constify X509_find_by_issuer_and_serial

Constify the return value of X509_find_by_issuer_and_serial, and fix up
the callers to handle it properly (affects two pkcs7 functions)

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
MergeDate: Wed Feb 25 15:05:11 2026
(Merged from https://github.com/openssl/openssl/pull/30092)

test_sigalgs_available(): Add missing FALLTHROUGH annotation

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Wed Feb 25 14:23:45 2026
(Merged from https://github.com/openssl/openssl/pull/30174)

Improved reporting of shared and peer sigalgs

The existing SSL_get_sigalgs() and SSL_get_shared_sigalgs() are not a
good fit for TLS 1.3, because signature schemes are no longer generally
combinations of separate digest and signing algorithms encoded in the
two byte codepoint.

The new SSL_get0_sigalg() and SSL_get0_shared_sigalg() functions just
report the signature scheme name and codepoint.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 11:30:16 2026
(Merged from https://github.com/openssl/openssl/pull/29982)

ssl/ech/ech_store.c: use OPENSSL_malloc_array() in ech_decode_one_entry()

Use OPENSSL_malloc_array() for ee->suites array allocation, as it is more
semantically sound and performs a size overflow check.

Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 11:20:15 2026
(Merged from https://github.com/openssl/openssl/pull/30146)

ssl/ech/ech_store.c: do not raise errors on allocation failures

The default CRYPTO_malloc() implementation (with OPENSSL_malloc()
and OPENSSL_zalloc() being wrappers for it) raises an error
on allocation, and both OPENSSL_strdup() and OPENSSL_memdup() use
CRYPTO_malloc() internally for memory allocation, so there is no need
to explicitly raise an error on an allocation failure;  remove these.

Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 11:20:14 2026
(Merged from https://github.com/openssl/openssl/pull/30146)

evp_kem_init(): Fix copy paste bug when checking decapsulate_init

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 11:13:36 2026
(Merged from https://github.com/openssl/openssl/pull/30144)

test/ech_test.c: avoid memory leaks in ech_api_basic_calls()

rinner and router should be freed after successful SSL_ech_get1_status()
calls.

Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1681465
Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1681466
Fixes: 5e5a76fc2c08 "Add tests and documentation and fix a couple of issues identified by added tests"
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 11:10:58 2026
(Merged from https://github.com/openssl/openssl/pull/30139)

test/ech_corrupt_test.c: avoid memory leak in tls_corrupt_write()

corrupt_or_copy() may return 0 while still setting returning the allocated
memory in copy, avoid leaking it by always calling OPENSSL_free() on it.

Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1681460
Fixes: 5e5a76fc2c08 "Add tests and documentation and fix a couple of issues identified by added tests"
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 11:10:57 2026
(Merged from https://github.com/openssl/openssl/pull/30139)

ssl/statem/statem_srvr.c: avoid WPACKET momory leak in tls_process_client_hello

Call WPACKET_cleanup() in case of a WPACKET_* call error after
successfull WPACKET_init_static_len() before return.

Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1681448
Fixes: 6c3edd4f3a8a "Add server-side handling of Encrypted Client Hello"
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 11:10:56 2026
(Merged from https://github.com/openssl/openssl/pull/30139)

ssl/statem/extensions_srvr.c: free empty rcfgs in tls_construct_stoc_ech()

Free rcfgs before return when rcfgslen is 0, mostly to placate
Coverity, as it is expected to be NULL with the majority of realloc()
implementations.

Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1681463
Complements: 6c3edd4f3a8a "Add server-side handling of Encrypted Client Hello"
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 11:10:55 2026
(Merged from https://github.com/openssl/openssl/pull/30139)

ssl/statem/extensions_clnt.c: superfluous NULL check in tls_construct_ctos_psk()

Remove superfluous NULL check of s->session in tls_construct_ctos_psk(),
as it is assumed to be non-NULL elsewhere.

Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1681450
Fixes: ade10c5dbf20 "ECH client side"
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 11:10:54 2026
(Merged from https://github.com/openssl/openssl/pull/30139)

ssl/ech/ech_store.c: avoid NULL dereference in ech_decode_one_entry()

Do not jump to the err label on rent NULL check failure (where
it is dereferenced) and rather return immediately.

Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1681462
Fixes: 4af71a77387c "ECH CLI implementation"
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 11:10:52 2026
(Merged from https://github.com/openssl/openssl/pull/30139)

ssl/ech/ech_store.c: avoid uninitialised WPACKET use in OSSL_ECHSTORE_new_config

Do not call WPACKET_cleanup() in case of WPACKET_init() failure
and earlier errors.

Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1681459
Fixes: 4af71a77387c "ECH CLI implementation"
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 11:10:51 2026
(Merged from https://github.com/openssl/openssl/pull/30139)

ssl/ech/ech_store.c: avoid memory leak on error path in OSSL_ECHSTORE_new

Free the newly allocated OSSL_ECHSTORE in case of propq duplication
failure before return.

Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1681457
Fixes: 7debe0ddeff7 "ECH external APIs"
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 11:10:50 2026
(Merged from https://github.com/openssl/openssl/pull/30139)

ssl/ech/ech_internal.c: avoid memory leak on ech_decode_inbound_ech() error path

Free allocated tmpenc in case of subsequent PACKET_copy_bytes() failure.

Reolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1681456
Fixes: 6c3edd4f3a8a "Add server-side handling of Encrypted Client Hello"
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 11:10:49 2026
(Merged from https://github.com/openssl/openssl/pull/30139)

ssl/ech/ech_internal.c: avoid NULL dereference in ossl_ech_get_ch_offsets

Do not call SSLfatal with s that can potentially be NULL.

Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1681455
Fixes: 6c3edd4f3a8a "Add server-side handling of Encrypted Client Hello"
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 11:10:47 2026
(Merged from https://github.com/openssl/openssl/pull/30139)

ssl/ech/ech_internal.c: avoid truncating time_t value in ossl_ech_status_print

Avoid casting time_t (that is almost universally 64-bit nowadays)
to (32-bit) int and cast it to long long instead.

Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1681453
Fixes: ade10c5dbf20 "ECH client side"
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 11:10:46 2026
(Merged from https://github.com/openssl/openssl/pull/30139)

ssl/ech/ech_store.c: check WPACKET_get_total_written return value

Check the return value of check WPACKET_get_total_written() call
in OSSL_ECHSTORE_new_config() and OSSL_ECHSTORE_write_pem(),
and error out on failure.

References: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1681451
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 11:10:45 2026
(Merged from https://github.com/openssl/openssl/pull/30139)

ssl/ech/ech_internal.c: avoid memory leak in ossl_ech_get_retry_configs()

Free the temporarily allocated memory before returning on failed size
overflow check.

Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1681458
Fixes: 0bdae603e82f "ossl_ech_get_retry_configs(): Check for integer overflow"
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 11:10:43 2026
(Merged from https://github.com/openssl/openssl/pull/30139)

ssl/ech/ech_internal.c: check WPACKET_get_total_written in ossl_ech_send_grease

Check the result of WPACKET_get_total_written() calls
in ossl_ech_send_grease(), as is done elsewhere.

Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1681451
Fixes: ade10c5dbf20 "ECH client side"
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 11:10:42 2026
(Merged from https://github.com/openssl/openssl/pull/30139)

ssl/ech/ech_internal.c: avoid superfluous extval check in ossl_ech_early_decrypt

Remove superfluous extval NULL check on success path, as it cannot
be NULL, and is already dereferenced earlier.

Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1681447
Fixes: 6c3edd4f3a8a "Add server-side handling of Encrypted Client Hello"
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 11:10:41 2026
(Merged from https://github.com/openssl/openssl/pull/30139)

apps/s_server.c: call OPENSSL_DIR_end after directory traversal in ech_load_dir

While it is not documented, OPENSSL_DIR_end() is to be called at the end
of directory traversal to free the context and avoid leaking memory.

Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1681464
Fixes: a2e5848d9d11 "s_client and s_server options for ECH"
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 11:10:39 2026
(Merged from https://github.com/openssl/openssl/pull/30139)

apps/s_server.c: free ECH storage in ech_load_dir() on return

The ECH storage is to be freed on both error and success paths,
as it is copied by SSL_CTX_set1_echstore().

Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1681454
Fixes: a2e5848d9d11 "s_client and s_server options for ECH"
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 11:10:38 2026
(Merged from https://github.com/openssl/openssl/pull/30139)

apps/ech.c: free the resources on option help printing

Avoid leaking resources when jumping to opthelp by executing the same
freeing routines.

Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1681452
Fixes: 4af71a77387c "ECH CLI implementation"
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 11:10:37 2026
(Merged from https://github.com/openssl/openssl/pull/30139)

Simplify and expand default group list

With keyshare floating, we no longer need CPP conditions to get the
right keyshare prediction defaults.

Also add "curveSM2" near the end of the list, after the stronger ECX and
EC groups, but before FFDHE.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 11:08:17 2026
(Merged from https://github.com/openssl/openssl/pull/30113)

Add keyshare floating

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 11:08:10 2026
(Merged from https://github.com/openssl/openssl/pull/30113)

Fix group tuple handling in DEFAULT expansion

Also fine-tune docs and add tests.

Fixes: #30109
Fixes: CVE-2026-2673
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 11:08:03 2026
(Merged from https://github.com/openssl/openssl/pull/30113)

Fix const qualifiers from strchr where discarded

This patch fixes several const qualifiers byu adding where required.

    warning: assignment discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]

Since glibc-2.43 and ISO C23, the functions bsearch, memchr, strchr,
strpbrk, strrchr, strstr, wcschr, wcspbrk, wcsrchr, wcsstr and wmemchr
that return pointers into their input arrays now have definitions as
macros that return a pointer to a const-qualified type when the input
argument is a pointer to a const-qualified type.

Signed-off-by: Rudi Heitbaum <rudi@heitbaum.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Wed Feb 25 11:04:09 2026
(Merged from https://github.com/openssl/openssl/pull/30136)

FIPS self tests: fix config options when -no-bulk is used

Reviewed-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Wed Feb 25 11:02:07 2026
(Merged from https://github.com/openssl/openssl/pull/30103)

doc: enumerate and describe known reserved property names

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Wed Feb 25 11:00:15 2026
(Merged from https://github.com/openssl/openssl/pull/30083)

Deprecate ASN1_OBJECT_new().

Fixes #16862

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Wed Feb 25 10:37:27 2026
(Merged from https://github.com/openssl/openssl/pull/30011)

doc: fix algorithm and key type names in EVP_PKEY-SLH-DSA

The DESCRIPTION section had inconsistent naming - some algorithm names
incorrectly had the "EVP_PKEY-" prefix while others did not.

Rewrote the section to clearly separate:
- Algorithm names (e.g., SLH-DSA-SHA2-128s) using hyphens
- Key type identifiers (e.g., EVP_PKEY_SLH_DSA_SHA2_128S) using underscores

This matches the format used in EVP_PKEY-ML-DSA(7) and allows the names
to be used correctly in code.

Fixes #29329

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
MergeDate: Wed Feb 25 10:26:59 2026
(Merged from https://github.com/openssl/openssl/pull/29788)

Patch the krb5 build for X509_STORE_CTX constification

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Wed Feb 25 10:24:17 2026
(Merged from https://github.com/openssl/openssl/pull/30076)

Constify X509_STORE_CTX functions invoving X509 *

X509_STORE_CTX *ctx, const X509 *x);
X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, const X509 *x);
int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *trust_store, const X509 *target, STACK_OF(X509) *untrusted);
const X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx);
const X509 *X509_STORE_CTX_get_current_cert(const X509_STORE_CTX *ctx);
const X509 *X509_STORE_CTX_get0_current_issuer(const X509_STORE_CTX *ctx);
void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, const X509 *target);

