Neil Horman [Thu, 15 Jan 2026 18:27:34 +0000 (13:27 -0500)]
Exclude some tests from valgrind
Some tests (liek the mem_alloc and abort tests do things with malloc
intentionally as sanity checks that valgrind complains about, and so we
just shouldn't run those tests under valgrind at all
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Norbert Pocs <norbertp@openssl.org>
MergeDate: Thu Jan 29 16:37:30 2026
(Merged from https://github.com/openssl/openssl/pull/29573)
rainerjung [Wed, 28 Jan 2026 11:00:35 +0000 (12:00 +0100)]
Fix coding style check by adding clang format exclusions
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Thu Jan 29 14:22:55 2026
(Merged from https://github.com/openssl/openssl/pull/29817)
rainerjung [Wed, 28 Jan 2026 10:15:53 +0000 (11:15 +0100)]
Sparc asm: remove whitespace that breaks asm syntax in generated files
This fixes #29808.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Thu Jan 29 14:22:50 2026
(Merged from https://github.com/openssl/openssl/pull/29817)
Ingo Franzki [Fri, 23 Jan 2026 07:43:54 +0000 (08:43 +0100)]
s390x: EC: use OpenSSL's RNG for ECDSA nonce 'k' for FIPS module
The KDSA instruction can operate in 2 different modes:
- Deterministic mode - nonce 'k' is supplied by user.
- Non-deterministic mode - nonce 'k' is randomly generated by the instruction
itself.
When running in the FIPS-Module, do not use KDSA's non-deterministic mode,
but generate the nonce 'k' using OpenSSL's random number generator. This
ensures that the nonce is generated using a FIPS-approved random number
generator.
It also makes the FIPS KAT tests work, because those use a pre-setup
deterministic random number generator to produce deterministic ECDSA
signatures even for non-deterministic mode.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29754)
kovan [Tue, 27 Jan 2026 05:02:00 +0000 (06:02 +0100)]
doc: Add const to SSL_CTX_set1_groups/curves documentation
The set1_groups and set1_curves functions do not modify their input
arrays, so the documentation should reflect const-correct signatures.
Fixes #27422
CLA: trivial
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29762)
Document that the returned pointer is internal, reference count is not
incremented, and should not be freed. Mention SSL_CTX_up_ref() for
callers who need to retain the SSL_CTX.
Fixes #28298
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29767)
kovan [Tue, 27 Jan 2026 05:01:51 +0000 (06:01 +0100)]
doc: add missing DH_check_pub_key documentation and fix typo
Add DH_check_pub_key to NAME and SYNOPSIS sections. Fix typo where
DH_check_params() was incorrectly written instead of DH_check_params_ex()
in the description of the _ex functions.
Also remove DH_check_pub_key from util/missingcrypto.txt since it is
now documented.
Fixes #8473
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29768)
test/evp_test.c: avoid resource leak in digest_test_run()
The function can return on ctrl2params() returning 0 without freeing
the allocated memory associated with the got pointer. Fix it by jumping
to the err label that performs the cleanup instead of returning
immediately.
Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1680647 Fixes: 9c738431411e "Add support for CSHAKE." Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Wed Jan 28 12:57:04 2026
(Merged from https://github.com/openssl/openssl/pull/29757)
Neil Horman [Mon, 26 Jan 2026 16:41:23 +0000 (11:41 -0500)]
Update doc/man3/OPENSSL_init_crypto.pod
Co-authored-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Tue Jan 27 20:43:01 2026
(Merged from https://github.com/openssl/openssl/pull/29648)
Neil Horman [Thu, 15 Jan 2026 16:36:02 +0000 (11:36 -0500)]
Fix documentation for OPENSSL_cleanup in pod files
Fixes openssl/project#1826
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Tue Jan 27 20:42:58 2026
(Merged from https://github.com/openssl/openssl/pull/29648)
When ctx->stream (e.g., AES‑NI or ARMv8 CE) is available, the fast path
encrypts/decrypts full blocks but does not advance in/out pointers. The
tail-handling code then operates on the base pointers, effectively reprocessing
the beginning of the buffer while leaving the actual trailing bytes
unencrypted (encryption) or using the wrong plaintext (decryption). The
authentication checksum excludes the true tail.
