Tomas Mraz [Sat, 20 Sep 2025 14:45:50 +0000 (16:45 +0200)]
tls_common.c: Handle inner content type properly on Big Endian
When passing the inner content type to msg_callback,
the lowest byte of rec->type needs to be passed instead
of directly passing the rec->type otherwise the value is
incorrect on Big Endian platforms.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28627)
Viktor Dukhovni [Mon, 22 Sep 2025 05:02:28 +0000 (15:02 +1000)]
Added test suggested by Shane Lontis
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/28624)
Viktor Dukhovni [Sat, 20 Sep 2025 04:02:52 +0000 (14:02 +1000)]
Harden property put_str() helper corner case
The put_str() helper of the internal ossl_property_list_to_string()
function failed to correctly check the remaining buffer length in a
corner case in which a property name or string value needs quoting,
and exactly one byte of unused space remained in the output buffer.
The only potentially affected calling code is conditionally compiled
(disabled by default) provider "QUERY" tracing that is executed only
when also requested at runtime. An initial fragment of the property
list encoding would need to use up exactly 511 bytes, leaving just 1
byte for the next string which requires quoting. Bug reported by
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/28624)
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/28602)
Richard Levitte [Thu, 18 Sep 2025 05:14:13 +0000 (07:14 +0200)]
Fix OPENSSL_VERSION_NUMBER to always have zero status bits
The documentation suggested that they were always zero, while the
implementation in <openssl/opensslv.h> suggested that it could be
0xf in OpenSSL releases... which (almost) never happened because
of a bug in said implementation.
Therefore, we solidify that the status bits are indeed always zero,
at least in all OpenSSL 3 versions.
Ryan Hooper [Fri, 19 Sep 2025 15:33:09 +0000 (11:33 -0400)]
Fix CI Pipeline by Disabling SSL_TRACE_TEST
Disabling the SSL_TRACE_TEST since it caused an issue on
some cross compiles. A follow-on commit will change
the test.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28621)
this adds another release/acquire link between update_qp and
get_hold_current_qp via the reader_idx because the current
one which is based on the qp users count is only preventing
a race condition, but does not help when the reader acquires
the next qp.
Fixes #27267
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28585)
Viktor Dukhovni [Tue, 16 Sep 2025 12:40:32 +0000 (22:40 +1000)]
Fix ML-KEM key equality check when either unset
Fixes #28563
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28569)
Revert "rsa: expose pairwise consistency test API"
This reverts commit dc5cd6f70a0e "rsa: expose pairwise consistency test API",
that has introduced ossl_rsa_key_pairwise_test() function, as the only user
has been removed in 7f7f75816f26 "import pct: remove import PCTs for most
algorithms".
Complements: 7f7f75816f26 "import pct: remove import PCTs for most algorithms" Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28557)
The cipher protocol ID, the return type of SSL_CIPHER_get_protocol_id,
is uint16_t and correctly described in docs to be 2 bytes, however the
function signature on the same page incorrectly pointed to it being
uint32_t, which is 4 bytes.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28523)
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28393)
providers/implementations/keymgmt/ecx_kmgmt.c.in: remove PCT on ECX import
While PCT on import has been removed for DH, EC, RSA, and SLH-DSA,
ECX seems to be overlooked. Correct that omission.
Complements: 7f7f75816f26 "import pct: remove import PCTs for most algorithms" Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28573)
25-test_verify.t: fix partly case-sensitive matching for Windows OS: s/MsWin32/MSWin32/
Fixes #27984
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28098)
Neil Horman [Sun, 14 Sep 2025 17:13:00 +0000 (13:13 -0400)]
Enable LMS on provider compat fips build for 3.6
The LMS test for fips assumes that LMS is available in the provider in
any version equal to or later than 3.6.
We should probably augment the test such that instead of just checking
the openssl version, we instead query the provider to see if the needed
algs are available to use LMS.
But given the current state of affairs, it seems more sensible to just
enable lms in the 3.6 fips provider build to ensure lms gets tested.
