Bob Beck [Thu, 19 Feb 2026 01:17:39 +0000 (18:17 -0700)]
Add a changes entry
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:04:47 2026
(Merged from https://github.com/openssl/openssl/pull/29612)
Bob Beck [Wed, 18 Feb 2026 16:55:17 +0000 (09:55 -0700)]
Fix misplaced check spotted by vitkor
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:04:45 2026
(Merged from https://github.com/openssl/openssl/pull/29612)
Bob Beck [Wed, 18 Feb 2026 16:48:04 +0000 (09:48 -0700)]
Fix up bug found by nhorman on review. Thanks!
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:04:42 2026
(Merged from https://github.com/openssl/openssl/pull/29612)
Bob Beck [Thu, 5 Feb 2026 15:38:22 +0000 (08:38 -0700)]
Update doc/man3/SSL_set1_host.pod
Co-authored-by: Viktor Dukhovni <viktor1ghub@dukhovni.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:04:40 2026
(Merged from https://github.com/openssl/openssl/pull/29612)
Bob Beck [Thu, 5 Feb 2026 15:38:03 +0000 (08:38 -0700)]
Update doc/man3/SSL_set1_host.pod
Co-authored-by: Viktor Dukhovni <viktor1ghub@dukhovni.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:04:37 2026
(Merged from https://github.com/openssl/openssl/pull/29612)
Bob Beck [Thu, 5 Feb 2026 15:37:42 +0000 (08:37 -0700)]
Update crypto/x509/x509_vpm.c
Co-authored-by: Viktor Dukhovni <viktor1ghub@dukhovni.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:04:35 2026
(Merged from https://github.com/openssl/openssl/pull/29612)
Bob Beck [Thu, 5 Feb 2026 15:37:18 +0000 (08:37 -0700)]
Update doc/man3/SSL_set1_host.pod
Co-authored-by: Viktor Dukhovni <viktor1ghub@dukhovni.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:04:32 2026
(Merged from https://github.com/openssl/openssl/pull/29612)
Bob Beck [Thu, 5 Feb 2026 15:37:00 +0000 (08:37 -0700)]
Update crypto/x509/x509_vpm.c
Co-authored-by: Viktor Dukhovni <viktor1ghub@dukhovni.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:04:30 2026
(Merged from https://github.com/openssl/openssl/pull/29612)
Bob Beck [Thu, 5 Feb 2026 15:36:42 +0000 (08:36 -0700)]
Update doc/man3/SSL_set1_host.pod
Co-authored-by: Viktor Dukhovni <viktor1ghub@dukhovni.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:04:28 2026
(Merged from https://github.com/openssl/openssl/pull/29612)
Bob Beck [Thu, 5 Feb 2026 15:36:21 +0000 (08:36 -0700)]
Update doc/man3/SSL_set1_host.pod
Co-authored-by: Viktor Dukhovni <viktor1ghub@dukhovni.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:04:25 2026
(Merged from https://github.com/openssl/openssl/pull/29612)
Bob Beck [Thu, 5 Feb 2026 15:35:57 +0000 (08:35 -0700)]
Update doc/man3/SSL_set1_host.pod
Co-authored-by: Viktor Dukhovni <viktor1ghub@dukhovni.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:04:22 2026
(Merged from https://github.com/openssl/openssl/pull/29612)
Bob Beck [Wed, 4 Feb 2026 00:57:49 +0000 (17:57 -0700)]
Add a test for using a leading . for verification of a domain name
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:04:20 2026
(Merged from https://github.com/openssl/openssl/pull/29612)
Bob Beck [Wed, 4 Feb 2026 00:51:37 +0000 (17:51 -0700)]
Allow for a leading . for wildcard like matches
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:04:17 2026
(Merged from https://github.com/openssl/openssl/pull/29612)
Bob Beck [Wed, 4 Feb 2026 00:30:10 +0000 (17:30 -0700)]
Ensure we use the correct '@' in an email and raise an error when we fail
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:04:15 2026
(Merged from https://github.com/openssl/openssl/pull/29612)
