35119 Commits

All Branches

Search

Author	SHA1	Message	Date
openssl-machine	8d1e59d307	Prepare for release of 3.2.5 ... Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes	2025-07-01 12:06:25 +00:00
openssl-machine	866ad296b1	make update ... Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes	2025-07-01 12:06:23 +00:00
openssl-machine	e9d98629ed	Copyright year updates ... Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes	2025-07-01 12:04:53 +00:00
Neil Horman	4d03e3ec76	dd 32-news ... Reviewed-by: Matt Caswell <matt@openssl.org> Release: yes (Merged from https://github.com/openssl/openssl/pull/27930)	2025-07-01 12:46:06 +01:00
noctuelles	7bd5c27a8b	fix: msg callback in dtls1_do_write that incorrectly shows message (like a certificate) that spans over multiple fragments. ... Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27811) (cherry picked from commit de5a619aa0)	2025-06-30 11:25:59 +01:00
Christian Vögl	15ddbf5b18	Fix nullpointer dereference in OSSL_PARAM_merge ... OSSL_PARAM_merge contained an error, where a nullpointer was dereferenced when both parameter arrays ended with the same key Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27910) (cherry picked from commit 63cb8f99a1)	2025-06-30 11:14:33 +01:00
Dmitry Belyavskiy	729048592e	Better lookup for openssl executable ... Fixes #27891 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27895) (cherry picked from commit fa0c67a28a)	2025-06-30 10:43:34 +01:00
Neil Horman	49ad74a484	Fix exit code for s_time when -new command line switch specified ... When operating with the -new switch in apps/openssl s_time, we neglect to set the exit code properly, and so the app exits with a code of 1 rather than 0 as expected Fixes #27856 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/27857) (cherry picked from commit b6ff559853)	2025-06-20 15:44:13 -04:00
Neil Horman	1ec432bd14	Fix buggy stringop-overflow error on s390 ... Despite some recent changes to our s390 builds, we're still seeing errors due to some stringop-overflow warnings: https://github.com/openssl/openssl/actions/runs/15748518222/job/44389197443 It appears to be caused because the static analysis that gcc preforms in gcc 12 (the version of the compiler on our s390 runner), fails to infer the proper sizes of the buffer on which we do the reverse memcpy in swap_copy(), resulting in warnings, which on --strict-warnings builds, breaks us. Fix it by using inlen rather than outlen to limit the copy length, adjusting it if need be to match the size of the output buffer in le_copy(). This allows the compiler to properly infer the array length constraints and suppress the warnings. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27864) (cherry picked from commit 837592dcd9)	2025-06-20 11:01:18 -04:00
Levi Zim	b470a12115	Avoid potential double close of client_skt in sslecho ... The server_running variable is declared as volatile and some comments in the code are mentioning about implementing CTRL+C handler in the future. In the client handling loop, the client_skt is closed at the end of the loop if server_running is true. If (future) CTRL+C handler changes server_running to false at this time. The next accept will not happen and the exit clean up code will close client_skt for the second time. This patch fixes this potential double close by setting client_skt back to -1 after closing it. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27405) (cherry picked from commit 48e3fe0863)	2025-06-20 15:45:26 +01:00
Matt Caswell	d86a758bf1	Ensure we pass the user SSL object for the SSL_set_verify callback ... When calling the verify callback we need to ensure we supply the user SSL object, and not any internal SSL object. Fixes #27830 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27848) (cherry picked from commit 3695409c4c)	2025-06-19 14:06:57 +01:00
Matt Caswell	d5b5c328fd	Allow our *_gen_cleanup functions to tolerate a NULL ctx ... Our *_gen_cleanup functions are essentially "free" functions. Our free functions tolerate NULL being passed. We are being inconsistent with our *_gen_cleanup functions. Some of them tolerate NULL and others do not. We should consistently tolerate NULL. See also #27795 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27813) (cherry picked from commit 743bae4a22)	2025-06-14 10:44:17 -04:00
