Michael Baentsch [Tue, 29 Jul 2025 10:32:00 +0000 (12:32 +0200)]
Remove unnecessary OPENSSL_NO_RSA remnants
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28113)
Michael Baentsch [Mon, 28 Jul 2025 04:52:49 +0000 (06:52 +0200)]
fuzz/dtlsserver.c: Remove incorrect ifdef guard
Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28102)
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28105)
Only report generic error if provider did not put an error on the error queue
Commit 72351b0d18078170af270418b2d5e9fc579cb1af added code to unconditionally
put a generic error onto the error stack, if key generation, encryption,
decryption, sign, or verify fails to ensure that there is an error entry
on the error queue, even if the provider did not itself put a specific error
onto the queue.
However, this can hide error details if an application just looks at the very
last error entry and checks for specific errors. Now, the generic error is
always the last entry, and the application won't find the expected error
entry, although it would be there as second last entry. This can lead to
different application behavior in error situations than before this change.
To fix this, only add the generic error entry if the provider did not itself
add an error entry onto the queue. That way, there always is an error on the
error queue in case of a failure, but no behavior change in case the provider
emitted the error entry itself.
Closes: https://github.com/openssl/openssl/issues/27992 Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28073)
Make ERR_count_to_mark() available to providers via 'in' dispatch array
Functions like ERR_set_mark(), ERR_clear_last_mark(), and ERR_pop_to_mark()
are already passed to the a provider via the 'in' dispatch array of the
provider initialization function (although the documentation did not
mention them).
Also pass ERR_count_to_mark() to the provider the same way, and update
the documentation to mention all four functions.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28073)
The commit "Remove HARNESS_OSSL_PREFIX manipulation in the test harness"
forced all the output to be processed by the test harness, which means
that any process that keeps the stdout FD open prevents the run() call
from finishing, as was the case in the test_external_cf_quiche test that
ran quiche server in the background, but retaining the std{in,out,err}
descriptors. Avoid that by explicitly redirecting them to a log file.
Reported-by: Tomas Mraz <tomas@openssl.org> Fixes: 70c05fcde53cf "Remove HARNESS_OSSL_PREFIX manipulation in the test harness" Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28125)
Also add support for ML-KEM in CMS (draft-ietf-lamps-cms-kyber).
Add the -recip_kdf and -recip_ukm parameters to `openssl cms -encrypt`
to allow the user to specify the KDF algorithm and optional user
keying material for each recipient.
A provider may indicate which RecipientInfo type is supported
for a key, otherwise CMS will try to figure it out itself. A
provider may also indicate which KDF to use in KEMRecipientInfo
if the user hasn't specified one.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27681)
Anton Moryakov [Fri, 25 Jul 2025 12:43:15 +0000 (15:43 +0300)]
crypto: evp: fix potential null pointer dereference in EVP_DigestSignUpdate in m_sigver.c
Static analysis detected that EVP_DigestSign() could lead to null pointer
dereference in EVP_DigestSignUpdate() when pctx->pmeth is NULL. The issue
occurs in the legacy code path where pmeth is accessed without prior null
check.
This fix adds a proper null check for pctx->pmeth in the legacy section
of EVP_DigestSignUpdate() to prevent the crash when the function is called
through EVP_DigestSign() with improperly initialized context.
The check is placed in EVP_DigestSignUpdate() rather than EVP_DigestSign()
to maintain proper separation of concerns and follow OpenSSL's architectural
patterns where lower-level functions handle their own parameter validation.
Fixes potential crash in signature operations with legacy providers.
CLA: trivial Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28095)
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28101)
Neil Horman [Sat, 26 Jul 2025 13:28:01 +0000 (09:28 -0400)]
Set *sk_resp to NULL when freeing.
Its possible for get_ocsp_resp_from_responder to return OK after having
freed *sk_resp without setting the freed pointer to NULL, leading us to
set a garbage pointer in other code.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28101)
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28101)
Neil Horman [Mon, 14 Jul 2025 13:12:17 +0000 (09:12 -0400)]
reduce lock contention when adding objects to ADDED_OBJ hash table
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28081)
Neil Horman [Sun, 13 Jul 2025 12:51:41 +0000 (08:51 -0400)]
move added creation to happen outside of write lock
We have a global ADDED_OBJ hashtable, and we check to create it
on every object add with the write lock potentially held. move that
creation to a RUN_ONCE routine so that its always created before the
write lock is held
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28081)
Check the code (source files and .in files) for undocumented ENV
variable names. The variable name should be documented in openssl-env or
in a designated man page in the "ENVIRONMENT" section.