Bob Beck [Tue, 3 Feb 2026 18:39:29 +0000 (11:39 -0700)]
Address Viktor's review around label checks
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:04:12 2026
(Merged from https://github.com/openssl/openssl/pull/29612)
Bob Beck [Tue, 3 Feb 2026 17:24:19 +0000 (10:24 -0700)]
Mention ASCII vs Non ASCII localparts
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:04:10 2026
(Merged from https://github.com/openssl/openssl/pull/29612)
Bob Beck [Tue, 3 Feb 2026 17:09:07 +0000 (10:09 -0700)]
derp
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:04:07 2026
(Merged from https://github.com/openssl/openssl/pull/29612)
Bob Beck [Tue, 3 Feb 2026 17:47:06 +0000 (10:47 -0700)]
Update doc/man3/SSL_set1_host.pod
Co-authored-by: Viktor Dukhovni <viktor1ghub@dukhovni.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:04:04 2026
(Merged from https://github.com/openssl/openssl/pull/29612)
Bob Beck [Tue, 3 Feb 2026 17:14:49 +0000 (10:14 -0700)]
Update doc/man3/X509_VERIFY_PARAM_set_flags.pod
Co-authored-by: Viktor Dukhovni <viktor1ghub@dukhovni.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:04:02 2026
(Merged from https://github.com/openssl/openssl/pull/29612)
Bob Beck [Tue, 3 Feb 2026 17:13:29 +0000 (10:13 -0700)]
Update doc/man3/SSL_set1_host.pod
Co-authored-by: Viktor Dukhovni <viktor1ghub@dukhovni.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:04:00 2026
(Merged from https://github.com/openssl/openssl/pull/29612)
Bob Beck [Tue, 3 Feb 2026 17:09:46 +0000 (10:09 -0700)]
Update doc/man3/SSL_set1_host.pod
Co-authored-by: Viktor Dukhovni <viktor1ghub@dukhovni.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:03:57 2026
(Merged from https://github.com/openssl/openssl/pull/29612)
Bob Beck [Tue, 3 Feb 2026 16:44:09 +0000 (09:44 -0700)]
Update doc/man3/X509_VERIFY_PARAM_set_flags.pod
Co-authored-by: Viktor Dukhovni <viktor1ghub@dukhovni.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:03:54 2026
(Merged from https://github.com/openssl/openssl/pull/29612)
Bob Beck [Tue, 3 Feb 2026 16:41:12 +0000 (09:41 -0700)]
Update doc/man3/X509_VERIFY_PARAM_set_flags.pod
Co-authored-by: Viktor Dukhovni <viktor1ghub@dukhovni.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:03:52 2026
(Merged from https://github.com/openssl/openssl/pull/29612)
Bob Beck [Tue, 3 Feb 2026 16:39:50 +0000 (09:39 -0700)]
Update doc/man3/X509_VERIFY_PARAM_set_flags.pod
Co-authored-by: Viktor Dukhovni <viktor1ghub@dukhovni.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:03:49 2026
(Merged from https://github.com/openssl/openssl/pull/29612)
Bob Beck [Wed, 28 Jan 2026 19:56:57 +0000 (12:56 -0700)]
Update crypto/x509/v3_utl.c
Co-authored-by: Viktor Dukhovni <viktor1ghub@dukhovni.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:03:47 2026
(Merged from https://github.com/openssl/openssl/pull/29612)
Bob Beck [Wed, 28 Jan 2026 19:56:47 +0000 (12:56 -0700)]
Update crypto/x509/v3_utl.c
Co-authored-by: Viktor Dukhovni <viktor1ghub@dukhovni.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:03:44 2026
(Merged from https://github.com/openssl/openssl/pull/29612)
Bob Beck [Sat, 20 Dec 2025 19:21:40 +0000 (12:21 -0700)]
Let's support multiple names for certificate verification
This adds the functionality to VERIFY_PARAM to separately add multiple
ip's and email addresses for verification purposes.
We then mark the unfortunate SSL_add1_host API which unfortunately
aquired a confusing "maybe add an IP address" behaviour as deprecated.
