Remove frozen store. This is a mock up that will be replaced with the real implementation.

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29331)

.clang-format

@@ -243,6 +243,7 @@ StatementMacros:
   - "ASN1_SEQUENCE_END_enc"
   - "ASN1_SEQUENCE_END_name"
   - "ASN1_SEQUENCE_END_ref"
+  - "static_ASN1_SEQUENCE_END"
   # This isn't quite right, but it causes clang-format to do a slightly better
   # job formatting this macro.
   - "ASN1_EX_TEMPLATE_TYPE"

apps/cmp.c

@@ -87,6 +87,7 @@ static char *opt_srvcert = NULL;
 static char *opt_expect_sender = NULL;
 static int opt_ignore_keyusage = 0;
 static int opt_unprotected_errors = 0;
+static int opt_ta_in_ip_extracerts = 0;
 static int opt_no_cache_extracerts = 0;
 static char *opt_srvcertout = NULL;
 static char *opt_extracertsout = NULL;
@@ -281,6 +282,7 @@ typedef enum OPTION_choice {
     OPT_EXPECT_SENDER,
     OPT_IGNORE_KEYUSAGE,
     OPT_UNPROTECTED_ERRORS,
+    OPT_TA_IN_IP_EXTRACERTS,
     OPT_NO_CACHE_EXTRACERTS,
     OPT_SRVCERTOUT,
     OPT_EXTRACERTSOUT,
@@ -509,6 +511,12 @@ const OPTIONS cmp_options[] = {
         "certificate responses (ip/cp/kup), revocation responses (rp), and PKIConf" },
     { OPT_MORE_STR, 0, 0,
         "WARNING: This setting leads to behavior allowing violation of RFC 9810" },
+    { "ta_in_ip_extracerts", OPT_TA_IN_IP_EXTRACERTS, '-',
+        "Permit using self-issued certificates from the extraCerts in an IP message" },
+    { OPT_MORE_STR, 0, 0,
+        "as trust anchors under conditions defined by 3GPP TS 33.310" },
+    { OPT_MORE_STR, 0, 0,
+        "WARNING: This setting leads to behavior allowing violation of RFC 9810" },
     { "no_cache_extracerts", OPT_NO_CACHE_EXTRACERTS, '-',
         "Do not keep certificates received in the extraCerts CMP message field" },
     { "srvcertout", OPT_SRVCERTOUT, 's',
@@ -727,6 +735,7 @@ static varref cmp_vars[] = { /* must be in same order as enumerated above! */
     { &opt_trusted }, { &opt_untrusted }, { &opt_srvcert },
     { &opt_expect_sender },
     { (char **)&opt_ignore_keyusage }, { (char **)&opt_unprotected_errors },
+    { (char **)&opt_ta_in_ip_extracerts },
     { (char **)&opt_no_cache_extracerts },
     { &opt_srvcertout }, { &opt_extracertsout }, { &opt_cacertsout },
     { &opt_oldwithold }, { &opt_newwithnew }, { &opt_newwithold }, { &opt_oldwithnew },
@@ -1391,6 +1400,10 @@ static int setup_verification_ctx(OSSL_CMP_CTX *ctx)
 
     if (opt_unprotected_errors)
         (void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_UNPROTECTED_ERRORS, 1);
+    if (opt_ta_in_ip_extracerts) {
+        (void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR, 1);
+        CMP_warn("permitting non-authenticated trust anchors in IP extracerts according to 3GPP TS 33.310");
+    }
 
     if (opt_out_trusted != NULL) { /* for use in OSSL_CMP_certConf_cb() */
         X509_VERIFY_PARAM *out_vpm = NULL;
@@ -2963,6 +2976,9 @@ static int get_opts(int argc, char **argv)
         case OPT_UNPROTECTED_ERRORS:
             opt_unprotected_errors = 1;
             break;
+        case OPT_TA_IN_IP_EXTRACERTS:
+            opt_ta_in_ip_extracerts = 1;
+            break;
         case OPT_NO_CACHE_EXTRACERTS:
             opt_no_cache_extracerts = 1;
             break;

crypto/bio/bss_dgram.c

@@ -64,7 +64,12 @@
 #undef NO_RECVMSG
 #define NO_RECVMSG
 #endif
-#if (defined(__ANDROID_API__) && __ANDROID_API__ < 21) || defined(_AIX)
+#if (defined(__ANDROID_API__) && __ANDROID_API__ < 21)
+#undef NO_RECVMMSG
+#define NO_RECVMMSG
+#endif
+#if defined(_AIX) && !defined(_AIX72)
+/* AIX >= 7.2 provides sendmmsg() and recvmmsg(). */
 #undef NO_RECVMMSG
 #define NO_RECVMMSG
 #endif
@@ -130,7 +135,14 @@
     BIO_MAX(BIO_CMSG_ALLOC_LEN_1, \
         BIO_MAX(BIO_CMSG_ALLOC_LEN_2, BIO_CMSG_ALLOC_LEN_3))
 #endif
-#if (defined(IP_PKTINFO) || defined(IP_RECVDSTADDR)) && defined(IPV6_RECVPKTINFO)
+/*
+ * Although AIX defines IP_RECVDSTADDR and IPV6_RECVPKTINFO, the
+ * implementation requires IP_PKTINFO to be available for AF_INET.
+ * For AF_INET6 there seem to be limitations how local addresses
+ * are handled on AIX. So, disable the support for now.
+ */
+#if (defined(IP_PKTINFO) || defined(IP_RECVDSTADDR)) && defined(IPV6_RECVPKTINFO) \
+    && !defined(_AIX)
 #define SUPPORT_LOCAL_ADDR
 #endif
 #endif

crypto/cmp/cmp_vfy.c

@@ -327,21 +327,31 @@ static int check_cert_path(const OSSL_CMP_CTX *ctx, X509_STORE *store,
 /*
  * Exceptional handling for 3GPP TS 33.310 [3G/LTE Network Domain Security
  * (NDS); Authentication Framework (AF)], only to use for IP messages
- * and if the ctx option is explicitly set: use self-issued certificates
- * from extraCerts as trust anchor to validate sender cert -
- * provided it also can validate the newly enrolled certificate
+ * and if the ctx option is explicitly set: use self-issued certificates from
+ * extraCerts as trust anchors when validating the CMP message protection cert
+ * in this and any subsequent responses from the server in the same transaction,
+ * but only if these extraCerts can also be used as trust anchors for validating
+ * the newly enrolled certificate received in the IP message.
  */
 static int check_cert_path_3gpp(const OSSL_CMP_CTX *ctx,
     const OSSL_CMP_MSG *msg, X509 *scrt)
 {
     int valid = 0;
     X509_STORE *store;
+    STACK_OF(X509) *extraCerts;
 
     if (!ctx->permitTAInExtraCertsForIR)
         return 0;
 