Neil Horman [Wed, 7 Jan 2026 16:52:09 +0000 (11:52 -0500)]
Fix heap buffer overflow in BIO_f_linebuffer
When a FIO_f_linebuffer is part of a bio chain, and the next BIO
preforms short writes, the remainder of the unwritten buffer is copied
unconditionally to the internal buffer ctx->obuf, which may not be
sufficiently sized to handle the remaining data, resulting in a buffer
overflow.
Fix it by only copying data when ctx->obuf has space, flushing to the
next BIO to increase available storage if needed.
Fixes openssl/srt#48
Fixes CVE-2025-68160
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Mon Jan 26 19:41:40 2026
Daniel Kubec [Thu, 22 Jan 2026 13:54:10 +0000 (14:54 +0100)]
ASN1: Fix type handling in AKID serial number conversion
The Authority Key Identifier's serial number field is an ASN1 integer, so use
the appropriate i2s_ASN1_INTEGER function instead of i2s_ASN1_OCTET_STRING
for string conversion. This fixes handling of negative serial numbers
which were previously displayed incorrectly.
While negative serial numbers are not RFC-compliant, we want to process
existing CRLs and certificates that may contain them, as this does not cause
any security issues. Rejecting invalid serial numbers during
generation is out of scope for this change.
Fixes #27406
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Mon Jan 26 15:29:33 2026
(Merged from https://github.com/openssl/openssl/pull/29717)
Anton Moryakov [Thu, 22 Jan 2026 14:51:12 +0000 (17:51 +0300)]
crypto: x509: fix unreachable code in X509V3_get_section and X509V3_get_string
The functions X509V3_get_section() and X509V3_get_string() contain a
redundant null check after an identical check has already guaranteed
that the function pointer (ctx->db_meth->get_section / get_string) is
non-NULL. As a result, the final 'return NULL;' statement is unreachable.
This change removes the redundant condition and the dead code, improving
code clarity and eliminating warnings from static analyzers.
Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tim Hudson <tjh@openssl.org>
MergeDate: Mon Jan 26 15:28:01 2026
(Merged from https://github.com/openssl/openssl/pull/29692)
Daniel Kubec [Thu, 15 Jan 2026 14:18:31 +0000 (14:18 +0000)]
Added SSL_CTX_get0_alpn_protos() and SSL_get0_alpn_protos()
Fixes #4952
Co-authored-by: Pauli <ppzgs1@gmail.com> Co-authored-by: Tomáš Mráz <tm@t8m.info> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Mon Jan 26 15:26:21 2026
(Merged from https://github.com/openssl/openssl/pull/29646)
Unlike SHAKE this has default values set for the xof length.
CSHAKE uses either SHAKE or KECCAK[c] depending on whether
custom strings are set or not. If either string is set, it encodes
the strings and uses KECCAK[c], otherwise it behaves the same as
SHAKE (without the default xof length problem).
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Norbert Pocs <norbertp@openssl.org>
MergeDate: Fri Jan 23 14:07:53 2026
(Merged from https://github.com/openssl/openssl/pull/28432)
Milan Broz [Thu, 22 Jan 2026 11:07:42 +0000 (12:07 +0100)]
Remove disabled-optimization warning again
This warning does not play well in combination with sanitizers
and its value is dubious. Instead of complicated decisions
based on configuration flags just remove it from global list.
Fixes: #29673 Signed-off-by: Milan Broz <gmazyland@gmail.com> Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Fri Jan 23 14:00:29 2026
(Merged from https://github.com/openssl/openssl/pull/29714)
Tomas Mraz [Wed, 21 Jan 2026 17:50:07 +0000 (18:50 +0100)]
Correct alert when extended master secret support is dropped
When resuming session with the extended master secret support
dropped we should use SSL_AD_HANDSHAKE_FAILURE instead of
SSL_AD_ILLEGAL_PARAMETER according to the RFC7627 section 5.
Fixes #9791
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Fri Jan 23 10:33:12 2026
(Merged from https://github.com/openssl/openssl/pull/29706)
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
MergeDate: Fri Jan 23 10:27:16 2026
(Merged from https://github.com/openssl/openssl/pull/29704)
Neil Horman [Wed, 21 Jan 2026 15:12:15 +0000 (10:12 -0500)]
check-news-changes.yml: Fix the label check
The yaml for the check-news-changes CI job had an error in the step
conditional that prevented skipping the check if the
no_news_changes_needed flag was set. Fix that.
