Neil Horman [Wed, 21 Jan 2026 15:12:15 +0000 (10:12 -0500)]
check-news-changes.yml: Fix the label check
The yaml for the check-news-changes CI job had an error in the step
conditional that prevented skipping the check if the
no_news_changes_needed flag was set. Fix that.
While we're add it, also add some debug code so that we can better see
what the checks are looking at during the CI job.
Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Thu Jan 22 17:19:07 2026
(Merged from https://github.com/openssl/openssl/pull/29705)
Igor Ustinov [Mon, 15 Dec 2025 14:13:42 +0000 (15:13 +0100)]
Fix of EOF and retry handling in BIO implementations
Added handling for negative length in read functions.
Fixes openssl/project#1739
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Thu Jan 22 17:12:37 2026
(Merged from https://github.com/openssl/openssl/pull/29401)
SiteRelEnby [Wed, 21 Jan 2026 02:57:52 +0000 (02:57 +0000)]
Fix NULL pointer dereference when zlib DSO fails to load
When ZLIB_SHARED is defined and DSO_load() fails to load the zlib
library, ossl_comp_zlib_init() incorrectly returns 1 (success) while
leaving all function pointers (p_compress, p_uncompress, etc.) as NULL.
This causes COMP_zlib() and COMP_zlib_oneshot() to return valid-looking
COMP_METHOD pointers, but when these methods are used (e.g., during
TLS 1.3 certificate decompression), the NULL function pointers are
dereferenced, causing a SIGSEGV crash.
The bug occurs because the NULL pointer check (lines 297-303) was inside
the `if (zlib_dso != NULL)` block, so it was skipped entirely when
DSO_load() returned NULL.
The fix moves the NULL pointer check outside the conditional block,
consistent with how c_brotli.c and c_zstd.c handle this case. Now if
the DSO fails to load, all function pointers remain NULL, the check
catches this, and the function correctly returns 0 (failure).
This also fixes an incorrect cast of p_uncompress from compress_ft to
the correct uncompress_ft type.
PoC demonstrating the bug: https://github.com/SiteRelEnby/openssl-zlib-poc
Fixes #23563
CLA: trivial
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Thu Jan 22 17:00:50 2026
(Merged from https://github.com/openssl/openssl/pull/29699)
JohnnySavages [Fri, 19 Dec 2025 03:43:41 +0000 (22:43 -0500)]
Remove unnecessary post-increment
Found by Linux Verification Center (linuxtesting.org) with SVACE.
CLA:trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
MergeDate: Thu Jan 22 10:10:51 2026
(Merged from https://github.com/openssl/openssl/pull/29456)
Milan Broz [Wed, 14 Jan 2026 12:31:39 +0000 (13:31 +0100)]
Add float-conversion to default strict warnings
As discussed, bad-function-cast and conversion produces strange results.
Add at least float-conversion - Warn for implicit conversions that reduce
the precision of a real value.
Also fix ct_test absolute value seconds calculation (without using math.h)
and then converts is to time_t.
(n.b. this is not stricly needed for the relaxed warnings, but it is more readable)
Fixes: https://github.com/openssl/project/issues/1816 Signed-off-by: Milan Broz <gmazyland@gmail.com> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
MergeDate: Thu Jan 22 09:58:07 2026
(Merged from https://github.com/openssl/openssl/pull/29663)
PowerPC support has been dropped in Mac OS X with the release of Mac OS
X Lion (10.7) in 2010, and the last supporting release, Snow Leopard
(10.6.x) is out of support since 2011.
Also remove Rhapsody (the Mac OS X precursor) targets.
Complements: https://github.com/openssl/openssl/pull/29653 Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
MergeDate: Thu Jan 22 09:55:26 2026
(Merged from https://github.com/openssl/openssl/pull/29672)
Neil Horman [Tue, 20 Jan 2026 17:14:04 +0000 (12:14 -0500)]
Do thunking of SHA256_Update
The SHA256_Update function (in fact all functions implemented via the
HASH_UPDATE macro) have mismatched prototypes with the
OSSL_FUNC_digest_update_fn.
This leads to ubsan errors with more recent versions of clang
Create a Thunk that does the proper casting on those function pointer
callbacks
Fixes #29615
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29650)
Upgrade prime ECDSA self tests from secp224r1 to prime256v1.
Upgrade binary ECDSA self tests from sect233r1 to sect283r1.
