Neil Horman [Fri, 2 Jan 2026 17:29:34 +0000 (12:29 -0500)]
Create a simple check for suggesting NEWS/CHANGES additions
During a release cycle we always wind up going through our git history
to try make sure we caught all the stuff that needed a CHANGES/NEWS
entry. Lets try make that at least a little more automated here. PR's
that reference CVEs, come from feature branches or impact public apis
generally need a NEWS/CHANGES entry, so lets flag those during CI. It
should serve as a reminder to add entries to NEWS/CHANGES to prs meeting
the above criteria, and can be ignored via the application of the
no_news_changes_needed label to the PR.
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Norbert Pocs <norbertp@openssl.org>
MergeDate: Tue Jan 13 19:17:37 2026
(Merged from https://github.com/openssl/openssl/pull/29536)
Bob Beck [Wed, 7 Jan 2026 18:29:48 +0000 (11:29 -0700)]
Ensure ASN1 types are checked before use.
Some of these were fixed by LibreSSL in commit https://github.com/openbsd/src/commit/aa1f637d454961d22117b4353f98253e984b3ba8
this fix includes the other fixes in that commit, as well as fixes for others found by a scan
for a similar unvalidated access paradigm in the tree.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29582)
ml_dsa_kmgmt: check params against len and not pointers in ml_dsa_key_fromdata
The rest of the function conditions the presence/usage of pk/seed/sk
on the non-zeroness of pk_len/seed_len/sk_len, respectively, so perform
the *_len checks in a similar fashion; that makes it in line
with the similarly written ml_kem_key_fromdata() and stops giving Coverity
ideas that the pointers can be NULL when the respective len variables
are non-zero.
Fixes: 5421423ef95c "Flexible encoders for ML-DSA"
Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1680314 Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29596)
Joshua Rogers [Sun, 12 Oct 2025 13:35:47 +0000 (21:35 +0800)]
quic: remove dead VERSION_NEG handling in ch_rx_handle_packet
VERSION_NEG packets are handled and returned from earlier in the function.
The later switch case and its helper are unreachable and contradictory.
Remove them to avoid confusion and future behavior drift.
Signed-off-by: Joshua Rogers <MegaManSec@users.noreply.github.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Mon Jan 12 18:54:09 2026
(Merged from https://github.com/openssl/openssl/pull/28920)
Joshua Rogers [Sun, 12 Oct 2025 13:30:50 +0000 (21:30 +0800)]
quic: remove redundant free of inner TLS in accept_connection
SSL_free(conn_ssl) for a QCSO enters ossl_quic_free, which calls qc_cleanup.
qc_cleanup already frees qc->tls via SSL_free(qc->tls) and then frees qc->ch.
The additional SSL_free(ossl_quic_channel_get0_tls(new_ch)) releases the same
TLS a second time, which is redundant.
We also replace some of the pure condition checks with ossl_assert() checks
as these conditions cannot really fail.
Signed-off-by: Joshua Rogers <MegaManSec@users.noreply.github.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Mon Jan 12 18:54:07 2026
(Merged from https://github.com/openssl/openssl/pull/28920)
Joshua Rogers [Sun, 12 Oct 2025 13:28:08 +0000 (21:28 +0800)]
quic: free popped incoming channel on early exit in accept_connection
If we pop a channel but fail to extract or adopt its SSL pointer,
we return without releasing the channel. Add a small cleanup at
the function epilogue to free new_ch when conn_ssl is NULL.
Signed-off-by: Joshua Rogers <MegaManSec@users.noreply.github.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Mon Jan 12 18:54:05 2026
(Merged from https://github.com/openssl/openssl/pull/28920)
Liu-ErMeng [Thu, 25 Dec 2025 12:22:19 +0000 (04:22 -0800)]
fix vpsm4_ex bug in AARCH64 big-endian platform
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Mon Jan 12 18:46:42 2026
(Merged from https://github.com/openssl/openssl/pull/29504)
Gleb Popov [Fri, 9 Jan 2026 14:48:00 +0000 (17:48 +0300)]
bn: Remove the BN_RECURSION cpp define
Just like in previous commit, this define does not represent a toggleable
feature, but is entirely dependent on the OPENSSL_SMALL_FOOTPRINT define.
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Mon Jan 12 18:44:27 2026
(Merged from https://github.com/openssl/openssl/pull/29204)
Gleb Popov [Fri, 9 Jan 2026 14:13:32 +0000 (17:13 +0300)]
bn: Remove the BN_SQR_COMBA cpp define
Just like in previous commit, this define does not represent a toggleable
feature, but is entirely dependent on the OPENSSL_SMALL_FOOTPRINT define.