For #30052

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Wed Feb 25 10:24:15 2026
(Merged from https://github.com/openssl/openssl/pull/30076)

Constify X509_build_chain()

For https://github.com/openssl/openssl/issues/30052

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Wed Feb 25 10:18:49 2026
(Merged from https://github.com/openssl/openssl/pull/30056)

Patch the pkcs11 provider

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 10:15:08 2026
(Merged from https://github.com/openssl/openssl/pull/29862)

Patch rpki-client-portable to handle bit string changes

We also disable warnings for now ro avoid realloc warning

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 10:15:06 2026
(Merged from https://github.com/openssl/openssl/pull/29862)

Update rpki-client test to use current release instead of an old one

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 10:15:04 2026
(Merged from https://github.com/openssl/openssl/pull/29862)

krb5 external test: Add patch to use accessors for ASN1_STRING

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 10:15:02 2026
(Merged from https://github.com/openssl/openssl/pull/29862)

Skip the oqsprovider test temporarily because it is currently broken

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 10:15:00 2026
(Merged from https://github.com/openssl/openssl/pull/29862)

Update oqs-provider to current, which support opaque asn1 strings

This then however breaks for other reasons

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 10:14:58 2026
(Merged from https://github.com/openssl/openssl/pull/29862)

Make ASN1_STRING opaque

This laudable goal, should it land, will be followed
with an issue raised to eat our own dogfood and find
every file with <crypto/asn1.h> added to it in this
commit, and change to the appropriate accessors,
which should be possible in most places we aren't
actually implementing things that change the values

Fixes: https://github.com/openssl/openssl/issues/29860
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 10:14:57 2026
(Merged from https://github.com/openssl/openssl/pull/29862)

Patch krb5 build in external tests

The build is otherwise erroring out with -Werror

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Norbert Pocs <norbertp@openssl.org>
MergeDate: Wed Feb 25 09:58:37 2026
(Merged from https://github.com/openssl/openssl/pull/29468)

Constify X509_NAME

There are still a few casts away from const where things do not actually
end up mutating the object, we'll deal with that later.

Part of #28654 and #29117
Fixes openssl/project#1781

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Norbert Pocs <norbertp@openssl.org>
MergeDate: Wed Feb 25 09:58:35 2026
(Merged from https://github.com/openssl/openssl/pull/29468)

Removes trailing whitespace from generated pkg-config .pc files

Fixes #29993

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Wed Feb 25 09:53:18 2026
(Merged from https://github.com/openssl/openssl/pull/30087)

OSSL_HPKE_CTX_new.pod: Correct the valid AEAD names for HPKE

Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
Reviewed-by: Norbert Pocs <norbertp@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
MergeDate: Wed Feb 25 08:15:23 2026
(Merged from https://github.com/openssl/openssl/pull/30152)

ech_test.c: Fix the test with disabled CHACHA20-POLY1305

Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
Reviewed-by: Norbert Pocs <norbertp@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
MergeDate: Wed Feb 25 08:15:21 2026
(Merged from https://github.com/openssl/openssl/pull/30152)

Removes fixed version TLS methods.

Fixes #28343

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Tue Feb 24 21:19:39 2026
(Merged from https://github.com/openssl/openssl/pull/30128)

Constify X509_get_pubkey_parameters

Another internal-use undocumented public api that should be a
candidate for deprecation.

Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Norbert Pocs <norbertp@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Tue Feb 24 19:33:07 2026
(Merged from https://github.com/openssl/openssl/pull/30127)

Constify X509_get_signature_info

Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Norbert Pocs <norbertp@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Tue Feb 24 19:33:04 2026
(Merged from https://github.com/openssl/openssl/pull/30127)

Constify X509_get0_trust_*

These are undocumented and look to have only one internal use.
They should probably be deprecated with an eye to moving them
internal, but that's for later.

Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Norbert Pocs <norbertp@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Tue Feb 24 19:33:01 2026
(Merged from https://github.com/openssl/openssl/pull/30127)

Constify X509_check[host, email, ip, ip_asc]

For #30052
For #30095

Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Norbert Pocs <norbertp@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Tue Feb 24 19:32:57 2026
(Merged from https://github.com/openssl/openssl/pull/30127)

Constify X509_OBJECT_[get0|set1]_X509 and friends

cascades to constifying X509_get_pubkey() as well

Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
MergeDate: Tue Feb 24 19:16:50 2026
(Merged from https://github.com/openssl/openssl/pull/30117)

Remove implicit truncation behaviour in ossl_i2c_ASN1_BIT_STRING

and make ASN1_BIT_STRING_set_bit compute the unused bits of the
BIT_STRING.

The implicit trunction behaviour allows you to set a value without
keeping the unused bits consistent, using ASN1_STRING_set, and then
have it magically "fixed" to account for the unused bits in the last
octet on output.

As it turns out, after much searching, nothing is using this behavior,

As we now have the new ASN1_BIT_STRING_set1 to set the entire value
and keep the unused bits correct, we make ASN1_BIT_STRING_set_bit
also do the same. Now that both the setters change the object
correctly we remove the implicit trunctation in ossl_i2x_ASN1_BIT_STRING
and make the provided BIT_STRING argument const.

See discussion in https://github.com/openssl/openssl/issues/29185
and in https://github.com/openssl/openssl/issues/29117

For https://github.com/openssl/openssl/issues/29117

Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Tue Feb 24 19:11:26 2026
(Merged from https://github.com/openssl/openssl/pull/29711)

Patch the kerbeos5 tests

Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Tue Feb 24 18:53:27 2026
(Merged from https://github.com/openssl/openssl/pull/29465)

Constify X509_get_ext() and friends..

These all took const, but returned non const, they should return const.

This then triggers constifying of a whole class of get_ext() functions.

Part of #28654 and #29117
Fixes: openssl/project#1779
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Tue Feb 24 18:53:25 2026
(Merged from https://github.com/openssl/openssl/pull/29465)

Constify more X509 arguments and return values

X509_get0_distinguishing_id
X509_keyid_get0
X509_alias_get0
X509_CRL_get0_by_cert
X509_issuer_name_hash
X509_issuer_name_hash_old
X509_subject_name_hash_old

are all const corrected

And PKCS12_add_localkeyid
as a result

X509_getm_notBefore
X509_getm_notAfter=

are const "corrected" by making their argument non-const

Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Tue Feb 24 16:32:45 2026
(Merged from https://github.com/openssl/openssl/pull/30036)

Add a ci job to validate our suppression file is up to date nightly

Now that we have a suppression file, lets make sure we keep it up to
date.  Run a nightly job in CI that runs all our tests under valgrind
with our current suppression file, and fail if any new errors are
generated so that we can either address them or add them to the
suppression file

Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Norbert Pocs <norbertp@openssl.org>
MergeDate: Tue Feb 24 15:11:19 2026
(Merged from https://github.com/openssl/openssl/pull/30003)

Fix a legitimate leak in v2i_issuer_sign_tool

Valgrind found a legitimate leak that, somehow asan missed.

v2i_issuer_sign_tool, when creating a new issuer sign tool,
automatically creates the member utf8 asn1 string objects for us.

However, based on configuration, this function will also create its own
utf8 asn1 strings, which overwrite those initial allocations, creating a
leak.

We don't need to create those strings at all in this fuction, just make
sure the ISSUER_SIGN_TOOL_new function did it for us, by checking them
all for NULL

Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Norbert Pocs <norbertp@openssl.org>
MergeDate: Tue Feb 24 15:11:16 2026
(Merged from https://github.com/openssl/openssl/pull/30003)

Add missing valgrind supressions

Running valgrind in CI triggered a few errors that local testing missed,
add those to the suppression file

Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Norbert Pocs <norbertp@openssl.org>
MergeDate: Tue Feb 24 15:11:14 2026
(Merged from https://github.com/openssl/openssl/pull/30003)

Correct man page args to be consistant

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:05:25 2026
(Merged from https://github.com/openssl/openssl/pull/29612)

Correct synopsis for SSL_set1_ipaddr

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:05:22 2026
(Merged from https://github.com/openssl/openssl/pull/29612)

Revert "Update doc/man3/SSL_set1_host.pod"

This reverts commit 8101ce1e361a564bfad4c6b7e4e36c963082f5fa.