This is forward looking change to allow raising the lower bound in
ossl_ec_check_security_strength() /
OSSL_FIPS_MIN_SECURITY_STRENGTH_BITS in case legacy/deprecated
behaviour is not needed to be supported (for example builds with
support for primary curves only of P-256 or higher).
Did a test build to ensure that updating
OSSL_FIPS_MIN_SECURITY_STRENGTH_BITS to 128 passes fips
selftests. Note not currently recommended.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29674)
JohnnySavages [Fri, 19 Dec 2025 06:05:07 +0000 (01:05 -0500)]
Change evp_keymgmt_util_clear_operation_cache return type to void
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29458)
Zijie Zhao [Thu, 15 Jan 2026 21:04:49 +0000 (15:04 -0600)]
Fix `EVP_KEYMGMT` leak in `evp_pkey_signature_init()` error paths
Early returns when signature/key type are incompatible bypass cleanup
of `tmp_keymgmt` allocated via `evp_keymgmt_fetch_from_prov()`. Use goto
to ensure `EVP_KEYMGMT_free()` is called on all error paths.
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Tue Jan 20 19:01:17 2026
(Merged from https://github.com/openssl/openssl/pull/29651)
Milan Broz [Wed, 14 Jan 2026 12:48:40 +0000 (13:48 +0100)]
Fix type-limits and add this warning to default strict warnings
One mistake recently introduced in commit b6aed64e47b.
Fixes: https://github.com/openssl/project/issues/1815 Signed-off-by: Milan Broz <gmazyland@gmail.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Tue Jan 20 18:44:58 2026
(Merged from https://github.com/openssl/openssl/pull/29662)
Milan Broz [Wed, 14 Jan 2026 13:32:43 +0000 (14:32 +0100)]
Fix unterminated-string-initialization and add this warning to strict warnings
The -Wunterminated-string-initialization is a strange gcc warning,
as C99 allows non-nul string initialization.
Note, it is included in -Wextra, but does not exist in old gcc versions.
However, it can report other real bugs.
Fixes: https://github.com/openssl/project/issues/1814 Signed-off-by: Milan Broz <gmazyland@gmail.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Tue Jan 20 18:43:39 2026
(Merged from https://github.com/openssl/openssl/pull/29661)
Zijie Zhao [Thu, 15 Jan 2026 17:55:53 +0000 (11:55 -0600)]
Fix double-free in TLS1-PRF KDF when digest change fails
When changing the digest from MD5-SHA1 to a non-MD5-SHA1 digest,
`ctx->P_sha1` is freed but not set to NULL. If `ossl_prov_macctx_load()`
subsequently fails, `ctx->P_sha1` remains as a dangling pointer.
When the context is later freed via `kdf_tls1_prf_reset()`, this
causes a double-free.
Fix by setting `ctx->P_sha1` to NULL immediately after freeing it.
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Tue Jan 20 18:21:38 2026
(Merged from https://github.com/openssl/openssl/pull/29649)
Zero out memory after allocation to avoid usage of uninitialized memory
==1155903==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x5571e03fe712 in ASN1_get_object cmake-build-release-msan/./contrib/openssl/crypto/asn1/asn1_lib.c:62:11
#1 0x5571e0408981 in asn1_check_tlen cmake-build-release-msan/./contrib/openssl/crypto/asn1/tasn_dec.c:1164:13
#2 0x5571e04048c8 in asn1_item_embed_d2i cmake-build-release-msan/./contrib/openssl/crypto/asn1/tasn_dec.c:346:15
#3 0x5571e04043ba in asn1_item_ex_d2i_intern cmake-build-release-msan/./contrib/openssl/crypto/asn1/tasn_dec.c:118:10
#4 0x5571e04043ba in ASN1_item_d2i_ex cmake-build-release-msan/./contrib/openssl/crypto/asn1/tasn_dec.c:144:9
#5 0x5571e04043ba in ASN1_item_d2i cmake-build-release-msan/./contrib/openssl/crypto/asn1/tasn_dec.c:154:12
#6 0x5571e08460ad in ossl_epki2pki_der_decode cmake-build-release-msan/./contrib/openssl/providers/implementations/encode_decode/decode_epki2pki.c:161:13
