Ything-RepoMirrors/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2026-01-25 11:07:00 +00:00
Code Issues Packages Projects Releases Wiki Activity
38,829 Commits 37 Branches 420 Tags
master
Commit Graph

4394 Commits

Author SHA1 Message Date
Viktor Dukhovni
aa4802204b Enable signing of empty files with pkeyutl 
The allocated buffer for the file contents is then zero bytes long,
which `app_malloc()` used to refuse.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Tue Jan 20 18:17:12 2026
(Merged from https://github.com/openssl/openssl/pull/29613)
 2026-01-20 19:17:06 +01:00
Nikola Pajkovsky
7e535fe6b1 apps: check OPENSSL_uni2utf8 return value 
Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org>

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29590)
 2026-01-14 11:26:59 +01:00
Bob Beck
c082649033 Ensure ASN1 types are checked before use. 
Some of these were fixed by LibreSSL in commit aa1f637d45
this fix includes the other fixes in that commit, as well as fixes for others found by a scan
for a similar unvalidated access paradigm in the tree.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29582)
 2026-01-13 12:11:18 +01:00
Heath Dutton🕴️
d2e4f588b6 apps/speed.c: support algorithm name aliases in kem and sig lookup 
Fixes #29355

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/29571)
 2026-01-12 12:31:19 +01:00
Matt Caswell
f9f6d5666a Remove the ability to query the internal EVP_PKEY_ASN1_METHODs 
Previously there were a few functions where you could obtain a handle
on registered EVP_PKEY_ASN1_METHODs and query information about them.
We remove the capability.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29405)
 2026-01-09 15:52:12 +00:00
JohnnySavages
c8bae42190 Remove unnecessary argc assign 
Found by Linux Verification Center (linuxtesting.org) with SVACE.

CLA:trivial

Reviewed-by: Norbert Pocs <norbertp@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Thu Jan  8 10:03:55 2026
(Merged from https://github.com/openssl/openssl/pull/29457)
 2026-01-08 11:03:40 +01:00
Anton Moryakov
5e2e7c60d3 apps: ocsp.c: fix null dereference in ocsp_response 
Report of the static analyzer:
Function 'OCSP_cert_to_id' may return NULL on allocation failure,
but its return value is dereferenced in 'OCSP_id_issuer_cmp'
without prior NULL check at ocsp.c:1088. This can lead to a null
pointer dereference and cause a segmentation fault, resulting
in a denial-of-service (DoS) condition. Although such failures
are rare, an attacker could potentially trigger them under memory
pressure. All other calls to 'OCSP_cert_to_id' in the codebase
(e.g., add_ocsp_cert, add_ocsp_serial) properly check for NULL,
making this instance a clear omission.

Correct explained:
Added a NULL check after calling OCSP_cert_to_id() when creating
'ca_id' inside the issuer lookup loop. If the allocation fails, the
function now safely returns an internal error response instead of
risking a crash. This change aligns the code with existing
error-handling patterns in the same file and improves robustness
against resource exhaustion attacks.

Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com>

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Thu Jan  8 09:01:09 2026
(Merged from https://github.com/openssl/openssl/pull/29033)
 2026-01-08 10:01:00 +01:00
Dr. David von Oheimb
d57a13c6c4 apps/cmp.c: fix handling of passwords when loading pubkey from possibyl password-protected container 
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Norbert Pocs <norbertp@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/28477)
 2026-01-07 12:56:15 +01:00
Dr. David von Oheimb
62af159ea5 apps/cmp.c: refactor load_key_pwd() and load_cert_pwd() params for clarity w.r.t. password source vs. actual password 
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Norbert Pocs <norbertp@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/28477)
 2026-01-07 12:56:15 +01:00
Dr. David von Oheimb
2f949642a1 apps/lib/apps.c: fix load_certs_multifile() and load_certstore() w.r.t. password source vs. actual password 
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Norbert Pocs <norbertp@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/28477)
 2026-01-07 12:56:15 +01:00
Dr. David von Oheimb
48d4c8fb8b apps/lib/apps.c load_key_certs_crls() refactor uidata use and tweak error message 
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Norbert Pocs <norbertp@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/28477)
 2026-01-07 12:56:15 +01:00
Dr. David von Oheimb
7123614134 apps.c: fix next_item() to correctly handle space(s) before comma separators 
* Modified the parsing logic to handle space-followed-by-comma patterns
* Updated the separator skipping logic to process at most one comma while allowing multiple spaces
* Added a test case with a mixed DNS and IP SAN entry that includes the problematic spacing pattern

