Daniel Van Geest [Mon, 23 Jun 2025 11:45:59 +0000 (12:45 +0100)]
decoders: Fix prioritization of decoders via property query
When a property query string was used, it was not being applied to decoders.
When multiple providers supporting the same algorithm were loaded, it was
undefined which provider would be used when decoding a key, even when a
propquery string was provided. This fix scores decoder instances based on
property query matching and selects the highest scored decoder instance when
building the decoder chain.
The fake_rsa test provider is updated to support basic encoding and decoding.
A test is added using the fake_rsa provider to ensure that property query
strings are respected when loading decoders.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27876)
Jakub Zelenka [Thu, 6 Feb 2025 18:07:28 +0000 (19:07 +0100)]
Introduce cms kekcipher option to select cipher for pwri
This is useful for AEAD ciphers where it is not possible to use AEAD
cipher (currently only AES GCM supported) for password recipient info
because the same cipher is used for encrypting the password and it is
not possible to store tag for this purpose so different cipher (e.g.
AES CBC) needs to be selected.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26871)
INDIA\kanagavels [Wed, 18 Jun 2025 13:12:54 +0000 (18:42 +0530)]
Fixes #27831: Decreased NAMEMAP_HT_BUCKETS to 512.
Decreased the NAMEMAP_HT_BUCKETS value to 512, to avoid memory
allocation fail issues.
CLA: Trivial
Signed-off-by: Kanagavel S <kanagavels@ami.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27850)
noctuelles [Thu, 29 May 2025 19:01:21 +0000 (21:01 +0200)]
fix: msg callback in dtls1_do_write that incorrectly shows message (like a certificate) that spans over multiple fragments.
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27811)
Christian Vögl [Thu, 26 Jun 2025 16:37:37 +0000 (18:37 +0200)]
Fix nullpointer dereference in OSSL_PARAM_merge
OSSL_PARAM_merge contained an error, where a nullpointer was
dereferenced when both parameter arrays ended with the same key
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27910)
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27895)
Ingo Franzki [Mon, 23 Jun 2025 11:42:08 +0000 (13:42 +0200)]
speed: Increase MAX_SIG_NUM and fix its usage in loopargs_t fields
Increase the maximum number of signature algorithms.
With the introduction of the SignMessage and VerifyMessage API with
OpenSSL 3.4 the providers that support combined digest and sign algorithms
register quite a lot more signature algorithms, so the current limit of
111 is hit easily.
While at it correct the definitions of the signature fields within the
loopargs_t structure to use MAX_SIG_NUM instead of MAX_KEM_NUM.
Closes: https://github.com/openssl/openssl/issues/27873 Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27878)
test/build.info: minimize use of static libcrypto.a and libssl.a
Fixes #27874
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/27881)
Pauli [Fri, 20 Jun 2025 02:37:56 +0000 (12:37 +1000)]
eddsa: convert to using struct based TRIE decoder for params processing
Also return correct param list for the variant settables.
