Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28185)
Neil Horman [Wed, 23 Jul 2025 13:09:05 +0000 (09:09 -0400)]
add a handshake memory failure test
We would like to be able to test our memory failure paths, but forcing
malloc to return NULL at certain points in time.
This test does that, by running a sepcific workload n+1 time. In this
case the workload is a simple ssl handshake.
We run 1 test which sets our malloc wrapper into record mode, in which
it just acts as a pass through to the system malloc call and records the
number of times it was called.
Then we run a second test, which does the same handshake N times, where
N is the number of times malloc was called in the previous test. For
each iteration in i=0..N we fail the ith malloc operation.
We don't check for functional failures in the second test (as we expect
failures), we just want to make sure that (a) we don't crash and (b)
asan doesn't report any errors.
Currently, we get _lots_ of asan failures, but we can use this test to
log issues for that and fix those up.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28078)
Nikolas Gauder [Mon, 4 Aug 2025 21:47:23 +0000 (23:47 +0200)]
ssl/quic/quic_channel.c: Fix endianness of supported versions from received version negotiation packets
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28169)
Nikolas Gauder [Mon, 4 Aug 2025 19:12:35 +0000 (21:12 +0200)]
ssl/quic/quic_port.c: Fix endianness of supported versions in sent version negotiation packets
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28169)
While the majority of the sites assumed 8-wide tabs, at least engines/e_capi.c
assumed 4-wide; in any case it is better to just follow the code style guide
and eliminate them altogether. Some addition changes (namely, curly
brackets in apps/crl.c and apps/req.c, and additional whitespace changes
in apps/s_client.c and test/provider_pkey_test.c) are made to placate
check-format-commit.sh.
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28162)
util/perl/OpenSSL/Test.pm: consistently use 4 spaces for indentation
While the majority of the file uses 4 spaces for indentation, some parts
contain 8-wide tabs. Use the spaces for indentation consistently
throughout the file.
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28162)
Pauli [Fri, 11 Jul 2025 06:03:12 +0000 (16:03 +1000)]
params: revert error checking when params are duplicated
This is to avoid a change of behaviour even though it is a result of user
error. When params are duplicated, all but the first are ignored and no
error is returned.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)
Michael Baentsch [Tue, 29 Jul 2025 10:32:00 +0000 (12:32 +0200)]
Remove unnecessary OPENSSL_NO_RSA remnants
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28113)
Michael Baentsch [Mon, 28 Jul 2025 04:52:49 +0000 (06:52 +0200)]
fuzz/dtlsserver.c: Remove incorrect ifdef guard
Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28102)
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28105)
Only report generic error if provider did not put an error on the error queue
Commit 72351b0d18078170af270418b2d5e9fc579cb1af added code to unconditionally
put a generic error onto the error stack, if key generation, encryption,
decryption, sign, or verify fails to ensure that there is an error entry
on the error queue, even if the provider did not itself put a specific error
onto the queue.
However, this can hide error details if an application just looks at the very
last error entry and checks for specific errors. Now, the generic error is
always the last entry, and the application won't find the expected error
entry, although it would be there as second last entry. This can lead to
different application behavior in error situations than before this change.
To fix this, only add the generic error entry if the provider did not itself
add an error entry onto the queue. That way, there always is an error on the
error queue in case of a failure, but no behavior change in case the provider
emitted the error entry itself.
Closes: https://github.com/openssl/openssl/issues/27992 Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28073)
Make ERR_count_to_mark() available to providers via 'in' dispatch array
Functions like ERR_set_mark(), ERR_clear_last_mark(), and ERR_pop_to_mark()
are already passed to the a provider via the 'in' dispatch array of the
provider initialization function (although the documentation did not
mention them).
Also pass ERR_count_to_mark() to the provider the same way, and update
the documentation to mention all four functions.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28073)
The commit "Remove HARNESS_OSSL_PREFIX manipulation in the test harness"
forced all the output to be processed by the test harness, which means
that any process that keeps the stdout FD open prevents the run() call
from finishing, as was the case in the test_external_cf_quiche test that
ran quiche server in the background, but retaining the std{in,out,err}
descriptors. Avoid that by explicitly redirecting them to a log file.
Reported-by: Tomas Mraz <tomas@openssl.org> Fixes: 70c05fcde53cf "Remove HARNESS_OSSL_PREFIX manipulation in the test harness" Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28125)
Also add support for ML-KEM in CMS (draft-ietf-lamps-cms-kyber).
Add the -recip_kdf and -recip_ukm parameters to `openssl cms -encrypt`
to allow the user to specify the KDF algorithm and optional user
keying material for each recipient.
A provider may indicate which RecipientInfo type is supported
for a key, otherwise CMS will try to figure it out itself. A
provider may also indicate which KDF to use in KEMRecipientInfo
if the user hasn't specified one.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27681)
Anton Moryakov [Fri, 25 Jul 2025 12:43:15 +0000 (15:43 +0300)]
crypto: evp: fix potential null pointer dereference in EVP_DigestSignUpdate in m_sigver.c
Static analysis detected that EVP_DigestSign() could lead to null pointer
dereference in EVP_DigestSignUpdate() when pctx->pmeth is NULL. The issue
occurs in the legacy code path where pmeth is accessed without prior null
check.
This fix adds a proper null check for pctx->pmeth in the legacy section
of EVP_DigestSignUpdate() to prevent the crash when the function is called
through EVP_DigestSign() with improperly initialized context.
The check is placed in EVP_DigestSignUpdate() rather than EVP_DigestSign()
to maintain proper separation of concerns and follow OpenSSL's architectural
patterns where lower-level functions handle their own parameter validation.
Fixes potential crash in signature operations with legacy providers.
CLA: trivial Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28095)
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28101)
Neil Horman [Sat, 26 Jul 2025 13:28:01 +0000 (09:28 -0400)]
Set *sk_resp to NULL when freeing.
Its possible for get_ocsp_resp_from_responder to return OK after having
freed *sk_resp without setting the freed pointer to NULL, leading us to
set a garbage pointer in other code.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28101)
projects / thirdparty / openssl.git / log