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Norbert Pocs <norbertp@openssl.org>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28471)
 2026-01-06 21:02:20 +01:00
Bernd Edlinger
c0a7890b62 Fix a memory leak in sctp code 
There is a memory leak of the addrinfo struct when
`./openssl s_server -dtls -sctp -accept 127.0.0.1:4433`
is used, but `sysctl -w net.sctp.auth_enable=1`
is not done before.
Additionally this fixes an oversight, when
`./openssl s_client -dtls -sctp -connect localhost:4433`
is used to connect to above server.
The first connect attempt is to IPv6 ::1, which might fail,
but the second attempt might still succeed, so continue to
try all addesses even when the SCTP socket fails for one of them.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29541)
 2026-01-06 07:56:14 -05:00
Frederik Wedel-Heinen
9ada832a81 Fix typo in hex_prin() and make it static 
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/29493)
 2025-12-31 12:26:20 +01:00
Andrew Dinh
6821363f28 Add no-ssl3 back as a no-op 
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29338)
 2025-12-23 10:54:08 -05:00
Kurt Roeckx
60c15b2aff Remove support for SSLv3 
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29338)
 2025-12-23 10:54:06 -05:00
Bob Beck
f18816261e Constify the return value of X509_get0_pubkey_bitstr() 
Part of #28654
Fixes: https://github.com/openssl/project/issues/1772

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29434)
 2025-12-23 08:06:00 -05:00
Sashan
994413f995 Update NEWS.md 
Co-authored-by: Matt Caswell <matt@openssl.org>

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29385)
 2025-12-19 12:06:38 -05:00
Alexandr Nedvedicky
31659fe326 Introduce OPENSSL_ATEXIT_CLEANUP env. variable. 
libcrypto does not arm OPENSSL_cleanup() function as atexit(3) handler by default.
If application/user wants libcrypto to install OPENSSL_cleanup() as atexit handler,
then OPENSSL_ATEXIT_CLEANUP env. variable must be set.

If platform's libc does not provide atexit(3), then OPENSSL_ATEXIT_CLEANUP has no effect.

The OPENSSL_atexit() is wrapper of atexit(3) provided by libc now.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29385)
 2025-12-19 12:01:59 -05:00
Norbert Pocs
43033e129b Remove the c_rehash script 
The `openssl rehash` should be used instead.

Signed-off-by: Norbert Pocs <norbertp@openssl.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29427)
 2025-12-19 16:10:24 +01:00
Bob Beck
4036f4b0e3 Add new public API for checking certificate times. 
Fixes: #1631

This changes the previously internal ossl_x509_check_certificate_times()
to be the public X509_check_certificate_times(). It adds documentation
for the new function and marks X509_cmp_time, X509_cmp_timeframe,
and X509_cmp_current_time as deprecated in 4.0, as discussed in #1631.

Since the function is now public, we can replace the remaining
uses of deprecated stuff with this function.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29152)
 2025-12-18 13:34:58 -05:00
Dr. David von Oheimb
c8073cac15 apps/x509.c: factor out add_object() for handling -addtrust and -addreject options 
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/28371)
 2025-12-18 17:28:53 +01:00
Matt Caswell
f3f70e170f Remove custom EVP_PKEY_METHODs 
We retain custom EVP_PKEY_ASN1_METHODs for now - to be removed in some
subsequent PR.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/29384)
 2025-12-18 10:57:38 +00:00
Richard Levitte
92d1ea3bf2 Missed a spot! 
For some reason, source reformatting didn't catch everything.