+    /*
+     * Initially, use extraCerts from the IP message.
+     * For subsequent msgs (pollRep or PKIConf) in the same transaction,
+     * use extraCertsIn remembered from earlier message (typically, the IP message).
+     * The extraCertsIn field will be cleared by OSSL_CMP_CTX_reinit().
+     */
+    extraCerts = ctx->extraCertsIn == NULL ? msg->extraCerts : ctx->extraCertsIn;
     if ((store = X509_STORE_new()) == NULL
-        || !ossl_cmp_X509_STORE_add1_certs(store, msg->extraCerts,
+        || !ossl_cmp_X509_STORE_add1_certs(store, extraCerts,
             1 /* self-issued only */))
         goto err;
 
@@ -554,10 +564,11 @@ end:
  * (in this order) and is path is validated against ctx->trusted.
  * On success cache the found cert using ossl_cmp_ctx_set1_validatedSrvCert().
  *
- * If ctx->permitTAInExtraCertsForIR is true and when validating a CMP IP msg,
- * the trust anchor for validating the IP msg may be taken from msg->extraCerts
- * if a self-issued certificate is found there that can be used to
- * validate the enrolled certificate returned in the IP.
+ * If ctx->permitTAInExtraCertsForIR is true, when validating a CMP IP message,
+ * trust anchors for validating the IP message (and any subsequent responses
+ * by the server in the same transaction) may be taken from msg->extraCerts
+ * if self-issued certificates are found there that can also be used
+ * to validate the newly enrolled certificate returned in the IP msg.
  * This is according to the need given in 3GPP TS 33.310.
  *
  * Returns 1 on success, 0 on error or validation failed.

crypto/context.c

@@ -547,6 +547,13 @@ OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx)
     return NULL;
 }
 
+int OSSL_LIB_CTX_freeze(OSSL_LIB_CTX *ctx, const char *propq)
+{
+    if ((ctx = ossl_lib_ctx_get_concrete(ctx)) == NULL)
+        return 0;
+    return ossl_method_store_freeze(ctx->evp_method_store, propq);
+}
+
 void ossl_release_default_drbg_ctx(void)
 {
     /* early release of the DRBG in global default libctx */

crypto/evp/digest.c

@@ -1078,7 +1078,13 @@ static void evp_md_free(void *md)
 EVP_MD *EVP_MD_fetch(OSSL_LIB_CTX *ctx, const char *algorithm,
     const char *properties)
 {
-    EVP_MD *md = evp_generic_fetch(ctx, OSSL_OP_DIGEST, algorithm, properties,
+    EVP_MD *md = NULL;
+
+    if (evp_generic_fetch_frozen(ctx, OSSL_OP_DIGEST, algorithm, properties,
+            NULL, (void **)&md))
+        return md;
+
+    md = evp_generic_fetch(ctx, OSSL_OP_DIGEST, algorithm, properties,
         evp_md_from_algorithm, evp_md_up_ref, evp_md_free);
 
     return md;

crypto/evp/evp_fetch.c

@@ -388,6 +388,77 @@ inner_evp_generic_fetch(struct evp_method_data_st *methdata,
     return method;
 }
 
+/* TODO: FREEZE: Replace with actual implementation */
+/*
+ * Returns 1 if method store is frozen AND prop query is equal to frozen prop
+ * query. Only sets METHOD if found.
+ */
+int evp_generic_fetch_frozen(OSSL_LIB_CTX *libctx, int operation_id,
+    const char *name, const char *properties,
+    OSSL_PROVIDER *prov, void **method)
+{
+    OSSL_METHOD_STORE *store = get_evp_method_store(libctx);
+    const char *store_propq;
+    OSSL_NAMEMAP *namemap;
+    uint32_t meth_id;
+#ifdef FIPS_MODULE
+    /*
+     * The FIPS provider has its own internal library context where only it
+     * is loaded.  Consequently, property queries aren't relevant because
+     * there is only one fetchable algorithm and it is assumed that the
+     * FIPS-ness is handled by the using algorithm.
+     */
+    const char *const propq = "";
+#else
+    const char *const propq = properties != NULL ? properties : "";
+#endif /* FIPS_MODULE */
+
+    if (store == NULL) {
+        ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_INVALID_ARGUMENT);
+        return 0;
+    }
+
+    /*
+     * If there's ever an operation_id == 0 passed, we have an internal
+     * programming error.
+     */
+    if (!ossl_assert(operation_id > 0)) {
+        ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    /* Return 0 if not frozen or prop query is different than frozen prop query */
+    if (!ossl_method_store_is_frozen(store))
+        return 0;
+    if (strlen(propq) != 0
+        && (store_propq = ossl_method_store_frozen_propq(store)) != NULL
+        && strcmp(propq, store_propq) != 0) {
+        return 0;
+    }
+
+    /* If we haven't received a name id yet, try to get one for the name */
+    namemap = ossl_namemap_stored(libctx);
+    if (namemap == NULL) {
+        ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_INVALID_ARGUMENT);
+        return 0;
+    }
+    meth_id = name != NULL ? ossl_namemap_name2num(namemap, name) : 0;
+
+    /*
+     * If we have a name id, calculate a method id with evp_method_id().
+     *
+     * evp_method_id returns 0 if we have too many operations (more than
+     * about 2^8) or too many names (more than about 2^24).
+     * For all intents and purposes, this is an internal error.
+     */
+    if (meth_id != 0 && (meth_id = evp_method_id(meth_id, operation_id)) == 0) {
+        ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    return ossl_frozen_method_store_cache_get(store, prov, meth_id, propq, method);
+}
+
 void *evp_generic_fetch(OSSL_LIB_CTX *libctx, int operation_id,
     const char *name, const char *properties,
     void *(*new_method)(int name_id,

crypto/evp/evp_local.h

@@ -302,6 +302,9 @@ void *evp_generic_fetch(OSSL_LIB_CTX *ctx, int operation_id,
         OSSL_PROVIDER *prov),
     int (*up_ref_method)(void *),
     void (*free_method)(void *));
+int evp_generic_fetch_frozen(OSSL_LIB_CTX *libctx, int operation_id,
+    const char *name, const char *properties,
+    OSSL_PROVIDER *prov, void **method);
 void *evp_generic_fetch_from_prov(OSSL_PROVIDER *prov, int operation_id,
     const char *name, const char *properties,
     void *(*new_method)(int name_id,

crypto/property/property.c

@@ -25,6 +25,7 @@
 #include "crypto/sparse_array.h"
 #include "property_local.h"
 #include "crypto/context.h"
+#include "crypto/evp.h"
 