Fixes openssl/project#1435
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/28541)
Viktor Dukhovni [Sat, 13 Sep 2025 02:52:42 +0000 (12:52 +1000)]
Test failure of rsa_encrypt when buffer too short
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28517)
Viktor Dukhovni [Thu, 11 Sep 2025 08:50:44 +0000 (18:50 +1000)]
Harden RSA public encrypt
Check the that the indicated output buffer length is large enough.
Fix EVP_SealInit() to initialise the output buffer length to the RSA
modulus length, not the input KEK length.
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28517)
Neil Horman [Thu, 11 Sep 2025 12:40:14 +0000 (08:40 -0400)]
Update our CI jobs to cover the 3.6 stable branch
The coveralls, prov-compat and provider-compatibiity CI jobs test each
of the stable branches. We need to add 3.6 to the list in each of those
tests
Fixes openssl/project#1424
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28519)
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28521)
crypto/bio/bio_print.c: improve handling of unreasonably large widths/precisions
As fmt*() routines try to loop all the way up to pad sizes calculated
based on the user-provided width and precision specification,
it is relatively simple to trigger billions of loop iterations
by providing appropriate width and precision specification, even
if printing is done in a statically-sized buffer. Avoid those
by introducing a helper eob_ok() function, that allows short-circuiting
those loops.
Resolves: https://github.com/openssl/openssl/issues/28416 Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28502)
crypto/bio/bio_print.c: avoid signed int overflow in desc->pos in doapr_outch
While highly improbable, a signed integer overflow can be triggered
by incrementing desc->pos LLONG_MAX + 1 times.
Fixes: 228ef5f54727 "crypto/bio/bio_print.c: make %n in line with other libc implementations" Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28502)
crypto/bio/bio_print.c: avoid signed int overow in padlen calculation in fmtstr
In a highly unlikely situation of str being longer than INT_MAX,
a signed integer overflow in padlen calculation can be triggered.
Avoid it by reworking the check for the need of padlen calculation.
Fixes: 230c691a5218 "Fix fmtstr for BIO_printf() et al" Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28502)
OSSL_CALLBACK.pod: add missing info on required return values of callback functions
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28474)
Jakub Jelen [Tue, 9 Sep 2025 16:10:30 +0000 (18:10 +0200)]
doc: Add missing commas
CLA: trivial Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28493)
Add one more trace message to the torture_rcu_high test
It is interesting that in the very rare cases, where this
test failure has been observed so far, the rcu torture value
went always backwards to 0. This could be either due to
ossl_rcu_deref(&writer_ptr) returning NULL, or the initial
value of "new = CRYPTO_zalloc(sizeof(uint64_t), NULL, 0)"
still visible despite ossl_rcu_assign_ptr(&writer_ptr, &new)
immediatley after the "*new = global_ctr++" statement.
Add one additional trace message to find out what exactly
happens here, when it happens again.
Additionally, we do no longer initialize the new value to
zero but something else, so it can also be detected.
Related to #27267
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28487)
In some cases this information is necessary on the provider side
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28486)
doc/man3/RAND_load_file.pod: RAND_load_file on non-regular files with bytes=-1
Mention that RAND_load_file attempts to read only RAND_DRBG_STRENGTH
bytes on non-regular files if the number of bytes to be read
is not specified explicitly.
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28379)
crypto/rand/randfile.c: avoid signed integer overflow in RAND_load_file
If a file supplied to RAND_load_file is too big (more than INT_MAX bytes),
it is possible to trigger a signer integer overflow during ret calculation.
Avoid it by returning early when we are about to hit it on the next
iteration.
Reported-by: Liu-Ermeng <liuermeng2@huawei.com>
Resolves: https://github.com/openssl/openssl/issues/28375 Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28379)
util/find-doc-nits: do not check files in submodules in check_env_vars
The reports about undocumented environment variables coming from files
in submodules are superfluous; get the list of directories
from .gitmodules and exclude them from processing.
