBEEF", "-sm3")),
++           "Verifying signature on SM2 certificate request");
+     }
+ };
+ 
+-- 
+2.20.1 (Apple Git-117)
+

_service:tar_scm:Backport-Support-raw-input-data-in-apps-pkeyutl.patch Added

@@ -0,0 +1,482 @@
+From b14bf717ccb166cce13173a817106effb02f6c2e Mon Sep 17 00:00:00 2001
+From: Paul Yang <yang.yang@baishancloud.com>
+Date: Wed, 16 Jan 2019 16:16:28 +0800
+Subject: PATCH 01/15 Support raw input data in apps/pkeyutl
+
+Some signature algorithms require special treatment for digesting, such
+as SM2. This patch adds the ability of handling raw input data in
+apps/pkeyutl other than accepting only pre-hashed input data.
+
+Beside, SM2 requries an ID string when signing or verifying a piece of data,
+this patch also adds the ability for apps/pkeyutil to specify that ID
+string.
+
+Reviewed-by: Matt Caswell <matt@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/8186)
+---
+ apps/pkeyutl.c                 | 168 +++++++++++++++++++++++++++++----
+ crypto/sm2/sm2_pmeth.c         |   3 +
+ doc/man1/pkeyutl.pod           |  45 +++++++++
+ test/certs/sm2.crt             |  13 +++
+ test/certs/sm2.key             |   5 +
+ test/recipes/20-test_pkeyutl.t |  43 +++++++++
+ 6 files changed, 260 insertions(+), 17 deletions(-)
+ create mode 100644 test/certs/sm2.crt
+ create mode 100644 test/certs/sm2.key
+ create mode 100644 test/recipes/20-test_pkeyutl.t
+
+diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
+index 831e14d..bca0464 100644
+--- a/apps/pkeyutl.c
++++ b/apps/pkeyutl.c
+@@ -22,7 +22,7 @@
+ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
+                               const char *keyfile, int keyform, int key_type,
+                               char *passinarg, int pkey_op, ENGINE *e,
+-                              const int impl);
++                              const int impl, EVP_PKEY **ppkey);
+ 
+ static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file,
+                       ENGINE *e);
+@@ -31,6 +31,11 @@ static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
+                     unsigned char *out, size_t *poutlen,
+                     const unsigned char *in, size_t inlen);
+ 
++static int do_raw_keyop(int pkey_op, EVP_PKEY_CTX *ctx,
++                        const EVP_MD *md, EVP_PKEY *pkey, BIO *in,
++                        unsigned char *sig, int siglen,
++                        unsigned char **out, size_t *poutlen);
++
+ typedef enum OPTION_choice {
+     OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+     OPT_ENGINE, OPT_ENGINE_IMPL, OPT_IN, OPT_OUT,
+@@ -38,12 +43,15 @@ typedef enum OPTION_choice {
+     OPT_VERIFY, OPT_VERIFYRECOVER, OPT_REV, OPT_ENCRYPT, OPT_DECRYPT,
+     OPT_DERIVE, OPT_SIGFILE, OPT_INKEY, OPT_PEERKEY, OPT_PASSIN,
+     OPT_PEERFORM, OPT_KEYFORM, OPT_PKEYOPT, OPT_KDF, OPT_KDFLEN,
+-    OPT_R_ENUM
++    OPT_R_ENUM, OPT_RAWIN, OPT_DIGEST
+ } OPTION_CHOICE;
+ 
+ const OPTIONS pkeyutl_options = {
+     {"help", OPT_HELP, '-', "Display this summary"},
+     {"in", OPT_IN, '<', "Input file - default stdin"},
++    {"rawin", OPT_RAWIN, '-', "Indicate the input data is in raw form"},
++    {"digest", OPT_DIGEST, 's',
++     "Specify the digest algorithm when signing the raw input data"},
+     {"out", OPT_OUT, '>', "Output file - default stdout"},
+     {"pubin", OPT_PUBIN, '-', "Input is a public key"},
+     {"certin", OPT_CERTIN, '-', "Input is a cert with a public key"},
+@@ -80,6 +88,7 @@ int pkeyutl_main(int argc, char **argv)
+     BIO *in = NULL, *out = NULL;
+     ENGINE *e = NULL;
+     EVP_PKEY_CTX *ctx = NULL;
++    EVP_PKEY *pkey = NULL;
+     char *infile = NULL, *outfile = NULL, *sigfile = NULL, *passinarg = NULL;
+     char hexdump = 0, asn1parse = 0, rev = 0, *prog;
+     unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL;
+@@ -94,6 +103,8 @@ int pkeyutl_main(int argc, char **argv)
+     const char *kdfalg = NULL;
+     int kdflen = 0;
+     STACK_OF(OPENSSL_STRING) *pkeyopts = NULL;
++    int rawin = 0;
++    const EVP_MD *md = NULL;
+ 
+     prog = opt_init(argc, argv, pkeyutl_options);
+     while ((o = opt_next()) != OPT_EOF) {
+@@ -192,12 +203,39 @@ int pkeyutl_main(int argc, char **argv)
+                 goto end;
+             }
+             break;
++        case OPT_RAWIN:
++            rawin = 1;
++            break;
++        case OPT_DIGEST:
++            if (!opt_md(opt_arg(), &md))
++                goto end;
++            break;
+         }
+     }
+     argc = opt_num_rest();
+     if (argc != 0)
+         goto opthelp;
+ 
++    if (rawin && pkey_op != EVP_PKEY_OP_SIGN && pkey_op != EVP_PKEY_OP_VERIFY) {
++        BIO_printf(bio_err,
++                   "%s: -rawin can only be used with -sign or -verify\n",
++                   prog);
++        goto opthelp;
++    }
++
++    if (md != NULL && !rawin) {
++        BIO_printf(bio_err,
++                   "%s: -digest can only be used with -rawin\n",
++                   prog);
++        goto opthelp;
++    }
++
++    if (rawin && rev) {
++        BIO_printf(bio_err, "%s: -rev cannot be used with raw input\n",
++                   prog);
++        goto opthelp;
++    }
++
+     if (kdfalg != NULL) {
+         if (kdflen == 0) {
+             BIO_printf(bio_err,
+@@ -214,7 +252,7 @@ int pkeyutl_main(int argc, char **argv)
+         goto opthelp;
+     }
+     ctx = init_ctx(kdfalg, &keysize, inkey, keyform, key_type,
+-                   passinarg, pkey_op, e, engine_impl);
++                   passinarg, pkey_op, e, engine_impl, &pkey);
+     if (ctx == NULL) {
+         BIO_printf(bio_err, "%s: Error initializing context\n", prog);
+         ERR_print_errors(bio_err);
+@@ -277,7 +315,8 @@ int pkeyutl_main(int argc, char **argv)
+         }
+     }
+ 
+-    if (in != NULL) {
++    /* Raw input data is handled elsewhere */
++    if (in != NULL && !rawin) {
+         /* Read the input data */
+         buf_inlen = bio_to_mem(&buf_in, keysize * 10, in);
+         if (buf_inlen < 0) {
+@@ -296,8 +335,9 @@ int pkeyutl_main(int argc, char **argv)
+         }
+     }
+ 
+-    /* Sanity check the input */
+-    if (buf_inlen > EVP_MAX_MD_SIZE
++    /* Sanity check the input if the input is not raw */
++    if (!rawin
++            && buf_inlen > EVP_MAX_MD_SIZE
+             && (pkey_op == EVP_PKEY_OP_SIGN
+                 || pkey_op == EVP_PKEY_OP_VERIFY)) {
+         BIO_printf(bio_err,
+@@ -306,8 +346,13 @@ int pkeyutl_main(int argc, char **argv)
+     }
+ 
+     if (pkey_op == EVP_PKEY_OP_VERIFY) {
+-        rv = EVP_PKEY_verify(ctx, sig, (size_t)siglen,
+-                             buf_in, (size_t)buf_inlen);
++        if (rawin) {
++            rv = do_raw_keyop(pkey_op, ctx, md, pkey, in, sig, siglen,
++                              NULL, 0);
++        } else {
++            rv = EVP_PKEY_verify(ctx, sig, (size_t)siglen,
++                                 buf_in, (size_t)buf_inlen);
++        }
+         if (rv == 1) {
+             BIO_puts(out, "Signature Verified Successfully\n");
+             ret = 0;
+@@ -320,14 +365,20 @@ int pkeyutl_main(int argc, char **argv)
+         buf_outlen = kdflen;
+         rv = 1;
+     } else {
+-        rv = do_keyop(ctx, pkey_op, NULL, (size_t *)&buf_outlen,
+-                      buf_in, (size_t)buf_inlen);
+-    }
+-    if (rv > 0 && buf_outlen != 0) {
+-        buf_out = app_malloc(buf_outlen, "buffer output");
+-        rv = do_keyop(ctx, pkey_op,
+-                      buf_out, (size_t *)&buf_outlen,
+-                      buf_in, (size_t)buf_inlen);
++        if (rawin) {
++            /* rawin allocates the buffer in do_raw_keyop() */
++            rv = do_raw_keyop(pkey_op, ctx, md, pkey, in, NULL, 0,
++                              &buf_out, (size_t *)&buf_outlen);
++        } else {
++            rv = do_keyop(ctx, pkey_op, NULL, (size_t *)&buf_outlen,
++                          buf_in, (size_t)buf_inlen);
++            if (rv > 0 && buf_outlen != 0) {
++                buf_out = app_malloc(buf_outlen, "buffer output");
++                rv = do_keyop(ctx, pkey_op,
++                              buf_out, (size_t *)&buf_outlen,
++                              buf_in, (size_t)buf_inlen);
++            }
++        }

_service:tar_scm:Backport-Update-expired-SCT-certificates.patch Added

@@ -0,0 +1,191 @@
+From acb105a848fd0a282550f6132dc131575cc5a655 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Wed, 1 Jun 2022 12:47:44 +0200
+Subject: PATCH 14/15 Update expired SCT certificates
+
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
+(Merged from https://github.com/openssl/openssl/pull/18446)
+---
+ test/certs/embeddedSCTs1-key.pem        | 38 ++++++++++++++++---------
+ test/certs/embeddedSCTs1.pem            | 35 ++++++++++++-----------
+ test/certs/embeddedSCTs1.sct            | 12 ++++----
+ test/certs/embeddedSCTs1_issuer-key.pem | 15 ++++++++++
+ test/certs/embeddedSCTs1_issuer.pem     | 30 +++++++++----------
+ 5 files changed, 79 insertions(+), 51 deletions(-)
+ create mode 100644 test/certs/embeddedSCTs1_issuer-key.pem
+
+diff --git a/test/certs/embeddedSCTs1-key.pem b/test/certs/embeddedSCTs1-key.pem
+index e3e66d5..28dd206 100644
+--- a/test/certs/embeddedSCTs1-key.pem
++++ b/test/certs/embeddedSCTs1-key.pem
+@@ -1,15 +1,27 @@
+ -----BEGIN RSA PRIVATE KEY-----
+-MIICWwIBAAKBgQC+75jnwmh3rjhfdTJaDB0ym+3xj6r015a/BH634c4VyVui+A7k
+-WL19uG+KSyUhkaeb1wDDjpwDibRc1NyaEgqyHgy0HNDnKAWkEM2cW9tdSSdyba8X
+-EPYBhzd+olsaHjnu0LiBGdwVTcaPfajjDK8VijPmyVCfSgWwFAn/Xdh+tQIDAQAB
+-AoGAK/daG0vt6Fkqy/hdrtSJSKUVRoGRmS2nnba4Qzlwzh1+x2kdbMFuaOu2a37g
+-PvmeQclheKZ3EG1+Jb4yShwLcBCV6pkRJhOKuhvqGnjngr6uBH4gMCjpZVj7GDMf
+-flYHhdJCs3Cz/TY0wKN3o1Fldil2DHR/AEOc1nImeSp5/EUCQQDjKS3W957kYtTU
+-X5BeRjvg03Ug8tJq6IFuhTFvUJ+XQ5bAc0DmxAbQVKqRS7Wje59zTknVvS+MFdeQ
+-pz4dGuV7AkEA1y0X2yarIls+0A/S1uwkvwRTIkfS+QwFJ1zVya8sApRdKAcidIzA
+-b70hkKLilU9+LrXg5iZdFp8l752qJiw9jwJAXjItN/7mfH4fExGto+or2kbVQxxt
+-9LcFNPc2UJp2ExuL37HrL8YJrUnukOF8KJaSwBWuuFsC5GwKP4maUCdfEQJAUwBR
+-83c3DEmmMRvpeH4erpA8gTyzZN3+HvDwhpvLnjMcvBQEdnDUykVqbSBnxrCjO+Fs
+-n1qtDczWFVf8Cj2GgQJAQ14Awx32Cn9sF+3M+sEVtlAf6CqiEbkYeYdSCbsplMmZ
+-1UoaxiwXY3z+B7epsRnnPR3KaceAlAxw2/zQJMFNOQ==
++MIIEpQIBAAKCAQEAuIjpA4/iCpDA2mjywI5zG6IBX6bNcRQYDsB7Cv0VonNXtJBw
++XxMENP4jVpvEmWpJ5iMBknGHV+XWBkngYapczIsY4LGn6aMU6ySABBVQpNOQSRfT
++48xGGPR9mzOBG/yplmpFOVq1j+b65lskvAXKYaLFpFn3oY/pBSdcCNBP8LypVXAJ
++b3IqEXsBL/ErgHG9bgIRP8VxBAaryCz77kLzAXkfHL2LfSGIfNONyEKB3xI94S4L
++eouOSoWL1VkEfJs87vG4G5xoXw3KOHyiueQUUlMnu8p+Bx0xPVKPEsLje3R9k0rG
++a5ca7dXAn9UypKKp25x4NXpnjGX5txVEYfNvqQIDAQABAoIBAE0zqhh9Z5n3+Vbm
++tTht4CZdXqm/xQ9b0rzJNjDgtN5j1vuJuhlsgUQSVoJzZIqydvw7BPtZV8AkPagf
++3Cm/9lb0kpHegVsziRrfCFes+zIZ+LE7sMAKxADIuIvnvkoRKHnvN8rI8lCj16/r
++zbCD06mJSZp6sSj8ZgZr8wsU63zRGt1TeGM67uVW4agphfzuKGlXstPLsSMwknpF
++nxFS2TYbitxa9oH76oCpEk5fywYsYgUP4TdzOzfVAgMzNSu0FobvWl0CECB+G3RQ
++XQ5VWbYkFoj5XbE5kYz6sYHMQWL1NQpglUp+tAQ1T8Nca0CvbSpD77doRGm7UqYw
++ziVQKokCgYEA6BtHwzyD1PHdAYtOcy7djrpnIMaiisSxEtMhctoxg8Vr2ePEvMpZ
++S1ka8A1Pa9GzjaUk+VWKWsTf+VkmMHGtpB1sv8S7HjujlEmeQe7p8EltjstvLDmi
++BhAA7ixvZpXXjQV4GCVdUVu0na6gFGGueZb2FHEXB8j1amVwleJj2lcCgYEAy4f3
++2wXqJfz15+YdJPpG9BbH9d/plKJm5ID3p2ojAGo5qvVuIJMNJA4elcfHDwzCWVmn
++MtR/WwtxYVVmy1BAnmk6HPSYc3CStvv1800vqN3fyJWtZ1P+8WBVZWZzIQdjdiaU
++JSRevPnjQGc+SAZQQIk1yVclbz5790yuXsdIxf8CgYEApqlABC5lsvfga4Vt1UMn
++j57FAkHe4KmPRCcZ83A88ZNGd/QWhkD9kR7wOsIz7wVqWiDkxavoZnjLIi4jP9HA
++jwEZ3zER8wl70bRy0IEOtZzj8A6fSzAu6Q+Au4RokU6yse3lZ+EcepjQvhBvnXLu
++ZxxAojj6AnsHzVf9WYJvlI0CgYEAoATIw/TEgRV/KNHs/BOiEWqP0Co5dVix2Nnk
++3EVAO6VIrbbE3OuAm2ZWeaBWSujXLHSmVfpoHubCP6prZVI1W9aTkAxmh+xsDV3P
++o3h+DiBTP1seuGx7tr7spQqFXeR3OH9gXktYCO/W0d3aQ7pjAjpehWv0zJ+ty2MI
++fQ/lkXUCgYEAgbP+P5UmY7Fqm/mi6TprEJ/eYktji4Ne11GDKGFQCfjF5RdKhdw1
++5+elGhZes+cpzu5Ak6zBDu4bviT+tRTWJu5lVLEzlHHv4nAU7Ks5Aj67ApH21AnP
++RtlATdhWOt5Dkdq1WSpDfz5bvWgvyBx9D66dSmQdbKKe2dH327eQll4=
+ -----END RSA PRIVATE KEY-----
+diff --git a/test/certs/embeddedSCTs1.pem b/test/certs/embeddedSCTs1.pem
+index d1e8512..d2a111f 100644
+--- a/test/certs/embeddedSCTs1.pem
++++ b/test/certs/embeddedSCTs1.pem
+@@ -1,20 +1,21 @@
+ -----BEGIN CERTIFICATE-----
+-MIIDWTCCAsKgAwIBAgIBBzANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJHQjEk
++MIIDeDCCAuGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJHQjEk
+ MCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4wDAYDVQQIEwVX
+-YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAeFw0xMjA2MDEwMDAwMDBaFw0yMjA2MDEw
+-MDAwMDBaMFIxCzAJBgNVBAYTAkdCMSEwHwYDVQQKExhDZXJ0aWZpY2F0ZSBUcmFu
+-c3BhcmVuY3kxDjAMBgNVBAgTBVdhbGVzMRAwDgYDVQQHEwdFcncgV2VuMIGfMA0G
+-CSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+75jnwmh3rjhfdTJaDB0ym+3xj6r015a/
+-BH634c4VyVui+A7kWL19uG+KSyUhkaeb1wDDjpwDibRc1NyaEgqyHgy0HNDnKAWk
+-EM2cW9tdSSdyba8XEPYBhzd+olsaHjnu0LiBGdwVTcaPfajjDK8VijPmyVCfSgWw
+-FAn/Xdh+tQIDAQABo4IBOjCCATYwHQYDVR0OBBYEFCAxVBryXAX/2GWLaEN5T16Q
+-Nve0MH0GA1UdIwR2MHSAFF+diA3Ic+ZU1PgN2OawwSS0R8NVoVmkVzBVMQswCQYD
+-VQQGEwJHQjEkMCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4w
+-DAYDVQQIEwVXYWxlczEQMA4GA1UEBxMHRXJ3IFdlboIBADAJBgNVHRMEAjAAMIGK
+-BgorBgEEAdZ5AgQCBHwEegB4AHYA3xwuwRUAlFJHqWFoMl3cXHlZ6PfG04j8AC4L
+-vT9012QAAAE92yffkwAABAMARzBFAiBIL2dRrzXbplQ2vh/WZA89v5pBQpSVkkUw
+-KI+j5eI+BgIhAOTtwNs6xXKx4vXoq2poBlOYfc9BAn3+/6EFUZ2J7b8IMA0GCSqG
+-SIb3DQEBBQUAA4GBAIoMS+8JnUeSea+goo5on5HhxEIb4tJpoupspOghXd7dyhUE
+-oR58h8S3foDw6XkDUmjyfKIOFmgErlVvMWmB+Wo5Srer/T4lWsAERRP+dlcMZ5Wr
+-5HAxM9MD+J86+mu8/FFzGd/ZW5NCQSEfY0A1w9B4MHpoxgdaLiDInza4kQyg
++YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAgFw0yMDAxMjUxMTUwMTNaGA8yMTIwMDEy
++NjExNTAxM1owGTEXMBUGA1UEAwwOc2VydmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3
++DQEBAQUAA4IBDwAwggEKAoIBAQC4iOkDj+IKkMDaaPLAjnMbogFfps1xFBgOwHsK
++/RWic1e0kHBfEwQ0/iNWm8SZaknmIwGScYdX5dYGSeBhqlzMixjgsafpoxTrJIAE
++FVCk05BJF9PjzEYY9H2bM4Eb/KmWakU5WrWP5vrmWyS8BcphosWkWfehj+kFJ1wI
++0E/wvKlVcAlvcioRewEv8SuAcb1uAhE/xXEEBqvILPvuQvMBeR8cvYt9IYh8043I
++QoHfEj3hLgt6i45KhYvVWQR8mzzu8bgbnGhfDco4fKK55BRSUye7yn4HHTE9Uo8S
++wuN7dH2TSsZrlxrt1cCf1TKkoqnbnHg1emeMZfm3FURh82+pAgMBAAGjggEMMIIB
++CDAdBgNVHQ4EFgQUtMa8XD5ylrF9AqCdnPEhXa63H2owHwYDVR0jBBgwFoAUX52I
++Dchz5lTU+A3Y5rDBJLRHw1UwCQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcD
++ATCBigYKKwYBBAHWeQIEAgR8BHoAeAB2AN8cLsEVAJRSR6lhaDJd3Fx5Wej3xtOI
++/AAuC70/dNdkAAABb15m6AAAAAQDAEcwRQIgfDPo8RArm/vcSEZ608Q1u+XQ55QB
++u67SZEuZxLpbUM0CIQDRsgcTud4PDy8Cgg+lHeAS7UxgSKBbWAznYOuorwNewzAZ
++BgNVHREEEjAQgg5zZXJ2ZXIuZXhhbXBsZTANBgkqhkiG9w0BAQsFAAOBgQCWFKKR
++RNkDRzB25NK07OLkbzebhnpKtbP4i3blRx1HAvTSamf/3uuHI7kfiPJorJymJpT1
++IuJvSVKyMu1qONWBimiBfiyGL7+le1izHEJIP5lVTbddfzSIBIvrlHHcWIOL3H+W
++YT6yTEIzJuO07Xp61qnB1CE2TrinUWlyC46Zkw==
+ -----END CERTIFICATE-----
+diff --git a/test/certs/embeddedSCTs1.sct b/test/certs/embeddedSCTs1.sct
+index 59362dc..35c9eb9 100644
+--- a/test/certs/embeddedSCTs1.sct
++++ b/test/certs/embeddedSCTs1.sct
+@@ -2,11 +2,11 @@ Signed Certificate Timestamp:
+     Version   : v1 (0x0)
+     Log ID    : DF:1C:2E:C1:15:00:94:52:47:A9:61:68:32:5D:DC:5C:
+                 79:59:E8:F7:C6:D3:88:FC:00:2E:0B:BD:3F:74:D7:64
+-    Timestamp : Apr  5 17:04:16.275 2013 GMT
++    Timestamp : Jan  1 00:00:00.000 2020 GMT
+     Extensions: none
+     Signature : ecdsa-with-SHA256
+-                30:45:02:20:48:2F:67:51:AF:35:DB:A6:54:36:BE:1F:
+-                D6:64:0F:3D:BF:9A:41:42:94:95:92:45:30:28:8F:A3:
+-                E5:E2:3E:06:02:21:00:E4:ED:C0:DB:3A:C5:72:B1:E2:
+-                F5:E8:AB:6A:68:06:53:98:7D:CF:41:02:7D:FE:FF:A1:
+-                05:51:9D:89:ED:BF:08
+\ No newline at end of file
++                30:45:02:20:7C:33:E8:F1:10:2B:9B:FB:DC:48:46:7A:
++                D3:C4:35:BB:E5:D0:E7:94:01:BB:AE:D2:64:4B:99:C4:
++                BA:5B:50:CD:02:21:00:D1:B2:07:13:B9:DE:0F:0F:2F:
++                02:82:0F:A5:1D:E0:12:ED:4C:60:48:A0:5B:58:0C:E7:
++                60:EB:A8:AF:03:5E:C3
+\ No newline at end of file
+diff --git a/test/certs/embeddedSCTs1_issuer-key.pem b/test/certs/embeddedSCTs1_issuer-key.pem
+new file mode 100644
+index 0000000..9326e38
+--- /dev/null
++++ b/test/certs/embeddedSCTs1_issuer-key.pem
+@@ -0,0 +1,15 @@
++-----BEGIN RSA PRIVATE KEY-----
++MIICXAIBAAKBgQDVimhTYhCicRmTbneDIRgcKkATxtB7jHbrkVfT0PtLO1FuzsvR
++yY2RxS90P6tjXVUJnNE6uvMa5UFEJFGnTHgW8iQ8+EjPKDHM5nugSlojgZ88ujfm
++JNnDvbKZuDnd/iYx0ss6hPx7srXFL8/BT/9Ab1zURmnLsvfP34b7arnRsQIDAQAB
++AoGAJLR6xEJp+5IXRFlLn7WTkFvO0ddtxJ7bXhiIkTctyruyfqp7LF9Jv1G2m3PK
++QPUtBc73w/GYkfnwIwdfJbOmPHL7XyEGHZYmEXgIgEtw6LXvAv0G5JpUnNwsSBfL
++GfSQqI5Z5ytyzlJXkMcTGA2kTgNAYc73h4EnU+pwUnDPdAECQQD2aj+4LtYk1XPq
++r3gjgI6MoGvgYJfPmAtZhxxVbhXQKciFUCAcBiwlQdHIdLWE9j65ctmZRWidKifr
++4O4nz+TBAkEA3djNW/rTQq5fKZy+mCF1WYnIU/3yhJaptzRqLm7AHqe7+hdrGXJw
+++mCtU8T3L/Ms8bH1yFBZhmkp1PbR8gl48QJAQo70YyWThiN5yfxXcQ96cZWrTdIJ
++b3NcLXSHPLQdhDqlBQ1dfvRT3ERpC8IqfZ2d162kBPhwh3MpkVcSPQK0gQJAC/dY
++xGBYKt2a9nSk9zG+0bCT5Kvq++ngh6hFHfINXNnxUsEWns3EeEzkrIMQTj7QqszN
++lBt5aL2dawZRNrv6EQJBAOo4STF9KEwQG0HLC/ryh1FeB0OBA5yIepXze+eJVKei
++T0cCECOQJKfWHEzYJYDJhyEFF/sYp9TXwKSDjOifrsU=
++-----END RSA PRIVATE KEY-----
+diff --git a/test/certs/embeddedSCTs1_issuer.pem b/test/certs/embeddedSCTs1_issuer.pem
+index 1fa449d..6aa9455 100644
+--- a/test/certs/embeddedSCTs1_issuer.pem
++++ b/test/certs/embeddedSCTs1_issuer.pem
+@@ -1,18 +1,18 @@
+ -----BEGIN CERTIFICATE-----
+-MIIC0DCCAjmgAwIBAgIBADANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJHQjEk
++MIIC0jCCAjugAwIBAgIBADANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJHQjEk
+ MCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4wDAYDVQQIEwVX
+-YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAeFw0xMjA2MDEwMDAwMDBaFw0yMjA2MDEw
+-MDAwMDBaMFUxCzAJBgNVBAYTAkdCMSQwIgYDVQQKExtDZXJ0aWZpY2F0ZSBUcmFu
+-c3BhcmVuY3kgQ0ExDjAMBgNVBAgTBVdhbGVzMRAwDgYDVQQHEwdFcncgV2VuMIGf
+-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVimhTYhCicRmTbneDIRgcKkATxtB7
+-jHbrkVfT0PtLO1FuzsvRyY2RxS90P6tjXVUJnNE6uvMa5UFEJFGnTHgW8iQ8+EjP
+-KDHM5nugSlojgZ88ujfmJNnDvbKZuDnd/iYx0ss6hPx7srXFL8/BT/9Ab1zURmnL
+-svfP34b7arnRsQIDAQABo4GvMIGsMB0GA1UdDgQWBBRfnYgNyHPmVNT4DdjmsMEk
+-tEfDVTB9BgNVHSMEdjB0gBRfnYgNyHPmVNT4DdjmsMEktEfDVaFZpFcwVTELMAkG
+-A1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRyYW5zcGFyZW5jeSBDQTEO
+-MAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW6CAQAwDAYDVR0TBAUwAwEB
+-/zANBgkqhkiG9w0BAQUFAAOBgQAGCMxKbWTyIF4UbASydvkrDvqUpdryOvw4BmBt
+-OZDQoeojPUApV2lGOwRmYef6HReZFSCa6i4Kd1F2QRIn18ADB8dHDmFYT9czQiRy
+-f1HWkLxHqd81TbD26yWVXeGJPE3VICskovPkQNJ0tU4b03YmnKliibduyqQQkOFP
+-OwqULg==
++YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAgFw0yMjA2MDExMDM4MDJaGA8yMTIyMDUw
++ODEwMzgwMlowVTELMAkGA1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRy
++YW5zcGFyZW5jeSBDQTEOMAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW4w
++gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANWKaFNiEKJxGZNud4MhGBwqQBPG
++0HuMduuRV9PQ+0s7UW7Oy9HJjZHFL3Q/q2NdVQmc0Tq68xrlQUQkUadMeBbyJDz4
++SM8oMczme6BKWiOBnzy6N+Yk2cO9spm4Od3+JjHSyzqE/HuytcUvz8FP/0BvXNRG
++acuy98/fhvtqudGxAgMBAAGjga8wgawwHQYDVR0OBBYEFF+diA3Ic+ZU1PgN2Oaw
++wSS0R8NVMH0GA1UdIwR2MHSAFF+diA3Ic+ZU1PgN2OawwSS0R8NVoVmkVzBVMQsw
++CQYDVQQGEwJHQjEkMCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENB
++MQ4wDAYDVQQIEwVXYWxlczEQMA4GA1UEBxMHRXJ3IFdlboIBADAMBgNVHRMEBTAD
++AQH/MA0GCSqGSIb3DQEBCwUAA4GBAD0aYh9OkFYfXV7kBfhrtD0PJG2U47OV/1qq
+++uFpqB0S1WO06eJT0pzYf1ebUcxjBkajbJZm/FHT85VthZ1lFHsky87aFD8XlJCo
++2IOhKOkvvWKPUdFLoO/ZVXqEVKkcsS1eXK1glFvb07eJZya3JVG0KdMhV2YoDg6c
++Doud4XrO
+ -----END CERTIFICATE-----
+-- 
+2.20.1 (Apple Git-117)
+

_service:tar_scm:Backport-ct_test.c-Update-the-epoch-time.patch Added

@@ -0,0 +1,28 @@
+From 7dbefac7fa259eee188017f6dbcfd11376fe6345 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Wed, 1 Jun 2022 13:06:46 +0200
+Subject: PATCH 15/15 ct_test.c: Update the epoch time
+
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
+(Merged from https://github.com/openssl/openssl/pull/18446)
+---
+ test/ct_test.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/test/ct_test.c b/test/ct_test.c
+index 78d11ca..535897d 100644
+--- a/test/ct_test.c
++++ b/test/ct_test.c
+@@ -63,7 +63,7 @@ static CT_TEST_FIXTURE *set_up(const char *const test_case_name)
+     if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture))))
+         goto end;
+     fixture->test_case_name = test_case_name;
+-    fixture->epoch_time_in_ms = 1473269626000ULL; /* Sep 7 17:33:46 2016 GMT */
++    fixture->epoch_time_in_ms = 1580335307000ULL; /* Wed 29 Jan 2020 10:01:47 PM UTC */
+     if (!TEST_ptr(fixture->ctlog_store = CTLOG_STORE_new())
+             || !TEST_int_eq(
+                     CTLOG_STORE_load_default_file(fixture->ctlog_store), 1))
+-- 
+2.20.1 (Apple Git-117)
+

_service:tar_scm:CVE-2022-0778-Add-a-negative-testcase-for-BN_mod_sqrt.patch Added

@@ -0,0 +1,58 @@
+From 3ef5c3034e5c545f34d6929568f3f2b10ac4bdf0 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Mon, 28 Feb 2022 18:26:35 +0100
+Subject: PATCH Add a negative testcase for BN_mod_sqrt
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+---
+ test/bntest.c                          | 11 ++++++++++-
+ test/recipes/10-test_bn_data/bnmod.txt | 12 ++++++++++++
+ 2 files changed, 22 insertions(+), 1 deletion(-)
+
+diff --git a/test/bntest.c b/test/bntest.c
+index 390dd80073..1cab660bca 100644
+--- a/test/bntest.c
++++ b/test/bntest.c
+@@ -1729,8 +1729,17 @@ static int file_modsqrt(STANZA *s)
+             || !TEST_ptr(ret2 = BN_new()))
+         goto err;
+ 
++    if (BN_is_negative(mod_sqrt)) {
++        /* A negative testcase */
++        if (!TEST_ptr_null(BN_mod_sqrt(ret, a, p, ctx)))
++            goto err;
++
++        st = 1;
++        goto err;
++    }
++
+     /* There are two possible answers. */
+-    if (!TEST_true(BN_mod_sqrt(ret, a, p, ctx))
++    if (!TEST_ptr(BN_mod_sqrt(ret, a, p, ctx))
+             || !TEST_true(BN_sub(ret2, p, ret)))
+         goto err;
+ 
+diff --git a/test/recipes/10-test_bn_data/bnmod.txt b/test/recipes/10-test_bn_data/bnmod.txt
+index 5ea4d031f2..e28cc6bfb0 100644
+--- a/test/recipes/10-test_bn_data/bnmod.txt
++++ b/test/recipes/10-test_bn_data/bnmod.txt
+@@ -2799,3 +2799,15 @@ P = 9df9d6cc20b8540411af4e5357ef2b0353cb1f2ab5ffc3e246b41c32f71e951f
+ ModSqrt = a1d52989f12f204d3d2167d9b1e6c8a6174c0c786a979a5952383b7b8bd186
+ A = 2eee37cf06228a387788188e650bc6d8a2ff402931443f69156a29155eca07dcb45f3aac238d92943c0c25c896098716baa433f25bd696a142f5a69d5d937e81
+ P = 9df9d6cc20b8540411af4e5357ef2b0353cb1f2ab5ffc3e246b41c32f71e951f
++
++# Negative testcases for BN_mod_sqrt()
++
++# This one triggers an infinite loop with unfixed implementation
++# It should just fail.
++ModSqrt = -1
++A = 20a7ee
++P = 460201
++
++ModSqrt = -1
++A = 65bebdb00a96fc814ec44b81f98b59fba3c30203928fa5214c51e0a97091645280c947b005847f239758482b9bfc45b066fde340d1fe32fc9c1bf02e1b2d0ed
++P = 9df9d6cc20b8540411af4e5357ef2b0353cb1f2ab5ffc3e246b41c32f71e951f
+-- 
+2.27.0
+

_service:tar_scm:CVE-2022-0778-Fix-possible-infinite-loop-in-BN_mod_sqrt.patch Added

@@ -0,0 +1,69 @@
+From 3118eb64934499d93db3230748a452351d1d9a65 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Mon, 28 Feb 2022 18:26:21 +0100
+Subject: PATCH Fix possible infinite loop in BN_mod_sqrt()
+
+The calculation in some cases does not finish for non-prime p.
+
+This fixes CVE-2022-0778.
+
+Based on patch by David Benjamin <davidben@google.com>.
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+---
+ crypto/bn/bn_sqrt.c | 30 ++++++++++++++++++------------
+ 1 file changed, 18 insertions(+), 12 deletions(-)
+
+diff --git a/crypto/bn/bn_sqrt.c b/crypto/bn/bn_sqrt.c
+index 1723d5ded5..53b0f55985 100644
+--- a/crypto/bn/bn_sqrt.c
++++ b/crypto/bn/bn_sqrt.c
+@@ -14,7 +14,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+ /*
+  * Returns 'ret' such that ret^2 == a (mod p), using the Tonelli/Shanks
+  * algorithm (cf. Henri Cohen, "A Course in Algebraic Computational Number
+- * Theory", algorithm 1.5.1). 'p' must be prime!
++ * Theory", algorithm 1.5.1). 'p' must be prime, otherwise an error or
++ * an incorrect "result" will be returned.
+  */
+ {
+     BIGNUM *ret = in;
+@@ -301,18 +302,23 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+             goto vrfy;
+         }
+ 
+-        /* find smallest  i  such that  b^(2^i) = 1 */
+-        i = 1;
+-        if (!BN_mod_sqr(t, b, p, ctx))
+-            goto end;
+-        while (!BN_is_one(t)) {
+-            i++;
+-            if (i == e) {
+-                BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);
+-                goto end;
++        /* Find the smallest i, 0 < i < e, such that b^(2^i) = 1. */
++        for (i = 1; i < e; i++) {
++            if (i == 1) {
++                if (!BN_mod_sqr(t, b, p, ctx))
++                    goto end;
++
++            } else {
++                if (!BN_mod_mul(t, t, t, p, ctx))
++                    goto end;
+             }
+-            if (!BN_mod_mul(t, t, t, p, ctx))
+-                goto end;
++            if (BN_is_one(t))
++                break;
++        }
++        /* If not found, a is not a square or p is not prime. */
++        if (i >= e) {
++            BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);
++            goto end;
+         }
+ 
+         /* t := y^2^(e - i - 1) */
+-- 
+2.27.0
+

_service:tar_scm:CVE-2022-1292.patch Added

@@ -0,0 +1,76 @@
+From e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Tue, 26 Apr 2022 12:40:24 +0200
+Subject: PATCH c_rehash: Do not use shell to invoke openssl
+
+Except on VMS where it is safe.
+
+This fixes CVE-2022-1292.
+
+Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+---
+ tools/c_rehash.in | 29 +++++++++++++++++++++++++----
+ 1 file changed, 25 insertions(+), 4 deletions(-)
+
+diff --git a/tools/c_rehash.in b/tools/c_rehash.in
+index fa7c6c9..83c1cc8 100644
+--- a/tools/c_rehash.in
++++ b/tools/c_rehash.in
+@@ -152,6 +152,23 @@ sub check_file {
+ 	return ($is_cert, $is_crl);
+ }
+ 
++sub compute_hash {
++    my $fh;
++    if ( $^O eq "VMS" ) {
++        # VMS uses the open through shell
++        # The file names are safe there and list form is unsupported
++        if (!open($fh, "-|", join(' ', @_))) {
++            print STDERR "Cannot compute hash on '$fname'\n";
++            return;
++        }
++    } else {
++        if (!open($fh, "-|", @_)) {
++            print STDERR "Cannot compute hash on '$fname'\n";
++            return;
++        }
++    }
++    return (<$fh>, <$fh>);
++}
+ 
+ # Link a certificate to its subject name hash value, each hash is of
+ # the form <hash>.<n> where n is an integer. If the hash value already exists
+@@ -161,10 +178,12 @@ sub check_file {
+ 
+ sub link_hash_cert {
+ 		my $fname = $_0;
+-		$fname =~ s/\"/\\\"/g;
+-		my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`;
++		my ($hash, $fprint) = compute_hash($openssl, "x509", $x509hash,
++						   "-fingerprint", "-noout",
++						   "-in", $fname);
+ 		chomp $hash;
+ 		chomp $fprint;
++		return if !$hash;
+ 		$fprint =~ s/^.*=//;
+ 		$fprint =~ tr/://d;
+ 		my $suffix = 0;
+@@ -202,10 +221,12 @@ sub link_hash_cert {
+ 
+ sub link_hash_crl {
+ 		my $fname = $_0;
+-		$fname =~ s/'/'\\''/g;
+-		my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`;
++		my ($hash, $fprint) = compute_hash($openssl, "crl", $crlhash,
++						   "-fingerprint", "-noout",
++						   "-in", $fname);
+ 		chomp $hash;
+ 		chomp $fprint;
++		return if !$hash;
+ 		$fprint =~ s/^.*=//;
+ 		$fprint =~ tr/://d;
+ 		my $suffix = 0;
+-- 
+1.8.3.1
+

_service:tar_scm:CVE-2022-2068-Fix-file-operations-in-c_rehash.patch Added

@@ -0,0 +1,257 @@
+From 9639817dac8bbbaa64d09efad7464ccc405527c7 Mon Sep 17 00:00:00 2001
+From: Daniel Fiala <daniel@openssl.org>
+Date: Sun, 29 May 2022 20:11:24 +0200
+Subject: PATCH Fix file operations in c_rehash.
+
+CVE-2022-2068
+
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Richard Levitte <levitte@openssl.org>
+---
+ tools/c_rehash.in | 216 +++++++++++++++++++++++++++---------------------------
+ 1 file changed, 107 insertions(+), 109 deletions(-)
+
+diff --git a/tools/c_rehash.in b/tools/c_rehash.in
+index cfd18f5..9d2a6f6 100644
+--- a/tools/c_rehash.in
++++ b/tools/c_rehash.in
+@@ -104,52 +104,78 @@ foreach (@dirlist) {
+ }
+ exit($errorcount);
+ 
++sub copy_file {
++    my ($src_fname, $dst_fname) = @_;
++
++    if (open(my $in, "<", $src_fname)) {
++        if (open(my $out, ">", $dst_fname)) {
++            print $out $_ while (<$in>);
++            close $out;
++        } else {
++            warn "Cannot open $dst_fname for write, $!";
++        }
++        close $in;
++    } else {
++        warn "Cannot open $src_fname for read, $!";
++    }
++}
++
+ sub hash_dir {
+-	my %hashlist;
+-	print "Doing $_0\n";
+-	chdir $_0;
+-	opendir(DIR, ".");
+-	my @flist = sort readdir(DIR);
+-	closedir DIR;
+-	if ( $removelinks ) {
+-		# Delete any existing symbolic links
+-		foreach (grep {/^\da-f+\.r{0,1}\d+$/} @flist) {
+-			if (-l $_) {
+-				print "unlink $_" if $verbose;
+-				unlink $_ || warn "Can't unlink $_, $!\n";
+-			}
+-		}
+-	}
+-	FILE: foreach $fname (grep {/\.(pem)|(crt)|(cer)|(crl)$/} @flist) {
+-		# Check to see if certificates and/or CRLs present.
+-		my ($cert, $crl) = check_file($fname);
+-		if (!$cert && !$crl) {
+-			print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n";
+-			next;
+-		}
+-		link_hash_cert($fname) if ($cert);
+-		link_hash_crl($fname) if ($crl);
+-	}
++    my $dir = shift;
++    my %hashlist;
++
++    print "Doing $dir\n";
++
++    if (!chdir $dir) {
++        print STDERR "WARNING: Cannot chdir to '$dir', $!\n";
++        return;
++    }
++
++    opendir(DIR, ".") || print STDERR "WARNING: Cannot opendir '.', $!\n";
++    my @flist = sort readdir(DIR);
++    closedir DIR;
++    if ( $removelinks ) {
++        # Delete any existing symbolic links
++        foreach (grep {/^\da-f+\.r{0,1}\d+$/} @flist) {
++            if (-l $_) {
++                print "unlink $_\n" if $verbose;
++                unlink $_ || warn "Can't unlink $_, $!\n";
++            }
++        }
++    }
++    FILE: foreach $fname (grep {/\.(pem)|(crt)|(cer)|(crl)$/} @flist) {
++        # Check to see if certificates and/or CRLs present.
++        my ($cert, $crl) = check_file($fname);
++        if (!$cert && !$crl) {
++            print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n";
++            next;
++        }
++        link_hash_cert($fname) if ($cert);
++        link_hash_crl($fname) if ($crl);
++    }
++
++    chdir $pwd;
+ }
+ 
+ sub check_file {
+-	my ($is_cert, $is_crl) = (0,0);
+-	my $fname = $_0;
+-	open IN, $fname;
+-	while(<IN>) {
+-		if (/^-----BEGIN (.*)-----/) {
+-			my $hdr = $1;
+-			if ($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) {
+-				$is_cert = 1;
+-				last if ($is_crl);
+-			} elsif ($hdr eq "X509 CRL") {
+-				$is_crl = 1;
+-				last if ($is_cert);
+-			}
+-		}
+-	}
+-	close IN;
+-	return ($is_cert, $is_crl);
++    my ($is_cert, $is_crl) = (0,0);
++    my $fname = $_0;
++
++    open(my $in, "<", $fname);
++    while(<$in>) {
++        if (/^-----BEGIN (.*)-----/) {
++            my $hdr = $1;
++            if ($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) {
++                $is_cert = 1;
++                last if ($is_crl);
++            } elsif ($hdr eq "X509 CRL") {
++                $is_crl = 1;
++                last if ($is_cert);
++            }
++        }
++    }
++    close $in;
++    return ($is_cert, $is_crl);
+ }
+ 
+ sub compute_hash {
+@@ -177,76 +203,48 @@ sub compute_hash {
+ # certificate fingerprints
+ 
+ sub link_hash_cert {
+-		my $fname = $_0;
+-		my ($hash, $fprint) = compute_hash($openssl, "x509", $x509hash,
+-						   "-fingerprint", "-noout",
+-						   "-in", $fname);
+-		chomp $hash;
+-		chomp $fprint;
+-		return if !$hash;
+-		$fprint =~ s/^.*=//;
+-		$fprint =~ tr/://d;
+-		my $suffix = 0;
+-		# Search for an unused hash filename
+-		while(exists $hashlist{"$hash.$suffix"}) {
+-			# Hash matches: if fingerprint matches its a duplicate cert
+-			if ($hashlist{"$hash.$suffix"} eq $fprint) {
+-				print STDERR "WARNING: Skipping duplicate certificate $fname\n";
+-				return;
+-			}
+-			$suffix++;
+-		}
+-		$hash .= ".$suffix";
+-		if ($symlink_exists) {
+-			print "link $fname -> $hash\n" if $verbose;
+-			symlink $fname, $hash || warn "Can't symlink, $!";
+-		} else {
+-			print "copy $fname -> $hash\n" if $verbose;
+-                        if (open($in, "<", $fname)) {
+-                            if (open($out,">", $hash)) {
+-                                print $out $_ while (<$in>);
+-                                close $out;
+-                            } else {
+-                                warn "can't open $hash for write, $!";
+-                            }
+-                            close $in;
+-                        } else {
+-                            warn "can't open $fname for read, $!";
+-                        }
+-		}
+-		$hashlist{$hash} = $fprint;
++    link_hash($_0, 'cert');
+ }
+ 
+ # Same as above except for a CRL. CRL links are of the form <hash>.r<n>
+ 
+ sub link_hash_crl {
+-		my $fname = $_0;
+-		my ($hash, $fprint) = compute_hash($openssl, "crl", $crlhash,
+-						   "-fingerprint", "-noout",
+-						   "-in", $fname);
+-		chomp $hash;
+-		chomp $fprint;
+-		return if !$hash;
+-		$fprint =~ s/^.*=//;
+-		$fprint =~ tr/://d;
+-		my $suffix = 0;
+-		# Search for an unused hash filename
+-		while(exists $hashlist{"$hash.r$suffix"}) {
+-			# Hash matches: if fingerprint matches its a duplicate cert

