Bob Beck [Mon, 29 Sep 2025 21:32:39 +0000 (15:32 -0600)]
Constify the return value of X509_get0_pubkey_bitstr()
Part of #28654 Fixes: https://github.com/openssl/project/issues/1772 Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29434)
Norbert Pocs [Sat, 20 Dec 2025 14:17:27 +0000 (15:17 +0100)]
Interop: c_rehash was removed; don't look for it
Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29474)
xxcui [Sat, 29 Nov 2025 01:46:04 +0000 (09:46 +0800)]
SHA512 performance optimized by RISCV RVV
This patch is dedicated to improve SHA512 speed with RISCV
Cryptographic Vector Extension.
Below performance output is calculated by Xuantie C930 FPGA with VLEN256.
- sha512 speed might be improved from 197032K to 1010986KB
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29263)
Tomas Mraz [Thu, 18 Dec 2025 16:07:44 +0000 (17:07 +0100)]
Remove BIO_f_reliable() as it is broken
It was broken since the OpenSSL 3.0 release and
nobody complained. Apparently nobody is using it.
It would be practically impossible to reimplement
it with the provided EVP_MDs in backwards-compatible
manner.
Fixes #29413
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29445)
Sashan [Tue, 16 Dec 2025 09:50:53 +0000 (10:50 +0100)]
Update doc/man3/OPENSSL_init_crypto.pod
Co-authored-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29385)
Sashan [Mon, 15 Dec 2025 15:33:35 +0000 (16:33 +0100)]
Update NEWS.md
Co-authored-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29385)
Sashan [Mon, 15 Dec 2025 15:33:17 +0000 (16:33 +0100)]
Update CHANGES.md
Co-authored-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29385)
sashan [Mon, 15 Dec 2025 10:34:13 +0000 (11:34 +0100)]
- update NEWS.md
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29385)
sashan [Mon, 15 Dec 2025 09:57:59 +0000 (10:57 +0100)]
- fix CHANGES.md style
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29385)
sashan [Mon, 15 Dec 2025 09:56:57 +0000 (10:56 +0100)]
- fix .cstyle
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29385)
libcrypto does not arm OPENSSL_cleanup() function as atexit(3) handler by default.
If application/user wants libcrypto to install OPENSSL_cleanup() as atexit handler,
then OPENSSL_ATEXIT_CLEANUP env. variable must be set.
If platform's libc does not provide atexit(3), then OPENSSL_ATEXIT_CLEANUP has no effect.
The OPENSSL_atexit() is wrapper of atexit(3) provided by libc now.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29385)
Norbert Pocs [Wed, 17 Dec 2025 20:04:53 +0000 (21:04 +0100)]
win-makefile.tmpl: Fix program install check
When the array is empty then copy.pl fails, because there is nothing to
copy. The empty check was done on a different variable.
Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29427)
Norbert Pocs [Wed, 17 Dec 2025 16:28:06 +0000 (17:28 +0100)]
Remove the c_rehash script
The `openssl rehash` should be used instead.
Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29427)
Richard Levitte [Thu, 18 Dec 2025 13:11:30 +0000 (14:11 +0100)]
test/run_tests.pl: Ensure that all HARNESS_VERBOSE values are respected
... with perl truthiness in mind
Most of all, this means not having undue expectations that its value
is numerical (this is particularly true when HARNESS_VERBOSE isn't given
by the user, and this script's default is "yes").
We do this by ensuring that $tap_verbosity is turned into an appropriate
number if HARNESS_VERBOSE's value isn't numerical.
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29443)
Danny Tsen [Thu, 23 Oct 2025 20:51:05 +0000 (16:51 -0400)]
ppc64le: Restore VSX registers in AES/GCM ppc64le encrypt/decrypt
The implementation failed to restore VSX vector registers from vs14-vs22.
Re-implemented based on Linux kernel version.
Fixes #28961
Signed-off-by: Danny Tsen <dtsen@us.ibm.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28990)
Milan Broz [Tue, 16 Dec 2025 10:53:27 +0000 (11:53 +0100)]
Add engine stubs test
This test tries to use all stub macros and compare return values
to verify that OPENSSL_ENGINE_STUBS define works.
