port_make_channel() builds an incoming QUIC channel in stages: allocate
the channel, create the user SSL and inner TLS objects, optionally copy
qlog state, then initialise the channel. Under the mfail allocator,
failures in the middle of that sequence could leave ownership split
between the partially-created channel and the user SSL, leaking
allocations from ossl_quic_channel_alloc().
Make port_new_handshake_layer() return the created user SSL to
port_make_channel() and detach the borrowed channel before cleaning up
its own failures. port_make_channel() now owns the error path: it
detaches any created user SSL from the channel, frees the channel exactly
once according to whether channel initialisation already ran cleanup, and
then frees the user SSL.
Also make QUIC stream map cleanup tolerate a NULL map during partial
channel cleanup, and add a focused mfail regression test for
ossl_quic_port_create_incoming().
Fixes: https://github.com/openssl/openssl/issues/31014 Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.foundation> Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Tue May 12 12:01:04 2026
(Merged from https://github.com/openssl/openssl/pull/31038)
quic: check lh_QUIC_STREAM_new() return value in stream_map_init
ossl_quic_stream_map_init() did not check whether lh_QUIC_STREAM_new()
succeeded. On allocation failure qsm->map would be NULL and subsequent
operations on the stream map would dereference it.
Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.foundation> Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Tue May 12 12:01:02 2026
(Merged from https://github.com/openssl/openssl/pull/31038)
Bob Beck [Wed, 15 Apr 2026 19:31:42 +0000 (13:31 -0600)]
Deprecate the ASN1_BIT_STRING name related funcitons.
These seem to have been from something long long ago
that nothing uses anymore. It seems like this is just something
we should not be doing in this way.
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Norbert Pocs <norbertp@openssl.org>
MergeDate: Mon May 11 09:23:13 2026
(Merged from https://github.com/openssl/openssl/pull/30853)
Harry Betts [Sat, 9 May 2026 06:54:52 +0000 (16:54 +1000)]
Fix OOB read in EC_GROUP_new_from_params() with zero-length generator
When OSSL_PKEY_PARAM_EC_GENERATOR is provided as an octet string of
length 0, buf[0] is read before validating data_size, causing a
heap-buffer-overflow detectable under ASan.
Reject zero-length generator octet strings before the dereference.
CLA: trivial
Resolves: https://github.com/openssl/openssl/issues/31125 Fixes: c0f39ded68ba "Add Explicit EC parameter support to providers." Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
MergeDate: Mon May 11 08:34:15 2026
(Merged from https://github.com/openssl/openssl/pull/31128)
Jakub Zelenka [Tue, 5 May 2026 17:56:34 +0000 (19:56 +0200)]
Add various MFAIL tests to excercise ht insert
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
MergeDate: Mon May 11 08:21:56 2026
(Merged from https://github.com/openssl/openssl/pull/31092)
Jakub Zelenka [Tue, 5 May 2026 17:50:11 +0000 (19:50 +0200)]
Fix ignored call in ossl_rcu_call when cb item alloc fails
Currently when allocation of cb item fails, the actual cb function is
not called. The is used just in hashtable when the cb function frees
the old item which result in memory leak.
To fix this, the allocation needs to be separated and happen before the
assign operation is done.
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
MergeDate: Mon May 11 08:21:55 2026
(Merged from https://github.com/openssl/openssl/pull/31092)
Jakub Zelenka [Fri, 8 May 2026 14:42:01 +0000 (16:42 +0200)]
Add mfail test for new BIO dgram mem
Reviewed-by: Matt Caswell <matt@openssl.foundation> Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
MergeDate: Mon May 11 08:09:16 2026
(Merged from https://github.com/openssl/openssl/pull/31121)
Reject CR and LF characters before serializing request lines and HTTP
headers. This prevents malformed URL or caller supplied components
from altering the generated HTTP request.