_service:tar_scm:CVE-2022-2097-Fix-AES-OCB-encrypt-decrypt-for-x86-AES-NI.patch Added

@@ -0,0 +1,73 @@
+From 919925673d6c9cfed3c1085497f5dfbbed5fc431 Mon Sep 17 00:00:00 2001
+From: Alex Chernyakhovsky <achernya@google.com>
+Date: Thu, 16 Jun 2022 12:00:22 +1000
+Subject: PATCH Fix AES OCB encrypt/decrypt for x86 AES-NI
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+aesni_ocb_encrypt and aesni_ocb_decrypt operate by having a fast-path
+that performs operations on 6 16-byte blocks concurrently (the
+"grandloop") and then proceeds to handle the "short" tail (which can
+be anywhere from 0 to 5 blocks) that remain.
+
+As part of initialization, the assembly initializes $len to the true
+length, less 96 bytes and converts it to a pointer so that the $inp
+can be compared to it. Each iteration of "grandloop" checks to see if
+there's a full 96-byte chunk to process, and if so, continues. Once
+this has been exhausted, it falls through to "short", which handles
+the remaining zero to five blocks.
+
+Unfortunately, the jump at the end of "grandloop" had a fencepost
+error, doing a `jb` ("jump below") rather than `jbe` (jump below or
+equal). This should be `jbe`, as $inp is pointing to the *end* of the
+chunk currently being handled. If $inp == $len, that means that
+there's a whole 96-byte chunk waiting to be handled. If $inp > $len,
+then there's 5 or fewer 16-byte blocks left to be handled, and the
+fall-through is intended.
+
+The net effect of `jb` instead of `jbe` is that the last 16-byte block
+of the last 96-byte chunk was completely omitted. The contents of
+`out` in this position were never written to. Additionally, since
+those bytes were never processed, the authentication tag generated is
+also incorrect.
+
+The same fencepost error, and identical logic, exists in both
+aesni_ocb_encrypt and aesni_ocb_decrypt.
+
+This addresses CVE-2022-2097.
+
+Co-authored-by: Alejandro Sedeño <asedeno@google.com>
+Co-authored-by: David Benjamin <davidben@google.com>
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+---
+ crypto/aes/asm/aesni-x86.pl | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/crypto/aes/asm/aesni-x86.pl b/crypto/aes/asm/aesni-x86.pl
+index fe2b265..812758e 100644
+--- a/crypto/aes/asm/aesni-x86.pl
++++ b/crypto/aes/asm/aesni-x86.pl
+@@ -2027,7 +2027,7 @@ my ($l_,$block,$i1,$i3,$i5) = ($rounds_,$key_,$rounds,$len,$out);
+ 	&movdqu		(&QWP(-16*2,$out,$inp),$inout4);
+ 	&movdqu		(&QWP(-16*1,$out,$inp),$inout5);
+ 	&cmp		($inp,$len);			# done yet?
+-	&jb		(&label("grandloop"));
++	&jbe		(&label("grandloop"));
+ 
+ &set_label("short");
+ 	&add		($len,16*6);
+@@ -2453,7 +2453,7 @@ my ($l_,$block,$i1,$i3,$i5) = ($rounds_,$key_,$rounds,$len,$out);
+ 	&pxor		($rndkey1,$inout5);
+ 	&movdqu		(&QWP(-16*1,$out,$inp),$inout5);
+ 	&cmp		($inp,$len);			# done yet?
+-	&jb		(&label("grandloop"));
++	&jbe		(&label("grandloop"));
+ 
+ &set_label("short");
+ 	&add		($len,16*6);
+-- 
+1.8.3.1
+

_service:tar_scm:Feature-PKCS7-sign-and-verify-support-SM2-algorithm.patch Added

@@ -0,0 +1,74 @@
+From fa3d5b8af929c296f4d684345dedf1e2b4b390e2 Mon Sep 17 00:00:00 2001
+From: gaoyusong <gaoyusong2@huawei.com>
+Date: Fri, 30 Sep 2022 12:10:15 +0800
+Subject: PATCH PKCS7 sign and verify support SM2 algorithm
+
+Signed-off-by: Huaxin Lu <luhuaxin1@huawei.com>
+---
+ crypto/pkcs7/pk7_doit.c | 23 +++++++++++++++++++++--
+ crypto/sm2/sm2_pmeth.c  |  1 +
+ 2 files changed, 22 insertions(+), 2 deletions(-)
+
+diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
+index f63fbc5..916a35a 100644
+--- a/crypto/pkcs7/pk7_doit.c
++++ b/crypto/pkcs7/pk7_doit.c
+@@ -946,6 +946,9 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
+     STACK_OF(X509_ATTRIBUTE) *sk;
+     BIO *btmp;
+     EVP_PKEY *pkey;
++#ifndef OPENSSL_NO_SM2
++    EVP_PKEY_CTX *pctx = NULL;
++#endif
+ 
+     mdc_tmp = EVP_MD_CTX_new();
+     if (mdc_tmp == NULL) {
+@@ -1013,7 +1016,19 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
+             goto err;
+         }
+ 
+-        if (!EVP_VerifyInit_ex(mdc_tmp, EVP_get_digestbynid(md_type), NULL))
++        pkey = X509_get0_pubkey(x509);
++        if (!pkey) {
++            ret = -1;
++            goto err;
++        }
++
++        ret =
++#ifndef OPENSSL_NO_SM2
++        EVP_PKEY_is_sm2(pkey) ?
++        EVP_DigestVerifyInit(mdc_tmp, &pctx, EVP_get_digestbynid(md_type), NULL, pkey) :
++#endif
++        EVP_VerifyInit_ex(mdc_tmp, EVP_get_digestbynid(md_type), NULL);
++        if (!ret)
+             goto err;
+ 
+         alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf,
+@@ -1036,7 +1051,11 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
+         goto err;
+     }
+ 
+-    i = EVP_VerifyFinal(mdc_tmp, os->data, os->length, pkey);
++    i =
++#ifndef OPENSSL_NO_SM2
++    EVP_PKEY_is_sm2(pkey) ? EVP_DigestVerifyFinal(mdc_tmp, os->data, os->length) :
++#endif
++    EVP_VerifyFinal(mdc_tmp, os->data, os->length, pkey);
+     if (i <= 0) {
+         PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_SIGNATURE_FAILURE);
+         ret = -1;
+diff --git a/crypto/sm2/sm2_pmeth.c b/crypto/sm2/sm2_pmeth.c
+index 1998812..53cdbe9 100644
+--- a/crypto/sm2/sm2_pmeth.c
++++ b/crypto/sm2/sm2_pmeth.c
+@@ -221,6 +221,7 @@ static int pkey_sm2_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+         return 1;
+ 
+     case EVP_PKEY_CTRL_DIGESTINIT:
++    case EVP_PKEY_CTRL_PKCS7_SIGN:
+         /* nothing to be inited, this is to suppress the error... */
+         return 1;
+ 
+-- 
+2.33.0
+

_service:tar_scm:Feature-SM4-XTS-optimization-for-ARM-by-HW-instruction.patch Added

@@ -0,0 +1,621 @@
+From 3f0898b2aea424f18f58a182803478f25548674e Mon Sep 17 00:00:00 2001
+From: Xu Yizhou <xuyizhou1@huawei.com>
+Date: Wed, 2 Nov 2022 11:13:07 +0800
+Subject: PATCH 3/3 SM4 XTS optimization for ARM by HW instruction
+
+This patch implements the SM4 XTS optimization for ARM processor,
+using SM4 HW instruction, which is an optional feature of
+crypto extension for aarch64 V8.
+
+Signed-off-by: Xu Yizhou <xuyizhou1@huawei.com>
+---
+ crypto/evp/e_sm4.c            |  28 ++
+ crypto/sm4/asm/sm4-armv8.pl   | 498 +++++++++++++++++++++++++++++++++-
+ include/crypto/sm4_platform.h |  14 +
+ 3 files changed, 537 insertions(+), 3 deletions(-)
+
+diff --git a/crypto/evp/e_sm4.c b/crypto/evp/e_sm4.c
+index eaa5ba0..da4dbd3 100644
+--- a/crypto/evp/e_sm4.c
++++ b/crypto/evp/e_sm4.c
+@@ -281,6 +281,34 @@ static int sm4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+             const int bytes = EVP_CIPHER_CTX_key_length(ctx) / 2;
+             xctx->stream_gb = NULL;
+             xctx->stream = NULL;
++#ifdef HWSM4_CAPABLE
++            if (HWSM4_CAPABLE) {
++                if (enc) {
++                    HWSM4_set_encrypt_key(key, &xctx->ks1.ks);
++                    xctx->xts.block1 = (block128_f) HWSM4_encrypt;
++# ifdef HWSM4_xts_encrypt_gb
++                    xctx->stream_gb = HWSM4_xts_encrypt_gb;
++# endif
++# ifdef HWSM4_xts_encrypt
++                    xctx->stream = HWSM4_xts_encrypt;
++# endif
++                } else {
++                    HWSM4_set_decrypt_key(key, &xctx->ks1.ks);
++                    xctx->xts.block1 = (block128_f) HWSM4_decrypt;
++# ifdef HWSM4_xts_decrypt_gb
++                    xctx->stream_gb = HWSM4_xts_decrypt_gb;
++# endif
++# ifdef HWSM4_xts_decrypt
++                    xctx->stream = HWSM4_xts_decrypt;
++# endif
++                }
++                HWSM4_set_encrypt_key(key + bytes, &xctx->ks2.ks);
++                xctx->xts.block2 = (block128_f) HWSM4_encrypt;
++
++                xctx->xts.key1 = &xctx->ks1;
++                break;
++            } else
++#endif
+ #ifdef VPSM4_EX_CAPABLE
+             if (VPSM4_EX_CAPABLE) {
+                 if (enc) {
+diff --git a/crypto/sm4/asm/sm4-armv8.pl b/crypto/sm4/asm/sm4-armv8.pl
+index dbacad2..923c1c0 100644
+--- a/crypto/sm4/asm/sm4-armv8.pl
++++ b/crypto/sm4/asm/sm4-armv8.pl
+@@ -11,9 +11,9 @@
+ # Oct 2021
+ #
+ 
+-# $output is the last argument if it looks like a file (it has an extension)
++# $outut is the last argument if it looks like a file (it has an extension)
+ # $flavour is the first argument if it doesn't look like a file
+-$output = $#ARGV >= 0 && $ARGV$#ARGV =~ m|\.\w+$| ? pop : undef;
++$outut = $#ARGV >= 0 && $ARGV$#ARGV =~ m|\.\w+$| ? pop : undef;
+ $flavour = $#ARGV >= 0 && $ARGV0 !~ m|\.| ? shift : undef;
+ 
+ $0 =~ m/(.*\/\\)^\/\\+$/; $dir=$1;
+@@ -21,7 +21,7 @@ $0 =~ m/(.*\/\\)^\/\\+$/; $dir=$1;
+ ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
+ die "can't locate arm-xlate.pl";
+ 
+-open OUT,"| \"$^X\" $xlate $flavour \"$output\""
++open OUT,"| \"$^X\" $xlate $flavour \"$outut\""
+     or die "can't call $xlate: $!";
+ *STDOUT=*OUT;
+ 
+@@ -110,6 +110,120 @@ $code.=<<___;
+ ___
+ }
+ 
++sub mov_reg_to_vec() {
++    my $src0 = shift;
++    my $src1 = shift;
++    my $desv = shift;
++$code.=<<___;
++    mov $desv.d0,$src0
++    mov $desv.d1,$src1
++#ifdef __ARMEB__
++    rev32  $desv.16b,$desv.16b
++#endif
++___
++}
++
++sub mov_vec_to_reg() {
++    my $srcv = shift;
++    my $des0 = shift;
++    my $des1 = shift;
++$code.=<<___;
++    mov $des0,$srcv.d0
++    mov $des1,$srcv.d1
++___
++}
++
++sub compute_tweak() {
++    my $src0 = shift;
++    my $src1 = shift;
++    my $des0 = shift;
++    my $des1 = shift;
++    my $tmp0 = shift;
++    my $tmp1 = shift;
++    my $magic = shift;
++$code.=<<___;
++    extr    x$tmp1,$src1,$src1,#32
++    extr    $des1,$src1,$src0,#63
++    and    w$tmp0,w$magic,w$tmp1,asr#31
++    eor    $des0,x$tmp0,$src0,lsl#1
++___
++}
++
++sub compute_tweak_vec() {
++    my $src = shift;
++    my $des = shift;
++    my $tmp0 = shift;
++    my $tmp1 = shift;
++    my $magic = shift;
++    &rbit($tmp1,$src);
++$code.=<<___;
++    shl  $des.16b, $tmp1.16b, #1
++    ext  $tmp0.16b, $tmp1.16b, $tmp1.16b,#15
++    ushr $tmp0.16b, $tmp0.16b, #7
++    mul  $tmp0.16b, $tmp0.16b, $magic.16b
++    eor  $des.16b, $des.16b, $tmp0.16b
++___
++    &rbit($des,$des);
++}
++
++sub mov_en_to_enc(){
++    my $en = shift;
++    my $enc = shift;
++    if ($en eq "en") {
++$code.=<<___;
++        mov   $enc,1
++___
++    } else {
++$code.=<<___;
++        mov   $enc,0
++___
++    }
++}
++
++sub rbit() {
++    my $dst = shift;
++    my $src = shift;
++
++    if ($src and ("$src" ne "$dst")) {
++        if ($standard eq "_gb") {
++$code.=<<___;
++            rbit $dst.16b,$src.16b
++___
++        } else {
++$code.=<<___;
++            mov $dst.16b,$src.16b
++___
++        }
++    } else {
++        if ($standard eq "_gb") {
++$code.=<<___;
++            rbit $dst.16b,$src.16b
++___
++        }
++    }
++}
++
++sub rev32_armeb() {
++    my $dst = shift;
++    my $src = shift;
++
++    if ($src and ("$src" ne "$dst")) {
++$code.=<<___;
++#ifdef __ARMEB__
++    rev32    $dst.16b,$src.16b
++#else
++    mov    $dst.16b,$src.16b
++#endif
++___
++    } else {
++$code.=<<___;
++#ifdef __ARMEB__
++    rev32    $dst.16b,$dst.16b
++#endif
++___
++    }
++}
++
+ $code=<<___;

_service:tar_scm:Feature-Support-TLCP-protocol.patch Added

@@ -0,0 +1,6353 @@
+From 897ef4d611facba29cde86fac6d161984d524da4 Mon Sep 17 00:00:00 2001
+From: s_c_c <shichuchao@huawei.com>
+Date: Mon, 27 Jun 2022 10:28:38 +0800
+Subject: PATCH Support TLCP protocol
+
+TLCP_method(), TLCP_server_method(), TLCP_client_method() are the GM version-specific methods for TLCP protocol.
+Valid TLCP ciphersuite names are ECDHE-SM4-CBC-SM3 and ECC-SM4-CBC-SM3. Additionally enable-tlcp(argument to Configure) was required.
+---
+ Configure                                     |   7 +-
+ apps/s_client.c                               |  60 +-
+ crypto/dh/dh_err.c                            |   8 +-
+ crypto/dsa/dsa_err.c                          |   8 +-
+ crypto/err/openssl.txt                        |  34 +-
+ crypto/evp/evp_err.c                          |   6 +-
+ crypto/evp/p_lib.c                            |  18 +
+ crypto/rsa/rsa_err.c                          |  23 +-
+ crypto/sm2/build.info                         |   2 +-
+ crypto/sm2/sm2_err.c                          |   4 +-
+ crypto/sm2/sm2_kep.c                          | 254 ++++++
+ crypto/sm2/sm2_pmeth.c                        |   4 +
+ doc/man1/s_client.pod                         |   9 +
+ doc/man3/EVP_PKEY_set1_RSA.pod                |   9 +-
+ doc/man3/SSL_CTX_new.pod                      |  19 +-
+ doc/man3/SSL_CTX_set_options.pod              |   4 +-
+ doc/man3/SSL_CTX_use_certificate.pod          |  56 +-
+ doc/man7/ssl.pod                              |  40 +
+ include/crypto/sm2.h                          |   1 +
+ include/crypto/sm2err.h                       |  12 +-
+ include/openssl/dherr.h                       |  15 +-
+ include/openssl/dsaerr.h                      |  18 +-
+ include/openssl/evp.h                         |   4 +
+ include/openssl/evperr.h                      |  17 +-
+ include/openssl/rsaerr.h                      |  32 +-
+ include/openssl/sm2.h                         |  20 +
+ include/openssl/ssl.h                         |  71 ++
+ include/openssl/sslerr.h                      |  33 +-
+ include/openssl/tls1.h                        |  20 +
+ include/openssl/x509.h                        |   4 +
+ include/openssl/x509err.h                     |   4 +-
+ ssl/methods.c                                 |  36 +
+ ssl/record/ssl3_record.c                      |   4 +
+ ssl/s3_lib.c                                  | 126 +++
+ ssl/ssl_asn1.c                                |   3 +-
+ ssl/ssl_cert.c                                |  18 +
+ ssl/ssl_cert_table.h                          |   6 +-
+ ssl/ssl_ciph.c                                |  46 +-
+ ssl/ssl_err.c                                 |  54 +-
+ ssl/ssl_lib.c                                 |  81 +-
+ ssl/ssl_local.h                               |  69 +-
+ ssl/ssl_rsa.c                                 | 541 +++++++++++++
+ ssl/ssl_sess.c                                |   3 +
+ ssl/ssl_stat.c                                |  28 +
+ ssl/statem/extensions.c                       |   6 +-
+ ssl/statem/extensions_clnt.c                  |   3 +
+ ssl/statem/extensions_srvr.c                  |   6 +-
+ ssl/statem/statem.c                           |   4 +
+ ssl/statem/statem_clnt.c                      | 434 ++++++++++
+ ssl/statem/statem_lib.c                       | 182 ++++-
+ ssl/statem/statem_srvr.c                      | 445 ++++++++++-
+ ssl/t1_enc.c                                  |  84 ++
+ ssl/t1_lib.c                                  | 130 ++-
+ test/build.info                               |   6 +-
+ test/ciphername_test.c                        |   3 +
+ test/recipes/85-test_tlcp.t                   |  34 +
+ .../85-test_tlcp_data/ecdsa-client-cert.pem   |  12 +
+ .../85-test_tlcp_data/ecdsa-client-key.pem    |   5 +
+ .../85-test_tlcp_data/ecdsa-root-cert.pem     |  14 +
+ .../85-test_tlcp_data/ecdsa-server-cert.pem   |  12 +
+ .../85-test_tlcp_data/ecdsa-server-key.pem    |   5 +
+ .../85-test_tlcp_data/sm2-client-enc-cert.pem |  12 +
+ .../85-test_tlcp_data/sm2-client-enc-key.pem  |   5 +
+ .../85-test_tlcp_data/sm2-client-sig-cert.pem |  12 +
+ .../85-test_tlcp_data/sm2-client-sig-key.pem  |   5 +
+ .../85-test_tlcp_data/sm2-root-cert.pem       |  14 +
+ .../85-test_tlcp_data/sm2-server-enc-cert.pem |  12 +
+ .../85-test_tlcp_data/sm2-server-enc-key.pem  |   5 +
+ .../85-test_tlcp_data/sm2-server-sig-cert.pem |  12 +
+ .../85-test_tlcp_data/sm2-server-sig-key.pem  |   5 +
+ test/sm2_internal_test.c                      | 111 +++
+ test/tlcptest.c                               | 746 ++++++++++++++++++
+ util/libcrypto.num                            |   2 +
+ util/libssl.num                               |  17 +
+ 74 files changed, 4065 insertions(+), 109 deletions(-)
+ create mode 100644 crypto/sm2/sm2_kep.c
+ create mode 100644 include/openssl/sm2.h
+ create mode 100644 test/recipes/85-test_tlcp.t
+ create mode 100644 test/recipes/85-test_tlcp_data/ecdsa-client-cert.pem
+ create mode 100644 test/recipes/85-test_tlcp_data/ecdsa-client-key.pem
+ create mode 100644 test/recipes/85-test_tlcp_data/ecdsa-root-cert.pem
+ create mode 100644 test/recipes/85-test_tlcp_data/ecdsa-server-cert.pem
+ create mode 100644 test/recipes/85-test_tlcp_data/ecdsa-server-key.pem
+ create mode 100644 test/recipes/85-test_tlcp_data/sm2-client-enc-cert.pem
+ create mode 100644 test/recipes/85-test_tlcp_data/sm2-client-enc-key.pem
+ create mode 100644 test/recipes/85-test_tlcp_data/sm2-client-sig-cert.pem
+ create mode 100644 test/recipes/85-test_tlcp_data/sm2-client-sig-key.pem
+ create mode 100644 test/recipes/85-test_tlcp_data/sm2-root-cert.pem
+ create mode 100644 test/recipes/85-test_tlcp_data/sm2-server-enc-cert.pem
+ create mode 100644 test/recipes/85-test_tlcp_data/sm2-server-enc-key.pem
+ create mode 100644 test/recipes/85-test_tlcp_data/sm2-server-sig-cert.pem
+ create mode 100644 test/recipes/85-test_tlcp_data/sm2-server-sig-key.pem
+ create mode 100644 test/tlcptest.c
+
+diff --git a/Configure b/Configure
+index 4236e6c..a41c897 100755
+--- a/Configure
++++ b/Configure
+@@ -425,6 +425,7 @@ my @disablables = (
+     "stdio",
+     "tests",
+     "threads",
++    "tlcp",
+     "tls",
+     "ts",
+     "ubsan",
+@@ -469,6 +470,7 @@ our %disabled = ( # "what"         => "comment"
+                   "ssl-trace"           => "default",
+                   "ssl3"                => "default",
+                   "ssl3-method"         => "default",
++                  "tlcp"                => "default",
+                   "ubsan"               => "default",
+                   "unit-test"           => "default",
+                   "weak-ssl-ciphers"    => "default",
+@@ -512,8 +514,9 @@ my @disable_cascades = (
+     "apps"              =>  "tests" ,
+     "tests"             =>  "external-tests" ,
+     "comp"              =>  "zlib" ,
+-    "ec"                =>  "tls1_3", "sm2" ,
+-    "sm3"               =>  "sm2" ,
++    "ec"                =>  "tls1_3", "sm2", "tlcp" ,
++    "sm3"               =>  "sm2", "tlcp" ,
++    "sm2"               =>  "tlcp" ,
+     sub { !$disabled{"unit-test"} } =>  "heartbeats" ,
+ 
+     sub { !$disabled{"msan"} } =>  "asm" ,
+diff --git a/apps/s_client.c b/apps/s_client.c
+index 121cd14..a41f98a 100644
+--- a/apps/s_client.c
++++ b/apps/s_client.c
+@@ -578,6 +578,7 @@ typedef enum OPTION_choice {
+     OPT_SRPUSER, OPT_SRPPASS, OPT_SRP_STRENGTH, OPT_SRP_LATEUSER,
+     OPT_SRP_MOREGROUPS,
+ #endif
++    OPT_TLCP, OPT_DCERT, OPT_DKEY, OPT_DPASS,
+     OPT_SSL3, OPT_SSL_CONFIG,
+     OPT_TLS1_3, OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1,
+     OPT_DTLS1_2, OPT_SCTP, OPT_TIMEOUT, OPT_MTU, OPT_KEYFORM, OPT_PASS,
+@@ -738,6 +739,12 @@ const OPTIONS s_client_options = {
+ #ifndef OPENSSL_NO_TLS1_3
+     {"tls1_3", OPT_TLS1_3, '-', "Just use TLSv1.3"},
+ #endif
++#ifndef OPENSSL_NO_TCLP
++    {"tlcp", OPT_TLCP, '-', "Just use TLCP"},
++    {"dcert", OPT_DCERT, '<', "Encryption certificate file to use (usually for TLCP)"},
++    {"dkey", OPT_DKEY, '<', "Encryption private key file to use (usually for TLCP)"},
++    {"dpass", OPT_DPASS, 's', "Encryption private key file pass phrase source"},
++#endif
+ #ifndef OPENSSL_NO_DTLS
+     {"dtls", OPT_DTLS, '-', "Use any version of DTLS"},
+     {"timeout", OPT_TIMEOUT, '-',
+@@ -836,7 +843,7 @@ static const OPT_PAIR services = {
+ 
+ #define IS_PROT_FLAG(o) \
+  (o == OPT_SSL3 || o == OPT_TLS1 || o == OPT_TLS1_1 || o == OPT_TLS1_2 \
+-  || o == OPT_TLS1_3 || o == OPT_DTLS || o == OPT_DTLS1 || o == OPT_DTLS1_2)
++  || o == OPT_TLS1_3 || o == OPT_DTLS || o == OPT_DTLS1 || o == OPT_DTLS1_2 || o == OPT_TLCP)
+ 
+ /* Free |*dest| and optionally set it to a copy of |source|. */
+ static void freeandcopy(char **dest, const char *source)
+@@ -982,6 +989,10 @@ int s_client_main(int argc, char **argv)
+ #ifndef OPENSSL_NO_SCTP
+     int sctp_label_bug = 0;
+ #endif
++    char *s_dcert_file = NULL, *s_dkey_file = NULL;
++    char *dpassarg = NULL, *dpass = NULL;
++    X509 *s_dcert = NULL;
++    EVP_PKEY *s_dkey = NULL;
+ 
+     FD_ZERO(&readfds);
+     FD_ZERO(&writefds);
+@@ -1318,6 +1329,14 @@ int s_client_main(int argc, char **argv)
+             socket_type = SOCK_STREAM;
+ #ifndef OPENSSL_NO_DTLS
+             isdtls = 0;
++#endif
++            break;
++        case OPT_TLCP:
++            min_version = TLCP_VERSION;
++            max_version = TLCP_VERSION;
++            socket_type = SOCK_STREAM;
++#ifndef OPENSSL_NO_DTLS
++            isdtls = 0;
+ #endif
+             break;
+         case OPT_DTLS:
+@@ -1381,6 +1400,15 @@ int s_client_main(int argc, char **argv)
+         case OPT_KEY:
+             key_file = opt_arg();
+             break;
++        case OPT_DCERT:

_service:tar_scm:Feature-X509-command-supports-SM2-certificate-signing-with-default-sm2id.patch Added

@@ -0,0 +1,87 @@
+From d3e1106ea296a2ec94d27dd34692c34ad543ad04 Mon Sep 17 00:00:00 2001
+From: s_c_c <shichuchao@huawei.com>
+Date: Wed, 29 Jun 2022 17:54:50 +0800
+Subject: PATCH X509 command supports SM2 certificate signing with default
+ sm2id
+
+---
+ apps/x509.c                |  4 ++++
+ include/openssl/sm2.h      |  9 +++++++++
+ test/recipes/25-test_req.t | 13 ++++++++++---
+ 3 files changed, 23 insertions(+), 3 deletions(-)
+
+diff --git a/apps/x509.c b/apps/x509.c
+index 1043eba..2669894 100644
+--- a/apps/x509.c
++++ b/apps/x509.c
+@@ -1078,6 +1078,10 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext,
+         if (!X509V3_EXT_add_nconf(conf, &ctx, section, x))
+             goto err;
+     }
++#ifndef OPENSSL_NO_SM2
++    if (EVP_PKEY_is_sm2(pkey) && !EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2))
++        goto err;
++#endif
+     if (!X509_sign(x, pkey, digest))
+         goto err;
+     return 1;
+diff --git a/include/openssl/sm2.h b/include/openssl/sm2.h
+index 505ebfc..cc517bc 100644
+--- a/include/openssl/sm2.h
++++ b/include/openssl/sm2.h
+@@ -1,3 +1,12 @@
++/*
++ * Copyright 2022 Huawei Technologies Co., Ltd. All Rights Reserved.
++ *
++ * Licensed under the OpenSSL license (the "License").  You may not use
++ * this file except in compliance with the License.  You can obtain a copy
++ * in the file LICENSE in the source distribution or at
++ * https://www.openssl.org/source/license.html
++ */
++
+ #ifndef HEADER_SM2_H
+ # define HEADER_SM2_H
+ 
+diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t
+index d53e577..2b0c08c 100644
+--- a/test/recipes/25-test_req.t
++++ b/test/recipes/25-test_req.t
+@@ -182,10 +182,10 @@ subtest "generating certificate requests" => sub {
+ };
+ 
+ subtest "generating SM2 certificate requests" => sub {
+-    plan tests => 4;
++    plan tests => 5;
+ 
+     SKIP: {
+-        skip "SM2 is not supported by this OpenSSL build", 4
++        skip "SM2 is not supported by this OpenSSL build", 5
+         if disabled("sm2");
+         ok(run(app("openssl", "req", "-config", srctop_file("test", "test.cnf"),
+                     "-new", "-key", srctop_file("test", "certs", "sm2.key"),
+@@ -198,6 +198,13 @@ subtest "generating SM2 certificate requests" => sub {
+                     "-sm2-id", "1234567812345678", "-sm3")),
+            "Verifying signature on SM2 certificate request");
+ 
++        # Use default sm2 id
++        ok(run(app("openssl", "x509", "-req", "-extfile", srctop_file("test", "CAss.cnf"),
++                    "-extensions", "v3_ca", "-sm3", "-days", "365",
++                    "-in", "testreq.pem", "-signkey", srctop_file("test", "certs", "sm2.key"),
++                    "-out", "testsign.pem")),
++           "Signing SM2 certificate request");
++
+         ok(run(app("openssl", "req", "-config", srctop_file("test", "test.cnf"),
+                     "-new", "-key", srctop_file("test", "certs", "sm2.key"),
+                     "-sigopt", "sm2_hex_id:DEADBEEF",
+@@ -218,7 +225,7 @@ run_conversion('req conversions',
+ run_conversion('req conversions -- testreq2',
+                srctop_file("test", "testreq2.pem"));
+ 
+-unlink "testkey.pem", "testreq.pem", "testreq_withattrs_pem.pem", "testreq_withattrs_der.pem";
++unlink "testkey.pem", "testreq.pem", "testreq_withattrs_pem.pem", "testreq_withattrs_der.pem", "testsign.pem";
+ 
+ sub run_conversion {
+     my $title = shift;
+-- 
+2.20.1 (Apple Git-117)
+

_service:tar_scm:Feature-add-ARMv8-implementations-of-SM4-in-ECB-and-XTS.patch Added

@@ -0,0 +1,2225 @@
+From df56c1da16d705fb6f471651feb77a69171af9e3 Mon Sep 17 00:00:00 2001
+From: Xu Yizhou <xuyizhou1@huawei.com>
+Date: Wed, 19 Oct 2022 13:28:58 +0800
+Subject: PATCH add ARMv8 implementations of SM4 in ECB and XTS
+
+---
+ Configurations/00-base-templates.conf     |    1 +
+ Configure                                 |    4 +
+ crypto/evp/c_allc.c                       |    1 +
+ crypto/evp/e_sm4.c                        |  352 ++++++-
+ crypto/modes/build.info                   |    2 +-
+ crypto/modes/xts128gb.c                   |  204 ++++
+ crypto/objects/obj_dat.h                  |   15 +-
+ crypto/objects/obj_mac.num                |    1 +
+ crypto/objects/objects.txt                |    1 +
+ crypto/sm4/asm/vpsm4_ex-armv8.pl          | 1173 +++++++++++++++++++++
+ crypto/sm4/build.info                     |    5 +-
+ doc/man3/EVP_sm4_xts.pod                  |   67 ++
+ fuzz/oids.txt                             |    1 +
+ include/openssl/evp.h                     |    4 +
+ include/openssl/modes.h                   |    9 +
+ include/openssl/obj_mac.h                 |    5 +
+ test/evp_test.c                           |   17 +-
+ test/recipes/30-test_evp_data/evpciph.txt |   22 +
+ util/libcrypto.num                        |    2 +
+ 19 files changed, 1832 insertions(+), 54 deletions(-)
+ create mode 100644 crypto/modes/xts128gb.c
+ create mode 100644 crypto/sm4/asm/vpsm4_ex-armv8.pl
+ create mode 100644 doc/man3/EVP_sm4_xts.pod
+
+diff --git a/Configurations/00-base-templates.conf b/Configurations/00-base-templates.conf
+index e01dc63..1d35012 100644
+--- a/Configurations/00-base-templates.conf
++++ b/Configurations/00-base-templates.conf
+@@ -321,6 +321,7 @@ my %targets=(
+ 	chacha_asm_src  => "chacha-armv8.S",
+ 	poly1305_asm_src=> "poly1305-armv8.S",
+ 	keccak1600_asm_src	=> "keccak1600-armv8.S",
++	sm4_asm_src     =>  "vpsm4_ex-armv8.S",
+     },
+     parisc11_asm => {
+ 	template	=> 1,
+diff --git a/Configure b/Configure
+index a41c897..3bfe360 100755
+--- a/Configure
++++ b/Configure
+@@ -1420,6 +1420,9 @@ unless ($disabled{asm}) {
+     if ($target{poly1305_asm_src} ne "") {
+         push @{$config{lib_defines}}, "POLY1305_ASM";
+     }
++    if ($target{sm4_asm_src} ne "") {
++        push @{$config{lib_defines}}, "VPSM4_EX_ASM";
++    }
+ }
+ 
+ my %predefined_C = compiler_predefined($config{CROSS_COMPILE}.$config{CC});
+@@ -3375,6 +3378,7 @@ sub print_table_entry
+         "mtoutflag",
+         "multilib",
+         "build_scheme",
++        "sm4_asm_src",
+         );
+ 
+     if ($type eq "TABLE") {
+diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c
+index 22fdcc4..01b0d1f 100644
+--- a/crypto/evp/c_allc.c
++++ b/crypto/evp/c_allc.c
+@@ -85,6 +85,7 @@ void openssl_add_all_ciphers_int(void)
+     EVP_add_cipher(EVP_sm4_cfb());
+     EVP_add_cipher(EVP_sm4_ofb());
+     EVP_add_cipher(EVP_sm4_ctr());
++    EVP_add_cipher(EVP_sm4_xts());
+     EVP_add_cipher_alias(SN_sm4_cbc, "SM4");
+     EVP_add_cipher_alias(SN_sm4_cbc, "sm4");
+ #endif
+diff --git a/crypto/evp/e_sm4.c b/crypto/evp/e_sm4.c
+index fce3279..169d6c7 100644
+--- a/crypto/evp/e_sm4.c
++++ b/crypto/evp/e_sm4.c
+@@ -15,86 +15,346 @@
+ # include <openssl/modes.h>
+ # include "crypto/sm4.h"
+ # include "crypto/evp.h"
++# include "evp_local.h"
++# include "modes_local.h"
++
++#if defined(OPENSSL_CPUID_OBJ) && (defined(__arm__) || defined(__arm) || defined(__aarch64__))
++# include "arm_arch.h"
++# if __ARM_MAX_ARCH__>=7
++#  if defined(VPSM4_EX_ASM)
++#   define VPSM4_EX_CAPABLE (OPENSSL_armcap_P & ARMV8_AES)
++#  endif
++# endif
++#endif
+ 
+ typedef struct {
+-    SM4_KEY ks;
++    union {
++        double align;
++        SM4_KEY ks;
++    } ks;
++    block128_f block;
++    union {
++        ecb128_f ecb;
++    } stream;
+ } EVP_SM4_KEY;
+ 
++#ifdef VPSM4_EX_CAPABLE
++void vpsm4_ex_set_encrypt_key(const unsigned char *userKey, SM4_KEY *key);
++void vpsm4_ex_set_decrypt_key(const unsigned char *userKey, SM4_KEY *key);
++#define vpsm4_ex_encrypt SM4_encrypt
++#define vpsm4_ex_decrypt SM4_encrypt
++void vpsm4_ex_ecb_encrypt(
++    const unsigned char *in, unsigned char *out, size_t length, const SM4_KEY *key, const int enc);
++/* xts mode in GB/T 17964-2021 */
++void vpsm4_ex_xts_encrypt_gb(const unsigned char *in, unsigned char *out, size_t length, const SM4_KEY *key1,
++    const SM4_KEY *key2, const uint8_t iv16);
++void vpsm4_ex_xts_decrypt_gb(const unsigned char *in, unsigned char *out, size_t length, const SM4_KEY *key1,
++    const SM4_KEY *key2, const uint8_t iv16);
++/* xts mode in IEEE Std 1619-2007 */
++void vpsm4_ex_xts_encrypt(const unsigned char *in, unsigned char *out, size_t length, const SM4_KEY *key1,
++    const SM4_KEY *key2, const uint8_t iv16);
++void vpsm4_ex_xts_decrypt(const unsigned char *in, unsigned char *out, size_t length, const SM4_KEY *key1,
++    const SM4_KEY *key2, const uint8_t iv16);
++#endif
++
++# define BLOCK_CIPHER_generic(nid,blocksize,ivlen,nmode,mode,MODE,flags) \
++static const EVP_CIPHER sm4_##mode = { \
++        nid##_##nmode,blocksize,128/8,ivlen, \
++        flags|EVP_CIPH_##MODE##_MODE,   \
++        sm4_init_key,                   \
++        sm4_##mode##_cipher,            \
++        NULL,                           \
++        sizeof(EVP_SM4_KEY),            \
++        NULL,NULL,NULL,NULL }; \
++const EVP_CIPHER *EVP_sm4_##mode(void) \
++{ return &sm4_##mode; }
++
++#define BLOCK_CIPHER_generic_pack(nid,flags)             \
++        BLOCK_CIPHER_generic(nid,16,16,cbc,cbc,CBC,flags|EVP_CIPH_FLAG_DEFAULT_ASN1)     \
++        BLOCK_CIPHER_generic(nid,16,0,ecb,ecb,ECB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1)      \
++        BLOCK_CIPHER_generic(nid,1,16,ofb128,ofb,OFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1)   \
++        BLOCK_CIPHER_generic(nid,1,16,cfb128,cfb,CFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1)   \
++        BLOCK_CIPHER_generic(nid,1,16,ctr,ctr,CTR,flags)
++
+ static int sm4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                         const unsigned char *iv, int enc)
+ {
+-    SM4_set_key(key, EVP_CIPHER_CTX_get_cipher_data(ctx));
++    int mode;
++    EVP_SM4_KEY *dat = EVP_C_DATA(EVP_SM4_KEY, ctx);
++
++    mode = EVP_CIPHER_CTX_mode(ctx);
++    if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) && !enc) {
++#ifdef VPSM4_EX_CAPABLE
++        if (VPSM4_EX_CAPABLE) {
++            vpsm4_ex_set_decrypt_key(key, &dat->ks.ks);
++            dat->block = (block128_f) vpsm4_ex_decrypt;
++            if (mode == EVP_CIPH_ECB_MODE)
++                dat->stream.ecb = (ecb128_f) vpsm4_ex_ecb_encrypt;
++        } else
++#endif
++        {
++            dat->block = (block128_f)SM4_decrypt;
++            SM4_set_key(key, EVP_CIPHER_CTX_get_cipher_data(ctx));
++        }
++    } else {
++#ifdef VPSM4_EX_CAPABLE
++        if (VPSM4_EX_CAPABLE) {
++            vpsm4_ex_set_encrypt_key(key, &dat->ks.ks);
++            dat->block = (block128_f) vpsm4_ex_encrypt;
++            if (mode == EVP_CIPH_ECB_MODE)
++                dat->stream.ecb = (ecb128_f) vpsm4_ex_ecb_encrypt;
++        } else
++#endif
++        {
++            dat->block = (block128_f)SM4_encrypt;
++            SM4_set_key(key, EVP_CIPHER_CTX_get_cipher_data(ctx));
++        }
++    }
+     return 1;
+ }
+ 
+-static void sm4_cbc_encrypt(const unsigned char *in, unsigned char *out,
+-                            size_t len, const SM4_KEY *key,
+-                            unsigned char *ivec, const int enc)
++static int sm4_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
++                          const unsigned char *in, size_t len)
+ {
+-    if (enc)
+-        CRYPTO_cbc128_encrypt(in, out, len, key, ivec,
+-                              (block128_f)SM4_encrypt);
++    EVP_SM4_KEY *dat = EVP_C_DATA(EVP_SM4_KEY,ctx);
++
++    if (EVP_CIPHER_CTX_encrypting(ctx))
++        CRYPTO_cbc128_encrypt(in, out, len, &dat->ks.ks,
++                              EVP_CIPHER_CTX_iv_noconst(ctx), dat->block);
+     else