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Mon Jan 12 18:44:25 2026
(Merged from https://github.com/openssl/openssl/pull/29204)
Gleb Popov [Mon, 24 Nov 2025 13:46:07 +0000 (16:46 +0300)]
bn: Remove the BN_MUL_COMBA cpp define
It does not represent a feature that some arch may or may not possess, but
instead is entirely dependent on the OPENSSL_SMALL_FOOTPRINT option.
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Mon Jan 12 18:44:24 2026
(Merged from https://github.com/openssl/openssl/pull/29204)
Use BIO_free() to free "in" if error occurs to avoid memory leak.
Moreover, add check for "out" to avoid NULL pointer dereference.
Also replace OPENSSL_assert with return.
Fixes: e599d0a ("Add CMP fuzzing to fuzz/cmp.c, including a couple of helpers in crypto/cmp/") Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Mon Jan 12 18:40:14 2026
(Merged from https://github.com/openssl/openssl/pull/27920)
zhoulu [Mon, 5 Jan 2026 11:48:56 +0000 (19:48 +0800)]
Instruction reordering to further improve SM4-CBC decryption performance on the RISC-V architecture
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29544)
Milan Broz [Fri, 9 Jan 2026 14:13:45 +0000 (15:13 +0100)]
Add clang-21 to CI compilers
Signed-off-by: Milan Broz <gmazyland@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29587)
Simo Sorce [Thu, 8 Jan 2026 19:04:37 +0000 (14:04 -0500)]
Fix max index define that was not updated
In PR #29145 a new OSSL_LIB_CTX_SSL_CONF_IMODULE was added, but
the OSSL_LIB_CTX_MAX_INDEXES value was left behind.
This should probably be converted to an enum, but I'll leave that work
to some other brave soul.
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29581)
QUIC listener may fail with SSL_POLL_EVENT_EL on windows.
recvfrom() may return WSAECONNRESET when the destination port
used in a previous sendto() call is no longer available. This
causes QUIC PORT to swich from running state. This behavior
is not desired for QUIC protocol. The trick is to disable
SIO_UDP_CONNRESET flag on UDP port used by QUIC.
The issue was kindly reported and root caused by goforit22123-netizen@
Fixes: #29530 Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Norbert Pocs <norbertp@openssl.org>
MergeDate: Mon Jan 12 10:27:25 2026
(Merged from https://github.com/openssl/openssl/pull/29538)
commit 131c2a1adba1 ("Defang the lhash test") has reduced default number
of the thread workers in CI to HARNESS_JOBS / 4. Setting LHASH_WORKERS
will set it back.
Resolves: https://github.com/openssl/project/issues/1769 Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
MergeDate: Mon Jan 12 10:09:54 2026
(Merged from https://github.com/openssl/openssl/pull/29565)
Matt Caswell [Mon, 15 Dec 2025 17:12:46 +0000 (17:12 +0000)]
Update the documentation to remove referenceds to EVP_PKEY_ASN1_METHOD
Now that EVP_PKEY_ASN1_METHODs have been removed from the public API we
need to update the documentation accordingly. They still exist internally
and so some references are still appropriate in the internal documetnation.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29405)
Matt Caswell [Mon, 15 Dec 2025 17:02:36 +0000 (17:02 +0000)]
Remove the ability to create a custom EVP_PKEY_ASN1_METHOD
Now that the ability to register a custom EVP_PKEY_ASN1_METHOD has
been removed in an earlier commit, we can now remove the functions that
are used to create a custom EVP_PKEY_ASN1_METHOD.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29405)
Matt Caswell [Mon, 15 Dec 2025 16:18:13 +0000 (16:18 +0000)]
Remove the ability to query the internal EVP_PKEY_ASN1_METHODs
Previously there were a few functions where you could obtain a handle
on registered EVP_PKEY_ASN1_METHODs and query information about them.
We remove the capability.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29405)
Matt Caswell [Mon, 15 Dec 2025 15:31:08 +0000 (15:31 +0000)]
Remove EVP_PKEY_asn1_add0()
We remove the ability to add application defined EVP_PKEY_ASN1_METHODs
via the `EVP_PKEY_asn1_add0()` function. We also remove the related function
`EVP_PKEY_asn1_add_alias()`.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29405)
Neil Horman [Wed, 7 Jan 2026 14:34:51 +0000 (09:34 -0500)]
Add a test to ensure that instantiation of drbgs work
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29560)
Neil Horman [Tue, 6 Jan 2026 17:08:40 +0000 (12:08 -0500)]
fetch macctx while fetching digest when creating HMAC-DRBG
Somewhere in our conversion from .c files to .inc files for our rand
providers, we created code in drbg_hmac_set_ctx_params_locked to fetch
our digest and hmac when creating the rand instance. However, the
function drbg_fetch_algs_from_prov only fetched our digest for this rand
type, not the hmac, and returned 1 while doing so, indicating success.