While we're add it, also add some debug code so that we can better see
what the checks are looking at during the CI job.
Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Thu Jan 22 17:19:07 2026
(Merged from https://github.com/openssl/openssl/pull/29705)
Igor Ustinov [Mon, 15 Dec 2025 14:13:42 +0000 (15:13 +0100)]
Fix of EOF and retry handling in BIO implementations
Added handling for negative length in read functions.
Fixes openssl/project#1739
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Thu Jan 22 17:12:37 2026
(Merged from https://github.com/openssl/openssl/pull/29401)
SiteRelEnby [Wed, 21 Jan 2026 02:57:52 +0000 (02:57 +0000)]
Fix NULL pointer dereference when zlib DSO fails to load
When ZLIB_SHARED is defined and DSO_load() fails to load the zlib
library, ossl_comp_zlib_init() incorrectly returns 1 (success) while
leaving all function pointers (p_compress, p_uncompress, etc.) as NULL.
This causes COMP_zlib() and COMP_zlib_oneshot() to return valid-looking
COMP_METHOD pointers, but when these methods are used (e.g., during
TLS 1.3 certificate decompression), the NULL function pointers are
dereferenced, causing a SIGSEGV crash.
The bug occurs because the NULL pointer check (lines 297-303) was inside
the `if (zlib_dso != NULL)` block, so it was skipped entirely when
DSO_load() returned NULL.
The fix moves the NULL pointer check outside the conditional block,
consistent with how c_brotli.c and c_zstd.c handle this case. Now if
the DSO fails to load, all function pointers remain NULL, the check
catches this, and the function correctly returns 0 (failure).
This also fixes an incorrect cast of p_uncompress from compress_ft to
the correct uncompress_ft type.
PoC demonstrating the bug: https://github.com/SiteRelEnby/openssl-zlib-poc
Fixes #23563
CLA: trivial
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Thu Jan 22 17:00:50 2026
(Merged from https://github.com/openssl/openssl/pull/29699)
JohnnySavages [Fri, 19 Dec 2025 03:43:41 +0000 (22:43 -0500)]
Remove unnecessary post-increment
Found by Linux Verification Center (linuxtesting.org) with SVACE.
CLA:trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
MergeDate: Thu Jan 22 10:10:51 2026
(Merged from https://github.com/openssl/openssl/pull/29456)
Milan Broz [Wed, 14 Jan 2026 12:31:39 +0000 (13:31 +0100)]
Add float-conversion to default strict warnings
As discussed, bad-function-cast and conversion produces strange results.
Add at least float-conversion - Warn for implicit conversions that reduce
the precision of a real value.
Also fix ct_test absolute value seconds calculation (without using math.h)
and then converts is to time_t.
(n.b. this is not stricly needed for the relaxed warnings, but it is more readable)
Fixes: https://github.com/openssl/project/issues/1816 Signed-off-by: Milan Broz <gmazyland@gmail.com> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
MergeDate: Thu Jan 22 09:58:07 2026
(Merged from https://github.com/openssl/openssl/pull/29663)
PowerPC support has been dropped in Mac OS X with the release of Mac OS
X Lion (10.7) in 2010, and the last supporting release, Snow Leopard
(10.6.x) is out of support since 2011.
Also remove Rhapsody (the Mac OS X precursor) targets.
Complements: https://github.com/openssl/openssl/pull/29653 Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
MergeDate: Thu Jan 22 09:55:26 2026
(Merged from https://github.com/openssl/openssl/pull/29672)
Neil Horman [Tue, 20 Jan 2026 17:14:04 +0000 (12:14 -0500)]
Do thunking of SHA256_Update
The SHA256_Update function (in fact all functions implemented via the
HASH_UPDATE macro) have mismatched prototypes with the
OSSL_FUNC_digest_update_fn.
This leads to ubsan errors with more recent versions of clang
Create a Thunk that does the proper casting on those function pointer
callbacks
Fixes #29615
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29650)
Upgrade prime ECDSA self tests from secp224r1 to prime256v1.