_service:tar_scm:Fix-SM4-XTS-build-failure-using-clang.patch Added

@@ -0,0 +1,177 @@
+From ed5b59a989f0d209851936c1290d312846d117b6 Mon Sep 17 00:00:00 2001
+From: Xu Yizhou <xuyizhou1@huawei.com>
+Date: Mon, 15 May 2023 10:42:47 +0800
+Subject: PATCH Fix SM4-XTS build failure using clang
+
+The OpenSSL community also has similar issues, and the corresponding
+solutions can be found in this PR
+(https://github.com/openssl/openssl/pull/20202). Moreover, the
+community has added restrictions in the arm-xlate.pl file to recognize
+the 'LDR REG, =VALUE' pseudo instruction on Neon, as shown in this PR
+(https://github.com/openssl/openssl/pull/20222).
+
+Signed-off-by: Xu Yizhou <xuyizhou1@huawei.com>
+---
+ crypto/perlasm/arm-xlate.pl      | 10 ++++++++++
+ crypto/sm4/asm/sm4-armv8.pl      | 12 +++++++-----
+ crypto/sm4/asm/vpsm4_ex-armv8.pl | 30 +++++++++++++++++++-----------
+ 3 files changed, 36 insertions(+), 16 deletions(-)
+
+diff --git a/crypto/perlasm/arm-xlate.pl b/crypto/perlasm/arm-xlate.pl
+index 48819be..a2f3838 100755
+--- a/crypto/perlasm/arm-xlate.pl
++++ b/crypto/perlasm/arm-xlate.pl
+@@ -170,6 +170,16 @@ while(my $line=<>) {
+ 	}
+     }
+ 
++    # ldr REG, #VALUE psuedo-instruction - avoid clang issue with Neon registers
++    #
++    if ($line =~ /^\s*ldr\s+(qd\d\d?)\s*,\s*=(\w+)/i) {
++        # Immediate load via literal pool into qN or DN - clang max is 2^32-1
++        my ($reg, $value) = ($1, $2);
++        # If $value is hex, 0x + 8 hex chars = 10 chars total will be okay
++        # If $value is decimal, 2^32 - 1 = 4294967295 will be okay (also 10 chars)
++        die("$line: immediate load via literal pool into $reg: value too large for clang - redo manually") if length($value) > 10;
++    }
++
+     print $line if ($line);
+     print "\n";
+ }
+diff --git a/crypto/sm4/asm/sm4-armv8.pl b/crypto/sm4/asm/sm4-armv8.pl
+index 923c1c0..07ba53a 100644
+--- a/crypto/sm4/asm/sm4-armv8.pl
++++ b/crypto/sm4/asm/sm4-armv8.pl
+@@ -244,6 +244,8 @@ $code.=<<___;
+ 	.long 0x10171E25, 0x2C333A41, 0x484F565D, 0x646B7279
+ .Lfk:
+ 	.long 0xa3b1bac6, 0x56aa3350, 0x677d9197, 0xb27022dc
++.Lxts_magic:
++	.dword 0x0101010101010187,0x0101010101010101
+ ___
+ }}}
+ 
+@@ -604,7 +606,7 @@ $code.=<<___;
+ .globl	${prefix}_ctr32_encrypt_blocks
+ .type	${prefix}_ctr32_encrypt_blocks,%function
+ .align	5
+-${prefix}_ctr32_encrypt_blocks:	
++${prefix}_ctr32_encrypt_blocks:
+ 	stp	d8,d9,sp, #-16!
+ 
+ 	ld1	{$ivec.4s},$ivp
+@@ -736,7 +738,7 @@ $code.=<<___;
+ .align    5
+ ${prefix}_xts_do_cipher${standard}:
+ 	mov w$magic,0x87
+-    ldr $qMagic, =0x01010101010101010101010101010187
++    ldr $qMagic, .Lxts_magic
+ 	// used to encrypt the XORed plaintext blocks
+ 	ld1	{@rks0.4s,@rks1.4s,@rks2.4s,@rks3.4s},$rk2,#64
+ 	ld1	{@rks4.4s,@rks5.4s,@rks6.4s,@rks7.4s},$rk2
+@@ -963,7 +965,7 @@ $code.=<<___;
+     cmp $remain,0
+     b.eq 99f
+ 
+-// This brance calculates the last two tweaks, 
++// This brance calculates the last two tweaks,
+ // while the encryption/decryption length is larger than 32
+ .last_2blks_tweak${standard}:
+ ___
+@@ -974,7 +976,7 @@ $code.=<<___;
+     b .check_dec${standard}
+ 
+ 
+-// This brance calculates the last two tweaks, 
++// This brance calculates the last two tweaks,
+ // while the encryption/decryption length is less than 32, who only need two tweaks
+ .only_2blks_tweak${standard}:
+     mov @tweak1.16b,@tweak0.16b
+@@ -1018,7 +1020,7 @@ $code.=<<___;
+         strb    w$tmp1,$lastBlk,$remain
+         strb    w$tmp0,$out,$remain
+     b.gt .loop${standard}
+-    ld1        {@dat0.4s}, $lastBlk    
++    ld1        {@dat0.4s}, $lastBlk
+     eor @dat0.16b, @dat0.16b, @tweak2.16b
+ ___
+ 	&rev32(@dat0,@dat0);
+diff --git a/crypto/sm4/asm/vpsm4_ex-armv8.pl b/crypto/sm4/asm/vpsm4_ex-armv8.pl
+index 86a6f89..4eb2bbf 100644
+--- a/crypto/sm4/asm/vpsm4_ex-armv8.pl
++++ b/crypto/sm4/asm/vpsm4_ex-armv8.pl
+@@ -108,12 +108,12 @@ ___
+ 
+ sub load_sbox_matrix () {
+ $code.=<<___;
+-    ldr $MaskQ,       =0x0306090c0f0205080b0e0104070a0d00
+-    ldr $TAHMatQ,    =0x22581a6002783a4062185a2042387a00
+-    ldr $TALMatQ,    =0xc10bb67c4a803df715df62a89e54e923
+-    ldr $ATAHMatQ,   =0x1407c6d56c7fbeadb9aa6b78c1d21300
+-    ldr $ATALMatQ,   =0xe383c1a1fe9edcbc6404462679195b3b
+-    ldr $ANDMaskQ,    =0x0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f
++	ldr $MaskQ, .Lsbox_magic
++	ldr $TAHMatQ, .Lsbox_magic+16
++	ldr $TALMatQ, .Lsbox_magic+32
++	ldr $ATAHMatQ, .Lsbox_magic+48
++	ldr $ATALMatQ, .Lsbox_magic+64
++	ldr $ANDMaskQ, .Lsbox_magic+80
+ ___
+ }
+ # matrix multiplication Mat*x = (lowerMat*x) ^ (higherMat*x)
+@@ -505,7 +505,7 @@ sub compute_tweak_vec() {
+     my $des = shift;
+     &rbit(@vtmp2,$src);
+ $code.=<<___;
+-    ldr  @qtmp0, =0x01010101010101010101010101010187
++    ldr  @qtmp0, .Lxts_magic
+     shl  $des.16b, @vtmp2.16b, #1
+     ext  @vtmp1.16b, @vtmp2.16b, @vtmp2.16b,#15
+     ushr @vtmp1.16b, @vtmp1.16b, #7
+@@ -572,7 +572,15 @@ ${prefix}_consts:
+     .long 0xa3b1bac6, 0x56aa3350, 0x677d9197, 0xb27022dc
+ .Lshuffles:
+     .long 0x07060504, 0x0B0A0908, 0x0F0E0D0C, 0x03020100
+- 
++.Lxts_magic:
++	.dword 0x0101010101010187,0x0101010101010101
++.Lsbox_magic:
++	.dword 0x0b0e0104070a0d00,0x0306090c0f020508
++	.dword 0x62185a2042387a00,0x22581a6002783a40
++	.dword 0x15df62a89e54e923,0xc10bb67c4a803df7
++	.dword 0xb9aa6b78c1d21300,0x1407c6d56c7fbead
++	.dword 0x6404462679195b3b,0xe383c1a1fe9edcbc
++	.dword 0x0f0f0f0f0f0f0f0f,0x0f0f0f0f0f0f0f0f
+ .size	${prefix}_consts,.-${prefix}_consts
+ ___
+ 
+@@ -1033,7 +1041,7 @@ $code.=<<___;
+     cmp $remain,0
+     b.eq .return${standard}
+ 
+-// This brance calculates the last two tweaks, 
++// This brance calculates the last two tweaks,
+ // while the encryption/decryption length is larger than 32
+ .last_2blks_tweak${standard}:
+ ___
+@@ -1044,7 +1052,7 @@ $code.=<<___;
+     b .check_dec${standard}
+ 
+ 
+-// This brance calculates the last two tweaks, 
++// This brance calculates the last two tweaks,
+ // while the encryption/decryption length is equal to 32, who only need two tweaks
+ .only_2blks_tweak${standard}:
+     mov @tweak1.16b,@tweak0.16b
+@@ -1087,7 +1095,7 @@ $code.=<<___;
+         strb    $wtmp1,$lastBlk,$remain
+         strb    $wtmp0,$outp,$remain
+     b.gt .loop${standard}
+-    ld1        {@data0.4s}, $lastBlk    
++    ld1        {@data0.4s}, $lastBlk
+     eor @data0.16b, @data0.16b, @tweak2.16b
+ ___
+     &rev32(@data0,@data0);
+-- 
+2.36.1
+

_service:tar_scm:Fix-reported-performance-degradation-on-aarch64.patch Added

@@ -0,0 +1,146 @@
+From a8f6d73fda64d514171e99a50d1483c0c0b8d968 Mon Sep 17 00:00:00 2001
+From: Bernd Edlinger <bernd.edlinger@hotmail.de>
+Date: Sun, 12 Jun 2022 09:37:26 +0200
+Subject: PATCH Fix reported performance degradation on aarch64
+
+This restores the implementation prior to
+commit 2621751 ("aes/asm/aesv8-armx.pl: avoid 32-bit lane assignment in CTR mode")
+for 64bit targets only, since it is reportedly 2-17% slower,
+and the silicon errata only affects 32bit targets.
+Only for 32bit targets the new algorithm is used.
+
+Fixes #18445
+
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Hugo Landau <hlandau@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/18539)
+---
+ crypto/aes/asm/aesv8-armx.pl | 62 ++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 62 insertions(+)
+
+diff --git a/crypto/aes/asm/aesv8-armx.pl b/crypto/aes/asm/aesv8-armx.pl
+index 2b0e982..1856d99 100755
+--- a/crypto/aes/asm/aesv8-armx.pl
++++ b/crypto/aes/asm/aesv8-armx.pl
+@@ -740,6 +740,21 @@ $code.=<<___;
+ #ifndef __ARMEB__
+ 	rev		$ctr, $ctr
+ #endif
++___
++$code.=<<___	if ($flavour =~ /64/);
++	vorr		$dat1,$dat0,$dat0
++	add		$tctr1, $ctr, #1
++	vorr		$dat2,$dat0,$dat0
++	add		$ctr, $ctr, #2
++	vorr		$ivec,$dat0,$dat0
++	rev		$tctr1, $tctr1
++	vmov.32		${dat1}3,$tctr1
++	b.ls		.Lctr32_tail
++	rev		$tctr2, $ctr
++	sub		$len,$len,#3		// bias
++	vmov.32		${dat2}3,$tctr2
++___
++$code.=<<___	if ($flavour !~ /64/);
+ 	add		$tctr1, $ctr, #1
+ 	vorr		$ivec,$dat0,$dat0
+ 	rev		$tctr1, $tctr1
+@@ -751,6 +766,8 @@ $code.=<<___;
+ 	vmov.32		${ivec}3,$tctr2
+ 	sub		$len,$len,#3		// bias
+ 	vorr		$dat2,$ivec,$ivec
++___
++$code.=<<___;
+ 	b		.Loop3x_ctr32
+ 
+ .align	4
+@@ -777,11 +794,25 @@ $code.=<<___;
+ 	aese		$dat1,q8
+ 	aesmc		$tmp1,$dat1
+ 	 vld1.8		{$in0},$inp,#16
++___
++$code.=<<___	if ($flavour =~ /64/);
++	 vorr		$dat0,$ivec,$ivec
++___
++$code.=<<___	if ($flavour !~ /64/);
+ 	 add		$tctr0,$ctr,#1
++___
++$code.=<<___;
+ 	aese		$dat2,q8
+ 	aesmc		$dat2,$dat2
+ 	 vld1.8		{$in1},$inp,#16
++___
++$code.=<<___	if ($flavour =~ /64/);
++	 vorr		$dat1,$ivec,$ivec
++___
++$code.=<<___	if ($flavour !~ /64/);
+ 	 rev		$tctr0,$tctr0
++___
++$code.=<<___;
+ 	aese		$tmp0,q9
+ 	aesmc		$tmp0,$tmp0
+ 	aese		$tmp1,q9
+@@ -790,6 +821,12 @@ $code.=<<___;
+ 	 mov		$key_,$key
+ 	aese		$dat2,q9
+ 	aesmc		$tmp2,$dat2
++___
++$code.=<<___	if ($flavour =~ /64/);
++	 vorr		$dat2,$ivec,$ivec
++	 add		$tctr0,$ctr,#1
++___
++$code.=<<___;
+ 	aese		$tmp0,q12
+ 	aesmc		$tmp0,$tmp0
+ 	aese		$tmp1,q12
+@@ -805,22 +842,47 @@ $code.=<<___;
+ 	aese		$tmp1,q13
+ 	aesmc		$tmp1,$tmp1
+ 	 veor		$in2,$in2,$rndlast
++___
++$code.=<<___	if ($flavour =~ /64/);
++	 rev		$tctr0,$tctr0
++	aese		$tmp2,q13
++	aesmc		$tmp2,$tmp2
++	 vmov.32	${dat0}3, $tctr0
++___
++$code.=<<___	if ($flavour !~ /64/);
+ 	 vmov.32	${ivec}3, $tctr0
+ 	aese		$tmp2,q13
+ 	aesmc		$tmp2,$tmp2
+ 	 vorr		$dat0,$ivec,$ivec
++___
++$code.=<<___;
+ 	 rev		$tctr1,$tctr1
+ 	aese		$tmp0,q14
+ 	aesmc		$tmp0,$tmp0
++___
++$code.=<<___	if ($flavour !~ /64/);
+ 	 vmov.32	${ivec}3, $tctr1
+ 	 rev		$tctr2,$ctr
++___
++$code.=<<___;
+ 	aese		$tmp1,q14
+ 	aesmc		$tmp1,$tmp1
++___
++$code.=<<___	if ($flavour =~ /64/);
++	 vmov.32	${dat1}3, $tctr1
++	 rev		$tctr2,$ctr
++	aese		$tmp2,q14
++	aesmc		$tmp2,$tmp2
++	 vmov.32	${dat2}3, $tctr2
++___
++$code.=<<___	if ($flavour !~ /64/);
+ 	 vorr		$dat1,$ivec,$ivec
+ 	 vmov.32	${ivec}3, $tctr2
+ 	aese		$tmp2,q14
+ 	aesmc		$tmp2,$tmp2
+ 	 vorr		$dat2,$ivec,$ivec
++___
++$code.=<<___;
+ 	 subs		$len,$len,#3
+ 	aese		$tmp0,q15
+ 	aese		$tmp1,q15
+-- 
+1.8.3.1
+

_service:tar_scm:astyle-html-help.patch Deleted

_service:tar_scm:astyle-r655-gcc8-vector-at-end.patch Deleted

_service:tar_scm:backport-APPS-x509-With-CA-but-both-CAserial-and-CAcreateseri.patch Added

@@ -0,0 +1,187 @@
+From 55eafed6fbefbc1e725bf7b17b2bbca083a457fc Mon Sep 17 00:00:00 2001
+From: "Dr. David von Oheimb" <David.von.Oheimb@siemens.com>
+Date: Mon, 30 May 2022 16:53:05 +0200
+Subject: PATCH APPS/x509: With -CA but both -CAserial and -CAcreateserial
+ not given, use random serial.
+
+Also improve openssl-x509.pod.in and error handling of load_serial() in apps.c.
+Backported from https://github.com/openssl/openssl/pull/18373
+
+Reviewed-by: Hugo Landau <hlandau@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
+(Merged from https://github.com/openssl/openssl/pull/18803)
+---
+ apps/apps.c       | 15 +++++++++++++--
+ apps/apps.h       |  9 ++++++---
+ apps/ca.c         |  6 ++++--
+ apps/x509.c       | 12 ++++++++----
+ doc/man1/x509.pod | 12 +++++++-----
+ 5 files changed, 38 insertions(+), 16 deletions(-)
+
+diff --git a/apps/apps.c b/apps/apps.c
+index db5b48e4cf..f2447fb0be 100644
+--- a/apps/apps.c
++++ b/apps/apps.c
+@@ -1376,7 +1376,8 @@ static IMPLEMENT_LHASH_HASH_FN(index_name, OPENSSL_CSTRING)
+ static IMPLEMENT_LHASH_COMP_FN(index_name, OPENSSL_CSTRING)
+ #undef BSIZE
+ #define BSIZE 256
+-BIGNUM *load_serial(const char *serialfile, int create, ASN1_INTEGER **retai)
++BIGNUM *load_serial(const char *serialfile, int *exists, int create,
++                    ASN1_INTEGER **retai)
+ {
+     BIO *in = NULL;
+     BIGNUM *ret = NULL;
+@@ -1388,6 +1389,8 @@ BIGNUM *load_serial(const char *serialfile, int create, ASN1_INTEGER **retai)
+         goto err;
+ 
+     in = BIO_new_file(serialfile, "r");
++    if (exists != NULL)
++        *exists = in != NULL;
+     if (in == NULL) {
+         if (!create) {
+             perror(serialfile);
+@@ -1395,8 +1398,14 @@ BIGNUM *load_serial(const char *serialfile, int create, ASN1_INTEGER **retai)
+         }
+         ERR_clear_error();
+         ret = BN_new();
+-        if (ret == NULL || !rand_serial(ret, ai))
++        if (ret == NULL) {
+             BIO_printf(bio_err, "Out of memory\n");
++        } else if (!rand_serial(ret, ai)) {
++            BIO_printf(bio_err, "Error creating random number to store in %s\n",
++                       serialfile);
++            BN_free(ret);
++            ret = NULL;
++        }
+     } else {
+         if (!a2i_ASN1_INTEGER(in, ai, buf, 1024)) {
+             BIO_printf(bio_err, "unable to load number from %s\n",
+@@ -1416,6 +1425,8 @@ BIGNUM *load_serial(const char *serialfile, int create, ASN1_INTEGER **retai)
+         ai = NULL;
+     }
+  err:
++    if (ret == NULL)
++        ERR_print_errors(bio_err);
+     BIO_free(in);
+     ASN1_INTEGER_free(ai);
+     return ret;
+diff --git a/apps/apps.h b/apps/apps.h
+index 34c3fd8633..775342b4f3 100644
+--- a/apps/apps.h
++++ b/apps/apps.h
+@@ -527,9 +527,12 @@ typedef struct ca_db_st {
+ } CA_DB;
+ 
+ void* app_malloc(int sz, const char *what);
+-BIGNUM *load_serial(const char *serialfile, int create, ASN1_INTEGER **retai);
+-int save_serial(const char *serialfile, const char *suffix, const BIGNUM *serial,
+-                ASN1_INTEGER **retai);
++
++/* load_serial, save_serial, and rotate_serial are also used for CRL numbers */
++BIGNUM *load_serial(const char *serialfile, int *exists, int create,
++                    ASN1_INTEGER **retai);
++int save_serial(const char *serialfile, const char *suffix,
++                const BIGNUM *serial, ASN1_INTEGER **retai);
+ int rotate_serial(const char *serialfile, const char *new_suffix,
+                   const char *old_suffix);
+ int rand_serial(BIGNUM *b, ASN1_INTEGER *ai);
+diff --git a/apps/ca.c b/apps/ca.c
+index 390ac37493..ad01bba55a 100755
+--- a/apps/ca.c
++++ b/apps/ca.c
+@@ -842,7 +842,8 @@ end_of_options:
+                 goto end;
+             }
+         } else {
+-            if ((serial = load_serial(serialfile, create_ser, NULL)) == NULL) {
++            serial = load_serial(serialfile, NULL, create_ser, NULL);
++            if (serial == NULL) {
+                 BIO_printf(bio_err, "error while loading serial number\n");
+                 goto end;
+             }
+@@ -1078,7 +1079,8 @@ end_of_options:
+ 
+         if ((crlnumberfile = NCONF_get_string(conf, section, ENV_CRLNUMBER))
+             != NULL)
+-            if ((crlnumber = load_serial(crlnumberfile, 0, NULL)) == NULL) {
++            if ((crlnumber = load_serial(crlnumberfile, NULL, 0, NULL))
++                == NULL) {
+                 BIO_printf(bio_err, "error while loading CRL number\n");
+                 goto end;
+             }
+diff --git a/apps/x509.c b/apps/x509.c
+index 1f53504209..67a70e7fea 100644
+--- a/apps/x509.c
++++ b/apps/x509.c
+@@ -400,7 +400,7 @@ int x509_main(int argc, char **argv)
+             aliasout = ++num;
+             break;
+         case OPT_CACREATESERIAL:
+-            CA_createserial = ++num;
++            CA_createserial = 1;
+             break;
+         case OPT_CLREXT:
+             clrext = 1;
+@@ -916,6 +916,7 @@ static ASN1_INTEGER *x509_load_serial(const char *CAfile,
+     char *buf = NULL;
+     ASN1_INTEGER *bs = NULL;
+     BIGNUM *serial = NULL;
++    int defaultfile = 0, file_exists;
+ 
+     if (serialfile == NULL) {
+         const char *p = strrchr(CAfile, '.');
+@@ -925,9 +926,10 @@ static ASN1_INTEGER *x509_load_serial(const char *CAfile,
+         memcpy(buf, CAfile, len);
+         memcpy(buf + len, POSTFIX, sizeof(POSTFIX));
+         serialfile = buf;
++        defaultfile = 1;
+     }
+ 
+-    serial = load_serial(serialfile, create, NULL);
++    serial = load_serial(serialfile, &file_exists, create || defaultfile, NULL);
+     if (serial == NULL)
+         goto end;
+ 
+@@ -936,8 +938,10 @@ static ASN1_INTEGER *x509_load_serial(const char *CAfile,
+         goto end;
+     }
+ 
+-    if (!save_serial(serialfile, NULL, serial, &bs))
+-        goto end;
++    if (file_exists || create)
++        save_serial(serialfile, NULL, serial, &bs);
++    else
++        bs = BN_to_ASN1_INTEGER(serial, NULL);
+ 
+  end:
+     OPENSSL_free(buf);
+diff --git a/doc/man1/x509.pod b/doc/man1/x509.pod
+index 3c9b2f2263..67d131389a 100644
+--- a/doc/man1/x509.pod
++++ b/doc/man1/x509.pod
+@@ -443,13 +443,15 @@ The default filename consists of the CA certificate file base name with
+ ".srl" appended. For example if the CA certificate file is called
+ "mycacert.pem" it expects to find a serial number file called "mycacert.srl".
+ 
++If the B<-CA> option is specified and both the <-CAserial> and <-CAcreateserial>
++options are not given and the default serial number file does not exist,
++a random number is generated; this is the recommended practice.
++
+ =item B<-CAcreateserial>
+ 
+-With this option the CA serial number file is created if it does not exist:
+-it will contain the serial number "02" and the certificate being signed will
+-have the 1 as its serial number. If the B<-CA> option is specified
+-and the serial number file does not exist a random number is generated;
+-this is the recommended practice.
++With this option the CA serial number file is created if it does not exist.
++A random number is generated, used for the certificate, and saved into the
++serial number file in that case.
+ 
+ =item B<-extfile filename>
+ 
+-- 
+2.17.1
+

_service:tar_scm:backport-Add-an-extra-reduction-step-to-RSAZ-mod_exp-implemen.patch Added

@@ -0,0 +1,123 @@
+From 8438d3a7b7309cbea521d3628fddeda7bd6d6e20 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Thu, 9 Jun 2022 16:20:05 +0200
+Subject: PATCH Add an extra reduction step to RSAZ mod_exp implementations
+
+Inspired by BoringSSL fix by David Benjamin.
+
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Paul Dale <pauli@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/18511)
+---
+ crypto/bn/rsaz_exp.c                   |  8 ++++++++
+ crypto/bn/rsaz_exp.h                   | 23 +++++++++++++++++++++++
+ test/recipes/10-test_bn_data/bnmod.txt | 10 ++++------
+ 3 files changed, 35 insertions(+), 6 deletions(-)
+
+diff --git a/crypto/bn/rsaz_exp.c b/crypto/bn/rsaz_exp.c
+index 22455b8a63..5c5cd4c282 100644
+--- a/crypto/bn/rsaz_exp.c
++++ b/crypto/bn/rsaz_exp.c
+@@ -66,6 +66,7 @@ void RSAZ_1024_mod_exp_avx2(BN_ULONG result_norm16,
+     unsigned char *R2 = table_s; /* borrow */
+     int index;
+     int wvalue;
++    BN_ULONG tmp16;
+ 
+     if ((((size_t)p_str & 4095) + 320) >> 12) {
+         result = p_str;
+@@ -237,7 +238,10 @@ void RSAZ_1024_mod_exp_avx2(BN_ULONG result_norm16,
+ 
+     rsaz_1024_red2norm_avx2(result_norm, result);
+ 
++    bn_reduce_once_in_place(result_norm, /*carry=*/0, m_norm, tmp, 16);
++
+     OPENSSL_cleanse(storage, sizeof(storage));
++    OPENSSL_cleanse(tmp, sizeof(tmp));
+ }
+ 
+ /*
+@@ -266,6 +270,7 @@ void RSAZ_512_mod_exp(BN_ULONG result8,
+     unsigned char *p_str = (unsigned char *)exponent;
+     int index;
+     unsigned int wvalue;
++    BN_ULONG tmp8;
+ 
+     /* table0 = 1_inv */
+     temp0 = 0 - m0;
+@@ -309,7 +314,10 @@ void RSAZ_512_mod_exp(BN_ULONG result8,
+     /* from Montgomery */
+     rsaz_512_mul_by_one(result, temp, m, k0);
+ 
++    bn_reduce_once_in_place(result, /*carry=*/0, m, tmp, 8);
++
+     OPENSSL_cleanse(storage, sizeof(storage));
++    OPENSSL_cleanse(tmp, sizeof(tmp));
+ }
+ 
+ #endif
+diff --git a/crypto/bn/rsaz_exp.h b/crypto/bn/rsaz_exp.h
+index 88f65a4bae..606496d45a 100644
+--- a/crypto/bn/rsaz_exp.h
++++ b/crypto/bn/rsaz_exp.h
+@@ -22,6 +22,8 @@
+ #  define RSAZ_ENABLED
+ 
+ #  include <openssl/bn.h>
++#  include "internal/constant_time.h"
++#  include "bn_local.h"
+ 
+ void RSAZ_1024_mod_exp_avx2(BN_ULONG result16,
+                             const BN_ULONG base_norm16,
+@@ -35,6 +37,27 @@ void RSAZ_512_mod_exp(BN_ULONG result8,
+                       const BN_ULONG m_norm8, BN_ULONG k0,
+                       const BN_ULONG RR8);
+ 
++static ossl_inline void bn_select_words(BN_ULONG *r, BN_ULONG mask,
++                                        const BN_ULONG *a,
++                                        const BN_ULONG *b, size_t num)
++{
++    size_t i;
++
++    for (i = 0; i < num; i++) {
++        ri = constant_time_select_64(mask, ai, bi);
++    }
++}
++
++static ossl_inline BN_ULONG bn_reduce_once_in_place(BN_ULONG *r,
++                                                    BN_ULONG carry,
++                                                    const BN_ULONG *m,
++                                                    BN_ULONG *tmp, size_t num)
++{
++    carry -= bn_sub_words(tmp, r, m, num);
++    bn_select_words(r, carry, r /* tmp < 0 */, tmp /* tmp >= 0 */, num);
++    return carry;
++}
++
+ # endif
+ 
+ #endif
+diff --git a/test/recipes/10-test_bn_data/bnmod.txt b/test/recipes/10-test_bn_data/bnmod.txt
+index 69f8af43d5..edde03bd62 100644
+--- a/test/recipes/10-test_bn_data/bnmod.txt
++++ b/test/recipes/10-test_bn_data/bnmod.txt
+@@ -2493,12 +2493,10 @@ E = ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
+ M = 8f42c9e9e351ba9b32ab0cf69da43f4acf7028d19cff6e5059ea0e3fcc97c97f36a31470044737d4c0c933ac441ecb29e32c81401523afdac7de9c3fd8493c97
+ 
+ # 1024-bit
+-# TODO(davidben): This test breaks the RSAZ implementation. Fix it and enable
+-# this test.
+-# ModExp = 00
+-# A = 800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002f
+-# E = ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
+-# M = 9da8dc26fdf4d2e49833b240ee552beb7a6e251caa91bfb5d6cafaf8ed9461877fda8f6ac299036d35806bc1ae7872e54eaac1ec6bee6d02c6621a9cf8883b3abc33c49b3e601203e0e86ef8f0562412cc689ee2670704583909ca6d7774c9f9f9f4d77d37fedef9cb51d207cb629ec02fa03b526fd6594bfa8f2da71238a0b7
++ModExp = 00
++A = 800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002f
++E = ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
++M = 9da8dc26fdf4d2e49833b240ee552beb7a6e251caa91bfb5d6cafaf8ed9461877fda8f6ac299036d35806bc1ae7872e54eaac1ec6bee6d02c6621a9cf8883b3abc33c49b3e601203e0e86ef8f0562412cc689ee2670704583909ca6d7774c9f9f9f4d77d37fedef9cb51d207cb629ec02fa03b526fd6594bfa8f2da71238a0b7
+ 
+ # 1025-bit
+ ModExp = 00
+-- 
+2.17.1
+

_service:tar_scm:backport-Add-missing-header-for-memcmp.patch Added

_service:tar_scm:backport-Add-test-for-EC_KEY_set_private_key.patch Added

@@ -0,0 +1,71 @@
+From 1c2f52bed3ebee6222cf078278074c72717df4ec Mon Sep 17 00:00:00 2001
+From: Roberto Hueso Gomez <roberto@robertohueso.org>
+Date: Mon, 1 Aug 2022 02:08:47 +0200
+Subject: PATCH Add test for EC_KEY_set_private_key()
+
+This tests the behavior and API of the EC_KEY_set_private_key function.
+It tests compliance with legacy features related to NULL private keys
+too.
+
+Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/18874)
+---
+ test/ec_internal_test.c | 34 ++++++++++++++++++++++++++++++++++
+ 1 file changed, 34 insertions(+)
+
+diff --git a/test/ec_internal_test.c b/test/ec_internal_test.c
+index 45a36ab94a..4da842a8a7 100644
+--- a/test/ec_internal_test.c
++++ b/test/ec_internal_test.c
+@@ -183,6 +183,39 @@ static int field_tests_default(int n)
+     return ret;
+ }
+ 
++/*
++ * Tests behavior of the EC_KEY_set_private_key
++ */
++static int set_private_key(void)
++{
++    EC_KEY *key = NULL, *aux_key = NULL;
++    int testresult = 0;
++
++    key = EC_KEY_new_by_curve_name(NID_secp224r1);
++    aux_key = EC_KEY_new_by_curve_name(NID_secp224r1);
++    if (!TEST_ptr(key)
++        || !TEST_ptr(aux_key)
++        || !TEST_int_eq(EC_KEY_generate_key(key), 1)
++        || !TEST_int_eq(EC_KEY_generate_key(aux_key), 1))
++        goto err;
++
++    /* Test setting a valid private key */
++    if (!TEST_int_eq(EC_KEY_set_private_key(key, aux_key->priv_key), 1))
++        goto err;
++
++    /* Test compliance with legacy behavior for NULL private keys */
++    if (!TEST_int_eq(EC_KEY_set_private_key(key, NULL), 0)
++        || !TEST_ptr_null(key->priv_key))
++        goto err;
++
++    testresult = 1;
++
++ err:
++    EC_KEY_free(key);
++    EC_KEY_free(aux_key);
++    return testresult;
++}
++
+ /*
+  * Tests behavior of the decoded_from_explicit_params flag and API
+  */
+@@ -337,6 +370,7 @@ int setup_tests(void)
+     ADD_TEST(field_tests_ec2_simple);
+ #endif
+     ADD_ALL_TESTS(field_tests_default, crv_len);
++    ADD_TEST(set_private_key);
+     ADD_TEST(decoded_flag_test);
+     ADD_ALL_TESTS(ecpkparams_i2d2i_test, crv_len);
+ 
+-- 
+2.17.1
+

_service:tar_scm:backport-Add-test-for-empty-supported-groups-extension.patch Added

@@ -0,0 +1,157 @@
+From c7d6c08290b67cbeef2b4f636f04788ea405520a Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Fri, 29 Apr 2022 17:02:19 +0200
+Subject: PATCH Add test for empty supported-groups extension
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/18213)
+---
+ test/recipes/80-test_ssl_new.t             |  4 +-
+ test/ssl-tests/16-certstatus.conf          |  0
+ test/ssl-tests/30-supported-groups.conf    | 54 ++++++++++++++++++++++
+ test/ssl-tests/30-supported-groups.conf.in | 45 ++++++++++++++++++
+ 4 files changed, 102 insertions(+), 1 deletion(-)
+ delete mode 100644 test/ssl-tests/16-certstatus.conf
+ create mode 100644 test/ssl-tests/30-supported-groups.conf
+ create mode 100644 test/ssl-tests/30-supported-groups.conf.in
+
+diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t
+index 81d8f59a70..fa62b30850 100644
+--- a/test/recipes/80-test_ssl_new.t
++++ b/test/recipes/80-test_ssl_new.t
+@@ -28,7 +28,7 @@ map { s/\^// } @conf_files if $^O eq "VMS";
+ 
+ # We hard-code the number of tests to double-check that the globbing above
+ # finds all files as expected.
+-plan tests => 29;  # = scalar @conf_srcs
++plan tests => 30;  # = scalar @conf_srcs
+ 
+ # Some test results depend on the configuration of enabled protocols. We only
+ # verify generated sources in the default configuration.
+@@ -70,6 +70,8 @@ my %conf_dependent_tests = (
+   "25-cipher.conf" => disabled("poly1305") || disabled("chacha"),
+   "27-ticket-appdata.conf" => !$is_default_tls,
+   "28-seclevel.conf" => disabled("tls1_2") || $no_ec,
++  "30-supported-groups.conf" => disabled("tls1_2") || disabled("tls1_3")
++                                || $no_ec || $no_ec2m
+ );
+ 
+ # Add your test here if it should be skipped for some compile-time
+diff --git a/test/ssl-tests/16-certstatus.conf b/test/ssl-tests/16-certstatus.conf
+deleted file mode 100644
+index e69de29bb2..0000000000
+diff --git a/test/ssl-tests/30-supported-groups.conf b/test/ssl-tests/30-supported-groups.conf
+new file mode 100644
+index 0000000000..4280db7114
+--- /dev/null
++++ b/test/ssl-tests/30-supported-groups.conf
+@@ -0,0 +1,54 @@
++# Generated with generate_ssl_tests.pl
++
++num_tests = 2
++
++test-0 = 0-Just a sanity test case
++test-1 = 1-Pass with empty groups with TLS1.2
++# ===========================================================
++
++0-Just a sanity test case
++ssl_conf = 0-Just a sanity test case-ssl
++
++0-Just a sanity test case-ssl
++server = 0-Just a sanity test case-server
++client = 0-Just a sanity test case-client
++
++0-Just a sanity test case-server
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++0-Just a sanity test case-client
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++test-0
++ExpectedResult = Success
++
++
++# ===========================================================
++
++1-Pass with empty groups with TLS1.2
++ssl_conf = 1-Pass with empty groups with TLS1.2-ssl
++
++1-Pass with empty groups with TLS1.2-ssl
++server = 1-Pass with empty groups with TLS1.2-server
++client = 1-Pass with empty groups with TLS1.2-client
++
++1-Pass with empty groups with TLS1.2-server
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++1-Pass with empty groups with TLS1.2-client
++CipherString = DEFAULT
++Groups = sect163k1
++MaxProtocol = TLSv1.2
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++test-1
++ExpectedResult = Success
++
++
+diff --git a/test/ssl-tests/30-supported-groups.conf.in b/test/ssl-tests/30-supported-groups.conf.in
+new file mode 100644
+index 0000000000..438a07a11f
+--- /dev/null
++++ b/test/ssl-tests/30-supported-groups.conf.in
+@@ -0,0 +1,45 @@
++# -*- mode: perl; -*-
++# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
++#
++# Licensed under the OpenSSL license (the "License").  You may not use
++# this file except in compliance with the License.  You can obtain a copy
++# in the file LICENSE in the source distribution or at
++# https://www.openssl.org/source/license.html
++
++
++## SSL test configurations
++
++package ssltests;
++use OpenSSL::Test::Utils;
++
++our @tests = (
++    {
++        name => "Just a sanity test case",
++        server => { },
++        client => { },
++        test   => { "ExpectedResult" => "Success" },
++    },
++);
++
++our @tests_tls1_3 = (
++    {
++        name => "Fail empty groups with TLS1.3",
++        server => { },
++        client => { "Groups" => "sect163k1" },
++        test   => { "ExpectedResult" => "ClientFail" },
++    },
++);
++
++our @tests_tls1_2 = (
++    {
++        name => "Pass with empty groups with TLS1.2",
++        server => { },
++        client => { "Groups" => "sect163k1",
++                    "MaxProtocol" => "TLSv1.2" },
++        test   => { "ExpectedResult" => "Success" },
++    },
++);
++
++push @tests, @tests_tls1_3 unless disabled("tls1_3")
++                                  || !disabled("ec2m") || disabled("ec");
++push @tests, @tests_tls1_2 unless disabled("tls1_2") || disabled("ec");
+-- 
+2.17.1
+

_service:tar_scm:backport-Always-end-BN_mod_exp_mont_consttime-with-normal-Mon.patch Added

@@ -0,0 +1,406 @@
+From 0ed27fb7a8d85685cb671bf0a1e41bcdfc2624dc Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Thu, 9 Jun 2022 12:34:55 +0200
+Subject: PATCH Always end BN_mod_exp_mont_consttime with normal Montgomery
+ reduction.
+
+This partially fixes a bug where, on x86_64, BN_mod_exp_mont_consttime
+would sometimes return m, the modulus, when it should have returned
+zero. Thanks to Guido Vranken for reporting it. It is only a partial fix
+because the same bug also exists in the "rsaz" codepath.
+
+The bug only affects zero outputs (with non-zero inputs), so we believe
+it has no security impact on our cryptographic functions.
+
+The fx is to delete lowercase bn_from_montgomery altogether, and have the
+mont5 path use the same BN_from_montgomery ending as the non-mont5 path.
+This only impacts the final step of the whole exponentiation and has no
+measurable perf impact.
+
+See the original BoringSSL commit
+https://boringssl.googlesource.com/boringssl/+/13c9d5c69d04485a7a8840c12185c832026c8315
+for further analysis.
+
+Original-author: David Benjamin <davidben@google.com>
+
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Paul Dale <pauli@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/18511)
+---
+ crypto/bn/asm/x86_64-mont5.pl          | 196 -------------------------
+ crypto/bn/bn_exp.c                     |  44 +++---
+ test/recipes/10-test_bn_data/bnmod.txt |  67 +++++++++
+ 3 files changed, 93 insertions(+), 214 deletions(-)
+
+diff --git a/crypto/bn/asm/x86_64-mont5.pl b/crypto/bn/asm/x86_64-mont5.pl
+index 8c37d132e4..cc7b610145 100755
+--- a/crypto/bn/asm/x86_64-mont5.pl
++++ b/crypto/bn/asm/x86_64-mont5.pl
+@@ -2101,193 +2101,6 @@ __bn_post4x_internal:
+ .size	__bn_post4x_internal,.-__bn_post4x_internal
+ ___
+ }
+-{
+-$code.=<<___;
+-.globl	bn_from_montgomery
+-.type	bn_from_montgomery,\@abi-omnipotent
+-.align	32
+-bn_from_montgomery:
+-.cfi_startproc
+-	testl	\$7,`($win64?"48(%rsp)":"%r9d")`
+-	jz	bn_from_mont8x
+-	xor	%eax,%eax
+-	ret
+-.cfi_endproc
+-.size	bn_from_montgomery,.-bn_from_montgomery
+-
+-.type	bn_from_mont8x,\@function,6
+-.align	32
+-bn_from_mont8x:
+-.cfi_startproc
+-	.byte	0x67
+-	mov	%rsp,%rax
+-.cfi_def_cfa_register	%rax
+-	push	%rbx
+-.cfi_push	%rbx
+-	push	%rbp
+-.cfi_push	%rbp
+-	push	%r12
+-.cfi_push	%r12
+-	push	%r13
+-.cfi_push	%r13
+-	push	%r14
+-.cfi_push	%r14
+-	push	%r15
+-.cfi_push	%r15
+-.Lfrom_prologue:
+-
+-	shl	\$3,${num}d		# convert $num to bytes
+-	lea	($num,$num,2),%r10	# 3*$num in bytes
+-	neg	$num
+-	mov	($n0),$n0		# *n0
+-
+-	##############################################################
+-	# Ensure that stack frame doesn't alias with $rptr+3*$num
+-	# modulo 4096, which covers retnum, amnum and nnum
+-	# (see bn_exp.c). The stack is allocated to aligned with
+-	# bn_power5's frame, and as bn_from_montgomery happens to be
+-	# last operation, we use the opportunity to cleanse it.
+-	#
+-	lea	-320(%rsp,$num,2),%r11
+-	mov	%rsp,%rbp
+-	sub	$rptr,%r11
+-	and	\$4095,%r11
+-	cmp	%r11,%r10
+-	jb	.Lfrom_sp_alt
+-	sub	%r11,%rbp		# align with $aptr
+-	lea	-320(%rbp,$num,2),%rbp	# future alloca(frame+2*$num*8+256)
+-	jmp	.Lfrom_sp_done
+-
+-.align	32
+-.Lfrom_sp_alt:
+-	lea	4096-320(,$num,2),%r10
+-	lea	-320(%rbp,$num,2),%rbp	# future alloca(frame+2*$num*8+256)
+-	sub	%r10,%r11
+-	mov	\$0,%r10
+-	cmovc	%r10,%r11
+-	sub	%r11,%rbp
+-.Lfrom_sp_done:
+-	and	\$-64,%rbp
+-	mov	%rsp,%r11
+-	sub	%rbp,%r11
+-	and	\$-4096,%r11
+-	lea	(%rbp,%r11),%rsp
+-	mov	(%rsp),%r10
+-	cmp	%rbp,%rsp
+-	ja	.Lfrom_page_walk
+-	jmp	.Lfrom_page_walk_done
+-
+-.Lfrom_page_walk:
+-	lea	-4096(%rsp),%rsp
+-	mov	(%rsp),%r10
+-	cmp	%rbp,%rsp
+-	ja	.Lfrom_page_walk
+-.Lfrom_page_walk_done:
+-
+-	mov	$num,%r10
+-	neg	$num
+-
+-	##############################################################
+-	# Stack layout
+-	#
+-	# +0	saved $num, used in reduction section
+-	# +8	&t2*$num, used in reduction section
+-	# +32	saved *n0
+-	# +40	saved %rsp
+-	# +48	t2*$num
+-	#
+-	mov	$n0,  32(%rsp)
+-	mov	%rax, 40(%rsp)		# save original %rsp
+-.cfi_cfa_expression	%rsp+40,deref,+8
+-.Lfrom_body:
+-	mov	$num,%r11
+-	lea	48(%rsp),%rax
+-	pxor	%xmm0,%xmm0
+-	jmp	.Lmul_by_1
+-
+-.align	32
+-.Lmul_by_1:
+-	movdqu	($aptr),%xmm1
+-	movdqu	16($aptr),%xmm2
+-	movdqu	32($aptr),%xmm3
+-	movdqa	%xmm0,(%rax,$num)
+-	movdqu	48($aptr),%xmm4
+-	movdqa	%xmm0,16(%rax,$num)
+-	.byte	0x48,0x8d,0xb6,0x40,0x00,0x00,0x00	# lea	64($aptr),$aptr
+-	movdqa	%xmm1,(%rax)
+-	movdqa	%xmm0,32(%rax,$num)
+-	movdqa	%xmm2,16(%rax)
+-	movdqa	%xmm0,48(%rax,$num)
+-	movdqa	%xmm3,32(%rax)
+-	movdqa	%xmm4,48(%rax)
+-	lea	64(%rax),%rax
+-	sub	\$64,%r11
+-	jnz	.Lmul_by_1
+-
+-	movq	$rptr,%xmm1
+-	movq	$nptr,%xmm2
+-	.byte	0x67
+-	mov	$nptr,%rbp
+-	movq	%r10, %xmm3		# -num
+-___
+-$code.=<<___ if ($addx);
+-	mov	OPENSSL_ia32cap_P+8(%rip),%r11d
+-	and	\$0x80108,%r11d
+-	cmp	\$0x80108,%r11d		# check for AD*X+BMI2+BMI1
+-	jne	.Lfrom_mont_nox
+-
+-	lea	(%rax,$num),$rptr
+-	call	__bn_sqrx8x_reduction
+-	call	__bn_postx4x_internal
+-
+-	pxor	%xmm0,%xmm0
+-	lea	48(%rsp),%rax
+-	jmp	.Lfrom_mont_zero
+-
+-.align	32
+-.Lfrom_mont_nox:
+-___
+-$code.=<<___;
+-	call	__bn_sqr8x_reduction
+-	call	__bn_post4x_internal
+-
+-	pxor	%xmm0,%xmm0
+-	lea	48(%rsp),%rax
+-	jmp	.Lfrom_mont_zero
+-
+-.align	32
+-.Lfrom_mont_zero:
+-	mov	40(%rsp),%rsi		# restore %rsp

_service:tar_scm:backport-Avoid-potential-memory-leak.patch Added

@@ -0,0 +1,36 @@
+From c02fff5aecd4d002143a0e901f3dde3d14934a18 Mon Sep 17 00:00:00 2001
+From: Dmitry Belyavskiy <beldmit@gmail.com>
+Date: Mon, 7 Mar 2022 17:05:57 +0100
+Subject: PATCH Avoid potential memory leak
+
+Resolves #17827
+
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+Reviewed-by: Paul Dale <pauli@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/17828)
+
+(cherry picked from commit 175355923046921a689b500f7a72455f7095708f)
+---
+ crypto/x509v3/v3_utl.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c
+index 40d8f31554..83a4bc8a06 100644
+--- a/crypto/x509v3/v3_utl.c
++++ b/crypto/x509v3/v3_utl.c
+@@ -538,8 +538,11 @@ static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, const ASN1_IA5STRING *email
+         return 0;
+ 
+     emtmp = OPENSSL_strndup((char *)email->data, email->length);
+-    if (emtmp == NULL)
++    if (emtmp == NULL) {
++        X509_email_free(*sk);
++        *sk = NULL;
+         return 0;
++    }
+ 
+     /* Don't add duplicates */
+     if (sk_OPENSSL_STRING_find(*sk, emtmp) != -1) {
+-- 
+2.17.1
+

_service:tar_scm:backport-CVE-2022-4304-Fix-Timing-Oracle-in-RSA-decryption.patch Added

