Pauli [Fri, 25 Jul 2025 03:15:26 +0000 (13:15 +1000)]
ml_kem kem: convert to using generated param decoders
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28149)
Pauli [Fri, 25 Jul 2025 03:15:26 +0000 (13:15 +1000)]
ecx kem: convert to using generated param decoders
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28149)
Pauli [Fri, 25 Jul 2025 03:15:26 +0000 (13:15 +1000)]
ec kem: convert to using generated param decoders
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28149)
Pauli [Fri, 25 Jul 2025 03:03:40 +0000 (13:03 +1000)]
kem: rename files for autogeneration of param parsing
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28149)
Pauli [Thu, 24 Jul 2025 02:01:03 +0000 (12:01 +1000)]
ecx: convert key exchange to using generated param decoder
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28148)
Pauli [Thu, 24 Jul 2025 02:00:55 +0000 (12:00 +1000)]
ecdh: convert key exchange to using generated param decoder
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28148)
Pauli [Thu, 24 Jul 2025 02:00:48 +0000 (12:00 +1000)]
dh: convert key exchange to using generated param decoder
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28148)
Pauli [Thu, 24 Jul 2025 01:28:12 +0000 (11:28 +1000)]
exchange: rename files for generated param decoders
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28148)
Pauli [Thu, 24 Jul 2025 01:24:00 +0000 (11:24 +1000)]
file_store_any: convert to using generated param decoder
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28147)
Pauli [Thu, 24 Jul 2025 01:23:47 +0000 (11:23 +1000)]
win store: convert to using generated param decoder
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28147)
Pauli [Thu, 24 Jul 2025 01:23:33 +0000 (11:23 +1000)]
file_store: convert to using generated param decoder
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28147)
Pauli [Thu, 24 Jul 2025 01:14:29 +0000 (11:14 +1000)]
storemgmt: rename files for generate param decoders
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28147)
Pauli [Tue, 22 Jul 2025 02:09:23 +0000 (12:09 +1000)]
rsa: update sm asymmetric cipher to use generated param parser
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28145)
Pauli [Tue, 22 Jul 2025 02:09:12 +0000 (12:09 +1000)]
sm2: update sm asymmetric cipher to use generated param parser
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28145)
Pauli [Tue, 22 Jul 2025 01:33:45 +0000 (11:33 +1000)]
asym: rename RSA and SM2 asymmetric cipher files
To allow generated param parsing
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28145)
Pauli [Mon, 21 Jul 2025 02:13:47 +0000 (12:13 +1000)]
drbg: convert DRBGs to use generated ctx get param decoders
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28143)
Pauli [Mon, 21 Jul 2025 01:40:35 +0000 (11:40 +1000)]
drbg: convert DRBGs to use generated ctx set param decoders
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28143)
Pauli [Mon, 21 Jul 2025 00:09:13 +0000 (10:09 +1000)]
crngt: update to use generated param handling
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28143)
Pauli [Mon, 21 Jul 2025 00:07:42 +0000 (10:07 +1000)]
drbg: move drbg_local.h to somewhere it can be found by generated files
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28143)
Pauli [Sun, 20 Jul 2025 23:48:16 +0000 (09:48 +1000)]
seed: update to use generated param handling
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28143)
Pauli [Sun, 20 Jul 2025 23:44:14 +0000 (09:44 +1000)]
jitter: update to use generated param handling
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28143)
Pauli [Sun, 20 Jul 2025 23:36:56 +0000 (09:36 +1000)]
test rand: update to use generated param handling
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28143)
Pauli [Sun, 20 Jul 2025 23:24:50 +0000 (09:24 +1000)]
rands: rename files for autogeneration of param parser
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28143)
Pauli [Wed, 16 Jul 2025 00:50:03 +0000 (10:50 +1000)]
blake2: use generated param decoder
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28142)
Pauli [Wed, 16 Jul 2025 00:49:49 +0000 (10:49 +1000)]
blake2: add generated param decoder
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28142)