#7 0x5571e084c5a3 in pem2der_decode cmake-build-release-msan/./contrib/openssl/providers/implementations/encode_decode/decode_pem2der.c:227:18
#8 0x5571e053827e in decoder_process cmake-build-release-msan/./contrib/openssl/crypto/encode_decode/decoder_lib.c:1101:14
#9 0x5571e0537016 in OSSL_DECODER_from_bio cmake-build-release-msan/./contrib/openssl/crypto/encode_decode/decoder_lib.c:82:10
#10 0x5571e067f5c4 in pem_read_bio_key_decoder cmake-build-release-msan/./contrib/openssl/crypto/pem/pem_pkey.c:60:13
#11 0x5571e067f5c4 in pem_read_bio_key cmake-build-release-msan/./contrib/openssl/crypto/pem/pem_pkey.c:241:11
#12 0x5571e06801d3 in PEM_read_bio_PrivateKey_ex cmake-build-release-msan/./contrib/openssl/crypto/pem/pem_pkey.c:304:12
#13 0x5571e0350beb in SSL_CTX_use_PrivateKey_file cmake-build-release-msan/./contrib/openssl/ssl/ssl_rsa.c:415:16
#14 0x5571dd4dfa6a in Poco::Net::Context::init(Poco::Net::Context::Params const&) cmake-build-release-msan/./base/poco/NetSSL_OpenSSL/src/Context.cpp:296:14
#15 0x5571dd4deb28 in Poco::Net::Context::Context(Poco::Net::Context::Usage, Poco::Net::Context::Params const&) cmake-build-release-msan/./base/poco/NetSSL_OpenSSL/src/Context.cpp:54:2
#16 0x5571dd4f5c2d in Poco::Net::SSLManager::initDefaultContext(bool) cmake-build-release-msan/./base/poco/NetSSL_OpenSSL/src/SSLManager.cpp:287:34
#17 0x5571dd4f220b in Poco::Net::SSLManager::defaultServerContext() cmake-build-release-msan/./base/poco/NetSSL_OpenSSL/src/SSLManager.cpp:125:3
#18 0x5571cf03e24e in DB::CertificateReloader::findOrInsert(ssl_ctx_st*, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>> const&) cmake-build-release-msan/./src/Server/CertificateReloader.cpp:134:57
#19 0x5571cf038968 in DB::CertificateReloader::tryLoadImpl(Poco::Util::AbstractConfiguration const&, ssl_ctx_st*, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>> const&) cmake-build-release-msan/./src/Server/CertificateReloader.cpp:202:19
#20 0x5571cf0377be in DB::CertificateReloader::tryLoad(Poco::Util::AbstractConfiguration const&, ssl_ctx_st*, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>> const&) cmake-build-release-msan/./src/Server/CertificateReloader.cpp:117:5
#21 0x5571cf0377be in DB::CertificateReloader::tryLoad(Poco::Util::AbstractConfiguration const&) cmake-build-release-msan/./src/Server/CertificateReloader.cpp:104:5
#22 0x5571a6dd25b6 in DB::Server::main(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>>> const&) cmake-build-release-msan/./programs/server/Server.cpp:2548:37
#23 0x5571dd55924b in Poco::Util::Application::run() cmake-build-release-msan/./base/poco/Util/src/Application.cpp:315:8
#24 0x5571a6d7be66 in DB::Server::run() cmake-build-release-msan/./programs/server/Server.cpp:660:25
#25 0x5571dd5a373a in Poco::Util::ServerApplication::run(int, char**) cmake-build-release-msan/./base/poco/Util/src/ServerApplication.cpp:131:9
#26 0x5571a6d73b43 in mainEntryClickHouseServer(int, char**) cmake-build-release-msan/./programs/server/Server.cpp:447:20
#27 0x55718152671d in main cmake-build-release-msan/./programs/main.cpp:380:21
#28 0x7feb2b627634 in __libc_start_call_main /usr/src/debug/glibc/glibc/csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#29 0x7feb2b6276e8 in __libc_start_main /usr/src/debug/glibc/glibc/csu/../csu/libc-start.c:360:3
#30 0x55718148ce6d in _start (/home/thevar1able/nvmemount/clickhouse/cmake-build-release-msan/programs/clickhouse+0xa889e6d) (BuildId: 0ab37401c8c27a02d94eb81b9cc50d79736b4266)
Uninitialized value was created by a heap allocation
#0 0x55718151d58d in malloc (/home/thevar1able/nvmemount/clickhouse/cmake-build-release-msan/programs/clickhouse+0xa91a58d) (BuildId: 0ab37401c8c27a02d94eb81b9cc50d79736b4266)
#1 0x5571e0634a19 in CRYPTO_malloc cmake-build-release-msan/./contrib/openssl/crypto/mem.c:211:11