noctuelles	67ee65ffa8	fix: Better documentation on DTLS_set_timer_cb() ... Also more precise description of DTLS timeout mechanism. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27800) (cherry picked from commit 49885aebe7)	2025-06-13 12:49:29 +02:00
JiashengJiang	71a48fd39c	test/helpers/quictestlib.c: Use goto instead of return to avoid memory leak ... When TEST_ptr(*cssl) fails, bdata should be freed to avoid memory leak. Fixes: a55b689 ("Use reported short conn id len in qtestlib") Signed-off-by: JiashengJiang <jiasheng@purdue.edu> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27599) (cherry picked from commit de1e4989d5)	2025-06-13 12:30:17 +02:00
Bartel Artem	6c93fa3919	return NULL if gctx allocation fails. ... Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27795) (cherry picked from commit 443298e0f0)	2025-06-12 08:57:20 -04:00
Bartel Artem	5d411df55c	check gctx for NULL before cleanup. ... Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27795) (cherry picked from commit 02f9c9342d)	2025-06-12 08:55:05 -04:00
Ingo Franzki	3eae15c0b4	Silence -Wstringop-overflow warnings with gcc 14 on s390x ... Compiling OpenSSL on s390x with gcc 14 (i.e. in Fedora 41) shows several -Wstringop-overflow warnings in providers/implementations/rands/drbg_ctr.c and test/params_api_test.c. Add explicit length checks to let the compiler know that it won't overrun the buffer. This also silences the warnings. Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27710) (cherry picked from commit 9a788281d9)	2025-06-10 19:49:57 +02:00
Viktor Dukhovni	974f8bb198	Allow keygen after dup of minimal PKEY ctx ... It should be possible to repeatedly duplicate a PKEY CTX created via EVP_PKEY_CTX_new_from_name() that has not yet been assigned an "operation" (e.g. via EVP_PKEY_CTX_keygen_init()), and then perform keygen_init() and keygen() on the duplicated copies. When the operation is not yet set, all that's needed is to not try to use the key if one isn't set yet. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27662) (cherry picked from commit 2c74a8d1ef)	2025-06-10 19:44:27 +02:00
Daniel Van Geest	b482ce42e4	Fix SHAKE AlgorithmIdentifier encodings ... NIST CSOR specifies that the id-shake128 and id-shake256 algorithm identifiers, like the SHA-3 ones, do not carry any parameters. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27190) (cherry picked from commit bef03c6a24)	2025-06-10 19:42:31 +02:00
yexiaochuan	cef0c0b348	fix: add parsing check in TLS compress_certificate extension handler ... The tls_parse_compress_certificate function was missing validation for trailing bytes after parsing the algorithm list, violating RFC8446 section 4.2 which requires sending a decode_error alert for unparseable messages. This commit adds a check for remaining bytes in the packet after the while loop and sends SSL_AD_DECODE_ERROR if any trailing bytes are found. Fixes #27717 CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27733) (cherry picked from commit 8e787b1028)	2025-06-10 19:40:10 +02:00
Pauli	98056c1df4	rand: add argument error checking to EVP_RAND_nonce() ... Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27766) (cherry picked from commit a2cd7ecd75)	2025-06-09 10:27:59 +02:00
Pauli	597ba30085	rand: document the EVP_RAND_nonce() return correctly ... Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27766) (cherry picked from commit e81b252a95)	2025-06-09 10:27:59 +02:00
Pauli	f60b527812	rand: produce correct return from EVP_RAND_nonce ... Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27766) (cherry picked from commit a2b9120d15)	2025-06-09 10:27:58 +02:00
Pauli	64cd33b56e	rand: fix memory overrun bug ... Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27766) (cherry picked from commit da585e214c)	2025-06-09 10:27:57 +02:00