Upgrade binary ECDSA self tests from sect233r1 to sect283r1.
This is forward looking change to allow raising the lower bound in
ossl_ec_check_security_strength() /
OSSL_FIPS_MIN_SECURITY_STRENGTH_BITS in case legacy/deprecated
behaviour is not needed to be supported (for example builds with
support for primary curves only of P-256 or higher).
Did a test build to ensure that updating
OSSL_FIPS_MIN_SECURITY_STRENGTH_BITS to 128 passes fips
selftests. Note not currently recommended.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29674)
JohnnySavages [Fri, 19 Dec 2025 06:05:07 +0000 (01:05 -0500)]
Change evp_keymgmt_util_clear_operation_cache return type to void
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29458)
Zijie Zhao [Thu, 15 Jan 2026 21:04:49 +0000 (15:04 -0600)]
Fix `EVP_KEYMGMT` leak in `evp_pkey_signature_init()` error paths
Early returns when signature/key type are incompatible bypass cleanup
of `tmp_keymgmt` allocated via `evp_keymgmt_fetch_from_prov()`. Use goto
to ensure `EVP_KEYMGMT_free()` is called on all error paths.
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Tue Jan 20 19:01:17 2026
(Merged from https://github.com/openssl/openssl/pull/29651)
Milan Broz [Wed, 14 Jan 2026 12:48:40 +0000 (13:48 +0100)]
Fix type-limits and add this warning to default strict warnings
One mistake recently introduced in commit b6aed64e47b.
Fixes: https://github.com/openssl/project/issues/1815 Signed-off-by: Milan Broz <gmazyland@gmail.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Tue Jan 20 18:44:58 2026
(Merged from https://github.com/openssl/openssl/pull/29662)
Milan Broz [Wed, 14 Jan 2026 13:32:43 +0000 (14:32 +0100)]
Fix unterminated-string-initialization and add this warning to strict warnings
The -Wunterminated-string-initialization is a strange gcc warning,
as C99 allows non-nul string initialization.
Note, it is included in -Wextra, but does not exist in old gcc versions.
However, it can report other real bugs.
Fixes: https://github.com/openssl/project/issues/1814 Signed-off-by: Milan Broz <gmazyland@gmail.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Tue Jan 20 18:43:39 2026
(Merged from https://github.com/openssl/openssl/pull/29661)
Zijie Zhao [Thu, 15 Jan 2026 17:55:53 +0000 (11:55 -0600)]
Fix double-free in TLS1-PRF KDF when digest change fails
When changing the digest from MD5-SHA1 to a non-MD5-SHA1 digest,
`ctx->P_sha1` is freed but not set to NULL. If `ossl_prov_macctx_load()`
subsequently fails, `ctx->P_sha1` remains as a dangling pointer.
When the context is later freed via `kdf_tls1_prf_reset()`, this
causes a double-free.
Fix by setting `ctx->P_sha1` to NULL immediately after freeing it.