Fixes: ee0bf38e8709 "improve and move text on OPENSSL_TRACE from doc/man1/openssl.pod to doc/man7/openssl-env.pod" Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28025)
It seems that its usage has been changed since the initial mention
in 6d594fdf52c4 "OSSL_trace_set_channel.pod and openssl.pod:
fix missing/inconsistent category items".
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28025)
The manual page describes not only environment variables that pertain
the library, but some of the applications as well (OPENSSL,
OPENSSL_CONFIG, and TSGET are possible examples). Also, the effect
of the variables is not limited to the changes in default paths.
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28025)
Sort HTTP_PROXY, HTTPS_PROXY, and NO_PROXY in lexicographical order, add
mentions of the lowercase variants of the variables (as they are already
mentioned in OSSL_HTTP_parse_url(3)), in the same order, despite
it is not a lexicographical one, do minimise confusion.
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28025)
doc/man7/openssl-env: sort the capability envvars/links lexicographically
Put the mentions of OPENSSL_*cap environment variables and man page
references in lexicographical order. Also, add an Oxford comma before
"and" in the man page references.
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28025)
As the environment variable is no longer used by the test harness,
its support can be removed from the openssl command, along
with the possible unintended consequences of prefixing the standard
output of the openssl command with an arbitrary string set
in the environment.
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28025)
Remove HARNESS_OSSL_PREFIX manipulation in the test harness
The aim of HARNESS_OSSL_PREFIX environment variable is to avoid contaminating
TAP producer's output with stanzas that can be interpreted by a TAP producer
by prefixing them with comment; this can be achieved by processing
the output within the runner instead, as it already does for non-standard
prefixes; it also has the added benefit of alleviating the need
to reset it for the external tests in order to avoid messing
with their output checks.
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28025)
Nikola Pajkovsky [Thu, 17 Jul 2025 10:45:49 +0000 (12:45 +0200)]
Pairwise check for DH keys import as part of FIPS
For DH key import, it appears the PCT and assurances are implemented in
the source but are not be performed by default.
Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28058)
Nikola Pajkovsky [Wed, 16 Jul 2025 12:37:58 +0000 (14:37 +0200)]
Update dh_pub to be pairwise consistent with dh_priv
Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28058)
Co-authored-by: Andrew Dinh <andrewd@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28023)
Co-authored-by: Andrew Dinh <andrewd@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28023)
ACK manager must avoid infinite probe time when waiting handshake confirmation
According to RFC 9002, section 6.2.2.1 the client the client must keep PTO (probe
time out) armed if it has not seen HANDSHAKE_DONE quic message from server.
Not following RFC spec here may cause the QUIC session to stale during TLS handshake.
Fixes openssl/project#1266
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28023)
Richard Levitte [Wed, 16 Jul 2025 13:08:48 +0000 (15:08 +0200)]
Add a test of 'openssl storeutl' with a BER-encoded PKCS#12 file
The test file (test-BER.p12) was given to us by David von Oheimb
Co-Authored-By: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/28016)
Richard Levitte [Thu, 10 Jul 2025 15:55:50 +0000 (17:55 +0200)]
Fix OSSL_STORE to consider cached info in the EOF check.
OSSL_STORE_load() called OSSL_STORE_eof() before checking if there is
cached OSSL_STORE_INFO to consider. To fix this issue, the cached info
check is moved to OSSL_STORE_eof(), as that seems to make most common
sense.
This solves an issue with PKCS#12 files, where the cached info was never
considered because the underlying file IO layer signaled that EOF is
reached.
Fixes #28010
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/28016)
martin [Fri, 7 Feb 2025 13:22:41 +0000 (14:22 +0100)]
Add support for TLS 1.3 OCSP multi-stapling for server certs
Co-authored-by: Michael Krueger Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20945)
AntonMoryakov [Mon, 2 Jun 2025 10:14:28 +0000 (13:14 +0300)]
sm2: sm2_sign.c: check EC_KEY_get0_private_key() for NULL in sm2_sig_gen()
Static analysis revealed that sm2_sig_gen() dereferences the return value
of EC_KEY_get0_private_key() without checking for NULL. This could lead to
a crash if the private key is unset.
This patch adds a NULL check and raises ERR_R_PASSED_NULL_PARAMETER if the
key is missing.
Issue found by static analyzer:
> Return value of EC_KEY_get0_private_key() is dereferenced without checking for NULL (11/12 checked)
CLA: trivial Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27741)
Daniel Van Geest [Wed, 23 Jul 2025 08:30:57 +0000 (10:30 +0200)]
openssl rand command should use the loaded library context
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28075)
projects / thirdparty / openssl.git / log
