Samuel Sapalski [Wed, 14 Jan 2026 07:55:47 +0000 (08:55 +0100)]
FIPS: Disable time/request based reseeding for ECDSA KAT DRBG
The ECDSA KAT_Signature selftest can fail if the system time changes
after KAT DRBG initialization, this may trigger a time-based reseed
and break KAT determinism.
Disable time-based reseeding for the KAT DRBG to avoid spurious
selftest failures during e.g. fipsinstall.
In order to make this fix future proof we disable request based
reseeding as well to guarantee determinism during the selftest.
Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Wed Mar 4 16:55:09 2026
(Merged from https://github.com/openssl/openssl/pull/29633)
Bob Beck [Mon, 2 Mar 2026 18:46:39 +0000 (11:46 -0700)]
Make X509_up_ref and X509_free take const X509 *
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Mar 4 16:43:39 2026
(Merged from https://github.com/openssl/openssl/pull/30235)
Beat Bolli [Thu, 26 Feb 2026 21:20:32 +0000 (22:20 +0100)]
remove OPENSSL_BUILDING_OPENSSL from the config
Commit 262cda1cda ("Remove some safestack things that are no longer
needed", 2020-09-03) removed the last usage on this macro. Remove it in
the configuration as well.
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Mar 4 10:21:38 2026
(Merged from https://github.com/openssl/openssl/pull/30199)
Beat Bolli [Thu, 26 Feb 2026 21:20:16 +0000 (22:20 +0100)]
remove OPENSSL_USE_NODELETE from the config
Commits 31659fe326 (Introduce OPENSSL_ATEXIT_CLEANUP env. variable.,
2025-11-24) and 994413f995 (Update NEWS.md, 2025-12-15) removed the last
uses of this macro. Remove it in the configuration as well.
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Mar 4 10:21:36 2026
(Merged from https://github.com/openssl/openssl/pull/30199)
sftcd [Tue, 3 Mar 2026 00:59:40 +0000 (00:59 +0000)]
ech test retry-configs unavailable if server finished corrupted
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
MergeDate: Wed Mar 4 09:34:09 2026
(Merged from https://github.com/openssl/openssl/pull/30242)
SSL_get_shared_ciphers(): Return NUL-terminated buffer for no shared ciphers
Also validate the input buffer and length properly.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Mar 4 09:30:18 2026
(Merged from https://github.com/openssl/openssl/pull/28859)
Neil Horman [Tue, 3 Mar 2026 19:47:00 +0000 (14:47 -0500)]
Fix bad length computation in HT_COPY_RAW_KEY_CASE
The new HT_KEY_COPY_RAW fails to account for copy lengths that exceed
the size of the configured buffer in a key, leading to stack overruns on
read.
Rectify that by claming the COPY macro to limit copies to the size of
the buffer
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
MergeDate: Wed Mar 4 07:04:07 2026
(Merged from https://github.com/openssl/openssl/pull/30257)
Adds fixed version tls methods to ossl-removed-api.pod
Fixes #30161
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Tue Mar 3 14:57:52 2026
(Merged from https://github.com/openssl/openssl/pull/30218)
Neil Horman [Fri, 27 Feb 2026 16:56:42 +0000 (11:56 -0500)]
Add support for dynamic key sizing in hashtable
Currently our internal hashtable suffers from a performance issue, as
discussed here:
https://github.com/openssl/openssl/pull/30188
The hashtable requires that keys be defined at build time, and moreover,
be defined to support the maximum possible key length you might try to
insert to a given hash table, even if they actual key you are using is
shorter.
As a result, that hashtable hash function (typically ossl_fnv1a_hash,
but any hash function really) receives a buffer that is specified as the
maximal length of the build-time defined key, which often means hashing
of many 0 bytes for byte elements in the key that may never have been
used. This causes performance problems as we are always hashing the
maximum number of elements, even if they key is truly only a few bytes
long.
Lets give users an opportunity to improve on that.
Keys are defined to be a struct, so that users can access individual
field names within the key, but under the covers its all just one
contiguous uint8_t buf. We can implement macros that allow users to,
instead of setting individual field names, just copy needed data into
the raw buffer, keeping track of how many bytes have been used as we go.
The result of using these macros is that the hash function, while it
will receive a buffer that is still maximally sized for that particular
key, gets a length value that only represents the number of bytes used
while writing the key value.
This results in the hash function having to do much less work, giving us
a significant opportunistic speedup.