Reviewed-by: Tomas Mraz <tomas@openssl.foundation> Reviewed-by: Matt Caswell <matt@openssl.foundation> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
MergeDate: Mon May 11 07:44:19 2026
(Merged from https://github.com/openssl/openssl/pull/31100)
Jakub Zelenka [Wed, 6 May 2026 16:22:47 +0000 (18:22 +0200)]
Fix memleak in ossl_ffc_params_copy if alloc fails
If allocation fails in ossl_ffc_params_copy, then the params that were
previously allocated are not freed. This results in a memory leak.
Fixes: dc8de3e6f1ee "Modify DSA and DH keys to use a shared FFC_PARAMS struct" Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.foundation> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
MergeDate: Mon May 11 07:21:45 2026
(Merged from https://github.com/openssl/openssl/pull/31098)
Bob Beck [Thu, 7 May 2026 21:30:03 +0000 (15:30 -0600)]
Correct ASN1_STRING_set() behaviour to match the documentation
ASN1_STRING_set() has never promised to call strlen() for other
negative values. Other values here likely indicate an error,
such as an integer overflow. Call strlen() only if the length
provided is -1.
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
MergeDate: Mon May 11 00:34:25 2026
(Merged from https://github.com/openssl/openssl/pull/31113)
crypto/evp/evp_lib.c: call va_end() in EVP_PKEY_Q_keygen() on error
Instead of returning NULL immediately, jump to the cleanup at the end
of the function. Reported by Coverity.
Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1593754 Fixes: 18472994f065 "The EVP_PKEY_Q_keygen function now explicitly handles NULL curve name" Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.foundation> Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
MergeDate: Mon May 11 00:28:25 2026
(Merged from https://github.com/openssl/openssl/pull/31107)
quic_channel.c: fix potential memory leak on failure in ossl_quic_channel_alloc
Add missing OPENSSL_free() in error path.
Fixes: 35dc6c353bf "QUIC: Make more transport parameters configurable" Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.foundation>
MergeDate: Mon May 11 00:23:13 2026
(Merged from https://github.com/openssl/openssl/pull/30754)
Bob Beck [Thu, 29 Jan 2026 18:31:40 +0000 (11:31 -0700)]
Deprecate the X509_check_{email,host,ip,ip_asc} family of functions
Our own documentation for quite some time has indicated
that you should call X509_verify_cert() instead of using these.
Actually deprecate them and make apps not use the now deprecated
functions.
Zoey Chapell [Tue, 24 Mar 2026 15:30:52 +0000 (11:30 -0400)]
doc: clarify algorithm discovery in openssl-genpkey.pod.in
Add a reference to 'openssl list -public-key-algorithms' in the
-algorithm description to improve discoverability and long term
consistency. Documentation only change.
Add clarification for how to select the naming output in the correct spot.
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
MergeDate: Sun May 10 23:59:03 2026
(Merged from https://github.com/openssl/openssl/pull/30556)
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
MergeDate: Sun May 10 23:52:21 2026
(Merged from https://github.com/openssl/openssl/pull/29851)
Milan Broz [Mon, 4 May 2026 14:13:27 +0000 (14:13 +0000)]
bn_nist.c: remove unreachable BN_BITS2 == 64
The block in BN_nist_mod_224() is gated by
#if defined(NIST_INT64) && BN_BITS2 != 64
so the #if
#if BN_BITS2 == 64
rp[7] = carry;
#endif
is unreachable. Remove it.
The code is actualy relic of an earlier design where the NIST_INT64
accumulator path was meant 64-bit too.
Disabling 64-bit path above with BN_BITS2 != 64 resulted in
#if BN_BITS2 == 64 was left unreachable
The outer condition is correct, it is meant to be 32bit only,
otherwise it would need to introduce load_u32/store_lo32 as in other
functions to avoid clang strict-aliasing optimizer issues.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Thu May 7 20:11:12 2026
(Merged from https://github.com/openssl/openssl/pull/31076)
Norbert Pocs [Mon, 4 May 2026 13:51:50 +0000 (15:51 +0200)]
Merge .inc files with header
When the .inc is only used once, include the file at place.
Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
MergeDate: Thu May 7 19:30:01 2026
(Merged from https://github.com/openssl/openssl/pull/31075)
Bob Beck [Mon, 9 Mar 2026 20:30:02 +0000 (14:30 -0600)]
Forbid GEN_OTHERNAME SMTP UTF8 email name constraints.
RFC 9598 States:
Certificate Authorities that wish to issue CA certificates with email
address name constraints MUST use rfc822Name subject alternative names
only. These MUST be IDNA2008-conformant names with no mappings and with
non-ASCII domains encoded in A-labels only.
This appears to be to get around the confusion created if someone
attempts to encode a name constraint for an email address into the
UTF-8 version of the name
Were someone to attempt to support this, not only would you now have
to check two separate sets of name constraints for the same thing, but
would now have to decide what to do if they said different things.
So we just flag any such certficiate as invalid
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Thu May 7 16:09:44 2026
(Merged from https://github.com/openssl/openssl/pull/30329)
Bob Beck [Thu, 30 Apr 2026 16:34:28 +0000 (10:34 -0600)]
Don't rely on cmp of uninitialized values in obj_dat.pl
Since we use this for a sort, in theory this could become
inconsistent if we were to do a make update, re-generate
the output, and check it in from a different development
platform that returns different inconsistencies in how
cmp behaves on uninitialized values.
Rather than ponder this, just make this consistent
by ensuring undefined values have 0 length, and remove
the disabling of the warnings in obj_cmp
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Thu May 7 15:41:12 2026
(Merged from https://github.com/openssl/openssl/pull/31046)
Tomas Mraz [Tue, 5 May 2026 15:01:42 +0000 (17:01 +0200)]
The tag value must fit into int
We cannot allow an unbounded tag value as this is an O(n^2) algorithm
and the tag cannot be larger than INT_MAX anyway.
Fixes 35852da1d9e24cb74034b2f418cef3a58203b127
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.foundation> Reviewed-by: Simo Sorce <simo@redhat.com>
MergeDate: Thu May 7 12:12:25 2026
(Merged from https://github.com/openssl/openssl/pull/31091)
Jakub Zelenka [Mon, 4 May 2026 09:50:48 +0000 (11:50 +0200)]
Add coverage files clean up make targets
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Thu May 7 07:09:02 2026
(Merged from https://github.com/openssl/openssl/pull/31071)
Igor Ustinov [Tue, 14 Apr 2026 14:55:02 +0000 (16:55 +0200)]
Moved the EVP_EC_gen macro to evp.h
Also fixed the potential NULL pointer dereference in this macro.
Reviewed-by: Matt Caswell <matt@openssl.foundation> Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
MergeDate: Wed May 6 16:47:58 2026
(Merged from https://github.com/openssl/openssl/pull/30597)
Igor Ustinov [Tue, 14 Apr 2026 14:46:51 +0000 (16:46 +0200)]
Added the EVP_EC_affine2oct() helper function
This function converts affine coordinates of an EC point
to an octet string conforming to Sec. 2.3.4
of the SECG SEC 1 ("Elliptic Curve Cryptography") standard.
Reviewed-by: Matt Caswell <matt@openssl.foundation> Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
MergeDate: Wed May 6 16:47:57 2026
(Merged from https://github.com/openssl/openssl/pull/30597)
Igor Ustinov [Tue, 14 Apr 2026 14:39:38 +0000 (16:39 +0200)]
The EVP_PKEY_Q_keygen function now explicitly handles NULL curve name
It errors out with ERR_R_PASSED_NULL_PARAMETER in such case.
Reviewed-by: Matt Caswell <matt@openssl.foundation> Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
MergeDate: Wed May 6 16:47:55 2026
(Merged from https://github.com/openssl/openssl/pull/30597)
Bob Beck [Wed, 22 Apr 2026 18:37:29 +0000 (12:37 -0600)]
Allow 0 length comparisons in OBJ_CMP to return 0 without UB memcmp
X509_verify is documented to return -1 if the algorithm is invalid
or can't be compared for any reason.
Sadly this implies that it is legitimate to pass it an incorrect X509
object and it should see this. If we hand it a new X509 object with
nothing filled in, it will memcmp(NULL...) at the end of a stack of
FOO_cmp abstractions, which is UB.
