George Wilson [Thu, 16 Oct 2025 15:41:26 +0000 (10:41 -0500)]
doc/man3: Add OPENSSL_ppccap.pod
This patch adds a man page documenting the OPENSSL_ppccap environment
variable that is analogous to capability environment variable man pages
for other architectures.
Fixes #17046
Signed-off-by: George Wilson <gcwilson@linux.ibm.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29230)
Joshua Rogers [Sat, 11 Oct 2025 22:19:29 +0000 (06:19 +0800)]
dtls: fix DTLSv1_listen msg_callback to report HelloVerifyRequest
DTLSv1_listen built the HelloVerifyRequest in wbuf but invoked
msg_callback with buf and DTLS1_RT_HEADER_LENGTH, and version 0.
That caused incorrect logging and could disclose the ClientHello
to write callbacks. Use wbuf and the actual record version for the
record header, and add a second callback that reports the handshake
message bytes. No change to on-wire behavior.
Signed-off-by: Joshua Rogers <MegaManSec@users.noreply.github.com> Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28916)
Joshua Rogers [Sat, 11 Oct 2025 06:19:28 +0000 (14:19 +0800)]
ktls_read_record(): Harden linux recv path
- drop tag subtraction in recv buffer sizing
- enforce MSG_EOR and reject MSG_CTRUNC
- zero prepended header bytes before recvmsg
Signed-off-by: Joshua Rogers <MegaManSec@users.noreply.github.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28861)
Carter Thaxton [Thu, 9 Oct 2025 02:20:25 +0000 (19:20 -0700)]
Fix regression when X509_V_FLAG_CRL_CHECK_ALL is set, while X509_V_FLAG_CRL_CHECK is clear
Fixes #28758
When X509_V_FLAG_CRL_CHECK is not set, the man pages document that X509_V_FLAG_CRL_CHECK_ALL is ignored.
Prior to 3.6.0, this was indeed the case.
In 3.6.0, the behavior changed, and setting X509_V_FLAG_CRL_CHECK_ALL began to imply X509_V_FLAG_CRL_CHECK.
This unfortunately breaks the majority of ruby installations, which relied on the documented behavior.
For consistency, this commit applies the same logic to the new X509_V_FLAG_OCSP_RESP_CHECK and X509_V_FLAG_OCSP_RESP_CHECK_ALL flags,
which are still undocumented as of 3.6.0.
All existing tests continue to pass. They also make the assumption that the xxx_CHECK_ALL flags are irrelevant unless xxx_CHECK is set.
We could add a new test for this regression. I'll leave that to another commit.
CLA: trivial
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28797)
Dmitry Misharov [Tue, 9 Dec 2025 16:39:14 +0000 (17:39 +0100)]
run codespell pre-commit hook on staged files only
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29360)
Neil Horman [Mon, 8 Dec 2025 18:22:05 +0000 (13:22 -0500)]
Only write to pdays/psecs if they are not null
We have a few cases in which one of the paramters passed to
ASN1_TIME_diff is null (i.e. the caller doesn't care about the psec
differnce and so passes NULL as that pointer parameter).
However, OPENSSL_gmtime_diff assumes both pointers are valid, and so
writes to them unilaterally resulting in a crash as observed here:
https://github.com/openssl/openssl/pull/29333#issuecomment-3628103959
Check the pointers before writing to them.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Norbert Pocs <norbertp@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29337)
Matt Caswell [Tue, 9 Dec 2025 12:22:02 +0000 (12:22 +0000)]
Fix array formatting in evp_extra_test.c
The reformat did something silly with some of the arrays in evp_extra_test.c
Fix the arrays such that clang-format is still happy.
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29349)
Bob Beck [Tue, 9 Dec 2025 14:01:47 +0000 (07:01 -0700)]
Disable clang-format around this macro
clang-format sensibly thinks this is an arithmatic operation,
and formats the math. Sadly it does not know we eventually
stringify this behind several other layers of nested macros
and so putting spaces in here is bad.
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29350)
Bob Beck [Tue, 9 Dec 2025 07:08:07 +0000 (00:08 -0700)]
4.0-POST-CLANG-FORMAT-WEBKIT
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29242)
Bob Beck [Tue, 9 Dec 2025 07:05:43 +0000 (00:05 -0700)]
4.0-PRE-CLANG-FORMAT-WEBKIT
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29242)
Resolves: https://scan5.scan.coverity.com/#/project-view/65138/10222?selectedIssue=1675327 Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29317)
Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29286)
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29306)
Neil Horman [Wed, 3 Dec 2025 19:36:54 +0000 (14:36 -0500)]
Make find-doc-nits compatible accross git versions
We recently found that the addition of a git config command in
util/find-doc-nits is broken in some cases, sepecifically because git
around version 2.46 broke command line compatibility, replacing the
--regexp option with the --get-regexp option. So to maintain usage of
this specific command to parse the .gitconfig file, we would need to do
some extra version detection to construct the proper command line.
However, find-doc-nits already has a fallback condition, which does some
pure perl parsing of the gitconfig file, which works perfectly well.
Instead of trying to do version matching to construct the right form of
the git config command line, just remove it all, and rely on the perl
parrse to do this work for us, which works currently in all cases.