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
MergeDate: Tue Mar 3 13:23:00 2026
(Merged from https://github.com/openssl/openssl/pull/30211)
slontis [Mon, 23 Feb 2026 05:00:32 +0000 (16:00 +1100)]
FIPS: Change EC_GROUP_check() so that it fails for explicit curves.
Reported by Luigino Camastra (Aisle Research).
Explicit curves returned a NID of NID_undef (which has a value of 0)
which resulted in the check >= 0 passing.
Changing the result to > addresses the issue.
Note that this is a NON issue in master since explicit curves are
now disabled by default. Note also that for any EC operation that
tries to use a loaded EC key, checks that the curve and security
strength are valid.
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Mon Mar 2 19:37:04 2026
(Merged from https://github.com/openssl/openssl/pull/30138)
ossl_lms_key_to_text(): Fix NULL pointer dereference of `key` argument
Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1682024
Complements: 3d82b990d1f Added LMS support for OpenSSL commandline signature verification using pkeyutl.
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
MergeDate: Mon Mar 2 19:33:33 2026
(Merged from https://github.com/openssl/openssl/pull/30215)
- Clarify comment on empty SKID/AKID vs. prior value
- Use B<default> not C<default> for unnamed section
- Polish (mostly CSR) extension handling
* In update_req_extensions() drop extraneous duplicate
X509at_delete_attr() call.
* Consolidate empty SKID/AKID detection in new
ossl_ignored_x509_extension().
* Handle empty SKID/AKID also in X509V3_add1_i2d().
* In test_drop_empty_csr_keyids() exercise the full NCONF extension
management stack, using X509_REQ_get_attr_count() to check that
after "subjectKeyIdentifier = none" not an even an empty extension
set remains as a CSR attribute (X509_REQ_get_extensions() always
returns at least an empty stack because NULL signals an error).
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Mon Mar 2 17:04:22 2026
(Merged from https://github.com/openssl/openssl/pull/30217)
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Mon Mar 2 13:03:03 2026
(Merged from https://github.com/openssl/openssl/pull/30193)
slontis [Thu, 19 Feb 2026 04:38:42 +0000 (15:38 +1100)]
SHAKE - Fix 390x CI problems for SLH-DSA
Fixes #30039
In order to fix this, the ossl_sha3_ related functions have been
renamed so that ossl_sha3_XXX() functions are the high level
functions that contain calls to platform specific methods.
ossl_sha3_XXX_default() etc are the 'general' platform methods.
All of the state checking has been moved out of the platform specific
methods. The sha3 provider dispatch functions now share the
ossl_sha3_XXX() calls.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Mon Mar 2 11:58:44 2026
(Merged from https://github.com/openssl/openssl/pull/30104)
sftcd [Tue, 24 Feb 2026 13:12:40 +0000 (13:12 +0000)]
adds test of ECH fail then using retry configs
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
MergeDate: Mon Mar 2 09:58:58 2026
(Merged from https://github.com/openssl/openssl/pull/30155)
sftcd [Wed, 25 Feb 2026 14:24:00 +0000 (14:24 +0000)]
add check before releaseing retry-configs
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
MergeDate: Mon Mar 2 09:55:44 2026
(Merged from https://github.com/openssl/openssl/pull/30175)
kovan [Tue, 27 Jan 2026 10:05:00 +0000 (11:05 +0100)]
doc: document provider/library context cleanup order requirement
Document that providers must be unloaded with OSSL_PROVIDER_unload()
before their associated library context is freed with OSSL_LIB_CTX_free().
Calling OSSL_PROVIDER_unload() after the library context has been freed
results in undefined behavior (heap-use-after-free).
The warning is added to both OSSL_PROVIDER(3) and OSSL_LIB_CTX(3) man pages
to ensure users encounter it regardless of which documentation they consult.
Fixes #27522
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
MergeDate: Sun Mar 1 19:03:43 2026
(Merged from https://github.com/openssl/openssl/pull/29785)
Neil Horman [Tue, 24 Feb 2026 14:29:47 +0000 (09:29 -0500)]
Document PKCS7_dataVerify
Its older, and generally replaced by PKCS7_verify, but its not
deprecated, so we should document it.
