Now that EVP_PKEY_ASN1_METHODs have been removed from the public API we
need to update the documentation accordingly. They still exist internally
and so some references are still appropriate in the internal documetnation.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29405)
Now that the ability to register a custom EVP_PKEY_ASN1_METHOD has
been removed in an earlier commit, we can now remove the functions that
are used to create a custom EVP_PKEY_ASN1_METHOD.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29405)
We remove the ability to add application defined EVP_PKEY_ASN1_METHODs
via the `EVP_PKEY_asn1_add0()` function. We also remove the related function
`EVP_PKEY_asn1_add_alias()`.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29405)
Somewhere in our conversion from .c files to .inc files for our rand
providers, we created code in drbg_hmac_set_ctx_params_locked to fetch
our digest and hmac when creating the rand instance. However, the
function drbg_fetch_algs_from_prov only fetched our digest for this rand
type, not the hmac, and returned 1 while doing so, indicating success.
This is problematic because it means that we never wind up fetching an
HMAC for this rand type. As a result we never compute the strength of
the DRBG and so any attempt to seed it fails.
Ensure that, if we load a digest for this DRBG, we also fetch an HMAC,
and fail if we can't do so, so the HMAC-DRBG is useful.
Fixesopenssl/private#853
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29560)
OpenSSL's build file (Makefile) handles library directories via two
variables, 'LIBDIR' and 'libdir', where the former is empty when the
path given through ./Configure's '--libdir' is absolute.
This was forgotten when treating the resulting values in,
util/mkinstallvars.pl, which got libdir in exporters/libcrypto.pc
to not be quite right if .Configure was called with a '--libdir'
with an absolute path.
The fix turns out to be quite easy.
Resolves: https://github.com/openssl/openssl/issues/28779
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29540)
Due to an out of memory error, the i2d_ASN1_TYPE might fail
and cause a segfault.
This adds a missing check for NULL pointer and a test case
that exercises IMPLICIT and EXPLICT tagging in generate_v3,
since there was no test coverage at all for this code section.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Thu Jan 8 10:13:43 2026
(Merged from https://github.com/openssl/openssl/pull/29545)
Report of the static analyzer:
Function 'OCSP_cert_to_id' may return NULL on allocation failure,
but its return value is dereferenced in 'OCSP_id_issuer_cmp'
without prior NULL check at ocsp.c:1088. This can lead to a null
pointer dereference and cause a segmentation fault, resulting
in a denial-of-service (DoS) condition. Although such failures
are rare, an attacker could potentially trigger them under memory
pressure. All other calls to 'OCSP_cert_to_id' in the codebase
(e.g., add_ocsp_cert, add_ocsp_serial) properly check for NULL,
making this instance a clear omission.
Correct explained:
Added a NULL check after calling OCSP_cert_to_id() when creating
'ca_id' inside the issuer lookup loop. If the allocation fails, the
function now safely returns an internal error response instead of
risking a crash. This change aligns the code with existing
error-handling patterns in the same file and improves robustness
against resource exhaustion attacks.
Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Thu Jan 8 09:01:09 2026
(Merged from https://github.com/openssl/openssl/pull/29033)
The base64_simdutf test has a printf statement inside a double for loop
that causes a huge amount of latency when run under our perl scripts.
Average run time on my system is about 1min 58 seconds.
We shouldn't be using a printf statement there anyway (likely TEST_info
instead), but we don't need that either, so just remove the printf
entirely. This decreases the run time to around a second to complete.
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29542)
Replace #ifdef FIPS_MODULE with OSSL_PROVIDER_available() runtime check
in ecdsatest.c. The compile-time check is not meaningful for test cases
as the test binary may be compiled without FIPS_MODULE but run with the
FIPS provider loaded.
Fixes#28255
CLA: trivial
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29527)
* Modified the parsing logic to handle space-followed-by-comma patterns
* Updated the separator skipping logic to process at most one comma while allowing multiple spaces
* Added a test case with a mixed DNS and IP SAN entry that includes the problematic spacing pattern
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Norbert Pocs <norbertp@openssl.org>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28471)
There is a memory leak of the addrinfo struct when
`./openssl s_server -dtls -sctp -accept 127.0.0.1:4433`
is used, but `sysctl -w net.sctp.auth_enable=1`
is not done before.
Additionally this fixes an oversight, when
`./openssl s_client -dtls -sctp -connect localhost:4433`
is used to connect to above server.
The first connect attempt is to IPv6 ::1, which might fail,
but the second attempt might still succeed, so continue to
try all addesses even when the SCTP socket fails for one of them.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29541)
