yangxuqing [Sat, 23 May 2026 02:33:35 +0000 (10:33 +0800)]
crypto/evp/m_sigver.c: fix potential double free on error path in do_sigver_init
In do_sigver_init(), if the for loop proceeds to its second iteration
(iter = 2), the results from the first iteration (signature and
tmp_keymgmt) are explicitly freed at the beginning of the loop.
However, the pointers are not set to NULL after being freed.
If an error occurs subsequently during this second iteration (for
example, if evp_signature_fetch_from_prov() returns NULL, triggering a
goto notsupported), the control flow jumps to the generic cleanup block
at the end of the function. This cleanup block calls
EVP_KEYMGMT_free(tmp_keymgmt) again on the dangling pointer, resulting
in a double free.
This commit resolves the issue by explicitly nullifying these pointers
immediately after they are freed at the start of the loop iteration.
(Note: This issue was discussed with the OpenSSL Security Team, who
classified it as a regular bug due to lack of attacker control and
requested a public PR.)
Fixes: 839ffdd11cd4 "EVP: Allow a fallback for operations that work with an EVP_PKEY"
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.foundation> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
MergeDate: Tue May 26 15:28:15 2026
(Merged from https://github.com/openssl/openssl/pull/31276)
Daniel Kubec [Mon, 18 May 2026 23:44:34 +0000 (01:44 +0200)]
test/tls13tickettest.c: check SSL_TICKET_NO_DECRYPT path in tls_parse_ctos_psk()
Add a test that rotates ticket keys so that the previously issued ticket
can no longer be decrypted: if session resumption fails
due to a NO_DECRYPT, it is expected to fall back to a full handshake,
and a new session ticket is issued.
Complements: 6115286faeb8 "TLSv1.3: reissue session ticket after full handshake on ciphersuite mismatch"
References: https://github.com/openssl/openssl/pull/30626
Reviewed-by: Matt Caswell <matt@openssl.foundation> Reviewed-by: Bob Beck <beck@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
MergeDate: Tue May 26 15:20:59 2026
(Merged from https://github.com/openssl/openssl/pull/31223)
crypto/cmp/cmp_genm.c: avoid strcat() in get_genm_itav()
There is no need to use strcat() there, as it concatenates into a string
that is used in a format string anyway. Put the literal prefix
into the format string and avoid literal string copying.
Fixes: d477484d33b7 "CMP: add support for genm/genp messages with id-it-caCerts" Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.foundation> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Bob Beck <beck@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
MergeDate: Tue May 26 14:54:19 2026
(Merged from https://github.com/openssl/openssl/pull/31230)
Andrew Dinh [Wed, 29 Apr 2026 17:44:17 +0000 (00:44 +0700)]
util: add acvp-test util
Add a Python script acvp-test to the util/ directory, that tests
an OpenSSL binary against the NIST ACVTS demo server. acvp-test util
supports most major algorithms, including PQC algorithms added in 3.5.
Test an OpenSSL binary against the NIST ACVTS demo server.
options:
-h, --help show this help message and exit
--algorithm ALGO Algorithm to test (default: ACVP-AES-CBC)
--direction {encrypt,decrypt} [{encrypt,decrypt} ...]
Direction(s) for symmetric algorithms (default: both)
--key-len BITS [BITS ...]
Key length(s) in bits for symmetric algorithms (default: all)
--production Run as a production validation (default: sample/demo mode)
--save-vectors Save downloaded vector sets to vectors_vsNNN.json
Andrew Dinh [Wed, 20 May 2026 16:09:48 +0000 (23:09 +0700)]
quic_impl.c: pass correct SSL to ossl_ssl_connection_new_int in ossl_quic_new_from_listener
In ossl_quic_new_from_listener(), the call to ossl_ssl_connection_new_int()
was passing NULL for the user_ssl parameter. NULL causes s->user_ssl
to be set to the inner TLS ssl object, so the inner SSL object points
to itself rather than to the outer QUIC connection object.
The fix passes &qc->obj.ssl instead of NULL. Afterwards,
ossl_quic_obj_init() will initialize &qc->obj.ssl in place.
Resolves: https://github.com/openssl/project/issues/989 Fixes: 0b15147a37c5 "Implement SSL_new_from_listener()" Reviewed-by: Bob Beck <beck@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.foundation> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
MergeDate: Tue May 26 14:12:45 2026
(Merged from https://github.com/openssl/openssl/pull/31257)
kovan [Thu, 29 Jan 2026 14:13:28 +0000 (15:13 +0100)]
doc: add SSL/SSL_CTX thread safety section to openssl-threads
Add explicit documentation about thread safety of SSL and SSL_CTX
objects, clarifying that:
- SSL_CTX can be shared among threads but should be treated as
read-only after creating SSL objects or sharing across threads
- SSL connection objects should only be used by one thread at a time
- Each thread handling TLS connections should create its own SSL object
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.foundation> Reviewed-by: Milan Broz <mbroz@openssl.org> Reviewed-by: Bob Beck <beck@openssl.org>
MergeDate: Tue May 26 13:19:35 2026
(Merged from https://github.com/openssl/openssl/pull/29847)
yangxuqing [Sat, 23 May 2026 02:06:41 +0000 (10:06 +0800)]
providers: Nullify BIO pointer after free to prevent double free
In providers/implementations/storemgmt/file_store_any2obj.c, if the
control flow reaches the err label after BIO_free(in) is called, a
double free will occur in the generic cleanup block.