Pauli [Mon, 14 Jul 2025 01:22:56 +0000 (11:22 +1000)]
poly1305: convert poly1305 to use param decoder
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28142)
Pauli [Mon, 14 Jul 2025 01:15:43 +0000 (11:15 +1000)]
siphash: convert siphash to use param decoder
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28142)
Pauli [Mon, 14 Jul 2025 01:07:21 +0000 (11:07 +1000)]
gmac: convert GMAC to use param decoder
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28142)
Pauli [Mon, 14 Jul 2025 00:57:54 +0000 (10:57 +1000)]
cmac: convert CMAC to use param decoder
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28142)
Pauli [Mon, 14 Jul 2025 00:48:04 +0000 (10:48 +1000)]
kmac: convert KMAC to use param decoder
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28142)
Pauli [Sun, 13 Jul 2025 23:56:00 +0000 (09:56 +1000)]
hmac: convert HMAC to use param decoder
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28142)
Pauli [Sun, 13 Jul 2025 23:26:23 +0000 (09:26 +1000)]
hmac: remove two unsupported params
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28142)
Pauli [Sun, 13 Jul 2025 23:11:57 +0000 (09:11 +1000)]
Rename MAC files for autogeneration of param parsers
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28142)
Pauli [Fri, 8 Aug 2025 04:01:12 +0000 (14:01 +1000)]
kdf: put back argument null checks
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28204)
Remove OSSL_CRYPTO_ALLOC attribute from CRYPTO_*dup routines
The __attribute__((malloc)) is for functions that return new memory,
and "the memory [returned by the function] has undefined content", which
is a property that doesn't hold for the *dup functions (the same reason
it doesn't apply to realloc).
Fixes: e1035957eba1 "OSSL_CRYPTO_ALLOC attribute introduction proposal." Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28220)
Andrew Dinh [Mon, 11 Aug 2025 10:07:15 +0000 (17:07 +0700)]
Add NULL check
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28221)
Neil Horman [Sun, 10 Aug 2025 21:53:28 +0000 (17:53 -0400)]
Assert SSLFatal on keylog failure
We hit an check_failure assert during memfail testing in
ssl_read_state_machine, based on a return of WORK_ERROR without an
SSLFatal call being made. This occurs because, if we fail in
ssl_log_secret (which we do due to memfail testing, we don't actually
assert an SSL fatal error.
Fix it by adding the SSLFatal call
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28216)
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28207)
doc/man3/SSL_CTX_set_domain_flags: fix version in HISTORY section
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28128)
test/sanitytest.c: fix setitimer usage in timer disarmament
It is incorrect to call setitimer(which, NULL, NULL) to disarm a timer,
Linux just gives a pass on that; properly provide a zeroed-out
structure instead.
Fixes: 760929f6ba18 "crypto/sleep.c: avoid returning early due to signal" Reported-by: Neil Horman <nhorman@openssl.org> Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28215)
Fix memory leak on EVP_CIPHER_param_to_asn1 failure
When EVP_CIPHER_param_to_asn1() fails, xalg->parameter was not freed,
leading to a memory leak. This patch adds proper cleanup for that case.
CLA: trivial
Signed-off-by: 77tiann <27392025k@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28131)
Tomas Mraz [Thu, 31 Jul 2025 19:24:55 +0000 (21:24 +0200)]
ossl_prov_drbg_generate(): Move syscalls out of the write locked section
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28141)
Fix RSA key size validation in EVP_PKEY_RSA_keygen demo
The validation was checking the default 'bits' value (4096) instead of
the parsed 'bits_i' from the command line arguments, allowing invalid
key sizes to bypass the 512-bit minimum.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/28139)
Clemens Lang [Sun, 3 Aug 2025 18:47:36 +0000 (20:47 +0200)]
x509: Accept 'contentCommitment' as alias
ITU-T X.509 (10/2019) section 9.2.2.3 [1] defines 'contentCommitment' as
the current name for what had previously been called 'nonRepudiation',
and deprecates the old name:
> It is not incorrect to refer to this keyUsage bit using the identifier
> nonRepudiation. However, the use of this identifier has been
> deprecated.