This is problematic because it means that we never wind up fetching an
HMAC for this rand type. As a result we never compute the strength of
the DRBG and so any attempt to seed it fails.
Ensure that, if we load a digest for this DRBG, we also fetch an HMAC,
and fail if we can't do so, so the HMAC-DRBG is useful.
Fixes openssl/private#853
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29560)
Matt Caswell [Wed, 7 Jan 2026 11:54:05 +0000 (11:54 +0000)]
Clean up some unnecessary inclusions
After the deadcode removal there were varios include files being used
that are no longer necessary. We remove them.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29460)
Matt Caswell [Fri, 19 Dec 2025 13:42:23 +0000 (13:42 +0000)]
Remove some legacy fields from the EVP_MD_CTX structure
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29460)
Matt Caswell [Fri, 19 Dec 2025 11:49:25 +0000 (11:49 +0000)]
Cleanup the EVP_MD structure
Remove fields that are no longer needed.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29460)
Matt Caswell [Fri, 19 Dec 2025 11:32:23 +0000 (11:32 +0000)]
Remove legacy method deadcode for EVP_MD implementations
Remove the legacy EVP_MD implementation functions. These are no longer
used due to providers. This code is now unreachable due to the removal of
the functions related to custom EVP_MD methods.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29460)
Richard Levitte [Sat, 3 Jan 2026 12:19:49 +0000 (13:19 +0100)]
Fix util/mkinstallvars.pl to treat LIBDIR and libdir correctly
OpenSSL's build file (Makefile) handles library directories via two
variables, 'LIBDIR' and 'libdir', where the former is empty when the
path given through ./Configure's '--libdir' is absolute.
This was forgotten when treating the resulting values in,
util/mkinstallvars.pl, which got libdir in exporters/libcrypto.pc
to not be quite right if .Configure was called with a '--libdir'
with an absolute path.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29540)
Bernd Edlinger [Mon, 5 Jan 2026 13:27:15 +0000 (14:27 +0100)]
Fix a possible crash in ASN1_generate_nconf
Due to an out of memory error, the i2d_ASN1_TYPE might fail
and cause a segfault.
This adds a missing check for NULL pointer and a test case
that exercises IMPLICIT and EXPLICT tagging in generate_v3,
since there was no test coverage at all for this code section.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Thu Jan 8 10:13:43 2026
(Merged from https://github.com/openssl/openssl/pull/29545)
Remove unused ossl_crypto_ex_data_get_ossl_lib_ctx() and memdbg_lock.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Thu Jan 8 10:08:08 2026
(Merged from https://github.com/openssl/openssl/pull/29500)
Anton Moryakov [Wed, 29 Oct 2025 18:21:39 +0000 (21:21 +0300)]
apps: ocsp.c: fix null dereference in ocsp_response
Report of the static analyzer:
Function 'OCSP_cert_to_id' may return NULL on allocation failure,
but its return value is dereferenced in 'OCSP_id_issuer_cmp'
without prior NULL check at ocsp.c:1088. This can lead to a null
pointer dereference and cause a segmentation fault, resulting
in a denial-of-service (DoS) condition. Although such failures
are rare, an attacker could potentially trigger them under memory
pressure. All other calls to 'OCSP_cert_to_id' in the codebase
(e.g., add_ocsp_cert, add_ocsp_serial) properly check for NULL,
making this instance a clear omission.
Correct explained:
Added a NULL check after calling OCSP_cert_to_id() when creating
'ca_id' inside the issuer lookup loop. If the allocation fails, the
function now safely returns an internal error response instead of
risking a crash. This change aligns the code with existing
error-handling patterns in the same file and improves robustness
against resource exhaustion attacks.
Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Thu Jan 8 09:01:09 2026
(Merged from https://github.com/openssl/openssl/pull/29033)
Andreas Aigner [Wed, 12 Jun 2024 07:27:36 +0000 (09:27 +0200)]
Remove unused Data::Dumper from cmake exporter
* Remove additional dependency for old build boxes (in particular centos)
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Thu Jan 8 08:55:10 2026
(Merged from https://github.com/openssl/openssl/pull/24632)
Neil Horman [Mon, 5 Jan 2026 18:26:53 +0000 (13:26 -0500)]
Add new test test_base64_simdutf to .gitignore file
the test_base64_simdutf test is commonly built but not ignored by our
.gitignore file, fix that up
Fixes #29529
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29551)
Neil Horman [Sun, 4 Jan 2026 22:42:33 +0000 (17:42 -0500)]
prevent large latency in base64_simdutf test
The base64_simdutf test has a printf statement inside a double for loop
that causes a huge amount of latency when run under our perl scripts.
Average run time on my system is about 1min 58 seconds.
We shouldn't be using a printf statement there anyway (likely TEST_info
instead), but we don't need that either, so just remove the printf
entirely. This decreases the run time to around a second to complete.
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29542)
test: use runtime FIPS detection instead of compile-time check
Replace #ifdef FIPS_MODULE with OSSL_PROVIDER_available() runtime check
in ecdsatest.c. The compile-time check is not meaningful for test cases
as the test binary may be compiled without FIPS_MODULE but run with the
FIPS provider loaded.
Fixes #28255
CLA: trivial
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29527)
apps.c: fix next_item() to correctly handle space(s) before comma separators
* Modified the parsing logic to handle space-followed-by-comma patterns
* Updated the separator skipping logic to process at most one comma while allowing multiple spaces
* Added a test case with a mixed DNS and IP SAN entry that includes the problematic spacing pattern
Bernd Edlinger [Sun, 4 Jan 2026 18:52:15 +0000 (19:52 +0100)]
Fix a memory leak in sctp code
There is a memory leak of the addrinfo struct when
`./openssl s_server -dtls -sctp -accept 127.0.0.1:4433`
is used, but `sysctl -w net.sctp.auth_enable=1`
is not done before.
Additionally this fixes an oversight, when
`./openssl s_client -dtls -sctp -connect localhost:4433`
is used to connect to above server.
The first connect attempt is to IPv6 ::1, which might fail,
but the second attempt might still succeed, so continue to
try all addesses even when the SCTP socket fails for one of them.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29541)
Neil Horman [Wed, 31 Dec 2025 14:19:42 +0000 (09:19 -0500)]
Fix dead code/constant expression in simdutf test
Coverity issues:
https://scan5.scan.coverity.com/#/project-view/60762/10222?selectedIssue=1677828
and
https://scan5.scan.coverity.com/#/project-view/60762/10222?selectedIssue=1677827
caught some dead code in the simdutf test.
The total variable is defined as an int, which is tested against <=
INT_MAX, and > INT_MAX, which will always be true, and false
respectively, making the <= test needless, and the condition the latter
bounds dead code
Clean that up.
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29525)
With recent changes, evp_encodeblock_int may return a negative value,
which EVP_EncodeFinal does not anticipate. As the latter sets out[ret]
to "\0" where ret is the return value of evp_encodeblock_int, we may
underflow the array index and access invalid memory locations.
Only update the output buffer if the return value is greater or equal to
zero.
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29525)
ret is incremented by inl in b64_write prior to being tested for zero.
Since inl is previously tested for being <= 0, and returns if it is, ret
must be at least 1 during the test, making the trinary test dead code.
Just return -1 here.
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29525)
Bob Beck [Fri, 21 Nov 2025 00:06:11 +0000 (17:06 -0700)]
Remove the ASN1_STRING_FLAG_X509_TIME flag
It's only use was to do some somewhat confused cruftery
inside of ossl_asn1_time_to_tm as a special case to
implement ASN1_TIME_set_string_X509.
As it turns out, you don't need the cruftery of a special
case inside of ossl_asn1_time_to_tm to implement this
function, so the flag is completely unnecessary.
This removes flag, and simplifies this to work without it.
It removes the cruft only from ossl_asn1_time_to_tm,
minimally. This function really needs some cleanup and
makes my eyes bleed but I am resisting the temptation
to do that with this PR and making this a the minimal
change needed for review. I will clean up that function
in a follow on pr.
As tests on the behaviour of ASN1_TIME_set_string_X509
were added with it, Beyonce dances happily for me and I
only need to pass the existing tests, not write as bunch
of new ones.. .
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29187)
Neil Horman [Wed, 31 Dec 2025 21:38:21 +0000 (16:38 -0500)]
Fix register save/restore issue in ppc
Recently, the addition of some vector register save restore logic from:
https://github.com/openssl/openssl/pull/28990
Triggered an issue in our quic_multistream_test, notably causing a
connection shutdown with error code 1, rather than successful
completion.