Currently, the only path to this specific err jump is if
BUF_MEM_grow(mem, len) fails. As noted by the OpenSSL Security Team,
this failure is currently impossible because the buffer is being
shrunk (max_len >= len).
However, as requested by the security team via email, this commit
explicitly nullifies the in pointer after the first free to
future-proof the function and prevent a double free in case the
semantics of BUF_MEM_grow() or the surrounding logic change in
the future.
Fixes: 1b0f21f0555c "Implementing store support for EVP_SKEY"
CLA: trivial
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.foundation> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
MergeDate: Tue May 26 10:14:50 2026
(Merged from https://github.com/openssl/openssl/pull/31275)
Ahmed Rabea [Thu, 21 May 2026 13:24:11 +0000 (16:24 +0300)]
crypto/dso/dso_win32.c: fix win32_joiner buffer sizing for dir-only paths
win32_joiner() always emits a trailing '\' when file_split->dir
is present, even if file_split->file is NULL. The previous length
calculation only reserved that byte when file_split->file was also
non-NULL, which could cause a one-byte overflow.
Resolves: https://github.com/openssl/openssl/issues/31260 Fixes: cbecb3ac3763 "There's an ongoing project to bring some kind of path selection mechanism to the ENGINE framework. This means there there are going to be new functionality for the DSO part, and ultimately some way of merging two file specifications together.
CLA: trivial
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
MergeDate: Tue May 26 09:36:02 2026
(Merged from https://github.com/openssl/openssl/pull/31266)
As these are public by necessity, we may as well allow folks
to use them to selectively disable deprecation warnings if they
wish to temporarily use deprecated functions in limited locations
in their code.
Complements: 4036f4b0e324 "Add new public API for checking certificate times."
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
MergeDate: Tue May 26 09:22:58 2026
(Merged from https://github.com/openssl/openssl/pull/31270)
crypto/objects/obj_dat.c: return strlcpy result in OBJ_obj2txt()
strlcpy() (and OPENSSL_strlcpy() after it) returns the length
of the input string as a result, don't throw it away just to calculate
it once again on return.
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.foundation> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
MergeDate: Tue May 26 08:58:27 2026
(Merged from https://github.com/openssl/openssl/pull/31226)
mat [Wed, 29 Apr 2026 06:09:24 +0000 (09:09 +0300)]
test: add regression test for ciphersuite_cb() with empty list elements
Cover the three cases where CONF_parse_list() produces a NULL/empty
element: leading separator, trailing separator, and consecutive
separators (double colon). Before the fix these would crash via a
NULL memcpy inside ciphersuite_cb().
Each case also verifies via SSL_CTX_get_ciphers() that the valid
ciphersuite(s) in the same string were actually applied, not just
that the call returned without crashing.
Reviewed-by: Daniel Kubec <kubec@openssl.foundation> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
MergeDate: Tue May 26 08:56:53 2026
(Merged from https://github.com/openssl/openssl/pull/31023)
mat [Wed, 29 Apr 2026 06:08:44 +0000 (09:08 +0300)]
ssl: guard ciphersuite_cb() against NULL elem from CONF_parse_list
CONF_parse_list() invokes its callback with elem=NULL and len=0 for
empty list elements (e.g. consecutive separators like "A::B").
ciphersuite_cb() passed elem directly to memcpy() without checking for
NULL, triggering undefined behaviour on any input containing an empty
ciphersuite token.
Skip empty elements early by returning 1 before any pointer dereference.
Fixes #30919
Reviewed-by: Daniel Kubec <kubec@openssl.foundation> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
MergeDate: Tue May 26 08:56:52 2026
(Merged from https://github.com/openssl/openssl/pull/31023)
Bob Beck [Sat, 16 May 2026 16:34:52 +0000 (10:34 -0600)]
Make IPAddressFamily_cmp safe for 0 length objects with NULL data.
Found while adjusting the fuzzer to test for the requirement to
add NUL bytes on the end of ASN1 Strings. If we end up with a 0
length object here we can end up in a crash with memcmp.
This makes this cmp function test comparison like our others
that are 0 length object safe.
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Norbert Pocs <norbertp@openssl.org>
MergeDate: Tue May 26 08:51:35 2026
(Merged from https://github.com/openssl/openssl/pull/31201)
d2i_* docs: clarify how reuse is used, and how to set libctx and propq
Also removed BUGS section
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
MergeDate: Thu May 21 09:14:32 2026
(Merged from https://github.com/openssl/openssl/pull/28456)
Jakub Zelenka [Tue, 12 May 2026 18:27:38 +0000 (20:27 +0200)]
Add mfail test for ossl_ht_free
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
MergeDate: Thu May 21 09:09:37 2026
(Merged from https://github.com/openssl/openssl/pull/31237)
Jakub Zelenka [Tue, 19 May 2026 10:02:28 +0000 (12:02 +0200)]
Optimize hashtable without rcu freeing
It is not necessary to flush table for hash tables without rcu.