Fixes openssl/project#1762
Signed-off-by: Milan Broz <gmazyland@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29414)
Milan Broz [Tue, 16 Dec 2025 13:34:14 +0000 (14:34 +0100)]
Remove ossl_err_load_ENGINE_strings from stubs
This was an internal function and should not be here.
Signed-off-by: Milan Broz <gmazyland@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29414)
Milan Broz [Tue, 16 Dec 2025 11:41:09 +0000 (12:41 +0100)]
Fix stub definitions for no-deprecated config
Used types are only available if OPENSSL_NO_DEPRECATED_3_0
is not defined.
Signed-off-by: Milan Broz <gmazyland@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29414)
Milan Broz [Tue, 16 Dec 2025 10:52:47 +0000 (11:52 +0100)]
Fix typo in engine.h stub
Signed-off-by: Milan Broz <gmazyland@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29414)
Simo Sorce [Mon, 15 Dec 2025 16:23:57 +0000 (11:23 -0500)]
Harden digest context deserialization
The deserialization functions for SHA2 and SHA3 digest contexts did not
sufficiently validate the incoming data. Corruption in transmission or
on saved disk data could cause a out-of-bounds memory access if buffer
sizes did not match expected values.
Add sanity checks to the SHA2 and SHA3 deserialization functions to validate
buffer-related fields before they are used. The serialization format for these
digests has been changed to place these critical fields early in the stream to
enable this validation.
Additionally, add a note to the EVP_DigestInit man page to warn users that
deserialization should only be performed on trusted data. The checks we
implement are not meant to address processing of untrusted data
maliciously crafted by an attacker.
Application that need to store data or transmit it through untrusted
media SHOULD implement proper encryption and message authentication
on their own using things like CMS or other appropriate secure message
containers.
These check have been added also to quiet a bit security researchers
that try to find any way to claim CVE bounties even in completely
unlikely or invalid scenarios.
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/29404)
The "Verify-Message" type looks for private keys only,
which meant anything using a public key got skipped.
Changed the entries to "Verify-Message-Public" which tries the public
key first.
This uncovered one test that needed to be removed since ECDSA-MD5 is not
a valid fetchable algorithm (in any OpenSSL provider).
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28040)
Richard Levitte [Thu, 18 Dec 2025 08:52:11 +0000 (09:52 +0100)]
Use 'codespell:ignore' where justifiable
There's this one random string where we have the word "Hellow". It's a
random string, "correct" spelling is really not important, so we tell
codespell to just ignore that line.
Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29437)
Bob Beck [Fri, 14 Nov 2025 20:36:56 +0000 (13:36 -0700)]
Add new public API for checking certificate times.
Fixes: #1631
This changes the previously internal ossl_x509_check_certificate_times()
to be the public X509_check_certificate_times(). It adds documentation
for the new function and marks X509_cmp_time, X509_cmp_timeframe,
and X509_cmp_current_time as deprecated in 4.0, as discussed in #1631.
Since the function is now public, we can replace the remaining
uses of deprecated stuff with this function.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29152)
Weizhi Ao [Thu, 11 Dec 2025 13:06:23 +0000 (21:06 +0800)]
Fix silent failure in ASYNC_start_job when size is 0
When ASYNC_start_job is called with args != NULL but size == 0,
OPENSSL_malloc(0) is called. Depending on the libc implementation,
malloc(0) may return NULL, causing a silent failure.
This patch modifies the logic to skip allocation if size is 0.
CLA: trivial
Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29377)
Matthias Kraft [Wed, 10 Dec 2025 16:02:54 +0000 (17:02 +0100)]
Ensure path to libcrypto can be resolved on AIX.
On AIX, the environment of the test executable for test_includes doesn't
contain a resolvable search path to the just built libcrypto. Setup
LIBPATH to point to the build results.
Fixes #29352.