We replace this with SSL_set1_<dnsname, email, ip, ip_asc> and
SSL_add1_<dnsname, email, ip, ip_asc> to set the things in the SSL
corresponding to the VERIFY_PARAM funcitons.
Fixes: https://github.com/openssl/openssl/issues/28418 Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:03:42 2026
(Merged from https://github.com/openssl/openssl/pull/29612)
Neil Horman [Thu, 19 Feb 2026 19:14:40 +0000 (14:14 -0500)]
Ensure we don't leak heap in ossl_rcu_lock_free
BSD, when initializing a pthread_cond_t or pthread_mutex_t may allocate
additional heap. If we don't call pthread_[cond|mutex]_destroy on them,
those allocations leak.
clean that up here.
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Tue Feb 24 12:52:59 2026
(Merged from https://github.com/openssl/openssl/pull/30094)
Neil Horman [Thu, 19 Feb 2026 20:17:10 +0000 (15:17 -0500)]
Constify X509_find_by_subject
Transitively, this also requires the constification of OCSP_resp_get0_signer
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Norbert Pocs <norbertp@openssl.org>
MergeDate: Tue Feb 24 12:45:57 2026
(Merged from https://github.com/openssl/openssl/pull/30096)
Pauli [Thu, 19 Feb 2026 00:29:23 +0000 (11:29 +1100)]
Update documentation with guidelines for commit and PR messages
The CONTRIBUTING.md and PULL_REQUEST_TEMPLATE.md files have been updated
to include guidelines on what makes a desirable commit message and
PR description.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/30075)
Bob Beck [Wed, 18 Feb 2026 23:43:33 +0000 (16:43 -0700)]
Constify X509_STORE_add_cert()
For #30050
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
MergeDate: Mon Feb 23 22:45:42 2026
(Merged from https://github.com/openssl/openssl/pull/30074)
Bob Beck [Tue, 17 Feb 2026 21:28:01 +0000 (14:28 -0700)]
Constify various functions that were non const due to extension cache
for https://github.com/openssl/openssl/issues/30052
This is a blatent cheat. While I can get pretty close to getting
around cheating by cacheing extensions as X509 objects are created it's
too fragile at the moment. In a future with a better not-copying all
the things X509, we would endeavour to not need this.
In the meantime, in the interest of getting the public API ready to
do that, we instead make a blatent cheat in the internal function of
int ossl_x509v3_cache_extensions(const X509 *x);
Which in a future world we can work to make go away.
And then the public API all changes to const.
long X509_get_pathlen(const X509 *x);
int X509_check_ca(const X509 *x);
int X509_check_purpose(const X509 *x, int id, int ca);
long X509_get_proxy_pathlen(const X509 *x);
uint32_t X509_get_extension_flags(const X509 *x);
uint32_t X509_get_key_usage(const X509 *x);
uint32_t X509_get_extended_key_usage(const X509 *x);
onst ASN1_OCTET_STRING *X509_get0_subject_key_id(const X509 *x);
const ASN1_OCTET_STRING *X509_get0_authority_key_id(const X509 *x);
const GENERAL_NAMES *X509_get0_authority_issuer(const X509 *x);
const ASN1_INTEGER *X509_get0_authority_serial(const X509 *x);
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Mon Feb 23 16:34:29 2026
(Merged from https://github.com/openssl/openssl/pull/30055)
Richard Levitte [Thu, 19 Feb 2026 15:30:45 +0000 (16:30 +0100)]
Fix the uses of X509_check_certificate_times
The "error" parameter to 'X509_check_certificate_times' gets an X509 error
value, which isn't a OpenSSL ERR reason code. Unfortunately, this was
conflated.
This restores the behaviour in the places of conflation to something
similar enough to what was done before 'X509_check_certificate_times'
was implemented.
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Mon Feb 23 15:43:21 2026
(Merged from https://github.com/openssl/openssl/pull/30088)
Bob Beck [Fri, 20 Feb 2026 23:26:51 +0000 (16:26 -0700)]
Correct the instructions for how to run the krb5 external test.