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Tue Jan 20 18:21:38 2026
(Merged from https://github.com/openssl/openssl/pull/29649)
Zero out memory after allocation to avoid usage of uninitialized memory
==1155903==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x5571e03fe712 in ASN1_get_object cmake-build-release-msan/./contrib/openssl/crypto/asn1/asn1_lib.c:62:11
#1 0x5571e0408981 in asn1_check_tlen cmake-build-release-msan/./contrib/openssl/crypto/asn1/tasn_dec.c:1164:13
#2 0x5571e04048c8 in asn1_item_embed_d2i cmake-build-release-msan/./contrib/openssl/crypto/asn1/tasn_dec.c:346:15
#3 0x5571e04043ba in asn1_item_ex_d2i_intern cmake-build-release-msan/./contrib/openssl/crypto/asn1/tasn_dec.c:118:10
#4 0x5571e04043ba in ASN1_item_d2i_ex cmake-build-release-msan/./contrib/openssl/crypto/asn1/tasn_dec.c:144:9
#5 0x5571e04043ba in ASN1_item_d2i cmake-build-release-msan/./contrib/openssl/crypto/asn1/tasn_dec.c:154:12
#6 0x5571e08460ad in ossl_epki2pki_der_decode cmake-build-release-msan/./contrib/openssl/providers/implementations/encode_decode/decode_epki2pki.c:161:13
#7 0x5571e084c5a3 in pem2der_decode cmake-build-release-msan/./contrib/openssl/providers/implementations/encode_decode/decode_pem2der.c:227:18
#8 0x5571e053827e in decoder_process cmake-build-release-msan/./contrib/openssl/crypto/encode_decode/decoder_lib.c:1101:14
#9 0x5571e0537016 in OSSL_DECODER_from_bio cmake-build-release-msan/./contrib/openssl/crypto/encode_decode/decoder_lib.c:82:10
#10 0x5571e067f5c4 in pem_read_bio_key_decoder cmake-build-release-msan/./contrib/openssl/crypto/pem/pem_pkey.c:60:13
#11 0x5571e067f5c4 in pem_read_bio_key cmake-build-release-msan/./contrib/openssl/crypto/pem/pem_pkey.c:241:11
#12 0x5571e06801d3 in PEM_read_bio_PrivateKey_ex cmake-build-release-msan/./contrib/openssl/crypto/pem/pem_pkey.c:304:12
#13 0x5571e0350beb in SSL_CTX_use_PrivateKey_file cmake-build-release-msan/./contrib/openssl/ssl/ssl_rsa.c:415:16
#14 0x5571dd4dfa6a in Poco::Net::Context::init(Poco::Net::Context::Params const&) cmake-build-release-msan/./base/poco/NetSSL_OpenSSL/src/Context.cpp:296:14
#15 0x5571dd4deb28 in Poco::Net::Context::Context(Poco::Net::Context::Usage, Poco::Net::Context::Params const&) cmake-build-release-msan/./base/poco/NetSSL_OpenSSL/src/Context.cpp:54:2
#16 0x5571dd4f5c2d in Poco::Net::SSLManager::initDefaultContext(bool) cmake-build-release-msan/./base/poco/NetSSL_OpenSSL/src/SSLManager.cpp:287:34
#17 0x5571dd4f220b in Poco::Net::SSLManager::defaultServerContext() cmake-build-release-msan/./base/poco/NetSSL_OpenSSL/src/SSLManager.cpp:125:3
#18 0x5571cf03e24e in DB::CertificateReloader::findOrInsert(ssl_ctx_st*, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>> const&) cmake-build-release-msan/./src/Server/CertificateReloader.cpp:134:57
#19 0x5571cf038968 in DB::CertificateReloader::tryLoadImpl(Poco::Util::AbstractConfiguration const&, ssl_ctx_st*, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>> const&) cmake-build-release-msan/./src/Server/CertificateReloader.cpp:202:19
#20 0x5571cf0377be in DB::CertificateReloader::tryLoad(Poco::Util::AbstractConfiguration const&, ssl_ctx_st*, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>> const&) cmake-build-release-msan/./src/Server/CertificateReloader.cpp:117:5
#21 0x5571cf0377be in DB::CertificateReloader::tryLoad(Poco::Util::AbstractConfiguration const&) cmake-build-release-msan/./src/Server/CertificateReloader.cpp:104:5
#22 0x5571a6dd25b6 in DB::Server::main(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>>> const&) cmake-build-release-msan/./programs/server/Server.cpp:2548:37
#23 0x5571dd55924b in Poco::Util::Application::run() cmake-build-release-msan/./base/poco/Util/src/Application.cpp:315:8
#24 0x5571a6d7be66 in DB::Server::run() cmake-build-release-msan/./programs/server/Server.cpp:660:25
#25 0x5571dd5a373a in Poco::Util::ServerApplication::run(int, char**) cmake-build-release-msan/./base/poco/Util/src/ServerApplication.cpp:131:9
#26 0x5571a6d73b43 in mainEntryClickHouseServer(int, char**) cmake-build-release-msan/./programs/server/Server.cpp:447:20
#27 0x55718152671d in main cmake-build-release-msan/./programs/main.cpp:380:21