Signed-off-by: Matthias Kraft <Matthias.Kraft@ibm.com> Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29375)
Matt Caswell [Fri, 12 Dec 2025 16:26:14 +0000 (16:26 +0000)]
Add removed EVP_PKEY_meth* functions to ossl-removed-api.pod
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/29384)
Matt Caswell [Fri, 12 Dec 2025 16:12:48 +0000 (16:12 +0000)]
Remove all EVP_PKEY_meth_* functions from the documentation
These functions have been removed so the documentation should be updated
accordingly.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/29384)
Matt Caswell [Fri, 12 Dec 2025 12:01:56 +0000 (12:01 +0000)]
Clean up some final vistigial remnants of EVP_PKEY_METHOD
We retain the opaque type because it is still used by the ENGINE stubs.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/29384)
Matt Caswell [Thu, 11 Dec 2025 16:14:13 +0000 (16:14 +0000)]
Remove references to the pmeth field in an EVP_PKEY_CTX
We don't set this field anymore so we should remove all usage of it.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/29384)
Matt Caswell [Thu, 11 Dec 2025 16:05:05 +0000 (16:05 +0000)]
Delete the EC EVP_PKEY_METHOD
It is no longer used so can be removed
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/29384)
Matt Caswell [Thu, 11 Dec 2025 16:01:56 +0000 (16:01 +0000)]
Delete the DSA EVP_PKEY_METHOD
It is no longer used so can be removed
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/29384)
Matt Caswell [Thu, 11 Dec 2025 15:58:53 +0000 (15:58 +0000)]
Delete the RSA EVP_PKEY_METHOD
It is no longer used so can be removed
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/29384)
Matt Caswell [Thu, 11 Dec 2025 15:54:54 +0000 (15:54 +0000)]
Delete the ECX EVP_PKEY_METHOD
It is no longer used so can be removed
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/29384)
Matt Caswell [Thu, 11 Dec 2025 15:44:15 +0000 (15:44 +0000)]
Delete the DH EVP_PKEY_METHOD
It is no longer used so can be removed
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/29384)
Matt Caswell [Thu, 11 Dec 2025 12:29:29 +0000 (12:29 +0000)]
Remove custom EVP_PKEY_METHODs
We retain custom EVP_PKEY_ASN1_METHODs for now - to be removed in some
subsequent PR.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/29384)
Norbert Pocs [Thu, 11 Dec 2025 11:49:00 +0000 (12:49 +0100)]
Check return code of UTF8_putc
Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29376)
Norbert Pocs [Thu, 11 Dec 2025 11:38:16 +0000 (12:38 +0100)]
Harden ASN1_mbstring_ncopy
Reported by Murali Aniruddhan
Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29376)
Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28717)
Richard Levitte [Tue, 16 Dec 2025 09:23:16 +0000 (10:23 +0100)]
Add a couple of DH related StatementMacros, and adjust
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29383)
Richard Levitte [Tue, 16 Dec 2025 09:02:44 +0000 (10:02 +0100)]
Unbreak some function signature that got broken up after the return type
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29383)
exclusions=()
for g in "${known_generated[@]}"; do
# Convert pattern to a regex
g=${g//\./\\.}
g=${g//\*/.\*}
exclusions+=( "^${g}\$" )
done
# Join all exclusions into one regex
exclude_re=$(IFS='|'; echo "${exclusions[*]}")
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29383)
cat <<_____
# The following types are macros, and need to remain that way, unfortunately
- "HASH_CTX"
- "HASH_LONG"
- "MD32_REG_T"
_____
sed -ne '/^# OpenSSL uses macros extensively/,$p' < .clang-format
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29383)
Richard Levitte [Fri, 12 Dec 2025 12:56:30 +0000 (13:56 +0100)]
Refactor types that are '#define'd into proper typedefs
I looked for them with the following grep pipe, and then read through
the output to discern what are actual type definitions, and converted
what I found manually.
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29383)
Richard Levitte [Fri, 12 Dec 2025 15:36:39 +0000 (16:36 +0100)]
Add a few more ASN.1 related StatementMacros
This resulted in an adjustment of reformatting that is a bit less trippy
in some places.
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29383)
Richard Levitte [Fri, 12 Dec 2025 15:20:13 +0000 (16:20 +0100)]
Missed a spot!
For some reason, source reformatting didn't catch everything.
Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29383)
Bob Beck [Mon, 15 Dec 2025 17:42:28 +0000 (10:42 -0700)]
Defang the lhash test
This is bascially eating my mac, as it now runs for 80 seconds
and eats all the CPU's exercising lock contention.
This dials it back to consume at most a quarter of the CPU's in
use by HARNESS_JOBS, unless LHASH_WORKERS is set to override it
in which case we use that.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/29406)
Viktor Dukhovni [Wed, 10 Dec 2025 02:52:37 +0000 (13:52 +1100)]
New -encopt option for pkey(1) and genpkey(1)
This allows setting the ML-KEM and ML-DSA output formats.