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27859)
Pauli [Fri, 20 Jun 2025 02:37:29 +0000 (12:37 +1000)]
update build infrastructure to support generated eddsa_sig.c
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27859)
Pauli [Fri, 20 Jun 2025 02:17:22 +0000 (12:17 +1000)]
rename eddsa_sig.c for autogeneration
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27859)
Pauli [Fri, 20 Jun 2025 02:14:24 +0000 (12:14 +1000)]
eddsa: remove impossible parameters from gettable array
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27859)
Pauli [Fri, 20 Jun 2025 02:08:13 +0000 (12:08 +1000)]
digest: convert algorithm gettable parameters to use struct based TRIE decoding
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27859)
Pauli [Fri, 20 Jun 2025 02:08:08 +0000 (12:08 +1000)]
update build infrastructure for digestcommon.c.in
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27859)
Pauli [Fri, 20 Jun 2025 01:29:00 +0000 (11:29 +1000)]
mlx: use TRIE & struct based param decoding
Also fix two bugs with the properties parameter to the set_params call:
- the parameter wasn't listed in the settables table
- the parameter was ignored unless there was a public key present
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27859)
Pauli [Thu, 19 Jun 2025 05:08:17 +0000 (15:08 +1000)]
update build instructions for mlx key management
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27859)
Pauli [Thu, 19 Jun 2025 05:08:01 +0000 (15:08 +1000)]
rename mlx_kmgmt.c to mlx_kmgmt.c.in
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27859)
Pauli [Thu, 19 Jun 2025 03:45:14 +0000 (13:45 +1000)]
ml-dsa: use TRIE & struct based param name decoders
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27859)
Pauli [Thu, 19 Jun 2025 03:44:50 +0000 (13:44 +1000)]
build infrastructure updates for ml_dsa signatures
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27859)
Pauli [Thu, 19 Jun 2025 03:44:27 +0000 (13:44 +1000)]
rename ml_dsa_sig.c to ml_dsa_sig.c.in
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27859)
Pauli [Thu, 19 Jun 2025 01:40:46 +0000 (11:40 +1000)]
cipher: use table based param decoding for ciphers
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27859)
Pauli [Thu, 19 Jun 2025 01:40:16 +0000 (11:40 +1000)]
cipher: declare common OSSL_PARAM structures and helper functions
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27859)
Pauli [Thu, 19 Jun 2025 01:39:43 +0000 (11:39 +1000)]
paramnams: add new line to break long function declaration
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27859)
Pauli [Thu, 19 Jun 2025 00:07:40 +0000 (10:07 +1000)]
3des: remove redundant OSSL_PARAMs from settable list
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27859)
Richard Levitte [Fri, 20 Jun 2025 12:29:04 +0000 (14:29 +0200)]
Nit: macro parameters should always be parenthesised in expressions
Affected macros: ossl_likely and ossl_unlikely
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27862)
Neil Horman [Thu, 19 Jun 2025 16:38:41 +0000 (12:38 -0400)]
Fix exit code for s_time when -new command line switch specified
When operating with the -new switch in apps/openssl s_time, we neglect
to set the exit code properly, and so the app exits with a code of 1
rather than 0 as expected
Fixes #27856
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27857)
Neil Horman [Thu, 19 Jun 2025 13:52:07 +0000 (09:52 -0400)]
Clean up thread_local function names in initthread.c
The naming of the thread-local management functions in initthread.c is a
bit...much. init_manage_thread_local/init_fetch_clear_thread_local, etc
are better written as just manage_thread_local/clear_thread_local/etc.
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27794)
Neil Horman [Wed, 18 Jun 2025 15:16:47 +0000 (11:16 -0400)]
Refactor init_get_thread_local to be more understandable
We currently have a single function that does thread_local key
allocation/cleanup/fetching for our OSSL_init_thread_start/stop apis,
and its pretty confusing. Wrap it up in some helper functions to make
it more clear at the call sites what we're trying to do.
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27794)
Neil Horman [Wed, 18 Jun 2025 11:33:47 +0000 (07:33 -0400)]
Restore use of crypto_thread_default_context
This thread-local key isn't per thread*context, and is potentially in a
hot path for users of openssl that switch their default contexts
regularly, so lets leave it as an OS level key, rather than a library
managed key.
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27794)
Neil Horman [Tue, 17 Jun 2025 17:32:44 +0000 (13:32 -0400)]
Fix fips cleanup of master key
With the conversion to a fixed array, we can no longer just clean the
top level sparse array, as we don't enjoy the NULL check within the
sa_doall loop.