Pauli	ce1b7acaee	rand: add unit test exhibiting memory overrun ... Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27766) (cherry picked from commit 6d490a92fe)	2025-06-09 10:27:56 +02:00
Neil Horman	54acfafeff	Add a test to confirm that we can repeatedly create and destroy keys ... Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27775) (cherry picked from commit b994ce4088)	2025-06-06 14:13:46 -04:00
Neil Horman	6429c55c40	Allow for reuse of thread_local keys in threads_none ... If openssl is configured with no-threads, the implementation has a hard limit of 256 LIB_CTX values, as each LIB_CTX allocates a thread local key, and we never reuse them (like libc does when using pthread_key_create/destroy. Improve the situation by allowing for marking freed keys as unsued and searching for an available key when allocating Fixes #27757 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27775) (cherry picked from commit b6d01d1b1f)	2025-06-06 14:13:45 -04:00
Neil Horman	397130b0c3	Remove _strlen31 ... This function is old and fairly broken. Code archeology in our git tree hasn't revealed why it was creted (though it may have possibly been to support older win32 systems that couldn't do 64 bit integers properly, like windows 95/98). There seems to be no good reason to keep it around, and given that it has potentially serious side effects, lets just remove it. Fixes #27761 Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27763) (cherry picked from commit b0d363a2cb)	2025-06-06 10:08:45 +02:00
Neil Horman	81d286edd1	Fix use of IO::Socket::IP on windows 2025 ... Apparently IO::Socket::IP has several odd behaviors on windows 2025, notably indicating that AF_INET6 isn't a supported family when it clearly is. Follow the pattern in determinig the haveIPV6 variable in Proxy.pm, and record if we determine IPv6 availablity with the IP class or the INET6 class and use the same method when testing port binding Fixes project/#1213 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> (Merged from https://github.com/openssl/openssl/pull/27780) (cherry picked from commit ae404a9b3b)	2025-06-06 09:39:02 +02:00
Neil Horman	89a4ef3849	Test randomly selected client port for availabilty in sslrecords test ... Encountered this error in a pr today: https://github.com/openssl/openssl/actions/runs/15418713146/job/43387767612 === Proxy started on port [::1]:56662 Engine "ossltest" set. Using default temp DH parameters ACCEPT [::1]:59189 Server responds on [::1]:59189 Engine "ossltest" set. C0774F02907F0000:error:80000062:system library:BIO_bind:Address already in use:crypto/bio/bio_sock2.c:240:calling bind() C0774F02907F0000:error:10000075:BIO routines:BIO_bind:unable to bind socket:crypto/bio/bio_sock2.c:242: connect:errno=98 === Its occuring because we randomly select a port to use for our client connection in the sslrecords test. Thats usually fine, but sometimes, we get unlucky and pick a port thats already in use. This presents as random failures in our CI on this test. So lets try harden ourselves against it. When creating the client connection, test the randomly selected port by trying to bind to it via a call to IO::Socket::IP->new(). If that fails, try a different port number, until we get one that works. If it works, use that port in the assignment for the clients local port value. Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27752) (cherry picked from commit f78f824c8e)	2025-06-05 10:32:44 -04:00
Dr. David von Oheimb	56d12310d4	apps/x509.c: re-add ERR queue printing on errors ... Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27739) (cherry picked from commit ac85974bc3)	2025-06-04 17:45:03 +02:00
Viktor Dukhovni	1d4260c1a9	Split arguments taking quotes into account ... CA.pl supports interpolating multiple arguments into the executed commands. Previously these were evaluated by a shell, which supported quoting of values that contain whitespace, backslashes, ... With a shell no longer used (avoid command injection), backwards compatibility requires some similar functionality. The code now handles double and single-quoted strings (shell-style word splitting), but not parameter expansion ($foo remains unexpanded) or command substitution (`cmd` and $(cmd) remain unexpanded). On Windows system(@LIST) does not correctly preserve argv, do our own quoting instead and use system(<$quoted_cmd>). Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27432) (cherry picked from commit 287bbb28b0)	2025-06-04 17:34:46 +02:00