At the same fixing surprising lack of password encryption
of PKCS#8 private keys in DER output form in the CLI apps.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29324)
Paul Elliott [Mon, 15 Dec 2025 13:05:00 +0000 (13:05 +0000)]
Fix error in PAC/BTI AArch64 build
Clang format removes a space here, which creates a compiler error when
building for PAC/BTI. Fix this and Turn off clang format for this line
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/29399)
Bob Beck [Mon, 15 Dec 2025 21:51:18 +0000 (14:51 -0700)]
Make the test output show how long each test takes by default.
Unless we have reduced the verbosity level, or overridden it with
a HARNESS_TIMER setting.
This makes it easier to realize when you are making a test that is
starting to dominate testing time for developers, and makes it
easier for developers to see it.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29408)
The proposed architectural change focuses on improving concurrency and
reducing contention within the method store. The fundamental concept
involves moving away from a monolithic synchronisation
mechanism—specifically, a single read-write lock (rwlock)—that
currently guards the entire method store.
Instead of this single point of contention, the strategy is to
introduce per-shard synchronisation. This means the method store will
be partitioned, or sharded, into several independent segments. Each of
these segments, or shards, will be protected by its own dedicated
read-write lock.
The data in the table below was generated by running evp_fetch twenty times per thread.
Perf tests were running on the system:
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Address sizes: 46 bits physical, 48 bits virtual
Byte Order: Little Endian
CPU(s): 96
On-line CPU(s) list: 0-95
Vendor ID: GenuineIntel
Model name: Intel(R) Xeon(R) Gold 6248R CPU @ 3.00GHz
CPU family: 6
Model: 85
Thread(s) per core: 2
Core(s) per socket: 24
Socket(s): 2
The most performant option is a configuration with 512 cache entries with
4 shards. There are two new defines NUM_SHARDS, and CACHE_SIZE which
can be tweaked at will.
Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Norbert Pocs <norbertp@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29205)
Matt Caswell [Wed, 10 Dec 2025 10:56:49 +0000 (10:56 +0000)]
Remove support for custom MD methods
Custom MD methods are considered legacy and have been deprecated
since 3.0. With the removal of ENGINEs they become a lot less useful
and add significant complexity to the code. We should therefore remove
them in 4.0.
Neil Horman [Mon, 15 Dec 2025 13:43:32 +0000 (08:43 -0500)]
Prevent freeing of parent listener in SSL_listen_ex
Its been reported that, when using SSL_listen_ex to obtain a new
connection from a listener, that, if the listener is freed prior to the
obtained connection, we get use-after-free conditions when freeing said
obtained connections.
This occurs because SSL_listen_ex fails to take a reference on the
parent listener SSL object (in the same way that SSL_new_from_listener
does). If the listener is freed first, then several listener resources
are freed, which the obtained connection still makes use of, hence the
use-after-free.
The fix is to do what SSL_new_from_listener does, namely:
1) Increase the reference count on the listener SSL object.
2) Ensure that the connection qc->listener points to the listener object
so that, when the connection is freed, we call SSL_free on the
listener object, dropping the reference count we take in
SSL_listen_ex.
While we're at it, this PR also modifies the quicapi test for testing
the SSL_listen_ex call, freeing the listener first to ensure that the
increased refcount holds the SSL object data stable until the connection
is freed.
Thanks to Stanislav Fort at Asile Research for pointing out this issue.
fixes openssl/project#1766
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29398)
Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/29369)
Simo Sorce [Mon, 3 Nov 2025 21:53:41 +0000 (16:53 -0500)]
Derive EC public key from private key if missing
Update ossl_ec_key_fromdata to compute the public key if it is not provided in
the input parameters but the private key is. This allows for the creation of a
complete EC_KEY object from only private key data.
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29054)
Igor Ustinov [Thu, 4 Dec 2025 16:05:59 +0000 (17:05 +0100)]
Documentation for BIO flags and related functions.
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29311)
Neil Horman [Thu, 11 Dec 2025 15:31:32 +0000 (10:31 -0500)]
Remove crypto-mdebug-backtrace option from config
We still build with crypto-mdebug-backtrace enabled in a few ci jobs,
but it does nothing.