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29383)
 2025-12-17 10:19:43 -05:00
Tomas Mraz
495cf0efe6 apps/req.c: Always set permissions for private key output 
The key output will be always private.

Reported with a proposed fix by Stanislav Fort (Aisle Research).

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/29397)
 2025-12-17 13:47:29 +01:00
Viktor Dukhovni
473dff4781 New -encopt option for pkey(1) and genpkey(1) 
This allows setting the ML-KEM and ML-DSA output formats.
At the same fixing surprising lack of password encryption
of PKCS#8 private keys in DER output form in the CLI apps.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29324)
 2025-12-17 13:40:17 +01:00
Dr. David von Oheimb
e7d5206e89 apps/cmp.c: add -ta_in_ip_extracerts permitting non-authenticated trust anchors in IP extracerts according to 3GPP TS 33.310 
Fixes #27888

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28015)
 2025-12-11 12:28:50 +01:00
Dmitry Belyavskiy
d328874645 Document skey decoder 
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Simo Sorce <simo@redhat.com>
(Merged from https://github.com/openssl/openssl/pull/28278)
 2025-12-10 12:20:44 -05:00
Dmitry Belyavskiy
1b0f21f055 Implementing store support for EVP_SKEY 
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Simo Sorce <simo@redhat.com>
(Merged from https://github.com/openssl/openssl/pull/28278)
 2025-12-10 12:20:44 -05:00
Bob Beck
2fab90bb5e 4.0-POST-CLANG-FORMAT-WEBKIT 
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29242)
 2025-12-09 00:28:19 -07:00
Norbert Pocs
4e96426a8d apps: Remove opt_legacy_okay function 
The function used to check for ENGINEs to determine if a legacy code
path is available, but it makes no sense to keep it after the ENGINE
removal, as the legacy path will always fail.

Signed-off-by: Norbert Pocs <norbertp@openssl.org>

Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29305)
 2025-12-04 07:32:18 -05:00
Milan Broz
bf24dd887c Remove engine.h includes for internal code. 
This should no be used anywhere, as typedef for ENGINE is in types.h.

Only apps should include this header for compatibility stubs.

Signed-off-by: Milan Broz <gmazyland@gmail.com>

Reviewed-by: Norbert Pocs <norbertp@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29305)
 2025-12-04 07:32:18 -05:00
Norbert Pocs
9425238145 apps/: Remove "-keyform engine" 
Resolves: https://github.com/openssl/project/issues/1354

Signed-off-by: Norbert Pocs <norbertp@openssl.org>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29305)
 2025-12-04 07:31:06 -05:00
Norbert Pocs
26b1723ed4 apps/: Remove engines 
Signed-off-by: Norbert Pocs <norbertp@openssl.org>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29305)
 2025-12-04 07:31:05 -05:00
Milan Broz
4bd0612a2a Remove openssl engine command 
This patch removes apps/engine.c and associated man pages.

Resolves: https://github.com/openssl/project/issues/1370

Signed-off-by: Milan Broz <gmazyland@gmail.com>

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Norbert Pocs <norbertp@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29305)
 2025-12-04 07:31:05 -05:00
Beat Bolli
8ca421f881 Change hexdump width to a multiple of 8 bytes 
10, 15 and 18 seem quite unnatural byte counts in the context of hex
dumps. Standardize on 24 bytes for signatures (to stay within the 80
characters limit) and 16 bytes for everything else.

Adjust all test cert dumps to match the new output format.

Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29266)
 2025-12-03 17:45:15 +01:00
Dr. David von Oheimb
3aea6c37f6 APPS/load_key_certs_crls(): prevent mem leaks on error w.r.t. any leftover credentials 
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28005)
 2025-12-03 16:01:43 +01:00
Bob Beck
220350f337 Fix apps/progs.pl to be slightly less fragile 
In particular fix the regex magic to be tolerant of different ways
of formatting a main program.

