Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29286)
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29306)
Neil Horman [Wed, 3 Dec 2025 19:36:54 +0000 (14:36 -0500)]
Make find-doc-nits compatible accross git versions
We recently found that the addition of a git config command in
util/find-doc-nits is broken in some cases, sepecifically because git
around version 2.46 broke command line compatibility, replacing the
--regexp option with the --get-regexp option. So to maintain usage of
this specific command to parse the .gitconfig file, we would need to do
some extra version detection to construct the proper command line.
However, find-doc-nits already has a fallback condition, which does some
pure perl parsing of the gitconfig file, which works perfectly well.
Instead of trying to do version matching to construct the right form of
the git config command line, just remove it all, and rely on the perl
parrse to do this work for us, which works currently in all cases.
Fixes #29197
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29304)
Viktor Dukhovni [Wed, 3 Dec 2025 04:24:46 +0000 (15:24 +1100)]
Clarify/fix encoder/decoder context docs and code
In was premature to make OSSL_(EN|DE)CODER_CTX_[sg]et_finalized() be
public interfaces. Forunately, these have not yet appeared outside the
"master" branch, so we can still retract them.
Also, in the case of decoders, the implementation failed to take into
account that the context was duplicated before it was returned to the
user, and the duplicated copy failed to copy the "finalized" field.
This commit also renames "finalized" to "frozen", because
finalisation is a misleading term in this context, it suggests
resource reclamation during garbage collection or deallocation,
not marking a structure partly immutable.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29206)
Viktor Dukhovni [Mon, 24 Nov 2025 13:37:49 +0000 (00:37 +1100)]
Per-key encoding formats for ML-KEM and ML-DSA
We support selection of ML-KEM and ML-DSA key formats on input and
output at the provider level, these are essentially global defaults,
in effect for the lifetime of the process.
Unfortunately, the JAVA interface in openssl-jostle needs to be able to
output a specific key in seed-only form. To that end, this PR
introduces a new "output-formats" PKEY encoding parameter, that can be used
with OSSL_ENCODER_CTX_set_params(3) when encoding a key to PKCS#8, after
using OSSL_ENCODER_CTX_new_for_key(3), rather than i2d_PrivateKey(3),
i2d_PKCS8PrivateKey(3) or PEM equivalents.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29206)
In a hypothetical scenario that jent_entropy_init_ex fails, or if
get_jitter_random-value fails, there are a few unexpected
posibilities.
If jent_entropy_init_ex fails, the seed initialisation may return NULL
and then DRBG will be initiated with NULL seed, which will
automatically fallback to os-seed, which will escape module boundary
(if this jitter rng is from the fips module), and call getrandom
syscall.
And separately if get_jitter_random_value fails, it may put DRBG in an
error state, but it might not put the FIPS module in error state, like
it should as per the ISO standard.
To instrument these things, I had to create tampered
jitterentropy-library that always returns errors for init_ex and
read_entropy apis, and then use gdb tracing on both libcrypto.so and
fips.so.
The most minimal solution to above hypothetical error code paths, is
to simply call ossl_set_error_state. It is either harmless, or in case
of fips-jitter will correctly put the FIPS module into error state and
prevent any further operation; and cruitially prevent silent fallback
to getrandom syscall.
Note it is unlikely that this ever was out of compliance, as often
enough getrandom syscall goes to a kernel with validated entropy
source; and openssl fips module still did reject sampling which is too
entropy source compliant.
Nonetheless it is good to fix this hypothetical error path, and
backport this to 3.5 and up.
This is similar / additional fixes, to this previous change:
- https://github.com/openssl/openssl/pull/25957
- https://github.com/openssl/openssl/commit/b9886a6f3483e0525596d3b3956416282038da82
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29226)
Norbert Pocs [Thu, 13 Nov 2025 14:53:28 +0000 (15:53 +0100)]
apps: Remove opt_legacy_okay function
The function used to check for ENGINEs to determine if a legacy code
path is available, but it makes no sense to keep it after the ENGINE
removal, as the legacy path will always fail.
Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29305)
Norbert Pocs [Fri, 21 Nov 2025 13:04:20 +0000 (14:04 +0100)]
Remove OPENSSL_INIT_ENGINE_* definitions
Keeping OPENSSL_INIT_ENGINE_ALL_BUILTIN to be defined always to zero as
it might be the most used one outside of the library, meanwhile keeping
the others undefined unless OPENSSL_ENGINE_STUBS is defined.
Neil Horman [Thu, 11 Sep 2025 20:09:56 +0000 (16:09 -0400)]
remove dasync engine test from test_rand
We're removing the engine, so we don't need to test this anymore.
NOTE: This also removes the engine skip check from the test, and this
breaks testing until such time as PR #28461 is merged (which replaces
the remaining engine test with a provider).
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Norbert Pocs <norbertp@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29305)
Neil Horman [Thu, 11 Sep 2025 19:39:44 +0000 (15:39 -0400)]
remove afalg tests
We have a specific test suite that exercizes the afalg engine, that is
becoming useless with engine removal.