With the upcoming merge of feature/removesslv3, the code changes there
prevent the use of this option (i.e. enabling it results in
configuration failure).
It seems the most sensible thing to do here, given we have a major
release is to eliminate the option entirely, as it hasn't done anything
since 1.0.2.
Fixes openssl/project#1763
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29380)
Daniel Kubec [Wed, 10 Dec 2025 23:26:46 +0000 (00:26 +0100)]
CONF_modules_load_file.pod: The ssl_module no longer uses global data
Remove the paragraph that is no longer relevant.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29374)
Daniel Kubec [Wed, 10 Dec 2025 12:57:40 +0000 (13:57 +0100)]
ASN1: Reject negative BIGNUM components
In the ASN.1 structures we define the BIGNUM as positive and enforce
this during parsing. If the encoded value is negative, we raise an error
and reject the material.
Fixes #29210
Fixes #27407
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29370)
Matt Caswell [Wed, 3 Dec 2025 10:38:56 +0000 (10:38 +0000)]
Remove support for custom cipher methods
Custom cipher methods are considered legacy and have been deprecated
since 3.0. With the removal of ENGINEs they become a lot less useful
and add significant complexity to the code. We should therefore remove
them in 4.0.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29299)
Simo Sorce [Fri, 21 Nov 2025 21:08:35 +0000 (16:08 -0500)]
Fail serialization of finalized MD contexts
Add tests to verify that `EVP_MD_CTX_serialize` and
`EVP_MD_CTX_deserialize` fail when called on a finalized `EVP_MD_CTX`.
A finalized context is in a terminal state and should not be serializable for
resumption or have a new state deserialized into it. These tests confirm the
expected failure behavior.
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28837)
Simo Sorce [Mon, 20 Oct 2025 22:46:45 +0000 (18:46 -0400)]
Use generated param decoders in SHA provider
Refactor the SHA provider's context parameter handling in sha2_prov.c to use
the generated parameter decoder framework.
This change replaces manual parameter lookups using `OSSL_PARAM_locate` and
static `OSSL_PARAM` arrays with generated decoder functions and structs. A new
template, `sha2_prov.inc.in`, is added to create the necessary decoders during
the build.
This simplifies the code, reduces boilerplate, and improves type safety.
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28837)
Simo Sorce [Fri, 10 Oct 2025 17:47:38 +0000 (13:47 -0400)]
Add EVP_MD_CTX serialization for SHA3/SHAKE
Implement context serialization and deserialization for the SHA3, KECCAK,
SHAKE, and KMAC provider-based digests.
This is achieved by handling the `OSSL_DIGEST_SERIALIZATION` parameter in
get_ctx_params and set_ctx_params. A custom format is used to store the KECCAK
state, including a magic number and an algorithm identifier to ensure the
context is not loaded into an incompatible digest instance.
This allows an EVP_MD_CTX to be saved and restored, which is useful for
applications that need to checkpoint hashing operations. The existing EVP
serialization tests have been extended to cover these new algorithms.
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28837)
Simo Sorce [Thu, 9 Oct 2025 22:27:42 +0000 (18:27 -0400)]
Add serialization for SHA-2 digest contexts
This commit introduces the ability to serialize and deserialize the internal
state of SHA-2 digest contexts (SHA-256 and SHA-512 families).
This functionality is exposed via the new OSSL_DIGEST_SERIALIZATION parameter,
which can be used with EVP_MD_CTX_get_params() to retrieve the state and with
EVP_DigestInit_ex2() to restore it into a new context.
This allows an application to save the state of a hash operation and resume it
later, which is useful for process migration or for saving the state of long-
unning computations. A new test case has been added to verify this.
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28837)
Simo Sorce [Thu, 20 Nov 2025 15:25:47 +0000 (10:25 -0500)]
Add EVP digest context serialization
This commit introduces two new functions, EVP_MD_CTX_serialize and
EVP_MD_CTX_deserialize, to the EVP digest API.
These functions allow an application to save the state of a digest
context (EVP_MD_CTX) and restore it later. This is useful for
checkpointing long-running computations, enabling them to be paused
and resumed without starting over.
The implementation adds the OSSL_FUNC_DIGEST_SERIALIZE and
OSSL_FUNC_DIGEST_DESERIALIZE dispatch functions for providers to
supply this functionality.