This bikeshed also broke the docs

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:05:20 2026
(Merged from https://github.com/openssl/openssl/pull/29612)

Fix being hoist on my own petard by my kind Irish friend.

(Use the now non-deprecated function)

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:05:18 2026
(Merged from https://github.com/openssl/openssl/pull/29612)

Correct rename of variable that went one bikeshed too far

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:05:15 2026
(Merged from https://github.com/openssl/openssl/pull/29612)

Update CHANGES.md

Co-authored-by: Viktor Dukhovni <viktor1ghub@dukhovni.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:05:13 2026
(Merged from https://github.com/openssl/openssl/pull/29612)

Update CHANGES.md

Co-authored-by: Viktor Dukhovni <viktor1ghub@dukhovni.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:05:10 2026
(Merged from https://github.com/openssl/openssl/pull/29612)

Update CHANGES.md

Co-authored-by: Viktor Dukhovni <viktor1ghub@dukhovni.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:05:08 2026
(Merged from https://github.com/openssl/openssl/pull/29612)

Update CHANGES.md

Co-authored-by: Viktor Dukhovni <viktor1ghub@dukhovni.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:05:05 2026
(Merged from https://github.com/openssl/openssl/pull/29612)

Update doc/man3/X509_VERIFY_PARAM_set_flags.pod

Co-authored-by: Viktor Dukhovni <viktor1ghub@dukhovni.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:05:03 2026
(Merged from https://github.com/openssl/openssl/pull/29612)

Update doc/man3/X509_VERIFY_PARAM_set_flags.pod

Co-authored-by: Viktor Dukhovni <viktor1ghub@dukhovni.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:05:01 2026
(Merged from https://github.com/openssl/openssl/pull/29612)

Update ssl/ssl_lib.c

Co-authored-by: Viktor Dukhovni <viktor1ghub@dukhovni.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:04:58 2026
(Merged from https://github.com/openssl/openssl/pull/29612)

Update doc/man3/X509_VERIFY_PARAM_set_flags.pod

Co-authored-by: Viktor Dukhovni <viktor1ghub@dukhovni.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:04:55 2026
(Merged from https://github.com/openssl/openssl/pull/29612)

Update doc/man3/X509_VERIFY_PARAM_set_flags.pod

Co-authored-by: Viktor Dukhovni <viktor1ghub@dukhovni.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:04:53 2026
(Merged from https://github.com/openssl/openssl/pull/29612)

Update doc/man3/SSL_set1_host.pod

Co-authored-by: Viktor Dukhovni <viktor1ghub@dukhovni.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:04:50 2026
(Merged from https://github.com/openssl/openssl/pull/29612)

Add a changes entry

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:04:47 2026
(Merged from https://github.com/openssl/openssl/pull/29612)

Fix misplaced check spotted by vitkor

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:04:45 2026
(Merged from https://github.com/openssl/openssl/pull/29612)

Fix up bug found by nhorman on review. Thanks!