#2 0x5571e06840ef in PKCS12_pbe_crypt_ex cmake-build-release-msan/./contrib/openssl/crypto/pkcs12/p12_decr.c:78:16
#3 0x5571e0845f0a in ossl_epki2pki_der_decode cmake-build-release-msan/./contrib/openssl/providers/implementations/encode_decode/decode_epki2pki.c:143:18
#4 0x5571e084c5a3 in pem2der_decode cmake-build-release-msan/./contrib/openssl/providers/implementations/encode_decode/decode_pem2der.c:227:18
#5 0x5571e053827e in decoder_process cmake-build-release-msan/./contrib/openssl/crypto/encode_decode/decoder_lib.c:1101:14
#6 0x5571e0537016 in OSSL_DECODER_from_bio cmake-build-release-msan/./contrib/openssl/crypto/encode_decode/decoder_lib.c:82:10
#7 0x5571e067f5c4 in pem_read_bio_key_decoder cmake-build-release-msan/./contrib/openssl/crypto/pem/pem_pkey.c:60:13
#8 0x5571e067f5c4 in pem_read_bio_key cmake-build-release-msan/./contrib/openssl/crypto/pem/pem_pkey.c:241:11
#9 0x5571e06801d3 in PEM_read_bio_PrivateKey_ex cmake-build-release-msan/./contrib/openssl/crypto/pem/pem_pkey.c:304:12
#10 0x5571e0350beb in SSL_CTX_use_PrivateKey_file cmake-build-release-msan/./contrib/openssl/ssl/ssl_rsa.c:415:16
#11 0x5571dd4dfa6a in Poco::Net::Context::init(Poco::Net::Context::Params const&) cmake-build-release-msan/./base/poco/NetSSL_OpenSSL/src/Context.cpp:296:14
#12 0x5571dd4deb28 in Poco::Net::Context::Context(Poco::Net::Context::Usage, Poco::Net::Context::Params const&) cmake-build-release-msan/./base/poco/NetSSL_OpenSSL/src/Context.cpp:54:2
#13 0x5571dd4f5c2d in Poco::Net::SSLManager::initDefaultContext(bool) cmake-build-release-msan/./base/poco/NetSSL_OpenSSL/src/SSLManager.cpp:287:34
#14 0x5571dd4f220b in Poco::Net::SSLManager::defaultServerContext() cmake-build-release-msan/./base/poco/NetSSL_OpenSSL/src/SSLManager.cpp:125:3
#15 0x5571cf03e24e in DB::CertificateReloader::findOrInsert(ssl_ctx_st*, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>> const&) cmake-build-release-msan/./src/Server/CertificateReloader.cpp:134:57
#16 0x5571cf038968 in DB::CertificateReloader::tryLoadImpl(Poco::Util::AbstractConfiguration const&, ssl_ctx_st*, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>> const&) cmake-build-release-msan/./src/Server/CertificateReloader.cpp:202:19
#17 0x5571cf0377be in DB::CertificateReloader::tryLoad(Poco::Util::AbstractConfiguration const&, ssl_ctx_st*, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>> const&) cmake-build-release-msan/./src/Server/CertificateReloader.cpp:117:5
#18 0x5571cf0377be in DB::CertificateReloader::tryLoad(Poco::Util::AbstractConfiguration const&) cmake-build-release-msan/./src/Server/CertificateReloader.cpp:104:5
#19 0x5571a6dd25b6 in DB::Server::main(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>>> const&) cmake-build-release-msan/./programs/server/Server.cpp:2548:37
#20 0x5571dd55924b in Poco::Util::Application::run() cmake-build-release-msan/./base/poco/Util/src/Application.cpp:315:8
#21 0x5571a6d7be66 in DB::Server::run() cmake-build-release-msan/./programs/server/Server.cpp:660:25
CLA: trivial
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
MergeDate: Tue Jan 20 18:19:16 2026
(Merged from https://github.com/openssl/openssl/pull/29647)
Fix openssl-cms man page references to -EncryptedData_encrypt option
CLA: trivial
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Tue Jan 20 18:06:27 2026
(Merged from https://github.com/openssl/openssl/pull/27996)
Bob Beck [Mon, 22 Dec 2025 18:32:08 +0000 (11:32 -0700)]
Constify the X509_STORE_CTX argument to the lookup_certs functions.
The justification for this not being const was because of
lookup_certs_sk(). The reasons this function could not have a
const store, is that it set the ctx's error code
when we could not allocate memory and returned NULL.