#28 0x7feb2b627634 in __libc_start_call_main /usr/src/debug/glibc/glibc/csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#29 0x7feb2b6276e8 in __libc_start_main /usr/src/debug/glibc/glibc/csu/../csu/libc-start.c:360:3
#30 0x55718148ce6d in _start (/home/thevar1able/nvmemount/clickhouse/cmake-build-release-msan/programs/clickhouse+0xa889e6d) (BuildId: 0ab37401c8c27a02d94eb81b9cc50d79736b4266)
Uninitialized value was created by a heap allocation
#0 0x55718151d58d in malloc (/home/thevar1able/nvmemount/clickhouse/cmake-build-release-msan/programs/clickhouse+0xa91a58d) (BuildId: 0ab37401c8c27a02d94eb81b9cc50d79736b4266)
#1 0x5571e0634a19 in CRYPTO_malloc cmake-build-release-msan/./contrib/openssl/crypto/mem.c:211:11
#2 0x5571e06840ef in PKCS12_pbe_crypt_ex cmake-build-release-msan/./contrib/openssl/crypto/pkcs12/p12_decr.c:78:16
#3 0x5571e0845f0a in ossl_epki2pki_der_decode cmake-build-release-msan/./contrib/openssl/providers/implementations/encode_decode/decode_epki2pki.c:143:18
#4 0x5571e084c5a3 in pem2der_decode cmake-build-release-msan/./contrib/openssl/providers/implementations/encode_decode/decode_pem2der.c:227:18
#5 0x5571e053827e in decoder_process cmake-build-release-msan/./contrib/openssl/crypto/encode_decode/decoder_lib.c:1101:14
#6 0x5571e0537016 in OSSL_DECODER_from_bio cmake-build-release-msan/./contrib/openssl/crypto/encode_decode/decoder_lib.c:82:10
#7 0x5571e067f5c4 in pem_read_bio_key_decoder cmake-build-release-msan/./contrib/openssl/crypto/pem/pem_pkey.c:60:13
#8 0x5571e067f5c4 in pem_read_bio_key cmake-build-release-msan/./contrib/openssl/crypto/pem/pem_pkey.c:241:11
#9 0x5571e06801d3 in PEM_read_bio_PrivateKey_ex cmake-build-release-msan/./contrib/openssl/crypto/pem/pem_pkey.c:304:12
#10 0x5571e0350beb in SSL_CTX_use_PrivateKey_file cmake-build-release-msan/./contrib/openssl/ssl/ssl_rsa.c:415:16
#11 0x5571dd4dfa6a in Poco::Net::Context::init(Poco::Net::Context::Params const&) cmake-build-release-msan/./base/poco/NetSSL_OpenSSL/src/Context.cpp:296:14
#12 0x5571dd4deb28 in Poco::Net::Context::Context(Poco::Net::Context::Usage, Poco::Net::Context::Params const&) cmake-build-release-msan/./base/poco/NetSSL_OpenSSL/src/Context.cpp:54:2
#13 0x5571dd4f5c2d in Poco::Net::SSLManager::initDefaultContext(bool) cmake-build-release-msan/./base/poco/NetSSL_OpenSSL/src/SSLManager.cpp:287:34
#14 0x5571dd4f220b in Poco::Net::SSLManager::defaultServerContext() cmake-build-release-msan/./base/poco/NetSSL_OpenSSL/src/SSLManager.cpp:125:3
#15 0x5571cf03e24e in DB::CertificateReloader::findOrInsert(ssl_ctx_st*, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>> const&) cmake-build-release-msan/./src/Server/CertificateReloader.cpp:134:57
#16 0x5571cf038968 in DB::CertificateReloader::tryLoadImpl(Poco::Util::AbstractConfiguration const&, ssl_ctx_st*, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>> const&) cmake-build-release-msan/./src/Server/CertificateReloader.cpp:202:19
#17 0x5571cf0377be in DB::CertificateReloader::tryLoad(Poco::Util::AbstractConfiguration const&, ssl_ctx_st*, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>> const&) cmake-build-release-msan/./src/Server/CertificateReloader.cpp:117:5
#18 0x5571cf0377be in DB::CertificateReloader::tryLoad(Poco::Util::AbstractConfiguration const&) cmake-build-release-msan/./src/Server/CertificateReloader.cpp:104:5
#19 0x5571a6dd25b6 in DB::Server::main(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>>> const&) cmake-build-release-msan/./programs/server/Server.cpp:2548:37
#20 0x5571dd55924b in Poco::Util::Application::run() cmake-build-release-msan/./base/poco/Util/src/Application.cpp:315:8
#21 0x5571a6d7be66 in DB::Server::run() cmake-build-release-msan/./programs/server/Server.cpp:660:25
CLA: trivial
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
MergeDate: Tue Jan 20 18:19:16 2026
(Merged from https://github.com/openssl/openssl/pull/29647)
Fix openssl-cms man page references to -EncryptedData_encrypt option
CLA: trivial
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Tue Jan 20 18:06:27 2026
(Merged from https://github.com/openssl/openssl/pull/27996)
Bob Beck [Mon, 22 Dec 2025 18:32:08 +0000 (11:32 -0700)]
Constify the X509_STORE_CTX argument to the lookup_certs functions.
