Expose the EC field degree as a gettable parameter for both provided
and legacy EC keys. In the latter case, drop a spurious assertion,
since even in debug builds an application may try to get an unknown
parameter, and this should return an error rather than abort.
In the EC `TEXT` encoding format, instead of reporting the bit count of
the group order, report the field degree (which matches the size number
in the curve's name when present) and also the symmetric-equivalent
security-bits (adjusted down the the standard numbers (80, 112, 128,
192, 256).
Along the way, add a missing getter method for the EC_GROUP security
bits.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
MergeDate: Thu Jan 15 16:10:26 2026
(Merged from https://github.com/openssl/openssl/pull/29539)
During a release cycle we always wind up going through our git history
to try make sure we caught all the stuff that needed a CHANGES/NEWS
entry. Lets try make that at least a little more automated here. PR's
that reference CVEs, come from feature branches or impact public apis
generally need a NEWS/CHANGES entry, so lets flag those during CI. It
should serve as a reminder to add entries to NEWS/CHANGES to prs meeting
the above criteria, and can be ignored via the application of the
no_news_changes_needed label to the PR.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Norbert Pocs <norbertp@openssl.org>
MergeDate: Tue Jan 13 19:17:37 2026
(Merged from https://github.com/openssl/openssl/pull/29536)
SSL_free(conn_ssl) for a QCSO enters ossl_quic_free, which calls qc_cleanup.
qc_cleanup already frees qc->tls via SSL_free(qc->tls) and then frees qc->ch.
The additional SSL_free(ossl_quic_channel_get0_tls(new_ch)) releases the same
TLS a second time, which is redundant.
We also replace some of the pure condition checks with ossl_assert() checks
as these conditions cannot really fail.
Signed-off-by: Joshua Rogers <MegaManSec@users.noreply.github.com>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Mon Jan 12 18:54:07 2026
(Merged from https://github.com/openssl/openssl/pull/28920)
Just like in previous commit, this define does not represent a toggleable
feature, but is entirely dependent on the OPENSSL_SMALL_FOOTPRINT define.
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Mon Jan 12 18:44:27 2026
(Merged from https://github.com/openssl/openssl/pull/29204)
Just like in previous commit, this define does not represent a toggleable
feature, but is entirely dependent on the OPENSSL_SMALL_FOOTPRINT define.
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Mon Jan 12 18:44:25 2026
(Merged from https://github.com/openssl/openssl/pull/29204)
It does not represent a feature that some arch may or may not possess, but
instead is entirely dependent on the OPENSSL_SMALL_FOOTPRINT option.
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Mon Jan 12 18:44:24 2026
(Merged from https://github.com/openssl/openssl/pull/29204)
Use BIO_free() to free "in" if error occurs to avoid memory leak.
Moreover, add check for "out" to avoid NULL pointer dereference.
Also replace OPENSSL_assert with return.
Fixes: e599d0a ("Add CMP fuzzing to fuzz/cmp.c, including a couple of helpers in crypto/cmp/")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Mon Jan 12 18:40:14 2026
(Merged from https://github.com/openssl/openssl/pull/27920)
In PR #29145 a new OSSL_LIB_CTX_SSL_CONF_IMODULE was added, but
the OSSL_LIB_CTX_MAX_INDEXES value was left behind.
This should probably be converted to an enum, but I'll leave that work
to some other brave soul.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29581)
recvfrom() may return WSAECONNRESET when the destination port
used in a previous sendto() call is no longer available. This
causes QUIC PORT to swich from running state. This behavior
is not desired for QUIC protocol. The trick is to disable
SIO_UDP_CONNRESET flag on UDP port used by QUIC.
The issue was kindly reported and root caused by goforit22123-netizen@
Fixes: #29530
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Norbert Pocs <norbertp@openssl.org>
MergeDate: Mon Jan 12 10:27:25 2026
(Merged from https://github.com/openssl/openssl/pull/29538)
Now that EVP_PKEY_ASN1_METHODs have been removed from the public API we
need to update the documentation accordingly. They still exist internally
and so some references are still appropriate in the internal documetnation.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29405)
Now that the ability to register a custom EVP_PKEY_ASN1_METHOD has
been removed in an earlier commit, we can now remove the functions that
are used to create a custom EVP_PKEY_ASN1_METHOD.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29405)
We remove the ability to add application defined EVP_PKEY_ASN1_METHODs
via the `EVP_PKEY_asn1_add0()` function. We also remove the related function
`EVP_PKEY_asn1_add_alias()`.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29405)
