With recent changes, evp_encodeblock_int may return a negative value,
which EVP_EncodeFinal does not anticipate. As the latter sets out[ret]
to "\0" where ret is the return value of evp_encodeblock_int, we may
underflow the array index and access invalid memory locations.
Only update the output buffer if the return value is greater or equal to
zero.
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29525)
ret is incremented by inl in b64_write prior to being tested for zero.
Since inl is previously tested for being <= 0, and returns if it is, ret
must be at least 1 during the test, making the trinary test dead code.
Just return -1 here.
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29525)
Bob Beck [Fri, 21 Nov 2025 00:06:11 +0000 (17:06 -0700)]
Remove the ASN1_STRING_FLAG_X509_TIME flag
It's only use was to do some somewhat confused cruftery
inside of ossl_asn1_time_to_tm as a special case to
implement ASN1_TIME_set_string_X509.
As it turns out, you don't need the cruftery of a special
case inside of ossl_asn1_time_to_tm to implement this
function, so the flag is completely unnecessary.
This removes flag, and simplifies this to work without it.
It removes the cruft only from ossl_asn1_time_to_tm,
minimally. This function really needs some cleanup and
makes my eyes bleed but I am resisting the temptation
to do that with this PR and making this a the minimal
change needed for review. I will clean up that function
in a follow on pr.
As tests on the behaviour of ASN1_TIME_set_string_X509
were added with it, Beyonce dances happily for me and I
only need to pass the existing tests, not write as bunch
of new ones.. .
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29187)
Neil Horman [Wed, 31 Dec 2025 21:38:21 +0000 (16:38 -0500)]
Fix register save/restore issue in ppc
Recently, the addition of some vector register save restore logic from:
https://github.com/openssl/openssl/pull/28990
Triggered an issue in our quic_multistream_test, notably causing a
connection shutdown with error code 1, rather than successful
completion.
The problem has been root caused to an error in how the ppc aes code
saves and restores vector registers.
The aes gcm code uses VSR instructions (vsldoi, etc), to maniuplate
vector registers, which only operate on the upper half of the vector
register file (VS32-63), and operands are implicitly offset to do this.
(i.e. <instr> v31 actually operates on register vs63).
However, the SAVE/RESTORE macros which save and restore those values use
stxv/lxv instructions to do the save and restore, which are VSX
instructions that have access to the full vector register file, and so
by restoring V1, rather than V33, etc, we actuall restore values to the
wrong registers, causing various issues (most notably the above
misconfiguration of the quic SSL shutdown event, which sets the error
code erroneously to 1 instead of the expected 0 value).
Fix it by offsetting the SAVE_REGS and RESTORE_REGS macros to reference
the proper registers when doing save and restore.
Fixes #29516
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29528)
609bob [Fri, 19 Dec 2025 02:27:06 +0000 (10:27 +0800)]
bss_acpt.c: Free strings returned from previous BIO_ADDR_hostname_string() calls
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29452)
zhoulu [Fri, 19 Dec 2025 02:08:02 +0000 (10:08 +0800)]
SM4-CBC performance improvement on RISC-V
Modify the IV update method to further improve the performance of
SM4-CBC encryption on the RISC-V architecture.
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29451)
xxcui [Sat, 29 Nov 2025 01:56:10 +0000 (09:56 +0800)]
SM3: Performance optimized with RISC-V Vector Crypto
RISC-V Cryptographic Vector Extension provides ZVK instructions which
can be used to accelerate SM3 computing.
By calculating SHA512 performance on C930 FPGA, it is proven that sm3
speed is improved from 120695K to 323844K.
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29264)
fengpengbo [Fri, 19 Dec 2025 03:00:59 +0000 (11:00 +0800)]
This PR performs further optimization based on the already merged "Implement Montgomery multiplication assembly optimization for RV64GC" (#28012).