Allow 'contentCommitment' as an alias wherever 'nonRepudiation' has been
accepted before, so that passing
-addext keyUsage=critical,contentCommitment
works as expected.
Add a test that checks that contentCommitment sets the same keyUsage bit
as nonRepudiation. Adjust the docs to mention the available alias name.
Signed-off-by: Clemens Lang <cllang@redhat.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28161)
crypto/sleep.c: avoid returning early due to signal
On POSIX systems, sleep/usleep/nanosleep may return early due to arrival
of a signal, and OSSL_sleep does not report that, so it is assumed that
it cannot return early. Fix that by introducing a loop that checks
the remaining time and sleep some more if the time has not passed;
that also solves the issue of limited sleeping time on some systems.
Signed-off-by: Eugene Syromiatnikov <esyr@redhat.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28193)
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28136)
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28136)
sashan [Mon, 4 Aug 2025 07:32:51 +0000 (09:32 +0200)]
- add --no-check-certificate option to wget, pointed out by @esyr
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28136)
the rpki-client external test should use relase version not a master branch on github
@botovq asked me not to use master branch of rpki-client. This will keep CI-run
green regardless of what happens in rpki-client active development branch.
Once new version of rpki-client will be released we will just update the
test here to fetch new msater version.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28136)
Neil Horman [Thu, 7 Aug 2025 13:50:58 +0000 (09:50 -0400)]
Fix failure checking on rcu_read_lock
during memfail testing:
https://github.com/openssl/openssl/actions/runs/16794088536/job/47561223902
We get lots of test failures in ossl_rcu_read_lock. This occurs
because we have a few cases in the read lock path that attempt mallocs,
which, if they fail, trigger an assert or a silent failure, which isn't
really appropriate. We should instead fail gracefully, by informing the
caller that the lock failed, like we do for CRYPTO_THREAD_read_lock.
Fortunately, these are all internal apis, so we can convert
ossl_rcu_read_lock to return an int indicating success/failure, and fail
gracefully during the test, rather than hitting an assert abort.
Fixes openssl/project#1315
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28195)
Neil Horman [Thu, 7 Aug 2025 13:16:11 +0000 (09:16 -0400)]
Fix failure checking on thread_local storage assignment in rand_lib
The new malloc failure test caught an asan error in this code:
Direct leak of 40 byte(s) in 1 object(s) allocated from:
2025-08-07T03:22:20.3655117Z #0 0x7fb88d8fd9c7 in malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69
2025-08-07T03:22:20.3655796Z #1 0x5584f0e4670a in CRYPTO_malloc crypto/mem.c:211
2025-08-07T03:22:20.3656291Z #2 0x5584f0e4679d in CRYPTO_zalloc crypto/mem.c:231
2025-08-07T03:22:20.3657040Z #3 0x5584f11c4c10 in EVP_RAND_CTX_new crypto/evp/evp_rand.c:353
2025-08-07T03:22:20.3657656Z #4 0x5584f0e93b27 in rand_new_drbg crypto/rand/rand_lib.c:666
2025-08-07T03:22:20.3658289Z #5 0x5584f0e949d0 in rand_get0_public crypto/rand/rand_lib.c:843
2025-08-07T03:22:20.3658914Z #6 0x5584f0e9305b in RAND_bytes_ex crypto/rand/rand_lib.c:490
2025-08-07T03:22:20.3659486Z #7 0x5584f0b2405f in SSL_CTX_new_ex ssl/ssl_lib.c:4191
2025-08-07T03:22:20.3660183Z #8 0x5584f0ae313c in create_ssl_ctx_pair test/helpers/ssltestlib.c:958
2025-08-07T03:22:20.3660871Z #9 0x5584f0adeaf6 in do_handshake test/handshake-memfail.c:56
2025-08-07T03:22:20.3661539Z #10 0x5584f0adee50 in test_alloc_failures test/handshake-memfail.c:125
2025-08-07T03:22:20.3662161Z #11 0x5584f0cd9da8 in run_tests test/testutil/driver.c:342