Add a NULL check in the fips cleanup routine to make up for this
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27794)
Neil Horman [Tue, 17 Jun 2025 15:49:54 +0000 (11:49 -0400)]
Allow for differentiating between default and NULL context
Allow for use of default context in the thread-local api by using
get_concrete
This creates a problem however in that get_concrete access a
thread-local api, creating a recursive call that exhausts stack space
So create a special context token that identifys the no context use case
when we want to store thread-local data without an explicit context
index
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27794)
Neil Horman [Tue, 17 Jun 2025 14:53:58 +0000 (10:53 -0400)]
Check setting of master key value
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27794)
Neil Horman [Tue, 17 Jun 2025 14:18:20 +0000 (10:18 -0400)]
reduce memory overhead of CTX_TABLE_ENTRY
We don't need to allocate entries for the ctx table. we can just make
it a sparse array of void* values, and set the thread-local data
directly. This saves on allocation and cleanup costs
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27794)
Neil Horman [Tue, 17 Jun 2025 12:52:23 +0000 (08:52 -0400)]
convert master_key to use a top level fixed array
Since we have a pre-defined list of keys, save some computation time
by just looking up by index rather than via a sparse array
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27794)
Neil Horman [Thu, 12 Jun 2025 17:17:34 +0000 (13:17 -0400)]
Move the async-job api to use the new thread-local api
Make the async-job api use our new thread-local storage api. Not
strictly needed, but reduces our OS level key usage
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27794)
Neil Horman [Thu, 12 Jun 2025 17:16:10 +0000 (13:16 -0400)]
Update ERR lib to use new thread-local storage api
Move the err lib to use the new thread-local storage api. This isn't
strictly needed, as each thread uses the same key for each context, but
it does reduce our Os level key count.
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27794)
Neil Horman [Thu, 12 Jun 2025 17:18:41 +0000 (13:18 -0400)]
Move thread-event handlers to the new thread-local api
Thread event handlers in the fips provider create a thread-local storage
key per context, meaning we can exhaust our thread-local space quickly
by creating lots of contexts. Avoid that by moving to the new
thread-local storage api.
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27794)
Neil Horman [Thu, 12 Jun 2025 17:14:47 +0000 (13:14 -0400)]
Adjust rand_lib to use new thread-local mgmt api
Rand instances create a thread-local storage key per context, so we need
to move them to the new api to avoid exhausting our thread-local storage
space at the Os level
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27794)
Neil Horman [Thu, 12 Jun 2025 17:12:14 +0000 (13:12 -0400)]
update RCU to use the new thread-local key mgmt api
RCU stores a per-thread local structure per context-thread, making it
necessecary to move them to the new api to avoid exhausting our OS level
thread-local storage resources when creating lots of contexts
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27794)
Neil Horman [Thu, 12 Jun 2025 17:09:56 +0000 (13:09 -0400)]
Add new CRYPTO_THREAD_[get|set]_local_ex api
As opposed to CRYPTO_THREAD_[get|set]_local counterparts
These api use an ennumerated set of fixed key ids, that allow for
thread-local storage indexed by key AND libctx value. They also store
this data against a single OS level thread-local key, reducing the
amount of (limited) thread-local key storage space we use
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27794)
noctuelles [Sun, 15 Jun 2025 09:57:00 +0000 (11:57 +0200)]
fix: difference between parameter name between doc and header file.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27828)
Neil Horman [Fri, 20 Jun 2025 14:22:10 +0000 (10:22 -0400)]
Fix buggy stringop-overflow error on s390
Despite some recent changes to our s390 builds, we're still seeing
errors due to some stringop-overflow warnings:
https://github.com/openssl/openssl/actions/runs/15748518222/job/44389197443
It appears to be caused because the static analysis that gcc preforms in
gcc 12 (the version of the compiler on our s390 runner), fails to infer
the proper sizes of the buffer on which we do the reverse memcpy in
swap_copy(), resulting in warnings, which on --strict-warnings builds,
breaks us.
Fix it by using inlen rather than outlen to limit the copy length,
adjusting it if need be to match the size of the output buffer in
le_copy(). This allows the compiler to properly infer the array length
constraints and suppress the warnings.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27864)
Sergey Kandaurov [Wed, 28 May 2025 17:58:26 +0000 (21:58 +0400)]
Preserve connection custom extensions in SSL_set_SSL_CTX()
The SSL_set_SSL_CTX() function is used to switch SSL contexts for
the given SSL object. If contexts differ, this includes updating
a cert structure with custom extensions from the new context. This
however overwrites connection custom extensions previously set on
top of inherited from the old context.
The fix is to preserve connection custom extensions using a newly
introduced flag SSL_EXT_FLAG_CONN in custom_ext_copy_conn().
Similar to custom_ext_copy(), it is a no-op if there are no custom
extensions to copy.
The only such consumer is ossl_quic_tls_configure() used to set the
"quic_transport_parameters" extension. Before this change, context
switch resulted in transport parameters not being sent due to the
missing extension.