The problem has been root caused to an error in how the ppc aes code
saves and restores vector registers.
The aes gcm code uses VSR instructions (vsldoi, etc), to maniuplate
vector registers, which only operate on the upper half of the vector
register file (VS32-63), and operands are implicitly offset to do this.
(i.e. <instr> v31 actually operates on register vs63).
However, the SAVE/RESTORE macros which save and restore those values use
stxv/lxv instructions to do the save and restore, which are VSX
instructions that have access to the full vector register file, and so
by restoring V1, rather than V33, etc, we actuall restore values to the
wrong registers, causing various issues (most notably the above
misconfiguration of the quic SSL shutdown event, which sets the error
code erroneously to 1 instead of the expected 0 value).
Fix it by offsetting the SAVE_REGS and RESTORE_REGS macros to reference
the proper registers when doing save and restore.
Fixes #29516
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29528)
609bob [Fri, 19 Dec 2025 02:27:06 +0000 (10:27 +0800)]
bss_acpt.c: Free strings returned from previous BIO_ADDR_hostname_string() calls
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29452)
zhoulu [Fri, 19 Dec 2025 02:08:02 +0000 (10:08 +0800)]
SM4-CBC performance improvement on RISC-V
Modify the IV update method to further improve the performance of
SM4-CBC encryption on the RISC-V architecture.
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29451)
xxcui [Sat, 29 Nov 2025 01:56:10 +0000 (09:56 +0800)]
SM3: Performance optimized with RISC-V Vector Crypto
RISC-V Cryptographic Vector Extension provides ZVK instructions which
can be used to accelerate SM3 computing.
By calculating SHA512 performance on C930 FPGA, it is proven that sm3
speed is improved from 120695K to 323844K.
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29264)
fengpengbo [Fri, 19 Dec 2025 03:00:59 +0000 (11:00 +0800)]
This PR performs further optimization based on the already merged "Implement Montgomery multiplication assembly optimization for RV64GC" (#28012).
The key improvements include:code formatting unification、instruction scheduling optimization、register allocation strategy update、updates to addition/subtraction carry and borrow flag handling.
These enhancements aim to improve both the code maintainability and its execution performance, particularly on out-of-order RISC-V cores.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29438)
Add check for the return value of BIO_new() to avoid NULL pointer dereference.
Fixes: fd19fc4c27 ("Test that a key is usable after an EVP_PKEY_fromdata call") Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27994)
Neil Horman [Sun, 21 Dec 2025 19:40:45 +0000 (14:40 -0500)]
Add ci test to run against minimal gcc version we support
We currently support gcc 9 as a minimum compiler version. We should run
at least one ci job against that minimal version to make sure we don't
break anything.
Most notably this will help us catch errors if we attempt to use
intrinsics that aren't supported by that compiler.
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29482)
fengpengbo [Thu, 18 Dec 2025 06:45:39 +0000 (14:45 +0800)]
Fix register usage comment in ARMv8 Montgomery sqr asm.
In the bn_sqr8x_mont function, a comment describing the accumulation step for the partial product a[1]*a[0] incorrectly referenced the low part ('lo') of the product. The value being added to the temporary register t[2] is actually the high part ('hi') of that multiplication.
Correct the comment from "t[2]+lo(a[1]*a[0])" to "t[2]+hi(a[1]*a[0])".
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29436)
Andrew Dinh [Tue, 16 Dec 2025 20:44:18 +0000 (00:44 +0400)]
Add no-ssl3 back as a no-op
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29338)
Andrew Dinh [Mon, 22 Sep 2025 08:50:42 +0000 (18:50 +1000)]
Allow enabling deprecated flags that haven't been removed yet
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29338)
Andrew Dinh [Mon, 8 Sep 2025 13:43:01 +0000 (23:43 +1000)]
Deprecate SSL3 Configure flags
Show a deprecated warning if users attempt to run Configure script with
no-ssl3, no-ssl, or no-ssl3-method. Also adds a fix to the Configure
script preventing users from enabling deprecated flags.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29338)
Andrew Dinh [Thu, 11 Sep 2025 07:06:59 +0000 (17:06 +1000)]
Rename SSL3 error codes to TLS equivalents
Updated error code names and references from SSL3 to TLS in error definitions and error strings. Legacy error codes are preserved in sslerr_legacy.h for backward compatibility
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29338)
projects / thirdparty / openssl.git / log