The key improvements include:code formatting unification、instruction scheduling optimization、register allocation strategy update、updates to addition/subtraction carry and borrow flag handling.
These enhancements aim to improve both the code maintainability and its execution performance, particularly on out-of-order RISC-V cores.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29438)
Add check for the return value of BIO_new() to avoid NULL pointer dereference.
Fixes: fd19fc4c27 ("Test that a key is usable after an EVP_PKEY_fromdata call") Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27994)
Neil Horman [Sun, 21 Dec 2025 19:40:45 +0000 (14:40 -0500)]
Add ci test to run against minimal gcc version we support
We currently support gcc 9 as a minimum compiler version. We should run
at least one ci job against that minimal version to make sure we don't
break anything.
Most notably this will help us catch errors if we attempt to use
intrinsics that aren't supported by that compiler.
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29482)
fengpengbo [Thu, 18 Dec 2025 06:45:39 +0000 (14:45 +0800)]
Fix register usage comment in ARMv8 Montgomery sqr asm.
In the bn_sqr8x_mont function, a comment describing the accumulation step for the partial product a[1]*a[0] incorrectly referenced the low part ('lo') of the product. The value being added to the temporary register t[2] is actually the high part ('hi') of that multiplication.
Correct the comment from "t[2]+lo(a[1]*a[0])" to "t[2]+hi(a[1]*a[0])".
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29436)
Andrew Dinh [Tue, 16 Dec 2025 20:44:18 +0000 (00:44 +0400)]
Add no-ssl3 back as a no-op
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29338)
Andrew Dinh [Mon, 22 Sep 2025 08:50:42 +0000 (18:50 +1000)]
Allow enabling deprecated flags that haven't been removed yet
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29338)
Andrew Dinh [Mon, 8 Sep 2025 13:43:01 +0000 (23:43 +1000)]
Deprecate SSL3 Configure flags
Show a deprecated warning if users attempt to run Configure script with
no-ssl3, no-ssl, or no-ssl3-method. Also adds a fix to the Configure
script preventing users from enabling deprecated flags.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29338)
Andrew Dinh [Thu, 11 Sep 2025 07:06:59 +0000 (17:06 +1000)]
Rename SSL3 error codes to TLS equivalents
Updated error code names and references from SSL3 to TLS in error definitions and error strings. Legacy error codes are preserved in sslerr_legacy.h for backward compatibility
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29338)
Bob Beck [Mon, 29 Sep 2025 21:16:33 +0000 (15:16 -0600)]
Constify return value of X509_get_X509_PUBKEY()
You really should not be mutating this.
Part of #28654 Fixes: https://github.com/openssl/project/issues/1771 Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29428)
Bob Beck [Mon, 29 Sep 2025 21:32:39 +0000 (15:32 -0600)]
Constify the return value of X509_get0_pubkey_bitstr()
Part of #28654 Fixes: https://github.com/openssl/project/issues/1772 Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29434)
Norbert Pocs [Sat, 20 Dec 2025 14:17:27 +0000 (15:17 +0100)]
Interop: c_rehash was removed; don't look for it
Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29474)
xxcui [Sat, 29 Nov 2025 01:46:04 +0000 (09:46 +0800)]
SHA512 performance optimized by RISCV RVV
This patch is dedicated to improve SHA512 speed with RISCV
Cryptographic Vector Extension.
Below performance output is calculated by Xuantie C930 FPGA with VLEN256.
- sha512 speed might be improved from 197032K to 1010986KB
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29263)
Tomas Mraz [Thu, 18 Dec 2025 16:07:44 +0000 (17:07 +0100)]
Remove BIO_f_reliable() as it is broken
It was broken since the OpenSSL 3.0 release and
nobody complained. Apparently nobody is using it.
It would be practically impossible to reimplement
it with the provided EVP_MDs in backwards-compatible
manner.