2025-08-07T03:22:20.3662664Z #12 0x5584f0cda9e5 in main test/testutil/main.c:31
2025-08-07T03:22:20.3663450Z #13 0x7fb88d42a1c9 (/lib/x86_64-linux-gnu/libc.so.6+0x2a1c9) (BuildId: 282c2c16e7b6600b0b22ea0c99010d2795752b5f)
2025-08-07T03:22:20.3664630Z #14 0x7fb88d42a28a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2a28a) (BuildId: 282c2c16e7b6600b0b22ea0c99010d2795752b5f)
2025-08-07T03:22:20.3666608Z #15 0x5584f0ade864 in _start (/home/runner/work/openssl/openssl/test/handshake-memfail+0x22a864) (BuildId: 19659a44d8bed2c082918d25425f77e3a98df534)
It occurs because when rand_get0_public/rand_get0_private sets an
EVP_RAND_CTX object in its thread local storage, it neglects to check
the return code of the operation, which may fail when the associated
sparse array is expanded.
fix it by checking the return code and failing the get0_[public|private]
operation so the failure is graceful.
Fixes openssl/project#1315
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28195)
OPENSSL_secure_malloc.pod: articulate possibly non-secure pointer being returned
The semantics of OPENSSL_secure_[mz]alloc is somewhat unorthodox,
as it silently return a pointer to non-secure memory if the arena
is not initialised, which, while mentioned in the DESCRIPTION, is not
clear from reading the pertaining part of the RETURNING VALUE section alone;
explicitly state that the memory may be allocated by OPENSSL_calloc instead
if the secure heap is not initialised.
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28059)
crypto/mem.c: don't use aligned_alloc in CRYPTO_aligned_alloc
The original C11 specification is pretty weird: it specifies that the size
must be a multiple of alignment (rendering it useless for small page-aligned
allocations that, for example, might be useful for RDMA) and until DR460[1]
it was UB in failing to do so (as it is with OPENSSL_ligned_alloc() calls
in alloc_new_neighborhood_list() on 32-bit systems, for example).
Moreover, it has arguably not been used much before, as all supported POSIX
systems have at least POSIX 2001 compatibility level nowadays,
Windows doesn't implement aligned_alloc() at all (because implementation
of free() in MS CRT is unable to handle aligned allocations[2]),
and _ISOC11_SOURCE is a glibc-specific feature test macro.
There are some *.inc already in the repository, mostly in demos/tests
and related to some algorithm implementations. Introduction
of array_alloc.inc has made including these files in the tags generation
even more pertinent, so they are included now.
Also, this commit explicitly marks *.h files as containing C code,
overriding universal-ctags default of interpreting them as C++/ObjectiveC
ones.
Suggested-by: Neil Horman <nhorman@openssl.org> Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28059)
Such routines allow alleviating the need to perform explicit integer
overflow check during allocation size calculation and generally make
the allocations more semantic (as they signify that a collection
of NUM items, each occupying SIZE bytes is being allocated), which paves
the road for additional correctness checks in the future.
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28059)
crypto/ec/ecp_nistp256.c: use OPENSSL_zalloc instead of malloc+memset
Complements: b51bce942023 "Add and use OPENSSL_zalloc" Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28059)
GAlvare [Fri, 2 May 2025 16:57:22 +0000 (11:57 -0500)]
Fixes for build failures on OS X 10.4 Tiger
Also added darwin8-ppc-cc and darwin8-ppc64-cc build configurations for
handling OS X 10.4 PowerPC specific configuration options, specifically
disabling async by default.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27578)
projects / thirdparty / openssl.git / log