However, the other lookup_certs function, X509_STORE_CTX_get1_certs,
already does not set this error code when failing to allocate
memory on a return.
Given that you can't depend on the out of memory error code being
set in the general case, and the Beyonce rule appears to indicate
that nobody likes this behaviour (as nobody put a test on it) I
think it's safe to say we should just not modify the ctx, and
constify it.
For #28654
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Mon Jan 19 12:03:05 2026
(Merged from https://github.com/openssl/openssl/pull/29488)
Ryan Keane [Sat, 20 Dec 2025 10:30:00 +0000 (02:30 -0800)]
fix: Fix uninstall_dev failing to remove empty dir
Fix this error:
```
rmdir "$PREFIX/lib64/cmake/OpenSSL"
rmdir "$PREFIX/lib64"
rmdir: failed to remove '$PREFIX/lib64': Directory not empty
```
Because `rmdir $PREFIX/lib64/cmake` is missing
CLA: trivial Signed-off-by: Ryan Keane <the.ra2.ifv@gmail.com> Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
MergeDate: Mon Jan 19 11:58:05 2026
(Merged from https://github.com/openssl/openssl/pull/29472)
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Mon Jan 19 11:55:58 2026
(Merged from https://github.com/openssl/openssl/pull/29297)
Joshua Rogers [Sat, 10 Jan 2026 08:55:15 +0000 (19:55 +1100)]
Clear addr_iter on reset in bss_conn
Signed-off-by: Joshua Rogers <MegaManSec@users.noreply.github.com> Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28915)
Joshua Rogers [Sat, 11 Oct 2025 21:47:16 +0000 (05:47 +0800)]
Clear addr_iter on reset in bss_acpt
Signed-off-by: Joshua Rogers <MegaManSec@users.noreply.github.com> Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28915)
Nikola Pajkovsky [Mon, 19 Jan 2026 08:42:45 +0000 (09:42 +0100)]
update fuzz/corpora submodule
Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/29670)
util/ and .ctags.d/: remove remaining references to deleted util/check-format.pl
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29655)
slontis [Thu, 8 Jan 2026 04:22:44 +0000 (15:22 +1100)]
KDF: Add configuration options to disable many of the KDF algorithms.
This includes KDF's for ss,x963,hmac-drbg,KB,KRB5,PVK,SNMP,SSH and X942.
SSKDF/X963KDF Changes: Modify code to handle algorithms being disabled via configuration options.
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29576)
slontis [Wed, 14 Jan 2026 06:31:41 +0000 (17:31 +1100)]
Make OpenSSL generated error files use the current clang-format.
Anytime a new error code is added it generates error related files.
These are generated using a perl script which used readable indenting.
The indenting has been removed.
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29631)
rand_lib: do not silently ignore custom seed source failures
If a custom seed source is specified in the config file, it can be
silently ignored. For example if it is missing, fails to be created,
or fails to initialize it can be silently ignored and fallback to os
entropy instead.
To reproduce this, perform default configuration of openssl without
jitter entropy source, and then specify jitter entropy
source. Currently entropy will fall back to getrandom, instead of
erroring out.
This is not unique to jitter entropy source, there are a few other
entropy source providers out there on the market, and in all cases if
one is configuring OpenSSL to use a given seed source by name, it
should be honored.
Currently this will output a fresh rsa key, with this change however
it will now result in an error:
```
./Configure
make
./util/wrap.pl -jitter ./apps/openssl genrsa
Warning: generating random key material may take a long time
if the system has a poor entropy source
genrsa: Error generating RSA key 80ABAB8F9F7F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:375:Global default library context, Algorithm (JITTER : 0), Properties (<null>) 80ABAB8F9F7F0000:error:12000090:random number generator:rand_new_seed:unable to fetch drbg:crypto/rand/rand_lib.c:613: 80ABAB8F9F7F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:375:Global default library context, Algorithm (JITTER : 0), Properties (<null>) 80ABAB8F9F7F0000:error:12000090:random number generator:rand_new_seed:unable to fetch drbg:crypto/rand/rand_lib.c:613:
```
IMHO, if a user is configuring a custom seed source, it should be
honored without silently eating errors.