Fix this by permitting the 0 length case to return equal without
a memcmp, as suggested by slontis@ and botovq@
Fixes: https://github.com/openssl/openssl/issues/30922 Reviewed-by: Tomas Mraz <tomas@openssl.foundation> Reviewed-by: Matt Caswell <matt@openssl.foundation> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Wed May 6 14:55:20 2026
(Merged from https://github.com/openssl/openssl/pull/30943)
kovan [Thu, 29 Jan 2026 14:28:59 +0000 (15:28 +0100)]
doc: add documentation for BIO_nread0, BIO_nread, BIO_nwrite0, BIO_nwrite
Document the non-copying interface functions for BIO pairs that allow
direct access to the internal buffer:
- BIO_nread0/BIO_nread for zero-copy reading
- BIO_nwrite0/BIO_nwrite for zero-copy writing
Also add return value documentation for these functions and remove
the placeholder "[XXXXX: More return values need to be added here]".
Fixes #16366
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
MergeDate: Wed May 6 14:51:27 2026
(Merged from https://github.com/openssl/openssl/pull/29849)
Fix missing pointers in SSL_CTX_set_session_cache_mode synopsis
SSL_CTX_set_session_cache_mode and SSL_CTX_get_session_cache_mode
were documented with SSL_CTX ctx instead of SSL_CTX *ctx in their
synopsis.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.foundation> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
MergeDate: Wed May 6 11:53:35 2026
(Merged from https://github.com/openssl/openssl/pull/30965)
Neil Horman [Fri, 1 May 2026 12:23:27 +0000 (08:23 -0400)]
Limit job count on compiler zoo builds
The security repo keeps failing our compiler zoo jobs, consistently. It
appears to be happening because our compiler zoo jobs use make -j
without any limit on the number of jobs, leading to github aborting them
all when the workload gets too high. I suspect that we're using a
smaller runner in the security repo than we are in our public repo,
which is why we don't see it there.
Our other CI jobs all limit the job count to 4 during make, do the same
here.
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
MergeDate: Mon May 4 09:33:34 2026
(Merged from https://github.com/openssl/openssl/pull/31059)
kovan [Mon, 2 Feb 2026 11:32:04 +0000 (12:32 +0100)]
doc: Add documentation for X509_STORE_CTX_set_time
Document the X509_STORE_CTX_set_time() function which sets the
verification time for certificate chain validation. This is a
convenience wrapper around X509_VERIFY_PARAM_set_time().
Remove X509_STORE_CTX_set_time from missingcrypto.txt and
missingcrypto111.txt.
Fixes #21362
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
MergeDate: Sun May 3 15:38:26 2026
(Merged from https://github.com/openssl/openssl/pull/29899)
The Host Header comes with HTTP/1.1, not 1.0, and some
Web Server now doesn't want to answer to such requests.
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.foundation> Reviewed-by: Matt Caswell <matt@openssl.foundation>
MergeDate: Sun May 3 15:21:35 2026
(Merged from https://github.com/openssl/openssl/pull/30981)
Matt Caswell [Tue, 28 Apr 2026 08:56:20 +0000 (09:56 +0100)]
According to RFC8446 there must always be one identity in the list
We were silently accepting a list with zero identities. Technically this
is a syntax error so we should fail with a decode_error in this case.
Fixes #31006
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
MergeDate: Sun May 3 15:19:27 2026
(Merged from https://github.com/openssl/openssl/pull/31010)
Nikola Pajkovsky [Wed, 29 Apr 2026 18:15:32 +0000 (20:15 +0200)]
sparse_array: avoid ubsan violation in typed doall
clang-22 with enable-asan and enable-ubsan enabled fails with error
crypto/sparse_array.c:93:21: runtime error: call to function alg_copy
through pointer to incorrect function type 'void (*)(unsigned long, void *, void *)'
ossl_sa_##type##_doall(const SPARSE_ARRAY_OF(type) * sa,
void (*leaf)(ossl_uintmax_t, type *))
{
ossl_sa_doall((OPENSSL_SA *)sa,
(void (*)(ossl_uintmax_t, void *))leaf);
}
typed doall(_arg) expect leaf to have type, but generic code is using
void *, and the type-casting cases the error.
Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
MergeDate: Sun May 3 15:17:58 2026
(Merged from https://github.com/openssl/openssl/pull/31035)
Fix the inverted cleanse guard in the SLH DSA provider signing path.
When randomized signing populates the local add_rand buffer, the cleanup step currently skips that stack buffer. Other signing modes do not create this transient buffer, so they should not drive this cleanup. Swap the guard so only the transient per signature buffer is cleansed, and cleanse the full fixed size buffer directly.
Fixes #30950
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Sun May 3 14:49:20 2026
(Merged from https://github.com/openssl/openssl/pull/31029)
TPM 1.2 Endorsement Key certificates use id-RSAES-OAEP
(NID_rsaesOaep) as their SubjectPublicKeyInfo algorithm
identifier per TCG Credential Profiles V1.2 section 3.2.7.
The underlying key is a standard RSAPublicKey. Without
this mapping, X509_get_pubkey() fails with a decode error
and X509_verify_cert() cannot validate these certificates.
Add NID_rsaesOaep handling to the three SPKI decode paths,
each of which points at the other two so future changes stay
in sync:
- x509_pubkey_decode(): remap the NID to NID_rsaEncryption
for the legacy ameth lookup. This path is reached via
d2i_RSA_PUBKEY()/ossl_d2i_PUBKEY_legacy(), which is in
turn invoked by the provider RSA decoder's rsa_d2i_PUBKEY,
so it is load-bearing even when the provider path is in
use.
- x509_pubkey_ex_d2i_ex(): use "RSA" as the decoder keytype
name so OSSL_DECODER_CTX_new_for_pkey() selects the RSA
provider decoder. The NID check precedes OBJ_obj2txt()
so the text conversion is skipped when unused.
- ossl_spki2typespki_der_decode(): same remap in the
SPKI-to-type-SPKI provider decoder chain. Flatten the
existing SM2 special case while here: the original code
relied on a dangling else across the #endif, which made
the rsaesOaep branch awkward to add. The new structure
initializes dataname to empty, applies each special case
in turn, and falls back to OBJ_obj2txt() only when no
override applied. strcpy() is replaced with
OPENSSL_strlcpy() for consistency with surrounding code.
The OAEP AlgorithmIdentifier parameters (which carry a
TCG-specific pSourceAlgorithm "TCPA" for TPM EKs) are
deliberately not interpreted; only the RSAPublicKey body is
consumed.
Add a test using a real TPM 1.2 EK certificate. The test
exercises both the provider decoder path (via X509_from_strings
+ X509_get0_pubkey) and, when deprecated APIs are available,
the legacy path (via d2i_RSA_PUBKEY), confirming the key
decodes to an RSA EVP_PKEY of the expected size.
Reviewed-by: Tomas Mraz <tomas@openssl.foundation> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
MergeDate: Sun May 3 14:44:24 2026
(Merged from https://github.com/openssl/openssl/pull/30961)
Matt Caswell [Fri, 1 May 2026 11:29:44 +0000 (12:29 +0100)]
Validate that a PSK identity is at least one byte long
RFC8446 requires that a PSK identity is at least one byte in length. We
should validate this.
Fixes #31007
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
MergeDate: Sun May 3 13:46:21 2026
(Merged from https://github.com/openssl/openssl/pull/31058)
Joshua Rogers [Tue, 31 Mar 2026 16:17:34 +0000 (00:17 +0800)]
docs: Document required output buffer length in EVP_CIPHER-DES
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
MergeDate: Sun May 3 13:41:54 2026
(Merged from https://github.com/openssl/openssl/pull/30651)
ssl/record/methods/tls_common.c: call BIO_free_all() on rl->bio in tls_int_free
Since it is free'd using this call in tls_set1_bio().