@@ -0,0 +1,799 @@
+From 43d8f88511991533f53680a751e9326999a6a31f Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Fri, 20 Jan 2023 15:26:54 +0000
+Subject: PATCH Fix Timing Oracle in RSA decryption
+
+A timing based side channel exists in the OpenSSL RSA Decryption
+implementation which could be sufficient to recover a plaintext across
+a network in a Bleichenbacher style attack. To achieve a successful
+decryption an attacker would have to be able to send a very large number
+of trial messages for decryption. The vulnerability affects all RSA
+padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.
+
+Patch written by Dmitry Belyavsky and Hubert Kario
+
+CVE-2022-4304
+
+Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+---
+ crypto/bn/bn_blind.c    |  14 -
+ crypto/bn/bn_err.c      |   2 +
+ crypto/bn/bn_local.h    |  14 +
+ crypto/bn/build.info    |   3 +-
+ crypto/bn/rsa_sup_mul.c | 614 ++++++++++++++++++++++++++++++++++++++++
+ crypto/err/openssl.txt  |   3 +-
+ crypto/rsa/rsa_ossl.c   |  17 +-
+ include/crypto/bn.h     |   5 +
+ include/openssl/bnerr.h |   1 +
+ 9 files changed, 653 insertions(+), 20 deletions(-)
+ create mode 100644 crypto/bn/rsa_sup_mul.c
+
+diff --git a/crypto/bn/bn_blind.c b/crypto/bn/bn_blind.c
+index 76fc7ebcff..6e9d239321 100644
+--- a/crypto/bn/bn_blind.c
++++ b/crypto/bn/bn_blind.c
+@@ -13,20 +13,6 @@
+ 
+ #define BN_BLINDING_COUNTER     32
+ 
+-struct bn_blinding_st {
+-    BIGNUM *A;
+-    BIGNUM *Ai;
+-    BIGNUM *e;
+-    BIGNUM *mod;                /* just a reference */
+-    CRYPTO_THREAD_ID tid;
+-    int counter;
+-    unsigned long flags;
+-    BN_MONT_CTX *m_ctx;
+-    int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+-                       const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+-    CRYPTO_RWLOCK *lock;
+-};
+-
+ BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod)
+ {
+     BN_BLINDING *ret = NULL;
+diff --git a/crypto/bn/bn_err.c b/crypto/bn/bn_err.c
+index dd87c152cf..3dd8d9a568 100644
+--- a/crypto/bn/bn_err.c
++++ b/crypto/bn/bn_err.c
+@@ -73,6 +73,8 @@ static const ERR_STRING_DATA BN_str_functs = {
+     {ERR_PACK(ERR_LIB_BN, BN_F_BN_SET_WORDS, 0), "bn_set_words"},
+     {ERR_PACK(ERR_LIB_BN, BN_F_BN_STACK_PUSH, 0), "BN_STACK_push"},
+     {ERR_PACK(ERR_LIB_BN, BN_F_BN_USUB, 0), "BN_usub"},
++    {ERR_PACK(ERR_LIB_BN, BN_F_OSSL_BN_RSA_DO_UNBLIND, 0),
++    "ossl_bn_rsa_do_unblind"},
+     {0, NULL}
+ };
+ 
+diff --git a/crypto/bn/bn_local.h b/crypto/bn/bn_local.h
+index 62a969b134..4d8cb64675 100644
+--- a/crypto/bn/bn_local.h
++++ b/crypto/bn/bn_local.h
+@@ -283,6 +283,20 @@ struct bn_gencb_st {
+     } cb;
+ };
+ 
++struct bn_blinding_st {
++    BIGNUM *A;
++    BIGNUM *Ai;
++    BIGNUM *e;
++    BIGNUM *mod;                /* just a reference */
++    CRYPTO_THREAD_ID tid;
++    int counter;
++    unsigned long flags;
++    BN_MONT_CTX *m_ctx;
++    int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
++                       const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
++    CRYPTO_RWLOCK *lock;
++};
++
+ /*-
+  * BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions
+  *
+diff --git a/crypto/bn/build.info b/crypto/bn/build.info
+index b9ed5322fa..c9fe2fdada 100644
+--- a/crypto/bn/build.info
++++ b/crypto/bn/build.info
+@@ -5,7 +5,8 @@ SOURCE../../libcrypto=\
+         bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c \
+         {- $target{bn_asm_src} -} \
+         bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \
+-        bn_depr.c bn_const.c bn_x931p.c bn_intern.c bn_dh.c bn_srp.c
++        bn_depr.c bn_const.c bn_x931p.c bn_intern.c bn_dh.c bn_srp.c \
++        rsa_sup_mul.c
+ 
+ INCLUDEbn_exp.o=..
+ 
+diff --git a/crypto/bn/rsa_sup_mul.c b/crypto/bn/rsa_sup_mul.c
+new file mode 100644
+index 0000000000..acafefd5fe
+--- /dev/null
++++ b/crypto/bn/rsa_sup_mul.c
+@@ -0,0 +1,614 @@
++#include <openssl/e_os2.h>
++#include <stddef.h>
++#include <sys/types.h>
++#include <string.h>
++#include <openssl/bn.h>
++#include <openssl/err.h>
++#include <openssl/rsaerr.h>
++#include "internal/numbers.h"
++#include "internal/constant_time.h"
++#include "bn_local.h"
++
++# if BN_BYTES == 8
++typedef uint64_t limb_t;
++#  if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__ == 16
++/* nonstandard; implemented by gcc on 64-bit platforms */
++typedef __uint128_t limb2_t;
++#   define HAVE_LIMB2_T
++#  endif
++#  define LIMB_BIT_SIZE 64
++#  define LIMB_BYTE_SIZE 8
++# elif BN_BYTES == 4
++typedef uint32_t limb_t;
++typedef uint64_t limb2_t;
++#  define LIMB_BIT_SIZE 32
++#  define LIMB_BYTE_SIZE 4
++#  define HAVE_LIMB2_T
++# else
++#  error "Not supported"
++# endif
++
++/*
++ * For multiplication we're using schoolbook multiplication,
++ * so if we have two numbers, each with 6 "digits" (words)
++ * the multiplication is calculated as follows:
++ *                        A B C D E F
++ *                     x  I J K L M N
++ *                     --------------
++ *                                N*F
++ *                              N*E
++ *                            N*D
++ *                          N*C
++ *                        N*B
++ *                      N*A
++ *                              M*F
++ *                            M*E
++ *                          M*D
++ *                        M*C
++ *                      M*B
++ *                    M*A
++ *                            L*F
++ *                          L*E
++ *                        L*D
++ *                      L*C
++ *                    L*B
++ *                  L*A
++ *                          K*F
++ *                        K*E
++ *                      K*D
++ *                    K*C
++ *                  K*B
++ *                K*A
++ *                        J*F
++ *                      J*E
++ *                    J*D
++ *                  J*C
++ *                J*B
++ *              J*A
++ *                      I*F
++ *                    I*E
++ *                  I*D
++ *                I*C
++ *              I*B
++ *         +  I*A
++ *         ==========================
++ *                        N*B N*D N*F
++ *                    + N*A N*C N*E
++ *                    + M*B M*D M*F
++ *                  + M*A M*C M*E
++ *                  + L*B L*D L*F
++ *                + L*A L*C L*E
++ *                + K*B K*D K*F
++ *              + K*A K*C K*E
++ *              + J*B J*D J*F
++ *            + J*A J*C J*E
++ *            + I*B I*D I*F

_service:tar_scm:backport-CVE-2022-4450-Avoid-dangling-ptrs-in-header-and-data-params-for-PE.patch Added

@@ -0,0 +1,41 @@
+From bbcf509bd046b34cca19c766bbddc31683d0858b Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Tue, 13 Dec 2022 14:54:55 +0000
+Subject: PATCH Avoid dangling ptrs in header and data params for
+ PEM_read_bio_ex
+
+In the event of a failure in PEM_read_bio_ex() we free the buffers we
+allocated for the header and data buffers. However we were not clearing
+the ptrs stored in *header and *data. Since, on success, the caller is
+responsible for freeing these ptrs this can potentially lead to a double
+free if the caller frees them even on failure.
+
+Thanks to Dawei Wang for reporting this issue.
+
+Based on a proposed patch by Kurt Roeckx.
+
+CVE-2022-4450
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Hugo Landau <hlandau@openssl.org>
+---
+ crypto/pem/pem_lib.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
+index d416d939ea..328c30cdbb 100644
+--- a/crypto/pem/pem_lib.c
++++ b/crypto/pem/pem_lib.c
+@@ -957,7 +957,9 @@ int PEM_read_bio_ex(BIO *bp, char **name_out, char **header,
+     *data = pem_malloc(len, flags);
+     if (*header == NULL || *data == NULL) {
+         pem_free(*header, flags, 0);
++        *header = NULL;
+         pem_free(*data, flags, 0);
++        *data = NULL;
+         goto end;
+     }
+     BIO_read(headerB, *header, headerlen);
+-- 
+2.17.1
+

_service:tar_scm:backport-CVE-2023-0215-Check-CMS-failure-during-BIO-setup-with-stream-is-ha.patch Added

@@ -0,0 +1,80 @@
+From f040f2577891d2bdb7610566c172233844cf673a Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Wed, 14 Dec 2022 17:15:18 +0000
+Subject: PATCH Check CMS failure during BIO setup with -stream is handled
+ correctly
+
+Test for the issue fixed in the previous commit
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+---
+ test/recipes/80-test_cms.t  | 15 +++++++++++++--
+ test/smime-certs/badrsa.pem | 18 ++++++++++++++++++
+ 2 files changed, 31 insertions(+), 2 deletions(-)
+ create mode 100644 test/smime-certs/badrsa.pem
+
+diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
+index 5dc6a3aebe..ec11bfc253 100644
+--- a/test/recipes/80-test_cms.t
++++ b/test/recipes/80-test_cms.t
+@@ -13,7 +13,7 @@ use warnings;
+ use POSIX;
+ use File::Spec::Functions qw/catfile/;
+ use File::Compare qw/compare_text/;
+-use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file/;
++use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file with/;
+ use OpenSSL::Test::Utils;
+ 
+ setup("test_cms");
+@@ -27,7 +27,7 @@ my $smcont   = srctop_file("test", "smcont.txt");
+ my ($no_des, $no_dh, $no_dsa, $no_ec, $no_ec2m, $no_rc2, $no_zlib)
+     = disabled qw/des dh dsa ec ec2m rc2 zlib/;
+ 
+-plan tests => 6;
++plan tests => 7;
+ 
+ my @smime_pkcs7_tests = (
+ 
+@@ -584,3 +584,14 @@ sub check_availability {
+ 
+     return "";
+ }
++
++# Check that we get the expected failure return code
++with({ exit_checker => sub { return shift == 6; } },
++    sub {
++        ok(run(app('openssl', 'cms', '-encrypt',
++                    '-in', srctop_file("test", "smcont.txt"),
++                    '-stream', '-recip',
++                    srctop_file("test/smime-certs", "badrsa.pem"),
++                   )),
++            "Check failure during BIO setup with -stream is handled correctly");
++    });
+diff --git a/test/smime-certs/badrsa.pem b/test/smime-certs/badrsa.pem
+new file mode 100644
+index 0000000000..f824fc2267
+--- /dev/null
++++ b/test/smime-certs/badrsa.pem
+@@ -0,0 +1,18 @@
++-----BEGIN CERTIFICATE-----
++MIIDbTCCAlWgAwIBAgIToTV4Z0iuK08vZP20oTh//hC8BDANBgkqhkiG9w0BAQ0FADAtMSswKQYD
++VfcDEyJTYW1wbGUgTEFNUFMgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoY
++DzIwNTIwOTI3MDY1NDE4WjAZMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcN
++AQEBBQADggEPADCCAQoCggEBALT0iehYOBY+TZp/T5K2KNI05Hwr+E3wP6XTvyi6WWyTgBK9LCOw
++I2juwdRrjFBmXkk7pWpjXwsA3A5GOtz0FpfgyC7OxsVcF7q4WHWZWleYXFKlQHJD73nQwXP968+A
++/3rBX7PhO0DBbZnfitOLPgPEwjTtdg0VQQ6Wz+CRQ/YbHPKaw7aRphZO63dKvIKp4cQVtkWQHi6s
++yTjGsgkLcLNau5LZDQUdsGV+SAo3nBdWCRYV+I65x8Kf4hCxqqmjV3d/2NKRu0BXnDe/N+iDz3X0
++zEoj0fqXgq4SWcC0nsG1lyyXt1TL270I6ATKRGJWiQVCCpDtc0NT6vdJ45bCSxgCAwEAAaOBlzCB
++lDAMBgNVHRMBAf8EAjAAMB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAww
++CgYIKwYBBQUHAwQwDwYDVR0PAQH/BAUDAwfAADAdBgNVHQ4EFgQUu/bMsi0dBhIcl64papAQ0yBm
++ZnMwHwYDVR0jBBgwFoAUeF8OWnjYa+RUcD2z3ez38fL6wEcwDQYJKoZIhvcNAQENBQADggEBABbW
++eonR6TMTckehDKNOabwaCIcekahAIL6l9tTzUX5ew6ufiAPlC6I/zQlmUaU0iSyFDG1NW14kNbFt
++5CAokyLhMtE4ASHBIHbiOp/ZSbUBTVYJZB61ot7w1/ol5QECSs08b8zrxIncf+t2DHGuVEy/Qq1d
++rBz8d4ay8zpqAE1tUyL5Da6ZiKUfWwZQXSI/JlbjQFzYQqTRDnzHWrg1xPeMTO1P2/cplFaseTiv
++yk4cYwOp/W9UAWymOZXF8WcJYCIUXkdcG/nEZxr057KlScrJmFXOoh7Y+8ON4iWYYcAfiNgpUFo/
++j8BAwrKKaFvdlZS9k1Ypb2+UQY75mKJE9Bg=
++-----END CERTIFICATE-----
+-- 
+2.17.1
+

_service:tar_scm:backport-CVE-2023-0215-Fix-a-UAF-resulting-from-a-bug-in-BIO_new_NDEF.patch Added

@@ -0,0 +1,106 @@
+From c3829dd8825c654652201e16f8a0a0c46ee3f344 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Wed, 14 Dec 2022 16:18:14 +0000
+Subject: PATCH Fix a UAF resulting from a bug in BIO_new_NDEF
+
+If the aux->asn1_cb() call fails in BIO_new_NDEF then the "out" BIO will
+be part of an invalid BIO chain. This causes a "use after free" when the
+BIO is eventually freed.
+
+Based on an original patch by Viktor Dukhovni and an idea from Theo
+Buehler.
+
+Thanks to Octavio Galland for reporting this issue.
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+---
+ crypto/asn1/bio_ndef.c | 39 ++++++++++++++++++++++++++++++++-------
+ 1 file changed, 32 insertions(+), 7 deletions(-)
+
+diff --git a/crypto/asn1/bio_ndef.c b/crypto/asn1/bio_ndef.c
+index 760e4846a4..f8d4b1b9aa 100644
+--- a/crypto/asn1/bio_ndef.c
++++ b/crypto/asn1/bio_ndef.c
+@@ -49,12 +49,19 @@ static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg);
+ static int ndef_suffix_free(BIO *b, unsigned char **pbuf, int *plen,
+                             void *parg);
+ 
++/*
++ * On success, the returned BIO owns the input BIO as part of its BIO chain.
++ * On failure, NULL is returned and the input BIO is owned by the caller.
++ *
++ * Unfortunately cannot constify this due to CMS_stream() and PKCS7_stream()
++ */
+ BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it)
+ {
+     NDEF_SUPPORT *ndef_aux = NULL;
+     BIO *asn_bio = NULL;
+     const ASN1_AUX *aux = it->funcs;
+     ASN1_STREAM_ARG sarg;
++    BIO *pop_bio = NULL;
+ 
+     if (!aux || !aux->asn1_cb) {
+         ASN1err(ASN1_F_BIO_NEW_NDEF, ASN1_R_STREAMING_NOT_SUPPORTED);
+@@ -69,21 +76,39 @@ BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it)
+     out = BIO_push(asn_bio, out);
+     if (out == NULL)
+         goto err;
++    pop_bio = asn_bio;
+ 
+-    BIO_asn1_set_prefix(asn_bio, ndef_prefix, ndef_prefix_free);
+-    BIO_asn1_set_suffix(asn_bio, ndef_suffix, ndef_suffix_free);
++    if (BIO_asn1_set_prefix(asn_bio, ndef_prefix, ndef_prefix_free) <= 0
++            || BIO_asn1_set_suffix(asn_bio, ndef_suffix, ndef_suffix_free) <= 0
++            || BIO_ctrl(asn_bio, BIO_C_SET_EX_ARG, 0, ndef_aux) <= 0)
++        goto err;
+ 
+     /*
+-     * Now let callback prepends any digest, cipher etc BIOs ASN1 structure
+-     * needs.
++     * Now let the callback prepend any digest, cipher, etc., that the BIO's
++     * ASN1 structure needs.
+      */
+ 
+     sarg.out = out;
+     sarg.ndef_bio = NULL;
+     sarg.boundary = NULL;
+ 
+-    if (aux->asn1_cb(ASN1_OP_STREAM_PRE, &val, it, &sarg) <= 0)
++    /*
++     * The asn1_cb(), must not have mutated asn_bio on error, leaving it in the
++     * middle of some partially built, but not returned BIO chain.
++     */
++    if (aux->asn1_cb(ASN1_OP_STREAM_PRE, &val, it, &sarg) <= 0) {
++        /*
++         * ndef_aux is now owned by asn_bio so we must not free it in the err
++         * clean up block
++         */
++        ndef_aux = NULL;
+         goto err;
++    }
++
++    /*
++     * We must not fail now because the callback has prepended additional
++     * BIOs to the chain
++     */
+ 
+     ndef_aux->val = val;
+     ndef_aux->it = it;
+@@ -91,11 +116,11 @@ BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it)
+     ndef_aux->boundary = sarg.boundary;
+     ndef_aux->out = out;
+ 
+-    BIO_ctrl(asn_bio, BIO_C_SET_EX_ARG, 0, ndef_aux);
+-
+     return sarg.ndef_bio;
+ 
+  err:
++    /* BIO_pop() is NULL safe */
++    (void)BIO_pop(pop_bio);
+     BIO_free(asn_bio);
+     OPENSSL_free(ndef_aux);
+     return NULL;
+-- 
+2.17.1
+

_service:tar_scm:backport-CVE-2023-0286-Fix-GENERAL_NAME_cmp-for-x400Address-1.patch Added

@@ -0,0 +1,62 @@
+From 2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9 Mon Sep 17 00:00:00 2001
+From: Hugo Landau <hlandau@openssl.org>
+Date: Tue, 17 Jan 2023 17:45:42 +0000
+Subject: PATCH CVE-2023-0286: Fix GENERAL_NAME_cmp for x400Address (1.1.1)
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+---
+ crypto/x509v3/v3_genn.c  |  2 +-
+ include/openssl/x509v3.h |  2 +-
+ test/v3nametest.c        |  8 ++++++++
+ 4 files changed, 27 insertions(+), 3 deletions(-)
+
+ 
+diff --git a/crypto/x509v3/v3_genn.c b/crypto/x509v3/v3_genn.c
+index 87a5eff47c..e54ddc55c9 100644
+--- a/crypto/x509v3/v3_genn.c
++++ b/crypto/x509v3/v3_genn.c
+@@ -98,7 +98,7 @@ int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b)
+         return -1;
+     switch (a->type) {
+     case GEN_X400:
+-        result = ASN1_TYPE_cmp(a->d.x400Address, b->d.x400Address);
++        result = ASN1_STRING_cmp(a->d.x400Address, b->d.x400Address);
+         break;
+ 
+     case GEN_EDIPARTY:
+diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h
+index 90fa3592ce..e61c0f29d4 100644
+--- a/include/openssl/x509v3.h
++++ b/include/openssl/x509v3.h
+@@ -136,7 +136,7 @@ typedef struct GENERAL_NAME_st {
+         OTHERNAME *otherName;   /* otherName */
+         ASN1_IA5STRING *rfc822Name;
+         ASN1_IA5STRING *dNSName;
+-        ASN1_TYPE *x400Address;
++        ASN1_STRING *x400Address;
+         X509_NAME *directoryName;
+         EDIPARTYNAME *ediPartyName;
+         ASN1_IA5STRING *uniformResourceIdentifier;
+diff --git a/test/v3nametest.c b/test/v3nametest.c
+index d1852190b8..37819da8fd 100644
+--- a/test/v3nametest.c
++++ b/test/v3nametest.c
+@@ -646,6 +646,14 @@ static struct gennamedata {
+             0xb7, 0x09, 0x02, 0x02
+         },
+         15
++    }, {
++        /*
++         * Regression test for CVE-2023-0286.
++         */
++        {
++            0xa3, 0x00
++        },
++        2
+     }
+ };
+ 
+-- 
+2.17.1
+

_service:tar_scm:backport-Check-password-length-only-when-verify-is-enabled.patch Added

@@ -0,0 +1,30 @@
+From 0a9bb445893b4a98ad1588aef2d14c29e6c4c5e3 Mon Sep 17 00:00:00 2001
+From: Daniel Fiala <daniel@openssl.org>
+Date: Wed, 16 Mar 2022 07:42:55 +0100
+Subject: PATCH Check password length only when verify is enabled.
+
+Fixes #16231.
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/17899)
+---
+ apps/apps.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/apps/apps.c b/apps/apps.c
+index 1a92271595..db5b48e4cf 100644
+--- a/apps/apps.c
++++ b/apps/apps.c
+@@ -307,6 +307,8 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
+         if (cb_data != NULL && cb_data->password != NULL
+                 && *(const char*)cb_data->password != '\0')
+             pw_min_len = 1;
++        else if (!verify)
++            pw_min_len = 0;
+         prompt = UI_construct_prompt(ui, "pass phrase", prompt_info);
+         if (!prompt) {
+             BIO_printf(bio_err, "Out of memory\n");
+-- 
+2.17.1
+

_service:tar_scm:backport-Convert-serverinfo-in-SSL_CTX_use_serverinfo-to-v2.patch Added

@@ -0,0 +1,376 @@
+From 6e6aad333f26694ff39aba1e59b358e3f25a9a1d Mon Sep 17 00:00:00 2001
+From: Daniel Fiala <daniel@openssl.org>
+Date: Sun, 28 Aug 2022 11:53:32 +0200
+Subject: PATCH Convert serverinfo in SSL_CTX_use_serverinfo() to v2.
+
+Fixes #18183.
+
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Hugo Landau <hlandau@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/19081)
+---
+ ssl/ssl_rsa.c     |  81 ++++++++++++++++------
+ test/sslapitest.c | 171 +++++++++++++++++++++++++++++++---------------
+ 2 files changed, 177 insertions(+), 75 deletions(-)
+
+diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
+index 6457c0c0ef..3535c95354 100644
+--- a/ssl/ssl_rsa.c
++++ b/ssl/ssl_rsa.c
+@@ -727,6 +727,34 @@ static int serverinfoex_srv_parse_cb(SSL *s, unsigned int ext_type,
+     return 1;
+ }
+ 
++static size_t extension_contextoff(unsigned int version)
++{
++    return version == SSL_SERVERINFOV1 ? 4 : 0;
++}
++
++static size_t extension_append_length(unsigned int version, size_t extension_length)
++{
++    return extension_length + extension_contextoff(version);
++}
++
++static void extension_append(unsigned int version,
++                             const unsigned char *extension,
++                             const size_t extension_length,
++                             unsigned char *serverinfo)
++{
++    const size_t contextoff = extension_contextoff(version);
++
++    if (contextoff > 0) {
++        /* We know this only uses the last 2 bytes */
++        serverinfo0 = 0;
++        serverinfo1 = 0;
++        serverinfo2 = (SYNTHV1CONTEXT >> 8) & 0xff;
++        serverinfo3 = SYNTHV1CONTEXT & 0xff;
++    }
++
++    memcpy(serverinfo + contextoff, extension, extension_length);
++}
++
+ static int serverinfo_srv_parse_cb(SSL *s, unsigned int ext_type,
+                                    const unsigned char *in,
+                                    size_t inlen, int *al, void *arg)
+@@ -842,12 +870,36 @@ int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version,
+                               const unsigned char *serverinfo,
+                               size_t serverinfo_length)
+ {
+-    unsigned char *new_serverinfo;
++    unsigned char *new_serverinfo = NULL;
+ 
+     if (ctx == NULL || serverinfo == NULL || serverinfo_length == 0) {
+         SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_EX, ERR_R_PASSED_NULL_PARAMETER);
+         return 0;
+     }
++    if (version == SSL_SERVERINFOV1) {
++        /*
++         * Convert serverinfo version v1 to v2 and call yourself recursively
++         * over the converted serverinfo.
++         */
++        const size_t sinfo_length = extension_append_length(SSL_SERVERINFOV1,
++                                                            serverinfo_length);
++        unsigned char *sinfo;
++        int ret;
++
++        sinfo = OPENSSL_malloc(sinfo_length);
++        if (sinfo == NULL) {
++            SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_EX, ERR_R_MALLOC_FAILURE);
++            return 0;
++        }
++
++        extension_append(SSL_SERVERINFOV1, serverinfo, serverinfo_length, sinfo);
++
++        ret = SSL_CTX_use_serverinfo_ex(ctx, SSL_SERVERINFOV2, sinfo,
++                                        sinfo_length);
++
++        OPENSSL_free(sinfo);
++        return ret;
++    }
+     if (!serverinfo_process_buffer(version, serverinfo, serverinfo_length,
+                                    NULL)) {
+         SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_EX, SSL_R_INVALID_SERVERINFO_DATA);
+@@ -899,7 +951,7 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
+     char namePrefix2 = "SERVERINFOV2 FOR ";
+     int ret = 0;
+     BIO *bin = NULL;
+-    size_t num_extensions = 0, contextoff = 0;
++    size_t num_extensions = 0;
+ 
+     if (ctx == NULL || file == NULL) {
+         SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_PASSED_NULL_PARAMETER);
+@@ -918,6 +970,7 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
+ 
+     for (num_extensions = 0;; num_extensions++) {
+         unsigned int version;
++        size_t append_length;
+ 
+         if (PEM_read_bio(bin, &name, &header, &extension, &extension_length)
+             == 0) {
+@@ -962,11 +1015,6 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
+                 SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_BAD_DATA);
+                 goto end;
+             }
+-            /*
+-             * File does not have a context value so we must take account of
+-             * this later.
+-             */
+-            contextoff = 4;
+         } else {
+             /* 8 byte header: 4 bytes context, 2 bytes type, 2 bytes len */
+             if (extension_length < 8
+@@ -977,25 +1025,16 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
+             }
+         }
+         /* Append the decoded extension to the serverinfo buffer */
+-        tmp = OPENSSL_realloc(serverinfo, serverinfo_length + extension_length
+-                                          + contextoff);
++        append_length = extension_append_length(version, extension_length);
++        tmp = OPENSSL_realloc(serverinfo, serverinfo_length + append_length);
+         if (tmp == NULL) {
+             SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_MALLOC_FAILURE);
+             goto end;
+         }
+         serverinfo = tmp;
+-        if (contextoff > 0) {
+-            unsigned char *sinfo = serverinfo + serverinfo_length;
+-
+-            /* We know this only uses the last 2 bytes */
+-            sinfo0 = 0;
+-            sinfo1 = 0;
+-            sinfo2 = (SYNTHV1CONTEXT >> 8) & 0xff;
+-            sinfo3 = SYNTHV1CONTEXT & 0xff;
+-        }
+-        memcpy(serverinfo + serverinfo_length + contextoff,
+-               extension, extension_length);
+-        serverinfo_length += extension_length + contextoff;
++        extension_append(version, extension, extension_length,
++                         serverinfo + serverinfo_length);
++        serverinfo_length += append_length;
+ 
+         OPENSSL_free(name);
+         name = NULL;
+diff --git a/test/sslapitest.c b/test/sslapitest.c
+index 7197e15cac..685c28d934 100644
+--- a/test/sslapitest.c
++++ b/test/sslapitest.c
+@@ -85,20 +85,6 @@ struct sslapitest_log_counts {
+ };
+ 
+ 
+-static unsigned char serverinfov1 = {
+-    0xff, 0xff, /* Dummy extension type */
+-    0x00, 0x01, /* Extension length is 1 byte */
+-    0xff        /* Dummy extension data */
+-};
+-
+-static unsigned char serverinfov2 = {
+-    0x00, 0x00, 0x00,
+-    (unsigned char)(SSL_EXT_CLIENT_HELLO & 0xff), /* Dummy context - 4 bytes */
+-    0xff, 0xff, /* Dummy extension type */
+-    0x00, 0x01, /* Extension length is 1 byte */
+-    0xff        /* Dummy extension data */
+-};
+-
+ static int hostname_cb(SSL *s, int *al, void *arg)
+ {
+     const char *hostname = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
+@@ -4349,62 +4335,137 @@ end:
+     return testresult;
+ }
+ 
+-/*
+- * Test loading of serverinfo data in various formats. test_sslmessages actually
+- * tests to make sure the extensions appear in the handshake
+- */
+-static int test_serverinfo(int tst)
++#if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_TLS1_3)
++
++#define  SYNTHV1CONTEXT     (SSL_EXT_TLS1_2_AND_BELOW_ONLY \
++                             | SSL_EXT_CLIENT_HELLO \
++                             | SSL_EXT_TLS1_2_SERVER_HELLO \
++                             | SSL_EXT_IGNORE_ON_RESUMPTION)
++
++#define TLS13CONTEXT (SSL_EXT_TLS1_3_CERTIFICATE \
++                      | SSL_EXT_TLS1_2_SERVER_HELLO \
++                      | SSL_EXT_CLIENT_HELLO)
++
++#define SERVERINFO_CUSTOM                                 \

_service:tar_scm:backport-Coverity-1508534-1508540-misuses-of-time_t.patch Added

@@ -0,0 +1,67 @@
+From 552603edfed18f30466277d29b70939390fea65b Mon Sep 17 00:00:00 2001
+From: Pauli <pauli@openssl.org>
+Date: Tue, 16 Aug 2022 11:05:02 +1000
+Subject: PATCH Coverity 1508534 & 1508540:  misuses of time_t
+
+Avoid problems when the lower 32 bits of time_t roll over by delaying
+the cast to integer until after the time delta has been computed.
+
+Reviewed-by: Ben Kaduk <kaduk@mit.edu>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/19004)
+
+(cherry picked from commit a6cadcbdc3b4f3fbd0fd228e41177f0661b68264)
+---
+ ssl/statem/extensions_clnt.c | 5 ++---
+ ssl/statem/extensions_srvr.c | 5 ++---
+ 2 files changed, 4 insertions(+), 6 deletions(-)
+
+diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
+index b6f72d685c..1cbaefa9f1 100644
+--- a/ssl/statem/extensions_clnt.c
++++ b/ssl/statem/extensions_clnt.c
+@@ -1002,7 +1002,7 @@ EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context,
+                                   X509 *x, size_t chainidx)
+ {
+ #ifndef OPENSSL_NO_TLS1_3
+-    uint32_t now, agesec, agems = 0;
++    uint32_t agesec, agems = 0;
+     size_t reshashsize = 0, pskhashsize = 0, binderoffset, msglen;
+     unsigned char *resbinder = NULL, *pskbinder = NULL, *msgstart = NULL;
+     const EVP_MD *handmd = NULL, *mdres = NULL, *mdpsk = NULL;
+@@ -1059,8 +1059,7 @@ EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context,
+          * this in multiple places in the code, so portability shouldn't be an
+          * issue.
+          */
+-        now = (uint32_t)time(NULL);
+-        agesec = now - (uint32_t)s->session->time;
++        agesec = (uint32_t)(time(NULL) - s->session->time);
+         /*
+          * We calculate the age in seconds but the server may work in ms. Due to
+          * rounding errors we could overestimate the age by up to 1s. It is
+diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
+index 04f64f8106..f110053273 100644
+--- a/ssl/statem/extensions_srvr.c
++++ b/ssl/statem/extensions_srvr.c
+@@ -1167,7 +1167,7 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                 s->ext.early_data_ok = 1;
+             s->ext.ticket_expected = 1;
+         } else {
+-            uint32_t ticket_age = 0, now, agesec, agems;
++            uint32_t ticket_age = 0, agesec, agems;
+             int ret;
+ 
+             /*
+@@ -1209,8 +1209,7 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+             }
+ 
+             ticket_age = (uint32_t)ticket_agel;
+-            now = (uint32_t)time(NULL);
+-            agesec = now - (uint32_t)sess->time;
++            agesec = (uint32_t)(time(NULL) - sess->time);
+             agems = agesec * (uint32_t)1000;
+             ticket_age -= sess->ext.tick_age_add;
+ 
+-- 
+2.17.1
+

_service:tar_scm:backport-Do-not-send-an-empty-supported-groups-extension.patch Added

@@ -0,0 +1,54 @@
+From bd164884f258d99ca876f6cdcdf9bd0dcceee6ad Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Fri, 29 Apr 2022 16:36:36 +0200
+Subject: PATCH Do not send an empty supported groups extension
+
+This allows handshake to proceed if the maximum TLS version enabled is <1.3
+
+Fixes #13583
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/18213)
+---
+ CHANGES                      | 24 ++++++++++++++----------
+ ssl/statem/extensions_clnt.c | 16 +++++++++++++++-
+ 2 files changed, 29 insertions(+), 11 deletions(-)
+
+diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
+index 9d38ac23b5..036a9b3c48 100644
+--- a/ssl/statem/extensions_clnt.c
++++ b/ssl/statem/extensions_clnt.c
+@@ -118,6 +118,8 @@ static int use_ecc(SSL *s)
+     int i, end, ret = 0;
+     unsigned long alg_k, alg_a;
+     STACK_OF(SSL_CIPHER) *cipher_stack = NULL;
++    const uint16_t *pgroups = NULL;
++    size_t num_groups, j;
+ 
+     /* See if we support any ECC ciphersuites */
+     if (s->version == SSL3_VERSION)
+@@ -139,7 +141,19 @@ static int use_ecc(SSL *s)
+     }
+ 
+     sk_SSL_CIPHER_free(cipher_stack);
+-    return ret;
++    if (!ret)
++        return 0;
++
++    /* Check we have at least one EC supported group */
++    tls1_get_supported_groups(s, &pgroups, &num_groups);
++    for (j = 0; j < num_groups; j++) {
++        uint16_t ctmp = pgroupsj;
++
++        if (tls_curve_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED))
++            return 1;
++    }
++
++    return 0;
+ }
+ 
+ EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt,
+-- 
+2.17.1
+

_service:tar_scm:backport-Ensure-that-EXFLAG_INVALID_POLICY-is-checked-even-in.patch Added

@@ -0,0 +1,54 @@
+From b013765abfa80036dc779dd0e50602c57bb3bf95 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Tue, 7 Mar 2023 16:52:55 +0000
+Subject: PATCH Ensure that EXFLAG_INVALID_POLICY is checked even in leaf
+ certs
+
+Even though we check the leaf cert to confirm it is valid, we
+later ignored the invalid flag and did not notice that the leaf
+cert was bad.
+
+Fixes: CVE-2023-0465
+
+Reviewed-by: Hugo Landau <hlandau@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/20588)
+---
+ crypto/x509/x509_vfy.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
+index 925fbb5412..1dfe4f9f31 100644
+--- a/crypto/x509/x509_vfy.c
++++ b/crypto/x509/x509_vfy.c
+@@ -1649,18 +1649,25 @@ static int check_policy(X509_STORE_CTX *ctx)
+     }
+     /* Invalid or inconsistent extensions */
+     if (ret == X509_PCY_TREE_INVALID) {
+-        int i;
++        int i, cbcalled = 0;
+ 
+         /* Locate certificates with bad extensions and notify callback. */
+-        for (i = 1; i < sk_X509_num(ctx->chain); i++) {
++        for (i = 0; i < sk_X509_num(ctx->chain); i++) {
+             X509 *x = sk_X509_value(ctx->chain, i);
+ 
+             if (!(x->ex_flags & EXFLAG_INVALID_POLICY))
+                 continue;
++            cbcalled = 1;
+             if (!verify_cb_cert(ctx, x, i,
+                                 X509_V_ERR_INVALID_POLICY_EXTENSION))
+                 return 0;
+         }
++        if (!cbcalled) {
++            /* Should not be able to get here */
++            X509err(X509_F_CHECK_POLICY, ERR_R_INTERNAL_ERROR);
++            return 0;
++        }
++        /* The callback ignored the error so we return success */
+         return 1;
+     }
+     if (ret == X509_PCY_TREE_FAILURE) {
+-- 
+2.36.1
+

_service:tar_scm:backport-Fix-Coverity-1201763-uninitialised-pointer-read.patch Added

@@ -0,0 +1,37 @@
+From ad24941228eafe59fe3807d1659585c4d98eac97 Mon Sep 17 00:00:00 2001
+From: Pauli <pauli@openssl.org>
+Date: Wed, 16 Mar 2022 13:48:27 +1100
+Subject: PATCH Fix Coverity 1201763 uninitialised pointer read
+
+Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/17890)
+
+(cherry picked from commit a0238b7ed87998c48b1c92bad7fa82dcbba507f9)
+---
+ crypto/bn/bn_exp.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c
+index 9531acfc3c..451e88ac3c 100644
+--- a/crypto/bn/bn_exp.c
++++ b/crypto/bn/bn_exp.c
+@@ -188,13 +188,14 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+         return ret;
+     }
+ 
++    BN_RECP_CTX_init(&recp);
++
+     BN_CTX_start(ctx);
+     aa = BN_CTX_get(ctx);
+     val0 = BN_CTX_get(ctx);
+     if (val0 == NULL)
+         goto err;
+ 
+-    BN_RECP_CTX_init(&recp);
+     if (m->neg) {
+         /* ignore sign of 'm' */
+         if (!BN_copy(aa, m))
+-- 
+2.17.1
+

_service:tar_scm:backport-Fix-Coverity-1498611-1498608-uninitialised-read.patch Added

@@ -0,0 +1,37 @@
+From cd2471cd797ae5a6355814bb14a176af6a7d883f Mon Sep 17 00:00:00 2001
+From: Pauli <pauli@openssl.org>
+Date: Wed, 16 Mar 2022 14:21:01 +1100
+Subject: PATCH Fix Coverity 1498611 & 1498608: uninitialised read
+
+Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/17893)
+
+(cherry picked from commit 09134f183f76539aa1294adfef10fcc694e90267)
+---
+ ssl/ssl_lib.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
+index 9c411a3293..7383badce3 100644
+--- a/ssl/ssl_lib.c
++++ b/ssl/ssl_lib.c
+@@ -2084,6 +2084,7 @@ int SSL_shutdown(SSL *s)
+         if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
+             struct ssl_async_args args;
+ 
++            memset(&args, 0, sizeof(args));
+             args.s = s;
+             args.type = OTHERFUNC;
+             args.f.func_other = s->method->ssl_shutdown;
+@@ -3709,6 +3710,7 @@ int SSL_do_handshake(SSL *s)
+         if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
+             struct ssl_async_args args;
+ 
++            memset(&args, 0, sizeof(args));
+             args.s = s;
+ 
+             ret = ssl_start_async_job(s, &args, ssl_do_handshake_intern);
+-- 
+2.17.1
+

_service:tar_scm:backport-Fix-EC_KEY_set_private_key-priv_key-regression.patch Added

@@ -0,0 +1,42 @@
+From 143d7d4c791df8b9051356be51d9f77bc241fe4c Mon Sep 17 00:00:00 2001
+From: Roberto Hueso Gomez <roberto@robertohueso.org>
+Date: Tue, 26 Jul 2022 20:41:02 +0200
+Subject: PATCH Fix EC_KEY_set_private_key() priv_key regression
+
+This allows to set EC_KEY's private key to NULL and fixes regression
+issue following OTC guideline in
+https://github.com/openssl/openssl/issues/18744#issuecomment-1195175696
+
+Fixes #18744.
+
+Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/18874)
+---
+ crypto/ec/ec_key.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c
+index 3017f0936c..63799002bc 100644
+--- a/crypto/ec/ec_key.c
++++ b/crypto/ec/ec_key.c
+@@ -443,6 +443,16 @@ int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv_key)
+         && key->meth->set_private(key, priv_key) == 0)
+         return 0;
+ 
++    /*
++     * Return `0` to comply with legacy behavior for this function, see
++     * https://github.com/openssl/openssl/issues/18744#issuecomment-1195175696
++     */
++    if (priv_key == NULL) {
++        BN_clear_free(key->priv_key);
++        key->priv_key = NULL;
++        return 0; /* intentional for legacy compatibility */
++    }
++
+     /*
+      * We should never leak the bit length of the secret scalar in the key,
+      * so we always set the `BN_FLG_CONSTTIME` flag on the internal `BIGNUM`
+-- 
+2.17.1
+

_service:tar_scm:backport-Fix-NULL-pointer-dereference-for-BN_mod_exp2_mont.patch Added

@@ -0,0 +1,98 @@
+From 8845aeb3ed528491b9eccba365182f90540e5b95 Mon Sep 17 00:00:00 2001
+From: Hugo Landau <hlandau@openssl.org>
+Date: Tue, 1 Mar 2022 14:08:12 +0000
+Subject: PATCH Fix NULL pointer dereference for BN_mod_exp2_mont
+
+This fixes a bug whereby BN_mod_exp2_mont can dereference a NULL pointer
+if BIGNUM argument m represents zero.
+
+Regression test added. Fixes #17648. Backport from master to 1.1.
+
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Todd Short <todd.short@me.com>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/17787)
+---
+ crypto/bn/bn_exp2.c |  2 +-
+ test/bntest.c       | 45 +++++++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 46 insertions(+), 1 deletion(-)
+
+diff --git a/crypto/bn/bn_exp2.c b/crypto/bn/bn_exp2.c
+index e542abe46f..de3e249d78 100644
+--- a/crypto/bn/bn_exp2.c
++++ b/crypto/bn/bn_exp2.c
+@@ -32,7 +32,7 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
+     bn_check_top(p2);
+     bn_check_top(m);
+ 
+-    if (!(m->d0 & 1)) {
++    if (!BN_is_odd(m)) {
+         BNerr(BN_F_BN_MOD_EXP2_MONT, BN_R_CALLED_WITH_EVEN_MODULUS);
+         return 0;
+     }
+diff --git a/test/bntest.c b/test/bntest.c
+index bab34ba54b..390dd80073 100644
+--- a/test/bntest.c
++++ b/test/bntest.c
+@@ -2798,6 +2798,50 @@ static int test_mod_exp_consttime(int i)
+     return res;
+ }
+ 
++/*
++ * Regression test to ensure BN_mod_exp2_mont fails safely if argument m is
++ * zero.
++ */
++static int test_mod_exp2_mont(void)
++{
++    int res = 0;
++    BIGNUM *exp_result = NULL;
++    BIGNUM *exp_a1 = NULL, *exp_p1 = NULL, *exp_a2 = NULL, *exp_p2 = NULL,
++           *exp_m = NULL;
++
++    if (!TEST_ptr(exp_result = BN_new())
++            || !TEST_ptr(exp_a1 = BN_new())
++            || !TEST_ptr(exp_p1 = BN_new())
++            || !TEST_ptr(exp_a2 = BN_new())
++            || !TEST_ptr(exp_p2 = BN_new())
++            || !TEST_ptr(exp_m = BN_new()))
++        goto err;
++
++    if (!TEST_true(BN_one(exp_a1))
++            || !TEST_true(BN_one(exp_p1))
++            || !TEST_true(BN_one(exp_a2))
++            || !TEST_true(BN_one(exp_p2)))
++        goto err;
++
++    BN_zero(exp_m);
++
++    /* input of 0 is even, so must fail */
++    if (!TEST_int_eq(BN_mod_exp2_mont(exp_result, exp_a1, exp_p1, exp_a2,
++                exp_p2, exp_m, ctx, NULL), 0))
++        goto err;
++
++    res = 1;
++
++err:
++    BN_free(exp_result);
++    BN_free(exp_a1);
++    BN_free(exp_p1);
++    BN_free(exp_a2);
++    BN_free(exp_p2);
++    BN_free(exp_m);
++    return res;
++}
++
+ static int file_test_run(STANZA *s)
+ {
+     static const FILETEST filetests = {
+@@ -2906,6 +2950,7 @@ int setup_tests(void)
+         ADD_TEST(test_gcd_prime);
+         ADD_ALL_TESTS(test_mod_exp, (int)OSSL_NELEM(ModExpTests));
+         ADD_ALL_TESTS(test_mod_exp_consttime, (int)OSSL_NELEM(ModExpTests));
++        ADD_TEST(test_mod_exp2_mont);
+     } else {
+         ADD_ALL_TESTS(run_file_tests, n);
+     }
+-- 
+2.17.1
+

_service:tar_scm:backport-Fix-SSL_pending-and-SSL_has_pending-with-DTLS.patch Added