 /*
  * The number of elements in the query cache before we initiate a flush.
@@ -86,6 +87,12 @@ struct ossl_method_store_st {
 
     /* Flag: 1 if query cache entries for all algs need flushing */
     int cache_need_flush;
+
+    /* Flag: 1 if method store is frozen */
+    int frozen;
+
+    /* Property query associated with frozen state */
+    char *frozen_propq;
 };
 
 typedef struct {
@@ -265,6 +272,7 @@ void ossl_method_store_free(OSSL_METHOD_STORE *store)
         ossl_sa_ALGORITHM_free(store->algs);
         CRYPTO_THREAD_lock_free(store->lock);
         CRYPTO_THREAD_lock_free(store->biglock);
+        OPENSSL_free(store->frozen_propq);
         OPENSSL_free(store);
     }
 }
@@ -324,7 +332,7 @@ int ossl_method_store_add(OSSL_METHOD_STORE *store, const OSSL_PROVIDER *prov,
     int ret = 0;
     int i;
 
-    if (nid <= 0 || method == NULL || store == NULL)
+    if (nid <= 0 || method == NULL || store == NULL || store->frozen == 1)
         return 0;
 
     if (properties == NULL)
@@ -438,7 +446,7 @@ int ossl_method_store_remove(OSSL_METHOD_STORE *store, int nid,
     ALGORITHM *alg = NULL;
     int i;
 
-    if (nid <= 0 || method == NULL || store == NULL)
+    if (nid <= 0 || method == NULL || store == NULL || store->frozen == 1)
         return 0;
 
     if (!ossl_property_write_lock(store))
@@ -540,7 +548,7 @@ int ossl_method_store_remove_all_provided(OSSL_METHOD_STORE *store,
 {
     struct alg_cleanup_by_provider_data_st data;
 
-    if (!ossl_property_write_lock(store))
+    if (store == NULL || store->frozen == 1 || !ossl_property_write_lock(store))
         return 0;
     data.prov = prov;
     data.store = store;
@@ -549,6 +557,34 @@ int ossl_method_store_remove_all_provided(OSSL_METHOD_STORE *store,
     return 1;
 }
 
+int ossl_method_store_freeze(OSSL_METHOD_STORE *store, const char *propq)
+{
+    if (store == NULL || store->frozen == 1)
+        return 0;
+
+    if (propq != NULL) {
+        store->frozen_propq = OPENSSL_strdup(propq);
+        if (store->frozen_propq == NULL)
+            return 0;
+    }
+    /* TODO: FREEZE: Create frozen caches */
+    store->frozen = 1;
+
+    return 1;
+}
+
+int ossl_method_store_is_frozen(OSSL_METHOD_STORE *store)
+{
+    return store != NULL && store->frozen == 1;
+}
+
+const char *ossl_method_store_frozen_propq(OSSL_METHOD_STORE *store)
+{
+    if (store == NULL)
+        return NULL;
+    return store->frozen_propq;
+}
+
 static void alg_do_one(ALGORITHM *alg, IMPLEMENTATION *impl,
     void (*fn)(int id, void *method, void *fnarg),
     void *fnarg)
@@ -774,7 +810,7 @@ static void ossl_method_cache_flush(OSSL_METHOD_STORE *store, int nid)
 
 int ossl_method_store_cache_flush_all(OSSL_METHOD_STORE *store)
 {
-    if (!ossl_property_write_lock(store))
+    if (store == NULL || store->frozen == 1 || !ossl_property_write_lock(store))
         return 0;
     ossl_sa_ALGORITHM_doall(store->algs, &impl_cache_flush_alg);
     store->cache_nelem = 0;
@@ -856,6 +892,11 @@ static void ossl_method_cache_flush_some(OSSL_METHOD_STORE *store)
         tsan_add(&global_seed, state.seed);
 }
 
+/* TODO: FREEZE: Remove these and replace with actual implementation */
+static EVP_MD andrew_md;
+static void *andrew_method = NULL;
+
+/* TODO: FREEZE: Replace with actual implementation */
 int ossl_method_store_cache_get(OSSL_METHOD_STORE *store, OSSL_PROVIDER *prov,
     int nid, const char *prop_query, void **method)
 {
@@ -886,6 +927,39 @@ err:
     return res;
 }
 
+/* TODO: FREEZE: Replace with actual implementation */
+int ossl_frozen_method_store_cache_get(OSSL_METHOD_STORE *store,
+    OSSL_PROVIDER *prov, int nid,
+    const char *prop_query, void **method)
+{
+    /*
+     * Query triplet (nid, prov, prop_query) from frozen store with no fallback.
+     */
+
+    /*
+     * TODO: FREEZE: Replace with actual implementation
+     * For now, just store & fetch from global variables
+     */
+    EVP_MD *temp_method;
+
+    if (andrew_method == NULL) {
+        if (!ossl_method_store_cache_get(store, prov, nid, prop_query, (void **)&temp_method))
+            return 0;
+
+        memcpy(&andrew_md, temp_method, sizeof(andrew_md));
+        andrew_md.origin = EVP_ORIG_FROZEN;
+        andrew_method = &andrew_md;
+        EVP_MD_free(temp_method);
+    }
+
+    if (andrew_method != NULL) {
+        *method = andrew_method;
+        return 1;
+    }
+
+    return 0;
+}
+
 int ossl_method_store_cache_set(OSSL_METHOD_STORE *store, OSSL_PROVIDER *prov,
     int nid, const char *prop_query, void *method,
     int (*method_up_ref)(void *),
@@ -896,7 +970,7 @@ int ossl_method_store_cache_set(OSSL_METHOD_STORE *store, OSSL_PROVIDER *prov,
     size_t len;
     int res = 1;
 