This is follow up to https://github.com/openssl/openssl/pull/31163
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
MergeDate: Thu May 21 09:09:36 2026
(Merged from https://github.com/openssl/openssl/pull/31237)
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
MergeDate: Thu May 21 09:03:28 2026
(Merged from https://github.com/openssl/openssl/pull/31216)
Jakub Zelenka [Thu, 7 May 2026 20:38:01 +0000 (22:38 +0200)]
Fix null derefs in ossl_quic_new_listener on mfail
This is caused incorrect err cleanup of mutex even if ql does not exist
(allocation failed).
It also fixes missing freeing of ports that result in assertion failure
because engine port list is not empty.
Reviewed-by: Matt Caswell <matt@openssl.foundation> Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
MergeDate: Thu May 21 08:52:14 2026
(Merged from https://github.com/openssl/openssl/pull/31112)
Bob Beck [Sat, 16 May 2026 17:29:07 +0000 (11:29 -0600)]
fix cmp mock server to not depend on NUL bytes in ASN1_STRING
ASN1_STRING is documented that the behavior of NUL byte addition
should not be depended upon.
The mock server calls strcmp on the bare data from an ASN1_STRING.
This only works if the data is NUL terminated.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
MergeDate: Wed May 20 16:01:47 2026
(Merged from https://github.com/openssl/openssl/pull/31202)
Nikola Pajkovsky [Tue, 12 May 2026 06:49:31 +0000 (08:49 +0200)]
stack: use a copy thunk for typed stack deep copies
typed safestack wrappers pass type-specific copy callbacks such as
TYPE *(*)(const TYPE *) to OPENSSL_sk_deep_copy(). The generic stack code
then called those callbacks through OPENSSL_sk_copyfunc,
void *(*)(const void *), which is an incompatible function pointer type and
triggers UBSan.
Add an OPENSSL_sk_copyfunc_thunk and store it on typed stacks, mirroring the
existing compare/free thunk pattern. Generated safestack helpers now install
a per-type copy thunk when constructing a stack, and internal_copy() uses that
thunk when deep-copying typed stacks. This preserves the generic stack API
while ensuring typed copy callbacks are invoked through their real signature.
Fixes: https://github.com/openssl/project/issues/1951 Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Wed May 20 15:53:45 2026
(Merged from https://github.com/openssl/openssl/pull/31151)
Nikola Pajkovsky [Tue, 12 May 2026 09:32:10 +0000 (11:32 +0200)]
stack: use free thunk when deep copy cleanup fails
internal_copy() used the generic OPENSSL_sk_freefunc directly when a deep
copy failed after copying some elements. For typed stacks, callers pass
type-specific free callbacks that have been cast to OPENSSL_sk_freefunc, so
calling them through the generic function pointer type is undefined behavior.
Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Wed May 20 15:53:43 2026
(Merged from https://github.com/openssl/openssl/pull/31151)
Nikola Pajkovsky [Mon, 11 May 2026 13:14:17 +0000 (15:14 +0200)]
stack: sk_<t1>_new_null() constructor is missing the OPENSSL_sk_set_cmp_thunks()
crypto/bsearch.c:33:17: runtime error: call to function int_compare through pointer to incorrect function type 'int (*)(const void *, const void *)'
/home/npajkovsky/openssl/openssl/test/stack_test.c:46: note: int_compare defined here
Fixes: https://github.com/openssl/project/issues/1950 Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Wed May 20 15:53:41 2026
(Merged from https://github.com/openssl/openssl/pull/31151)
Nikola Pajkovsky [Mon, 11 May 2026 09:43:28 +0000 (11:43 +0200)]
evp: avoid function-pointer-type UB in EVP_*_do_all_provided
evp_generic_do_all() invokes its callback through a fixed pointer type
of the form "void (*)(void *method, void *arg)". The public
EVP_*_do_all_provided() wrappers were handing it user callbacks of type
for example:
Calling a function through a pointer whose type does not match the
function's actual definition is undefined behavior in C and is flagged
by UBSan's -fsanitize=function.
Introduce a per-type thunk generated by EVP_DO_ALL_PROVIDED_THUNK that
has the exact signature evp_generic_do_all() expects. The thunk
receives the user's typed callback and arg in a small on-stack struct
and forwards them with the correct types, so every indirect call now
matches the pointee's real prototype.
No functional change intended.
Fixes: https://github.com/openssl/project/issues/1949 Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Wed May 20 15:53:38 2026
(Merged from https://github.com/openssl/openssl/pull/31151)
Daniel Kubec [Mon, 30 Mar 2026 11:43:41 +0000 (13:43 +0200)]
TLS1.3: Disable tickets when SSL_OP_NO_TICKET and SSL_SESS_CACHE_OFF are set.
Do not issue TLS 1.3 session tickets if the server has explicitly disabled
them via SSL_OP_NO_TICKET and also disabled the session cache with
SSL_SESS_CACHE_OFF. Together, these settings clearly indicate an intent to
suppress session resumption; sending NewSessionTicket messages in this case
would be wasteful and misleading.
From the server’s perspective, a client that does not advertise
psk_key_exchange_modes in TLS 1.3, or that sends it with RFC 9149 parameters
such as new_session_count = 0 or resumption_count = 0, is effectively
signaling no interest in session tickets or resumption.