What is there is a trap. I fell into it. I was sad.
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Sun Feb 22 21:47:54 2026
(Merged from https://github.com/openssl/openssl/pull/30122)
Angel Yankov [Thu, 19 Feb 2026 08:27:21 +0000 (10:27 +0200)]
Constify X509_CRL_get0_by_cert
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Sun Feb 22 17:57:56 2026
(Merged from https://github.com/openssl/openssl/pull/30079)
Neil Horman [Thu, 19 Feb 2026 15:52:31 +0000 (10:52 -0500)]
Constify X509_CRL_get0_by_cert
Update the X509 parameter to be const
Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
MergeDate: Sun Feb 22 17:55:12 2026
(Merged from https://github.com/openssl/openssl/pull/30090)
Bob Beck [Thu, 19 Feb 2026 20:20:20 +0000 (13:20 -0700)]
Return the correct error message in ossl_X509_print_ex_brief
X509_verify_cert_times returns a verify error code,
so X509_verify_cert_error_string() must be used to
convert it to text.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
MergeDate: Sun Feb 22 17:52:13 2026
(Merged from https://github.com/openssl/openssl/pull/30097)
Bob Beck [Thu, 19 Feb 2026 20:59:17 +0000 (13:59 -0700)]
Add a changes entry for the x509 time function changes
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Sun Feb 22 17:49:25 2026
(Merged from https://github.com/openssl/openssl/pull/30098)
Neil Horman [Fri, 20 Feb 2026 10:48:53 +0000 (05:48 -0500)]
Fix broken strict-warnings build in sskdf and x963kdf
when configuring with:
./Configure no-sskdf --strict-warnings
The build breaks as sskdf_new is defined but not used (as the same sskdf
file is used to implement x963kdf with a different new dispatch
function). i.e. we will build the file when sskdf is disabled but
x963kdf is enabled, omitting any use of sskdf_new
Easy fix, just gate the inclusion of sskdf_new on #ifndef
OPENSSL_NO_SSKDF.
Do the same for X963KDF, which has the same problem (thank you for
pointing that out @t8m)
Fixes #30105
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
MergeDate: Sun Feb 22 17:46:00 2026
(Merged from https://github.com/openssl/openssl/pull/30106)
Bob Beck [Tue, 17 Feb 2026 22:37:15 +0000 (15:37 -0700)]
Constify X509_chain_check_suiteb
For https://github.com/openssl/openssl/issues/30052
Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Sun Feb 22 17:37:38 2026
(Merged from https://github.com/openssl/openssl/pull/30058)
X509V3_set_nconf(): Improve error handling using this function, mostly in apps/
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16998)
X509V3_set_ctx(): Improve error handling using this function, mostly in apps/
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16998)
Viktor Dukhovni [Wed, 18 Feb 2026 04:27:55 +0000 (15:27 +1100)]
CHANGE log additions
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
MergeDate: Sat Feb 21 13:26:53 2026
(Merged from https://github.com/openssl/openssl/pull/29953)
Viktor Dukhovni [Tue, 10 Feb 2026 11:51:15 +0000 (22:51 +1100)]
Refactor openssl-speed(1)
- Adding support for "curveSM2" ECDH
- Integrating EdDSA and SM2 signature support into existing ECDSA code.
This removes ~500 lines of duplicated code.
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
MergeDate: Sat Feb 21 13:26:44 2026
(Merged from https://github.com/openssl/openssl/pull/29953)
Viktor Dukhovni [Wed, 11 Feb 2026 18:55:51 +0000 (05:55 +1100)]
New SSL tests for SM2 cert and key exchange
Also some additional tests for other MLKEM hybrids.
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
MergeDate: Sat Feb 21 13:26:36 2026
(Merged from https://github.com/openssl/openssl/pull/29953)
Milan Broz [Wed, 11 Feb 2026 12:02:26 +0000 (13:02 +0100)]
Add curveSM2 and curveSM2MLKEM768 TLS test.
This extends sslapi test for SM2-based key exchange.
Also add comments for #endif to clearly mark disabled code blocks.
