Norbert Pocs [Fri, 21 Nov 2025 13:04:20 +0000 (14:04 +0100)]
Remove OPENSSL_INIT_ENGINE_* definitions
Keeping OPENSSL_INIT_ENGINE_ALL_BUILTIN to be defined always to zero as
it might be the most used one outside of the library, meanwhile keeping
the others undefined unless OPENSSL_ENGINE_STUBS is defined.
Neil Horman [Thu, 11 Sep 2025 20:09:56 +0000 (16:09 -0400)]
remove dasync engine test from test_rand
We're removing the engine, so we don't need to test this anymore.
NOTE: This also removes the engine skip check from the test, and this
breaks testing until such time as PR #28461 is merged (which replaces
the remaining engine test with a provider).
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Norbert Pocs <norbertp@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29305)
Neil Horman [Thu, 11 Sep 2025 19:39:44 +0000 (15:39 -0400)]
remove afalg tests
We have a specific test suite that exercizes the afalg engine, that is
becoming useless with engine removal.
I had considered that we should perhaps convert this into a provider,
but having looked at the engine itself, it only offers implementations
for AES-128, AES-192 and AES-256. Given that the default provider
offers these algorithms with hardware acceleration via the aesni
instruction set (or comparable instructions on non-x86 arches), it seems
like the only advantage the afalg engine offers is acceleration of these
ciphers on platforms that have off-cpu accelerators and no cpu based
acceleration support.
given that:
a) Most cpus have instruction based acceleration
b) We don't test with any platforms that use external accelerators
It seems like alot of investment to get no real advantage, so just
remove the test, allowing us to delete the engine entirely in another
PR.
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Norbert Pocs <norbertp@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29305)
Neil Horman [Thu, 11 Sep 2025 19:19:45 +0000 (15:19 -0400)]
Remove dasync engine from sslapitest and sslbuffertest
With the impending engine removal, we don't have a need to test engine
functionality in these tests anymore, so remove the test cases that make
use of the dasync engine here.
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Norbert Pocs <norbertp@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29305)
Most of the ifdefs were removed, but we want to rewrite the dasync
engine to a provider. Therefore that code was not removed; instead a new
temporary macro was added named TODO_REWRITE_ME_DASYNC_PROVIDER.
Engine removal: Silence the CI tests about engines
As we can't do every change in one big PR (and we also don't want),
therefore there always will be failing tests until everything is
resolved/cleaned up. This way we silence the CI about engine tests and
later we can reenable them to see what else needs to be fixed.
check_cert_crl(): Set CRL score for CRLs returned by get_crl callback
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29199)
Beat Bolli [Sun, 23 Feb 2025 14:10:40 +0000 (15:10 +0100)]
Change hexdump width to a multiple of 8 bytes
10, 15 and 18 seem quite unnatural byte counts in the context of hex
dumps. Standardize on 24 bytes for signatures (to stay within the 80
characters limit) and 16 bytes for everything else.
Adjust all test cert dumps to match the new output format.
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29266)
lan1120 [Tue, 2 Dec 2025 01:36:57 +0000 (09:36 +0800)]
mlx_kem_dup(): Set key state to MLX_HAVE_NOKEYS when not copying keypair
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29280)
Matthias Kraft [Fri, 28 Nov 2025 14:30:01 +0000 (15:30 +0100)]
Skip symbol_presence test on AIX
AIX `nm` reports symbols in a different way.
Fix for: #29247
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29276)
Caolán McNamara [Fri, 28 Nov 2025 09:05:07 +0000 (09:05 +0000)]
const up some more low hanging things
Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29246)
APPS/load_key_certs_crls(): prevent mem leaks on error w.r.t. any leftover credentials
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28005)
Fortunately due to the initial size of the allocated
buffer and the limit for unfragmented DTLS record size
the use-after-realloc cannot be triggered.
But we fix the potentially problematic code anyway.
Reported Joshua Rogers. It was found with the ZeroPath security
tooling.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29278)
Bob Beck [Thu, 28 Aug 2025 18:59:59 +0000 (12:59 -0600)]
Disable clang format around .c includes
we assume these to be order sensitive and not self contained, so
as per our new style we disable clang format around them.
we should consider renaming to .inc, or doing away with some
of these and just putting the code inline, but that's for
later consideration.
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29241)
Bob Beck [Fri, 28 Nov 2025 18:20:53 +0000 (11:20 -0700)]
Disable clang-format around line-wrap sensitive lines in malloc_test.c
If OPENSSL_LINE ends up on a different line than the following call here,
this test breaks.
We should perhaps reconsider if testing the reporting of OPENSSL_LINE
is what we want in a malloc test, but that's for another time than now.
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29241)
Bob Beck [Thu, 27 Nov 2025 22:17:00 +0000 (15:17 -0700)]
Disable clang format around multi-line macros of sparc assembly
They are not asm, but spit out stuff that is not C
Clang-format gets confused and does bad things with them.