The justification for this not being const was because of
lookup_certs_sk(). The reasons this function could not have a
const store, is that it set the ctx's error code
when we could not allocate memory and returned NULL.
However, the other lookup_certs function, X509_STORE_CTX_get1_certs,
already does not set this error code when failing to allocate
memory on a return.
Given that you can't depend on the out of memory error code being
set in the general case, and the Beyonce rule appears to indicate
that nobody likes this behaviour (as nobody put a test on it) I
think it's safe to say we should just not modify the ctx, and
constify it.
For #28654
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Mon Jan 19 12:03:05 2026
(Merged from https://github.com/openssl/openssl/pull/29488)
Ryan Keane [Sat, 20 Dec 2025 10:30:00 +0000 (02:30 -0800)]
fix: Fix uninstall_dev failing to remove empty dir
Fix this error:
```
rmdir "$PREFIX/lib64/cmake/OpenSSL"
rmdir "$PREFIX/lib64"
rmdir: failed to remove '$PREFIX/lib64': Directory not empty
```
Because `rmdir $PREFIX/lib64/cmake` is missing
CLA: trivial Signed-off-by: Ryan Keane <the.ra2.ifv@gmail.com> Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
MergeDate: Mon Jan 19 11:58:05 2026
(Merged from https://github.com/openssl/openssl/pull/29472)
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Mon Jan 19 11:55:58 2026
(Merged from https://github.com/openssl/openssl/pull/29297)
Joshua Rogers [Sat, 10 Jan 2026 08:55:15 +0000 (19:55 +1100)]
Clear addr_iter on reset in bss_conn
Signed-off-by: Joshua Rogers <MegaManSec@users.noreply.github.com> Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28915)
Joshua Rogers [Sat, 11 Oct 2025 21:47:16 +0000 (05:47 +0800)]
Clear addr_iter on reset in bss_acpt
Signed-off-by: Joshua Rogers <MegaManSec@users.noreply.github.com> Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28915)
Nikola Pajkovsky [Mon, 19 Jan 2026 08:42:45 +0000 (09:42 +0100)]
update fuzz/corpora submodule
Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/29670)
util/ and .ctags.d/: remove remaining references to deleted util/check-format.pl
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29655)
slontis [Thu, 8 Jan 2026 04:22:44 +0000 (15:22 +1100)]
KDF: Add configuration options to disable many of the KDF algorithms.
This includes KDF's for ss,x963,hmac-drbg,KB,KRB5,PVK,SNMP,SSH and X942.
SSKDF/X963KDF Changes: Modify code to handle algorithms being disabled via configuration options.
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29576)
slontis [Wed, 14 Jan 2026 06:31:41 +0000 (17:31 +1100)]
Make OpenSSL generated error files use the current clang-format.
Anytime a new error code is added it generates error related files.
These are generated using a perl script which used readable indenting.
The indenting has been removed.
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29631)
rand_lib: do not silently ignore custom seed source failures
If a custom seed source is specified in the config file, it can be
silently ignored. For example if it is missing, fails to be created,
or fails to initialize it can be silently ignored and fallback to os
entropy instead.
To reproduce this, perform default configuration of openssl without
jitter entropy source, and then specify jitter entropy
source. Currently entropy will fall back to getrandom, instead of
erroring out.
This is not unique to jitter entropy source, there are a few other
entropy source providers out there on the market, and in all cases if
one is configuring OpenSSL to use a given seed source by name, it
should be honored.