Signed-off-by: Milan Broz <gmazyland@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Sat Feb 21 13:26:27 2026
(Merged from https://github.com/openssl/openssl/pull/29953)
Viktor Dukhovni [Sun, 8 Feb 2026 13:45:03 +0000 (00:45 +1100)]
Document ECDH over SM2 key exchange.
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
MergeDate: Sat Feb 21 13:26:15 2026
(Merged from https://github.com/openssl/openssl/pull/29953)
Viktor Dukhovni [Tue, 10 Feb 2026 16:32:17 +0000 (03:32 +1100)]
Support for RFC8998 curveSM2 + hybrid
This adds support for the "sm2sig_sm3" TLS 1.3 signature algorithm, the
"curveSM2" key exchange group (ECDH over SM2) and the associated
post-quantum/traditional (PQ/T) hybrid "curveSM2MLKEM768" key exchange.
The default key agreement group list is expanded to add two additional
PQ groups, immediately after X25519MLKEM768. These are the P-256-based
SecP256r1MLKEM768 and the SM2-based curveSMMLKEM768. Neither of the new
groups is a default client keyshare group, these would only come into
play after a server HRR, if for some reason X25519MLKEM768 is not
supported by the server, X25519 is not then the server's most
preferred group, and the server supports and prefers one of these
of X25519.
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
MergeDate: Sat Feb 21 13:26:07 2026
(Merged from https://github.com/openssl/openssl/pull/29953)
Viktor Dukhovni [Tue, 10 Feb 2026 15:58:43 +0000 (02:58 +1100)]
Use algorithm name macros instead of literals
In the default and FIPS provider dispatch tables use corresponding
macros instead of string literals.
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
MergeDate: Sat Feb 21 13:25:57 2026
(Merged from https://github.com/openssl/openssl/pull/29953)
Viktor Dukhovni [Tue, 10 Feb 2026 15:53:51 +0000 (02:53 +1100)]
Pass tls-version to cert sign/verify algorithms
Most signature algorithms will ignore this parameter, but for SM2 this
makes it possible to set the RFC8998 distinguished identifier.
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
MergeDate: Sat Feb 21 13:25:47 2026
(Merged from https://github.com/openssl/openssl/pull/29953)
Viktor Dukhovni [Tue, 10 Feb 2026 15:45:02 +0000 (02:45 +1100)]
New SM2 "tls-version" signature parameter
When the version is TLS 1.3, this sets the SM2 distinguished identifier to
the RFC8998 specified value: "TLSv1.3+GM+Cipher+Suite".
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
MergeDate: Sat Feb 21 13:25:39 2026
(Merged from https://github.com/openssl/openssl/pull/29953)
Viktor Dukhovni [Wed, 11 Feb 2026 18:49:33 +0000 (05:49 +1100)]
Implement default SM2 distinguished identifier
This is needed for certificate verification to work correctly.
Removed unnecessary explicit instances of the distid in most tests, and
documentation.
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
MergeDate: Sat Feb 21 13:25:30 2026
(Merged from https://github.com/openssl/openssl/pull/29953)
Viktor Dukhovni [Tue, 10 Feb 2026 14:55:02 +0000 (01:55 +1100)]
SM2 digest sign/verify context initialisation fix
SM digest sign/verify context initialisation needs to set the
"compute_z_digest" flag earlier, before calling sm2sig_signature_init(),
to process the provided parameters, because otherwise attempts to set
the "distinguished identifier" will erroneously fail.
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
MergeDate: Sat Feb 21 13:25:19 2026
(Merged from https://github.com/openssl/openssl/pull/29953)
Viktor Dukhovni [Mon, 9 Feb 2026 09:28:39 +0000 (20:28 +1100)]
New decoder generator returns matched field count
It can be useful to know how many parameters matched a decoded field,
(or at least whether that number is non-zero).
Tne new `produce_param_decoder_with_count` generator produces code that
updates a count output variable.
In particular, an RSA parameter handler did not handle requests for only
unexpected parameter as gracefully as one might want. It can now
return early when none of the provided parameters are relevant.