Note this partially reverts 1d180bbe8e2103f35328cf82fbde7fd23602735a
"rand: allow seed-src to be missing", which as far as I understand was
done to ensure that fallback seedsource is allowed to be missing. This
new implementation preserves this behaviour by ensuring error is not
raised if SEED-SRC (which since the above commit was changed to a
macro define OPENSSL_DEFAULT_SEED_SRC) is used as a fallback, and it
fails to be fetched. Previously all errors were popped unconditionaly,
thus same behaviour is preserved if SEED-SRC is completely missing and
it wasn't configured in the config file. cc @paulidale, also see: -
https://github.com/openssl/openssl/pull/13640
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29316)
Neil Horman [Wed, 14 Jan 2026 13:15:36 +0000 (08:15 -0500)]
Fix make check-format target
With our move to clang-format we no longer have a check-format script,
and so this make target is broken.
Fix it up to use clang-format-diff instead
Fixes #29594
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Fri Jan 16 14:37:09 2026
(Merged from https://github.com/openssl/openssl/pull/29634)
Igor Ustinov [Wed, 14 Jan 2026 13:44:00 +0000 (14:44 +0100)]
SSL_CTX_is_server() was added.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Fri Jan 16 13:19:25 2026
(Merged from https://github.com/openssl/openssl/pull/29635)
Pauli [Tue, 13 Jan 2026 21:14:38 +0000 (08:14 +1100)]
test: fix tests in lightof test_strn2_ removals
Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/29627)
Pauli [Tue, 13 Jan 2026 21:14:19 +0000 (08:14 +1100)]
test: fix endecode_test in light of test_strn2 removal
Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/29627)
Pauli [Tue, 13 Jan 2026 21:13:52 +0000 (08:13 +1100)]
test: get rid of the TEST_strn2_ functions
Their semantics are poorly defined and they are rarely used. The _ne
version being completely unused & tricky to define properly.
Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/29627)
Viktor Dukhovni [Sat, 3 Jan 2026 06:36:40 +0000 (17:36 +1100)]
Expose and report EC curve field degrees
Expose the EC field degree as a gettable parameter for both provided
and legacy EC keys. In the latter case, drop a spurious assertion,
since even in debug builds an application may try to get an unknown
parameter, and this should return an error rather than abort.
In the EC `TEXT` encoding format, instead of reporting the bit count of
the group order, report the field degree (which matches the size number
in the curve's name when present) and also the symmetric-equivalent
security-bits (adjusted down the the standard numbers (80, 112, 128,
192, 256).
Along the way, add a missing getter method for the EC_GROUP security
bits.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
MergeDate: Thu Jan 15 16:10:26 2026
(Merged from https://github.com/openssl/openssl/pull/29539)
Simultaneous derivation of several EVP_SKEY objects
A proposed design for using EVP_SKEY objects in the TLS stack
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Simo Sorce <simo@redhat.com>
(Merged from https://github.com/openssl/openssl/pull/29160)
BIO_FLAGS_BASE64_NO_NL ignored by b64_write() in OpenSSL 4.0.0
Fixes #29618
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29629)
Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29590)
slontis [Wed, 26 Nov 2025 06:42:43 +0000 (17:42 +1100)]
ML-DSA: Add a digest that can calculate external mu.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29223)
Neil Horman [Fri, 2 Jan 2026 17:29:34 +0000 (12:29 -0500)]
Create a simple check for suggesting NEWS/CHANGES additions
During a release cycle we always wind up going through our git history
to try make sure we caught all the stuff that needed a CHANGES/NEWS
entry. Lets try make that at least a little more automated here. PR's
that reference CVEs, come from feature branches or impact public apis
generally need a NEWS/CHANGES entry, so lets flag those during CI. It
should serve as a reminder to add entries to NEWS/CHANGES to prs meeting
the above criteria, and can be ignored via the application of the
no_news_changes_needed label to the PR.
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Norbert Pocs <norbertp@openssl.org>
MergeDate: Tue Jan 13 19:17:37 2026
(Merged from https://github.com/openssl/openssl/pull/29536)
Bob Beck [Wed, 7 Jan 2026 18:29:48 +0000 (11:29 -0700)]
Ensure ASN1 types are checked before use.
Some of these were fixed by LibreSSL in commit https://github.com/openbsd/src/commit/aa1f637d454961d22117b4353f98253e984b3ba8
this fix includes the other fixes in that commit, as well as fixes for others found by a scan
for a similar unvalidated access paradigm in the tree.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29582)
ml_dsa_kmgmt: check params against len and not pointers in ml_dsa_key_fromdata
The rest of the function conditions the presence/usage of pk/seed/sk
on the non-zeroness of pk_len/seed_len/sk_len, respectively, so perform
the *_len checks in a similar fashion; that makes it in line
with the similarly written ml_kem_key_fromdata() and stops giving Coverity
ideas that the pointers can be NULL when the respective len variables
are non-zero.
