Joshua Rogers [Mon, 13 Oct 2025 23:59:04 +0000 (07:59 +0800)]
apps/s_time: reset reused SSL with SSL_clear in doConnection
Signed-off-by: Joshua Rogers <MegaManSec@users.noreply.github.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/28911)
Joshua Rogers [Sun, 12 Oct 2025 13:39:42 +0000 (21:39 +0800)]
comp/zstd: make bio_zstd_read return -1 on hard errors
Split NULL out param from zero outl. Return -1 on malloc failure and
NULL parameter. Keep 0 only for outl <= 0 and clean EOF. This lets
callers distinguish errors from empty reads without inspecting the
error queue.
Signed-off-by: Joshua Rogers <MegaManSec@users.noreply.github.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/28908)
Richard Levitte [Wed, 8 Oct 2025 20:55:45 +0000 (22:55 +0200)]
Cleanup: Remove include/crypto/bn_conf.h.in
It turns out that this reproduces what's already done conditionally in
include/openssl/configuration.h.in. Furthermore, include/crypto/bn_conf.h
was only included in crypto/bn/bn_local.h using the same guard as the
definition in include/openssl/configuration.h, which is already included
by crypto/bn/bn_local.h anyway, via include/openssl/opensslconf.h.
Therefore, include/crypto/bn_conf.h.in can be removed, alongside the
construction and inclusion of include/crypto/bn_conf.h.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28794)
Simo Sorce [Thu, 2 Oct 2025 21:57:42 +0000 (17:57 -0400)]
Run on-demand self-tests when requested
The `on_demand_test` flag passed to `SELF_TEST_post` was not being honored by
the Known Answer Test (KAT) runner. Tests marked as 'deferred' were always
skipped.
This change passes the `on_demand_test` flag through to the KAT functions,
ensuring that when an on-demand test is requested, the full suite of self-
tests is executed as intended.
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28725)
Simo Sorce [Tue, 30 Sep 2025 20:12:03 +0000 (16:12 -0400)]
Allow running individual FIPS self-tests
This introduces a new function, `SELF_TEST_kats_single()`, to the FIPS
provider. This allows for deferring running the Known Answer Tests (KATs)
for a specific algorithm. This is useful to avoid running
computationally costly tests upfront and instead run them only if the
algorithm is actually going to be used.
To support this, a `deferred` flag has been added to the test data
structures. The main self-test function, `SELF_TEST_kats()`, is updated to
skip tests marked for deferred execution, preserving its existing startup
behavior for all other tests.
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28725)
Bob Beck [Tue, 21 Oct 2025 17:20:35 +0000 (11:20 -0600)]
Remove the hack to accept tests failing for out of range input
Now that OPENSSL_gmtime is backed by tm_to_posix and posix_to_tm
it validates the input from struct tm, so it is no longer necessary
to have hacks in place to allow for out of bound input tests to
fail.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28949)
If the call to ASN1_item_ex_d2i() from x509_pubkey_ex_d2i_ex() fails
*pval is freed by asn1_item_ex_d2i_intern()->ASN1_item_ex_free()->ossl_asn1_item_embed_free()
inside the ASN1_item_ex_d2i() function without freeing the
string buffer X509_PUBKEY::propq that was previously allocated
in x509_pubkey_ex_new_ex() and we lose the pointer to this buffer.
The function we are fixing here is one of the functions used
to define X509_PUBKEY - so any operations that work directly
on X509_PUBKEY_INTERNAL should be prevented from freeing
the structure because they don't know how to handle it.
Signed-off-by: Andrey Tsygunka <aitsygunka@yandex.ru> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27333)
Neil Horman [Wed, 8 Oct 2025 12:20:36 +0000 (08:20 -0400)]
Copy impls stack when calling ossl_method_store_do_all
PR https://github.com/openssl/openssl/pull/24782 introduced a copying of
the algs stack in ossl_method_store_do all, so that the subsequent
iteration of elements through alg_do_one could be done without a lock,
and without triggering a tsan error as reported in:
https://github.com/openssl/openssl/issues/24672
However, the problem wasn't completely fixed. Issue:
https://github.com/openssl/openssl/issues/27726
Noted that, sometimes we still get a crash when iterating over each algs
impls stack. This occurs because, even though we've cloned the algs to
a private data area, the impls stack for each alg still points to shared
data, which we are accessing without the benefit of a lock. Because of
that, if some other thread calls a function that mutates the impl stack
(say ossl_method_store_remove()), we may encounter a NULL or garbage
value in one of the impl stack values, leading to an unexpected NULL
pointer or simmilar, which in turn leads to a crash.