[ The number reported is a count of matching parameter values, not a
count of the resulting decoded fields, so if a parameter key occurs
more than once, the count can be larger than the number of fields
actually set. ]
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
MergeDate: Sat Feb 21 13:25:11 2026
(Merged from https://github.com/openssl/openssl/pull/29953)
Milan Broz [Thu, 19 Feb 2026 12:05:21 +0000 (13:05 +0100)]
Constify X509_REQ_get1_email, X509_get1_email and X509_get1_ocsp.
Functions seem not documented, but exported.
Signed-off-by: Milan Broz <gmazyland@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Fri Feb 20 17:07:41 2026
(Merged from https://github.com/openssl/openssl/pull/30082)
sftcd [Tue, 17 Feb 2026 23:09:01 +0000 (23:09 +0000)]
require manual build for external ECH tests
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
MergeDate: Fri Feb 20 14:16:40 2026
(Merged from https://github.com/openssl/openssl/pull/30059)
Tomas Mraz [Wed, 18 Feb 2026 14:09:37 +0000 (15:09 +0100)]
ECH: Remove whitespace at EOL or EOF
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
MergeDate: Fri Feb 20 10:11:21 2026
(Merged from https://github.com/openssl/openssl/pull/30066)
Tomas Mraz [Wed, 18 Feb 2026 14:09:11 +0000 (15:09 +0100)]
ECH: Use BIO_puts when appropriate
And also a few additional code cleanups.
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
MergeDate: Fri Feb 20 10:11:20 2026
(Merged from https://github.com/openssl/openssl/pull/30066)
sftcd [Tue, 17 Feb 2026 16:48:18 +0000 (16:48 +0000)]
ECH: change from I-D to RFC 9849 and resolve TODO(ECH) cases
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Thu Feb 19 09:22:37 2026
(Merged from https://github.com/openssl/openssl/pull/30048)
sftcd [Tue, 17 Feb 2026 19:11:50 +0000 (19:11 +0000)]
ECH: avoid pointer aliasing in tls_construct_ctos_psk()
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Thu Feb 19 09:20:46 2026
(Merged from https://github.com/openssl/openssl/pull/30051)
sftcd [Tue, 17 Feb 2026 18:37:04 +0000 (18:37 +0000)]
ech_check_format(): Fix potential out of bounds read
strspn() is called on likely non-NUL-terminated BIO buffer.
Copy it and add NUL-termination before calling the function.
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Thu Feb 19 09:17:54 2026
(Merged from https://github.com/openssl/openssl/pull/30050)
sftcd [Sun, 23 Nov 2025 23:19:16 +0000 (23:19 +0000)]
Add tests and documentation and fix a couple of issues identified by added tests
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
MergeDate: Mon Feb 16 15:41:15 2026
(Merged from https://github.com/openssl/openssl/pull/29200)
sftcd [Thu, 18 Dec 2025 14:39:10 +0000 (14:39 +0000)]
ossl_ech_get_retry_configs(): Check for integer overflow
Fixes DEF-02-010
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
MergeDate: Wed Feb 11 17:19:16 2026
(Merged from https://github.com/openssl/openssl/pull/29593)
sftcd [Thu, 18 Dec 2025 14:16:10 +0000 (14:16 +0000)]
tls_process_server_hello(): With retry config validate the outer hostname
Call SSL_set1_host() to apply the outer hostname to the certificate
validation.