Fixes: 5421423ef95c "Flexible encoders for ML-DSA"
Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1680314 Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29596)
Joshua Rogers [Sun, 12 Oct 2025 13:35:47 +0000 (21:35 +0800)]
quic: remove dead VERSION_NEG handling in ch_rx_handle_packet
VERSION_NEG packets are handled and returned from earlier in the function.
The later switch case and its helper are unreachable and contradictory.
Remove them to avoid confusion and future behavior drift.
Signed-off-by: Joshua Rogers <MegaManSec@users.noreply.github.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Mon Jan 12 18:54:09 2026
(Merged from https://github.com/openssl/openssl/pull/28920)
Joshua Rogers [Sun, 12 Oct 2025 13:30:50 +0000 (21:30 +0800)]
quic: remove redundant free of inner TLS in accept_connection
SSL_free(conn_ssl) for a QCSO enters ossl_quic_free, which calls qc_cleanup.
qc_cleanup already frees qc->tls via SSL_free(qc->tls) and then frees qc->ch.
The additional SSL_free(ossl_quic_channel_get0_tls(new_ch)) releases the same
TLS a second time, which is redundant.
We also replace some of the pure condition checks with ossl_assert() checks
as these conditions cannot really fail.
Signed-off-by: Joshua Rogers <MegaManSec@users.noreply.github.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Mon Jan 12 18:54:07 2026
(Merged from https://github.com/openssl/openssl/pull/28920)
Joshua Rogers [Sun, 12 Oct 2025 13:28:08 +0000 (21:28 +0800)]
quic: free popped incoming channel on early exit in accept_connection
If we pop a channel but fail to extract or adopt its SSL pointer,
we return without releasing the channel. Add a small cleanup at
the function epilogue to free new_ch when conn_ssl is NULL.
Signed-off-by: Joshua Rogers <MegaManSec@users.noreply.github.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Mon Jan 12 18:54:05 2026
(Merged from https://github.com/openssl/openssl/pull/28920)
Liu-ErMeng [Thu, 25 Dec 2025 12:22:19 +0000 (04:22 -0800)]
fix vpsm4_ex bug in AARCH64 big-endian platform
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Mon Jan 12 18:46:42 2026
(Merged from https://github.com/openssl/openssl/pull/29504)
Gleb Popov [Fri, 9 Jan 2026 14:48:00 +0000 (17:48 +0300)]
bn: Remove the BN_RECURSION cpp define
Just like in previous commit, this define does not represent a toggleable
feature, but is entirely dependent on the OPENSSL_SMALL_FOOTPRINT define.
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Mon Jan 12 18:44:27 2026
(Merged from https://github.com/openssl/openssl/pull/29204)
Gleb Popov [Fri, 9 Jan 2026 14:13:32 +0000 (17:13 +0300)]
bn: Remove the BN_SQR_COMBA cpp define
Just like in previous commit, this define does not represent a toggleable
feature, but is entirely dependent on the OPENSSL_SMALL_FOOTPRINT define.
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Mon Jan 12 18:44:25 2026
(Merged from https://github.com/openssl/openssl/pull/29204)
Gleb Popov [Mon, 24 Nov 2025 13:46:07 +0000 (16:46 +0300)]
bn: Remove the BN_MUL_COMBA cpp define
It does not represent a feature that some arch may or may not possess, but
instead is entirely dependent on the OPENSSL_SMALL_FOOTPRINT option.
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Mon Jan 12 18:44:24 2026
(Merged from https://github.com/openssl/openssl/pull/29204)
Use BIO_free() to free "in" if error occurs to avoid memory leak.
Moreover, add check for "out" to avoid NULL pointer dereference.
Also replace OPENSSL_assert with return.
Fixes: e599d0a ("Add CMP fuzzing to fuzz/cmp.c, including a couple of helpers in crypto/cmp/") Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Mon Jan 12 18:40:14 2026
(Merged from https://github.com/openssl/openssl/pull/27920)
zhoulu [Mon, 5 Jan 2026 11:48:56 +0000 (19:48 +0800)]
Instruction reordering to further improve SM4-CBC decryption performance on the RISC-V architecture
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29544)
Milan Broz [Fri, 9 Jan 2026 14:13:45 +0000 (15:13 +0100)]
Add clang-21 to CI compilers
Signed-off-by: Milan Broz <gmazyland@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29587)
Simo Sorce [Thu, 8 Jan 2026 19:04:37 +0000 (14:04 -0500)]
Fix max index define that was not updated
In PR #29145 a new OSSL_LIB_CTX_SSL_CONF_IMODULE was added, but
the OSSL_LIB_CTX_MAX_INDEXES value was left behind.