Fixes #29197
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29304)
Viktor Dukhovni [Wed, 3 Dec 2025 04:24:46 +0000 (15:24 +1100)]
Clarify/fix encoder/decoder context docs and code
In was premature to make OSSL_(EN|DE)CODER_CTX_[sg]et_finalized() be
public interfaces. Forunately, these have not yet appeared outside the
"master" branch, so we can still retract them.
Also, in the case of decoders, the implementation failed to take into
account that the context was duplicated before it was returned to the
user, and the duplicated copy failed to copy the "finalized" field.
This commit also renames "finalized" to "frozen", because
finalisation is a misleading term in this context, it suggests
resource reclamation during garbage collection or deallocation,
not marking a structure partly immutable.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29206)
Viktor Dukhovni [Mon, 24 Nov 2025 13:37:49 +0000 (00:37 +1100)]
Per-key encoding formats for ML-KEM and ML-DSA
We support selection of ML-KEM and ML-DSA key formats on input and
output at the provider level, these are essentially global defaults,
in effect for the lifetime of the process.
Unfortunately, the JAVA interface in openssl-jostle needs to be able to
output a specific key in seed-only form. To that end, this PR
introduces a new "output-formats" PKEY encoding parameter, that can be used
with OSSL_ENCODER_CTX_set_params(3) when encoding a key to PKCS#8, after
using OSSL_ENCODER_CTX_new_for_key(3), rather than i2d_PrivateKey(3),
i2d_PKCS8PrivateKey(3) or PEM equivalents.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29206)
In a hypothetical scenario that jent_entropy_init_ex fails, or if
get_jitter_random-value fails, there are a few unexpected
posibilities.
If jent_entropy_init_ex fails, the seed initialisation may return NULL
and then DRBG will be initiated with NULL seed, which will
automatically fallback to os-seed, which will escape module boundary
(if this jitter rng is from the fips module), and call getrandom
syscall.
And separately if get_jitter_random_value fails, it may put DRBG in an
error state, but it might not put the FIPS module in error state, like
it should as per the ISO standard.
To instrument these things, I had to create tampered
jitterentropy-library that always returns errors for init_ex and
read_entropy apis, and then use gdb tracing on both libcrypto.so and
fips.so.
The most minimal solution to above hypothetical error code paths, is
to simply call ossl_set_error_state. It is either harmless, or in case
of fips-jitter will correctly put the FIPS module into error state and
prevent any further operation; and cruitially prevent silent fallback
to getrandom syscall.
Note it is unlikely that this ever was out of compliance, as often
enough getrandom syscall goes to a kernel with validated entropy
source; and openssl fips module still did reject sampling which is too
entropy source compliant.
Nonetheless it is good to fix this hypothetical error path, and
backport this to 3.5 and up.
This is similar / additional fixes, to this previous change:
- https://github.com/openssl/openssl/pull/25957
- https://github.com/openssl/openssl/commit/b9886a6f3483e0525596d3b3956416282038da82
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29226)
Norbert Pocs [Thu, 13 Nov 2025 14:53:28 +0000 (15:53 +0100)]
apps: Remove opt_legacy_okay function
The function used to check for ENGINEs to determine if a legacy code
path is available, but it makes no sense to keep it after the ENGINE
removal, as the legacy path will always fail.
Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29305)
Norbert Pocs [Fri, 21 Nov 2025 13:04:20 +0000 (14:04 +0100)]
Remove OPENSSL_INIT_ENGINE_* definitions
Keeping OPENSSL_INIT_ENGINE_ALL_BUILTIN to be defined always to zero as
it might be the most used one outside of the library, meanwhile keeping
the others undefined unless OPENSSL_ENGINE_STUBS is defined.
Neil Horman [Thu, 11 Sep 2025 20:09:56 +0000 (16:09 -0400)]
remove dasync engine test from test_rand
We're removing the engine, so we don't need to test this anymore.
NOTE: This also removes the engine skip check from the test, and this
breaks testing until such time as PR #28461 is merged (which replaces
the remaining engine test with a provider).
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Norbert Pocs <norbertp@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29305)
Neil Horman [Thu, 11 Sep 2025 19:39:44 +0000 (15:39 -0400)]
remove afalg tests
We have a specific test suite that exercizes the afalg engine, that is
becoming useless with engine removal.
I had considered that we should perhaps convert this into a provider,
but having looked at the engine itself, it only offers implementations
for AES-128, AES-192 and AES-256. Given that the default provider
offers these algorithms with hardware acceleration via the aesni
instruction set (or comparable instructions on non-x86 arches), it seems
like the only advantage the afalg engine offers is acceleration of these
ciphers on platforms that have off-cpu accelerators and no cpu based
acceleration support.
given that:
a) Most cpus have instruction based acceleration
b) We don't test with any platforms that use external accelerators
It seems like alot of investment to get no real advantage, so just
remove the test, allowing us to delete the engine entirely in another
PR.
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Norbert Pocs <norbertp@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29305)
Neil Horman [Thu, 11 Sep 2025 19:19:45 +0000 (15:19 -0400)]
Remove dasync engine from sslapitest and sslbuffertest
With the impending engine removal, we don't have a need to test engine
functionality in these tests anymore, so remove the test cases that make
use of the dasync engine here.
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Norbert Pocs <norbertp@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29305)
Most of the ifdefs were removed, but we want to rewrite the dasync
engine to a provider. Therefore that code was not removed; instead a new
temporary macro was added named TODO_REWRITE_ME_DASYNC_PROVIDER.
projects / thirdparty / openssl.git / log