-    if (nid <= 0 || store == NULL || prop_query == NULL)
+    if (nid <= 0 || store == NULL || prop_query == NULL || store->frozen == 1)
         return 0;
 
     if (!ossl_assert(prov != NULL))

crypto/rsa/rsa_gen.c

@@ -693,12 +693,12 @@ static int rsa_keygen(OSSL_LIB_CTX *libctx, RSA *rsa, int bits, int primes,
 static int rsa_keygen_pairwise_test(RSA *rsa, OSSL_CALLBACK *cb, void *cbarg)
 {
     int ret = 0;
-    unsigned int plaintxt_len;
     unsigned char *plaintxt = NULL;
-    unsigned int ciphertxt_len;
     unsigned char *ciphertxt = NULL;
     unsigned char *decoded = NULL;
-    unsigned int decoded_len;
+    int plaintxt_len;
+    int ciphertxt_len;
+    int decoded_len;
     int padding = RSA_NO_PADDING;
     OSSL_SELF_TEST *st = NULL;
 

crypto/x509/x509_vfy.c

@@ -193,8 +193,7 @@ static int verify_cb_crl(X509_STORE_CTX *ctx, int err)
 /*
  * Inform the verify callback of an error, OCSP-specific variant.
  * It is called also on OCSP response errors, if the
- * X509_V_FLAG_OCSP_RESP_CHECK or X509_V_FLAG_OCSP_RESP_CHECK_ALL flag
- * is set.
+ * X509_V_FLAG_OCSP_RESP_CHECK flag is set.
  * Here, the error depth and certificate are already set, we just specify
  * the error number.
  *
@@ -1134,10 +1133,10 @@ trusted:
 static int check_revocation(X509_STORE_CTX *ctx)
 {
     int i = 0, last = 0, ok = 0;
-    int crl_check_enabled = (ctx->param->flags & (X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL)) != 0;
-    int crl_check_all_enabled = (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL) != 0;
-    int ocsp_check_enabled = (ctx->param->flags & (X509_V_FLAG_OCSP_RESP_CHECK | X509_V_FLAG_OCSP_RESP_CHECK_ALL)) != 0;
-    int ocsp_check_all_enabled = (ctx->param->flags & X509_V_FLAG_OCSP_RESP_CHECK_ALL) != 0;
+    int crl_check_enabled = (ctx->param->flags & X509_V_FLAG_CRL_CHECK) != 0;
+    int crl_check_all_enabled = crl_check_enabled && (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL) != 0;
+    int ocsp_check_enabled = (ctx->param->flags & X509_V_FLAG_OCSP_RESP_CHECK) != 0;
+    int ocsp_check_all_enabled = ocsp_check_enabled && (ctx->param->flags & X509_V_FLAG_OCSP_RESP_CHECK_ALL) != 0;
 
     if (!crl_check_enabled && !ocsp_check_enabled)
         return 1;

doc/build.info

@@ -1607,6 +1607,10 @@ DEPEND[html/man3/OPENSSL_malloc.html]=man3/OPENSSL_malloc.pod
 GENERATE[html/man3/OPENSSL_malloc.html]=man3/OPENSSL_malloc.pod
 DEPEND[man/man3/OPENSSL_malloc.3]=man3/OPENSSL_malloc.pod
 GENERATE[man/man3/OPENSSL_malloc.3]=man3/OPENSSL_malloc.pod
+DEPEND[html/man3/OPENSSL_ppccap.html]=man3/OPENSSL_ppccap.pod
+GENERATE[html/man3/OPENSSL_ppccap.html]=man3/OPENSSL_ppccap.pod
+DEPEND[man/man3/OPENSSL_ppccap.3]=man3/OPENSSL_ppccap.pod
+GENERATE[man/man3/OPENSSL_ppccap.3]=man3/OPENSSL_ppccap.pod
 DEPEND[html/man3/OPENSSL_riscvcap.html]=man3/OPENSSL_riscvcap.pod
 GENERATE[html/man3/OPENSSL_riscvcap.html]=man3/OPENSSL_riscvcap.pod
 DEPEND[man/man3/OPENSSL_riscvcap.3]=man3/OPENSSL_riscvcap.pod
@@ -3455,6 +3459,7 @@ html/man3/OPENSSL_instrument_bus.html \
 html/man3/OPENSSL_load_builtin_modules.html \
 html/man3/OPENSSL_load_u16_le.html \
 html/man3/OPENSSL_malloc.html \
+html/man3/OPENSSL_ppccap.html \
 html/man3/OPENSSL_riscvcap.html \
 html/man3/OPENSSL_s390xcap.html \
 html/man3/OPENSSL_secure_malloc.html \
@@ -4129,6 +4134,7 @@ man/man3/OPENSSL_instrument_bus.3 \
 man/man3/OPENSSL_load_builtin_modules.3 \
 man/man3/OPENSSL_load_u16_le.3 \
 man/man3/OPENSSL_malloc.3 \
+man/man3/OPENSSL_ppccap.3 \
 man/man3/OPENSSL_riscvcap.3 \
 man/man3/OPENSSL_s390xcap.3 \
 man/man3/OPENSSL_secure_malloc.3 \

doc/man1/openssl-cmp.pod.in

@@ -70,6 +70,7 @@ Server authentication options:
 [B<-expect_sender> I<name>]
 [B<-ignore_keyusage>]
 [B<-unprotected_errors>]
+[B<-ta_in_ip_extracerts>]
 [B<-no_cache_extracerts>]
 [B<-srvcertout> I<filename>]
 [B<-extracertsout> I<filename>]
@@ -715,6 +716,22 @@ with a signature key."
 
 =back
 
+=item B<-ta_in_ip_extracerts>
+
+This is a quirk option added to support 3GPP TS 33.310.
+B<WARNING:> This leads to behavior violating RFCs 4210 and 9810.
+
+It allows using self-issued certificates from the extraCerts in an IP message
+as non-authenticated trust anchors when validating the CMP message protection certificate
+in this and any subsequent responses from the server in the same transaction,
+but only if these extraCerts can also be used as trust anchors for validating
+the newly enrolled certificate received in the IP message.
+
+Note that using this option is dangerous as the to-be-trusted certificates
+obtained this way have not been authenticated (at least not at CMP level).
+Taking them over as initial trust anchors
+implements a form of trust-on-first-use (TOFU).
+
 =item B<-no_cache_extracerts>
 
 Do not cache certificates in the extraCerts field of CMP messages received.
@@ -1513,6 +1530,8 @@ and B<-rsp_crl> options were added in OpenSSL 3.4.
 B<-centralkeygen>, B<-newkeyout>, B<-rsp_key> and
 B<-rsp_keypass> were added in OpenSSL 3.5.
 