Fixes #29413
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29445)
Sashan [Tue, 16 Dec 2025 09:50:53 +0000 (10:50 +0100)]
Update doc/man3/OPENSSL_init_crypto.pod
Co-authored-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29385)
Sashan [Mon, 15 Dec 2025 15:33:35 +0000 (16:33 +0100)]
Update NEWS.md
Co-authored-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29385)
Sashan [Mon, 15 Dec 2025 15:33:17 +0000 (16:33 +0100)]
Update CHANGES.md
Co-authored-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29385)
sashan [Mon, 15 Dec 2025 10:34:13 +0000 (11:34 +0100)]
- update NEWS.md
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29385)
sashan [Mon, 15 Dec 2025 09:57:59 +0000 (10:57 +0100)]
- fix CHANGES.md style
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29385)
sashan [Mon, 15 Dec 2025 09:56:57 +0000 (10:56 +0100)]
- fix .cstyle
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29385)
libcrypto does not arm OPENSSL_cleanup() function as atexit(3) handler by default.
If application/user wants libcrypto to install OPENSSL_cleanup() as atexit handler,
then OPENSSL_ATEXIT_CLEANUP env. variable must be set.
If platform's libc does not provide atexit(3), then OPENSSL_ATEXIT_CLEANUP has no effect.
The OPENSSL_atexit() is wrapper of atexit(3) provided by libc now.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29385)
Norbert Pocs [Wed, 17 Dec 2025 20:04:53 +0000 (21:04 +0100)]
win-makefile.tmpl: Fix program install check
When the array is empty then copy.pl fails, because there is nothing to
copy. The empty check was done on a different variable.
Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29427)
Norbert Pocs [Wed, 17 Dec 2025 16:28:06 +0000 (17:28 +0100)]
Remove the c_rehash script
The `openssl rehash` should be used instead.
Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29427)
Richard Levitte [Thu, 18 Dec 2025 13:11:30 +0000 (14:11 +0100)]
test/run_tests.pl: Ensure that all HARNESS_VERBOSE values are respected
... with perl truthiness in mind
Most of all, this means not having undue expectations that its value
is numerical (this is particularly true when HARNESS_VERBOSE isn't given
by the user, and this script's default is "yes").
We do this by ensuring that $tap_verbosity is turned into an appropriate
number if HARNESS_VERBOSE's value isn't numerical.
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29443)
Danny Tsen [Thu, 23 Oct 2025 20:51:05 +0000 (16:51 -0400)]
ppc64le: Restore VSX registers in AES/GCM ppc64le encrypt/decrypt
The implementation failed to restore VSX vector registers from vs14-vs22.
Re-implemented based on Linux kernel version.
Fixes #28961
Signed-off-by: Danny Tsen <dtsen@us.ibm.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28990)
Milan Broz [Tue, 16 Dec 2025 10:53:27 +0000 (11:53 +0100)]
Add engine stubs test
This test tries to use all stub macros and compare return values
to verify that OPENSSL_ENGINE_STUBS define works.
Fixes openssl/project#1762
Signed-off-by: Milan Broz <gmazyland@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29414)
Milan Broz [Tue, 16 Dec 2025 13:34:14 +0000 (14:34 +0100)]
Remove ossl_err_load_ENGINE_strings from stubs
This was an internal function and should not be here.
Signed-off-by: Milan Broz <gmazyland@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29414)
Milan Broz [Tue, 16 Dec 2025 11:41:09 +0000 (12:41 +0100)]
Fix stub definitions for no-deprecated config
Used types are only available if OPENSSL_NO_DEPRECATED_3_0
is not defined.
Signed-off-by: Milan Broz <gmazyland@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29414)
Milan Broz [Tue, 16 Dec 2025 10:52:47 +0000 (11:52 +0100)]
Fix typo in engine.h stub
Signed-off-by: Milan Broz <gmazyland@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29414)
Simo Sorce [Mon, 15 Dec 2025 16:23:57 +0000 (11:23 -0500)]
Harden digest context deserialization
The deserialization functions for SHA2 and SHA3 digest contexts did not
sufficiently validate the incoming data. Corruption in transmission or
on saved disk data could cause a out-of-bounds memory access if buffer
sizes did not match expected values.