RFC 8446 section 4.2.9: Servers MUST NOT select a key exchange mode that is
not listed by the client. This extension also restricts the modes for use
with PSK resumption. Servers SHOULD NOT send NewSessionTicket with tickets
that are not compatible with the advertised modes; however, if a server does
so, the impact will just be that the client's attempts at resumption fail.
Fixes #8077
Signed-off-by: Daniel Kubec <kubec@openssl.foundation> Reviewed-by: Matt Caswell <matt@openssl.foundation> Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
MergeDate: Wed May 20 15:42:00 2026
(Merged from https://github.com/openssl/openssl/pull/30639)
Weidong Wang [Wed, 18 Mar 2026 11:00:06 +0000 (06:00 -0500)]
Add test for SSL_SESSION leak on ticket abort in tls_parse_ctos_psk()
Add test_ticket_abort_session_leak() to verify that returning
SSL_TICKET_RETURN_ABORT from the decrypt ticket callback during TLS 1.3
resumption does not leak the SSL_SESSION allocated by tls_decrypt_ticket().
This exercises the error path fixed in commit 96f424c439.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
MergeDate: Wed May 20 14:38:04 2026
(Merged from https://github.com/openssl/openssl/pull/30464)
Weidong Wang [Tue, 17 Mar 2026 17:23:58 +0000 (12:23 -0500)]
Fix SSL_SESSION leak in tls_parse_ctos_psk() on ticket error paths
Two early 'return 0' statements bypass the err: label cleanup that
calls SSL_SESSION_free(sess). When tls_decrypt_ticket() allocates an
SSL_SESSION but the decrypt_ticket_cb returns ABORT, the session is
leaked. Replace 'return 0' with 'goto err' so the existing cleanup
handles it.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
MergeDate: Wed May 20 14:38:01 2026
(Merged from https://github.com/openssl/openssl/pull/30464)
Nikola Pajkovsky [Mon, 18 May 2026 07:48:59 +0000 (09:48 +0200)]
fix UB in priority_queue
clang-22 reports UB during test make test V=0 TESTS=test_priority_queue
ssl/priority_queue.c:159:13: runtime error: call to function size_t_compare through pointer to incorrect function type 'int (*)(const void *, const void *)'
/home/npajkovsky/openssl/openssl/test/priority_queue_test.c:28: note: size_t_compare defined here
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ssl/priority_queue.c:159:13
Fixes: https://github.com/openssl/project/issues/1953 Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Norbert Pocs <norbertp@openssl.org>
MergeDate: Tue May 19 10:43:59 2026
(Merged from https://github.com/openssl/openssl/pull/31209)
Configure: update $apitable with the recent versions
Fill $apitable with all the major.minor.0 versions up to the current one
in development. Note that while 3.5 hasn't had any APIs deprecated,
it still makes sense to support passing it as an "API level".
Resolves: https://github.com/openssl/openssl/issues/31196 Reported-by: Oliver Roberts <oliver@futaura.co.uk> Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.foundation>
MergeDate: Tue May 19 09:33:49 2026
(Merged from https://github.com/openssl/openssl/pull/31198)
Moryakhin Stas [Wed, 13 May 2026 13:06:34 +0000 (16:06 +0300)]
Fix app param memory cleaning
Fixes #31149
Reviewed-by: Matt Caswell <matt@openssl.foundation> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
MergeDate: Mon May 18 11:12:39 2026
(Merged from https://github.com/openssl/openssl/pull/31170)
Its last actual user was removed in 1620a2e49c77 "Fix dtls_query_mtu
so that it will always either complete with an mtu that is at least
the minimum or it will fail.", and the only remaining user,
dtls1_link_min_mtu(), just returns its last element unconditionally.
Remove g_probable_mtu and convert dtls1_link_min_mtu into a static const
containing the value.
Complements: 1620a2e49c77 "Fix dtls_query_mtu so that it will always either complete with an mtu that is at least the minimum or it will fail." Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.foundation> Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Mon May 18 11:09:52 2026
(Merged from https://github.com/openssl/openssl/pull/31175)
Abel Tom [Wed, 13 May 2026 16:18:45 +0000 (18:18 +0200)]
OBJ_bsearch_ex_(): Fix const qualifier warning with CHARSET_EBCDIC
Fixes #31161
When building with CHARSET_EBCDIC defined,the compiler warns about
discarding the 'const' qualifier when assigning from base_[i * size]
to the non-const pointer p1:
`warning: assignment discards 'const' qualifier from pointer target type`
Change p1 from 'char *' to 'const char *' to maintain const-correctness
since the data being pointed to should not be modified through this
pointer.
Additionally, remove the unused variables l and h that were left over
from a previous implementation of the fallback linear search. These
variables served no purpose and only generated unused variable warnings.
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
MergeDate: Mon May 18 11:07:53 2026
(Merged from https://github.com/openssl/openssl/pull/31173)
Jakub Zelenka [Thu, 7 May 2026 17:13:30 +0000 (19:13 +0200)]
Fix UAF if QUIC channel init fails
This happens because port does not get reset on the first freeing in
channel block so when it is being freed again in ossl_quic_new, it
tries to access item in port.