Resolves: https://github.com/openssl/openssl/issues/28109 Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28378)
Enji Cooper [Fri, 5 Sep 2025 03:22:00 +0000 (20:22 -0700)]
Make the Unix build process more repeatable
Before this change all manpages would contain the date when pod2man was
run. This resulted in outputs that differed between builds--or
potentially across a single build if the host clock "ticked" to the next
day when the build was being run.
This commit modifies the manpage generation process as follows:
- The date all manpages were generated will be normalized to a single
date.
- The release date specified in `VERSION.dat` is used instead of the
date/time when `pod2man` was executed OR--in the event a date isn't
specified in `VERSION.dat`--the time when the Makefiles were last
regenerated.
Embedding a consistent date into the generated manpages helps ensure that
the build process as a whole is more repeatable and helps ensure that
release versions of OpenSSL create artifacts consistent with the date
that the official release was cut.
Co-authored-by: Richard Levitte <levitte@openssl.org> Signed-off-by: Enji Cooper <yaneurabeya@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28449)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28422)
David Benjamin [Sun, 31 Aug 2025 22:09:52 +0000 (18:09 -0400)]
Add a helper function to delete the extension list
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28398)
Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
This means that a present but empty extensions list is actually invalid.
Rather, if you have no extensions to encode, you are meant to omit the
list altogether. Fix the delete_ext functions to handle this correctly.
This would mostly be moot, as an application adding extensions only to
delete them all would be unusual. However, #13658 implemented a slightly
roundabout design where, to omit SKID/AKID, the library first puts them
in and then the command-line tool detects some placeholder values and
deletes the extension again.
Fixes #28397
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28398)
Viperinius [Sun, 31 Aug 2025 16:09:11 +0000 (16:09 +0000)]
Fix typo in BN_generate_prime docs
CLA: trivial
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28395)
Norbert Pocs [Wed, 27 Aug 2025 13:45:45 +0000 (15:45 +0200)]
docs: Be case specific with links to man headers
Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28356)
openssl-machine [Tue, 25 Mar 2025 15:01:21 +0000 (15:01 +0000)]
Pick libcrypto.num/libssl.num number assignments from 3.5
This commit is a partial forward-port of the commit e5386cd2d71b
"make update" from the openssl-3.5 branch, that contains the assignments
of the ordinal function numbers for the module definition file of the libcrypto
and libssl Windows DLLs for the functions introduced in OpenSSL 3.5.
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28380)
Pauli [Thu, 4 Sep 2025 21:24:19 +0000 (07:24 +1000)]
slh-dsa: omit test of import PCT
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/28447)
Pauli [Thu, 4 Sep 2025 21:23:28 +0000 (07:23 +1000)]
import pct: remove import PCTs for most algorithms
This coveres DH, EC, RSA and SLH-DSA.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/28447)
Only unlock in rsa_get_blinding when locking was successful
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28438)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28437)
slontis [Fri, 29 Aug 2025 04:11:59 +0000 (14:11 +1000)]
FIPS: Don't allow SHA512-224 and SHA512-256 for ECDSA/DSA signatures
These algorithms do not have OIDS (Note that RSA does have OIDS),
and are not valid values for FIPS.
Note that this was only possible if the "ECDSA" algorithm is fetched.
Note that "ECDSA-SHA512-256" and "ECDSA-SHA512-224" are not currently
fetchable.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28377)
Pauli [Sun, 31 Aug 2025 07:21:42 +0000 (17:21 +1000)]
slh-dsa: enter FIPS error state if pairwise test fails
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28394)
Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28403)
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28369)
Simo Sorce [Fri, 10 Jan 2025 22:20:59 +0000 (17:20 -0500)]
Implement EVP_KDF_CTX_set_SKEY
This allows to use a SKEY as input to a KDF derive operation.