Add sanity checks to the SHA2 and SHA3 deserialization functions to validate
buffer-related fields before they are used. The serialization format for these
digests has been changed to place these critical fields early in the stream to
enable this validation.
Additionally, add a note to the EVP_DigestInit man page to warn users that
deserialization should only be performed on trusted data. The checks we
implement are not meant to address processing of untrusted data
maliciously crafted by an attacker.
Application that need to store data or transmit it through untrusted
media SHOULD implement proper encryption and message authentication
on their own using things like CMS or other appropriate secure message
containers.
These check have been added also to quiet a bit security researchers
that try to find any way to claim CVE bounties even in completely
unlikely or invalid scenarios.
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/29404)
The "Verify-Message" type looks for private keys only,
which meant anything using a public key got skipped.
Changed the entries to "Verify-Message-Public" which tries the public
key first.
This uncovered one test that needed to be removed since ECDSA-MD5 is not
a valid fetchable algorithm (in any OpenSSL provider).
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28040)
Richard Levitte [Thu, 18 Dec 2025 08:52:11 +0000 (09:52 +0100)]
Use 'codespell:ignore' where justifiable
There's this one random string where we have the word "Hellow". It's a
random string, "correct" spelling is really not important, so we tell
codespell to just ignore that line.
Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29437)
Bob Beck [Fri, 14 Nov 2025 20:36:56 +0000 (13:36 -0700)]
Add new public API for checking certificate times.
Fixes: #1631
This changes the previously internal ossl_x509_check_certificate_times()
to be the public X509_check_certificate_times(). It adds documentation
for the new function and marks X509_cmp_time, X509_cmp_timeframe,
and X509_cmp_current_time as deprecated in 4.0, as discussed in #1631.
Since the function is now public, we can replace the remaining
uses of deprecated stuff with this function.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29152)
Weizhi Ao [Thu, 11 Dec 2025 13:06:23 +0000 (21:06 +0800)]
Fix silent failure in ASYNC_start_job when size is 0
When ASYNC_start_job is called with args != NULL but size == 0,
OPENSSL_malloc(0) is called. Depending on the libc implementation,
malloc(0) may return NULL, causing a silent failure.
This patch modifies the logic to skip allocation if size is 0.
CLA: trivial
Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29377)
Matthias Kraft [Wed, 10 Dec 2025 16:02:54 +0000 (17:02 +0100)]
Ensure path to libcrypto can be resolved on AIX.
On AIX, the environment of the test executable for test_includes doesn't
contain a resolvable search path to the just built libcrypto. Setup
LIBPATH to point to the build results.
Fixes #29352.
