a new config option _no_rcu_ is added into HT_CONFIG. When _no_rcu_ is
set then hashtable can be guarded with any other locking primitives,
and behives as ordinary hashtable. Also, all the impact of the
atomics used internally to the hash table was mitigated.
RCU performance
# INFO: @ test/lhash_test.c:747
# multithread stress runs 40000 ops in 40.779656 seconds
No RCU, guarded with RWLOCK
# INFO: @ test/lhash_test.c:747
# multithread stress runs 40000 ops in 36.976926 seconds
Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28677)
When defining a custom hash function for a hashtable key, you typically start with:
HT_START_KEY_DEFN(key)
HT_DEF_KEY_FIELD(k, unsigned char *)
HT_END_KEY_DEFN(KEY)
In this setup, the hash function signature requires keybuf and len as
parameters rather than the hashtable key itself. As a result,
accessing members of the hashtable structure becomes awkward, since
you must do something like:
#define FROM_KEYBUF_TO_HT_KEY(keybuf, type) (type)((keybuf) - sizeof(HT_KEY))
static uint64_t ht_hash(uint8_t *keybuf, size_t keylen)
{
KEY *k = FROM_KEYBUF_TO_HT_KEY(keybuf, KEY *);
...
}
This kind of pointer arithmetic is both unnecessary and error-prone.
A cleaner approach is to pass the HT pointer directly into the hash
function. From there, you can safely cast it to the required type
without the pointer gymnastics.
Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28677)
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28688)
The linux-riscv64 test machine crashes due to unaligned data,
when the V extension is enabled, while QEMU seems to have no
problems with unaligned data.
So check for aligned data and fall back to C code in case the
input or output values are unaligned.
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28684)
When CMS_EncryptedData_set1_key is called repeatedly it will
leak data on the second call. This was because
cms->d.encryptedData was already set and needed to be cleared
before the call to M_ASN1_new_of.
Fixes: #28606
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28668)
Fixes CVE-2025-9232
There is a missing terminating NUL byte after strncpy() call.
Issue and a proposed fix reported by Stanislav Fort (Aisle Research).
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Fixes CVE-2025-9231
Issue and a proposed fix reported by Stanislav Fort (Aisle Research).
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Fixes CVE-2025-9230
The check is off by 8 bytes so it is possible to overread by
up to 8 bytes and overwrite up to 4 bytes.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28639)
EVP_PKEY_can_sign() assumed query_operation_name(OSSL_OP_SIGNATURE)
always returns a non-NULL string. According to the documentation,
query_operation_name() may return NULL, in which case
EVP_KEYMGMT_get0_name() should be used as a fallback.
Fixes#27790
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28620)
For now subsequent calls to OBJ_create() with identical inputs return
NID_undef. It may be better to return the previous NID in the future.
The real work actually happens in OBJ_add_object(). Duplicate compares
*all* the input object's fields with any of the objects found by lookup.
If these are identical, then necessarily all the lookups found the same
data, and we can return the existing nid in low-level calls via
OBJ_add_object() that specify the nid also. If any of the fields are
different the new object is not installed and NID_undef is returned.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28582)
This fixes the RSA-SM3 signatures to conform to the standard.
CLA: trivial
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28415)
The issue was reported by Ronald Crane from Zippenhop LLC.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28644)
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28535)
Since we no longer mutate the stack when finding, let us
make the stack pointers const.
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28532)
For unknown reasons using RW mutexes on RISC-V arch
seems to be broken, at least with glibc.
Fixes#28550
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28634)
The x509_store_add() creates X509_OBJECT wrapping either X509 or
X509_CRL. However, if you set the type to X509_LU_NONE before
X509_OBJECT_free then it skips the free on the wrapped type and just
calls OPENSSL_free on the object itself. Hence, leaking wrapped
object.
Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28631)
FreeBSD also added elf_aux_info() to the 11 branch and was shipped
with 11.4.
03444a7d43
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28581)
The put_str() helper of the internal ossl_property_list_to_string()
function failed to correctly check the remaining buffer length in a
corner case in which a property name or string value needs quoting,
and exactly one byte of unused space remained in the output buffer.
The only potentially affected calling code is conditionally compiled
(disabled by default) provider "QUERY" tracing that is executed only
when also requested at runtime. An initial fragment of the property
list encoding would need to use up exactly 511 bytes, leaving just 1
byte for the next string which requires quoting. Bug reported by
Aniruddhan Murali (@ashamedbit)
Noble Saji Mathews (@NobleMathews)
both from the University of Waterloo.