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
MergeDate: Mon May 18 10:50:23 2026
(Merged from https://github.com/openssl/openssl/pull/31109)
Norbert Pocs [Wed, 13 May 2026 14:10:55 +0000 (16:10 +0200)]
Use valid DH peer pubkey in the KAT tests
Co-authored-by: Viktor Dukhovni <viktor@openssl.org> Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
MergeDate: Mon May 18 07:34:16 2026
(Merged from https://github.com/openssl/openssl/pull/31171)
test/mem_alloc_test.c: fix my_malloc/my_realloc behaviour on size == 0
That puts them more in line with CRYPTO_malloc() and CRYPTO_realloc()
behaviour, whose behaviour for the requested size of 0 is well-documented
and not "implementation-defined", as POSIX allows.
Fixes: d090695101a9 "test: add a sanity test for memory allocation functions" Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.foundation> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
MergeDate: Mon May 18 07:30:49 2026
(Merged from https://github.com/openssl/openssl/pull/31158)
test/mem_alloc_test.c: increase alloc size for triggering OOM malloc failure
While half of the address space is enough to make malloc() fail on
kernels of the same bitness, 32-bit compat can have enough to accommodate
such a request, and even three fourth of the address space. Bump
the requested size closer to the type's upper limit.
Fixes: d090695101a9 "test: add a sanity test for memory allocation functions" Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.foundation> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
MergeDate: Mon May 18 07:30:48 2026
(Merged from https://github.com/openssl/openssl/pull/31158)
Reviewed-by: Matt Caswell <matt@openssl.foundation> Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
MergeDate: Mon May 18 07:27:55 2026
(Merged from https://github.com/openssl/openssl/pull/31022)
Jakub Zelenka [Mon, 11 May 2026 15:57:16 +0000 (17:57 +0200)]
Extend and separate mfail test framework
Separate the mfail framework so it can be used beyond testutil.
Specifically, this is a step toward using it in fuzzing.
This change also improves the way mfail tests are executed. It first
counts the number of allocations and then iterates through them.
This has a couple of advantages:
- It allows removal of MFAIL_SLOW_TEST by identifying slow tests based
on the number of allocations.
- It allows non-failing tests to be ignored.
In addition, it adds a new environment variable to print a backtrace on
memory failure.
Reviewed-by: Tomas Mraz <tomas@openssl.foundation> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
MergeDate: Mon May 18 07:23:52 2026
(Merged from https://github.com/openssl/openssl/pull/31144)
Norbert Pocs [Thu, 7 May 2026 14:00:10 +0000 (16:00 +0200)]
providers/implementation: Generate header includes for .inc files
Make these headers self contained even as they are .inc files. This
approach makes it a lot easier to achieve self contained files and
protects from include reorders. (where the .inc can get above the
dependent headers)
Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
MergeDate: Mon May 18 07:03:48 2026
(Merged from https://github.com/openssl/openssl/pull/31153)
Norbert Pocs [Tue, 5 May 2026 10:36:23 +0000 (12:36 +0200)]
a_strnid: put includes together
clang-tidy calculates where to place the headers to be added. The
maximum is the latest include present in the file. Therefore the
algorithm sometimes addes the includes wrongly in the middle of the
file.
Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
MergeDate: Mon May 18 07:03:47 2026
(Merged from https://github.com/openssl/openssl/pull/31153)
007bsd [Mon, 4 May 2026 17:07:29 +0000 (20:07 +0300)]
Fix function pointer type mismatch when freeing ECX keys
ossl_ecx_key_free is declared as void(ECX_KEY *) but registered
directly in the X25519/X448/Ed25519/Ed448 keymgmt OSSL_DISPATCH
tables for OSSL_FUNC_KEYMGMT_FREE, which is invoked through a
void(*)(void *) pointer in evp_keymgmt_freedata. Calling a function
through a pointer to an incompatible function type is undefined
behavior and is reported by UndefinedBehaviorSanitizer on every
ECX key free:
crypto/evp/keymgmt_meth.c:392:5: runtime error: call to function
ossl_ecx_key_free through pointer to incorrect function type
'void (*)(void *)'
crypto/ec/ecx_key.c:65: note: ossl_ecx_key_free defined here
All four algorithms share the same MAKE_KEYMGMT_FUNCTIONS dispatch
macro, so they hit the same UB; UBSan just deduplicates the report
on the first call.
Mirror the wrapper pattern used by ml_kem_free_key, ml_dsa_free_key,
slh_dsa_free_key, dsa_freedata, ec_freedata, and lms_free_key: add
a small static ecx_free_key with the correct OSSL_FUNC_keymgmt_free_fn
signature that forwards to ossl_ecx_key_free, and register the
wrapper in the dispatch macro. The existing direct callers of
ossl_ecx_key_free in ecx_kmgmt.c are unchanged since they pass a
typed ECX_KEY *.