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Norbert Pocs <norbertp@openssl.org>
MergeDate: Sun Mar 1 14:18:17 2026
(Merged from https://github.com/openssl/openssl/pull/30158)
Neil Horman [Tue, 24 Feb 2026 13:36:08 +0000 (08:36 -0500)]
Fix return values on PKCS7_dataVerfiy
PKCS7_dataVerify returns 1 on success or 0 on failure, just like
PKCS7_verify.
except, if everything else goes right, it returns the value of
PKCS7_signatureVerify, which may be -1, which seems wrong.
Instead, check the retun of PKCS7_signatureVerify within this function
for an error, and make PKCS7_dataVerify return 0 in the event
signatureVerify fails.
This brings us into line with PKCS7_verify behavior
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Norbert Pocs <norbertp@openssl.org>
MergeDate: Sun Mar 1 14:18:14 2026
(Merged from https://github.com/openssl/openssl/pull/30158)
Viktor Dukhovni [Tue, 24 Feb 2026 14:27:38 +0000 (01:27 +1100)]
Fix doc name of ML-DSA-MU
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
MergeDate: Sun Mar 1 02:42:17 2026
(Merged from https://github.com/openssl/openssl/pull/30157)
Viktor Dukhovni [Wed, 25 Feb 2026 07:14:28 +0000 (18:14 +1100)]
Replace built-in AKID/SKID with configs
Add tests for suppression of skid/akid via explicit "none"
values and per-keyword "nonss" qualifiers and update docs.
Signing of X509 certs and X509_REQ CSRs rejects empty AKID/SKID
extensions, document and test this behaviour.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Sat Feb 28 15:22:53 2026
(Merged from https://github.com/openssl/openssl/pull/29057)
the resulting extensions are not directly suppressed, instead they
are parsed respectively as an empty OCTET STRING or an empty SEQUENCE.
There was new code in "apps/" to then drop the extension when signing
certificates, but this did not address applications that sign
certificates via the API, nor did it avoid adding these in CSRs.
We now drop these specific empty extensions from both certificates and
CSRs as part of X509v3_add_ext(), with the parsed extension never added
to the extension stack.
This means that in the "apps" the default "hash" or "keyid, issuer"
values must now be created first, with config settings and command-line
options applied after replacing the default as requested (including
"none" to suppress the extensions if desired).
If somehow an application manages to construct a TBS cert or CSR with a
pending empty SKID or AKID extension, an error is raised and the TBS is
not signed.
When no SKID is present in a self-signed cert, attempts to
force an AKID keyid need to fail, rather than produce an AKID
that will never match.
Similarly, when issuer cert == subject cert (same object in memory), but
the issuer key is not the subject key (forced signing key), there is no
way to infer the unknown issuer's name or serial number, so, with
"issuer:always" we must fail, rather than record the subject's own
issuer name and serial.
New "keyid:nonss" and "issuer:nonss" syntax is now supported, which
allows either part of the AKID to be conditional on the certificate not
being self-signed. In the case if "issuer:nonss" this is also
conditional on there being no non-empty issuer keyid. To force
inclusion of issuer+serial in the AKID use "issuer:always".
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Sat Feb 28 15:22:47 2026
(Merged from https://github.com/openssl/openssl/pull/29057)
Fallback implementation of tsan_add now returns value before addition to be consistent with other definitions
Fixes #28410
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Sat Feb 28 14:10:25 2026
(Merged from https://github.com/openssl/openssl/pull/30180)
Pauli [Tue, 24 Feb 2026 00:13:00 +0000 (11:13 +1100)]
Add a note about commit message titles being 50-70 character in length
Requested by @levitte in #30075
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Sat Feb 28 14:04:35 2026
(Merged from https://github.com/openssl/openssl/pull/30148)
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Sat Feb 28 13:23:47 2026
(Merged from https://github.com/openssl/openssl/pull/30189)
Pauli [Fri, 27 Feb 2026 02:24:07 +0000 (13:24 +1100)]
Add CHANGES entry noting the removal of the SSL_TXT_FIPS option
The option was a remnant of the FIPS canister and wasn't used anywhere.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/30200)
Pauli [Fri, 27 Feb 2026 02:27:21 +0000 (13:27 +1100)]
Remove SSL_TXT_FIPS
This refers to an option that is no longer supported or available.
The option is a remnant of the old FIPS canister from OpenSSL 1.0.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/30200)
Pauli [Thu, 26 Feb 2026 22:33:48 +0000 (09:33 +1100)]
Remove remnant SSL_FIPS flag
This flag was used to support the old FIPS canister and isn't used or
needed anymore. It's only set in the data structures and never queried
so it's removal is low impact.
