Expose the EC field degree as a gettable parameter for both provided
and legacy EC keys. In the latter case, drop a spurious assertion,
since even in debug builds an application may try to get an unknown
parameter, and this should return an error rather than abort.
In the EC `TEXT` encoding format, instead of reporting the bit count of
the group order, report the field degree (which matches the size number
in the curve's name when present) and also the symmetric-equivalent
security-bits (adjusted down the the standard numbers (80, 112, 128,
192, 256).
Along the way, add a missing getter method for the EC_GROUP security
bits.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
MergeDate: Thu Jan 15 16:10:26 2026
(Merged from https://github.com/openssl/openssl/pull/29539)
Just like in previous commit, this define does not represent a toggleable
feature, but is entirely dependent on the OPENSSL_SMALL_FOOTPRINT define.
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Mon Jan 12 18:44:27 2026
(Merged from https://github.com/openssl/openssl/pull/29204)
Just like in previous commit, this define does not represent a toggleable
feature, but is entirely dependent on the OPENSSL_SMALL_FOOTPRINT define.
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Mon Jan 12 18:44:25 2026
(Merged from https://github.com/openssl/openssl/pull/29204)
It does not represent a feature that some arch may or may not possess, but
instead is entirely dependent on the OPENSSL_SMALL_FOOTPRINT option.
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Mon Jan 12 18:44:24 2026
(Merged from https://github.com/openssl/openssl/pull/29204)
Now that the ability to register a custom EVP_PKEY_ASN1_METHOD has
been removed in an earlier commit, we can now remove the functions that
are used to create a custom EVP_PKEY_ASN1_METHOD.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29405)
We remove the ability to add application defined EVP_PKEY_ASN1_METHODs
via the `EVP_PKEY_asn1_add0()` function. We also remove the related function
`EVP_PKEY_asn1_add_alias()`.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29405)
Due to an out of memory error, the i2d_ASN1_TYPE might fail
and cause a segfault.
This adds a missing check for NULL pointer and a test case
that exercises IMPLICIT and EXPLICT tagging in generate_v3,
since there was no test coverage at all for this code section.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Thu Jan 8 10:13:43 2026
(Merged from https://github.com/openssl/openssl/pull/29545)
It's only use was to do some somewhat confused cruftery
inside of ossl_asn1_time_to_tm as a special case to
implement ASN1_TIME_set_string_X509.
As it turns out, you don't need the cruftery of a special
case inside of ossl_asn1_time_to_tm to implement this
function, so the flag is completely unnecessary.
This removes flag, and simplifies this to work without it.
It removes the cruft only from ossl_asn1_time_to_tm,
minimally. This function really needs some cleanup and
makes my eyes bleed but I am resisting the temptation
to do that with this PR and making this a the minimal
change needed for review. I will clean up that function
in a follow on pr.
As tests on the behaviour of ASN1_TIME_set_string_X509
were added with it, Beyonce dances happily for me and I
only need to pass the existing tests, not write as bunch
of new ones.. .
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29187)
Recently, the addition of some vector register save restore logic from:
https://github.com/openssl/openssl/pull/28990
Triggered an issue in our quic_multistream_test, notably causing a
connection shutdown with error code 1, rather than successful
completion.
The problem has been root caused to an error in how the ppc aes code
saves and restores vector registers.
The aes gcm code uses VSR instructions (vsldoi, etc), to maniuplate
vector registers, which only operate on the upper half of the vector
register file (VS32-63), and operands are implicitly offset to do this.
(i.e. <instr> v31 actually operates on register vs63).
However, the SAVE/RESTORE macros which save and restore those values use
stxv/lxv instructions to do the save and restore, which are VSX
instructions that have access to the full vector register file, and so
by restoring V1, rather than V33, etc, we actuall restore values to the
wrong registers, causing various issues (most notably the above
misconfiguration of the quic SSL shutdown event, which sets the error
code erroneously to 1 instead of the expected 0 value).
Fix it by offsetting the SAVE_REGS and RESTORE_REGS macros to reference
the proper registers when doing save and restore.
Fixes#29516
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29528)
RISC-V Cryptographic Vector Extension provides ZVK instructions which
can be used to accelerate SM3 computing.
By calculating SHA512 performance on C930 FPGA, it is proven that sm3
speed is improved from 120695K to 323844K.
Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29264)
The key improvements include:code formatting unification、instruction scheduling optimization、register allocation strategy update、updates to addition/subtraction carry and borrow flag handling.
These enhancements aim to improve both the code maintainability and its execution performance, particularly on out-of-order RISC-V cores.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29438)
In the bn_sqr8x_mont function, a comment describing the accumulation step for the partial product a[1]*a[0] incorrectly referenced the low part ('lo') of the product. The value being added to the temporary register t[2] is actually the high part ('hi') of that multiplication.
Correct the comment from "t[2]+lo(a[1]*a[0])" to "t[2]+hi(a[1]*a[0])".
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29436)
This patch is dedicated to improve SHA512 speed with RISCV
Cryptographic Vector Extension.
Below performance output is calculated by Xuantie C930 FPGA with VLEN256.
- sha512 speed might be improved from 197032K to 1010986KB
Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29263)