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/28624)
this adds another release/acquire link between update_qp and
get_hold_current_qp via the reader_idx because the current
one which is based on the qp users count is only preventing
a race condition, but does not help when the reader acquires
the next qp.
Fixes#27267
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28585)
This reverts commit dc5cd6f70a "rsa: expose pairwise consistency test API",
that has introduced ossl_rsa_key_pairwise_test() function, as the only user
has been removed in 7f7f75816f "import pct: remove import PCTs for most
algorithms".
Complements: 7f7f75816f "import pct: remove import PCTs for most algorithms"
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28557)
We seem to be using a lot of preprocessor gymnastics to avoid
having duplicate cases in a case statement depending on what
the host system defines these values to. We should not care.
If we don't bother with the case statement this becomes
easier to follow.
While we are here, pick up the reccomended windows2 values
that correspond with the POSIX values we already have
in here that we believe are "non-fatal", and condition
the codes to use on being windows or something POSIX.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28344)
The error label returned success (1) even on failure. Make it return failure (0) instead.
Fixes#28562
CLA: trivial
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28576)
If we have a comparison function, and the array was sorted,
check to see if we are inserting in the correct location.
if so do not clear is_sorted.
This allows for element locations found with OPENSSL_sk_find_ex
to be used to insert elements in the correct location and preserve
the sorting order without the need to sort the stack again.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28533)
Matt noticed "It's kind of weird that we are forced to call sort on
a newly created and empty stack. It feels like an empty stack should
have the "sorted" flag by default on creation"
I am incluined to agree. This change ensures tht empty or 1 element
stacks are marked as sorted, as per the existing comment in the
file.
Since this involved changing the various duplication routines to
also ensure that sorted was preserved for such stacks, I also
noticed the duplication code was largely duplicated. I
took the opportunity to deduplicate the duplication code while
making these changes.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28509)
We have several composite alg usages (i.e. MAC/KDF) which pick the right
digest implementation when using an engine, but fail to get the right
one when using a provider because we don't pass the propquery in a
parameter to their instantiation.
Fix them up by constructing the appropriate parameters
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28461)
Allocate table in ecp_nistz256_windowed_mul() and preComputedTable
in ecp_nistz256_mult_precompute() using OPENSSL_aligned_alloc_array() call
instead of OPENSSL_malloc with a 64-byte slack and manual pointer alignment
adjustement.
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28295)
There is little need to support alignments larger than a page size,
and the open-coded OPENSSL_aligned_alloc() implementation implements
that support in quite wasteful manner, so it is better just to limit
the maximum supported alignment explicitly. The value of 65536
has been chosen so it is architecture-agnostic and is no less than page sizes
used in commonly occurring architectures (and also it is a pretty number).
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28295)
While posix_memalign() is generally not expected to fail, we can always use
the internal aligned alloc implementation to ensure that any
OPENSSL_aligned_malloc failure is indeed fatal and does not require
a fallback.
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28295)
Factor the open-coded aligned allocation implementation in a separate
file and use it instead of just returning NULL in CRYPTO_aligned_alloc
implementation in the FIPS provider.
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28295)
Originally, CRYPTO_aligned_alloc() returned NULL if OpenSSL was built
with OPENSSL_SMALL_FOOTPRINT defined, which is a weird place for such
a consideration; moreover it means that every caller requires to
implement some form of a fallback (and manually over-allocate
and then align the returned memory if the alignment is a requirement),
which is counter-productive (and outright ridiculous in environments
with posix_memalign() available). Move the OPENSSL_SMALL_FOOTPRINT
consideration to the only current caller and update the documentation
and tests accordingly.
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28295)
Check the that the indicated output buffer length is large enough.
Fix EVP_SealInit() to initialise the output buffer length to the RSA
modulus length, not the input KEK length.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28517)
Switching from ANSI-C we can use implementation of printf like
function provided by libc on target platform. This applies
starting from 3.6 and onwards.
The slight exception here is old windows printf functions
before 2015, those are supported.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28305)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28482)
Both are updates to reduce the OSSL_PARAM_locate related searching.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28360)
Frederik Wedel-Heinen
Nikola Pajkovsky
zhoulu
DONGGEUN YOO
Bernd Edlinger
Ryan Hooper
Tomas Mraz
Viktor Dukhovni
Bob Beck
Daniel Kubec
xiaoloudongfeng
Brad Smith
Luigino Camastra
Eugene Syromiatnikov
rodeka
fengpengbo
Neil Horman
sashan
Dr. David von Oheimb
Pauli