Fixes #30156
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/30200)
Viktor Dukhovni [Wed, 18 Feb 2026 10:59:04 +0000 (21:59 +1100)]
Added -expected-rpks s_client/server option
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Sat Feb 28 09:17:23 2026
(Merged from https://github.com/openssl/openssl/pull/30089)
Viktor Dukhovni [Mon, 23 Feb 2026 05:55:28 +0000 (16:55 +1100)]
Ensure TLS 1.3 ciphersuites are actually for TLS 1.3
- Also suppress duplicate ciphersuites
- Also ignore case in both TLS 1.3 and TLS 1.2 ciphers
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Sat Feb 28 09:11:33 2026
(Merged from https://github.com/openssl/openssl/pull/30140)
Daniel Kubec [Wed, 25 Feb 2026 09:51:08 +0000 (10:51 +0100)]
CRL: Reject CRLs with malformed Issuing Distribution Point
CRLs with a malformed Issuing Distribution Point are now rejected.
ASN.1 parsing errors from the IDP extension are propagated instead
of being suppressed.
Fixes #27251
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Fri Feb 27 20:06:59 2026
(Merged from https://github.com/openssl/openssl/pull/30171)
Bob Beck [Tue, 24 Feb 2026 18:49:26 +0000 (11:49 -0700)]
Describe X509 constification and ASN1_STRING changes
In a CHANGES.md entry and in ossl-guide-migration, to
cover the constification of the X509 related functions and
the change to ASN1_STRING to be opaque.
Fixes: #30060 Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Norbert Pocs <norbertp@openssl.org>
MergeDate: Fri Feb 27 18:45:47 2026
(Merged from https://github.com/openssl/openssl/pull/30165)
slontis [Fri, 12 Dec 2025 03:02:42 +0000 (14:02 +1100)]
Added HSS/LMS OID id-alg-hss-lms-hashsig
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
MergeDate: Fri Feb 27 14:40:27 2026
(Merged from https://github.com/openssl/openssl/pull/29381)
slontis [Fri, 12 Dec 2025 02:58:32 +0000 (13:58 +1100)]
Added additional TRACE information to Decoders.
This outputs the description field which is easier to understand than a
pointer.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
MergeDate: Fri Feb 27 14:40:27 2026
(Merged from https://github.com/openssl/openssl/pull/29381)
slontis [Fri, 12 Dec 2025 02:56:38 +0000 (13:56 +1100)]
Added LMS SubjectPublicInfo related encoders and decoders.
Added a description to all encoder and decoder fields.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
MergeDate: Fri Feb 27 14:40:27 2026
(Merged from https://github.com/openssl/openssl/pull/29381)
slontis [Fri, 12 Dec 2025 02:52:25 +0000 (13:52 +1100)]
Added LMS support for OpenSSL commandline signature verification using pkeyutl.
Added LMS 'SubjectPublicKeyInfo' encoder/decoder support.
Modified LMS keymanager and signature code to work with pkey and
pkeyutl.
Test data for public keys and signatures were generated by modifying
BouncyCastle code tests.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
MergeDate: Fri Feb 27 14:40:27 2026
(Merged from https://github.com/openssl/openssl/pull/29381)
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Thu Feb 26 15:05:37 2026
(Merged from https://github.com/openssl/openssl/pull/30169)
Neil Horman [Wed, 18 Feb 2026 15:31:50 +0000 (10:31 -0500)]
Constify X509_check_issued and friends
Constify this funcitons X509 parameter, as it generally doesn't modify
the structure, save for the caching information that it computes.