+The B<-ta_in_ip_extracerts> quirk option was added in OpenSSL 4.0.
+
 The B<-engine> option was removed in OpenSSL 4.0.
 
 =head1 COPYRIGHT

doc/man1/openssl.pod

@@ -674,7 +674,8 @@ For information about specific commands, see L<openssl-rehash(1)>
 and L<tsget(1)>.
 
 For information about querying or specifying CPU architecture flags, see
-L<OPENSSL_ia32cap(3)>, L<OPENSSL_s390xcap(3)> and L<OPENSSL_riscvcap(3)>.
+L<OPENSSL_ia32cap(3)>, L<OPENSSL_ppccap(3)>, L<OPENSSL_s390xcap(3)>,
+and L<OPENSSL_riscvcap(3)>.
 
 =head1 SEE ALSO
 

doc/man3/OPENSSL_ppccap.pod

@@ -0,0 +1,155 @@
+=pod
+
+=head1 NAME
+
+OPENSSL_ppccap - the PowerPC processor capabilities vector
+
+=head1 SYNOPSIS
+
+ env OPENSSL_ppccap=... <application>
+
+=head1 DESCRIPTION
+
+libcrypto supports PowerPC instruction set extensions. These extensions are
+represented by bits in the PowerPC capabilities vector. When libcrypto
+initializes, it stores the results returned by PowerPC CPU capabilities detection
+logic in the PowerPC capabilities vector. The CPU capabilities detection methods
+are OS-dependent and use a combination of information gathered by the kernel
+during boot and probe functions that attempt to execute instructions and trap
+illegal instruction signals with a signal handler.
+
+To override the set of extensions available to an application, you can set the
+B<OPENSSL_ppccap> environment variable before you start the application. The
+environment variable is assigned a numerical value that denotes the bits in
+the PowerPC capabilities vector. The ppc_arch.h header file states that, "Flags'
+usage can appear ambiguous, because they are set rather to reflect OpenSSL
+performance preferences than actual processor capabilities."
+
+Multiple extensions are enabled by logically OR-ing the values that represent the
+desired extensions.
+
+B<Notes>: Enabling an extension on a CPU that does not support the extension
+will result in a SIGILL crash. On AIX, all vector instructions can be disabled
+with the schedo -ro allow_vmx=0 command. DO NOT USE THIS COMMAND to disable
+vector instructions in the OS when it is running on a CPU level that supports the
+instructions without also disabling them in libcrpto via the OPENSSL_ppccap
+environment variable or the application will crash with a SIGILL.
+
+Currently, the following extensions are defined:
+
+=over 4
+
+=item 0x01
+
+Name: B<PPC_FPU64>
+
+This flag is obsolete.
+
+=item 0x02
+
+Name: B<PPC_ALTIVEC>
+
+Meaning: Use AltiVec (aka VMX) instructions. In some but not all cases, this
+capability gates the use of later ISA vector instructions. The associated probe
+instruction is vor (vector logical or).
+
+Effect: Enables use of vector instructions but does not enable extensions added
+at specific ISA levels. However, disabling this capability disables a subset of
+vector extensions added at specific ISA levels even if they are otherwise
+enabled.
+
+=item 0x04
+
+Name: B<PPC_CRYPTO207>
+
+Meaning: Use instructions added in ISA level 2.07. The associated probe
+instruction instruction is vcipher (vector AES cipher round).
+
+Effect: Enables AES, SHA-2 sigma, and other ISA 2.07 instructions for AES, SHA-2,
+GHASH, and Poly1305.
+
+=item 0x08
+
+Name: B<PPC_FPU>
+
+Meaning: Use FPU instructions. The associated probe instruction is fmr (floating
+move register).
+
+Effect: Enables Poly1305 FPU implementation. The PPC_CRYPTO207 capability
+overrides this effect.
+
+=item 0x10
+
+Name: B<PPC_MADD300>
+
+Meaning: Use instructions added in ISA level 3.00. The associated probe
+instruction is maddhdu (multiply-add high doubleword unsigned).
+
+Effect: Enables use of the polynomial multiply and other ISA 3.00 instructions
+for AES-GCM, P-384, and P-521.
+
+=item 0x20
+
+Name: B<PPC_MFTB>
+
+Meaning: Use the mftb (move from time base) instruction. The associated probe
+instruction is mftb.
+
+Effect: Enables use of the mftb instruction to sample the lower 32 bits of the
+CPU time base register in order to acquire entropy. Considered obsolete.  The
+PPC_MFSPR268 capability overrides this capability.
+
+=item 0x40
+
+Name: B<PPC_MFSPR268>
+
+Meaning: Use the mfspr (move from special purpose register) instruction to
+read SPR 268. The associated probe instruction is mfspr 268.
+
+Effect: Enables use of the mfspr instruction to sample the lower 32 bits of the
+CPU time base register from SPR 268, the TBL (time base lower) register, in order
+to acquire entropy.
+
+=item 0x80
+
+Name: B<PPC_BRD31>
+
+Meaning: Use instructions added in ISA level 3.1. The associated probe instruction
+is brd (byte-reverse doubleword).
+
+Effect: Enables use of ISA 3.1 instructions in ChaCha20.
+
+=back
+
+=head1 RETURN VALUES
+
+Not available.
+
+=head1 EXAMPLES
+
+Check currently detected capabilities:
+
+ $ openssl info -cpusettings
+ OPENSSL_ppccap=0x2E
+
+The detected capabilities in the above example indicate that PPC_MFTB, PPC_FPU,
+PPC_CRYPTO207, PPC_MFSPR268, and PPC_ALTIVEC are enabled.
+
+Disable all instruction set extensions:
+
+ OPENSSL_ppccap=0x00
+
+Enable base AltiVec extensions:
+
+ OPENSSL_ppccap=0x02
+
+=head1 COPYRIGHT
+
+Copyright 2025 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut

doc/man3/OSSL_CMP_CTX_new.pod

@@ -343,13 +343,18 @@ Else, 'digitalSignature' must be allowed by CMP signer certificates.
 