CLA: trivial
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
MergeDate: Thu May 14 09:31:58 2026
(Merged from https://github.com/openssl/openssl/pull/31078)
007bsd [Mon, 4 May 2026 17:07:29 +0000 (20:07 +0300)]
Fix function pointer type mismatch when freeing ML-KEM keys
ossl_ml_kem_key_free is declared as void(ML_KEM_KEY *) but registered
directly in the ML-KEM keymgmt OSSL_DISPATCH table for
OSSL_FUNC_KEYMGMT_FREE, which is invoked through a void(*)(void *)
pointer in evp_keymgmt_freedata. Calling a function through a pointer
to an incompatible function type is undefined behavior and is
reported by UndefinedBehaviorSanitizer on every ML-KEM key free:
crypto/evp/keymgmt_meth.c:392:5: runtime error: call to function
ossl_ml_kem_key_free through pointer to incorrect function type
'void (*)(void *)'
crypto/ml_kem/ml_kem.c:1751: note: ossl_ml_kem_key_free defined here
Mirror the wrapper pattern used by ml_dsa_free_key, slh_dsa_free_key,
dsa_freedata, ec_freedata, and lms_free_key: add a small static
ml_kem_free_key with the correct OSSL_FUNC_keymgmt_free_fn signature
that forwards to ossl_ml_kem_key_free, and register the wrapper in
the dispatch table. The existing direct callers of
ossl_ml_kem_key_free in ml_kem_kmgmt.c are unchanged since they pass
a typed ML_KEM_KEY *.
CLA: trivial
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
MergeDate: Thu May 14 09:31:57 2026
(Merged from https://github.com/openssl/openssl/pull/31078)
Tomas Mraz [Tue, 12 May 2026 12:39:06 +0000 (14:39 +0200)]
Use CRYPTO_memcmp() when comparing the private keys
ML-DSA and SLH-DSA used regular memcmp, use CRYPTO_memcmp()
just in case.
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
MergeDate: Thu May 14 09:29:14 2026
(Merged from https://github.com/openssl/openssl/pull/31155)
Jakub Zelenka [Tue, 12 May 2026 17:36:34 +0000 (19:36 +0200)]
Fix memleak in hashtable free if flush fails
This happens because free_oldmd is not run when flush fails
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Thu May 14 09:26:11 2026
(Merged from https://github.com/openssl/openssl/pull/31163)
Remove trailing whitespace to address the following find-doc-nits
warnings:
WARNING: line containing nothing but whitespace in paragraph at line 65 in file doc/man7/EVP_CIPHER-DES.pod
WARNING: line containing nothing but whitespace in paragraph at line 69 in file doc/man7/EVP_CIPHER-DES.pod
Fixes: 5ff19a7297ea "docs: Document required output buffer length in EVP_CIPHER-DES" Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
MergeDate: Thu May 14 09:24:31 2026
(Merged from https://github.com/openssl/openssl/pull/31141)
PR #27706 (that this PR reverts) was intended to fix nginx/nginx#711
The problem was that when calling SSL_set_SSL_CTX() from an SNI callback
when using a QUIC object, the QUIC custom extensions were not being
handled correctly. The fix attempted to resolve this to make sure that
they were correctly being copied.
However, in reality there was a bug in the SNI callback code that meant when
we called it from a QUIC connection we were passing the *inner* TLS
object instead of the real QUIC one. The *inner* TLS object should be
entirely internal and not exposed to user callbacks. This bug was fixed in dc84829cc5.
Once the above fix was in place `SSL_set_SSL_CTX()` immediately fails when
called with a QUIC object via the SNI callback. This was always the
intended behaviour - its use with a QUIC object was blocked since the very
beginning - but the fact that we passed the inner TLS object by mistake
circumvented the check when it was invoked from the SNI callback.
The fix in dc84829cc5 actually landed *before* the commit that this PR
reverts. So, in reality the nginx bug was already "fixed" by the time
that PR #27706 was merged (fixed in the sense that the invocation of
`SSL_set_SSL_CTX()` fails gracefully). The code that it introduced can not
be reached (and never could be) because calling `SSL_set_SSL_CTX()` is
explicitly blocked when using a QUIC object. Therefore we should remove
this dead code.
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
MergeDate: Wed May 13 16:23:24 2026
(Merged from https://github.com/openssl/openssl/pull/31159)
Tomas Mraz [Wed, 13 May 2026 08:39:14 +0000 (10:39 +0200)]
test/ffc_internal_test.c: The ffc_params_copy_mfail test needs DSA enabled
Instead of having disabled with no-dh, we need to disable it
with no-dsa.
Fixes: df53ee4fa00b "Add mfail test for ossl_ffc_params_copy" Reviewed-by: Matt Caswell <matt@openssl.foundation> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
MergeDate: Wed May 13 09:46:34 2026
(Merged from https://github.com/openssl/openssl/pull/31168)
Matt Caswell [Tue, 21 Apr 2026 16:34:55 +0000 (17:34 +0100)]
Treat an unknown PSK identity the same way as a binder validation failure
Doing things this way removes the possibility of an attacker probing for
valid PSK identities as described in Appendix E.6 of RFC8446. This only
make a difference in a PSK only server configuration. The signal will still
exist if the server can fallback to a full handshake.
Reviewed-by: Tomas Mraz <tomas@openssl.foundation> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
MergeDate: Wed May 13 07:38:32 2026
(Merged from https://github.com/openssl/openssl/pull/31026)
Daniel Kubec [Tue, 10 Mar 2026 16:44:58 +0000 (17:44 +0100)]
CRL: Refactoring and tests for extensions, entries, and serial number duplicates
Refactoring and added tests for extensions, entries, and serial number
duplicates. The tests intentionally reflect the current behavior and existing
error states, which are not always clearly distinguished (e.g., duplicate
extensions vs. parsing errors). This serves as a baseline; follow-up work may
improve error handling or explicitly mark some cases as wontfix.