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:04:42 2026
(Merged from https://github.com/openssl/openssl/pull/29612)

Update doc/man3/SSL_set1_host.pod

Co-authored-by: Viktor Dukhovni <viktor1ghub@dukhovni.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:04:40 2026
(Merged from https://github.com/openssl/openssl/pull/29612)

Update doc/man3/SSL_set1_host.pod

Co-authored-by: Viktor Dukhovni <viktor1ghub@dukhovni.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:04:37 2026
(Merged from https://github.com/openssl/openssl/pull/29612)

Update crypto/x509/x509_vpm.c

Co-authored-by: Viktor Dukhovni <viktor1ghub@dukhovni.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:04:35 2026
(Merged from https://github.com/openssl/openssl/pull/29612)

Update doc/man3/SSL_set1_host.pod

Co-authored-by: Viktor Dukhovni <viktor1ghub@dukhovni.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:04:32 2026
(Merged from https://github.com/openssl/openssl/pull/29612)

Update crypto/x509/x509_vpm.c

Co-authored-by: Viktor Dukhovni <viktor1ghub@dukhovni.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:04:30 2026
(Merged from https://github.com/openssl/openssl/pull/29612)

Update doc/man3/SSL_set1_host.pod

Co-authored-by: Viktor Dukhovni <viktor1ghub@dukhovni.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:04:28 2026
(Merged from https://github.com/openssl/openssl/pull/29612)

Update doc/man3/SSL_set1_host.pod

Co-authored-by: Viktor Dukhovni <viktor1ghub@dukhovni.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:04:25 2026
(Merged from https://github.com/openssl/openssl/pull/29612)

Update doc/man3/SSL_set1_host.pod

Co-authored-by: Viktor Dukhovni <viktor1ghub@dukhovni.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:04:22 2026
(Merged from https://github.com/openssl/openssl/pull/29612)

Add a test for using a leading . for verification of a domain name

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:04:20 2026
(Merged from https://github.com/openssl/openssl/pull/29612)

Allow for a leading . for wildcard like matches

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:04:17 2026
(Merged from https://github.com/openssl/openssl/pull/29612)

Ensure we use the correct '@' in an email and raise an error when we fail

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:04:15 2026
(Merged from https://github.com/openssl/openssl/pull/29612)

Address Viktor's review around label checks

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:04:12 2026
(Merged from https://github.com/openssl/openssl/pull/29612)

Mention ASCII vs Non ASCII localparts

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:04:10 2026
(Merged from https://github.com/openssl/openssl/pull/29612)

derp

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:04:07 2026
(Merged from https://github.com/openssl/openssl/pull/29612)

Update doc/man3/SSL_set1_host.pod

Co-authored-by: Viktor Dukhovni <viktor1ghub@dukhovni.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:04:04 2026
(Merged from https://github.com/openssl/openssl/pull/29612)

Update doc/man3/X509_VERIFY_PARAM_set_flags.pod

Co-authored-by: Viktor Dukhovni <viktor1ghub@dukhovni.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:04:02 2026
(Merged from https://github.com/openssl/openssl/pull/29612)

Update doc/man3/SSL_set1_host.pod

Co-authored-by: Viktor Dukhovni <viktor1ghub@dukhovni.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:04:00 2026
(Merged from https://github.com/openssl/openssl/pull/29612)

Update doc/man3/SSL_set1_host.pod

Co-authored-by: Viktor Dukhovni <viktor1ghub@dukhovni.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:03:57 2026
(Merged from https://github.com/openssl/openssl/pull/29612)

Update doc/man3/X509_VERIFY_PARAM_set_flags.pod

Co-authored-by: Viktor Dukhovni <viktor1ghub@dukhovni.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:03:54 2026
(Merged from https://github.com/openssl/openssl/pull/29612)

Update doc/man3/X509_VERIFY_PARAM_set_flags.pod

Co-authored-by: Viktor Dukhovni <viktor1ghub@dukhovni.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:03:52 2026
(Merged from https://github.com/openssl/openssl/pull/29612)

Update doc/man3/X509_VERIFY_PARAM_set_flags.pod

Co-authored-by: Viktor Dukhovni <viktor1ghub@dukhovni.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:03:49 2026
(Merged from https://github.com/openssl/openssl/pull/29612)

Update crypto/x509/v3_utl.c

Co-authored-by: Viktor Dukhovni <viktor1ghub@dukhovni.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:03:47 2026
(Merged from https://github.com/openssl/openssl/pull/29612)