Complements: 435feadaf4f9 "Fix record layer leak when swapping chained transport BIO" Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.foundation> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
MergeDate: Sat May 2 18:10:42 2026
(Merged from https://github.com/openssl/openssl/pull/31011)
Avoid needless casting away of const in X509_VERIFY_PARAM_get1_ip_asc
Instead of needlessly casting const away, simply update the prototype
of ossl_ipaddr_to_asc(), that doesn't modify the passed data in any way
anyway.
Fixes: f584ae959cbc "Let's support multiple names for certificate verification" Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.foundation> Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
MergeDate: Sat May 2 18:07:19 2026
(Merged from https://github.com/openssl/openssl/pull/31051)
Bob Beck [Thu, 30 Apr 2026 19:41:32 +0000 (13:41 -0600)]
Guard memcmp for ub in X509_vpm.c
Techincally unnecessary, since this thing won't let you add NULL
data to it, but this is harmless and then obviously following
the correct paradigm.
Reviewed-by: Matt Caswell <matt@openssl.foundation> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
MergeDate: Sat May 2 18:05:04 2026
(Merged from https://github.com/openssl/openssl/pull/31049)
Jakub Zelenka [Wed, 29 Apr 2026 17:26:47 +0000 (19:26 +0200)]
Fix memory leak in asn_mime multi_split
The bpart is not freed if BIO_write or BIO_puts fails. It also makes the
error handling of that case consistent with other parts freeing the
bpart.
Reviewed-by: Tomas Mraz <tomas@openssl.foundation> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Fri May 1 13:06:32 2026
(Merged from https://github.com/openssl/openssl/pull/31033)
Jakub Zelenka [Tue, 28 Apr 2026 20:43:45 +0000 (22:43 +0200)]
Check wrlmethod existence before sending alert
If there is a memory failure during record wrlmethod allocation, then
the alert is attemted but it crashes because wrlmethod is NULL.
Found using memfail integration to fuzz tests: GH-30944
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.foundation> Reviewed-by: Matt Caswell <matt@openssl.foundation>
MergeDate: Fri May 1 12:09:11 2026
(Merged from https://github.com/openssl/openssl/pull/31017)
Bob Beck [Sat, 25 Apr 2026 02:19:41 +0000 (20:19 -0600)]
Touch the perl miasma in self defense.
The symbol presence test fails for NO_DEPRECATED
builds if you use modern CPP practices for definitions.
This is the result of my accepting that doing so will be as PTSD
inducing as walking into my parents bedroom at an inopportune
time, and fixing it. Better me who has less time left to live
with the mental trauma than a younger developer.
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Norbert Pocs <norbertp@openssl.org>
MergeDate: Fri May 1 11:01:46 2026
(Merged from https://github.com/openssl/openssl/pull/31016)
Milan Broz [Wed, 22 Apr 2026 14:05:35 +0000 (16:05 +0200)]
Fix ignoring return value in RCU witn MINGW 32bit
For code that uses NO_INTERLOCKEDOR64 (Win32 32bit),
there is a warning in RCU code
error: ignoring return value of 'CRYPTO_THREAD_write_lock'
declared with attribute 'warn_unused_result' [-Werror=unused-result]
As the function cannot fail on that platform (and error
path would need some reverts leading to impossible dereference later),
just use trick to silence the warning.
Milan Broz [Wed, 22 Apr 2026 13:39:29 +0000 (15:39 +0200)]
Fix DSO symbol test with MINGW64 and pedantic warnings
GetProcAddress() cannot be simple cast to void* (SD_SYM)
under strict warnigs, as it produces this
error: ISO C forbids conversion of function pointer to
object pointer type [-Werror=pedantic]
Milan Broz [Wed, 22 Apr 2026 13:03:47 +0000 (15:03 +0200)]
Fix warning for incompatible function cast
With pedantic option (strict warnings) and MINGW64,
the GetProcAddress() cannot be simply casted, as it leads to
error: cast between incompatible function types from 'FARPROC' ...
Introduce local macro that will wrap all such calls
and silence benign warnings.
projects / thirdparty / openssl.git / log