@@ -0,0 +1,89 @@
+From 01fc812cb0aafc3cfc271303b6646d1c0a86b020 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Mon, 25 Jul 2022 15:59:38 +0100
+Subject: PATCH Fix SSL_pending() and SSL_has_pending() with DTLS
+
+If app data is received before a Finished message in DTLS then we buffer
+it to return later. The function SSL_pending() is supposed to tell you
+how much processed app data we have already buffered, and SSL_has_pending()
+is supposed to tell you if we have any data buffered (whether processed or
+not, and whether app data or not).
+
+Neither SSL_pending() or SSL_has_pending() were taking account of this
+DTLS specific app data buffer.
+
+Reviewed-by: Hugo Landau <hlandau@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/18976)
+---
+ ssl/record/rec_layer_s3.c | 14 +++++++++++++-
+ ssl/ssl_lib.c             | 24 +++++++++++++++++++-----
+ 2 files changed, 32 insertions(+), 6 deletions(-)
+
+diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
+index 8249b4ace9..23cd4219e9 100644
+--- a/ssl/record/rec_layer_s3.c
++++ b/ssl/record/rec_layer_s3.c
+@@ -115,10 +115,22 @@ size_t ssl3_pending(const SSL *s)
+     if (s->rlayer.rstate == SSL_ST_READ_BODY)
+         return 0;
+ 
++    /* Take into account DTLS buffered app data */
++    if (SSL_IS_DTLS(s)) {
++        DTLS1_RECORD_DATA *rdata;
++        pitem *item, *iter;
++
++        iter = pqueue_iterator(s->rlayer.d->buffered_app_data.q);
++        while ((item = pqueue_next(&iter)) != NULL) {
++            rdata = item->data;
++            num += rdata->rrec.length;
++        }
++    }
++
+     for (i = 0; i < RECORD_LAYER_get_numrpipes(&s->rlayer); i++) {
+         if (SSL3_RECORD_get_type(&s->rlayer.rreci)
+             != SSL3_RT_APPLICATION_DATA)
+-            return 0;
++            return num;
+         num += SSL3_RECORD_get_length(&s->rlayer.rreci);
+     }
+ 
+diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
+index 25a1a44785..47adc3211c 100644
+--- a/ssl/ssl_lib.c
++++ b/ssl/ssl_lib.c
+@@ -1510,12 +1510,26 @@ int SSL_has_pending(const SSL *s)
+ {
+     /*
+      * Similar to SSL_pending() but returns a 1 to indicate that we have
+-     * unprocessed data available or 0 otherwise (as opposed to the number of
+-     * bytes available). Unlike SSL_pending() this will take into account
+-     * read_ahead data. A 1 return simply indicates that we have unprocessed
+-     * data. That data may not result in any application data, or we may fail
+-     * to parse the records for some reason.
++     * processed or unprocessed data available or 0 otherwise (as opposed to the
++     * number of bytes available). Unlike SSL_pending() this will take into
++     * account read_ahead data. A 1 return simply indicates that we have data.
++     * That data may not result in any application data, or we may fail to parse
++     * the records for some reason.
+      */
++
++    /* Check buffered app data if any first */
++    if (SSL_IS_DTLS(s)) {
++        DTLS1_RECORD_DATA *rdata;
++        pitem *item, *iter;
++
++        iter = pqueue_iterator(s->rlayer.d->buffered_app_data.q);
++        while ((item = pqueue_next(&iter)) != NULL) {
++            rdata = item->data;
++            if (rdata->rrec.length > 0)
++                return 1;
++        }
++    }
++
+     if (RECORD_LAYER_processed_read_pending(&s->rlayer))
+         return 1;
+ 
+-- 
+2.17.1
+

_service:tar_scm:backport-Fix-a-DTLS-server-hangup-due-to-TLS13_AD_MISSING_EXT.patch Added

@@ -0,0 +1,440 @@
+From 6e73a0a0bd608daecb8e2c1e46de9d1014194c84 Mon Sep 17 00:00:00 2001
+From: Bernd Edlinger <bernd.edlinger@hotmail.de>
+Date: Tue, 12 Apr 2022 08:27:21 +0200
+Subject: PATCH Fix a DTLS server hangup due to TLS13_AD_MISSING_EXTENSION
+
+This causes the DTLS server to enter an error state:
+
+./openssl s_server -dtls
+./openssl s_client -dtls -maxfraglen 512 -sess_out s1.txt
+...
+Q
+./openssl s_client -dtls -sess_in s1.txt
+CONNECTED(00000003)
+^C
+./openssl s_client -dtls
+CONNECTED(00000003)
+140335537067840:error:14102410:SSL routines:dtls1_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_d1.c:614:SSL alert number 40
+
+At this point the dtls server needs to be restarted,
+because verify_cookie_callback always fails, because
+the previous cookie is checked against the current one.
+The reason for this is not fully understood.
+
+In wireshark we see the following each time:
+c->s Client Hello (without cookie)
+s->c Hello Verify Request (with new cookie)
+s->c Alert (Level: Fatal, Description: Handshake Failure)
+c->s Client Hello (echoes new cookie)
+
+The client gives up when the Alert arrives.
+The Alert is triggered because the server calls
+verify_cookie_callback with the previous cookie,
+although it just sent the current cookie in the
+Hello Verify Request.
+
+However this does only happen because no Alert message
+is sent when the client re-connects the session with
+the missing -maxfraglen option.
+
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/18094)
+---
+ ssl/s3_enc.c                           |   2 +
+ ssl/t1_enc.c                           |   2 +
+ test/ssl-tests/10-resumption.conf      | 121 +++++++++++++++++++++++-
+ test/ssl-tests/11-dtls_resumption.conf | 124 ++++++++++++++++++++++++-
+ test/ssl-tests/protocol_version.pm     |  63 +++++++++++++
+ 5 files changed, 310 insertions(+), 2 deletions(-)
+
+diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
+index 8a89f512fe..eb1f36ac7e 100644
+--- a/ssl/s3_enc.c
++++ b/ssl/s3_enc.c
+@@ -589,6 +589,8 @@ int ssl3_alert_code(int code)
+         return TLS1_AD_NO_APPLICATION_PROTOCOL;
+     case SSL_AD_CERTIFICATE_REQUIRED:
+         return SSL_AD_HANDSHAKE_FAILURE;
++    case SSL_AD_MISSING_EXTENSION:
++        return SSL_AD_HANDSHAKE_FAILURE;
+     default:
+         return -1;
+     }
+diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
+index c85c0b0310..2087b274d1 100644
+--- a/ssl/t1_enc.c
++++ b/ssl/t1_enc.c
+@@ -672,6 +672,8 @@ int tls1_alert_code(int code)
+         return TLS1_AD_NO_APPLICATION_PROTOCOL;
+     case SSL_AD_CERTIFICATE_REQUIRED:
+         return SSL_AD_HANDSHAKE_FAILURE;
++    case SSL_AD_MISSING_EXTENSION:
++        return SSL_AD_HANDSHAKE_FAILURE;
+     default:
+         return -1;
+     }
+diff --git a/test/ssl-tests/10-resumption.conf b/test/ssl-tests/10-resumption.conf
+index 73de974ab0..a33a1d80e4 100644
+--- a/test/ssl-tests/10-resumption.conf
++++ b/test/ssl-tests/10-resumption.conf
+@@ -1,6 +1,6 @@
+ # Generated with generate_ssl_tests.pl
+ 
+-num_tests = 65
++num_tests = 68
+ 
+ test-0 = 0-resumption
+ test-1 = 1-resumption
+@@ -67,6 +67,9 @@ test-61 = 61-resumption
+ test-62 = 62-resumption
+ test-63 = 63-resumption
+ test-64 = 64-resumption-with-hrr
++test-65 = 65-resumption-when-mfl-ext-is-missing
++test-66 = 66-resumption-when-mfl-ext-is-different
++test-67 = 67-resumption-when-mfl-ext-is-correct
+ # ===========================================================
+ 
+ 0-resumption
+@@ -2437,3 +2440,119 @@ Method = TLS
+ ResumptionExpected = Yes
+ 
+ 
++# ===========================================================
++
++65-resumption-when-mfl-ext-is-missing
++ssl_conf = 65-resumption-when-mfl-ext-is-missing-ssl
++
++65-resumption-when-mfl-ext-is-missing-ssl
++server = 65-resumption-when-mfl-ext-is-missing-server
++client = 65-resumption-when-mfl-ext-is-missing-client
++resume-server = 65-resumption-when-mfl-ext-is-missing-server
++resume-client = 65-resumption-when-mfl-ext-is-missing-resume-client
++
++65-resumption-when-mfl-ext-is-missing-server
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++65-resumption-when-mfl-ext-is-missing-client
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++65-resumption-when-mfl-ext-is-missing-resume-client
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++test-65
++ExpectedResult = ServerFail
++HandshakeMode = Resume
++ResumptionExpected = No
++client = 65-resumption-when-mfl-ext-is-missing-client-extra
++
++65-resumption-when-mfl-ext-is-missing-client-extra
++MaxFragmentLenExt = 512
++
++
++# ===========================================================
++
++66-resumption-when-mfl-ext-is-different
++ssl_conf = 66-resumption-when-mfl-ext-is-different-ssl
++
++66-resumption-when-mfl-ext-is-different-ssl
++server = 66-resumption-when-mfl-ext-is-different-server
++client = 66-resumption-when-mfl-ext-is-different-client
++resume-server = 66-resumption-when-mfl-ext-is-different-server
++resume-client = 66-resumption-when-mfl-ext-is-different-resume-client
++
++66-resumption-when-mfl-ext-is-different-server
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++66-resumption-when-mfl-ext-is-different-client
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++66-resumption-when-mfl-ext-is-different-resume-client
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++
++test-66
++ExpectedResult = ServerFail
++HandshakeMode = Resume
++ResumptionExpected = No
++client = 66-resumption-when-mfl-ext-is-different-client-extra
++resume-client = 66-resumption-when-mfl-ext-is-different-resume-client-extra
++
++66-resumption-when-mfl-ext-is-different-client-extra
++MaxFragmentLenExt = 512
++
++66-resumption-when-mfl-ext-is-different-resume-client-extra
++MaxFragmentLenExt = 1024
++
++
++# ===========================================================
++
++67-resumption-when-mfl-ext-is-correct
++ssl_conf = 67-resumption-when-mfl-ext-is-correct-ssl
++
++67-resumption-when-mfl-ext-is-correct-ssl
++server = 67-resumption-when-mfl-ext-is-correct-server
++client = 67-resumption-when-mfl-ext-is-correct-client
++resume-server = 67-resumption-when-mfl-ext-is-correct-server
++resume-client = 67-resumption-when-mfl-ext-is-correct-resume-client
++
++67-resumption-when-mfl-ext-is-correct-server
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = DEFAULT
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
++
++67-resumption-when-mfl-ext-is-correct-client
++CipherString = DEFAULT
++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
++VerifyMode = Peer
++

_service:tar_scm:backport-Fix-a-crash-in-X509v3_asid_subset.patch Added

@@ -0,0 +1,161 @@
+From 8f078819556da83c15751678c39558a59bc746fc Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Thu, 9 Jun 2022 16:57:30 +0100
+Subject: PATCH Fix a crash in X509v3_asid_subset()
+
+If the asnum or rdi fields are NULL and the ASIdentifiers are otherwise
+subsets then this will result in a crash. Of note is that rdi will usually
+be NULL.
+
+Reported by Theo Buehler (@botovq)
+
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
+Reviewed-by: Todd Short <todd.short@me.com>
+(Merged from https://github.com/openssl/openssl/pull/18514)
+
+(cherry picked from commit 01fc9b6bce82f0534d6673659a0e59a71f57ee82)
+---
+ crypto/x509v3/v3_asid.c | 31 +++++++++++-----
+ test/v3ext.c            | 78 +++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 100 insertions(+), 9 deletions(-)
+
+diff --git a/crypto/x509v3/v3_asid.c b/crypto/x509v3/v3_asid.c
+index ac68572672..9bdc682978 100644
+--- a/crypto/x509v3/v3_asid.c
++++ b/crypto/x509v3/v3_asid.c
+@@ -700,15 +700,28 @@ static int asid_contains(ASIdOrRanges *parent, ASIdOrRanges *child)
+  */
+ int X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b)
+ {
+-    return (a == NULL ||
+-            a == b ||
+-            (b != NULL &&
+-             !X509v3_asid_inherits(a) &&
+-             !X509v3_asid_inherits(b) &&
+-             asid_contains(b->asnum->u.asIdsOrRanges,
+-                           a->asnum->u.asIdsOrRanges) &&
+-             asid_contains(b->rdi->u.asIdsOrRanges,
+-                           a->rdi->u.asIdsOrRanges)));
++    int subset;
++
++    if (a == NULL || a == b)
++        return 1;
++
++    if (b == NULL)
++        return 0;
++
++    if (X509v3_asid_inherits(a) || X509v3_asid_inherits(b))
++        return 0;
++
++    subset = a->asnum == NULL
++             || (b->asnum != NULL
++                 && asid_contains(b->asnum->u.asIdsOrRanges,
++                                  a->asnum->u.asIdsOrRanges));
++    if (!subset)
++        return 0;
++
++    return a->rdi == NULL
++           || (b->rdi != NULL
++               && asid_contains(b->rdi->u.asIdsOrRanges,
++                                a->rdi->u.asIdsOrRanges));
+ }
+ 
+ /*
+diff --git a/test/v3ext.c b/test/v3ext.c
+index 14ae49969d..1575e923da 100644
+--- a/test/v3ext.c
++++ b/test/v3ext.c
+@@ -37,11 +37,89 @@ end:
+     return ret;
+ }
+ 
++static int test_asid(void)
++{
++    ASN1_INTEGER *val1 = NULL, *val2 = NULL;
++    ASIdentifiers *asid1 = ASIdentifiers_new(), *asid2 = ASIdentifiers_new(),
++                  *asid3 = ASIdentifiers_new(), *asid4 = ASIdentifiers_new();
++    int testresult = 0;
++
++    if (!TEST_ptr(asid1)
++            || !TEST_ptr(asid2)
++            || !TEST_ptr(asid3))
++        goto err;
++
++    if (!TEST_ptr(val1 = ASN1_INTEGER_new())
++            || !TEST_true(ASN1_INTEGER_set_int64(val1, 64496)))
++        goto err;
++
++    if (!TEST_true(X509v3_asid_add_id_or_range(asid1, V3_ASID_ASNUM, val1, NULL)))
++        goto err;
++
++    val1 = NULL;
++    if (!TEST_ptr(val2 = ASN1_INTEGER_new())
++            || !TEST_true(ASN1_INTEGER_set_int64(val2, 64497)))
++        goto err;
++
++    if (!TEST_true(X509v3_asid_add_id_or_range(asid2, V3_ASID_ASNUM, val2, NULL)))
++        goto err;
++
++    val2 = NULL;
++    if (!TEST_ptr(val1 = ASN1_INTEGER_new())
++            || !TEST_true(ASN1_INTEGER_set_int64(val1, 64496))
++            || !TEST_ptr(val2 = ASN1_INTEGER_new())
++            || !TEST_true(ASN1_INTEGER_set_int64(val2, 64497)))
++        goto err;
++
++    /*
++     * Just tests V3_ASID_ASNUM for now. Could be extended at some point to also
++     * test V3_ASID_RDI if we think it is worth it.
++     */
++    if (!TEST_true(X509v3_asid_add_id_or_range(asid3, V3_ASID_ASNUM, val1, val2)))
++        goto err;
++    val1 = val2 = NULL;
++
++    /* Actual subsets */
++    if (!TEST_true(X509v3_asid_subset(NULL, NULL))
++            || !TEST_true(X509v3_asid_subset(NULL, asid1))
++            || !TEST_true(X509v3_asid_subset(asid1, asid1))
++            || !TEST_true(X509v3_asid_subset(asid2, asid2))
++            || !TEST_true(X509v3_asid_subset(asid1, asid3))
++            || !TEST_true(X509v3_asid_subset(asid2, asid3))
++            || !TEST_true(X509v3_asid_subset(asid3, asid3))
++            || !TEST_true(X509v3_asid_subset(asid4, asid1))
++            || !TEST_true(X509v3_asid_subset(asid4, asid2))
++            || !TEST_true(X509v3_asid_subset(asid4, asid3)))
++        goto err;
++
++    /* Not subsets */
++    if (!TEST_false(X509v3_asid_subset(asid1, NULL))
++            || !TEST_false(X509v3_asid_subset(asid1, asid2))
++            || !TEST_false(X509v3_asid_subset(asid2, asid1))
++            || !TEST_false(X509v3_asid_subset(asid3, asid1))
++            || !TEST_false(X509v3_asid_subset(asid3, asid2))
++            || !TEST_false(X509v3_asid_subset(asid1, asid4))
++            || !TEST_false(X509v3_asid_subset(asid2, asid4))
++            || !TEST_false(X509v3_asid_subset(asid3, asid4)))
++        goto err;
++
++    testresult = 1;
++ err:
++    ASN1_INTEGER_free(val1);
++    ASN1_INTEGER_free(val2);
++    ASIdentifiers_free(asid1);
++    ASIdentifiers_free(asid2);
++    ASIdentifiers_free(asid3);
++    ASIdentifiers_free(asid4);
++    return testresult;
++}
++
+ int setup_tests(void)
+ {
+     if (!TEST_ptr(infile = test_get_argument(0)))
+         return 0;
+ 
+     ADD_TEST(test_pathlen);
++    ADD_TEST(test_asid);
+     return 1;
+ }
+-- 
+2.17.1
+

_service:tar_scm:backport-Fix-a-crash-in-asn1_item_embed_new.patch Added

@@ -0,0 +1,93 @@
+From 8e60f41d064786f95440e4c56660ffe9777783d7 Mon Sep 17 00:00:00 2001
+From: Bernd Edlinger <bernd.edlinger@hotmail.de>
+Date: Fri, 20 May 2022 08:02:47 +0200
+Subject: PATCH Fix a crash in asn1_item_embed_new
+
+This happens usually if an template object is created
+and there is an out of memory error before the ASN1_OP_NEW_POST
+method is called, but asn1_item_embed_free calls now the
+ASN1_OP_FREE_POST which may crash because the object is not
+properly initialized.  Apparently that is only an issue with
+the ASN1_OP_FREE_POST handling of crypot/x509/x_crl.c, which
+ought to be tolerant to incomplete initialized objects.
+
+The error can be reproduced with the reproducible error injection patch:
+
+$ ERROR_INJECT=1652890550 ../util/shlib_wrap.sh ./asn1-test ./corpora/asn1/0ff17293911f54d1538b9896563a4048d67d9ee4
+    #0 0x7faae9dbeeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
+    #1 0x408dc4 in my_malloc fuzz/test-corpus.c:114
+    #2 0x7faae99f2430 in CRYPTO_zalloc crypto/mem.c:230
+    #3 0x7faae97f09e5 in ASN1_STRING_type_new crypto/asn1/asn1_lib.c:341
+    #4 0x7faae98118f7 in asn1_primitive_new crypto/asn1/tasn_new.c:318
+    #5 0x7faae9812401 in asn1_item_embed_new crypto/asn1/tasn_new.c:78
+    #6 0x7faae9812401 in asn1_template_new crypto/asn1/tasn_new.c:240
+    #7 0x7faae9812315 in asn1_item_embed_new crypto/asn1/tasn_new.c:137
+    #8 0x7faae9812315 in asn1_template_new crypto/asn1/tasn_new.c:240
+    #9 0x7faae9812a54 in asn1_item_embed_new crypto/asn1/tasn_new.c:137
+    #10 0x7faae9812a54 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39
+    #11 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325
+    #12 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
+    #13 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
+    #14 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
+    #15 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
+    #16 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
+    #17 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
+    #18 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
+    #19 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
+    #20 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301
+    #21 0x40893b in testfile fuzz/test-corpus.c:182
+    #22 0x406b86 in main fuzz/test-corpus.c:226
+    #23 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
+
+AddressSanitizer:DEADLYSIGNAL
+=================================================================
+==1194==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc 0x7faae9b0625f bp 0x7fffffe41a00 sp 0x7fffffe41920 T0)
+==1194==The signal is caused by a READ memory access.
+==1194==Hint: address points to the zero page.
+    #0 0x7faae9b0625f in crl_cb crypto/x509/x_crl.c:258
+    #1 0x7faae9811255 in asn1_item_embed_free crypto/asn1/tasn_fre.c:113
+    #2 0x7faae9812a65 in asn1_item_embed_new crypto/asn1/tasn_new.c:150
+    #3 0x7faae9812a65 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39
+    #4 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325
+    #5 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
+    #6 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
+    #7 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
+    #8 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
+    #9 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
+    #10 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
+    #11 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
+    #12 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
+    #13 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301
+    #14 0x40893b in testfile fuzz/test-corpus.c:182
+    #15 0x406b86 in main fuzz/test-corpus.c:226
+    #16 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
+
+AddressSanitizer can not provide additional info.
+SUMMARY: AddressSanitizer: SEGV crypto/x509/x_crl.c:258 in crl_cb
+==1194==ABORTING
+
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/18360)
+
+(cherry picked from commit 557825acd622f98fc21423aba092e374db84f483)
+---
+ crypto/x509/x_crl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/crypto/x509/x_crl.c b/crypto/x509/x_crl.c
+index c9762f9e23..9af39a45fc 100644
+--- a/crypto/x509/x_crl.c
++++ b/crypto/x509/x_crl.c
+@@ -255,7 +255,7 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+         break;
+ 
+     case ASN1_OP_FREE_POST:
+-        if (crl->meth->crl_free) {
++        if (crl->meth != NULL && crl->meth->crl_free != NULL) {
+             if (!crl->meth->crl_free(crl))
+                 return 0;
+         }
+-- 
+2.17.1
+

_service:tar_scm:backport-Fix-a-crash-in-ssl_security_cert_chain.patch Added

@@ -0,0 +1,88 @@
+From 4a28f8451fbc1848fd2d1b99203a7c75876123f6 Mon Sep 17 00:00:00 2001
+From: Bernd Edlinger <bernd.edlinger@hotmail.de>
+Date: Sun, 22 May 2022 20:12:56 +0200
+Subject: PATCH Fix a crash in ssl_security_cert_chain
+
+Prior to the crash there is an out of memory error
+in X509_verify_cert which makes the chain NULL or
+empty.  The error is ignored by ssl_add_cert_chain,
+and ssl_security_cert_chain crashes due to the
+unchecked null pointer.
+
+This is reproducible with my error injection patch.
+
+The test vector has been validated on the 1.1.1 branch
+but the issue is of course identical in all branches.
+
+$ ERROR_INJECT=1652848273 ../util/shlib_wrap.sh ./server-test ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8# ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8
+    #0 0x7f3a8f766eba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
+    #1 0x403ba4 in my_malloc fuzz/test-corpus.c:114
+    #2 0x7f3a8f39a430 in CRYPTO_zalloc crypto/mem.c:230
+    #3 0x7f3a8f46bd3b in sk_reserve crypto/stack/stack.c:180
+    #4 0x7f3a8f46bd3b in OPENSSL_sk_insert crypto/stack/stack.c:242
+    #5 0x7f3a8f4a4fd8 in sk_X509_push include/openssl/x509.h:99
+    #6 0x7f3a8f4a4fd8 in X509_verify_cert crypto/x509/x509_vfy.c:286
+    #7 0x7f3a8fed726e in ssl_add_cert_chain ssl/statem/statem_lib.c:959
+    #8 0x7f3a8fed726e in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015
+    #9 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812
+    #10 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843
+    #11 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443
+    #12 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718
+    #13 0x403202 in FuzzerTestOneInput fuzz/server.c:740
+    #14 0x40371b in testfile fuzz/test-corpus.c:182
+    #15 0x402856 in main fuzz/test-corpus.c:226
+    #16 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
+    #17 0x402936  (/home/ed/OPC/openssl/fuzz/server-test+0x402936)
+
+AddressSanitizer:DEADLYSIGNAL
+=================================================================
+==8400==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000158 (pc 0x7f3a8f4d822f bp 0x7ffc39b76190 sp 0x7ffc39b760a0 T0)
+==8400==The signal is caused by a READ memory access.
+==8400==Hint: address points to the zero page.
+    #0 0x7f3a8f4d822f in x509v3_cache_extensions crypto/x509v3/v3_purp.c:386
+    #1 0x7f3a8f4d9d3a in X509_check_purpose crypto/x509v3/v3_purp.c:84
+    #2 0x7f3a8f4da02a in X509_get_extension_flags crypto/x509v3/v3_purp.c:921
+    #3 0x7f3a8feff7d2 in ssl_security_cert_sig ssl/t1_lib.c:2518
+    #4 0x7f3a8feff7d2 in ssl_security_cert ssl/t1_lib.c:2542
+    #5 0x7f3a8feffa03 in ssl_security_cert_chain ssl/t1_lib.c:2562
+    #6 0x7f3a8fed728d in ssl_add_cert_chain ssl/statem/statem_lib.c:963
+    #7 0x7f3a8fed728d in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015
+    #8 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812
+    #9 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843
+    #10 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443
+    #11 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718
+    #12 0x403202 in FuzzerTestOneInput fuzz/server.c:740
+    #13 0x40371b in testfile fuzz/test-corpus.c:182
+    #14 0x402856 in main fuzz/test-corpus.c:226
+    #15 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
+    #16 0x402936  (/home/ed/OPC/openssl/fuzz/server-test+0x402936)
+
+AddressSanitizer can not provide additional info.
+SUMMARY: AddressSanitizer: SEGV crypto/x509v3/v3_purp.c:386 in x509v3_cache_extensions
+==8400==ABORTING
+
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/18376)
+
+(cherry picked from commit dc0ef292f7df4ce0c49c64b47726a6768f9ac044)
+---
+ ssl/t1_lib.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
+index b1d3add187..4de4623a49 100644
+--- a/ssl/t1_lib.c
++++ b/ssl/t1_lib.c
+@@ -2555,6 +2555,8 @@ int ssl_security_cert_chain(SSL *s, STACK_OF(X509) *sk, X509 *x, int vfy)
+     int rv, start_idx, i;
+     if (x == NULL) {
+         x = sk_X509_value(sk, 0);
++        if (x == NULL)
++            return ERR_R_INTERNAL_ERROR;
+         start_idx = 1;
+     } else
+         start_idx = 0;
+-- 
+2.17.1
+

_service:tar_scm:backport-Fix-a-crash-in-v2i_IPAddrBlocks.patch Added

@@ -0,0 +1,76 @@
+From 264a3f453c418dc01f4b74928ed2a76a08a65513 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Fri, 10 Jun 2022 12:33:45 +0100
+Subject: PATCH Fix a crash in v2i_IPAddrBlocks()
+
+If an IP address prefix value is supplied that is too large then a crash
+can result. v2i_IPAddrBlocks() should sanity check the prefix value, as
+should X509v3_addr_add_prefix().
+
+Reported by Theo Buehler (@botovq)
+
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
+Reviewed-by: Hugo Landau <hlandau@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/18847)
+---
+ crypto/x509v3/v3_addr.c | 17 ++++---
+ test/v3ext.c            | 99 +++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 111 insertions(+), 5 deletions(-)
+
+diff --git a/crypto/x509v3/v3_addr.c b/crypto/x509v3/v3_addr.c
+index ccce34ef2e..f9c368bea4 100644
+--- a/crypto/x509v3/v3_addr.c
++++ b/crypto/x509v3/v3_addr.c
+@@ -392,12 +392,14 @@ static int range_should_be_prefix(const unsigned char *min,
+ /*
+  * Construct a prefix.
+  */
+-static int make_addressPrefix(IPAddressOrRange **result,
+-                              unsigned char *addr, const int prefixlen)
++static int make_addressPrefix(IPAddressOrRange **result, unsigned char *addr,
++                              const int prefixlen, const int afilen)
+ {
+     int bytelen = (prefixlen + 7) / 8, bitlen = prefixlen % 8;
+     IPAddressOrRange *aor = IPAddressOrRange_new();
+ 
++    if (prefixlen < 0 || prefixlen > (afilen * 8))
++        return 0;
+     if (aor == NULL)
+         return 0;
+     aor->type = IPAddressOrRange_addressPrefix;
+@@ -437,7 +439,7 @@ static int make_addressRange(IPAddressOrRange **result,
+         return 0;
+ 
+     if ((prefixlen = range_should_be_prefix(min, max, length)) >= 0)
+-        return make_addressPrefix(result, min, prefixlen);
++        return make_addressPrefix(result, min, prefixlen, length);
+ 
+     if ((aor = IPAddressOrRange_new()) == NULL)
+         return 0;
+@@ -599,7 +601,9 @@ int X509v3_addr_add_prefix(IPAddrBlocks *addr,
+ {
+     IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi);
+     IPAddressOrRange *aor;
+-    if (aors == NULL || !make_addressPrefix(&aor, a, prefixlen))
++
++    if (aors == NULL
++            || !make_addressPrefix(&aor, a, prefixlen, length_from_afi(afi)))
+         return 0;
+     if (sk_IPAddressOrRange_push(aors, aor))
+         return 1;
+@@ -996,7 +1000,10 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method,
+         switch (delim) {
+         case '/':
+             prefixlen = (int)strtoul(s + i2, &t, 10);
+-            if (t == s + i2 || *t != '\0') {
++            if (t == s + i2
++                    || *t != '\0'
++                    || prefixlen > (length * 8)
++                    || prefixlen < 0) {
+                 X509V3err(X509V3_F_V2I_IPADDRBLOCKS,
+                           X509V3_R_EXTENSION_VALUE_ERROR);
+                 X509V3_conf_err(val);
+-- 
+2.17.1
+

_service:tar_scm:backport-Fix-a-memory-leak-in-EC_GROUP_new_from_ecparameters.patch Added

@@ -0,0 +1,134 @@
+From 6c8879c8bf6030666c851623f93fff03c1266715 Mon Sep 17 00:00:00 2001
+From: Bernd Edlinger <bernd.edlinger@hotmail.de>
+Date: Wed, 22 Jun 2022 17:05:55 +0200
+Subject: PATCH Fix a memory leak in EC_GROUP_new_from_ecparameters
+
+This can be reproduced with my error injection patch.
+
+The test vector has been validated on the 1.1.1 branch
+but the issue is of course identical in all branches.
+
+$ ERROR_INJECT=1656112173 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/fe543a8d7e09109a9a08114323eefec802ad79e2
+    #0 0x7fb61945eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
+    #1 0x402f84 in my_malloc fuzz/test-corpus.c:114
+    #2 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
+    #3 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280
+    #4 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304
+    #5 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454
+    #6 0x7fb618e7aa13 in asn1_string_to_bn crypto/asn1/a_int.c:503
+    #7 0x7fb618e7aa13 in ASN1_INTEGER_to_BN crypto/asn1/a_int.c:559
+    #8 0x7fb618fd8e79 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:814
+    #9 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
+    #10 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
+    #11 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
+    #12 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
+    #13 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
+    #14 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
+    #15 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
+    #16 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
+    #17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
+    #18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
+    #19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
+    #20 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
+    #21 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
+    #22 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
+    #23 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
+    #24 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
+    #25 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
+    #26 0x402afb in testfile fuzz/test-corpus.c:182
+    #27 0x402656 in main fuzz/test-corpus.c:226
+    #28 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
+    #29 0x402756  (/home/ed/OPC/openssl/fuzz/x509-test+0x402756)
+
+=================================================================
+==12221==ERROR: LeakSanitizer: detected memory leaks
+
+Direct leak of 24 byte(s) in 1 object(s) allocated from:
+    #0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
+    #1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
+    #2 0x7fb618ef5f11 in BN_new crypto/bn/bn_lib.c:246
+    #3 0x7fb618ef82f4 in BN_bin2bn crypto/bn/bn_lib.c:440
+    #4 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618
+    #5 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
+    #6 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
+    #7 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
+    #8 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
+    #9 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
+    #10 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
+    #11 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
+    #12 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
+    #13 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
+    #14 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
+    #15 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
+    #16 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
+    #17 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
+    #18 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
+    #19 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
+    #20 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
+    #21 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
+    #22 0x402afb in testfile fuzz/test-corpus.c:182
+    #23 0x402656 in main fuzz/test-corpus.c:226
+    #24 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
+
+Indirect leak of 56 byte(s) in 1 object(s) allocated from:
+    #0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
+    #1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
+    #2 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280
+    #3 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304
+    #4 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454
+    #5 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618
+    #6 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
+    #7 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
+    #8 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
+    #9 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
+    #10 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
+    #11 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
+    #12 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
+    #13 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
+    #14 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
+    #15 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
+    #16 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
+    #17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
+    #18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
+    #19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
+    #20 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
+    #21 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
+    #22 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
+    #23 0x402afb in testfile fuzz/test-corpus.c:182
+    #24 0x402656 in main fuzz/test-corpus.c:226
+    #25 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
+
+SUMMARY: AddressSanitizer: 80 byte(s) leaked in 2 allocation(s).
+
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
+(Merged from https://github.com/openssl/openssl/pull/18632)
+---
+ crypto/ec/ec_asn1.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
+index 34de7b2aab..1acbbde3d3 100644
+--- a/crypto/ec/ec_asn1.c
++++ b/crypto/ec/ec_asn1.c
+@@ -794,7 +794,7 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params)
+     }
+ 
+     /* extract the order */
+-    if ((a = ASN1_INTEGER_to_BN(params->order, a)) == NULL) {
++    if (ASN1_INTEGER_to_BN(params->order, a) == NULL) {
+         ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_ASN1_LIB);
+         goto err;
+     }
+@@ -811,7 +811,7 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params)
+     if (params->cofactor == NULL) {
+         BN_free(b);
+         b = NULL;
+-    } else if ((b = ASN1_INTEGER_to_BN(params->cofactor, b)) == NULL) {
++    } else if (ASN1_INTEGER_to_BN(params->cofactor, b) == NULL) {
+         ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_ASN1_LIB);
+         goto err;
+     }
+-- 
+2.17.1
+

_service:tar_scm:backport-Fix-a-memory-leak-in-X509_issuer_and_serial_hash.patch Added

@@ -0,0 +1,74 @@
+From 59b8eca400d9ea7b77dc98fe08a91bbfe35d025a Mon Sep 17 00:00:00 2001
+From: Bernd Edlinger <bernd.edlinger@hotmail.de>
+Date: Sat, 21 May 2022 15:41:46 +0200
+Subject: PATCH Fix a memory leak in X509_issuer_and_serial_hash
+
+This is reproducible with my error injection patch:
+
+$ ERROR_INJECT=1653267699 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/5f4034ae85d6587dcad4da3e812e80f3d312894d
+ERROR_INJECT=1653267699
+    #0 0x7fd485a6ad4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36
+    #1 0x55c12d268724 in my_malloc fuzz/test-corpus.c:114
+    #2 0x7fd484f51a75 in CRYPTO_zalloc crypto/mem.c:230
+    #3 0x7fd484ed778d in EVP_DigestInit_ex crypto/evp/digest.c:139
+    #4 0x7fd4850a9849 in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:44
+    #5 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44
+    #6 0x55c12d268239 in testfile fuzz/test-corpus.c:182
+    #7 0x55c12d267c7f in main fuzz/test-corpus.c:226
+    #8 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308
+    #9 0x55c12d267e5d in _start (/home/ed/OPCToolboxV5/Source/Core/OpenSSL/openssl/fuzz/x509-test+0x3e5d)
+
+=================================================================
+==1058475==ERROR: LeakSanitizer: detected memory leaks
+
+Direct leak of 268 byte(s) in 1 object(s) allocated from:
+    #0 0x7fd485a5dc3e in __interceptor_realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:163
+    #1 0x7fd484d2eb9b in BUF_MEM_grow crypto/buffer/buffer.c:97
+    #2 0x7fd4850b2913 in X509_NAME_oneline crypto/x509/x509_obj.c:43
+    #3 0x7fd4850a982f in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:41
+    #4 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44
+    #5 0x55c12d268239 in testfile fuzz/test-corpus.c:182
+    #6 0x55c12d267c7f in main fuzz/test-corpus.c:226
+    #7 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308
+
+SUMMARY: AddressSanitizer: 268 byte(s) leaked in 1 allocation(s).
+
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/18370)
+---
+ crypto/x509/x509_cmp.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
+index 1d8d2d7b28..1661cac634 100644
+--- a/crypto/x509/x509_cmp.c
++++ b/crypto/x509/x509_cmp.c
+@@ -34,7 +34,7 @@ unsigned long X509_issuer_and_serial_hash(X509 *a)
+     unsigned long ret = 0;
+     EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+     unsigned char md16;
+-    char *f;
++    char *f = NULL;
+ 
+     if (ctx == NULL)
+         goto err;
+@@ -45,7 +45,6 @@ unsigned long X509_issuer_and_serial_hash(X509 *a)
+         goto err;
+     if (!EVP_DigestUpdate(ctx, (unsigned char *)f, strlen(f)))
+         goto err;
+-    OPENSSL_free(f);
+     if (!EVP_DigestUpdate
+         (ctx, (unsigned char *)a->cert_info.serialNumber.data,
+          (unsigned long)a->cert_info.serialNumber.length))
+@@ -56,6 +55,7 @@ unsigned long X509_issuer_and_serial_hash(X509 *a)
+            ((unsigned long)md2 << 16L) | ((unsigned long)md3 << 24L)
+         ) & 0xffffffffL;
+  err:
++    OPENSSL_free(f);
+     EVP_MD_CTX_free(ctx);
+     return ret;
+ }
+-- 
+2.17.1
+

_service:tar_scm:backport-Fix-a-memory-leak-in-crl_set_issuers.patch Added

@@ -0,0 +1,118 @@
+From 8754fa5f60ac4fdb5127f2eded9c7bbe0651c880 Mon Sep 17 00:00:00 2001
+From: Bernd Edlinger <bernd.edlinger@hotmail.de>
+Date: Sat, 21 May 2022 07:50:46 +0200
+Subject: PATCH Fix a memory leak in crl_set_issuers
+
+This can be reproduced with my error injection patch.
+
+The test vector has been validated on the 1.1.1 branch
+but the issue is of course identical in all branches.
+
+$ ERROR_INJECT=1653520461 ../util/shlib_wrap.sh ./cms-test ./corpora/cms/3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1
+log file: cms-3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1-32454-test.out
+ERROR_INJECT=1653520461
+    #0 0x7fd5d8b8eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
+    #1 0x402fc4 in my_realloc fuzz/test-corpus.c:129
+    #2 0x7fd5d8893c49 in sk_reserve crypto/stack/stack.c:198
+    #3 0x7fd5d8893c49 in OPENSSL_sk_insert crypto/stack/stack.c:242
+    #4 0x7fd5d88d6d7f in sk_GENERAL_NAMES_push include/openssl/x509v3.h:168
+    #5 0x7fd5d88d6d7f in crl_set_issuers crypto/x509/x_crl.c:111
+    #6 0x7fd5d88d6d7f in crl_cb crypto/x509/x_crl.c:246
+    #7 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
+    #8 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
+    #9 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
+    #10 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
+    #11 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
+    #12 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
+    #13 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
+    #14 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
+    #15 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
+    #16 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
+    #17 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
+    #18 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
+    #19 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
+    #20 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
+    #21 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
+    #22 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
+    #23 0x402845 in FuzzerTestOneInput fuzz/cms.c:43
+    #24 0x402bbb in testfile fuzz/test-corpus.c:182
+    #25 0x402626 in main fuzz/test-corpus.c:226
+    #26 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
+    #27 0x402706  (/home/ed/OPC/openssl/fuzz/cms-test+0x402706)
+
+=================================================================
+==29625==ERROR: LeakSanitizer: detected memory leaks
+
+Direct leak of 32 byte(s) in 1 object(s) allocated from:
+    #0 0x7fd5d8b8309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
+    #1 0x7fd5d87c2430 in CRYPTO_zalloc crypto/mem.c:230
+    #2 0x7fd5d889501f in OPENSSL_sk_new_reserve crypto/stack/stack.c:209
+    #3 0x7fd5d85dcbc3 in sk_ASN1_VALUE_new_null include/openssl/asn1t.h:928
+    #4 0x7fd5d85dcbc3 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:577
+    #5 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
+    #6 0x7fd5d85db104 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:178
+    #7 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
+    #8 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
+    #9 0x7fd5d88f86d9 in X509V3_EXT_d2i crypto/x509v3/v3_lib.c:142
+    #10 0x7fd5d88d6d3c in crl_set_issuers crypto/x509/x_crl.c:97
+    #11 0x7fd5d88d6d3c in crl_cb crypto/x509/x_crl.c:246
+    #12 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
+    #13 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
+    #14 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
+    #15 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
+    #16 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
+    #17 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
+    #18 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
+    #19 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
+    #20 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
+    #21 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
+    #22 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
+    #23 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
+    #24 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
+    #25 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
+    #26 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
+    #27 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
+    #28 0x402845 in FuzzerTestOneInput fuzz/cms.c:43
+    #29 0x402bbb in testfile fuzz/test-corpus.c:182
+    #30 0x402626 in main fuzz/test-corpus.c:226
+    #31 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
+
+SUMMARY: AddressSanitizer: 32 byte(s) leaked in 1 allocation(s).
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/18391)
+
+(cherry picked from commit e9007e09792e3735d4973743634ff55d354fc7d8)
+---
+ crypto/x509/x_crl.c | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/crypto/x509/x_crl.c b/crypto/x509/x_crl.c
+index 9af39a45fc..a4e4a415de 100644
+--- a/crypto/x509/x_crl.c
++++ b/crypto/x509/x_crl.c
+@@ -103,13 +103,17 @@ static int crl_set_issuers(X509_CRL *crl)
+ 
+         if (gtmp) {
+             gens = gtmp;
+-            if (!crl->issuers) {
++            if (crl->issuers == NULL) {
+                 crl->issuers = sk_GENERAL_NAMES_new_null();
+-                if (!crl->issuers)
++                if (crl->issuers == NULL) {
++                    GENERAL_NAMES_free(gtmp);
+                     return 0;
++                }
+             }
+-            if (!sk_GENERAL_NAMES_push(crl->issuers, gtmp))
++            if (!sk_GENERAL_NAMES_push(crl->issuers, gtmp)) {
++                GENERAL_NAMES_free(gtmp);
+                 return 0;
++            }
+         }
+         rev->issuer = gens;
+ 
+-- 
+2.17.1
+

_service:tar_scm:backport-Fix-a-memory-leak-in-ec_key_simple_oct2priv.patch Added

@@ -0,0 +1,61 @@
+From 8e1ece20cdb4a584be5311370256c4e813c09826 Mon Sep 17 00:00:00 2001
+From: Bernd Edlinger <bernd.edlinger@hotmail.de>
+Date: Fri, 20 May 2022 16:15:44 +0200
+Subject: PATCH Fix a memory leak in ec_key_simple_oct2priv
+
+This is reproducible with my error injection patch:
+
+$ ERROR_INJECT=1652710284 ../util/shlib_wrap.sh ./server-test ./corpora/server/4e48da8aecce6b9b58e8e4dbbf0523e6d2dd56dc
+140587884632000:error:03078041:bignum routines:bn_expand_internal:malloc failure:crypto/bn/bn_lib.c:282:
+140587884632000:error:10103003:elliptic curve routines:ec_key_simple_oct2priv:BN lib:crypto/ec/ec_key.c:662:
+140587884632000:error:100DE08E:elliptic curve routines:old_ec_priv_decode:decode error:crypto/ec/ec_ameth.c:464:
+140587884632000:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1149:
+140587884632000:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:309:Type=X509_ALGOR
+140587884632000:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:Field=pkeyalg, Type=PKCS8_PRIV_KEY_INFO
+140587884632000:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:crypto/pem/pem_pkey.c:88:
+
+=================================================================
+==19676==ERROR: LeakSanitizer: detected memory leaks
+
+Direct leak of 24 byte(s) in 1 object(s) allocated from:
+    #0 0x7fdd2a6bb09f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
+    #1 0x7fdd2a2fa430 in CRYPTO_zalloc crypto/mem.c:230
+    #2 0x7fdd2a15df11 in BN_new crypto/bn/bn_lib.c:246
+    #3 0x7fdd2a15df88 in BN_secure_new crypto/bn/bn_lib.c:257
+    #4 0x7fdd2a247390 in ec_key_simple_oct2priv crypto/ec/ec_key.c:655
+    #5 0x7fdd2a241fc5 in d2i_ECPrivateKey crypto/ec/ec_asn1.c:1030
+    #6 0x7fdd2a23dac5 in old_ec_priv_decode crypto/ec/ec_ameth.c:463
+    #7 0x7fdd2a109db7 in d2i_PrivateKey crypto/asn1/d2i_pr.c:46
+    #8 0x7fdd2a33ab16 in PEM_read_bio_PrivateKey crypto/pem/pem_pkey.c:84
+    #9 0x7fdd2a3330b6 in PEM_read_bio_ECPrivateKey crypto/pem/pem_all.c:151
+    #10 0x402dba in FuzzerTestOneInput fuzz/server.c:592
+    #11 0x40370b in testfile fuzz/test-corpus.c:182
+    #12 0x402846 in main fuzz/test-corpus.c:226
+    #13 0x7fdd297b9f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
+
+SUMMARY: AddressSanitizer: 24 byte(s) leaked in 1 allocation(s).
+
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/18361)
+---
+ crypto/ec/ec_key.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c
+index 23efbd015c..27d5a43b5f 100644
+--- a/crypto/ec/ec_key.c
++++ b/crypto/ec/ec_key.c
+@@ -657,8 +657,7 @@ int ec_key_simple_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len)
+         ECerr(EC_F_EC_KEY_SIMPLE_OCT2PRIV, ERR_R_MALLOC_FAILURE);
+         return 0;
+     }
+-    eckey->priv_key = BN_bin2bn(buf, len, eckey->priv_key);
+-    if (eckey->priv_key == NULL) {
++    if (BN_bin2bn(buf, len, eckey->priv_key) == NULL) {
+         ECerr(EC_F_EC_KEY_SIMPLE_OCT2PRIV, ERR_R_BN_LIB);
+         return 0;
+     }
+-- 
+2.17.1
+