Unfortunately we can't use a lock to create exclusive access here, as
there are several paths that lead to a recursive mutation of the stack,
which would deadlock.
So the only way that I see to prevent this (which is admittedly ugly),
is to not only clone the alg stack, but to duplicate each algs impl
stack with the read lock held, prior to doing the iteration.
Further, we've been unable to test this, as the problem is rare, and we
don't have a solid reproducer for the issue, but visual inspection
suggests this should fix that. Hopefully:
Fixes #27726
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28783)
Tomas Mraz [Wed, 22 Oct 2025 13:07:10 +0000 (15:07 +0200)]
Disable also argon2, scrypt and slh-dsa with no-bulk
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/28970)
Tomas Mraz [Wed, 22 Oct 2025 13:03:24 +0000 (15:03 +0200)]
scrypt.c: Do not include the param with OPENSSL_NO_SCRYPT
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/28970)
Simo Sorce [Mon, 28 Jul 2025 19:32:06 +0000 (15:32 -0400)]
Clear keymgmt params containing sensitive data
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28108)
Simo Sorce [Mon, 28 Jul 2025 14:59:54 +0000 (10:59 -0400)]
Test OSSL_PARAM_clear_free()
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28108)
Simo Sorce [Mon, 28 Jul 2025 12:32:54 +0000 (08:32 -0400)]
Add a way to cleanse params arrays
This uses the return_size field of the last terminating parameter
similaraly to how secure memory uses the data and data_size fields,
to hold the total size of memory allocated for params.
This is then used to be able to call OPENSSL_cleanse on the params
fields via the new OSSL_PARAM_clear_free() call.
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28108)
Bernd Edlinger [Tue, 21 Oct 2025 11:42:00 +0000 (13:42 +0200)]
Fix heap-buffer-overflow in CI fuzzing tests
The ASN1_STRING is not supposed to be used as a
zero-terminated string. Therefore we need to check
the string length explicitly and use memcmp instead of
strcmp in ossl_x509_check_cert_time.
Fixes a regression introduced by #28623
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28962)
Bob Beck [Sat, 4 Oct 2025 13:34:11 +0000 (07:34 -0600)]
Adapt the tests to not care about failures from platform gmtime()
Now that we don't use gmtime, timegm and friends from the platform
we should be able to handle all values the same on any platform
with no concerns other than what the platform has decided to use
for time_t.
The hpux #ifdef is removed, as looking at f5e3115361f shows this
was added due to a gmtime() failure on the platform.
This then clears out all the platform specific chaos in helper.c
as an example of why the public API being added is actually
generally useful, as it has been noticed that users of OpenSSL
frequently end up dealing with the same issues in the same really
awful ways in their own software as were were doing in that file
in the tests.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28748)
Bob Beck [Fri, 3 Oct 2025 12:16:33 +0000 (06:16 -0600)]
Bring in posix time conversion functions, originally from BoringSSL
This is effectively a Julien date computation, but done as seconds since
the POSIX epoch, all checked for overflow and limited to dates from year
0000 to 9999.
This is advantageous as it removed the need to use the operating system provided
timegm() and gmtime() functions which are only semi-standardized in any case and
when they aren't there or don't work other nastiness needs to be tried to do
the same thing. Even when they are there, you need to worry about the size of
time_t and if the bad idea bears of unsigned time_t have visited this platform.
By simply doing the conversion ourselves, to and from and int64, this can be
done the same everywhere, and bounds checked when being put into a time_t.
This adds public API that is already added in libre and boring in
<openssl/posix_time.h>:
These are added in the forks due to noticing a fair bit of software needing
to perform similar error-prone conversions themselves when dealing with
ASN1 times (such as what we have to do in the tests). While I intend to
use some of this API for further simplification in a follow on changes in
several places (such as ocsp and X509) For now we only use it to simplify
the test helpers and clean that up a bunch
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28748)
Nikola Pajkovsky [Thu, 16 Oct 2025 06:25:06 +0000 (08:25 +0200)]
provider: reduce lock contention in ossl_provider_find
There's really no point to always take write lock, and sort the
store->providers every time. Instead, check if store->providers is
sorted, and if not, then upgrade to the write lock, otherwise use read
lock.
Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28927)
Nikola Pajkovsky [Wed, 15 Oct 2025 10:48:06 +0000 (12:48 +0200)]
clang deprecates sprintf on macos
test/threadstest.c:1376:9: error: 'sprintf' is deprecated.
The same issues is in the ossl-nghttp3-demo.
Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28903)
Simo Sorce [Thu, 16 Oct 2025 19:48:09 +0000 (15:48 -0400)]
signature: Use include file for generated code
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28838)
Simo Sorce [Thu, 16 Oct 2025 19:48:09 +0000 (15:48 -0400)]
rands: Use include file for generated code
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28838)
Simo Sorce [Thu, 16 Oct 2025 19:48:08 +0000 (15:48 -0400)]
macs: Use include file for generated code
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28838)
Simo Sorce [Thu, 16 Oct 2025 19:48:08 +0000 (15:48 -0400)]
keymgmt: Use include file for generated code
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28838)
Simo Sorce [Fri, 17 Oct 2025 02:57:36 +0000 (22:57 -0400)]
Fix handling of include files in libtemplate
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28838)
Simo Sorce [Thu, 16 Oct 2025 19:48:08 +0000 (15:48 -0400)]
kem: Use include file for generated code
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28838)
Simo Sorce [Thu, 16 Oct 2025 19:48:07 +0000 (15:48 -0400)]
kdfs: Use include file for generated code
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28838)
Simo Sorce [Thu, 16 Oct 2025 19:48:07 +0000 (15:48 -0400)]
exchange: Use include file for generated code
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28838)
Simo Sorce [Thu, 16 Oct 2025 19:48:07 +0000 (15:48 -0400)]
encode_decode: Use include file for generated code
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28838)
Simo Sorce [Thu, 16 Oct 2025 19:48:07 +0000 (15:48 -0400)]
digests: Use include file for generated code
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28838)
Simo Sorce [Thu, 16 Oct 2025 19:48:06 +0000 (15:48 -0400)]
ciphers: Use include file for generated code
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28838)
Simo Sorce [Fri, 17 Oct 2025 02:26:33 +0000 (22:26 -0400)]
Fix handling of include files in libcommon
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28838)
Simo Sorce [Thu, 16 Oct 2025 19:48:06 +0000 (15:48 -0400)]
asymciphers: Use include file for generated code
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28838)
Simo Sorce [Mon, 13 Oct 2025 21:48:54 +0000 (17:48 -0400)]
storemgmt: Use include file for generated code
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28838)
Simo Sorce [Fri, 10 Oct 2025 20:32:27 +0000 (16:32 -0400)]
Move generic skeymgmt param decoder to .inc file
The Perl-generated code for the generic symmetric key import parameter decoder
is extracted from `generic.c.in` into a new `generic.inc.in` template.
The main `generic.c` file now includes the generated `generic.inc` file. This
change separates the auto-generated code from the handwritten C code,
improving modularity and readability.
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28838)
Joshua Rogers [Fri, 10 Oct 2025 22:57:01 +0000 (06:57 +0800)]
CMP client: fix three memory leaks in error handling of the polling mechanism added in 3.3
These are in poll_for_response(), OSSL_CMP_try_certreq(), and OSSL_CMP_exec_certreq().
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/28840)
Fixes for NonStop builds on 3.5 to handle OS platform header file changes.
This changes handles the introduction of _POSIX_VERSION into the NonStop x86
header files that tricks OpenSSL into thinking that ucontext.h is available.
Fixes #28498
Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28769)
Joshua Rogers [Sat, 11 Oct 2025 12:10:48 +0000 (20:10 +0800)]
SMIME_text() and SMIME_crlf_copy() small refactoring
When out is NULL, SMIME_text() now skips BIO_write entirely and continues
to return success based on the read loop result. This matches existing
and expected semantics while avoiding a pointless write and any error masking.
Signed-off-by: Joshua Rogers <MegaManSec@users.noreply.github.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28879)
Joshua Rogers [Sat, 11 Oct 2025 06:11:07 +0000 (14:11 +0800)]
freebsd ktls: avoid unaligned 16 bit length store in ktls_read_record
This prevents SIGBUS on strict alignment architectures when p+3 is not aligned
for 16 bit access. Behavior is unchanged on x86 and matches the Linux path.