Signed-off-by: Daniel Kubec <kubec@openssl.foundation> Reviewed-by: Tomas Mraz <tomas@openssl.foundation> Reviewed-by: Matt Caswell <matt@openssl.foundation>
MergeDate: Wed May 13 07:36:49 2026
(Merged from https://github.com/openssl/openssl/pull/30349)
port_make_channel() builds an incoming QUIC channel in stages: allocate
the channel, create the user SSL and inner TLS objects, optionally copy
qlog state, then initialise the channel. Under the mfail allocator,
failures in the middle of that sequence could leave ownership split
between the partially-created channel and the user SSL, leaking
allocations from ossl_quic_channel_alloc().
Make port_new_handshake_layer() return the created user SSL to
port_make_channel() and detach the borrowed channel before cleaning up
its own failures. port_make_channel() now owns the error path: it
detaches any created user SSL from the channel, frees the channel exactly
once according to whether channel initialisation already ran cleanup, and
then frees the user SSL.
Also make QUIC stream map cleanup tolerate a NULL map during partial
channel cleanup, and add a focused mfail regression test for
ossl_quic_port_create_incoming().
Fixes: https://github.com/openssl/openssl/issues/31014 Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.foundation> Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Tue May 12 12:01:04 2026
(Merged from https://github.com/openssl/openssl/pull/31038)
quic: check lh_QUIC_STREAM_new() return value in stream_map_init
ossl_quic_stream_map_init() did not check whether lh_QUIC_STREAM_new()
succeeded. On allocation failure qsm->map would be NULL and subsequent
operations on the stream map would dereference it.
Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.foundation> Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Tue May 12 12:01:02 2026
(Merged from https://github.com/openssl/openssl/pull/31038)
Bob Beck [Wed, 15 Apr 2026 19:31:42 +0000 (13:31 -0600)]
Deprecate the ASN1_BIT_STRING name related funcitons.
These seem to have been from something long long ago
that nothing uses anymore. It seems like this is just something
we should not be doing in this way.
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Norbert Pocs <norbertp@openssl.org>
MergeDate: Mon May 11 09:23:13 2026
(Merged from https://github.com/openssl/openssl/pull/30853)
Harry Betts [Sat, 9 May 2026 06:54:52 +0000 (16:54 +1000)]
Fix OOB read in EC_GROUP_new_from_params() with zero-length generator
When OSSL_PKEY_PARAM_EC_GENERATOR is provided as an octet string of
length 0, buf[0] is read before validating data_size, causing a
heap-buffer-overflow detectable under ASan.
Reject zero-length generator octet strings before the dereference.
CLA: trivial
Resolves: https://github.com/openssl/openssl/issues/31125 Fixes: c0f39ded68ba "Add Explicit EC parameter support to providers." Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
MergeDate: Mon May 11 08:34:15 2026
(Merged from https://github.com/openssl/openssl/pull/31128)
Jakub Zelenka [Tue, 5 May 2026 17:56:34 +0000 (19:56 +0200)]
Add various MFAIL tests to excercise ht insert
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
MergeDate: Mon May 11 08:21:56 2026
(Merged from https://github.com/openssl/openssl/pull/31092)
Jakub Zelenka [Tue, 5 May 2026 17:50:11 +0000 (19:50 +0200)]
Fix ignored call in ossl_rcu_call when cb item alloc fails
Currently when allocation of cb item fails, the actual cb function is
not called. The is used just in hashtable when the cb function frees
the old item which result in memory leak.
To fix this, the allocation needs to be separated and happen before the
assign operation is done.
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
MergeDate: Mon May 11 08:21:55 2026
(Merged from https://github.com/openssl/openssl/pull/31092)
Jakub Zelenka [Fri, 8 May 2026 14:42:01 +0000 (16:42 +0200)]
Add mfail test for new BIO dgram mem
Reviewed-by: Matt Caswell <matt@openssl.foundation> Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
MergeDate: Mon May 11 08:09:16 2026
(Merged from https://github.com/openssl/openssl/pull/31121)
Reject CR and LF characters before serializing request lines and HTTP
headers. This prevents malformed URL or caller supplied components
from altering the generated HTTP request.
Reviewed-by: Tomas Mraz <tomas@openssl.foundation> Reviewed-by: Matt Caswell <matt@openssl.foundation> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
MergeDate: Mon May 11 07:44:19 2026
(Merged from https://github.com/openssl/openssl/pull/31100)
Jakub Zelenka [Wed, 6 May 2026 16:22:47 +0000 (18:22 +0200)]
Fix memleak in ossl_ffc_params_copy if alloc fails
If allocation fails in ossl_ffc_params_copy, then the params that were
previously allocated are not freed. This results in a memory leak.
Fixes: dc8de3e6f1ee "Modify DSA and DH keys to use a shared FFC_PARAMS struct" Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.foundation> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
MergeDate: Mon May 11 07:21:45 2026
(Merged from https://github.com/openssl/openssl/pull/31098)
Bob Beck [Thu, 7 May 2026 21:30:03 +0000 (15:30 -0600)]
Correct ASN1_STRING_set() behaviour to match the documentation
ASN1_STRING_set() has never promised to call strlen() for other
negative values. Other values here likely indicate an error,
such as an integer overflow. Call strlen() only if the length
provided is -1.