_service:tar_scm:backport-Fix-a-memory-leak-in-tls13_generate_secret.patch Added

@@ -0,0 +1,117 @@
+From a937806043bda5775091844050e8c632a41922ac Mon Sep 17 00:00:00 2001
+From: Bernd Edlinger <bernd.edlinger@hotmail.de>
+Date: Tue, 5 Jul 2022 20:39:06 +0200
+Subject: PATCH Fix a memory leak in tls13_generate_secret
+
+This was found by my Reproducible Error Injection patch (#18356)
+
+Due to the exact location of the injected memory
+error the sha256 digest is missing, and this causes much later
+the memory leak (and a failed assertion) in tls13_generate_secret.
+
+But the reproduction is a bit challenging, as it requires AESNI
+and RDRAND capability.
+
+OPENSSL_ia32cap=0x4200000000000000 ERROR_INJECT=1657070330 ../util/shlib_wrap.sh ./client-test ./corpora/client/791afc153e17db072175eeef85385a38d7f6d194
+    #0 0x7fceaffb7d4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36
+    #1 0x55fb9117f934 in my_malloc fuzz/test-corpus.c:114
+    #2 0x7fceafa147f3 in OPENSSL_LH_insert crypto/lhash/lhash.c:109
+    #3 0x7fceafa42639 in lh_OBJ_NAME_insert crypto/objects/obj_local.h:12
+    #4 0x7fceafa42639 in OBJ_NAME_add crypto/objects/o_names.c:236
+    #5 0x7fceaf9f7baa in EVP_add_digest crypto/evp/names.c:39
+    #6 0x7fceaf9c6b97 in openssl_add_all_digests_int crypto/evp/c_alld.c:39
+    #7 0x7fceafa0f8ec in ossl_init_add_all_digests crypto/init.c:275
+    #8 0x7fceafa0f8ec in ossl_init_add_all_digests_ossl_ crypto/init.c:264
+    #9 0x7fceaf69b4de in __pthread_once_slow /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_once.c:116
+    #10 0x7fceafafb27c in CRYPTO_THREAD_run_once crypto/threads_pthread.c:118
+    #11 0x7fceafa1000e in OPENSSL_init_crypto crypto/init.c:677
+    #12 0x7fceafa1000e in OPENSSL_init_crypto crypto/init.c:611
+    #13 0x7fceafdad3e8 in OPENSSL_init_ssl ssl/ssl_init.c:190
+    #14 0x55fb9117ee0f in FuzzerInitialize fuzz/client.c:46
+    #15 0x55fb9117e939 in main fuzz/test-corpus.c:194
+    #16 0x7fceaf4bc082 in __libc_start_main ../csu/libc-start.c:308
+    #17 0x55fb9117ec7d in _start (.../openssl/fuzz/client-test+0x2c7d)
+
+    #0 0x7fceaffb7d4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36
+    #1 0x55fb9117f934 in my_malloc fuzz/test-corpus.c:114
+    #2 0x7fceafa147f3 in OPENSSL_LH_insert crypto/lhash/lhash.c:109
+    #3 0x7fceafa42639 in lh_OBJ_NAME_insert crypto/objects/obj_local.h:12
+    #4 0x7fceafa42639 in OBJ_NAME_add crypto/objects/o_names.c:236
+    #5 0x7fceaf9f7baa in EVP_add_digest crypto/evp/names.c:39
+    #6 0x7fceafdad328 in ossl_init_ssl_base ssl/ssl_init.c:87
+    #7 0x7fceafdad328 in ossl_init_ssl_base_ossl_ ssl/ssl_init.c:24
+    #8 0x7fceaf69b4de in __pthread_once_slow /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_once.c:116
+    #9 0x7fceafafb27c in CRYPTO_THREAD_run_once crypto/threads_pthread.c:118
+    #10 0x7fceafdad412 in OPENSSL_init_ssl ssl/ssl_init.c:193
+    #11 0x55fb9117ee0f in FuzzerInitialize fuzz/client.c:46
+    #12 0x55fb9117e939 in main fuzz/test-corpus.c:194
+    #13 0x7fceaf4bc082 in __libc_start_main ../csu/libc-start.c:308
+    #14 0x55fb9117ec7d in _start (.../openssl/fuzz/client-test+0x2c7d)
+
+=================================================================
+==1320996==ERROR: LeakSanitizer: detected memory leaks
+
+Direct leak of 80 byte(s) in 1 object(s) allocated from:
+    #0 0x7fceaffaa808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144
+    #1 0x7fceafa19425 in CRYPTO_zalloc crypto/mem.c:230
+    #2 0x7fceafa03a85 in int_ctx_new crypto/evp/pmeth_lib.c:144
+    #3 0x7fceafa03a85 in EVP_PKEY_CTX_new_id crypto/evp/pmeth_lib.c:250
+    #4 0x7fceafe38de5 in tls13_generate_secret ssl/tls13_enc.c:174
+    #5 0x7fceafd9537f in ssl_derive ssl/s3_lib.c:4833
+    #6 0x7fceafdde91c in tls_parse_stoc_key_share ssl/statem/extensions_clnt.c:1902
+    #7 0x7fceafdd4ac1 in tls_parse_all_extensions ssl/statem/extensions.c:752
+    #8 0x7fceafdf8079 in tls_process_server_hello ssl/statem/statem_clnt.c:1698
+    #9 0x7fceafe01f87 in ossl_statem_client_process_message ssl/statem/statem_clnt.c:1034
+    #10 0x7fceafdeec0d in read_state_machine ssl/statem/statem.c:636
+    #11 0x7fceafdeec0d in state_machine ssl/statem/statem.c:434
+    #12 0x7fceafdb88d7 in SSL_do_handshake ssl/ssl_lib.c:3718
+    #13 0x55fb9117f07c in FuzzerTestOneInput fuzz/client.c:98
+    #14 0x55fb9117f463 in testfile fuzz/test-corpus.c:182
+    #15 0x55fb9117eb92 in main fuzz/test-corpus.c:226
+    #16 0x7fceaf4bc082 in __libc_start_main ../csu/libc-start.c:308
+
+Indirect leak of 1080 byte(s) in 1 object(s) allocated from:
+    #0 0x7fceaffaa808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144
+    #1 0x7fceafa19425 in CRYPTO_zalloc crypto/mem.c:230
+    #2 0x7fceafa11555 in pkey_hkdf_init crypto/kdf/hkdf.c:51
+    #3 0x7fceafa03b36 in int_ctx_new crypto/evp/pmeth_lib.c:160
+    #4 0x7fceafa03b36 in EVP_PKEY_CTX_new_id crypto/evp/pmeth_lib.c:250
+    #5 0x7fceafe38de5 in tls13_generate_secret ssl/tls13_enc.c:174
+    #6 0x7fceafd9537f in ssl_derive ssl/s3_lib.c:4833
+    #7 0x7fceafdde91c in tls_parse_stoc_key_share ssl/statem/extensions_clnt.c:1902
+    #8 0x7fceafdd4ac1 in tls_parse_all_extensions ssl/statem/extensions.c:752
+    #9 0x7fceafdf8079 in tls_process_server_hello ssl/statem/statem_clnt.c:1698
+    #10 0x7fceafe01f87 in ossl_statem_client_process_message ssl/statem/statem_clnt.c:1034
+    #11 0x7fceafdeec0d in read_state_machine ssl/statem/statem.c:636
+    #12 0x7fceafdeec0d in state_machine ssl/statem/statem.c:434
+    #13 0x7fceafdb88d7 in SSL_do_handshake ssl/ssl_lib.c:3718
+    #14 0x55fb9117f07c in FuzzerTestOneInput fuzz/client.c:98
+    #15 0x55fb9117f463 in testfile fuzz/test-corpus.c:182
+    #16 0x55fb9117eb92 in main fuzz/test-corpus.c:226
+    #17 0x7fceaf4bc082 in __libc_start_main ../csu/libc-start.c:308
+
+SUMMARY: AddressSanitizer: 1160 byte(s) leaked in 2 allocation(s).
+
+Reviewed-by: Todd Short <todd.short@me.com>
+Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
+Reviewed-by: Hugo Landau <hlandau@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/18725)
+---
+ ssl/tls13_enc.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
+index b8fb07f210..51ca1050a4 100644
+--- a/ssl/tls13_enc.c
++++ b/ssl/tls13_enc.c
+@@ -190,6 +190,7 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md,
+     if (!ossl_assert(mdleni >= 0)) {
+         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_GENERATE_SECRET,
+                  ERR_R_INTERNAL_ERROR);
++        EVP_PKEY_CTX_free(pctx);
+         return 0;
+     }
+     mdlen = (size_t)mdleni;
+-- 
+2.17.1
+

_service:tar_scm:backport-Fix-an-assertion-in-the-DTLS-server-code.patch Added

@@ -0,0 +1,145 @@
+From 564a8d442cbd8ce68d452ff2e8a58c0aea6b0632 Mon Sep 17 00:00:00 2001
+From: Bernd Edlinger <bernd.edlinger@hotmail.de>
+Date: Mon, 11 Apr 2022 10:12:48 +0200
+Subject: PATCH Fix an assertion in the DTLS server code
+
+This fixes an internal error alert from the server and
+an unexpected connection failure in the release version,
+but a failed assertion and a server crash in the
+debug version.
+
+Reproduce this issue with a DTLS server/client like that:
+
+./openssl s_server -dtls -mtu 1500
+./openssl s_client -dtls -maxfraglen 512
+
+In the debug version a crash happens in the Server now:
+
+./openssl s_server -dtls -mtu 1500
+Using default temp DH parameters
+ACCEPT
+ssl/statem/statem_dtls.c:269: OpenSSL internal error: Assertion failed: len == written
+Aborted (core dumped)
+
+While in the release version the handshake exceeds the
+negotiated max fragment size, and fails because of this:
+
+$ ./openssl s_server -dtls -mtu 1500
+Using default temp DH parameters
+ACCEPT
+ERROR
+4057152ADA7F0000:error:0A0000C2:SSL routines:do_dtls1_write:exceeds max fragment size:ssl/record/rec_layer_d1.c:826:
+shutting down SSL
+CONNECTION CLOSED
+
+From the client's point of view the connection fails
+with an Internal Error Alert:
+
+$ ./openssl s_client -dtls -maxfraglen 512
+Connecting to ::1
+CONNECTED(00000003)
+40B76343377F0000:error:0A000438:SSL routines:dtls1_read_bytes:tlsv1 alert internal error:ssl/record/rec_layer_d1.c:613:SSL alert number 80
+
+and now the connection attempt fails unexpectedly.
+
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/18093)
+
+(cherry picked from commit e915c3f5381cd38ebdc1824c3ba9896ea7160103)
+---
+ ssl/statem/statem_dtls.c |  6 ++---
+ test/dtls_mtu_test.c     | 48 +++++++++++++++++++++++++++++++++++++++-
+ 2 files changed, 50 insertions(+), 4 deletions(-)
+
+diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c
+index 8e3fb686ee..620367ace4 100644
+--- a/ssl/statem/statem_dtls.c
++++ b/ssl/statem/statem_dtls.c
+@@ -218,8 +218,8 @@ int dtls1_do_write(SSL *s, int type)
+         else
+             len = s->init_num;
+ 
+-        if (len > s->max_send_fragment)
+-            len = s->max_send_fragment;
++        if (len > ssl_get_max_send_fragment(s))
++            len = ssl_get_max_send_fragment(s);
+ 
+         /*
+          * XDTLS: this function is too long.  split out the CCS part
+@@ -241,7 +241,7 @@ int dtls1_do_write(SSL *s, int type)
+ 
+         ret = dtls1_write_bytes(s, type, &s->init_buf->datas->init_off, len,
+                                 &written);
+-        if (ret < 0) {
++        if (ret <= 0) {
+             /*
+              * might need to update MTU here, but we don't know which
+              * previous packet caused the failure -- so can't really
+diff --git a/test/dtls_mtu_test.c b/test/dtls_mtu_test.c
+index f20edf02d2..9b69e80a62 100644
+--- a/test/dtls_mtu_test.c
++++ b/test/dtls_mtu_test.c
+@@ -185,12 +185,58 @@ static int run_mtu_tests(void)
+ 
+  end:
+     SSL_CTX_free(ctx);
+-    bio_s_mempacket_test_free();
+     return ret;
+ }
+ 
++static int test_server_mtu_larger_than_max_fragment_length(void)
++{
++    SSL_CTX *ctx = NULL;
++    SSL *srvr_ssl = NULL, *clnt_ssl = NULL;
++    int rv = 0;
++
++    if (!TEST_ptr(ctx = SSL_CTX_new(DTLS_method())))
++        goto end;
++
++    SSL_CTX_set_psk_server_callback(ctx, srvr_psk_callback);
++    SSL_CTX_set_psk_client_callback(ctx, clnt_psk_callback);
++
++#ifndef OPENSSL_NO_DH
++    if (!TEST_true(SSL_CTX_set_dh_auto(ctx, 1)))
++        goto end;
++#endif
++
++    if (!TEST_true(create_ssl_objects(ctx, ctx, &srvr_ssl, &clnt_ssl,
++                                      NULL, NULL)))
++        goto end;
++
++    SSL_set_options(srvr_ssl, SSL_OP_NO_QUERY_MTU);
++    if (!TEST_true(DTLS_set_link_mtu(srvr_ssl, 1500)))
++        goto end;
++
++    SSL_set_tlsext_max_fragment_length(clnt_ssl,
++                                       TLSEXT_max_fragment_length_512);
++
++    if (!TEST_true(create_ssl_connection(srvr_ssl, clnt_ssl,
++                                         SSL_ERROR_NONE)))
++        goto end;
++
++    rv = 1;
++
++ end:
++    SSL_free(clnt_ssl);
++    SSL_free(srvr_ssl);
++    SSL_CTX_free(ctx);
++    return rv;
++}
++
+ int setup_tests(void)
+ {
+     ADD_TEST(run_mtu_tests);
++    ADD_TEST(test_server_mtu_larger_than_max_fragment_length);
+     return 1;
+ }
++
++void cleanup_tests(void)
++{
++    bio_s_mempacket_test_free();
++}
+-- 
+2.17.1
+

_service:tar_scm:backport-Fix-bn_gcd-code-to-check-return-value-when-calling-B.patch Added

@@ -0,0 +1,47 @@
+From 6495cab1c876ad80ce983d848ccaa1dc286a63e1 Mon Sep 17 00:00:00 2001
+From: slontis <shane.lontis@oracle.com>
+Date: Fri, 1 Jul 2022 13:47:11 +1000
+Subject: PATCH Fix bn_gcd code to check return value when calling BN_one()
+
+BN_one() uses the expand function which calls malloc which may fail.
+All other places that reference BN_one() check the return value.
+
+The issue is triggered by a memory allocation failure.
+Detected by PR #18355
+
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+Reviewed-by: Paul Dale <pauli@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/18697)
+
+(cherry picked from commit 7fe7cc57af3db1e497877f0329ba17609b2efc8b)
+---
+ crypto/bn/bn_gcd.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/crypto/bn/bn_gcd.c b/crypto/bn/bn_gcd.c
+index 0941f7b97f..c4b7854e1a 100644
+--- a/crypto/bn/bn_gcd.c
++++ b/crypto/bn/bn_gcd.c
+@@ -47,7 +47,8 @@ BIGNUM *bn_mod_inverse_no_branch(BIGNUM *in,
+     if (R == NULL)
+         goto err;
+ 
+-    BN_one(X);
++    if (!BN_one(X))
++        goto err;
+     BN_zero(Y);
+     if (BN_copy(B, a) == NULL)
+         goto err;
+@@ -235,7 +236,8 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in,
+     if (R == NULL)
+         goto err;
+ 
+-    BN_one(X);
++    if (!BN_one(X))
++        goto err;
+     BN_zero(Y);
+     if (BN_copy(B, a) == NULL)
+         goto err;
+-- 
+2.17.1
+

_service:tar_scm:backport-Fix-coverity-1498607-uninitialised-value.patch Added

_service:tar_scm:backport-Fix-documentation-of-X509_VERIFY_PARAM_add0_policy.patch Added

@@ -0,0 +1,46 @@
+From 0d16b7e99aafc0b4a6d729eec65a411a7e025f0a Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Tue, 21 Mar 2023 16:15:47 +0100
+Subject: PATCH Fix documentation of X509_VERIFY_PARAM_add0_policy()
+
+The function was incorrectly documented as enabling policy checking.
+
+Fixes: CVE-2023-0466
+
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Paul Dale <pauli@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/20564)
+---
+ doc/man3/X509_VERIFY_PARAM_set_flags.pod | 9 +++++++--
+ 3 files changed, 13 insertions(+), 2 deletions(-)
+
+diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod
+index f6f304bf7b..aa292f9336 100644
+--- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod
++++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod
+@@ -92,8 +92,9 @@ B<trust>.
+ X509_VERIFY_PARAM_set_time() sets the verification time in B<param> to
+ B<t>. Normally the current time is used.
+ 
+-X509_VERIFY_PARAM_add0_policy() enables policy checking (it is disabled
+-by default) and adds B<policy> to the acceptable policy set.
++X509_VERIFY_PARAM_add0_policy() adds B<policy> to the acceptable policy set.
++Contrary to preexisting documentation of this function it does not enable
++policy checking.
+ 
+ X509_VERIFY_PARAM_set1_policies() enables policy checking (it is disabled
+ by default) and sets the acceptable policy set to B<policies>. Any existing
+@@ -377,6 +378,10 @@ and has no effect.
+ 
+ The X509_VERIFY_PARAM_get_hostflags() function was added in OpenSSL 1.1.0i.
+ 
++The function X509_VERIFY_PARAM_add0_policy() was historically documented as
++enabling policy checking however the implementation has never done this.
++The documentation was changed to align with the implementation.
++
+ =head1 COPYRIGHT
+ 
+ Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved.
+-- 
+2.36.1
+

_service:tar_scm:backport-Fix-failure-to-check-result-of-bn_rshift_fixed_top.patch Added

@@ -0,0 +1,36 @@
+From 93ac3b8dd1cc49b27c402278cbe73a1c4ac91f9b Mon Sep 17 00:00:00 2001
+From: Hugo Landau <hlandau@openssl.org>
+Date: Mon, 4 Apr 2022 12:25:16 +0100
+Subject: PATCH Fix failure to check result of bn_rshift_fixed_top
+
+Fixes #18010.
+
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Paul Dale <pauli@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/18034)
+
+(cherry picked from commit bc6bac8561ead83d6135f376ffcbbb0b657e64fe)
+---
+ crypto/bn/bn_div.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c
+index 0da9f39b31..e2821fb6cd 100644
+--- a/crypto/bn/bn_div.c
++++ b/crypto/bn/bn_div.c
+@@ -446,8 +446,10 @@ int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num,
+     snum->neg = num_neg;
+     snum->top = div_n;
+     snum->flags |= BN_FLG_FIXED_TOP;
+-    if (rm != NULL)
+-        bn_rshift_fixed_top(rm, snum, norm_shift);
++
++    if (rm != NULL && bn_rshift_fixed_top(rm, snum, norm_shift) == 0)
++        goto err;
++
+     BN_CTX_end(ctx);
+     return 1;
+  err:
+-- 
+2.17.1
+

_service:tar_scm:backport-Fix-integer-overflow-in-evp_EncryptDecryptUpdate.patch Added

@@ -0,0 +1,62 @@
+From eed53b9addd097a5d39f896b05aa857d6f29b245 Mon Sep 17 00:00:00 2001
+From: Hugo Landau <hlandau@openssl.org>
+Date: Fri, 11 Mar 2022 08:36:11 +0000
+Subject: PATCH Fix integer overflow in evp_EncryptDecryptUpdate
+
+Fixes #17871.
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/17872)
+---
+ crypto/evp/evp_enc.c   | 8 +++++---
+ crypto/evp/evp_local.h | 2 +-
+ 2 files changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
+index d835968f25..b8b9d90d36 100644
+--- a/crypto/evp/evp_enc.c
++++ b/crypto/evp/evp_enc.c
+@@ -281,7 +281,7 @@ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+ # define PTRDIFF_T size_t
+ #endif
+ 
+-int is_partially_overlapping(const void *ptr1, const void *ptr2, int len)
++int is_partially_overlapping(const void *ptr1, const void *ptr2, size_t len)
+ {
+     PTRDIFF_T diff = (PTRDIFF_T)ptr1-(PTRDIFF_T)ptr2;
+     /*
+@@ -299,7 +299,8 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx,
+                                     unsigned char *out, int *outl,
+                                     const unsigned char *in, int inl)
+ {
+-    int i, j, bl, cmpl = inl;
++    int i, j, bl;
++    size_t cmpl = (size_t)inl;
+ 
+     if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
+         cmpl = (cmpl + 7) / 8;
+@@ -464,8 +465,9 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
+                       const unsigned char *in, int inl)
+ {
+-    int fix_len, cmpl = inl;
++    int fix_len;
+     unsigned int b;
++    size_t cmpl = (size_t)inl;
+ 
+     /* Prevent accidental use of encryption context when decrypting */
+     if (ctx->encrypt) {
+diff --git a/crypto/evp/evp_local.h b/crypto/evp/evp_local.h
+index f1589d6828..cd3c1cf148 100644
+--- a/crypto/evp/evp_local.h
++++ b/crypto/evp/evp_local.h
+@@ -65,4 +65,4 @@ struct evp_Encode_Ctx_st {
+ typedef struct evp_pbe_st EVP_PBE_CTL;
+ DEFINE_STACK_OF(EVP_PBE_CTL)
+ 
+-int is_partially_overlapping(const void *ptr1, const void *ptr2, int len);
++int is_partially_overlapping(const void *ptr1, const void *ptr2, size_t len);
+-- 
+2.17.1
+

_service:tar_scm:backport-Fix-ipv4_from_asc-behavior-on-invalid-Ip-addresses.patch Added

@@ -0,0 +1,45 @@
+From 65e30e7d56f01008d29e65c9ae7a42ce074def2f Mon Sep 17 00:00:00 2001
+From: Amir Mohammadi <amiremohamadi@yahoo.com>
+Date: Wed, 4 Aug 2021 09:43:49 +0430
+Subject: PATCH Fix ipv4_from_asc behavior on invalid Ip addresses
+
+sscanf() call in ipv4_from_asc does not check that
+the string is terminated immediately after the last digit.
+
+(cherry picked from commit 8b9a13b43ba3d71e441fca47a52e800ce79b3d2b)
+
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
+Reviewed-by: Hugo Landau <hlandau@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/18847)
+---
+ crypto/x509v3/v3_utl.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c
+index a7ff4b4fb4..eac78259fc 100644
+--- a/crypto/x509v3/v3_utl.c
++++ b/crypto/x509v3/v3_utl.c
+@@ -1087,12 +1087,17 @@ int a2i_ipadd(unsigned char *ipout, const char *ipasc)
+ 
+ static int ipv4_from_asc(unsigned char *v4, const char *in)
+ {
+-    int a0, a1, a2, a3;
+-    if (sscanf(in, "%d.%d.%d.%d", &a0, &a1, &a2, &a3) != 4)
++    const char *p;
++    int a0, a1, a2, a3, n;
++
++    if (sscanf(in, "%d.%d.%d.%d%n", &a0, &a1, &a2, &a3, &n) != 4)
+         return 0;
+     if ((a0 < 0) || (a0 > 255) || (a1 < 0) || (a1 > 255)
+         || (a2 < 0) || (a2 > 255) || (a3 < 0) || (a3 > 255))
+         return 0;
++    p = in + n;
++    if (!(*p == '\0' || ossl_isspace(*p)))
++        return 0;
+     v40 = a0;
+     v41 = a1;
+     v42 = a2;
+-- 
+2.17.1
+

_service:tar_scm:backport-Fix-issue-where-OBJ_nid2obj-doesn-t-always-raise-an-.patch Added

@@ -0,0 +1,80 @@
+From add8c29badb315cb8137655893826562ff12a581 Mon Sep 17 00:00:00 2001
+From: Hugo Landau <hlandau@openssl.org>
+Date: Thu, 3 Mar 2022 17:27:23 +0000
+Subject: PATCH Fix issue where OBJ_nid2obj doesn't always raise an error
+
+This was previously fixed in 3.0 but not 1.1.
+
+Fixes #13008.
+
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Todd Short <todd.short@me.com>
+Reviewed-by: Paul Dale <pauli@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/17808)
+---
+ crypto/objects/obj_dat.c  |  5 +++--
+ test/asn1_internal_test.c | 27 +++++++++++++++++++++++++++
+ 2 files changed, 30 insertions(+), 2 deletions(-)
+
+diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c
+index 46006fe6cf..a501ca104b 100644
+--- a/crypto/objects/obj_dat.c
++++ b/crypto/objects/obj_dat.c
+@@ -228,9 +228,10 @@ ASN1_OBJECT *OBJ_nid2obj(int n)
+             return NULL;
+         }
+         return (ASN1_OBJECT *)&(nid_objsn);
+-    } else if (added == NULL)
++    } else if (added == NULL) {
++        OBJerr(OBJ_F_OBJ_NID2OBJ, OBJ_R_UNKNOWN_NID);
+         return NULL;
+-    else {
++    } else {
+         ad.type = ADDED_NID;
+         ad.obj = &ob;
+         ob.nid = n;
+diff --git a/test/asn1_internal_test.c b/test/asn1_internal_test.c
+index 865e058421..caca0cb15e 100644
+--- a/test/asn1_internal_test.c
++++ b/test/asn1_internal_test.c
+@@ -107,9 +107,36 @@ static int test_standard_methods(void)
+     return 0;
+ }
+ 
++/**********************************************************************
++ *
++ * Regression test for issue where OBJ_nid2obj does not raise
++ * an error when a NID is not registered.
++ *
++ ***/
++static int test_nid2obj_nonexist(void)
++{
++    ASN1_OBJECT *obj;
++    unsigned long err;
++
++    obj = OBJ_nid2obj(INT_MAX);
++    if (!TEST_true(obj == NULL))
++        return 0;
++
++    err = ERR_get_error();
++
++    if (!TEST_int_eq(ERR_GET_FUNC(err), OBJ_F_OBJ_NID2OBJ))
++        return 0;
++
++    if (!TEST_int_eq(ERR_GET_REASON(err), OBJ_R_UNKNOWN_NID))
++        return 0;
++
++    return 1;
++}
++
+ int setup_tests(void)
+ {
+     ADD_TEST(test_tbl_standard);
+     ADD_TEST(test_standard_methods);
++    ADD_TEST(test_nid2obj_nonexist);
+     return 1;
+ }
+-- 
+2.17.1
+

_service:tar_scm:backport-Fix-leakage-when-the-cacheline-is-32-bytes-in-CBC_MA.patch Added

@@ -0,0 +1,61 @@
+From 6ef91d8153e04a2302bff11b29caf7e888b62fe8 Mon Sep 17 00:00:00 2001
+From: basavesh <basavesh.shivakumar@gmail.com>
+Date: Tue, 5 Apr 2022 17:49:09 +0200
+Subject: PATCH Fix leakage when the cacheline is 32-bytes in
+ CBC_MAC_ROTATE_IN_PLACE
+
+rotated_mac is a 64-byte aligned buffer of size 64 and rotate_offset is secret.
+Consider a weaker leakage model(CL) where only cacheline base address is leaked,
+i.e address/32 for 32-byte cacheline(CL32).
+
+Previous code used to perform two loads
+    1. rotated_macrotate_offset ^ 32 and
+    2. rotated_macrotate_offset++
+which would leak 2q + 1, 2q for 0 <= rotate_offset < 32
+and 2q, 2q + 1 for 32 <= rotate_offset < 64
+
+The proposed fix performs load operations which will always leak 2q, 2q + 1 and
+selects the appropriate value in constant-time.
+
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/18050)
+---
+ ssl/record/ssl3_record.c | 14 +++++++++++---
+ 1 file changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c
+index f158544789..69f1a64cb3 100644
+--- a/ssl/record/ssl3_record.c
++++ b/ssl/record/ssl3_record.c
+@@ -1532,6 +1532,7 @@ int ssl3_cbc_copy_mac(unsigned char *out,
+ #if defined(CBC_MAC_ROTATE_IN_PLACE)
+     unsigned char rotated_mac_buf64 + EVP_MAX_MD_SIZE;
+     unsigned char *rotated_mac;
++    char aux1, aux2, aux3, mask;
+ #else
+     unsigned char rotated_macEVP_MAX_MD_SIZE;
+ #endif
+@@ -1581,9 +1582,16 @@ int ssl3_cbc_copy_mac(unsigned char *out,
+ #if defined(CBC_MAC_ROTATE_IN_PLACE)
+     j = 0;
+     for (i = 0; i < md_size; i++) {
+-        /* in case cache-line is 32 bytes, touch second line */
+-        ((volatile unsigned char *)rotated_mac)rotate_offset ^ 32;
+-        outj++ = rotated_macrotate_offset++;
++        /*
++         * in case cache-line is 32 bytes,
++         * load from both lines and select appropriately
++         */
++        aux1 = rotated_macrotate_offset & ~32;
++        aux2 = rotated_macrotate_offset | 32;
++        mask = constant_time_eq_8(rotate_offset & ~32, rotate_offset);
++        aux3 = constant_time_select_8(mask, aux1, aux2);
++        outj++ = aux3;
++        rotate_offset++;
+         rotate_offset &= constant_time_lt_s(rotate_offset, md_size);
+     }
+ #else
+-- 
+2.17.1
+

_service:tar_scm:backport-Fix-memory-leak-in-X509V3_add1_i2d-when-flag-is-X509.patch Added

@@ -0,0 +1,36 @@
+From c3efe5c96128d699f0884128ce905906bc28ed34 Mon Sep 17 00:00:00 2001
+From: Allan <allanchang96@gmail.com>
+Date: Thu, 7 Jul 2022 16:04:09 -0700
+Subject: PATCH Fix memory leak in X509V3_add1_i2d when flag is
+ X509V3_ADD_DELETE
+
+Fixes #18677
+
+Reviewed-by: Hugo Landau <hlandau@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/18698)
+
+(cherry picked from commit 4798e0680b112993815098ca21d7d68ff31ebc6e)
+---
+ crypto/x509v3/v3_lib.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/crypto/x509v3/v3_lib.c b/crypto/x509v3/v3_lib.c
+index 97c1cbc20f..d7e7c9a5cb 100644
+--- a/crypto/x509v3/v3_lib.c
++++ b/crypto/x509v3/v3_lib.c
+@@ -242,8 +242,10 @@ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
+         }
+         /* If delete, just delete it */
+         if (ext_op == X509V3_ADD_DELETE) {
+-            if (!sk_X509_EXTENSION_delete(*x, extidx))
++            extmp = sk_X509_EXTENSION_delete(*x, extidx);
++            if (extmp == NULL)
+                 return -1;
++            X509_EXTENSION_free(extmp);
+             return 1;
+         }
+     } else {
+-- 
+2.17.1
+

_service:tar_scm:backport-Fix-password_callback-to-handle-short-passwords.patch Added

@@ -0,0 +1,72 @@
+From f4942134815f95845706993c15ca7e4fd6e44627 Mon Sep 17 00:00:00 2001
+From: Bernd Edlinger <bernd.edlinger@hotmail.de>
+Date: Fri, 7 Jan 2022 10:18:58 +0100
+Subject: PATCH Fix password_callback to handle short passwords
+
+Fixes #17426
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/17439)
+---
+ apps/apps.c                   | 8 ++++++--
+ test/recipes/15-test_genrsa.t | 7 ++++++-
+ 2 files changed, 12 insertions(+), 3 deletions(-)
+
+diff --git a/apps/apps.c b/apps/apps.c
+index c06241abb9..531fbec551 100644
+--- a/apps/apps.c
++++ b/apps/apps.c
+@@ -300,9 +300,13 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
+         int ui_flags = 0;
+         const char *prompt_info = NULL;
+         char *prompt;
++        int pw_min_len = PW_MIN_LENGTH;
+ 
+         if (cb_data != NULL && cb_data->prompt_info != NULL)
+             prompt_info = cb_data->prompt_info;
++        if (cb_data != NULL && cb_data->password != NULL
++                && *(const char*)cb_data->password != '\0')
++            pw_min_len = 1;
+         prompt = UI_construct_prompt(ui, "pass phrase", prompt_info);
+         if (!prompt) {
+             BIO_printf(bio_err, "Out of memory\n");
+@@ -317,12 +321,12 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
+         (void)UI_add_user_data(ui, cb_data);
+ 
+         ok = UI_add_input_string(ui, prompt, ui_flags, buf,
+-                                 PW_MIN_LENGTH, bufsiz - 1);
++                                 pw_min_len, bufsiz - 1);
+ 
+         if (ok >= 0 && verify) {
+             buff = app_malloc(bufsiz, "password buffer");
+             ok = UI_add_verify_string(ui, prompt, ui_flags, buff,
+-                                      PW_MIN_LENGTH, bufsiz - 1, buf);
++                                      pw_min_len, bufsiz - 1, buf);
+         }
+         if (ok >= 0)
+             do {
+diff --git a/test/recipes/15-test_genrsa.t b/test/recipes/15-test_genrsa.t
+index e16a9a4042..c9bc6bdc8a 100644
+--- a/test/recipes/15-test_genrsa.t
++++ b/test/recipes/15-test_genrsa.t
+@@ -16,7 +16,7 @@ use OpenSSL::Test::Utils;
+ 
+ setup("test_genrsa");
+ 
+-plan tests => 5;
++plan tests => 7;
+ 
+ # We want to know that an absurdly small number of bits isn't support
+ is(run(app( 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '8')), 0, "genrsa -3 8");
+@@ -52,3 +52,8 @@ ok(run(app( 'openssl', 'genrsa', '-f4', '-out', 'genrsatest.pem', $good )),
+    "genrsa -f4 $good");
+ ok(run(app( 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' )),
+    "rsa -check");
++ok(run(app( 'openssl', 'rsa', '-in', 'genrsatest.pem', '-out', 'genrsatest-enc.pem',
++   '-aes256', '-passout', 'pass:x' )),
++   "rsa encrypt");
++ok(run(app( 'openssl', 'rsa', '-in', 'genrsatest-enc.pem', '-passin', 'pass:x' )),
++   "rsa decrypt");
+-- 
+2.17.1
+

_service:tar_scm:backport-Fix-range_should_be_prefix-to-actually-return-the-co.patch Added

@@ -0,0 +1,71 @@
+From a1d80edcf830739131e0567dc03b1e80b7988b1e Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Fri, 10 Jun 2022 15:58:58 +0100
+Subject: PATCH Fix range_should_be_prefix() to actually return the correct
+ result
+
+range_should_be_prefix() was misidentifying whether an IP address range
+should in fact be represented as a prefix. This was due to a bug introduced
+in commit 42d7d7dd which made this incorrect change:
+
+-    OPENSSL_assert(memcmp(min, max, length) <= 0);
++    if (memcmp(min, max, length) <= 0)
++        return -1;
+
+This error leads to incorrect DER being encoded/accepted.
+
+Reported by Theo Buehler (@botovq)
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/18524)
+
+(cherry picked from commit 30532e59f475e0066c030693e4d614311a9e0cae)
+(cherry picked from commit 2c6550c6db9b1b69dc24f968b4ceb534edcf4841)
+---
+ crypto/x509v3/v3_addr.c |  14 ++++-
+ test/v3ext.c            | 111 ++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 123 insertions(+), 2 deletions(-)
+
+diff --git a/crypto/x509v3/v3_addr.c b/crypto/x509v3/v3_addr.c
+index 4258dbc40c..32f77a2679 100644
+--- a/crypto/x509v3/v3_addr.c
++++ b/crypto/x509v3/v3_addr.c
+@@ -13,6 +13,8 @@
+ 
+ #include <stdio.h>
+ #include <stdlib.h>
++#include <assert.h>
++#include <string.h>
+ 
+ #include "internal/cryptlib.h"
+ #include <openssl/conf.h>
+@@ -342,8 +344,13 @@ static int range_should_be_prefix(const unsigned char *min,
+     unsigned char mask;
+     int i, j;
+ 
+-    if (memcmp(min, max, length) <= 0)
+-        return -1;
++    /*
++     * It is the responsibility of the caller to confirm min <= max. We don't
++     * use ossl_assert() here since we have no way of signalling an error from
++     * this function - so we just use a plain assert instead.
++     */
++    assert(memcmp(min, max, length) <= 0);
++
+     for (i = 0; i < length && mini == maxi; i++) ;
+     for (j = length - 1; j >= 0 && minj == 0x00 && maxj == 0xFF; j--) ;
+     if (i < j)
+@@ -426,6 +433,9 @@ static int make_addressRange(IPAddressOrRange **result,
+     IPAddressOrRange *aor;
+     int i, prefixlen;
+ 
++    if (memcmp(min, max, length) > 0)
++        return 0;
++
+     if ((prefixlen = range_should_be_prefix(min, max, length)) >= 0)
+         return make_addressPrefix(result, min, prefixlen);
+ 
+-- 
+2.17.1
+

_service:tar_scm:backport-Fix-re-signing-certificates-with-different-key-sizes.patch Added

@@ -0,0 +1,131 @@
+From 952fab01bebb15a8408c6ac27b59c28c979f7d49 Mon Sep 17 00:00:00 2001
+From: Todd Short <tshort@akamai.com>
+Date: Wed, 20 Jul 2022 16:42:50 -0400
+Subject: PATCH Fix re-signing certificates with different key sizes
+
+PR #18129 broke the scenario of signing a certificate (not CSR) with
+different-sized key. This works in 3.0, so port the fix from 3.0
+(which is to only update the issuer for a request).
+
+Partially undo #18129, but keep setting the issuer only for a CSR
+
+Create two certs (a and ca) then sign a with c (into b):
+```
+openssl req -x509 -newkey rsa:2048 -keyout a-key.pem -out a-cert.pem -days 365 -nodes -subj /CN=a.example.com
+openssl req -x509 -newkey rsa:4096 -keyout ${HERE}/ca-key.pem -out ${HERE}/ca-cert.pem -days 3650 -nodes -subj /CN=ca.example.com
+openssl x509 -in a-cert.pem -CA ca-cert.pem -CAkey ca-key.pem -set_serial '1234567890' -preserve_dates -sha256 -out b-cert.pem
+```
+The above succeeds in 1.1.1n and 3.0, fails in 1.1.1o (which includes #18129)
+The issue in #16080 is also fixed.
+
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+Reviewed-by: Ben Kaduk <kaduk@mit.edu>
+(Merged from https://github.com/openssl/openssl/pull/18836)
+---
+ apps/x509.c                 |  4 ++-
+ test/recipes/25-test_x509.t | 61 ++++++++++++++++++++++++++++++++++++-
+ 2 files changed, 63 insertions(+), 2 deletions(-)
+
+diff --git a/apps/x509.c b/apps/x509.c
+index 67a70e7fea..8d4bf71a03 100644
+--- a/apps/x509.c
++++ b/apps/x509.c
+@@ -590,7 +590,7 @@ int x509_main(int argc, char **argv)
+         xca = load_cert(CAfile, CAformat, "CA Certificate");
+         if (xca == NULL)
+             goto end;
+-        if (!X509_set_issuer_name(x, X509_get_subject_name(xca)))
++        if (reqfile && !X509_set_issuer_name(x, X509_get_subject_name(xca)))
+             goto end;
+     }
+ 
+@@ -993,6 +993,8 @@ static int x509_certify(X509_STORE *ctx, const char *CAfile, const EVP_MD *diges
+         goto end;
+     }
+ 
++    if (!X509_set_issuer_name(x, X509_get_subject_name(xca)))
++        goto end;
+     if (!X509_set_serialNumber(x, bs))
+         goto end;
+ 
+diff --git a/test/recipes/25-test_x509.t b/test/recipes/25-test_x509.t
+index f5ef0f9963..73548145c8 100644
+--- a/test/recipes/25-test_x509.t
++++ b/test/recipes/25-test_x509.t
+@@ -15,7 +15,11 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;
+ 
+ setup("test_x509");
+ 
+-plan tests => 9;
++plan tests => 16;
++
++# Prevent MSys2 filename munging for arguments that look like file paths but
++# aren't
++$ENV{MSYS2_ARG_CONV_EXCL} = "/CN=";
+ 
+ require_ok(srctop_file('test','recipes','tconversion.pl'));
+ 
+@@ -46,4 +50,59 @@ subtest 'x509 -- second x.509 v3 certificate' => sub {
+ 
+ subtest 'x509 -- pathlen' => sub {
+     ok(run(test("v3ext", srctop_file("test/certs", "pathlen.pem"))));
++};
++
++# extracts issuer from a -text formatted-output
++sub get_issuer {
++    my $f = shift(@_);
++    my $issuer = "";
++    open my $fh, $f or die;
++    while (my $line = <$fh>) {
++        if ($line =~ /Issuer:/) {
++            $issuer = $line;
++        }
++    }
++    close $fh;
++    return $issuer;
+ }
++
++# Tests for signing certs (broken in 1.1.1o)
++my $a_key = "a-key.pem";
++my $a_cert = "a-cert.pem";
++my $a2_cert = "a2-cert.pem";
++my $ca_key = "ca-key.pem";
++my $ca_cert = "ca-cert.pem";
++my $cnf = srctop_file('apps', 'openssl.cnf');
++
++# Create cert A
++ok(run(app("openssl", "req", "-x509", "-newkey", "rsa:2048",
++            "-config", $cnf,
++            "-keyout", $a_key, "-out", $a_cert, "-days", "365",
++            "-nodes", "-subj", "/CN=test.example.com")));
++# Create cert CA - note key size
++ok(run(app("openssl", "req", "-x509", "-newkey", "rsa:4096",
++            "-config", $cnf,
++            "-keyout", $ca_key, "-out", $ca_cert, "-days", "3650",
++            "-nodes", "-subj", "/CN=ca.example.com")));
++# Sign cert A with CA (errors on 1.1.1o)
++ok(run(app("openssl", "x509", "-in", $a_cert, "-CA", $ca_cert,
++            "-CAkey", $ca_key, "-set_serial", "1234567890",
++            "-preserve_dates", "-sha256", "-text", "-out", $a2_cert)));
++# verify issuer is CA
++ok (get_issuer($a2_cert) =~ /CN = ca.example.com/);
++
++# Tests for issue #16080 (fixed in 1.1.1o)
++my $b_key = "b-key.pem";
++my $b_csr = "b-cert.csr";
++my $b_cert = "b-cert.pem";
++# Create the CSR
++ok(run(app("openssl", "req", "-new", "-newkey", "rsa:4096",
++            "-keyout", $b_key, "-out", $b_csr, "-nodes",
++            "-config", $cnf,
++            "-subj", "/CN=b.example.com")));
++# Sign it - position of "-text" matters!
++ok(run(app("openssl", "x509", "-req", "-text", "-CAcreateserial",
++            "-CA", $ca_cert, "-CAkey", $ca_key,
++            "-in", $b_csr, "-out", $b_cert)));
++# Verify issuer is CA
++ok(get_issuer($b_cert) =~ /CN = ca.example.com/);
+-- 
+2.17.1
+

_service:tar_scm:backport-Fix-strict-client-chain-check-with-TLS-1.3.patch Added

@@ -0,0 +1,54 @@
+From 3bd976551e549c030bdbd150c7aa8a1980cb00fe Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Tue, 29 Mar 2022 13:31:34 +0200
+Subject: PATCH Fix strict client chain check with TLS-1.3
+
+When TLS-1.3 is used and the server does not send any CA names
+the ca_dn will be NULL. sk_X509_NAME_num() returns -1 on null
+argument.
+
+Reviewed-by: Todd Short <todd.short@me.com>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/17986)
+
+(cherry picked from commit 89dd85430770d39cbfb15eb586c921958ca7687f)
+---
+ ssl/t1_lib.c | 14 ++++++--------
+ 1 file changed, 6 insertions(+), 8 deletions(-)
+
+diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
+index 4de4623a49..5fcb40eaff 100644
+--- a/ssl/t1_lib.c
++++ b/ssl/t1_lib.c
+@@ -2369,22 +2369,20 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
+ 
+         ca_dn = s->s3->tmp.peer_ca_names;
+ 
+-        if (!sk_X509_NAME_num(ca_dn))
++        if (ca_dn == NULL
++            || sk_X509_NAME_num(ca_dn) == 0
++            || ssl_check_ca_name(ca_dn, x))
+             rv |= CERT_PKEY_ISSUER_NAME;
+-
+-        if (!(rv & CERT_PKEY_ISSUER_NAME)) {
+-            if (ssl_check_ca_name(ca_dn, x))
+-                rv |= CERT_PKEY_ISSUER_NAME;
+-        }
+-        if (!(rv & CERT_PKEY_ISSUER_NAME)) {
++        else
+             for (i = 0; i < sk_X509_num(chain); i++) {
+                 X509 *xtmp = sk_X509_value(chain, i);
++
+                 if (ssl_check_ca_name(ca_dn, xtmp)) {
+                     rv |= CERT_PKEY_ISSUER_NAME;
+                     break;
+                 }
+             }
+-        }
++
+         if (!check_flags && !(rv & CERT_PKEY_ISSUER_NAME))
+             goto end;
+     } else
+-- 
+2.17.1
+