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28369)
Signed-off-by: Dmitry Belyavskiy <beldmit@gmail.com> Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28369)
Signed-off-by: Dmitry Belyavskiy <beldmit@gmail.com> Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28369)
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28369)
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28369)
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28369)
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28369)
Design document of using opaque object as symmetric key
Signed-off-by: Dmitry Belyavskiy <beldmit@gmail.com> Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28369)
Leonabcd123 [Thu, 28 Aug 2025 08:46:13 +0000 (11:46 +0300)]
Fix typos and whitespace
Added "the" before "use"
Add missing whitespace
Removed unnecessary apostrophe in FIPS.md
CLA: trivial
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28362)
test/bioprinttest.c: move the %n result to the field that is later checked
The test_n test implicitly assumed a certain union layout, as the %n was
writing to the union field in accordance with the length modifier being
tested, but comparison of the expected value was dan agains the val field,
and that is incorrect, especially on big-endian architectures. Fix that
by explicitly assigning the result to the val field of the union and
updating the expected values where the resulting value overflows
into negative.
Fixes: 9deaf8383338 "test/bioprinttest.c: add some checks for integer and string printing" Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28388)
test/bioprinttest.c: fix sloppy length modifier usage in int_data
Some test vectors used in int_data have mismatching (or, more
spercifically) missing length modifiers in conversion specifiers;
most of the time it has gone unnoticed, but on some architectures where
64-bit arguments supplied differently (sugh as mips and armv7) it led
to garbage being retrieved instead of the expected values. Fix it
by properly providing proper length modifiers.
Fixes: 9deaf8383338 "test/bioprinttest.c: add some checks for integer and string printing" Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28388)
Pauli [Thu, 14 Aug 2025 04:57:19 +0000 (14:57 +1000)]
slh-dsa: add a PCT for key import when in FIPS mode
Fixes #28182
Co-Authored-By: slontis <shane.lontis@oracle.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28276)
crypto/bio/bio_print.c: improve the precision handling in fmtint
Per [1]:
* A negative precision is taken as if the precision were omitted.
* The default precision is 1.
* For d, i, o, u, x, and X conversion specifiers, if a precision
is specified, the '0' flag shall be ignored.
crypto/bio/bio_print.c: bring back the length modifier support for %n
For some reason, it has been removed in commit 15b337fa58ba "bio/b_print.c:
switch to int64_t as "greatest-width integer type".", despite being a part
of the standard in both ANSI C and POSIX.1-2001. Bring it back for all
the supported length modifiers.
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28177)
crypto/bio/bio_print.c: make %n in line with other libc implementations
The standard[1] is pretty vague in its definition of the %n specifier
by using "the number of bytes written to the output so far", without
actually elaborating, whether only the actually written bytes, or the bytes
that would be written (but discarded) are used; the consensus across
implementations, however, seems to gravitate towards the latter. Track
the virtual "write position" separately and use its value when %n format
is occurred. That also means that we cannot finish the output early
upon reach of the end of buffer (unless we made sure that no %n specifiers
occur in the remainder of the format string).
crypto/bio/bio_print.c: always terminate output with \0
Man page states that the result is terminated with \0 on error, however,
when the jump to the "out" label is performed in _dopr, writing out \0
is skipped. Rearrange the end of the routine to make the "out" part
include the overflow calculation and the final \0 writing.
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28177)
crypto/bio/bio_print.c: consolidating print arguments in a structure
buffer/sbuffer/maxlen/currlen are passed together between _dopr, fmt*,
and doapr_outch; consolidate them together in a structure and pass
it instead. A preparatory commit before introducing a separate "write
position" parameter, that is also to be passed around.
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28177)
crypto/bio/bio_print.c: no prefix for zero value in alternative form
Per [1] (emphasis is added):
- For o conversion, it shall increase the precision,
**if and only if necessary**, to force the first digit of the result
to be a zero (**if the value and precision are both 0,
a single 0 is printed**).
- For x or X conversion specifiers, a **non-zero** result shall have
0x (or 0X) prefixed to it.
projects / thirdparty / openssl.git / log