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29241)
Bob Beck [Tue, 2 Sep 2025 16:07:08 +0000 (10:07 -0600)]
Fix cmp_ctx_test.c to be less sensitive to line wrapping.
Similar to the previous errtest.c fix this also is not broken
by any reformatting today, but this change makes this follow
the same pattern as the other things that test OPENSSL_LINE
after the fact so we maintain the same paradigm everywhere.
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29241)
Bob Beck [Fri, 29 Aug 2025 17:37:36 +0000 (11:37 -0600)]
fix errtest to be less sensitive to line wrapping changes
(in it's final form it will work with either compiler
because it's currently one line, but was tripped up before
by the #ifdef, so redid it to be consistent with the
other changes previously in this stack)
While I am here correct the test to test for all possible
return values of ERR_get_error_all, without the #ifdefs
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29241)
Bob Beck [Thu, 21 Aug 2025 23:15:09 +0000 (17:15 -0600)]
Fix apps/progs.pl to be slightly less fragile
In particular fix the regex magic to be tolerant of different ways
of formatting a main program.
My past life had forgotten this magic 14 years ago when we converted
it to just a table of commands in the forks.
https://www.youtube.com/watch?v=mWbbjvYmN8A
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29241)
Bob Beck [Fri, 5 Sep 2025 01:02:41 +0000 (19:02 -0600)]
Add a WebKit clang-format file
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29241)
Daniel Kubec [Thu, 27 Nov 2025 16:38:16 +0000 (17:38 +0100)]
CRL: clarify CRL certificateIssuer handling and improve readability
Rename 'gens' to 'most_recent_issuer' and add comments referencing
[RFC-5280] 5.3.3 explaining how issuer inheritance works in indirect
CRLs. No functional changes; improves clarity and maintainability.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29237)
Holger Dengler [Wed, 26 Nov 2025 15:18:49 +0000 (16:18 +0100)]
s390x: Check and fail on invalid malformed ECDSA signatures
Check parameters of ECDSA signatures on verify and fail for invalid
malformed signatures in the code path for s390x accelerators. Handle
condition code of kdsa instruction for detecting invalid parameters.
For NIST P521 curves, kdsa ignores completely the upper 14 bytes of
the sections for r and s in the parameter-block, so adapt the offset
and length for bignum conversions for these curves. This will detect
cases of malformed signatures which are not covered by the kdsa
parameter checking.
Fixes: #29173 Signed-off-by: Holger Dengler <dengler@linux.ibm.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29214)
Holger Dengler [Wed, 26 Nov 2025 15:18:37 +0000 (16:18 +0100)]
s390x: Return condition code of kdsa instruction
The kdsa instruction is doing some parameter checking for the verify
function codes, like r/s equals zero and range checks. To handle these
cases correctly in the calling functions, the asm returns now also
condition code 2.
Signed-off-by: Holger Dengler <dengler@linux.ibm.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29214)
test/bioprinttest.c: skip failing checks on HPE NonStop
Apparently, NonStop libc's printf implementation is not
standard-conforming in its handling of "0" flag with "o" specifier:
per [1], "it shall increase the precision, if and only if necessary,
to force the first digit of the result to be a zero", however, NonStop
libc adds a superfluous zero in cases where precision is 1; see also
commit 0f107c709c73 "crypto/bio/bio_print.c: avoid superfluous zero
padding in %#o". Avoid test case failures by wrapping the relevant test
cases in "if !defined(__TANDEM)".
- Add explicit links to related EVP_* functions for each signature method
- Clarify the differences between sign/verify, message sign/verify, and digest sign/verify functions
- Document TLS 1.3 requirements: digest_sign/verify functions are mandatory for libssl usage
- Provide guidance for provider developers on which functions to implement for different use cases
Fixes #27127
Signed-off-by: Samaresh Kumar Singh <ssam3003@gmail.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29166)
Daniel Kubec [Mon, 24 Nov 2025 01:25:08 +0000 (02:25 +0100)]
CONF: Add support for configurations per OSSL_LIB_CTX
Add support for configurations per OSSL_LIB_CTX and fix cross-context overrides.
Fixes #19248
Fixes #19243
Co-authored-by: Matt Caswell <matt@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29145)
Bernd Edlinger [Sun, 25 Feb 2024 15:33:33 +0000 (16:33 +0100)]
CIFuzz: Remove some unnecessary files to free up space
Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29061)
Anton Moryakov [Wed, 27 Aug 2025 10:58:24 +0000 (13:58 +0300)]
keymgmt_from_algorithm(): Fix unchecked return of ossl_provider_up_ref
The ossl_provider_up_ref() call in keymgmt_from_algorithm() was not
checking its return value, unlike other similar calls in the codebase.
This could lead to inconsistent reference counting if the up-ref failed.
Now the return value is checked, and if the up-ref fails, the keymgmt
is freed and an error is raised, ensuring consistent cleanup.
Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com> Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28353)
Implement Poly1305 using SVE2 VLA instructions for AArch64.