_service:tar_scm:backport-Fix-test-case-for-a2i_IPADDRESS.patch Added

@@ -0,0 +1,42 @@
+From c3b0279bda7bf4f0f81a3dba952698fa68a51639 Mon Sep 17 00:00:00 2001
+From: Amir Mohammadi <amiremohamadi@yahoo.com>
+Date: Wed, 4 Aug 2021 09:44:29 +0430
+Subject: PATCH Fix test case for a2i_IPADDRESS
+
+(cherry picked from commit 9b887d5d5a8ef9aa1c3ce6e54a82ddcba25b9415)
+
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
+Reviewed-by: Hugo Landau <hlandau@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/18847)
+---
+ test/x509_internal_test.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/test/x509_internal_test.c b/test/x509_internal_test.c
+index 3eec970352..63f350f74b 100644
+--- a/test/x509_internal_test.c
++++ b/test/x509_internal_test.c
+@@ -61,7 +61,6 @@ typedef struct {
+     const char *ipasc;
+     const char *data;
+     int length;
+-    ASN1_OCTET_STRING ip;
+ } IP_TESTDATA;
+ 
+ static IP_TESTDATA a2i_ipaddress_tests = {
+@@ -81,8 +80,10 @@ static IP_TESTDATA a2i_ipaddress_tests = {
+     {"example.test", NULL, 0},
+     {"", NULL, 0},
+ 
++    {"1.2.3.4 ", "\x01\x02\x03\x04", 4},
++    {" 1.2.3.4", "\x01\x02\x03\x04", 4},
++    {" 1.2.3.4 ", "\x01\x02\x03\x04", 4},
+     {"1.2.3.4.example.test", NULL, 0},
+-    {"1.2.3.4 ", NULL, 0},
+ };
+ 
+ 
+-- 
+2.17.1
+

_service:tar_scm:backport-Fix-undefined-behaviour-in-EC_GROUP_new_from_ecparam.patch Added

@@ -0,0 +1,41 @@
+From e4b84b7514e5cbcbfc80e31b4ce609c7584e14bb Mon Sep 17 00:00:00 2001
+From: Bernd Edlinger <bernd.edlinger@hotmail.de>
+Date: Fri, 20 May 2022 16:54:41 +0200
+Subject: PATCH Fix undefined behaviour in EC_GROUP_new_from_ecparameters
+
+This happens for instance with
+fuzz/corpora/asn1/65cf44e85614c62f10cf3b7a7184c26293a19e4a
+and causes the OPENSSL_malloc below to choke on the
+zero length allocation request.
+
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/18363)
+---
+ crypto/ec/ec_asn1.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
+index 4335b3da1a..ad9a54dc50 100644
+--- a/crypto/ec/ec_asn1.c
++++ b/crypto/ec/ec_asn1.c
+@@ -751,6 +751,16 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params)
+ 
+     /* extract seed (optional) */
+     if (params->curve->seed != NULL) {
++        /*
++         * This happens for instance with
++         * fuzz/corpora/asn1/65cf44e85614c62f10cf3b7a7184c26293a19e4a
++         * and causes the OPENSSL_malloc below to choke on the
++         * zero length allocation request.
++         */
++        if (params->curve->seed->length == 0) {
++            ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
++            goto err;
++        }
+         OPENSSL_free(ret->seed);
+         if ((ret->seed = OPENSSL_malloc(params->curve->seed->length)) == NULL) {
+             ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
+-- 
+2.17.1
+

_service:tar_scm:backport-Fix-usage-of-SSLfatal.patch Added

@@ -0,0 +1,36 @@
+From 3e8f70c30d84861fcd257a6e280dc49e104eb145 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Wed, 30 Mar 2022 14:49:24 +0100
+Subject: PATCH Fix usage of SSLfatal
+
+A cherry-pick from the master branch incorrectly introduced a usage of
+3 argument SSLfatal. In 1.1.1 the function code is also required.
+
+Fixes #17999
+
+Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/18000)
+---
+ ssl/statem/statem_clnt.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
+index e3aba393f9..2bc5cf5ec3 100644
+--- a/ssl/statem/statem_clnt.c
++++ b/ssl/statem/statem_clnt.c
+@@ -1423,7 +1423,8 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt)
+             && PACKET_remaining(pkt) >= SSL3_RANDOM_SIZE
+             && memcmp(hrrrandom, PACKET_data(pkt), SSL3_RANDOM_SIZE) == 0) {
+         if (s->hello_retry_request != SSL_HRR_NONE) {
+-            SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
++            SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
++                     SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_UNEXPECTED_MESSAGE);
+             goto err;
+         }
+         s->hello_retry_request = SSL_HRR_PENDING;
+-- 
+2.17.1
+

_service:tar_scm:backport-Fix-verify_callback-in-the-openssl-s_client-s_server.patch Added

@@ -0,0 +1,64 @@
+From 86945b10ccd84f685bd6215bbb00d1e700303e49 Mon Sep 17 00:00:00 2001
+From: Dmitry Belyavskiy <beldmit@gmail.com>
+Date: Thu, 14 Jul 2022 21:41:48 +0200
+Subject: PATCH Fix verify_callback in the openssl s_client/s_server app
+
+We need to check that error cert is available before printing its data
+
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
+Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
+Reviewed-by: Hugo Landau <hlandau@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/18805)
+
+(cherry picked from commit fad0f80eff188ef938fed614245a56ed56110deb)
+---
+ apps/s_cb.c | 26 ++++++++++++++++----------
+ 1 file changed, 16 insertions(+), 10 deletions(-)
+
+diff --git a/apps/s_cb.c b/apps/s_cb.c
+index d066a423de..a4ff978908 100644
+--- a/apps/s_cb.c
++++ b/apps/s_cb.c
+@@ -74,22 +74,28 @@ int verify_callback(int ok, X509_STORE_CTX *ctx)
+     }
+     switch (err) {
+     case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+-        BIO_puts(bio_err, "issuer= ");
+-        X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert),
+-                           0, get_nameopt());
+-        BIO_puts(bio_err, "\n");
++        if (err_cert != NULL) {
++            BIO_puts(bio_err, "issuer= ");
++            X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert),
++                               0, get_nameopt());
++            BIO_puts(bio_err, "\n");
++        }
+         break;
+     case X509_V_ERR_CERT_NOT_YET_VALID:
+     case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+-        BIO_printf(bio_err, "notBefore=");
+-        ASN1_TIME_print(bio_err, X509_get0_notBefore(err_cert));
+-        BIO_printf(bio_err, "\n");
++        if (err_cert != NULL) {
++            BIO_printf(bio_err, "notBefore=");
++            ASN1_TIME_print(bio_err, X509_get0_notBefore(err_cert));
++            BIO_printf(bio_err, "\n");
++        }
+         break;
+     case X509_V_ERR_CERT_HAS_EXPIRED:
+     case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+-        BIO_printf(bio_err, "notAfter=");
+-        ASN1_TIME_print(bio_err, X509_get0_notAfter(err_cert));
+-        BIO_printf(bio_err, "\n");
++        if (err_cert != NULL) {
++            BIO_printf(bio_err, "notAfter=");
++            ASN1_TIME_print(bio_err, X509_get0_notAfter(err_cert));
++            BIO_printf(bio_err, "\n");
++        }
+         break;
+     case X509_V_ERR_NO_EXPLICIT_POLICY:
+         if (!verify_args.quiet)
+-- 
+2.17.1
+

_service:tar_scm:backport-Fixes-segfault-occurrence-in-PEM_write.patch Added

@@ -0,0 +1,37 @@
+From 3b9082c844913d3a0efada9fac0bd2924ce1a8f2 Mon Sep 17 00:00:00 2001
+From: valdaarhun <icegambit91@gmail.com>
+Date: Mon, 25 Jul 2022 18:49:19 +0530
+Subject: PATCH Fixes segfault occurrence in PEM_write()
+
+Checks if header is NULL or not before calling strlen().
+
+CLA: trivial
+
+Fixes #18825
+
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+Reviewed-by: Ben Kaduk <kaduk@mit.edu>
+Reviewed-by: Paul Dale <pauli@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/18865)
+
+(cherry picked from commit 205957405d08ef199e6ab654e333a627bbca9ccc)
+---
+ crypto/pem/pem_lib.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
+index 2de093595d..c2cf407931 100644
+--- a/crypto/pem/pem_lib.c
++++ b/crypto/pem/pem_lib.c
+@@ -621,7 +621,7 @@ int PEM_write_bio(BIO *bp, const char *name, const char *header,
+         (BIO_write(bp, "-----\n", 6) != 6))
+         goto err;
+ 
+-    i = strlen(header);
++    i = header != NULL ? strlen(header) : 0;
+     if (i > 0) {
+         if ((BIO_write(bp, header, i) != i) || (BIO_write(bp, "\n", 1) != 1))
+             goto err;
+-- 
+2.17.1
+

_service:tar_scm:backport-Make-the-DRBG-seed-propagation-thread-safe.patch Added

@@ -0,0 +1,77 @@
+From 17098c116d68b3a01fcb688487dccdc0c10b8f63 Mon Sep 17 00:00:00 2001
+From: Bernd Edlinger <bernd.edlinger@hotmail.de>
+Date: Sat, 23 Oct 2021 11:58:27 +0200
+Subject: PATCH Make the DRBG seed propagation thread safe
+
+Currently there is a race possible because the reseed_counter
+of the master drbg may be incremented after the get_entropy call.
+Therefore access the parent's reseed_counter while still holding
+the rand_drbg_lock.
+
+This improves commit 958fec77928a28350f6af252ac5e8d0e6e081faa
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/16900)
+---
+ crypto/rand/drbg_lib.c | 18 ++++--------------
+ crypto/rand/rand_lib.c |  6 +++++-
+ 2 files changed, 9 insertions(+), 15 deletions(-)
+
+diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c
+index 8c7c28c970..0ba20ca326 100644
+--- a/crypto/rand/drbg_lib.c
++++ b/crypto/rand/drbg_lib.c
+@@ -354,13 +354,8 @@ int RAND_DRBG_instantiate(RAND_DRBG *drbg,
+     drbg->state = DRBG_READY;
+     drbg->generate_counter = 1;
+     drbg->reseed_time = time(NULL);
+-    if (drbg->enable_reseed_propagation) {
+-        if (drbg->parent == NULL)
+-            tsan_counter(&drbg->reseed_counter);
+-        else
+-            tsan_store(&drbg->reseed_counter,
+-                       tsan_load(&drbg->parent->reseed_counter));
+-    }
++    if (drbg->enable_reseed_propagation && drbg->parent == NULL)
++        tsan_counter(&drbg->reseed_counter);
+ 
+  end:
+     if (entropy != NULL && drbg->cleanup_entropy != NULL)
+@@ -444,13 +439,8 @@ int RAND_DRBG_reseed(RAND_DRBG *drbg,
+     drbg->state = DRBG_READY;
+     drbg->generate_counter = 1;
+     drbg->reseed_time = time(NULL);
+-    if (drbg->enable_reseed_propagation) {
+-        if (drbg->parent == NULL)
+-            tsan_counter(&drbg->reseed_counter);
+-        else
+-            tsan_store(&drbg->reseed_counter,
+-                       tsan_load(&drbg->parent->reseed_counter));
+-    }
++    if (drbg->enable_reseed_propagation && drbg->parent == NULL)
++        tsan_counter(&drbg->reseed_counter);
+ 
+  end:
+     if (entropy != NULL && drbg->cleanup_entropy != NULL)
+diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
+index 5c72fad8ca..545ab46315 100644
+--- a/crypto/rand/rand_lib.c
++++ b/crypto/rand/rand_lib.c
+@@ -172,8 +172,12 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
+             if (RAND_DRBG_generate(drbg->parent,
+                                    buffer, bytes_needed,
+                                    prediction_resistance,
+-                                   (unsigned char *)&drbg, sizeof(drbg)) != 0)
++                                   (unsigned char *)&drbg, sizeof(drbg)) != 0) {
+                 bytes = bytes_needed;
++                if (drbg->enable_reseed_propagation)
++                    tsan_store(&drbg->reseed_counter,
++                               tsan_load(&drbg->parent->reseed_counter));
++            }
+             rand_drbg_unlock(drbg->parent);
+ 
+             rand_pool_add_end(pool, bytes, 8 * bytes);
+-- 
+2.17.1
+

_service:tar_scm:backport-Moving-notify-check-after-the-no-time-check.patch Added

@@ -0,0 +1,40 @@
+From 9eae491721209f302a9a475bffd271370e8bcb8f Mon Sep 17 00:00:00 2001
+From: Ryan Kelley <ryan.parker.kelley@gmail.com>
+Date: Tue, 16 Aug 2022 05:28:50 +0000
+Subject: PATCH Moving notify check after the no time check
+
+CLA: trivial
+
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+Reviewed-by: Paul Dale <pauli@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/19007)
+
+(cherry picked from commit c92c3dfb99485eb2cfb840e92bd0ece8cdd72d0c)
+---
+ crypto/x509/x509_vfy.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
+index b18489f67f..925fbb5412 100644
+--- a/crypto/x509/x509_vfy.c
++++ b/crypto/x509/x509_vfy.c
+@@ -973,14 +973,14 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
+     time_t *ptime;
+     int i;
+ 
+-    if (notify)
+-        ctx->current_crl = crl;
+     if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
+         ptime = &ctx->param->check_time;
+     else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME)
+         return 1;
+     else
+         ptime = NULL;
++    if (notify)
++        ctx->current_crl = crl;
+ 
+     i = X509_cmp_time(X509_CRL_get0_lastUpdate(crl), ptime);
+     if (i == 0) {
+-- 
+2.17.1
+

_service:tar_scm:backport-Set-protocol-in-init_client.patch Added

@@ -0,0 +1,33 @@
+From 3aeed22c593ae036c2503ac07276768c82fe5782 Mon Sep 17 00:00:00 2001
+From: Todd Short <todd.short@me.com>
+Date: Tue, 8 Mar 2022 09:36:43 -0500
+Subject: PATCH Set protocol in init_client()
+
+If TCP is being used, protocol = 0 is passed to init_client(), then
+protocol == IPPROTO_TCP fails when attempting to set BIO_SOCK_NODELAY.
+
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+Reviewed-by: Tim Hudson <tjh@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/17838)
+
+(cherry picked from commit 54b6755702309487ea860e1cc3e60ccef4cf7878)
+---
+ apps/s_socket.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/apps/s_socket.c b/apps/s_socket.c
+index aee366d5f4..a518d56200 100644
+--- a/apps/s_socket.c
++++ b/apps/s_socket.c
+@@ -147,7 +147,7 @@ int init_client(int *sock, const char *host, const char *port,
+ #endif
+ 
+         if (!BIO_connect(*sock, BIO_ADDRINFO_address(ai),
+-                         protocol == IPPROTO_TCP ? BIO_SOCK_NODELAY : 0)) {
++                         BIO_ADDRINFO_protocol(ai) == IPPROTO_TCP ? BIO_SOCK_NODELAY : 0)) {
+             BIO_closesocket(*sock);
+             *sock = INVALID_SOCKET;
+             continue;
+-- 
+2.17.1
+

_service:tar_scm:backport-Test-case-for-a2i_IPADDRESS.patch Added

@@ -0,0 +1,91 @@
+From bd41b84bede84c1a5716be4eafddd1dd052faa72 Mon Sep 17 00:00:00 2001
+From: Christian Heimes <christian@python.org>
+Date: Sat, 15 Aug 2020 20:01:49 +0200
+Subject: PATCH Test case for a2i_IPADDRESS
+
+Unit test to show that a2i_IPADDRESS("1.2.3.4.test.example") ignores
+trailing data.
+
+See: https://github.com/openssl/openssl/issues/12649
+See: https://bugs.python.org/issue41556
+
+(cherry picked from commit 1a9411a30b09a98498366979a1ea4898f70f6d19)
+
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
+Reviewed-by: Hugo Landau <hlandau@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/18847)
+---
+ test/x509_internal_test.c | 54 +++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 54 insertions(+)
+
+diff --git a/test/x509_internal_test.c b/test/x509_internal_test.c
+index d2f41d7085..3eec970352 100644
+--- a/test/x509_internal_test.c
++++ b/test/x509_internal_test.c
+@@ -57,8 +57,62 @@ static int test_standard_exts(void)
+     return good;
+ }
+ 
++typedef struct {
++    const char *ipasc;
++    const char *data;
++    int length;
++    ASN1_OCTET_STRING ip;
++} IP_TESTDATA;
++
++static IP_TESTDATA a2i_ipaddress_tests = {
++    {"127.0.0.1", "\x7f\x00\x00\x01", 4},
++    {"1.2.3.4", "\x01\x02\x03\x04", 4},
++    {"1.2.3.255", "\x01\x02\x03\xff", 4},
++    {"1.2.3", NULL, 0},
++    {"1.2.3 .4", NULL, 0},
++
++    {"::1", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01", 16},
++    {"1:1:1:1:1:1:1:1", "\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01", 16},
++    {"2001:db8::ff00:42:8329", "\x20\x01\x0d\xb8\x00\x00\x00\x00\x00\x00\xff\x00\x00\x42\x83\x29", 16},
++    {"1:1:1:1:1:1:1:1.test", NULL, 0},
++    {":::1", NULL, 0},
++    {"2001::123g", NULL, 0},
++
++    {"example.test", NULL, 0},
++    {"", NULL, 0},
++
++    {"1.2.3.4.example.test", NULL, 0},
++    {"1.2.3.4 ", NULL, 0},
++};
++
++
++static int test_a2i_ipaddress(int idx)
++{
++    int good = 1;
++    ASN1_OCTET_STRING *ip;
++    int len = a2i_ipaddress_testsidx.length;
++
++    ip = a2i_IPADDRESS(a2i_ipaddress_testsidx.ipasc);
++    if (len == 0) {
++        if (!TEST_ptr_null(ip)) {
++            good = 0;
++            TEST_note("'%s' should not be parsed as IP address", a2i_ipaddress_testsidx.ipasc);
++        }
++    } else {
++        if (!TEST_ptr(ip)
++            || !TEST_int_eq(ASN1_STRING_length(ip), len)
++            || !TEST_mem_eq(ASN1_STRING_get0_data(ip), len,
++                            a2i_ipaddress_testsidx.data, len)) {
++            good = 0;
++        }
++    }
++    ASN1_OCTET_STRING_free(ip);
++    return good;
++}
++
+ int setup_tests(void)
+ {
+     ADD_TEST(test_standard_exts);
++    ADD_ALL_TESTS(test_a2i_ipaddress, OSSL_NELEM(a2i_ipaddress_tests));
+     return 1;
+ }
+-- 
+2.17.1
+

_service:tar_scm:backport-Test-processing-of-a-duplicated-HRR.patch Added

@@ -0,0 +1,100 @@
+From f29ec6563ddf81db46c464d14f2bb29a3fa5592f Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Tue, 22 Mar 2022 16:33:52 +0100
+Subject: PATCH Test processing of a duplicated HRR
+
+Reviewed-by: Todd Short <todd.short@me.com>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/17936)
+
+(cherry picked from commit db44b55aaa42141921217183667800425227b658)
+---
+ test/recipes/70-test_tls13hrr.t | 51 +++++++++++++++++++++++++++++++--
+ 1 file changed, 49 insertions(+), 2 deletions(-)
+
+diff --git a/test/recipes/70-test_tls13hrr.t b/test/recipes/70-test_tls13hrr.t
+index e0b47ed359..411e749971 100644
+--- a/test/recipes/70-test_tls13hrr.t
++++ b/test/recipes/70-test_tls13hrr.t
+@@ -37,7 +37,8 @@ my $proxy = TLSProxy::Proxy->new(
+ 
+ use constant {
+     CHANGE_HRR_CIPHERSUITE => 0,
+-    CHANGE_CH1_CIPHERSUITE => 1
++    CHANGE_CH1_CIPHERSUITE => 1,
++    DUPLICATE_HRR => 2
+ };
+ 
+ #Test 1: A client should fail if the server changes the ciphersuite between the
+@@ -46,7 +47,7 @@ $proxy->filter(\&hrr_filter);
+ $proxy->serverflags("-curves P-256");
+ my $testtype = CHANGE_HRR_CIPHERSUITE;
+ $proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
+-plan tests => 2;
++plan tests => 3;
+ ok(TLSProxy::Message->fail(), "Server ciphersuite changes");
+ 
+ #Test 2: It is an error if the client changes the offered ciphersuites so that
+@@ -58,6 +59,19 @@ $testtype = CHANGE_CH1_CIPHERSUITE;
+ $proxy->start();
+ ok(TLSProxy::Message->fail(), "Client ciphersuite changes");
+ 
++#Test 3: A client should fail with unexpected_message alert if the server
++#        sends more than 1 HRR
++my $fatal_alert = 0;
++$proxy->clear();
++if (disabled("ec")) {
++    $proxy->serverflags("-curves ffdhe3072");
++} else {
++    $proxy->serverflags("-curves P-256");
++}
++$testtype = DUPLICATE_HRR;
++$proxy->start();
++ok($fatal_alert, "Server duplicated HRR");
++
+ sub hrr_filter
+ {
+     my $proxy = shift;
+@@ -78,6 +92,39 @@ sub hrr_filter
+         return;
+     }
+ 
++    if ($testtype == DUPLICATE_HRR) {
++        # We're only interested in the HRR
++        # and the unexpected_message alert from client
++        if ($proxy->flight == 4) {
++            $fatal_alert = 1
++                if @{$proxy->record_list}-1->is_fatal_alert(0) == 10;
++            return;
++        }
++        if ($proxy->flight != 3) {
++            return;
++        }
++
++        # Find ServerHello record (HRR actually) and insert after that
++        my $i;
++        for ($i = 0; ${$proxy->record_list}$i->flight() < 1; $i++) {
++            next;
++        }
++        my $hrr_record = ${$proxy->record_list}$i;
++        my $dup_hrr = TLSProxy::Record->new(3,
++            $hrr_record->content_type(),
++            $hrr_record->version(),
++            $hrr_record->len(),
++            $hrr_record->sslv2(),
++            $hrr_record->len_real(),
++            $hrr_record->decrypt_len(),
++            $hrr_record->data(),
++            $hrr_record->decrypt_data());
++
++        $i++;
++        splice @{$proxy->record_list}, $i, 0, $dup_hrr;
++        return;
++    }
++
+     # CHANGE_CH1_CIPHERSUITE
+     if ($proxy->flight != 0) {
+         return;
+-- 
+2.17.1
+

_service:tar_scm:backport-Test-that-swapping-the-first-app-data-record-with-Fi.patch Added

@@ -0,0 +1,183 @@
+From d87e99df3162b2d56b8d44907fde88b67d7e3900 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Mon, 25 Jul 2022 12:39:52 +0100
+Subject: PATCH Test that swapping the first app data record with Finished
+ msg works
+
+If the first app data record arrives before the Finished message we should
+be able to buffer it and move on to the Finished message.
+
+Reviewed-by: Hugo Landau <hlandau@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/18976)
+---
+ test/dtlstest.c   | 88 +++++++++++++++++++++++++++++++++++++++++++++++
+ test/ssltestlib.c | 33 ++++++++++++++++++
+ test/ssltestlib.h |  1 +
+ 3 files changed, 122 insertions(+)
+
+diff --git a/test/dtlstest.c b/test/dtlstest.c
+index 1d7b105fb6..f5c9dcfcd8 100644
+--- a/test/dtlstest.c
++++ b/test/dtlstest.c
+@@ -328,6 +328,93 @@ static int test_dtls_duplicate_records(void)
+     return testresult;
+ }
+ 
++/*
++ * Test that swapping an app data record so that it is received before the
++ * Finished message still works.
++ */
++static int test_swap_app_data(void)
++{
++    SSL_CTX *sctx = NULL, *cctx = NULL;
++    SSL *sssl = NULL, *cssl = NULL;
++    int testresult = 0;
++    BIO *bio;
++    char msg = { 0x00, 0x01, 0x02, 0x03 };
++    char buf10;
++
++    if (!TEST_true(create_ssl_ctx_pair(DTLS_server_method(),
++                                       DTLS_client_method(),
++                                       DTLS1_VERSION, 0,
++                                       &sctx, &cctx, cert, privkey)))
++        return 0;
++
++#ifndef OPENSSL_NO_DTLS1_2
++    if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "AES128-SHA")))
++        goto end;
++#else
++    /* Default sigalgs are SHA1 based in <DTLS1.2 which is in security level 0 */
++    if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "AES128-SHA:@SECLEVEL=0"))
++            || !TEST_true(SSL_CTX_set_cipher_list(cctx,
++                                                  "AES128-SHA:@SECLEVEL=0")))
++        goto end;
++#endif
++
++    if (!TEST_true(create_ssl_objects(sctx, cctx, &sssl, &cssl,
++                                      NULL, NULL)))
++        goto end;
++
++    /* Send flight 1: ClientHello */
++    if (!TEST_int_le(SSL_connect(cssl), 0))
++        goto end;
++
++    /* Recv flight 1, send flight 2: ServerHello, Certificate, ServerHelloDone */
++    if (!TEST_int_le(SSL_accept(sssl), 0))
++        goto end;
++
++    /* Recv flight 2, send flight 3: ClientKeyExchange, CCS, Finished */
++    if (!TEST_int_le(SSL_connect(cssl), 0))
++        goto end;
++
++    /* Recv flight 3, send flight 4: datagram 1(NST, CCS) datagram 2(Finished) */
++    if (!TEST_int_gt(SSL_accept(sssl), 0))
++        goto end;
++
++    /* Send flight 5: app data */
++    if (!TEST_int_eq(SSL_write(sssl, msg, sizeof(msg)), (int)sizeof(msg)))
++        goto end;
++
++    bio = SSL_get_wbio(sssl);
++    if (!TEST_ptr(bio)
++            || !TEST_true(mempacket_swap_recent(bio)))
++        goto end;
++
++    /*
++     * Recv flight 4 (datagram 1): NST, CCS, + flight 5: app data
++     *      + flight 4 (datagram 2): Finished
++     */
++    if (!TEST_int_gt(SSL_connect(cssl), 0))
++        goto end;
++
++    /* The app data should be buffered already */
++    if (!TEST_int_eq(SSL_pending(cssl), (int)sizeof(msg))
++            || !TEST_true(SSL_has_pending(cssl)))
++        goto end;
++
++    /*
++     * Recv flight 5 (app data)
++     * We already buffered this so it should be available.
++     */
++    if (!TEST_int_eq(SSL_read(cssl, buf, sizeof(buf)), (int)sizeof(msg)))
++        goto end;
++
++    testresult = 1;
++ end:
++    SSL_free(cssl);
++    SSL_free(sssl);
++    SSL_CTX_free(cctx);
++    SSL_CTX_free(sctx);
++    return testresult;
++}
++
+ int setup_tests(void)
+ {
+     if (!TEST_ptr(cert = test_get_argument(0))
+@@ -338,6 +425,7 @@ int setup_tests(void)
+     ADD_ALL_TESTS(test_dtls_drop_records, TOTAL_RECORDS);
+     ADD_TEST(test_cookie);
+     ADD_TEST(test_dtls_duplicate_records);
++    ADD_TEST(test_swap_app_data);
+ 
+     return 1;
+ }
+diff --git a/test/ssltestlib.c b/test/ssltestlib.c
+index 456afdf471..44d435454b 100644
+--- a/test/ssltestlib.c
++++ b/test/ssltestlib.c
+@@ -435,6 +435,39 @@ static int mempacket_test_read(BIO *bio, char *out, int outl)
+     return outl;
+ }
+ 
++/* Take the last and penultimate packets and swap them around */
++int mempacket_swap_recent(BIO *bio)
++{
++    MEMPACKET_TEST_CTX *ctx = BIO_get_data(bio);
++    MEMPACKET *thispkt;
++    int numpkts = sk_MEMPACKET_num(ctx->pkts);
++
++    /* We need at least 2 packets to be able to swap them */
++    if (numpkts <= 1)
++        return 0;
++
++    /* Get the penultimate packet */
++    thispkt = sk_MEMPACKET_value(ctx->pkts, numpkts - 2);
++    if (thispkt == NULL)
++        return 0;
++
++    if (sk_MEMPACKET_delete(ctx->pkts, numpkts - 2) != thispkt)
++        return 0;
++
++    /* Re-add it to the end of the list */
++    thispkt->num++;
++    if (sk_MEMPACKET_insert(ctx->pkts, thispkt, numpkts - 1) <= 0)
++        return 0;
++
++    /* We also have to adjust the packet number of the other packet */
++    thispkt = sk_MEMPACKET_value(ctx->pkts, numpkts - 2);
++    if (thispkt == NULL)
++        return 0;
++    thispkt->num--;
++
++    return 1;
++}
++
+ int mempacket_test_inject(BIO *bio, const char *in, int inl, int pktnum,
+                           int type)
+ {
+diff --git a/test/ssltestlib.h b/test/ssltestlib.h
+index 17b278219a..b47004f62e 100644
+--- a/test/ssltestlib.h
++++ b/test/ssltestlib.h
+@@ -46,6 +46,7 @@ void bio_s_always_retry_free(void);
+ #define MEMPACKET_CTRL_GET_DROP_REC         (3 << 15)
+ #define MEMPACKET_CTRL_SET_DUPLICATE_REC    (4 << 15)
+ 
++int mempacket_swap_recent(BIO *bio);
+ int mempacket_test_inject(BIO *bio, const char *in, int inl, int pktnum,
+                           int type);
+ 
+-- 
+2.17.1
+

_service:tar_scm:backport-X509-x509_req.c-Set-modified-flag-when-X509_req_info.patch Added

@@ -0,0 +1,111 @@
+From 002cf9a68e20700388326c92b0c9ec8630b5c5d2 Mon Sep 17 00:00:00 2001
+From: Gibeom Gwon <gb.gwon@stackframe.dev>
+Date: Sat, 27 Aug 2022 22:04:38 +0900
+Subject: PATCH X509 x509_req.c: Set 'modified' flag when X509_req_info_st
+ member data updated
+
+We need to reencode X509_req_info_st if member data updated.
+
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
+(Merged from https://github.com/openssl/openssl/pull/18879)
+---
+ crypto/x509/x509_req.c | 40 ++++++++++++++++++++++++----------------
+ crypto/x509/x_all.c    |  2 ++
+ 2 files changed, 26 insertions(+), 16 deletions(-)
+
+diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c
+index a69f9a723d..1be47174ac 100644
+--- a/crypto/x509/x509_req.c
++++ b/crypto/x509/x509_req.c
+@@ -229,44 +229,52 @@ X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc)
+ 
+ X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc)
+ {
+-    return X509at_delete_attr(req->req_info.attributes, loc);
++    X509_ATTRIBUTE *attr = X509at_delete_attr(req->req_info.attributes, loc);
++
++    if (attr != NULL)
++        req->req_info.enc.modified = 1;
++    return attr;
+ }
+ 
+ int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr)
+ {
+-    if (X509at_add1_attr(&req->req_info.attributes, attr))
+-        return 1;
+-    return 0;
++    if (!X509at_add1_attr(&req->req_info.attributes, attr))
++        return 0;
++    req->req_info.enc.modified = 1;
++    return 1;
+ }
+ 
+ int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
+                               const ASN1_OBJECT *obj, int type,
+                               const unsigned char *bytes, int len)
+ {
+-    if (X509at_add1_attr_by_OBJ(&req->req_info.attributes, obj,
+-                                type, bytes, len))
+-        return 1;
+-    return 0;
++    if (!X509at_add1_attr_by_OBJ(&req->req_info.attributes, obj,
++                                 type, bytes, len))
++        return 0;
++    req->req_info.enc.modified = 1;
++    return 1;
+ }
+ 
+ int X509_REQ_add1_attr_by_NID(X509_REQ *req,
+                               int nid, int type,
+                               const unsigned char *bytes, int len)
+ {
+-    if (X509at_add1_attr_by_NID(&req->req_info.attributes, nid,
+-                                type, bytes, len))
+-        return 1;
+-    return 0;
++    if (!X509at_add1_attr_by_NID(&req->req_info.attributes, nid,
++                                 type, bytes, len))
++        return 0;
++    req->req_info.enc.modified = 1;
++    return 1;
+ }
+ 
+ int X509_REQ_add1_attr_by_txt(X509_REQ *req,
+                               const char *attrname, int type,
+                               const unsigned char *bytes, int len)
+ {
+-    if (X509at_add1_attr_by_txt(&req->req_info.attributes, attrname,
+-                                type, bytes, len))
+-        return 1;
+-    return 0;
++    if (!X509at_add1_attr_by_txt(&req->req_info.attributes, attrname,
++                                 type, bytes, len))
++        return 0;
++    req->req_info.enc.modified = 1;
++    return 1;
+ }
+ 
+ long X509_REQ_get_version(const X509_REQ *req)
+diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c
+index a4e9cdaee8..ae061f234c 100644
+--- a/crypto/x509/x_all.c
++++ b/crypto/x509/x_all.c
+@@ -65,12 +65,14 @@ int X509_http_nbio(OCSP_REQ_CTX *rctx, X509 **pcert)
+ 
+ int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md)
+ {
++    x->req_info.enc.modified = 1;
+     return (ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO), &x->sig_alg, NULL,
+                            x->signature, &x->req_info, pkey, md));
+ }
+ 
+ int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx)
+ {
++    x->req_info.enc.modified = 1;
+     return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_REQ_INFO),
+                               &x->sig_alg, NULL, x->signature, &x->req_info,
+                               ctx);
+-- 
+2.17.1
+

_service:tar_scm:backport-X509_REQ_get_extensions-Return-empty-stack-if-no-ext.patch Added

@@ -0,0 +1,32 @@
+From 0b755cdfb52ff51830aa004799e1f78548423c00 Mon Sep 17 00:00:00 2001
+From: "Dr. David von Oheimb" <David.von.Oheimb@siemens.com>
+Date: Fri, 8 Jan 2021 08:27:17 +0100
+Subject: PATCH X509_REQ_get_extensions(): Return empty stack if no
+ extensions found
+
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+Reviewed-by: Todd Short <todd.short@me.com>
+Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
+(Merged from https://github.com/openssl/openssl/pull/18926)
+---
+ crypto/x509/x509_req.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c
+index dd674926dd..a69f9a723d 100644
+--- a/crypto/x509/x509_req.c
++++ b/crypto/x509/x509_req.c
+@@ -167,7 +167,9 @@ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
+         ext = X509_ATTRIBUTE_get0_type(attr, 0);
+         break;
+     }
+-    if (!ext || (ext->type != V_ASN1_SEQUENCE))
++    if (ext == NULL) /* no extensions is not an error */
++        return sk_X509_EXTENSION_new_null();
++    if (ext->type != V_ASN1_SEQUENCE)
+         return NULL;
+     p = ext->value.sequence->data;
+     return (STACK_OF(X509_EXTENSION) *)
+-- 
+2.17.1
+

_service:tar_scm:backport-crypto-x509-v3_utl.c-Add-missing-check-for-OPENSSL_s.patch Added

@@ -0,0 +1,58 @@
+From 999cce6ea7393e1daa40e9994064b2955b24a831 Mon Sep 17 00:00:00 2001
+From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
+Date: Mon, 21 Feb 2022 09:51:54 +0800
+Subject: PATCH crypto/x509/v3_utl.c: Add missing check for OPENSSL_strndup
+
+Since the potential failure of memory allocation, it
+should be better to check the return value of the
+OPENSSL_strndup(), like x509v3_add_len_value().
+And following the comment of 'if (astrlen < 0)',
+return -1 if fails.
+
+Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
+
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/17737)
+
+(cherry picked from commit 366a16263959c0b6599f0b9ec18124d75560c6ef)
+---
+ crypto/x509v3/v3_utl.c | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c
+index f41c699b5a..40d8f31554 100644
+--- a/crypto/x509v3/v3_utl.c
++++ b/crypto/x509v3/v3_utl.c
+@@ -828,8 +828,11 @@ static int do_check_string(const ASN1_STRING *a, int cmp_type, equal_fn equal,
+             rv = equal(a->data, a->length, (unsigned char *)b, blen, flags);
+         else if (a->length == (int)blen && !memcmp(a->data, b, blen))
+             rv = 1;
+-        if (rv > 0 && peername)
++        if (rv > 0 && peername != NULL) {
+             *peername = OPENSSL_strndup((char *)a->data, a->length);
++            if (*peername == NULL)
++                return -1;
++        }
+     } else {
+         int astrlen;
+         unsigned char *astr;
+@@ -842,8 +845,13 @@ static int do_check_string(const ASN1_STRING *a, int cmp_type, equal_fn equal,
+             return -1;
+         }
+         rv = equal(astr, astrlen, (unsigned char *)b, blen, flags);
+-        if (rv > 0 && peername)
++        if (rv > 0 && peername != NULL) {
+             *peername = OPENSSL_strndup((char *)astr, astrlen);
++            if (*peername == NULL) {
++                OPENSSL_free(astr);
++                return -1;
++            }
++        }
+         OPENSSL_free(astr);
+     }
+     return rv;
+-- 
+2.17.1
+

_service:tar_scm:backport-ssl_cipher_process_rulestr-don-t-read-outside-rule_s.patch Added

@@ -0,0 +1,40 @@
+From 9b3219ba544db82cdad3058b9872058739559944 Mon Sep 17 00:00:00 2001
+From: "Todd C. Miller" <Todd.Miller@sudo.ws>
+Date: Mon, 24 Oct 2022 08:00:48 -0600
+Subject: PATCH ssl_cipher_process_rulestr: don't read outside rule_str
+ buffer
+
+If rule_str ended in a "-", "l" was incremented one byte past the
+end of the buffer.  This resulted in an out-of-bounds read when "l"
+is dereferenced at the end of the loop.  It is safest to just return
+early in this case since the condition occurs inside a nested loop.
+
+CLA: trivial
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/19166)
+
+(cherry picked from commit 428511ca66670e169a0e1b12e7540714b0be4cf8)
+---
+ ssl/ssl_ciph.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
+index 55f919fcd5..62d0a58b22 100644
+--- a/ssl/ssl_ciph.c
++++ b/ssl/ssl_ciph.c
+@@ -1026,9 +1026,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
+                  * alphanumeric, so we call this an error.
+                  */
+                 SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, SSL_R_INVALID_COMMAND);
+-                retval = found = 0;
+-                l++;
+-                break;
++                return 0;
+             }
+ 
+             if (rule == CIPHER_SPECIAL) {
+-- 
+2.17.1
+

_service:tar_scm:backport-test-add-test-cases-for-the-policy-resource-overuse.patch Added