Signed-off-by: Matthias Kraft <Matthias.Kraft@ibm.com> Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29375)
Matt Caswell [Fri, 12 Dec 2025 16:26:14 +0000 (16:26 +0000)]
Add removed EVP_PKEY_meth* functions to ossl-removed-api.pod
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/29384)
Matt Caswell [Fri, 12 Dec 2025 16:12:48 +0000 (16:12 +0000)]
Remove all EVP_PKEY_meth_* functions from the documentation
These functions have been removed so the documentation should be updated
accordingly.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/29384)
Matt Caswell [Fri, 12 Dec 2025 12:01:56 +0000 (12:01 +0000)]
Clean up some final vistigial remnants of EVP_PKEY_METHOD
We retain the opaque type because it is still used by the ENGINE stubs.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/29384)
Matt Caswell [Thu, 11 Dec 2025 16:14:13 +0000 (16:14 +0000)]
Remove references to the pmeth field in an EVP_PKEY_CTX
We don't set this field anymore so we should remove all usage of it.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/29384)
Matt Caswell [Thu, 11 Dec 2025 16:05:05 +0000 (16:05 +0000)]
Delete the EC EVP_PKEY_METHOD
It is no longer used so can be removed
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/29384)
Matt Caswell [Thu, 11 Dec 2025 16:01:56 +0000 (16:01 +0000)]
Delete the DSA EVP_PKEY_METHOD
It is no longer used so can be removed
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/29384)
Matt Caswell [Thu, 11 Dec 2025 15:58:53 +0000 (15:58 +0000)]
Delete the RSA EVP_PKEY_METHOD
It is no longer used so can be removed
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/29384)
Matt Caswell [Thu, 11 Dec 2025 15:54:54 +0000 (15:54 +0000)]
Delete the ECX EVP_PKEY_METHOD
It is no longer used so can be removed
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/29384)
Matt Caswell [Thu, 11 Dec 2025 15:44:15 +0000 (15:44 +0000)]
Delete the DH EVP_PKEY_METHOD
It is no longer used so can be removed
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/29384)
Matt Caswell [Thu, 11 Dec 2025 12:29:29 +0000 (12:29 +0000)]
Remove custom EVP_PKEY_METHODs
We retain custom EVP_PKEY_ASN1_METHODs for now - to be removed in some
subsequent PR.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/29384)
Norbert Pocs [Thu, 11 Dec 2025 11:49:00 +0000 (12:49 +0100)]
Check return code of UTF8_putc
Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29376)
Norbert Pocs [Thu, 11 Dec 2025 11:38:16 +0000 (12:38 +0100)]
Harden ASN1_mbstring_ncopy
Reported by Murali Aniruddhan
Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29376)
Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28717)
Richard Levitte [Tue, 16 Dec 2025 09:23:16 +0000 (10:23 +0100)]
Add a couple of DH related StatementMacros, and adjust
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29383)
Richard Levitte [Tue, 16 Dec 2025 09:02:44 +0000 (10:02 +0100)]
Unbreak some function signature that got broken up after the return type
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29383)
exclusions=()
for g in "${known_generated[@]}"; do
# Convert pattern to a regex
g=${g//\./\\.}
g=${g//\*/.\*}
exclusions+=( "^${g}\$" )
done
# Join all exclusions into one regex
exclude_re=$(IFS='|'; echo "${exclusions[*]}")
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29383)
cat <<_____
# The following types are macros, and need to remain that way, unfortunately
- "HASH_CTX"
- "HASH_LONG"
- "MD32_REG_T"
_____
sed -ne '/^# OpenSSL uses macros extensively/,$p' < .clang-format
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29383)
Richard Levitte [Fri, 12 Dec 2025 12:56:30 +0000 (13:56 +0100)]
Refactor types that are '#define'd into proper typedefs
I looked for them with the following grep pipe, and then read through
the output to discern what are actual type definitions, and converted
what I found manually.
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29383)
Richard Levitte [Fri, 12 Dec 2025 15:36:39 +0000 (16:36 +0100)]
Add a few more ASN.1 related StatementMacros
This resulted in an adjustment of reformatting that is a bit less trippy
in some places.
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29383)
Richard Levitte [Fri, 12 Dec 2025 15:20:13 +0000 (16:20 +0100)]
Missed a spot!
For some reason, source reformatting didn't catch everything.
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29383)
Bob Beck [Mon, 15 Dec 2025 17:42:28 +0000 (10:42 -0700)]
Defang the lhash test
This is bascially eating my mac, as it now runs for 80 seconds
and eats all the CPU's exercising lock contention.
This dials it back to consume at most a quarter of the CPU's in
use by HARNESS_JOBS, unless LHASH_WORKERS is set to override it
in which case we use that.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/29406)
Viktor Dukhovni [Wed, 10 Dec 2025 02:52:37 +0000 (13:52 +1100)]
New -encopt option for pkey(1) and genpkey(1)
This allows setting the ML-KEM and ML-DSA output formats.