Signed-off-by: Joshua Rogers <MegaManSec@users.noreply.github.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28860)
Joshua Rogers [Fri, 10 Oct 2025 16:48:52 +0000 (00:48 +0800)]
ssl/statem: write 16-bit ECDHE group id in SKE
tls_construct_server_key_exchange wrote the named group as two u8 bytes with the high byte set to 0. TLS requires a 16-bit NamedGroup. Use WPACKET_put_bytes_u16(curve_id) so ids >= 256 are encoded correctly. No change for groups < 256.
Signed-off-by: Joshua Rogers <MegaManSec@users.noreply.github.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28835)
Joshua Rogers [Fri, 10 Oct 2025 12:36:31 +0000 (20:36 +0800)]
Resetting the cookie_len should set the cookie_len to 0.
Signed-off-by: Joshua Rogers <MegaManSec@users.noreply.github.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28817)
Joshua Rogers [Fri, 10 Oct 2025 11:55:31 +0000 (19:55 +0800)]
Fix off-by-one overflow in the AST resubmit
Signed-off-by: Joshua Rogers <MegaManSec@users.noreply.github.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28811)
Joshua Rogers [Wed, 8 Oct 2025 07:31:18 +0000 (15:31 +0800)]
Disallow Message sequence number 2 in DTLSv1_listen
Signed-off-by: Joshua Rogers <MegaManSec@users.noreply.github.com> Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28788)
Joshua Rogers [Wed, 8 Oct 2025 22:14:15 +0000 (06:14 +0800)]
ssl: fix OOB write in SSL_get_shared_ciphers when no shared ciphers
When no cipher names are appended, p remains at buf and the unconditional
p[-1] = '\0' underflows. Only NUL-terminate if at least one cipher was written;
otherwise return an empty string safely.
Signed-off-by: Joshua Rogers <MegaManSec@users.noreply.github.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28785)
* Adding missing periods.
* Consistently using "OpenSSL" as the project's name.
* Fixing the "`EVP_SKEY`" formatting reverted by a merge resolution
in f815ee19e066 "Harden RSA public encrypt".
* Fitting the lines in 80 characters, do a bit more semantic line breaks.
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28734)
Joshua Rogers [Wed, 8 Oct 2025 07:37:35 +0000 (15:37 +0800)]
APPS/cmp: fix wrong CLI option reference for -ref_cert
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28786)
Joshua Rogers [Fri, 10 Oct 2025 12:58:46 +0000 (20:58 +0800)]
APPS/ocsp: avoid memory leaks on error
Signed-off-by: Joshua Rogers <MegaManSec@users.noreply.github.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28823)
Igor Ustinov [Tue, 14 Oct 2025 18:30:49 +0000 (20:30 +0200)]
Correct assembler version checking in perlasm scripts
Fixes #20520
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28901)
Bob Beck [Sun, 5 Oct 2025 01:25:40 +0000 (19:25 -0600)]
Be fully RFC 5280 pedantic about notAfter
May as well catch this case too. Any such certificate which
is valid for the notBefore at the time in quesion should be
considered valid no mater what the time is even if the system
time has been set to something beyond the range of ASN1_TIME values.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28623)
Nikola Pajkovsky [Thu, 18 Sep 2025 09:13:45 +0000 (11:13 +0200)]
x509store: reduce lock contention in X509_STORE
X509_STORE was using STACK_OF(X509_OBJECT) which is not ideal structure. The
better solution is to use hashmap. The performance gains come from the fact that
sorting was removed and therefore read lock is just enough for looking up
objects/cert/crls from hashmap.
When X509_STORE_get0_objects() is called, the hashmap converts back to
the STACK_OF(X509_OBJECT), and goes back to the original
implementation with the performance hit on lookup side because stack is not
sorted anymore.
Note, hashmap maps X509_NAME to STACK_OF(X509_OBJECT), and the stack is never
sorted which may lead to performance impact if stack contains a huge of objects.
Nikola Pajkovsky [Thu, 18 Sep 2025 08:42:42 +0000 (10:42 +0200)]
Move handy test functions to testutil
Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28599)
projects / thirdparty / openssl.git / log