Viktor Dukhovni	bdb9184aa6	Avoid shell commandline processing in CA.pl ... The CA.pl script used to build single-string string commandlines to pass to a shell via `system(command_string)`. That was fragile and not a best practice. This PR replaces `system(command_string)` with `system { executable } @argv`, which avoids the shell whenever possible (at least Unix-like systems and Windows). The only question mark is whether some sort of quoting is needed for VMS to preserve the case of commandline arguments even when processes are spawned directly, rather than via the shell. Unfortunately, given the way that some environment variables and command-line options are used to construct the commands to run, the result is still brittle. The CA.pl utility really should be replaced with something better. Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27432) (cherry picked from commit 0b1bdef38e)	2025-06-04 17:34:45 +02:00
Matt Caswell	7b001e5a10	Add a CHANGES.md entry regarding no_renegotiation alert ... Highight the bug being fixed for DTLS users Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27591) (cherry picked from commit df5dff26ef)	2025-06-04 17:29:46 +02:00
Matt Caswell	6819a067f6	Update documentation regarding no_renegotiation handling ... Clarify what happens in the event that a no_renegotiation alert is received. Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27591) (cherry picked from commit 0db6a59ea7)	2025-06-04 17:29:43 +02:00
Matt Caswell	8ab78c8c74	Test that a no_renegotiation alert is handled correctly ... If we receive a no_renegotiation alert we should abort the connection. We add a test for this. Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27591) (cherry picked from commit 7f6e66b048)	2025-06-04 17:29:39 +02:00
Matt Caswell	1e2ed8e224	Fix DTLS handling when receiving a no_renegotiation alert ... no_renegotiation is a warning alert sent from the server when it is not prepared to accept a renegotiation attempt. In TLS we abort the connection when we receive one of these - which is a reasonable response. However, in DTLS we incorrectly ignore this and keep trying to renegotiate. We bring the DTLS handling of a no_renegotiation alert into line with how TLS handles this. In versions prior to 3.2 handling of a warning alert in DTLS was mishandled resulting in a failure of the connection, which ends up being the right thing to do "by accident" in the case of "no_renegotiation". From 3.2 this mishandling was fixed, but exposed this latent bug. Fixes #27419 Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27591) (cherry picked from commit e5feca0659)	2025-06-04 17:29:34 +02:00
Dmitry Misharov	dc3a5950aa	ci: remove windows-2019 runner images ... According to https://github.com/actions/runner-images/issues/12045 The Windows 2019 Actions runner image will begin deprecation on 2025-06-01 and will be fully unsupported by 2025-06-30. Jobs using the windows-2019 YAML workflow label should be updated to windows-2022, windows-2025 or windows-latest. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27749) (cherry picked from commit 19dfc4672a)	2025-06-04 16:43:15 +02:00
Nicky Mouha	a20fb32d52	Regression test for incorrect HMAC API usage ... Fixes #13210 Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/27692) (cherry picked from commit a5d1eadde1)	2025-06-03 14:33:41 +02:00
Frederik Wedel-Heinen	aa33fc08c5	Handle 0 return values from DH key computations as errors ... Returned 0 from ossl_dh_compute_key(), DH_compute_key_padded() and DH_compute_key() needs to be treated as an error. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27673) (cherry picked from commit 1c1ce2a6ee)	2025-06-03 14:28:47 +02:00
Jai S	cad59670f2	Use value barrier for constant_time_cond_swap_* ... Resolves #27497 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27581) (cherry picked from commit 8a9e0d0f49)	2025-06-03 14:25:45 +02:00