My past life had forgotten this magic 14 years ago when we converted
it to just a table of commands in the forks.

https://www.youtube.com/watch?v=mWbbjvYmN8A

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29241)
 2025-12-03 14:40:56 +01:00
snowdroppe
679a10110e fix(x509.c): Fixed regression of openssl x509 -checkend return values 
Fixes #28928

Also adds functionality to -checkend to account for -multi behaviour.
Man page and unit tests updated accordingly.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29155)
 2025-12-01 11:46:49 +01:00
Jiasheng Jiang
ae4d37e3fb apps/lib/log.c: Add check for BIO_new() 
Add check for the return value of BIO_new() to avoid potential NULL pointer dereference.

Fixes: 8a2ec00d7f ("apps/lib/http_server.{c,h}: clean up logging and move it to log.{c,h}")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>

Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27918)
 2025-12-01 11:30:00 +01:00
martin
c5c8b44f0f Fixed non-compliant handling of missing stapled OCSP responses 
If the OCSP response was not present for a certificate the server
created a non-conforming empty CertificateStatus extension
instead of not sending the extension at all.

Fixes #28902

Fixes b1b4b154

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28955)
 2025-11-28 15:43:54 +01:00
Caolán McNamara
d5af86a80b const up various low hanging things 
to move these symbols out of the .data section

remaining list approx-sorted by size with:
objdump -t libcrypto.so libssl.so | grep -v \\.data.rel.ro | grep \\.data | sort -r -k 4

Reviewed-by: Norbert Pocs <norbertp@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28588)
 2025-11-28 09:36:45 +01:00
Joshua Rogers
cb95203379 apps/s_time: enable peer verification when -verify is used 
s_time loaded CA material but never turned verification on, so
-verify only changed the depth while handshakes skipped verification.

Signed-off-by: Joshua Rogers <MegaManSec@users.noreply.github.com>

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28857)
 2025-11-19 18:51:48 +01:00
Anton Moryakov
34d3d2e308 dsaparam.c: Check return value of PEM_write_bio_PrivateKey() 
The result of PEM_write_bio_PrivateKey was not checked, which could lead
to silent failure when writing a generated DSA private key to output.

Now verify the return value and report an error if the write fails,
matching the error handling pattern used for other write operations.

Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com>

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Norbert Pocs <norbertp@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29075)
 2025-11-19 15:55:46 +01:00
Dr. David von Oheimb
d46fca3263 CMP doc: update RFC 4210 -> 9810, RFC 6712 -> 9811 
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Alicja Kario <hkario@redhat.com>
(Merged from https://github.com/openssl/openssl/pull/28017)
 2025-11-19 14:31:42 +01:00
Soumik Sarker
de89ca9347 apps/enc.c: Moved -pass, -k, -kfile to encryption options 
Signed-off-by: Soumik Sarker <ronodhirsoumik@gmail.com>

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29110)
 2025-11-18 19:31:43 +01:00
Joshua Rogers
3005b9bc86 apps/s_socket: fix FD and addrinfo leak on SCTP failure in init_client 
If BIO_new_dgram_sctp(*sock, BIO_NOCLOSE) fails we returned 0 directly,
skipping the out: cleanup and leaking the just created socket plus the
addrinfo lists.

Signed-off-by: Joshua Rogers <MegaManSec@users.noreply.github.com>

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/28917)
 2025-11-18 17:59:50 +01:00
Norbert Pocs
abfb3cc4f1 apps: Make genpkey verbose when verbose option is set 
Signed-off-by: Norbert Pocs <norbertp@openssl.org>

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/28887)
 2025-10-30 08:47:50 +11:00
Joshua Rogers
cf44eb7ae4 Remove more dead code 
Signed-off-by: Joshua Rogers <MegaManSec@users.noreply.github.com>

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/28914)
 2025-10-27 10:26:20 -04:00
Joshua Rogers
095aab1dc2 Remove dead RENEG code 
Signed-off-by: Joshua Rogers <MegaManSec@users.noreply.github.com>

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/28914)
 2025-10-27 10:26:20 -04:00