 =item B<OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR>
 
-Allow retrieving a trust anchor from extraCerts and using that
-to validate the certificate chain of an IP message.
 This is a quirk option added to support 3GPP TS 33.310.
+It leads to behavior violating RFCs 4210 and 9810.
+It allows using self-issued certificates from the extraCerts in an IP message
+as trust anchors when validating the CMP message protection certificate
+in this and any subsequent responses from the server in the same transaction,
+but only if these extraCerts can also be used as trust anchors for validating
+the newly enrolled certificate received in the IP message.
 
-Note that using this option is dangerous as the certificate obtained
-this way has not been authenticated (at least not at CMP level).
-Taking it over as a trust anchor implements trust-on-first-use (TOFU).
+Note that using this option is dangerous as the to-be-trusted certificates
+obtained this way have not been authenticated (at least not at CMP level).
+Taking them over as initial trust anchors
+implements a form of trust-on-first-use (TOFU).
 
 =item B<OSSL_CMP_OPT_NO_CACHE_EXTRACERTS>
 

doc/man3/OSSL_LIB_CTX.pod

@@ -5,7 +5,8 @@
 OSSL_LIB_CTX, OSSL_LIB_CTX_get_data, OSSL_LIB_CTX_new,
 OSSL_LIB_CTX_new_from_dispatch, OSSL_LIB_CTX_new_child,
 OSSL_LIB_CTX_free, OSSL_LIB_CTX_load_config,
-OSSL_LIB_CTX_get0_global_default, OSSL_LIB_CTX_set0_default
+OSSL_LIB_CTX_get0_global_default, OSSL_LIB_CTX_set0_default,
+OSSL_LIB_CTX_freeze
 - OpenSSL library context
 
 =head1 SYNOPSIS
@@ -24,6 +25,7 @@ OSSL_LIB_CTX_get0_global_default, OSSL_LIB_CTX_set0_default
  OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void);
  OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *ctx);
  void *OSSL_LIB_CTX_get_data(OSSL_LIB_CTX *ctx, int index);
+ void *OSSL_LIB_CTX_freeze(OSSL_LIB_CTX *ctx, const char* propq);
 
 =head1 DESCRIPTION
 
@@ -121,6 +123,20 @@ If ctx is NULL then the function operates on the default library context.
 OSSL_LIB_CTX_get_data() returns a memory address whose interpretation
 depends on the index.
 
+OSSL_LIB_CTX_freeze() freezes the method store associated with the library
+context. A frozen context will speed up ONLY isolated, uncached algorithm
+lookups. This is specifically designed to benefit legacy high-throughput
+applications with worker threads doing isolated computations, without requiring
+a code restructuring. Existing and new applications are generally recommended to
+not use this feature and instead structure the application to pre-initialize
+contexts where possible. This function should only be called from a non-threaded
+context, before any worker threads have been dispatched.
+
+If propq is NULL, it will only speed up method store operations with a NULL
+property query. If propq is not NULL, it will also speed up method store
+operations when given that exact property query. Other property queries will go
+through the normal, slower lookup method.
+
 =head1 RETURN VALUES
 
 OSSL_LIB_CTX_new(), OSSL_LIB_CTX_get0_global_default() and
@@ -134,15 +150,20 @@ OSSL_LIB_CTX_load_config() returns 1 on success, 0 on error.
 OSSL_LIB_CTX_get_data() returns a memory address whose interpretation
 depends on the index.
 
+OSSL_LIB_CTX_freeze() returns 1 on success, 0 on error. A frozen library context
+cannot be frozen again.
+
 =head1 HISTORY
 
 All of the functions described on this page were added in OpenSSL 3.0.
 
 OSSL_LIB_CTX_get_data() was introduced in OpenSSL 3.4.
 
+OSSL_LIB_CTX_freeze() was introduced in OpenSSL 4.0.
+
 =head1 COPYRIGHT
 
-Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man7/openssl-env.pod

@@ -234,7 +234,8 @@ OpenSSL supports a number of different algorithm implementations for
 various machines and, by default, it determines which to use based on the
 processor capabilities and run time feature enquiry.  These environment
 variables can be used to exert more control over this selection process.
-See L<OPENSSL_ia32cap(3)>, L<OPENSSL_riscvcap(3)>, and L<OPENSSL_s390xcap(3)>.
+See L<OPENSSL_ia32cap(3)>, L<OPENSSL_ppccap(3)>, L<OPENSSL_riscvcap(3)>,
+and L<OPENSSL_s390xcap(3)>.
 
 These variables are not considered security-sensitive.
 

include/crypto/evp.h

@@ -252,6 +252,7 @@ struct evp_kdf_st {
 #define EVP_ORIG_DYNAMIC 0
 #define EVP_ORIG_GLOBAL 1
 #define EVP_ORIG_METH 2
+#define EVP_ORIG_FROZEN 3
 
 struct evp_md_st {
     /* nid */

include/internal/ktls.h

@@ -407,7 +407,7 @@ static ossl_inline int ktls_read_record(int fd, void *data, size_t length)
     unsigned char *p = data;
     const size_t prepend_length = SSL3_RT_HEADER_LENGTH;
 
-    if (length < prepend_length + EVP_GCM_TLS_TAG_LEN) {
+    if (length < prepend_length) {
         errno = EINVAL;
         return -1;
     }
@@ -417,17 +417,27 @@ static ossl_inline int ktls_read_record(int fd, void *data, size_t length)
     msg.msg_controllen = sizeof(cmsgbuf.buf);
 
     msg_iov.iov_base = p + prepend_length;
-    msg_iov.iov_len = length - prepend_length - EVP_GCM_TLS_TAG_LEN;
+    msg_iov.iov_len = length - prepend_length;
     msg.msg_iov = &msg_iov;
     msg.msg_iovlen = 1;
 
+    memset(p, 0, prepend_length);
+
     ret = recvmsg(fd, &msg, 0);
     if (ret < 0)
         return ret;
 