@@ -0,0 +1,626 @@
+From b44a67c6132754adc256290d0267c1e82994ac94 Mon Sep 17 00:00:00 2001
+From: Pauli <pauli@openssl.org>
+Date: Wed, 8 Mar 2023 14:39:25 +1100
+Subject: PATCH test: add test cases for the policy resource overuse
+
+These trees have pathological properties with respect to building.  The small
+tree stays within the imposed limit, the large tree doesn't.
+
+The large tree would consume over 150Gb of RAM to process.
+
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
+(Merged from https://github.com/openssl/openssl/pull/20569)
+---
+ test/recipes/80-test_policy_tree.t            |  41 ++
+ .../80-test_policy_tree_data/large_leaf.pem   |  11 +
+ .../large_policy_tree.pem                     | 434 ++++++++++++++++++
+ .../80-test_policy_tree_data/small_leaf.pem   |  11 +
+ .../small_policy_tree.pem                     |  70 +++
+ 5 files changed, 567 insertions(+)
+ create mode 100644 test/recipes/80-test_policy_tree.t
+ create mode 100644 test/recipes/80-test_policy_tree_data/large_leaf.pem
+ create mode 100644 test/recipes/80-test_policy_tree_data/large_policy_tree.pem
+ create mode 100644 test/recipes/80-test_policy_tree_data/small_leaf.pem
+ create mode 100644 test/recipes/80-test_policy_tree_data/small_policy_tree.pem
+
+diff --git a/test/recipes/80-test_policy_tree.t b/test/recipes/80-test_policy_tree.t
+new file mode 100644
+index 0000000000..606ad05e9c
+--- /dev/null
++++ b/test/recipes/80-test_policy_tree.t
+@@ -0,0 +1,41 @@
++#! /usr/bin/env perl
++# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
++#
++# Licensed under the Apache License 2.0 (the "License").  You may not use
++# this file except in compliance with the License.  You can obtain a copy
++# in the file LICENSE in the source distribution or at
++# https://www.openssl.org/source/license.html
++
++
++use strict;
++use warnings;
++
++use POSIX;
++use OpenSSL::Test qw/:DEFAULT srctop_file with data_file/;
++
++use OpenSSL::Test::Utils;
++use OpenSSL::Glob;
++
++setup("test_policy_tree");
++
++plan tests => 2;
++
++# The small pathological tree is expected to work
++my $small_chain = srctop_file("test", "recipes", "80-test_policy_tree_data",
++                              "small_policy_tree.pem");
++my $small_leaf = srctop_file("test", "recipes", "80-test_policy_tree_data",
++                             "small_leaf.pem");
++
++ok(run(app("openssl", "verify", "-CAfile", $small_chain,
++            "-policy_check", $small_leaf)),
++   "test small policy tree");
++
++# The large pathological tree is expected to fail
++my $large_chain = srctop_file("test", "recipes", "80-test_policy_tree_data",
++                              "large_policy_tree.pem");
++my $large_leaf = srctop_file("test", "recipes", "80-test_policy_tree_data",
++                             "large_leaf.pem");
++
++ok(!run(app("openssl", "verify", "-CAfile", $large_chain,
++             "-policy_check", $large_leaf)),
++   "test large policy tree");
+diff --git a/test/recipes/80-test_policy_tree_data/large_leaf.pem b/test/recipes/80-test_policy_tree_data/large_leaf.pem
+new file mode 100644
+index 0000000000..39ed6a7fa6
+--- /dev/null
++++ b/test/recipes/80-test_policy_tree_data/large_leaf.pem
+@@ -0,0 +1,11 @@
++-----BEGIN CERTIFICATE-----
++MIIBmTCCAT+gAwIBAgIBADAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg
++Q0EgMTAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowGjEYMBYGA1UE
++AxMPd3d3LmV4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEp6Qe
++jrN6A0ZjqaFbX/zO01aVYXH5kthBDTEO/fU4H0CdwqrfyMsFrObwssrTJcsmSFKP
++x1FYr8wT2wCACs19lqN4MHYwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
++AQUFBwMBMAwGA1UdEwEB/wQCMAAwGgYDVR0RBBMwEYIPd3d3LmV4YW1wbGUuY29t
++MCUGA1UdIAQeMBwwDAYKYIZIAWUDAgEwATAMBgpghkgBZQMCATACMAoGCCqGSM49
++BAMCA0gAMEUCIDGT8SVBkWJEZ2EzXm8M895NrNRmfc8uoheP0KKv+ndHAiEA2Onr
++20J+zTaR7vONY/1DleMm7fGY3UxTobSHSvOKbfY=
++-----END CERTIFICATE-----
+diff --git a/test/recipes/80-test_policy_tree_data/large_policy_tree.pem b/test/recipes/80-test_policy_tree_data/large_policy_tree.pem
+new file mode 100644
+index 0000000000..5cd31c355b
+--- /dev/null
++++ b/test/recipes/80-test_policy_tree_data/large_policy_tree.pem
+@@ -0,0 +1,434 @@
++-----BEGIN CERTIFICATE-----
++MIICEDCCAbagAwIBAgIBATAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg
++Q0EgMjAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowFjEUMBIGA1UE
++AxMLUG9saWN5IENBIDEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATgyLz1C0dD
++ib5J/QmoE4d+Nf5yvvlzjVZHWIu7iCMEqK67cnA1RtMp1d0xdiNQS6si3ExNPBF+
++ELdkP0E6x26Jo4HyMIHvMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEF
++BQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSs+ml5upH1h25oUB0Ep4vd
++SUdZ/DAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBxBgNV
++HSEEajBoMBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAEwGAYKYIZIAWUDAgEwAQYK
++YIZIAWUDAgEwAjAYBgpghkgBZQMCATACBgpghkgBZQMCATABMBgGCmCGSAFlAwIB
++MAIGCmCGSAFlAwIBMAIwCgYIKoZIzj0EAwIDSAAwRQIhAOME8j1/cMogNnuNCb0O
++RIOE9pLP4je78KJiP8CZm0iOAiALr8NI67orD/VpfRptkjCmOd7rTWMVOOJfBr6N
++VJFLjw==
++-----END CERTIFICATE-----
++-----BEGIN CERTIFICATE-----
++MIICDzCCAbagAwIBAgIBAjAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg
++Q0EgMzAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowFjEUMBIGA1UE
++AxMLUG9saWN5IENBIDIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASIdzU/FF3Y
++rTsTX04fRIN2yrZwxvOAfZ6DuEgKRxEimJx1nCyETuMmfDowm52mx/Cyk08xorp8
++PhGEbacMd9kio4HyMIHvMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEF
++BQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSwok/8RfJbVGTzyF5jhWLc
++hO7pcDAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBxBgNV
++HSEEajBoMBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAEwGAYKYIZIAWUDAgEwAQYK
++YIZIAWUDAgEwAjAYBgpghkgBZQMCATACBgpghkgBZQMCATABMBgGCmCGSAFlAwIB
++MAIGCmCGSAFlAwIBMAIwCgYIKoZIzj0EAwIDRwAwRAIgYVF7bXxUuOzAZF6SmeIJ
++s+iL15bLSQ2rW7QDc6QYp9MCIAup6YokIcr8JaGttHmLaKbASQLxYDGHhfFIVZuI
++BDvT
++-----END CERTIFICATE-----
++-----BEGIN CERTIFICATE-----
++MIICEDCCAbagAwIBAgIBAzAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg
++Q0EgNDAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowFjEUMBIGA1UE
++AxMLUG9saWN5IENBIDMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ38Llxxj32
++H3NN4Z1V8IuRKXLNhdU4z+NbT1rahusEyAHF+z9VTjim+HHfqFKV1QyNOJZ4rMA9
++J/gODWsNCT4po4HyMIHvMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEF
++BQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBS11YgFNKTx3a6kssIijnA9
++DiOhoTAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBxBgNV
++HSEEajBoMBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAEwGAYKYIZIAWUDAgEwAQYK
++YIZIAWUDAgEwAjAYBgpghkgBZQMCATACBgpghkgBZQMCATABMBgGCmCGSAFlAwIB
++MAIGCmCGSAFlAwIBMAIwCgYIKoZIzj0EAwIDSAAwRQIhAJXNZHMpvlnMfxhcG6EF
++Vw1pEXJ+iZnWT+Yu02a2zhamAiAiOKNhALBw/iKhQrwLo0cdx6UEfUKbaqTSGiax
++tHUylA==
++-----END CERTIFICATE-----
++-----BEGIN CERTIFICATE-----
++MIICEDCCAbagAwIBAgIBBDAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg
++Q0EgNTAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowFjEUMBIGA1UE
++AxMLUG9saWN5IENBIDQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATo81HWQ/we
++egmoO/LMntQK1VQ9YzU627nblv/XWoOjEd/tBeE8+Un4jUnhZqNrP2TAzy48jEaT
++1DShCQNQGek7o4HyMIHvMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEF
++BQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBS6/F38QgbZSHib0W1XtMfs
++4O5DTDAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBxBgNV
++HSEEajBoMBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAEwGAYKYIZIAWUDAgEwAQYK
++YIZIAWUDAgEwAjAYBgpghkgBZQMCATACBgpghkgBZQMCATABMBgGCmCGSAFlAwIB
++MAIGCmCGSAFlAwIBMAIwCgYIKoZIzj0EAwIDSAAwRQIgXMYCQWi5/6iQw+zqyEav
++CE7kOfTpm9GN4bZX5Eau5AACIQD0rDZwsjWf6hI2Hn8IlpwYVVC9bpxrAM/JmYuu
++79V/uw==
++-----END CERTIFICATE-----
++-----BEGIN CERTIFICATE-----
++MIICEDCCAbagAwIBAgIBBTAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg
++Q0EgNjAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowFjEUMBIGA1UE
++AxMLUG9saWN5IENBIDUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARsPMjOkmzJ
++2jwT30mKUvAFYVgOlgcoXxYr61p54mbQMmmH49ABmJQMu5rjwjwYlYA3UzbEN9ki
++hMsJz/4JIrJGo4HyMIHvMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEF
++BQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQeflZRWUze+7jne9MkYYy5
++iWFgJDAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBxBgNV
++HSEEajBoMBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAEwGAYKYIZIAWUDAgEwAQYK
++YIZIAWUDAgEwAjAYBgpghkgBZQMCATACBgpghkgBZQMCATABMBgGCmCGSAFlAwIB
++MAIGCmCGSAFlAwIBMAIwCgYIKoZIzj0EAwIDSAAwRQIhAIN6BjMnPlixl3i6Z1Xa
++pZQt52MOCHPm0XzXDn2XlC9+AiAn146u8rbppdEGMFr21vfFZaktwEb0cZkC9fBp
++S1uKwQ==
++-----END CERTIFICATE-----
++-----BEGIN CERTIFICATE-----
++MIICEDCCAbagAwIBAgIBBjAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg
++Q0EgNzAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowFjEUMBIGA1UE
++AxMLUG9saWN5IENBIDYwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASVmpozZzxX
++f6rFinkqS0y8sfbOwcM0gNuR0x83mmZH5+a8W4ug5W80QiBaS3rHtwTsFHpCeQKq
++eJvfb/esgJu8o4HyMIHvMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEF
++BQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQPuF2sXR0vOHJynh57qefK
+++h7RGDAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBxBgNV
++HSEEajBoMBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAEwGAYKYIZIAWUDAgEwAQYK
++YIZIAWUDAgEwAjAYBgpghkgBZQMCATACBgpghkgBZQMCATABMBgGCmCGSAFlAwIB
++MAIGCmCGSAFlAwIBMAIwCgYIKoZIzj0EAwIDSAAwRQIgDX0jHPq1alZoMbPDmbZp
++QYuM9UQagQ5KJgVU1B0Mh2ECIQCtdyfT2h5jZvz3lLKkQ9a6LddIuqsyNKDAxbpb
++PlBOOA==
++-----END CERTIFICATE-----
++-----BEGIN CERTIFICATE-----
++MIICEDCCAbagAwIBAgIBBzAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg
++Q0EgODAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowFjEUMBIGA1UE
++AxMLUG9saWN5IENBIDcwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASb+9fN9RLe
++SHGynsKXhLWGhIS/kZ6Yl97+h23xpjLaZUOzhn5VafXdmLrQ4BmqSMHqIKzcc8IB
++STV3NwO4NxPBo4HyMIHvMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEF
++BQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTBF9x+MrsyqoCaTQ2kB7Bn
++tpK2qDAlBgNVHSAEHjAcMAwGCmCGSAFlAwIBMAEwDAYKYIZIAWUDAgEwAjBxBgNV
++HSEEajBoMBgGCmCGSAFlAwIBMAEGCmCGSAFlAwIBMAEwGAYKYIZIAWUDAgEwAQYK
++YIZIAWUDAgEwAjAYBgpghkgBZQMCATACBgpghkgBZQMCATABMBgGCmCGSAFlAwIB
++MAIGCmCGSAFlAwIBMAIwCgYIKoZIzj0EAwIDSAAwRQIhAI37Di/5MrSj2clr+2pX
++iXzeDIvlaxzVetyH3ibUZZBSAiA41aPIssHi9evv2mZonEvXY8g+DKbh/3L2mSub
++/AyLoA==
++-----END CERTIFICATE-----
++-----BEGIN CERTIFICATE-----
++MIICETCCAbagAwIBAgIBCDAKBggqhkjOPQQDAjAWMRQwEgYDVQQDEwtQb2xpY3kg
++Q0EgOTAgFw0wMDAxMDEwMDAwMDBaGA8yMTAwMDEwMTAwMDAwMFowFjEUMBIGA1UE
++AxMLUG9saWN5IENBIDgwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASrRS12/zEP
++RUNye9SLadN4xK+xfTwyXfxeC+jam+J98lOMcHz6abnLpk5tJ7wab4Pkygsbj1V2

_service:tar_scm:backport-ticket_lifetime_hint-may-exceed-1-week-in-TLSv1.3.patch Added

@@ -0,0 +1,156 @@
+From 79dbd85fe27ebabc278417af64ab8e3eb43d2d40 Mon Sep 17 00:00:00 2001
+From: Todd Short <todd.short@me.com>
+Date: Wed, 23 Mar 2022 18:55:10 -0400
+Subject: PATCH ticket_lifetime_hint may exceed 1 week in TLSv1.3
+
+For TLSv1.3, limit ticket lifetime hint to 1 week per RFC8446
+
+Fixes #17948
+
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+Reviewed-by: Tim Hudson <tjh@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/17952)
+
+(cherry picked from commit 0089cc7f9d42f6e39872161199fb8b6a99da2492)
+---
+ doc/man3/SSL_CTX_set_timeout.pod | 10 ++++++
+ ssl/statem/statem_srvr.c         | 21 ++++++++----
+ test/sslapitest.c                | 59 ++++++++++++++++++++++++++++++++
+ 3 files changed, 84 insertions(+), 6 deletions(-)
+
+diff --git a/doc/man3/SSL_CTX_set_timeout.pod b/doc/man3/SSL_CTX_set_timeout.pod
+index c32585e45f..54592654ff 100644
+--- a/doc/man3/SSL_CTX_set_timeout.pod
++++ b/doc/man3/SSL_CTX_set_timeout.pod
+@@ -42,6 +42,16 @@ basis, see L<SSL_get_default_timeout(3)>.
+ All currently supported protocols have the same default timeout value
+ of 300 seconds.
+ 
++This timeout value is used as the ticket lifetime hint for stateless session
++tickets. It is also used as the timeout value within the ticket itself.
++
++For TLSv1.3, RFC8446 limits transmission of this value to 1 week (604800
++seconds).
++
++For TLSv1.2, tickets generated during an initial handshake use the value
++as specified. Tickets generated during a resumed handshake have a value
++of 0 for the ticket lifetime hint.
++
+ =head1 RETURN VALUES
+ 
+ SSL_CTX_set_timeout() returns the previously set timeout value.
+diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
+index d701c46b43..79cfd1d835 100644
+--- a/ssl/statem/statem_srvr.c
++++ b/ssl/statem/statem_srvr.c
+@@ -3820,15 +3820,24 @@ int tls_construct_server_certificate(SSL *s, WPACKET *pkt)
+ static int create_ticket_prequel(SSL *s, WPACKET *pkt, uint32_t age_add,
+                                  unsigned char *tick_nonce)
+ {
++    uint32_t timeout = (uint32_t)s->session->timeout;
++
+     /*
+-     * Ticket lifetime hint: For TLSv1.2 this is advisory only and we leave this
+-     * unspecified for resumed session (for simplicity).
++     * Ticket lifetime hint:
+      * In TLSv1.3 we reset the "time" field above, and always specify the
+-     * timeout.
++     * timeout, limited to a 1 week period per RFC8446.
++     * For TLSv1.2 this is advisory only and we leave this unspecified for
++     * resumed session (for simplicity).
+      */
+-    if (!WPACKET_put_bytes_u32(pkt,
+-                               (s->hit && !SSL_IS_TLS13(s))
+-                               ? 0 : s->session->timeout)) {
++#define ONE_WEEK_SEC (7 * 24 * 60 * 60)
++
++    if (SSL_IS_TLS13(s)) {
++        if (s->session->timeout > ONE_WEEK_SEC)
++            timeout = ONE_WEEK_SEC;
++    } else if (s->hit)
++        timeout = 0;
++
++    if (!WPACKET_put_bytes_u32(pkt, timeout)) {
+         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CREATE_TICKET_PREQUEL,
+                  ERR_R_INTERNAL_ERROR);
+         return 0;
+diff --git a/test/sslapitest.c b/test/sslapitest.c
+index 21322ceec5..09a732f577 100644
+--- a/test/sslapitest.c
++++ b/test/sslapitest.c
+@@ -6734,6 +6734,64 @@ end:
+     SSL_CTX_free(cctx);
+     return testresult;
+ }
++
++/*
++ * Test that the lifetime hint of a TLSv1.3 ticket is no more than 1 week
++ * 0 = TLSv1.2
++ * 1 = TLSv1.3
++ */
++static int test_ticket_lifetime(int idx)
++{
++    SSL_CTX *cctx = NULL, *sctx = NULL;
++    SSL *clientssl = NULL, *serverssl = NULL;
++    int testresult = 0;
++    int version = TLS1_3_VERSION;
++
++#define ONE_WEEK_SEC (7 * 24 * 60 * 60)
++#define TWO_WEEK_SEC (2 * ONE_WEEK_SEC)
++
++    if (idx == 0) {
++        version = TLS1_2_VERSION;
++    }
++
++    if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
++                                       TLS_client_method(), version, version,
++                                       &sctx, &cctx, cert, privkey)))
++        goto end;
++
++    if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
++                                      &clientssl, NULL, NULL)))
++        goto end;
++
++    /*
++     * Set the timeout to be more than 1 week
++     * make sure the returned value is the default
++     */
++    if (!TEST_long_eq(SSL_CTX_set_timeout(sctx, TWO_WEEK_SEC),
++                      SSL_get_default_timeout(serverssl)))
++        goto end;
++
++    if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
++        goto end;
++
++    if (idx == 0) {
++        /* TLSv1.2 uses the set value */
++        if (!TEST_ulong_eq(SSL_SESSION_get_ticket_lifetime_hint(SSL_get_session(clientssl)), TWO_WEEK_SEC))
++            goto end;
++    } else {
++        /* TLSv1.3 uses the limited value */
++        if (!TEST_ulong_le(SSL_SESSION_get_ticket_lifetime_hint(SSL_get_session(clientssl)), ONE_WEEK_SEC))
++            goto end;
++    }
++    testresult = 1;
++
++end:
++    SSL_free(serverssl);
++    SSL_free(clientssl);
++    SSL_CTX_free(sctx);
++    SSL_CTX_free(cctx);
++    return testresult;
++}
+ #endif
+ /*
+  * Test that setting an ALPN does not violate RFC
+@@ -6973,6 +7031,7 @@ int setup_tests(void)
+ #endif
+ #ifndef OPENSSL_NO_TLS1_3
+     ADD_TEST(test_sni_tls13);
++    ADD_ALL_TESTS(test_ticket_lifetime, 2);
+ #endif
+     ADD_TEST(test_set_alpn);
+     ADD_TEST(test_inherit_verify_param);
+-- 
+2.17.1
+

_service:tar_scm:backport-tls_process_server_hello-Disallow-repeated-HRR.patch Added

@@ -0,0 +1,36 @@
+From fb67978a9eb076b23ddf17f6b95f697ed526c584 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Tue, 22 Mar 2022 12:34:07 +0100
+Subject: PATCH tls_process_server_hello: Disallow repeated HRR
+
+Repeated HRR must be rejected.
+
+Fixes #17934
+
+Reviewed-by: Todd Short <todd.short@me.com>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/17936)
+
+(cherry picked from commit d204a50b898435fbf937316d5693008cebf62eef)
+---
+ ssl/statem/statem_clnt.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
+index d1a3969812..e3aba393f9 100644
+--- a/ssl/statem/statem_clnt.c
++++ b/ssl/statem/statem_clnt.c
+@@ -1422,6 +1422,10 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt)
+             && sversion == TLS1_2_VERSION
+             && PACKET_remaining(pkt) >= SSL3_RANDOM_SIZE
+             && memcmp(hrrrandom, PACKET_data(pkt), SSL3_RANDOM_SIZE) == 0) {
++        if (s->hello_retry_request != SSL_HRR_NONE) {
++            SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
++            goto err;
++        }
+         s->hello_retry_request = SSL_HRR_PENDING;
+         hrr = 1;
+         if (!PACKET_forward(pkt, SSL3_RANDOM_SIZE)) {
+-- 
+2.17.1
+

_service:tar_scm:backport-v3_sxnet-add-a-check-for-the-return-of-i2s_ASN1_INTE.patch Added

@@ -0,0 +1,30 @@
+From 7a05fcb1fc276a7ecfe599d45655d4e617c5e2d4 Mon Sep 17 00:00:00 2001
+From: xkernel <xkernel.wang@foxmail.com>
+Date: Mon, 20 Jun 2022 17:46:39 +0800
+Subject: PATCH v3_sxnet: add a check for the return of i2s_ASN1_INTEGER()
+
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Ben Kaduk <kaduk@mit.edu>
+(Merged from https://github.com/openssl/openssl/pull/18608)
+
+(cherry picked from commit 9ef1f848a646565d4dd86e56542cf921d4921ad9)
+---
+ crypto/x509v3/v3_sxnet.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/crypto/x509v3/v3_sxnet.c b/crypto/x509v3/v3_sxnet.c
+index 144e8bee84..3c5508f941 100644
+--- a/crypto/x509v3/v3_sxnet.c
++++ b/crypto/x509v3/v3_sxnet.c
+@@ -78,6 +78,8 @@ static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
+     for (i = 0; i < sk_SXNETID_num(sx->ids); i++) {
+         id = sk_SXNETID_value(sx->ids, i);
+         tmp = i2s_ASN1_INTEGER(NULL, id->zone);
++        if (tmp == NULL)
++            return 0;
+         BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp);
+         OPENSSL_free(tmp);
+         ASN1_STRING_print(out, id->user);
+-- 
+2.17.1
+

_service:tar_scm:backport-x509-excessive-resource-use-verifying-policy-constra.patch Added

@@ -0,0 +1,222 @@
+From 879f7080d7e141f415c79eaa3a8ac4a3dad0348b Mon Sep 17 00:00:00 2001
+From: Pauli <pauli@openssl.org>
+Date: Wed, 8 Mar 2023 15:28:20 +1100
+Subject: PATCH x509: excessive resource use verifying policy constraints
+
+A security vulnerability has been identified in all supported versions
+of OpenSSL related to the verification of X.509 certificate chains
+that include policy constraints.  Attackers may be able to exploit this
+vulnerability by creating a malicious certificate chain that triggers
+exponential use of computational resources, leading to a denial-of-service
+(DoS) attack on affected systems.
+
+Fixes CVE-2023-0464
+
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
+(Merged from https://github.com/openssl/openssl/pull/20569)
+---
+ crypto/x509v3/pcy_local.h |  8 +++++++-
+ crypto/x509v3/pcy_node.c  | 12 +++++++++---
+ crypto/x509v3/pcy_tree.c  | 37 +++++++++++++++++++++++++++----------
+ 3 files changed, 43 insertions(+), 14 deletions(-)
+
+diff --git a/crypto/x509v3/pcy_local.h b/crypto/x509v3/pcy_local.h
+index 5daf78de45..344aa06765 100644
+--- a/crypto/x509v3/pcy_local.h
++++ b/crypto/x509v3/pcy_local.h
+@@ -111,6 +111,11 @@ struct X509_POLICY_LEVEL_st {
+ };
+ 
+ struct X509_POLICY_TREE_st {
++    /* The number of nodes in the tree */
++    size_t node_count;
++    /* The maximum number of nodes in the tree */
++    size_t node_maximum;
++
+     /* This is the tree 'level' data */
+     X509_POLICY_LEVEL *levels;
+     int nlevel;
+@@ -159,7 +164,8 @@ X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk,
+ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
+                                  X509_POLICY_DATA *data,
+                                  X509_POLICY_NODE *parent,
+-                                 X509_POLICY_TREE *tree);
++                                 X509_POLICY_TREE *tree,
++                                 int extra_data);
+ void policy_node_free(X509_POLICY_NODE *node);
+ int policy_node_match(const X509_POLICY_LEVEL *lvl,
+                       const X509_POLICY_NODE *node, const ASN1_OBJECT *oid);
+diff --git a/crypto/x509v3/pcy_node.c b/crypto/x509v3/pcy_node.c
+index e2d7b15322..d574fb9d66 100644
+--- a/crypto/x509v3/pcy_node.c
++++ b/crypto/x509v3/pcy_node.c
+@@ -59,10 +59,15 @@ X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level,
+ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
+                                  X509_POLICY_DATA *data,
+                                  X509_POLICY_NODE *parent,
+-                                 X509_POLICY_TREE *tree)
++                                 X509_POLICY_TREE *tree,
++                                 int extra_data)
+ {
+     X509_POLICY_NODE *node;
+ 
++    /* Verify that the tree isn't too large.  This mitigates CVE-2023-0464 */
++    if (tree->node_maximum > 0 && tree->node_count >= tree->node_maximum)
++        return NULL;
++
+     node = OPENSSL_zalloc(sizeof(*node));
+     if (node == NULL) {
+         X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE);
+@@ -70,7 +75,7 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
+     }
+     node->data = data;
+     node->parent = parent;
+-    if (level) {
++    if (level != NULL) {
+         if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) {
+             if (level->anyPolicy)
+                 goto node_error;
+@@ -90,7 +95,7 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
+         }
+     }
+ 
+-    if (tree) {
++    if (extra_data) {
+         if (tree->extra_data == NULL)
+             tree->extra_data = sk_X509_POLICY_DATA_new_null();
+         if (tree->extra_data == NULL){
+@@ -103,6 +108,7 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
+         }
+     }
+ 
++    tree->node_count++;
+     if (parent)
+         parent->nchild++;
+ 
+diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c
+index 6e8322cbc5..6c7fd35405 100644
+--- a/crypto/x509v3/pcy_tree.c
++++ b/crypto/x509v3/pcy_tree.c
+@@ -13,6 +13,18 @@
+ 
+ #include "pcy_local.h"
+ 
++/*
++ * If the maximum number of nodes in the policy tree isn't defined, set it to
++ * a generous default of 1000 nodes.
++ *
++ * Defining this to be zero means unlimited policy tree growth which opens the
++ * door on CVE-2023-0464.
++ */
++
++#ifndef OPENSSL_POLICY_TREE_NODES_MAX
++# define OPENSSL_POLICY_TREE_NODES_MAX 1000
++#endif
++
+ /*
+  * Enable this to print out the complete policy tree at various point during
+  * evaluation.
+@@ -168,6 +180,9 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
+         return X509_PCY_TREE_INTERNAL;
+     }
+ 
++    /* Limit the growth of the tree to mitigate CVE-2023-0464 */
++    tree->node_maximum = OPENSSL_POLICY_TREE_NODES_MAX;
++
+     /*
+      * http://tools.ietf.org/html/rfc5280#section-6.1.2, figure 3.
+      *
+@@ -184,7 +199,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
+     level = tree->levels;
+     if ((data = policy_data_new(NULL, OBJ_nid2obj(NID_any_policy), 0)) == NULL)
+         goto bad_tree;
+-    if (level_add_node(level, data, NULL, tree) == NULL) {
++    if (level_add_node(level, data, NULL, tree, 1) == NULL) {
+         policy_data_free(data);
+         goto bad_tree;
+     }
+@@ -243,7 +258,8 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
+  * Return value: 1 on success, 0 otherwise
+  */
+ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
+-                                    X509_POLICY_DATA *data)
++                                    X509_POLICY_DATA *data,
++                                    X509_POLICY_TREE *tree)
+ {
+     X509_POLICY_LEVEL *last = curr - 1;
+     int i, matched = 0;
+@@ -253,13 +269,13 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
+         X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(last->nodes, i);
+ 
+         if (policy_node_match(last, node, data->valid_policy)) {
+-            if (level_add_node(curr, data, node, NULL) == NULL)
++            if (level_add_node(curr, data, node, tree, 0) == NULL)
+                 return 0;
+             matched = 1;
+         }
+     }
+     if (!matched && last->anyPolicy) {
+-        if (level_add_node(curr, data, last->anyPolicy, NULL) == NULL)
++        if (level_add_node(curr, data, last->anyPolicy, tree, 0) == NULL)
+             return 0;
+     }
+     return 1;
+@@ -272,7 +288,8 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
+  * Return value: 1 on success, 0 otherwise.
+  */
+ static int tree_link_nodes(X509_POLICY_LEVEL *curr,
+-                           const X509_POLICY_CACHE *cache)
++                           const X509_POLICY_CACHE *cache,
++                           X509_POLICY_TREE *tree)
+ {
+     int i;
+ 
+@@ -280,7 +297,7 @@ static int tree_link_nodes(X509_POLICY_LEVEL *curr,
+         X509_POLICY_DATA *data = sk_X509_POLICY_DATA_value(cache->data, i);
+ 
+         /* Look for matching nodes in previous level */
+-        if (!tree_link_matching_nodes(curr, data))
++        if (!tree_link_matching_nodes(curr, data, tree))
+             return 0;
+     }
+     return 1;
+@@ -311,7 +328,7 @@ static int tree_add_unmatched(X509_POLICY_LEVEL *curr,
+     /* Curr may not have anyPolicy */
+     data->qualifier_set = cache->anyPolicy->qualifier_set;
+     data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
+-    if (level_add_node(curr, data, node, tree) == NULL) {
++    if (level_add_node(curr, data, node, tree, 1) == NULL) {
+         policy_data_free(data);
+         return 0;
+     }
+@@ -373,7 +390,7 @@ static int tree_link_any(X509_POLICY_LEVEL *curr,
+     }
+     /* Finally add link to anyPolicy */
+     if (last->anyPolicy &&
+-        level_add_node(curr, cache->anyPolicy, last->anyPolicy, NULL) == NULL)
++        level_add_node(curr, cache->anyPolicy, last->anyPolicy, tree, 0) == NULL)
+         return 0;

_service:tar_scm:backport-x509-use-actual-issuer-name-if-a-CA-is-used.patch Added

@@ -0,0 +1,39 @@
+From 91db522f31981b3fafdec4120de1027e8bc4d792 Mon Sep 17 00:00:00 2001
+From: Daniel Fiala <daniel@openssl.org>
+Date: Mon, 18 Apr 2022 11:30:13 +0200
+Subject: PATCH x509: use actual issuer name if a CA is used
+
+Fixes openssl#16080.
+
+Reviewed-by: Ben Kaduk <kaduk@mit.edu>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/18129)
+---
+ apps/x509.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/apps/x509.c b/apps/x509.c
+index 1043eba0c8..2329d9b2d4 100644
+--- a/apps/x509.c
++++ b/apps/x509.c
+@@ -590,6 +590,8 @@ int x509_main(int argc, char **argv)
+         xca = load_cert(CAfile, CAformat, "CA Certificate");
+         if (xca == NULL)
+             goto end;
++        if (!X509_set_issuer_name(x, X509_get_subject_name(xca)))
++            goto end;
+     }
+ 
+     out = bio_open_default(outfile, 'w', outformat);
+@@ -987,8 +989,6 @@ static int x509_certify(X509_STORE *ctx, const char *CAfile, const EVP_MD *diges
+         goto end;
+     }
+ 
+-    if (!X509_set_issuer_name(x, X509_get_subject_name(xca)))
+-        goto end;
+     if (!X509_set_serialNumber(x, bs))
+         goto end;
+ 
+-- 
+2.17.1
+

_service:tar_scm:fix-add-loongarch64-target.patch Added

_service:tar_scm:openssl-1.1.1-build.patch Added

@@ -0,0 +1,40 @@
+diff -up openssl-1.1.1f/Configurations/10-main.conf.build openssl-1.1.1f/Configurations/10-main.conf
+--- openssl-1.1.1f/Configurations/10-main.conf.build	2020-03-31 14:17:45.000000000 +0200
++++ openssl-1.1.1f/Configurations/10-main.conf	2020-04-07 16:42:10.920546387 +0200
+@@ -678,6 +678,7 @@ my %targets = (
+         cxxflags         => add("-m64"),
+         lib_cppflags     => add("-DL_ENDIAN"),
+         perlasm_scheme   => "linux64le",
++        multilib         => "64",
+     },
+ 
+     "linux-armv4" => {
+@@ -718,6 +719,7 @@ my %targets = (
+     "linux-aarch64" => {
+         inherit_from     =>  "linux-generic64", asm("aarch64_asm") ,
+         perlasm_scheme   => "linux64",
++        multilib         => "64",
+     },
+     "linux-arm64ilp32" => {  # https://wiki.linaro.org/Platform/arm64-ilp32
+         inherit_from     =>  "linux-generic32", asm("aarch64_asm") ,
+diff -up openssl-1.1.1f/Configurations/unix-Makefile.tmpl.build openssl-1.1.1f/Configurations/unix-Makefile.tmpl
+--- openssl-1.1.1f/Configurations/unix-Makefile.tmpl.build	2020-04-07 16:42:10.920546387 +0200
++++ openssl-1.1.1f/Configurations/unix-Makefile.tmpl	2020-04-07 16:44:23.539142108 +0200
+@@ -823,7 +823,7 @@ uninstall_runtime_libs:
+ install_man_docs:
+ 	@ -n "$(INSTALLTOP)"  || (echo INSTALLTOP should not be empty; exit 1)
+ 	@$(ECHO) "*** Installing manpages"
+-	$(PERL) $(SRCDIR)/util/process_docs.pl \
++	TZ=UTC $(PERL) $(SRCDIR)/util/process_docs.pl \
+ 		"--destdir=$(DESTDIR)$(MANDIR)" --type=man --suffix=$(MANSUFFIX)
+ 
+ uninstall_man_docs:
+@@ -835,7 +835,7 @@ uninstall_man_docs:
+ install_html_docs:
+ 	@ -n "$(INSTALLTOP)"  || (echo INSTALLTOP should not be empty; exit 1)
+ 	@$(ECHO) "*** Installing HTML manpages"
+-	$(PERL) $(SRCDIR)/util/process_docs.pl \
++	TZ=UTC $(PERL) $(SRCDIR)/util/process_docs.pl \
+ 		"--destdir=$(DESTDIR)$(HTMLDIR)" --type=html
+ 
+ uninstall_html_docs:

_service:tar_scm:openssl-1.1.1-fips.patch Added

@@ -0,0 +1,11635 @@
+diff -up openssl-1.1.1j/apps/pkcs12.c.fips openssl-1.1.1j/apps/pkcs12.c
+--- openssl-1.1.1j/apps/pkcs12.c.fips	2021-02-16 16:24:01.000000000 +0100
++++ openssl-1.1.1j/apps/pkcs12.c	2021-03-03 12:57:42.194734484 +0100
+@@ -123,7 +123,7 @@ int pkcs12_main(int argc, char **argv)
+     int export_cert = 0, options = 0, chain = 0, twopass = 0, keytype = 0;
+     int iter = PKCS12_DEFAULT_ITER, maciter = PKCS12_DEFAULT_ITER;
+ #ifndef OPENSSL_NO_RC2
+-    int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
++    int cert_pbe = FIPS_mode() ? NID_pbe_WithSHA1And3_Key_TripleDES_CBC : NID_pbe_WithSHA1And40BitRC2_CBC;
+ #else
+     int cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+ #endif
+diff -up openssl-1.1.1j/apps/speed.c.fips openssl-1.1.1j/apps/speed.c
+--- openssl-1.1.1j/apps/speed.c.fips	2021-03-03 12:57:42.185734409 +0100
++++ openssl-1.1.1j/apps/speed.c	2021-03-03 12:57:42.195734492 +0100
+@@ -1593,7 +1593,8 @@ int speed_main(int argc, char **argv)
+             continue;
+         if (strcmp(*argv, "rsa") == 0) {
+             for (loop = 0; loop < OSSL_NELEM(rsa_doit); loop++)
+-                rsa_doitloop = 1;
++		if (!FIPS_mode() || loop != R_RSA_512)
++                    rsa_doitloop = 1;
+             continue;
+         }
+         if (found(*argv, rsa_choices, &i)) {
+@@ -1603,7 +1604,9 @@ int speed_main(int argc, char **argv)
+ #endif
+ #ifndef OPENSSL_NO_DSA
+         if (strcmp(*argv, "dsa") == 0) {
+-            dsa_doitR_DSA_512 = dsa_doitR_DSA_1024 =
++            if (!FIPS_mode())
++                dsa_doitR_DSA_512 = 1;
++            dsa_doitR_DSA_1024 =
+                 dsa_doitR_DSA_2048 = 1;
+             continue;
+         }
+@@ -1634,19 +1637,21 @@ int speed_main(int argc, char **argv)
+         }
+         if (strcmp(*argv, "ecdh") == 0) {
+             for (loop = 0; loop < OSSL_NELEM(ecdh_doit); loop++)
+-                ecdh_doitloop = 1;
++                if(!FIPS_mode() || (loop != R_EC_X25519 && loop != R_EC_X448))
++                    ecdh_doitloop = 1;
+             continue;
+         }
+         if (found(*argv, ecdh_choices, &i)) {
+-            ecdh_doiti = 2;
++            if(!FIPS_mode() || (i != R_EC_X25519 && i != R_EC_X448))
++                ecdh_doiti = 2;
+             continue;
+         }
+-        if (strcmp(*argv, "eddsa") == 0) {
++        if (!FIPS_mode() && strcmp(*argv, "eddsa") == 0) {
+             for (loop = 0; loop < OSSL_NELEM(eddsa_doit); loop++)
+                 eddsa_doitloop = 1;
+             continue;
+         }
+-        if (found(*argv, eddsa_choices, &i)) {
++        if (!FIPS_mode() && found(*argv, eddsa_choices, &i)) {
+             eddsa_doiti = 2;
+             continue;
+         }
+@@ -1735,23 +1740,31 @@ int speed_main(int argc, char **argv)
+     /* No parameters; turn on everything. */
+     if ((argc == 0) && !doitD_EVP) {
+         for (i = 0; i < ALGOR_NUM; i++)
+-            if (i != D_EVP)
++            if (i != D_EVP &&
++                (!FIPS_mode() || (i != D_WHIRLPOOL &&
++                                  i != D_MD2 && i != D_MD4 &&
++                                  i != D_MD5 && i != D_MDC2 &&
++                                  i != D_RMD160)))
+                 doiti = 1;
+ #ifndef OPENSSL_NO_RSA
+         for (i = 0; i < RSA_NUM; i++)
+-            rsa_doiti = 1;
++            if (!FIPS_mode() || i != R_RSA_512)
++                rsa_doiti = 1;
+ #endif
+ #ifndef OPENSSL_NO_DSA
+         for (i = 0; i < DSA_NUM; i++)
+-            dsa_doiti = 1;
++            if (!FIPS_mode() || i != R_DSA_512)
++                dsa_doiti = 1;
+ #endif
+ #ifndef OPENSSL_NO_EC
+         for (loop = 0; loop < OSSL_NELEM(ecdsa_doit); loop++)
+             ecdsa_doitloop = 1;
+         for (loop = 0; loop < OSSL_NELEM(ecdh_doit); loop++)
+-            ecdh_doitloop = 1;
+-        for (loop = 0; loop < OSSL_NELEM(eddsa_doit); loop++)
+-            eddsa_doitloop = 1;
++            if(!FIPS_mode() || (loop != R_EC_X25519 && loop != R_EC_X448))
++                ecdh_doitloop = 1;
++        if (!FIPS_mode())
++            for (loop = 0; loop < OSSL_NELEM(eddsa_doit); loop++)
++                eddsa_doitloop = 1;
+ #endif
+     }
+     for (i = 0; i < ALGOR_NUM; i++)
+@@ -1799,30 +1812,46 @@ int speed_main(int argc, char **argv)
+     AES_set_encrypt_key(key24, 192, &aes_ks2);
+     AES_set_encrypt_key(key32, 256, &aes_ks3);
+ #ifndef OPENSSL_NO_CAMELLIA
+-    Camellia_set_key(key16, 128, &camellia_ks1);
+-    Camellia_set_key(ckey24, 192, &camellia_ks2);
+-    Camellia_set_key(ckey32, 256, &camellia_ks3);
++    if (doitD_CBC_128_CML || doitD_CBC_192_CML || doitD_CBC_256_CML) {
++        Camellia_set_key(key16, 128, &camellia_ks1);
++        Camellia_set_key(ckey24, 192, &camellia_ks2);
++        Camellia_set_key(ckey32, 256, &camellia_ks3);
++    }
+ #endif
+ #ifndef OPENSSL_NO_IDEA
+-    IDEA_set_encrypt_key(key16, &idea_ks);
++    if (doitD_CBC_IDEA) {
++        IDEA_set_encrypt_key(key16, &idea_ks);
++    }
+ #endif
+ #ifndef OPENSSL_NO_SEED
+-    SEED_set_key(key16, &seed_ks);
++    if (doitD_CBC_SEED) {
++        SEED_set_key(key16, &seed_ks);
++    }
+ #endif
+ #ifndef OPENSSL_NO_RC4
+-    RC4_set_key(&rc4_ks, 16, key16);
++   if (doitD_RC4) {
++        RC4_set_key(&rc4_ks, 16, key16);
++    }
+ #endif
+ #ifndef OPENSSL_NO_RC2
+-    RC2_set_key(&rc2_ks, 16, key16, 128);
++    if (doitD_CBC_RC2) {
++        RC2_set_key(&rc2_ks, 16, key16, 128);
++    }
+ #endif
+ #ifndef OPENSSL_NO_RC5
+-    RC5_32_set_key(&rc5_ks, 16, key16, 12);
++    if (doitD_CBC_RC5) {
++        RC5_32_set_key(&rc5_ks, 16, key16, 12);
++    }
+ #endif
+ #ifndef OPENSSL_NO_BF
+-    BF_set_key(&bf_ks, 16, key16);
++    if (doitD_CBC_BF) {
++        BF_set_key(&bf_ks, 16, key16);
++    }
+ #endif
+ #ifndef OPENSSL_NO_CAST
+-    CAST_set_key(&cast_ks, 16, key16);
++    if (doitD_CBC_CAST) {
++        CAST_set_key(&cast_ks, 16, key16);
++    }
+ #endif
+ #ifndef SIGALRM
+ # ifndef OPENSSL_NO_DES
+@@ -2120,6 +2149,7 @@ int speed_main(int argc, char **argv)
+ 
+         for (i = 0; i < loopargs_len; i++) {
+             loopargsi.hctx = HMAC_CTX_new();
++            HMAC_CTX_set_flags(loopargsi.hctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+             if (loopargsi.hctx == NULL) {
+                 BIO_printf(bio_err, "HMAC malloc failure, exiting...");
+                 exit(1);
+diff -up openssl-1.1.1j/Configure.fips openssl-1.1.1j/Configure
+--- openssl-1.1.1j/Configure.fips	2021-03-03 12:57:42.192734467 +0100
++++ openssl-1.1.1j/Configure	2021-03-03 12:57:42.195734492 +0100
+@@ -329,7 +329,7 @@ $config{sdirs} = 
+     "md2", "md4", "md5", "sha", "mdc2", "hmac", "ripemd", "whrlpool", "poly1305", "blake2", "siphash", "sm3",
+     "des", "aes", "rc2", "rc4", "rc5", "idea", "aria", "bf", "cast", "camellia", "seed", "sm4", "chacha", "modes",
+     "bn", "ec", "rsa", "dsa", "dh", "sm2", "dso", "engine",
+-    "buffer", "bio", "stack", "lhash", "rand", "err",
++    "buffer", "bio", "stack", "lhash", "rand", "err", "fips",
+     "evp", "asn1", "pem", "x509", "x509v3", "conf", "txt_db", "pkcs7", "pkcs12", "comp", "ocsp", "ui",
+     "cms", "ts", "srp", "cmac", "ct", "async", "kdf", "store"
+     ;
+diff -up openssl-1.1.1j/crypto/cmac/cm_pmeth.c.fips openssl-1.1.1j/crypto/cmac/cm_pmeth.c
+--- openssl-1.1.1j/crypto/cmac/cm_pmeth.c.fips	2021-02-16 16:24:01.000000000 +0100
++++ openssl-1.1.1j/crypto/cmac/cm_pmeth.c	2021-03-03 12:57:42.195734492 +0100
+@@ -129,7 +129,7 @@ static int pkey_cmac_ctrl_str(EVP_PKEY_C
+ 
+ const EVP_PKEY_METHOD cmac_pkey_meth = {
+     EVP_PKEY_CMAC,
+-    EVP_PKEY_FLAG_SIGCTX_CUSTOM,
++    EVP_PKEY_FLAG_SIGCTX_CUSTOM | EVP_PKEY_FLAG_FIPS,
+     pkey_cmac_init,
+     pkey_cmac_copy,
+     pkey_cmac_cleanup,
+diff -up openssl-1.1.1j/crypto/dh/dh_err.c.fips openssl-1.1.1j/crypto/dh/dh_err.c
+--- openssl-1.1.1j/crypto/dh/dh_err.c.fips	2021-02-16 16:24:01.000000000 +0100
++++ openssl-1.1.1j/crypto/dh/dh_err.c	2021-03-03 12:57:42.195734492 +0100
+@@ -25,6 +25,9 @@ static const ERR_STRING_DATA DH_str_func
+     {ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_SET_PEERKEY, 0), "dh_cms_set_peerkey"},
+     {ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_SET_SHARED_INFO, 0),
+      "dh_cms_set_shared_info"},
++    {ERR_PACK(ERR_LIB_DH, DH_F_DH_COMPUTE_KEY, 0), "DH_compute_key"},
++    {ERR_PACK(ERR_LIB_DH, DH_F_DH_GENERATE_KEY, 0), "DH_generate_key"},
++    {ERR_PACK(ERR_LIB_DH, DH_F_DH_GENERATE_PARAMETERS_EX, 0), "DH_generate_parameters_ex"},

_service Changed

_service:tar_scm:Makefile.certificate Added

@@ -0,0 +1,82 @@
+UTF8 := $(shell locale -c LC_CTYPE -k | grep -q charmap.*UTF-8 && echo -utf8)
+DAYS=365
+KEYLEN=2048
+TYPE=rsa:$(KEYLEN)
+EXTRA_FLAGS=
+ifdef SERIAL
+	EXTRA_FLAGS+=-set_serial $(SERIAL)
+endif
+
+.PHONY: usage
+.SUFFIXES: .key .csr .crt .pem
+.PRECIOUS: %.key %.csr %.crt %.pem
+
+usage:
+	@echo "This makefile allows you to create:"
+	@echo "  o public/private key pairs"
+	@echo "  o SSL certificate signing requests (CSRs)"
+	@echo "  o self-signed SSL test certificates"
+	@echo
+	@echo "To create a key pair, run \"make SOMETHING.key\"."
+	@echo "To create a CSR, run \"make SOMETHING.csr\"."
+	@echo "To create a test certificate, run \"make SOMETHING.crt\"."
+	@echo "To create a key and a test certificate in one file, run \"make SOMETHING.pem\"."
+	@echo
+	@echo "To create a key for use with Apache, run \"make genkey\"."
+	@echo "To create a CSR for use with Apache, run \"make certreq\"."
+	@echo "To create a test certificate for use with Apache, run \"make testcert\"."
+	@echo
+	@echo "To create a test certificate with serial number other than random, add SERIAL=num"
+	@echo "You can also specify key length with KEYLEN=n and expiration in days with DAYS=n"
+	@echo "Any additional options can be passed to openssl req via EXTRA_FLAGS"
+	@echo
+	@echo Examples:
+	@echo "  make server.key"
+	@echo "  make server.csr"
+	@echo "  make server.crt"
+	@echo "  make stunnel.pem"
+	@echo "  make genkey"
+	@echo "  make certreq"
+	@echo "  make testcert"
+	@echo "  make server.crt SERIAL=1"
+	@echo "  make stunnel.pem EXTRA_FLAGS=-sha384"
+	@echo "  make testcert DAYS=600"
+
+%.pem:
+	umask 77 ; \
+	PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
+	PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
+	/usr/bin/openssl req $(UTF8) -newkey $(TYPE) -keyout $$PEM1 -nodes -x509 -days $(DAYS) -out $$PEM2 $(EXTRA_FLAGS) ; \
+	cat $$PEM1 >  $@ ; \
+	echo ""    >> $@ ; \
+	cat $$PEM2 >> $@ ; \
+	$(RM) $$PEM1 $$PEM2
+
+%.key:
+	umask 77 ; \
+	/usr/bin/openssl genrsa -aes128 $(KEYLEN) > $@
+
+%.csr: %.key
+	umask 77 ; \
+	/usr/bin/openssl req $(UTF8) -new -key $^ -out $@
+
+%.crt: %.key
+	umask 77 ; \
+	/usr/bin/openssl req $(UTF8) -new -key $^ -x509 -days $(DAYS) -out $@ $(EXTRA_FLAGS)
+
+TLSROOT=/etc/pki/tls
+KEY=$(TLSROOT)/private/localhost.key
+CSR=$(TLSROOT)/certs/localhost.csr
+CRT=$(TLSROOT)/certs/localhost.crt
+
+genkey: $(KEY)
+certreq: $(CSR)
+testcert: $(CRT)
+
+$(CSR): $(KEY)
+	umask 77 ; \
+	/usr/bin/openssl req $(UTF8) -new -key $(KEY) -out $(CSR)
+
+$(CRT): $(KEY)
+	umask 77 ; \
+	/usr/bin/openssl req $(UTF8) -new -key $(KEY) -x509 -days $(DAYS) -out $(CRT) $(EXTRA_FLAGS)

_service:tar_scm:README.en.md Changed

_service:tar_scm:README.md Changed

_service:tar_scm:astyle_3.1_linux.tar.gz Deleted

_service:tar_scm:openssl-1.1.1m.tar.gz Added

_service:tar_scm:openssl.yaml Added