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28837)
Bob Beck [Tue, 9 Dec 2025 16:01:16 +0000 (09:01 -0700)]
Add static_ASN1_SEQUENCE_END to the list of statment macros
This one is pretty special, we should ponder simplifying some of
the clever preprocessor stuff here, but for now..
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29359)
Matthias Kraft [Fri, 5 Dec 2025 16:52:28 +0000 (17:52 +0100)]
Enable send-/recvmmsg for AIX >= 7.2 and disable SUPPORT_LOCAL_ADDR.
AIX doesn't support this implementation for local addresses. The AF_INET
case is unimplemented when sending. The AF_INET6 case is limited to 110
messages. The limiting factor is currently unclear.
Fixes #29292
Signed-off-by: Matthias Kraft <Matthias.Kraft@ibm.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29334)
Niels Dossche [Mon, 8 Dec 2025 14:17:56 +0000 (15:17 +0100)]
Fix memory leak in error path of ec_gen_init()
ec_gen_set_params() can fail after some big numbers have already been
copied over. Those need to be cleaned to avoid a memory leak on failure.
This can be done with ec_gen_cleanup(), which is also consistent in how
the ecx_gen code does it.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29335)
Viktor Dukhovni [Sat, 6 Dec 2025 04:04:36 +0000 (15:04 +1100)]
The return value of RSA_*_{en,de}crypt() is signed
The functions RSA_(public|private)_(en|de)crypt() return a signed
result, in particular `-1` may be returned on error, so the caller
MUST treat the value as signed.
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29323)
George Wilson [Thu, 16 Oct 2025 15:41:26 +0000 (10:41 -0500)]
doc/man3: Add OPENSSL_ppccap.pod
This patch adds a man page documenting the OPENSSL_ppccap environment
variable that is analogous to capability environment variable man pages
for other architectures.
Fixes #17046
Signed-off-by: George Wilson <gcwilson@linux.ibm.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29230)
Joshua Rogers [Sat, 11 Oct 2025 22:19:29 +0000 (06:19 +0800)]
dtls: fix DTLSv1_listen msg_callback to report HelloVerifyRequest
DTLSv1_listen built the HelloVerifyRequest in wbuf but invoked
msg_callback with buf and DTLS1_RT_HEADER_LENGTH, and version 0.
That caused incorrect logging and could disclose the ClientHello
to write callbacks. Use wbuf and the actual record version for the
record header, and add a second callback that reports the handshake
message bytes. No change to on-wire behavior.
Signed-off-by: Joshua Rogers <MegaManSec@users.noreply.github.com> Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28916)
Joshua Rogers [Sat, 11 Oct 2025 06:19:28 +0000 (14:19 +0800)]
ktls_read_record(): Harden linux recv path
- drop tag subtraction in recv buffer sizing
- enforce MSG_EOR and reject MSG_CTRUNC
- zero prepended header bytes before recvmsg
Signed-off-by: Joshua Rogers <MegaManSec@users.noreply.github.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28861)
Carter Thaxton [Thu, 9 Oct 2025 02:20:25 +0000 (19:20 -0700)]
Fix regression when X509_V_FLAG_CRL_CHECK_ALL is set, while X509_V_FLAG_CRL_CHECK is clear
Fixes #28758
When X509_V_FLAG_CRL_CHECK is not set, the man pages document that X509_V_FLAG_CRL_CHECK_ALL is ignored.
Prior to 3.6.0, this was indeed the case.
In 3.6.0, the behavior changed, and setting X509_V_FLAG_CRL_CHECK_ALL began to imply X509_V_FLAG_CRL_CHECK.
This unfortunately breaks the majority of ruby installations, which relied on the documented behavior.
For consistency, this commit applies the same logic to the new X509_V_FLAG_OCSP_RESP_CHECK and X509_V_FLAG_OCSP_RESP_CHECK_ALL flags,
which are still undocumented as of 3.6.0.
All existing tests continue to pass. They also make the assumption that the xxx_CHECK_ALL flags are irrelevant unless xxx_CHECK is set.
We could add a new test for this regression. I'll leave that to another commit.
CLA: trivial
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28797)
Dmitry Misharov [Tue, 9 Dec 2025 16:39:14 +0000 (17:39 +0100)]
run codespell pre-commit hook on staged files only
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29360)
projects / 0xmirror / openssl.git / log