+    if ((msg.msg_flags & (MSG_EOR | MSG_CTRUNC)) != MSG_EOR) {
+        errno = EMSGSIZE;
+        return -1;
+    }
+
     if (msg.msg_controllen > 0) {
         cmsg = CMSG_FIRSTHDR(&msg);
-        if (cmsg->cmsg_type == TLS_GET_RECORD_TYPE) {
+        if (cmsg != NULL
+            && cmsg->cmsg_level == SOL_TLS
+            && cmsg->cmsg_type == TLS_GET_RECORD_TYPE
+            && cmsg->cmsg_len >= CMSG_LEN(sizeof(unsigned char))) {
             p[0] = *((unsigned char *)CMSG_DATA(cmsg));
             p[1] = TLS1_2_VERSION_MAJOR;
             p[2] = TLS1_2_VERSION_MINOR;

include/internal/property.h

@@ -71,6 +71,11 @@ int ossl_method_store_fetch(OSSL_METHOD_STORE *store,
 int ossl_method_store_remove_all_provided(OSSL_METHOD_STORE *store,
     const OSSL_PROVIDER *prov);
 
+/* Frozen method store related functions */
+int ossl_method_store_freeze(OSSL_METHOD_STORE *store, const char *propq);
+int ossl_method_store_is_frozen(OSSL_METHOD_STORE *store);
+const char *ossl_method_store_frozen_propq(OSSL_METHOD_STORE *store);
+
 /* Get the global properties associate with the specified library context */
 OSSL_PROPERTY_LIST **ossl_ctx_global_properties(OSSL_LIB_CTX *ctx,
     int loadconfig);
@@ -78,6 +83,9 @@ OSSL_PROPERTY_LIST **ossl_ctx_global_properties(OSSL_LIB_CTX *ctx,
 /* property query cache functions */
 int ossl_method_store_cache_get(OSSL_METHOD_STORE *store, OSSL_PROVIDER *prov,
     int nid, const char *prop_query, void **result);
+int ossl_frozen_method_store_cache_get(OSSL_METHOD_STORE *store,
+    OSSL_PROVIDER *prov, int nid,
+    const char *prop_query, void **result);
 int ossl_method_store_cache_set(OSSL_METHOD_STORE *store, OSSL_PROVIDER *prov,
     int nid, const char *prop_query, void *result,
     int (*method_up_ref)(void *),

include/openssl/crypto.h.in

@@ -586,6 +586,7 @@ OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void);
 OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx);
 int OSSL_LIB_CTX_get_conf_diagnostics(OSSL_LIB_CTX *ctx);
 void OSSL_LIB_CTX_set_conf_diagnostics(OSSL_LIB_CTX *ctx, int value);
+int OSSL_LIB_CTX_freeze(OSSL_LIB_CTX *ctx, const char *propq);
 
 void OSSL_sleep(uint64_t millis);
 

providers/implementations/encode_decode/decode_der2key.c

@@ -60,11 +60,13 @@ ASN1_SEQUENCE(BARE_ALGOR) = {
     ASN1_SIMPLE(BARE_ALGOR, oid, ASN1_OBJECT),
 } static_ASN1_SEQUENCE_END(BARE_ALGOR)
 
-    ASN1_SEQUENCE(BARE_PUBKEY)
-    = { ASN1_EMBED(BARE_PUBKEY, algor, BARE_ALGOR), ASN1_SIMPLE(BARE_PUBKEY, pubkey, ASN1_BIT_STRING) } static_ASN1_SEQUENCE_END(BARE_PUBKEY)
+ASN1_SEQUENCE(BARE_PUBKEY) = {
+    ASN1_EMBED(BARE_PUBKEY, algor, BARE_ALGOR),
+    ASN1_SIMPLE(BARE_PUBKEY, pubkey, ASN1_BIT_STRING)
+} static_ASN1_SEQUENCE_END(BARE_PUBKEY)
 #endif /* OPENSSL_NO_SLH_DSA */
 
-        struct der2key_ctx_st; /* Forward declaration */
+struct der2key_ctx_st; /* Forward declaration */
 typedef int check_key_fn(void *, struct der2key_ctx_st *ctx);
 typedef void adjust_key_fn(void *, struct der2key_ctx_st *ctx);
 typedef void free_key_fn(void *);

providers/implementations/keymgmt/ec_kmgmt.c

@@ -985,7 +985,7 @@ static void *ec_gen_init(void *provctx, int selection,
         gctx->ecdh_mode = 0;
         OSSL_FIPS_IND_INIT(gctx)
         if (!ec_gen_set_params(gctx, params)) {
-            OPENSSL_free(gctx);
+            ec_gen_cleanup(gctx);
             gctx = NULL;
         }
     }

providers/implementations/keymgmt/ml_kem_kmgmt.inc.in

@@ -35,6 +35,6 @@ use OpenSSL::paramnames qw(produce_param_decoder);
                          )); -}
 
 {- produce_param_decoder('ml_kem_gen_set_params',
-                         (['OSSL_PKEY_PARAM_ML_DSA_SEED', 'seed',  'octet_string'],
+                         (['OSSL_PKEY_PARAM_ML_KEM_SEED', 'seed',  'octet_string'],
                           ['OSSL_PKEY_PARAM_PROPERTIES',  'propq', 'utf8_string'],
                          )); -}

providers/implementations/keymgmt/mlx_kmgmt.c

@@ -722,6 +722,7 @@ static void *mlx_kem_dup(const void *vkey, int selection)
         if (ret->xkey == NULL)
             return ret;
         /* Fail if the source key is an inconsistent state */
+        OPENSSL_free(ret->propq);
         OPENSSL_free(ret);
         return NULL;
     }

ssl/d1_lib.c

@@ -731,10 +731,17 @@ int DTLSv1_listen(SSL *ssl, BIO_ADDR *client)
                 &wbuf[DTLS1_RT_HEADER_LENGTH + DTLS1_HM_HEADER_LENGTH - 3],
                 3);
 