Note: As the caching opertions in ossl_x509v3_cache_extensions modify
X509 data all over the place, this change centralizes those updates,
which is something of an increase in complexity, but it does allow us to
reduce the critical section of the write lock there which (hopefully)
will make other accesses that take that lock a bit faster.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Norbert Pocs <norbertp@openssl.org>
MergeDate: Thu Feb 26 14:58:30 2026
(Merged from https://github.com/openssl/openssl/pull/30067)
William Faber [Thu, 19 Feb 2026 21:50:46 +0000 (16:50 -0500)]
Fix clean target to remove test-runs directory
Fixes: #29931 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
MergeDate: Thu Feb 26 14:26:16 2026
(Merged from https://github.com/openssl/openssl/pull/30100)
Neil Horman [Thu, 19 Feb 2026 17:07:21 +0000 (12:07 -0500)]
constify X509_find_by_issuer_and_serial
Constify the return value of X509_find_by_issuer_and_serial, and fix up
the callers to handle it properly (affects two pkcs7 functions)
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
MergeDate: Wed Feb 25 15:05:11 2026
(Merged from https://github.com/openssl/openssl/pull/30092)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Wed Feb 25 14:23:45 2026
(Merged from https://github.com/openssl/openssl/pull/30174)
Daniel Kubec [Tue, 10 Feb 2026 16:18:07 +0000 (17:18 +0100)]
Improved reporting of shared and peer sigalgs
The existing SSL_get_sigalgs() and SSL_get_shared_sigalgs() are not a
good fit for TLS 1.3, because signature schemes are no longer generally
combinations of separate digest and signing algorithms encoded in the
two byte codepoint.
The new SSL_get0_sigalg() and SSL_get0_shared_sigalg() functions just
report the signature scheme name and codepoint.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 11:30:16 2026
(Merged from https://github.com/openssl/openssl/pull/29982)
ssl/ech/ech_store.c: do not raise errors on allocation failures
The default CRYPTO_malloc() implementation (with OPENSSL_malloc()
and OPENSSL_zalloc() being wrappers for it) raises an error
on allocation, and both OPENSSL_strdup() and OPENSSL_memdup() use
CRYPTO_malloc() internally for memory allocation, so there is no need
to explicitly raise an error on an allocation failure; remove these.
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 11:20:14 2026
(Merged from https://github.com/openssl/openssl/pull/30146)
Weixie Cui [Mon, 23 Feb 2026 14:26:17 +0000 (22:26 +0800)]
evp_kem_init(): Fix copy paste bug when checking decapsulate_init
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 11:13:36 2026
(Merged from https://github.com/openssl/openssl/pull/30144)
test/ech_test.c: avoid memory leaks in ech_api_basic_calls()
rinner and router should be freed after successful SSL_ech_get1_status()
calls.
Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1681465
Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1681466 Fixes: 5e5a76fc2c08 "Add tests and documentation and fix a couple of issues identified by added tests" Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 11:10:58 2026
(Merged from https://github.com/openssl/openssl/pull/30139)
test/ech_corrupt_test.c: avoid memory leak in tls_corrupt_write()
corrupt_or_copy() may return 0 while still setting returning the allocated
memory in copy, avoid leaking it by always calling OPENSSL_free() on it.
Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1681460 Fixes: 5e5a76fc2c08 "Add tests and documentation and fix a couple of issues identified by added tests" Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 11:10:57 2026
(Merged from https://github.com/openssl/openssl/pull/30139)
ssl/ech/ech_store.c: check WPACKET_get_total_written return value
Check the return value of check WPACKET_get_total_written() call
in OSSL_ECHSTORE_new_config() and OSSL_ECHSTORE_write_pem(),
and error out on failure.
References: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1681451 Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 11:10:45 2026
(Merged from https://github.com/openssl/openssl/pull/30139)
Viktor Dukhovni [Mon, 23 Feb 2026 04:49:06 +0000 (15:49 +1100)]
Simplify and expand default group list
With keyshare floating, we no longer need CPP conditions to get the
right keyshare prediction defaults.
Also add "curveSM2" near the end of the list, after the stronger ECX and
EC groups, but before FFDHE.
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 11:08:17 2026
(Merged from https://github.com/openssl/openssl/pull/30113)
Viktor Dukhovni [Mon, 16 Feb 2026 01:38:51 +0000 (12:38 +1100)]
Add keyshare floating
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 11:08:10 2026
(Merged from https://github.com/openssl/openssl/pull/30113)
Viktor Dukhovni [Sun, 15 Feb 2026 11:50:09 +0000 (22:50 +1100)]
Fix group tuple handling in DEFAULT expansion
Also fine-tune docs and add tests.
Fixes: #30109 Fixes: CVE-2026-2673 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 11:08:03 2026
(Merged from https://github.com/openssl/openssl/pull/30113)
Rudi Heitbaum [Mon, 23 Feb 2026 02:40:54 +0000 (02:40 +0000)]
Fix const qualifiers from strchr where discarded
This patch fixes several const qualifiers byu adding where required.
warning: assignment discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
Since glibc-2.43 and ISO C23, the functions bsearch, memchr, strchr,
strpbrk, strrchr, strstr, wcschr, wcspbrk, wcsrchr, wcsstr and wmemchr
that return pointers into their input arrays now have definitions as
macros that return a pointer to a const-qualified type when the input
argument is a pointer to a const-qualified type.