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
MergeDate: Mon May 11 00:34:25 2026
(Merged from https://github.com/openssl/openssl/pull/31113)
crypto/evp/evp_lib.c: call va_end() in EVP_PKEY_Q_keygen() on error
Instead of returning NULL immediately, jump to the cleanup at the end
of the function. Reported by Coverity.
Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1593754 Fixes: 18472994f065 "The EVP_PKEY_Q_keygen function now explicitly handles NULL curve name" Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.foundation> Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
MergeDate: Mon May 11 00:28:25 2026
(Merged from https://github.com/openssl/openssl/pull/31107)
quic_channel.c: fix potential memory leak on failure in ossl_quic_channel_alloc
Add missing OPENSSL_free() in error path.
Fixes: 35dc6c353bf "QUIC: Make more transport parameters configurable" Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.foundation>
MergeDate: Mon May 11 00:23:13 2026
(Merged from https://github.com/openssl/openssl/pull/30754)
Bob Beck [Thu, 29 Jan 2026 18:31:40 +0000 (11:31 -0700)]
Deprecate the X509_check_{email,host,ip,ip_asc} family of functions
Our own documentation for quite some time has indicated
that you should call X509_verify_cert() instead of using these.
Actually deprecate them and make apps not use the now deprecated
functions.
Zoey Chapell [Tue, 24 Mar 2026 15:30:52 +0000 (11:30 -0400)]
doc: clarify algorithm discovery in openssl-genpkey.pod.in
Add a reference to 'openssl list -public-key-algorithms' in the
-algorithm description to improve discoverability and long term
consistency. Documentation only change.
Add clarification for how to select the naming output in the correct spot.
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
MergeDate: Sun May 10 23:59:03 2026
(Merged from https://github.com/openssl/openssl/pull/30556)
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
MergeDate: Sun May 10 23:52:21 2026
(Merged from https://github.com/openssl/openssl/pull/29851)
Milan Broz [Mon, 4 May 2026 14:13:27 +0000 (14:13 +0000)]
bn_nist.c: remove unreachable BN_BITS2 == 64
The block in BN_nist_mod_224() is gated by
#if defined(NIST_INT64) && BN_BITS2 != 64
so the #if
#if BN_BITS2 == 64
rp[7] = carry;
#endif
is unreachable. Remove it.
The code is actualy relic of an earlier design where the NIST_INT64
accumulator path was meant 64-bit too.
Disabling 64-bit path above with BN_BITS2 != 64 resulted in
#if BN_BITS2 == 64 was left unreachable
The outer condition is correct, it is meant to be 32bit only,
otherwise it would need to introduce load_u32/store_lo32 as in other
functions to avoid clang strict-aliasing optimizer issues.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Thu May 7 20:11:12 2026
(Merged from https://github.com/openssl/openssl/pull/31076)
Norbert Pocs [Mon, 4 May 2026 13:51:50 +0000 (15:51 +0200)]
Merge .inc files with header
When the .inc is only used once, include the file at place.
Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
MergeDate: Thu May 7 19:30:01 2026
(Merged from https://github.com/openssl/openssl/pull/31075)
Bob Beck [Mon, 9 Mar 2026 20:30:02 +0000 (14:30 -0600)]
Forbid GEN_OTHERNAME SMTP UTF8 email name constraints.
RFC 9598 States:
Certificate Authorities that wish to issue CA certificates with email
address name constraints MUST use rfc822Name subject alternative names
only. These MUST be IDNA2008-conformant names with no mappings and with
non-ASCII domains encoded in A-labels only.
This appears to be to get around the confusion created if someone
attempts to encode a name constraint for an email address into the
UTF-8 version of the name
Were someone to attempt to support this, not only would you now have
to check two separate sets of name constraints for the same thing, but
would now have to decide what to do if they said different things.
So we just flag any such certficiate as invalid
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Thu May 7 16:09:44 2026
(Merged from https://github.com/openssl/openssl/pull/30329)
Bob Beck [Thu, 30 Apr 2026 16:34:28 +0000 (10:34 -0600)]
Don't rely on cmp of uninitialized values in obj_dat.pl
Since we use this for a sort, in theory this could become
inconsistent if we were to do a make update, re-generate
the output, and check it in from a different development
platform that returns different inconsistencies in how
cmp behaves on uninitialized values.
Rather than ponder this, just make this consistent
by ensuring undefined values have 0 length, and remove
the disabling of the warnings in obj_cmp
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Thu May 7 15:41:12 2026
(Merged from https://github.com/openssl/openssl/pull/31046)
Tomas Mraz [Tue, 5 May 2026 15:01:42 +0000 (17:01 +0200)]
The tag value must fit into int
We cannot allow an unbounded tag value as this is an O(n^2) algorithm
and the tag cannot be larger than INT_MAX anyway.
Fixes 35852da1d9e24cb74034b2f418cef3a58203b127
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.foundation> Reviewed-by: Simo Sorce <simo@redhat.com>
MergeDate: Thu May 7 12:12:25 2026
(Merged from https://github.com/openssl/openssl/pull/31091)
Jakub Zelenka [Mon, 4 May 2026 09:50:48 +0000 (11:50 +0200)]
Add coverage files clean up make targets
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Thu May 7 07:09:02 2026
(Merged from https://github.com/openssl/openssl/pull/31071)
projects / thirdparty / openssl.git / log