Fixes DEF-02-009
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
MergeDate: Wed Feb 11 17:19:14 2026
(Merged from https://github.com/openssl/openssl/pull/29593)
sftcd [Thu, 18 Dec 2025 13:48:28 +0000 (13:48 +0000)]
ech_test.c: Add test for trying ECH with TLSv1.2
Fixes DEF-02-006
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
MergeDate: Wed Feb 11 17:19:13 2026
(Merged from https://github.com/openssl/openssl/pull/29593)
sftcd [Thu, 18 Dec 2025 02:10:38 +0000 (02:10 +0000)]
ssl_choose_server_version(): With ECH check if connection is TLSv1.3
Fixes DEF-02-005
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
MergeDate: Wed Feb 11 17:19:11 2026
(Merged from https://github.com/openssl/openssl/pull/29593)
sftcd [Tue, 25 Nov 2025 23:39:33 +0000 (23:39 +0000)]
Document that SSL_OP_ECH_TRIALDECRYPT can cause DoS in some circumstances
Fixes DEF-02-002
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
MergeDate: Wed Feb 11 17:19:10 2026
(Merged from https://github.com/openssl/openssl/pull/29593)
sftcd [Tue, 25 Nov 2025 22:41:23 +0000 (22:41 +0000)]
ech_read_priv_echconfiglist(): Pass encodedlen to BIO_new_mem_buf()
Fixes DEF-02-001
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
MergeDate: Wed Feb 11 17:19:08 2026
(Merged from https://github.com/openssl/openssl/pull/29593)
Matt Caswell [Thu, 5 Jun 2025 13:41:55 +0000 (14:41 +0100)]
Introduce the PACKET_msg_start() function
This gives us the start of the buffer in use for the PACKET.
We then use this information when calculating the TLS PSK binder.
Previously we were assuming knowledge about where the buffer starts.
However, with ECH, we may be using a different buffer to normal so it is
better to ask the PACKET where the start of the buffer is.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27776)
Stephen Farrell [Tue, 6 Aug 2024 22:16:58 +0000 (23:16 +0100)]
Documents initial agreed APIs for Encrypted Client Hello (ECH)
and includes a minimal demo for some of those APIs.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24738)
Stephen Farrell [Wed, 26 Jun 2024 11:55:17 +0000 (12:55 +0100)]
add ech-api.md
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24738)
Daniel Kubec [Mon, 16 Feb 2026 12:09:41 +0000 (13:09 +0100)]
CRL: reject malformed CRL Number and CRL Delta Indicator
Previously, a malformed ASN.1 INTEGER in the CRL Number or Delta CRL Indicator
extension would cause a parse error but the CRL would not be explicitly
rejected. Existing code discards the error and continues, accepting a CRL it
cannot fully parse, unlike other libraries and implementations that reject the
CRL outright.
Malformed encoding suggests a corrupt or tampered CRL, data that cannot be
parsed cannot be trusted. Reject the CRL outright if either extension cannot be
decoded, regardless of whether the extension is marked critical. This prevents
silent soft-fail behavior where revoked certificates could pass validation
unchecked.
Fixes #27374
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Fri Feb 20 16:24:44 2026
(Merged from https://github.com/openssl/openssl/pull/30024)
Milan Broz [Thu, 19 Feb 2026 09:47:33 +0000 (10:47 +0100)]
Constify X509v3_asid_validate_resource_set and X509v3_addr_validate_resource_set
These functions are exported, but undocumented.
Signed-off-by: Milan Broz <gmazyland@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Fri Feb 20 13:06:58 2026
(Merged from https://github.com/openssl/openssl/pull/30080)
Neil Horman [Wed, 18 Feb 2026 20:34:31 +0000 (15:34 -0500)]
constify X509_check_trust, X509_TRUST_add
Turn the X509 parameters to X509_check_trust and X509_TRUST_add into
consts.
Interesting side notes: X509_TRUST_add and some others that we're
modified as a result of this pr, are listed as public functions, but
have no documentation for them, and make doc-nits doesn't complain about
it. Unsure as to why, but we should probably look at that eventually
Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
MergeDate: Fri Feb 20 13:04:04 2026
(Merged from https://github.com/openssl/openssl/pull/30071)
Whilst this is still useful with pre-3.2 providers, it is actually unlikely to be deployed. And there are now openssl fips providers getting validated with statically linked jitterentropy source already.
See background info at:
- https://github.com/openssl/openssl/pull/25930
Fixes: https://github.com/openssl/openssl/issues/26903 Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
MergeDate: Fri Feb 20 11:15:25 2026
(Merged from https://github.com/openssl/openssl/pull/29641)
projects / thirdparty / openssl.git / log