Currently this will output a fresh rsa key, with this change however
it will now result in an error:
```
./Configure
make
./util/wrap.pl -jitter ./apps/openssl genrsa
Warning: generating random key material may take a long time
if the system has a poor entropy source
genrsa: Error generating RSA key 80ABAB8F9F7F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:375:Global default library context, Algorithm (JITTER : 0), Properties (<null>) 80ABAB8F9F7F0000:error:12000090:random number generator:rand_new_seed:unable to fetch drbg:crypto/rand/rand_lib.c:613: 80ABAB8F9F7F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:375:Global default library context, Algorithm (JITTER : 0), Properties (<null>) 80ABAB8F9F7F0000:error:12000090:random number generator:rand_new_seed:unable to fetch drbg:crypto/rand/rand_lib.c:613:
```
IMHO, if a user is configuring a custom seed source, it should be
honored without silently eating errors.
Note this partially reverts 1d180bbe8e2103f35328cf82fbde7fd23602735a
"rand: allow seed-src to be missing", which as far as I understand was
done to ensure that fallback seedsource is allowed to be missing. This
new implementation preserves this behaviour by ensuring error is not
raised if SEED-SRC (which since the above commit was changed to a
macro define OPENSSL_DEFAULT_SEED_SRC) is used as a fallback, and it
fails to be fetched. Previously all errors were popped unconditionaly,
thus same behaviour is preserved if SEED-SRC is completely missing and
it wasn't configured in the config file. cc @paulidale, also see: -
https://github.com/openssl/openssl/pull/13640
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29316)
Neil Horman [Wed, 14 Jan 2026 13:15:36 +0000 (08:15 -0500)]
Fix make check-format target
With our move to clang-format we no longer have a check-format script,
and so this make target is broken.
Fix it up to use clang-format-diff instead
Fixes #29594
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Fri Jan 16 14:37:09 2026
(Merged from https://github.com/openssl/openssl/pull/29634)
Igor Ustinov [Wed, 14 Jan 2026 13:44:00 +0000 (14:44 +0100)]
SSL_CTX_is_server() was added.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Fri Jan 16 13:19:25 2026
(Merged from https://github.com/openssl/openssl/pull/29635)
Pauli [Tue, 13 Jan 2026 21:14:38 +0000 (08:14 +1100)]
test: fix tests in lightof test_strn2_ removals
Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/29627)
Pauli [Tue, 13 Jan 2026 21:14:19 +0000 (08:14 +1100)]
test: fix endecode_test in light of test_strn2 removal
Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/29627)
Pauli [Tue, 13 Jan 2026 21:13:52 +0000 (08:13 +1100)]
test: get rid of the TEST_strn2_ functions
Their semantics are poorly defined and they are rarely used. The _ne
version being completely unused & tricky to define properly.
Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/29627)
Viktor Dukhovni [Sat, 3 Jan 2026 06:36:40 +0000 (17:36 +1100)]
Expose and report EC curve field degrees
Expose the EC field degree as a gettable parameter for both provided
and legacy EC keys. In the latter case, drop a spurious assertion,
since even in debug builds an application may try to get an unknown
parameter, and this should return an error rather than abort.
In the EC `TEXT` encoding format, instead of reporting the bit count of
the group order, report the field degree (which matches the size number
in the curve's name when present) and also the symmetric-equivalent
security-bits (adjusted down the the standard numbers (80, 112, 128,
192, 256).
Along the way, add a missing getter method for the EC_GROUP security
bits.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
MergeDate: Thu Jan 15 16:10:26 2026
(Merged from https://github.com/openssl/openssl/pull/29539)
Simultaneous derivation of several EVP_SKEY objects
A proposed design for using EVP_SKEY objects in the TLS stack
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Simo Sorce <simo@redhat.com>
(Merged from https://github.com/openssl/openssl/pull/29160)
BIO_FLAGS_BASE64_NO_NL ignored by b64_write() in OpenSSL 4.0.0
Fixes #29618
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29629)
Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29590)
slontis [Wed, 26 Nov 2025 06:42:43 +0000 (17:42 +1100)]
ML-DSA: Add a digest that can calculate external mu.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29223)
projects / thirdparty / openssl.git / log