Tomas Mraz	9d3fc3caa2	Document that FIPS provider cannot be used by multiple libcryptos ... Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/27702) (cherry picked from commit 08b2042a20)	2025-05-30 08:09:35 +10:00
JiashengJiang	9647fbad35	test/evp_test.c: Free fetched_digest on error to avoid memory leak ... Call EVP_MD_free() to release fetched_digest if OPENSSL_zalloc() fails, preventing a memory leak. Fixes: 2208ba56eb ("evp_test: Add the missing check after calling OPENSSL_malloc") Signed-off-by: JiashengJiang <jiasheng@purdue.edu> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27648) (cherry picked from commit e8deb32af4)	2025-05-29 16:42:07 +02:00
JiashengJiang	54e738bdcb	crypto/property/property.c: Free impl->method to avoid memory leak ... After ossl_method_up_ref() succeeds, impl_free() should be called to free impl->method. Fixes: 860ecfd ("property: check return values from the property locking calls.") Signed-off-by: JiashengJiang <jiasheng@purdue.edu> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27564) (cherry picked from commit 00c531a5e3)	2025-05-29 16:40:42 +02:00
AntonMoryakov	c4019b581d	apps: lib: Prevent potential NULL dereference in init_client() ... apps: lib: Simplify ba_ret handling in init_client() Simplify logic around ba_ret assignment: - Fail early if ba_ret == NULL - Assign directly otherwise, without checking *ba_ret This avoids extra nesting and matches OpenSSL's conventions. CLA: trivial Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com> Co-authored-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26783) (cherry picked from commit 3161f460fa)	2025-05-29 16:38:40 +02:00
Viktor Dukhovni	66c043e5cc	Note finished state in cipher BIO EOF ... When the cipher BIO encounters a non-retriable EOF (or error), mark the state as "finished", else a subsequent BIO_flush() or attempted read may attempt to finalise the crypto state again, and fail, leading, for example, to users seeing erroneous apparent decryption failure. This is not a new problem, the fix should be backported to all supported releases. It was made more apparent by recent changes to the base64 BIO, which returns a non-retriable EOF when padding is seen at the end of the base64 data, even if the underlying next BIO is "retriable". Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27680) (cherry picked from commit 005fa3e00e)	2025-05-29 16:03:11 +02:00
Norbert Pocs	254bce41f2	Document EVP_CIPHER failure for missing provider function ... When writing a new CIPHER implementation the OSSL_FUNC_cipher_get_params must be present, otherwise the fetch fails. This behaviour is seen in function evp_cipher_cache_constants@crypto/evp/evp_lib.c. Resolves: #25801 Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27696) (cherry picked from commit 3423c30db3)	2025-05-28 10:36:25 +02:00
JiashengJiang	a381691377	crypto/pkcs7/pk7_smime.c: Add BIO_free() to avoid memory leak ... Add BIO_free() to free tmpout if OPENSSL_malloc() fails to avoid memory leak. Fixes: 8e70485 ("RT3955: Reduce some stack usage") Signed-off-by: JiashengJiang <jiasheng@purdue.edu> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27631) (cherry picked from commit 9882d389df)	2025-05-27 19:49:43 +02:00
JiashengJiang	c8cf313d89	apps/pkeyutl.c: Add OPENSSL_free() to avoid a memory leak ... If EVP_PKEY_CTX_ctrl_str() fails, the code jumps to 'end' label without freeing passwd, causing a memory leak. Fixes: 9d1bf5f7de ("Add option to read pkeyopts interactively") Signed-off-by: JiashengJiang <jiasheng@purdue.edu> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27470) (cherry picked from commit 0dc6ea55a1)	2025-05-27 19:47:53 +02:00
widneve	976a771cb9	Fix memory leaks after failure of PKCS7_add_signed_attribute() ... If PKCS7_add_signed_attribute fails, seq never escapes out of the callee and will therefore result in a memory leak. This is similar to ed3d277127. CLA: trivial Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27670) (cherry picked from commit 6543f34dda)	2025-05-23 17:37:23 +02:00