I had considered that we should perhaps convert this into a provider,
but having looked at the engine itself, it only offers implementations
for AES-128, AES-192 and AES-256. Given that the default provider
offers these algorithms with hardware acceleration via the aesni
instruction set (or comparable instructions on non-x86 arches), it seems
like the only advantage the afalg engine offers is acceleration of these
ciphers on platforms that have off-cpu accelerators and no cpu based
acceleration support.
given that:
a) Most cpus have instruction based acceleration
b) We don't test with any platforms that use external accelerators
It seems like alot of investment to get no real advantage, so just
remove the test, allowing us to delete the engine entirely in another
PR.
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Norbert Pocs <norbertp@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29305)
Neil Horman [Thu, 11 Sep 2025 19:19:45 +0000 (15:19 -0400)]
Remove dasync engine from sslapitest and sslbuffertest
With the impending engine removal, we don't have a need to test engine
functionality in these tests anymore, so remove the test cases that make
use of the dasync engine here.
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Norbert Pocs <norbertp@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29305)
Most of the ifdefs were removed, but we want to rewrite the dasync
engine to a provider. Therefore that code was not removed; instead a new
temporary macro was added named TODO_REWRITE_ME_DASYNC_PROVIDER.
Engine removal: Silence the CI tests about engines
As we can't do every change in one big PR (and we also don't want),
therefore there always will be failing tests until everything is
resolved/cleaned up. This way we silence the CI about engine tests and
later we can reenable them to see what else needs to be fixed.
check_cert_crl(): Set CRL score for CRLs returned by get_crl callback
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29199)
Beat Bolli [Sun, 23 Feb 2025 14:10:40 +0000 (15:10 +0100)]
Change hexdump width to a multiple of 8 bytes
10, 15 and 18 seem quite unnatural byte counts in the context of hex
dumps. Standardize on 24 bytes for signatures (to stay within the 80
characters limit) and 16 bytes for everything else.
Adjust all test cert dumps to match the new output format.
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29266)
lan1120 [Tue, 2 Dec 2025 01:36:57 +0000 (09:36 +0800)]
mlx_kem_dup(): Set key state to MLX_HAVE_NOKEYS when not copying keypair
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29280)
Matthias Kraft [Fri, 28 Nov 2025 14:30:01 +0000 (15:30 +0100)]
Skip symbol_presence test on AIX
AIX `nm` reports symbols in a different way.
Fix for: #29247
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29276)
Caolán McNamara [Fri, 28 Nov 2025 09:05:07 +0000 (09:05 +0000)]
const up some more low hanging things
Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29246)
APPS/load_key_certs_crls(): prevent mem leaks on error w.r.t. any leftover credentials
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28005)
Fortunately due to the initial size of the allocated
buffer and the limit for unfragmented DTLS record size
the use-after-realloc cannot be triggered.
But we fix the potentially problematic code anyway.
Reported Joshua Rogers. It was found with the ZeroPath security
tooling.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29278)
Bob Beck [Thu, 28 Aug 2025 18:59:59 +0000 (12:59 -0600)]
Disable clang format around .c includes
we assume these to be order sensitive and not self contained, so
as per our new style we disable clang format around them.
we should consider renaming to .inc, or doing away with some
of these and just putting the code inline, but that's for
later consideration.
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29241)
Bob Beck [Fri, 28 Nov 2025 18:20:53 +0000 (11:20 -0700)]
Disable clang-format around line-wrap sensitive lines in malloc_test.c
If OPENSSL_LINE ends up on a different line than the following call here,
this test breaks.
We should perhaps reconsider if testing the reporting of OPENSSL_LINE
is what we want in a malloc test, but that's for another time than now.
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29241)
Bob Beck [Thu, 27 Nov 2025 22:17:00 +0000 (15:17 -0700)]
Disable clang format around multi-line macros of sparc assembly
They are not asm, but spit out stuff that is not C
Clang-format gets confused and does bad things with them.
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29241)
Bob Beck [Tue, 2 Sep 2025 16:07:08 +0000 (10:07 -0600)]
Fix cmp_ctx_test.c to be less sensitive to line wrapping.
Similar to the previous errtest.c fix this also is not broken
by any reformatting today, but this change makes this follow
the same pattern as the other things that test OPENSSL_LINE
after the fact so we maintain the same paradigm everywhere.
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29241)
Bob Beck [Fri, 29 Aug 2025 17:37:36 +0000 (11:37 -0600)]
fix errtest to be less sensitive to line wrapping changes
(in it's final form it will work with either compiler
because it's currently one line, but was tripped up before
by the #ifdef, so redid it to be consistent with the
other changes previously in this stack)
While I am here correct the test to test for all possible
return values of ERR_get_error_all, without the #ifdefs
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29241)
projects / thirdparty / openssl.git / log