This should probably be converted to an enum, but I'll leave that work
to some other brave soul.
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29581)
QUIC listener may fail with SSL_POLL_EVENT_EL on windows.
recvfrom() may return WSAECONNRESET when the destination port
used in a previous sendto() call is no longer available. This
causes QUIC PORT to swich from running state. This behavior
is not desired for QUIC protocol. The trick is to disable
SIO_UDP_CONNRESET flag on UDP port used by QUIC.
The issue was kindly reported and root caused by goforit22123-netizen@
Fixes: #29530 Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Norbert Pocs <norbertp@openssl.org>
MergeDate: Mon Jan 12 10:27:25 2026
(Merged from https://github.com/openssl/openssl/pull/29538)
commit 131c2a1adba1 ("Defang the lhash test") has reduced default number
of the thread workers in CI to HARNESS_JOBS / 4. Setting LHASH_WORKERS
will set it back.
Resolves: https://github.com/openssl/project/issues/1769 Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
MergeDate: Mon Jan 12 10:09:54 2026
(Merged from https://github.com/openssl/openssl/pull/29565)
Matt Caswell [Mon, 15 Dec 2025 17:12:46 +0000 (17:12 +0000)]
Update the documentation to remove referenceds to EVP_PKEY_ASN1_METHOD
Now that EVP_PKEY_ASN1_METHODs have been removed from the public API we
need to update the documentation accordingly. They still exist internally
and so some references are still appropriate in the internal documetnation.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29405)
Matt Caswell [Mon, 15 Dec 2025 17:02:36 +0000 (17:02 +0000)]
Remove the ability to create a custom EVP_PKEY_ASN1_METHOD
Now that the ability to register a custom EVP_PKEY_ASN1_METHOD has
been removed in an earlier commit, we can now remove the functions that
are used to create a custom EVP_PKEY_ASN1_METHOD.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29405)
Matt Caswell [Mon, 15 Dec 2025 16:18:13 +0000 (16:18 +0000)]
Remove the ability to query the internal EVP_PKEY_ASN1_METHODs
Previously there were a few functions where you could obtain a handle
on registered EVP_PKEY_ASN1_METHODs and query information about them.
We remove the capability.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29405)
Matt Caswell [Mon, 15 Dec 2025 15:31:08 +0000 (15:31 +0000)]
Remove EVP_PKEY_asn1_add0()
We remove the ability to add application defined EVP_PKEY_ASN1_METHODs
via the `EVP_PKEY_asn1_add0()` function. We also remove the related function
`EVP_PKEY_asn1_add_alias()`.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29405)
Neil Horman [Wed, 7 Jan 2026 14:34:51 +0000 (09:34 -0500)]
Add a test to ensure that instantiation of drbgs work
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29560)
Neil Horman [Tue, 6 Jan 2026 17:08:40 +0000 (12:08 -0500)]
fetch macctx while fetching digest when creating HMAC-DRBG
Somewhere in our conversion from .c files to .inc files for our rand
providers, we created code in drbg_hmac_set_ctx_params_locked to fetch
our digest and hmac when creating the rand instance. However, the
function drbg_fetch_algs_from_prov only fetched our digest for this rand
type, not the hmac, and returned 1 while doing so, indicating success.
This is problematic because it means that we never wind up fetching an
HMAC for this rand type. As a result we never compute the strength of
the DRBG and so any attempt to seed it fails.
Ensure that, if we load a digest for this DRBG, we also fetch an HMAC,
and fail if we can't do so, so the HMAC-DRBG is useful.
Fixes openssl/private#853
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29560)
Matt Caswell [Wed, 7 Jan 2026 11:54:05 +0000 (11:54 +0000)]
Clean up some unnecessary inclusions
After the deadcode removal there were varios include files being used
that are no longer necessary. We remove them.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29460)
Matt Caswell [Fri, 19 Dec 2025 13:42:23 +0000 (13:42 +0000)]
Remove some legacy fields from the EVP_MD_CTX structure
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29460)
projects / thirdparty / openssl.git / log