Signed-off-by: Rudi Heitbaum <rudi@heitbaum.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Wed Feb 25 11:04:09 2026
(Merged from https://github.com/openssl/openssl/pull/30136)
slontis [Wed, 18 Feb 2026 05:48:04 +0000 (16:48 +1100)]
FIPS self tests: fix config options when -no-bulk is used
Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Wed Feb 25 11:02:07 2026
(Merged from https://github.com/openssl/openssl/pull/30103)
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Wed Feb 25 10:37:27 2026
(Merged from https://github.com/openssl/openssl/pull/30011)
kovan [Tue, 27 Jan 2026 10:18:08 +0000 (11:18 +0100)]
doc: fix algorithm and key type names in EVP_PKEY-SLH-DSA
The DESCRIPTION section had inconsistent naming - some algorithm names
incorrectly had the "EVP_PKEY-" prefix while others did not.
Rewrote the section to clearly separate:
- Algorithm names (e.g., SLH-DSA-SHA2-128s) using hyphens
- Key type identifiers (e.g., EVP_PKEY_SLH_DSA_SHA2_128S) using underscores
This matches the format used in EVP_PKEY-ML-DSA(7) and allows the names
to be used correctly in code.
Fixes #29329
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
MergeDate: Wed Feb 25 10:26:59 2026
(Merged from https://github.com/openssl/openssl/pull/29788)
Bob Beck [Thu, 19 Feb 2026 22:42:33 +0000 (15:42 -0700)]
Patch the krb5 build for X509_STORE_CTX constification
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Wed Feb 25 10:24:17 2026
(Merged from https://github.com/openssl/openssl/pull/30076)
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Wed Feb 25 10:24:15 2026
(Merged from https://github.com/openssl/openssl/pull/30076)
Bob Beck [Sun, 22 Feb 2026 18:44:21 +0000 (11:44 -0700)]
Patch the pkcs11 provider
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 10:15:08 2026
(Merged from https://github.com/openssl/openssl/pull/29862)
Bob Beck [Sun, 22 Feb 2026 17:01:28 +0000 (10:01 -0700)]
Patch rpki-client-portable to handle bit string changes
We also disable warnings for now ro avoid realloc warning
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 10:15:06 2026
(Merged from https://github.com/openssl/openssl/pull/29862)
Bob Beck [Sat, 21 Feb 2026 01:29:31 +0000 (18:29 -0700)]
Update rpki-client test to use current release instead of an old one
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 10:15:04 2026
(Merged from https://github.com/openssl/openssl/pull/29862)
Bob Beck [Thu, 19 Feb 2026 22:42:33 +0000 (15:42 -0700)]
krb5 external test: Add patch to use accessors for ASN1_STRING
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 10:15:02 2026
(Merged from https://github.com/openssl/openssl/pull/29862)
Bob Beck [Fri, 20 Feb 2026 23:11:57 +0000 (16:11 -0700)]
Skip the oqsprovider test temporarily because it is currently broken
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 10:15:00 2026
(Merged from https://github.com/openssl/openssl/pull/29862)
Bob Beck [Fri, 20 Feb 2026 23:06:08 +0000 (16:06 -0700)]
Update oqs-provider to current, which support opaque asn1 strings
This then however breaks for other reasons
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 10:14:58 2026
(Merged from https://github.com/openssl/openssl/pull/29862)
Bob Beck [Thu, 29 Jan 2026 22:25:14 +0000 (15:25 -0700)]
Make ASN1_STRING opaque
This laudable goal, should it land, will be followed
with an issue raised to eat our own dogfood and find
every file with <crypto/asn1.h> added to it in this
commit, and change to the appropriate accessors,
which should be possible in most places we aren't
actually implementing things that change the values
Fixes: https://github.com/openssl/openssl/issues/29860 Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 10:14:57 2026
(Merged from https://github.com/openssl/openssl/pull/29862)
Removes trailing whitespace from generated pkg-config .pc files
Fixes #29993
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Wed Feb 25 09:53:18 2026
(Merged from https://github.com/openssl/openssl/pull/30087)
Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Tue Feb 24 21:19:39 2026
(Merged from https://github.com/openssl/openssl/pull/30128)
projects / thirdparty / openssl.git / log