Initially reported at https://github.com/nginx/nginx/issues/711
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27706)
Update pkeyutl documentation for PQC algorithms (Fixes #27415)
Add examples and documentation for using ML-DSA, ML-KEM, and SLH-DSA algorithms with pkeyutl. This includes information about the context-string option for ML-DSA and examples of encapsulation/decapsulation with ML-KEM.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27424)
Levi Zim [Wed, 16 Apr 2025 06:21:33 +0000 (14:21 +0800)]
Avoid potential double close of client_skt in sslecho
The server_running variable is declared as volatile and some comments in
the code are mentioning about implementing CTRL+C handler in the future.
In the client handling loop, the client_skt is closed at the end of the
loop if server_running is true. If (future) CTRL+C handler changes
server_running to false at this time. The next accept will not happen
and the exit clean up code will close client_skt for the second time.
This patch fixes this potential double close by setting client_skt back
to -1 after closing it.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27405)
Neil Horman [Mon, 16 Jun 2025 22:46:58 +0000 (18:46 -0400)]
Add a target to generate local coverage reports
Add a target to allow developers to generate coverage reports for a
build like coveralls does. This will let us identify rarely used
branches when doing development, so that we can optimize them.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27839)
Neil Horman [Mon, 16 Jun 2025 21:35:07 +0000 (17:35 -0400)]
Add branch coverage to our coveralls run
Coveralls is capable of reporting not only covered lines in a build, but
also the number of times a given branch was taken vs. not taken. This
will help us identify locations where we might make better use of the
openssl_likely and openssl_unlikely macros to optimize branch prediction
when building openssl
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27839)
Neil Horman [Mon, 16 Jun 2025 20:33:22 +0000 (16:33 -0400)]
Add pgo build type
One of the ways we can optimize our builds is with profile guided
optimization. This entails doing several things:
1) Building with --coverage
2) Running an application against the openssl library from step (1) to
generate profile data
3) rebuilding openssl using the input profile from step (2) to optimize
the build.
This new build configuration will let developers use the profiled data
to see what type of optimizations might be possible, as well as giving
end users the ability to squeeze a bit more performance out of openssl
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27839)
Tomas Mraz [Thu, 19 Jun 2025 08:59:10 +0000 (10:59 +0200)]
Add strlen to symbols allowed on Windows
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27854)
Ingo Franzki [Fri, 6 Jun 2025 09:19:57 +0000 (11:19 +0200)]
CI: Remove -Wno-stringop-overflow for s390x builds
Since https://github.com/openssl/openssl/commit/9a788281d91f698d6a229d588b9cb36987549669
it should now build warning-free on s390x, so remove the '-Wno-stringop-overflow'
build option for s390x builds.
If newly added code causes -Wstringop-overflow warnings again, it should
be noted in the CI runs and the newly added code should be fixed accordingly.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27803)
Viktor Dukhovni [Fri, 11 Apr 2025 14:35:57 +0000 (00:35 +1000)]
Report errors in ML-KEM pkey hash
When on import the public key hash of a private key fails to match the
public part, add an appropriate message to the error stack. Previously,
the just failed to parse, without a reason.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27352)
Jessica Clarke [Sat, 14 Jun 2025 21:53:40 +0000 (22:53 +0100)]
armv*-mont.pl: Correct a carry flag comment
On Arm, C is a true carry flag, unlike x86 where CF is a borrow flag for
subtraction. That is, for subtraction, it is set if Rn + ~Rm + 1 carries
in unsigned arithmetic, and so for subtracting 0, i.e. adding ~0 + 1, it
always sets the carry flag. Correct the comment to document what this is
actually doing.
CLA: trivial
Fixes: d1671f4f1a39 ("bn/asm/armv4-mont.pl: add NEON code path.") Fixes: 10646160125a ("Optimize RSA on armv8") Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27826)
sashan [Wed, 11 Jun 2025 06:23:38 +0000 (08:23 +0200)]
ossl_rio_poll_builder_add_fd(): Fixup pfds after reallocation
Local variable `pfds` used in `ossl_rio_poll_builder_add_fd()` must be consistent
with `rpb->pfd_heap`. The function maintains array of SSL objects for SSL_poll(3ossl).