At the same fixing surprising lack of password encryption
of PKCS#8 private keys in DER output form in the CLI apps.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29324)
Paul Elliott [Mon, 15 Dec 2025 13:05:00 +0000 (13:05 +0000)]
Fix error in PAC/BTI AArch64 build
Clang format removes a space here, which creates a compiler error when
building for PAC/BTI. Fix this and Turn off clang format for this line
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/29399)
Bob Beck [Mon, 15 Dec 2025 21:51:18 +0000 (14:51 -0700)]
Make the test output show how long each test takes by default.
Unless we have reduced the verbosity level, or overridden it with
a HARNESS_TIMER setting.
This makes it easier to realize when you are making a test that is
starting to dominate testing time for developers, and makes it
easier for developers to see it.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29408)
The proposed architectural change focuses on improving concurrency and
reducing contention within the method store. The fundamental concept
involves moving away from a monolithic synchronisation
mechanism—specifically, a single read-write lock (rwlock)—that
currently guards the entire method store.
Instead of this single point of contention, the strategy is to
introduce per-shard synchronisation. This means the method store will
be partitioned, or sharded, into several independent segments. Each of
these segments, or shards, will be protected by its own dedicated
read-write lock.
The data in the table below was generated by running evp_fetch twenty times per thread.
Perf tests were running on the system:
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Address sizes: 46 bits physical, 48 bits virtual
Byte Order: Little Endian
CPU(s): 96
On-line CPU(s) list: 0-95
Vendor ID: GenuineIntel
Model name: Intel(R) Xeon(R) Gold 6248R CPU @ 3.00GHz
CPU family: 6
Model: 85
Thread(s) per core: 2
Core(s) per socket: 24
Socket(s): 2
The most performant option is a configuration with 512 cache entries with
4 shards. There are two new defines NUM_SHARDS, and CACHE_SIZE which
can be tweaked at will.
Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Norbert Pocs <norbertp@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29205)
Matt Caswell [Wed, 10 Dec 2025 10:56:49 +0000 (10:56 +0000)]
Remove support for custom MD methods
Custom MD methods are considered legacy and have been deprecated
since 3.0. With the removal of ENGINEs they become a lot less useful
and add significant complexity to the code. We should therefore remove
them in 4.0.
Neil Horman [Mon, 15 Dec 2025 13:43:32 +0000 (08:43 -0500)]
Prevent freeing of parent listener in SSL_listen_ex
Its been reported that, when using SSL_listen_ex to obtain a new
connection from a listener, that, if the listener is freed prior to the
obtained connection, we get use-after-free conditions when freeing said
obtained connections.
This occurs because SSL_listen_ex fails to take a reference on the
parent listener SSL object (in the same way that SSL_new_from_listener
does). If the listener is freed first, then several listener resources
are freed, which the obtained connection still makes use of, hence the
use-after-free.
The fix is to do what SSL_new_from_listener does, namely:
1) Increase the reference count on the listener SSL object.
2) Ensure that the connection qc->listener points to the listener object
so that, when the connection is freed, we call SSL_free on the
listener object, dropping the reference count we take in
SSL_listen_ex.
While we're at it, this PR also modifies the quicapi test for testing
the SSL_listen_ex call, freeing the listener first to ensure that the
increased refcount holds the SSL object data stable until the connection
is freed.
Thanks to Stanislav Fort at Asile Research for pointing out this issue.
fixes openssl/project#1766
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29398)
Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/29369)
Simo Sorce [Mon, 3 Nov 2025 21:53:41 +0000 (16:53 -0500)]
Derive EC public key from private key if missing
Update ossl_ec_key_fromdata to compute the public key if it is not provided in
the input parameters but the private key is. This allows for the creation of a
complete EC_KEY object from only private key data.
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29054)
projects / thirdparty / openssl.git / log