This implementation is selected at runtime if SVE2 is present and the vector length is 256, 512, 1024 or 2048 bits.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/28454)
Instead of transferring the ownership of the single OCSP response
to the SSL object, the multi-stapling PR modified the semantics
of SSL_set_tlsext_status_ocsp_resp() to copying semantics.
This change reverts the behavior to the previous one.
Partially based on fix by Remi Gacogne:
https://github.com/openssl/openssl/pull/28894
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29251)
Jiasheng Jiang [Fri, 27 Jun 2025 18:13:41 +0000 (18:13 +0000)]
apps/lib/log.c: Add check for BIO_new()
Add check for the return value of BIO_new() to avoid potential NULL pointer dereference.
Fixes: 8a2ec00d7f ("apps/lib/http_server.{c,h}: clean up logging and move it to log.{c,h}") Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com> Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27918)
Igor Ustinov [Thu, 27 Nov 2025 12:08:02 +0000 (13:08 +0100)]
Branch 3.2 was removed from and branch 3.6 was added to the
"Provider compatibility for PRs" test.
Do not test the provider from the PR against modified branches.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29236)
Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28995)
Dmitry Misharov [Tue, 25 Nov 2025 16:16:46 +0000 (17:16 +0100)]
add release notes from NEWS.md when making a release
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29224)
Shohei YOSHIDA [Mon, 24 Nov 2025 08:55:06 +0000 (17:55 +0900)]
DOC: fix typo in openssl-cmp
RAVERIFED -> RAVERIFIED
CLA: trivial
Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29202)
Shohei YOSHIDA [Mon, 24 Nov 2025 07:20:11 +0000 (16:20 +0900)]
DOC: put an empty line before '=for' directive
CLA: trivial
Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29201)
Clemens Lang [Mon, 24 Nov 2025 10:11:33 +0000 (11:11 +0100)]
test: Add test for #29196
Add a test that will cause one of the problems reported in
https://github.com/openssl/openssl/issues/29196 and skip it on 32-bit
systems.
Signed-off-by: Clemens Lang <cllang@redhat.com> Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29192)
Clemens Lang [Fri, 21 Nov 2025 15:00:08 +0000 (16:00 +0100)]
Do not make key share choice in tls1_set_groups()
tls1_set_groups(), which is used by SSL_CTX_set1_groups() does not check
whether the NIDs passed as argument actually have an implementation
available in any of the currently loaded providers. It is not simple to
add this check, either, because it would require access to the SSL_CTX,
which this function does not receive. There are legacy callers that do
not have an SSL_CTX pointer and are public API.
This becomes a problem, when an application sets the first group to one
that is not supported by the current configuration, and can trigger
sending of an empty key share.
Set the first entry of the key share list to 0 (and the key share list
length to 1) to signal to tls1_construct_ctos_key_share that it should
pick the first supported group and generate a key share for that. See
also tls1_get_requested_keyshare_groups, which documents this special
case.
See: https://issues.redhat.com/browse/RHEL-128018 Signed-off-by: Clemens Lang <cllang@redhat.com> Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29192)
Norbert Pocs [Wed, 26 Nov 2025 14:27:03 +0000 (15:27 +0100)]
Configure: Warn about deprecated option when enabled
Currently the deprecated configure option is warned only when
"(no|disabled)-feature" is used, but wasn't warning when
"enable-feature" was passed as a config option.
Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29229)
martin [Sun, 19 Oct 2025 16:37:06 +0000 (18:37 +0200)]
Fixed non-compliant handling of missing stapled OCSP responses
If the OCSP response was not present for a certificate the server
created a non-conforming empty CertificateStatus extension
instead of not sending the extension at all.
Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28588)
format embedded struct declaration for check-format.pl
so that subsequent commits to e_chacha20_poly1305.c doesn't trigger
warnings about handling '{' later in this file in related code.
i.e.
crypto/evp/e_chacha20_poly1305.c:610:indent = 0 != 4 for stmt/decl:static const EVP_CIPHER chacha20_poly1305 = {
crypto/evp/e_chacha20_poly1305.c:611:indent = 4 != 45 for hanging '{' or 8 for lines after '{': NID_chacha20_poly1305,
Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28588)
Bernd Edlinger [Mon, 3 Nov 2025 13:00:15 +0000 (14:00 +0100)]
Document CVE-2021-4160
This was fixed in openssl 3.0.1 by #17258 and assigned
CVE-2021-4160 but unfortunately forgotten to mention
in the CHANGES and/or NEWS.
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29051)
Daniel Kubec [Fri, 7 Nov 2025 22:45:33 +0000 (23:45 +0100)]
CRL: Enforce proper handling of ASN1_TIME validation results
ASN1 correctly validates date fields and reports errors to the error
stack. Previously, even when validation failed, a CRL object was still
returned and could, in some cases, be successfully used for
verification.
This change fixes that behavior by ensuring validation errors are
properly handled and invalid CRLs are rejected.
Fixes #27445
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29107)
projects / thirdparty / openssl.git / log