It works with no issues until we need to reallocate `rbp->pfd_heap` in `rpb_ensure_alloc()`.
After `rpb_ensure_alloc()` returns we must update local variable `pfds` with `rpb->pfd_heap`
not doing so makes function to write to dead buffer.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27804)
JiashengJiang [Mon, 12 May 2025 13:59:02 +0000 (09:59 -0400)]
test/helpers/quictestlib.c: Use goto instead of return to avoid memory leak
When TEST_ptr(*cssl) fails, bdata should be freed to avoid memory leak.
Fixes: a55b689 ("Use reported short conn id len in qtestlib") Signed-off-by: JiashengJiang <jiasheng@purdue.edu> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27599)
Return an error when update or final is used after the context has
already been finalized. Flag 'iimp' (intermediate-input-message-part)
must be 1 to allow an update or final call. If iimp is 0, then the
context has already been finalized.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27781)
Bartel Artem [Wed, 11 Jun 2025 03:58:31 +0000 (06:58 +0300)]
return NULL if gctx allocation fails.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27795)
Bartel Artem [Tue, 10 Jun 2025 10:11:41 +0000 (13:11 +0300)]
check gctx for NULL before cleanup.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27795)
Matt Caswell [Wed, 11 Jun 2025 08:50:16 +0000 (09:50 +0100)]
Allow our *_gen_cleanup functions to tolerate a NULL ctx
Our *_gen_cleanup functions are essentially "free" functions. Our
free functions tolerate NULL being passed. We are being inconsistent with
our *_gen_cleanup functions. Some of them tolerate NULL and others do not.
We should consistently tolerate NULL.
See also #27795
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27807)
sashan [Tue, 3 Jun 2025 13:12:48 +0000 (15:12 +0200)]
Document transition from ANSI-C towards C-99
The existing NOTES-ANSI.md are renamed to NOTES-C99.md and updated
accordingly. INSTALL.md lists C-99 compiler instead of ANSI-C now.
Also moving from ANSI-C to C-99 warrants updates to NEWS.md and
CHANGES.md.
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/27751)
Ingo Franzki [Wed, 28 May 2025 06:55:49 +0000 (08:55 +0200)]
Silence -Wstringop-overflow warnings with gcc 14 on s390x
Compiling OpenSSL on s390x with gcc 14 (i.e. in Fedora 41) shows several
-Wstringop-overflow warnings in providers/implementations/rands/drbg_ctr.c
and test/params_api_test.c.
Add explicit length checks to let the compiler know that it won't overrun
the buffer. This also silences the warnings.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27710)
Viktor Dukhovni [Tue, 13 May 2025 15:23:25 +0000 (01:23 +1000)]
Allow keygen after dup of minimal PKEY ctx
It should be possible to repeatedly duplicate a PKEY CTX created via
EVP_PKEY_CTX_new_from_name() that has not yet been assigned an
"operation" (e.g. via EVP_PKEY_CTX_keygen_init()), and then perform
keygen_init() and keygen() on the duplicated copies.
When the operation is not yet set, all that's needed is to not try to
use the key if one isn't set yet.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27662)
Daniel Van Geest [Fri, 28 Mar 2025 10:40:32 +0000 (10:40 +0000)]
Fix SHAKE AlgorithmIdentifier encodings
NIST CSOR specifies that the id-shake128 and id-shake256
algorithm identifiers, like the SHA-3 ones, do not carry
any parameters.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27190)
yexiaochuan [Sat, 31 May 2025 09:47:58 +0000 (17:47 +0800)]
fix: add parsing check in TLS compress_certificate extension handler
The tls_parse_compress_certificate function was missing validation
for trailing bytes after parsing the algorithm list, violating
RFC8446 section 4.2 which requires sending a decode_error alert
for unparseable messages.
This commit adds a check for remaining bytes in the packet after
the while loop and sends SSL_AD_DECODE_ERROR if any trailing
bytes are found.
Fixes #27717
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27733)
crypto/evp/ctrl_params_translate.c: prevent clashes of generic names NONE, GET, SET
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27773)
projects / thirdparty / openssl.git / log