-            if (s->msg_callback)
-                s->msg_callback(1, version, SSL3_RT_HEADER, wbuf,
-                    DTLS1_RT_HEADER_LENGTH, ssl,
-                    s->msg_callback_arg);
+            if (s->msg_callback) {
+                /* Report the outgoing DTLS record header */
+                s->msg_callback(1, (int)version, SSL3_RT_HEADER,
+                    wbuf, DTLS1_RT_HEADER_LENGTH,
+                    ssl, s->msg_callback_arg);
+                /* Report the HelloVerifyRequest handshake message */
+                s->msg_callback(1, (int)version, SSL3_RT_HANDSHAKE,
+                    wbuf + DTLS1_RT_HEADER_LENGTH,
+                    wreclen - DTLS1_RT_HEADER_LENGTH,
+                    ssl, s->msg_callback_arg);
+            }
 
             if ((tmpclient = BIO_ADDR_new()) == NULL) {
                 ERR_raise(ERR_LIB_SSL, ERR_R_BIO_LIB);

test/evp_fetch_prov_test.c

@@ -20,6 +20,7 @@
 #include <openssl/provider.h>
 #include "internal/sizes.h"
 #include "testutil.h"
+#include "crypto/evp.h"
 
 static char *config_file = NULL;
 static char *alg = "digest";
@@ -219,6 +220,46 @@ err:
     return ret;
 }
 
+static int test_EVP_MD_fetch_freeze(void)
+{
+    EVP_MD *md = NULL;
+    int ret = 0;
+    OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
+
+    if (!TEST_ptr(ctx)
+        || !TEST_ptr(md = EVP_MD_fetch(ctx, "SHA256", NULL))
+        || !TEST_true(test_md(md))
+        || !TEST_int_ne(md->origin, EVP_ORIG_FROZEN))
+        goto err;
+    EVP_MD_free(md);
+    md = NULL;
+
+    if (!TEST_int_eq(OSSL_LIB_CTX_freeze(ctx, "?fips=true"), 1)
+        || !TEST_ptr(md = EVP_MD_fetch(ctx, "SHA256", NULL))
+        || !TEST_true(test_md(md))
+        || !TEST_int_eq(md->origin, EVP_ORIG_FROZEN))
+        goto err;
+    /* Technically, frozen version doesn't need to be freed */
+    EVP_MD_free(md);
+
+    if (!TEST_ptr(md = EVP_MD_fetch(ctx, "SHA256", "?fips=true"))
+        || !TEST_true(test_md(md))
+        || !TEST_int_eq(md->origin, EVP_ORIG_FROZEN))
+        goto err;
+    EVP_MD_free(md);
+
+    if (!TEST_ptr(md = EVP_MD_fetch(ctx, "SHA256", "?provider=default"))
+        || !TEST_true(test_md(md))
+        || !TEST_int_ne(md->origin, EVP_ORIG_FROZEN))
+        goto err;
+
+    ret = 1;
+err:
+    OSSL_LIB_CTX_free(ctx);
+    EVP_MD_free(md);
+    return ret;
+}
+
 static int test_explicit_EVP_MD_fetch_by_name(void)
 {
     return test_explicit_EVP_MD_fetch("SHA256");
@@ -402,6 +443,7 @@ int setup_tests(void)
     }
     ADD_TEST(test_legacy_provider_unloaded);
     if (strcmp(alg, "digest") == 0) {
+        ADD_TEST(test_EVP_MD_fetch_freeze);
         ADD_TEST(test_implicit_EVP_MD_fetch);
         ADD_TEST(test_explicit_EVP_MD_fetch_by_name);
         ADD_ALL_TESTS_NOSUBTEST(test_explicit_EVP_MD_fetch_by_X509_ALGOR, 2);

test/property_test.c

@@ -417,6 +417,41 @@ err:
     return ret;
 }
 
+static int test_freeze_flag(void)
+{
+    int ret = 0, nid = 6;
+    const char *prop = "position=1", *prop2 = "position=2";
+    char *impl = "a", *impl2 = "b";
+    OSSL_METHOD_STORE *store;
+    OSSL_PROVIDER prov = { 1 };
+    const OSSL_PROVIDER *fetched_prov = NULL;
+    void *fetched_meth = NULL;
+
+    if (!TEST_ptr(store = ossl_method_store_new(NULL))
+        || !TEST_true(add_property_names("position", NULL))
+        || !TEST_true(ossl_method_store_add(store, &prov, nid, prop, impl, &up_ref, &down_ref))
+        || !TEST_true(ossl_method_store_fetch(store, nid, prop, &fetched_prov, &fetched_meth))
+        || !TEST_ptr_eq(&prov, fetched_prov)
+        || !TEST_str_eq((char *)fetched_meth, impl)
+        || !TEST_true(ossl_method_store_freeze(store, NULL))
+        || !TEST_false(ossl_method_store_remove(store, nid, impl))
+        || !TEST_true(ossl_method_store_fetch(store, nid, prop, &fetched_prov, &fetched_meth))
+        || !TEST_ptr_eq(&prov, fetched_prov)
+        || !TEST_str_eq((char *)fetched_meth, impl)
+        || !TEST_false(ossl_method_store_remove_all_provided(store, fetched_prov))
+        || !TEST_true(ossl_method_store_fetch(store, nid, prop, &fetched_prov, &fetched_meth))
+        || !TEST_ptr_eq(&prov, fetched_prov)
+        || !TEST_str_eq((char *)fetched_meth, impl)
+        || !TEST_false(ossl_method_store_add(store, &prov, nid, prop2, impl2, &up_ref, &down_ref))
+        || !TEST_false(ossl_method_store_freeze(store, NULL)))
+        goto err;
+
+    ret = 1;
+err:
+    ossl_method_store_free(store);
+    return ret;
+}
+
 static int test_property(void)
 {
     static OSSL_PROVIDER fake_provider1 = { 1 };
@@ -713,6 +748,7 @@ int setup_tests(void)
     ADD_TEST(test_property_defn_cache);
     ADD_ALL_TESTS(test_definition_compares, OSSL_NELEM(definition_tests));
     ADD_TEST(test_register_deregister);
+    ADD_TEST(test_freeze_flag);
     ADD_TEST(test_property);
     ADD_TEST(test_query_cache_stochastic);
     ADD_TEST(test_fips_mode);

util/libcrypto.num

@@ -5815,3 +5815,4 @@ OSSL_PARAM_clear_free                   ?	4_0_0	EXIST::FUNCTION:
 CMS_dataFinal_ex                        ?	4_0_0	EXIST::FUNCTION:CMS
 CMS_SignerInfo_verify_ex                ?	4_0_0	EXIST::FUNCTION:CMS
 EVP_SIGNATURE_has_message_update        ?	4_0_0	EXIST::FUNCTION:
+OSSL_LIB_CTX_freeze                     ?	4_0_0	EXIST::FUNCTION: