[openssl/tools] f8f26f: HOWTO-make-a-release.md: Add section on adding new...
Branch: refs/heads/master Home: https://github.com/openssl/tools Commit: f8f26f9e86a9f1bf9468663c93ecae577825704e https://github.com/openssl/tools/commit/f8f26f9e86a9f1bf9468663c93ecae577825704e Author: Pauli Date: 2024-06-06 (Thu, 06 Jun 2024) Changed paths: M HOWTO-make-a-release.md Log Message: --- HOWTO-make-a-release.md: Add section on adding new releases to the provider compat CI Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/tools/pull/125) To unsubscribe from these emails, change your notification settings at https://github.com/openssl/tools/settings/notifications
[openssl/openssl] 7725e7: x509: fix double locking problem
Branch: refs/heads/openssl-3.0 Home: https://github.com/openssl/openssl Commit: 7725e7bfe6f2ce8146b6552b44e0d226be7638e7 https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7 Author: Pauli Date: 2022-12-08 (Thu, 08 Dec 2022) Changed paths: M crypto/x509/pcy_map.c Log Message: --- x509: fix double locking problem This reverts commit 9aa4be691f5c73eb3c68606d824c104550c053f7 and removed the redundant flag setting. Fixes #19643 Fixes LOW CVE-2022-3996 Reviewed-by: Dmitry Belyavskiy Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19652) (cherry picked from commit 4d0340a6d2f327700a059f0b8f954d6160f8eef5) Commit: 6fbbb53477a13508f7b2be5ab63e5a6c70ed4778 https://github.com/openssl/openssl/commit/6fbbb53477a13508f7b2be5ab63e5a6c70ed4778 Author: Pauli Date: 2022-12-08 (Thu, 08 Dec 2022) Changed paths: A test/certs/pkitsta.pem M test/recipes/80-test_cms.t A test/smime-eml/SignedInvalidMappingFromanyPolicyTest7.eml Log Message: --- test: add test case for deadlock reported in #19643 Reviewed-by: Dmitry Belyavskiy Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19652) (cherry picked from commit 61203c2c59df5d0022e316a4fe614e5d18907715) Compare: https://github.com/openssl/openssl/compare/9a5c884999a5...6fbbb53477a1
[openssl/openssl] 1adc6d: x509: fix double locking problem
Branch: refs/heads/openssl-3.1 Home: https://github.com/openssl/openssl Commit: 1adc6dbdb8fd48bf1290e7e405af14dabffc04e8 https://github.com/openssl/openssl/commit/1adc6dbdb8fd48bf1290e7e405af14dabffc04e8 Author: Pauli Date: 2022-12-08 (Thu, 08 Dec 2022) Changed paths: M crypto/x509/pcy_map.c Log Message: --- x509: fix double locking problem This reverts commit 9aa4be691f5c73eb3c68606d824c104550c053f7 and removed the redundant flag setting. Fixes #19643 Fixes LOW CVE-2022-3996 Reviewed-by: Dmitry Belyavskiy Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19652) (cherry picked from commit 4d0340a6d2f327700a059f0b8f954d6160f8eef5) Commit: d2cdcb663e646b372564485214fae1a878e292f4 https://github.com/openssl/openssl/commit/d2cdcb663e646b372564485214fae1a878e292f4 Author: Pauli Date: 2022-12-08 (Thu, 08 Dec 2022) Changed paths: A test/certs/pkitsta.pem M test/recipes/80-test_cms.t A test/smime-eml/SignedInvalidMappingFromanyPolicyTest7.eml Log Message: --- test: add test case for deadlock reported in #19643 Reviewed-by: Dmitry Belyavskiy Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19652) (cherry picked from commit 61203c2c59df5d0022e316a4fe614e5d18907715) Compare: https://github.com/openssl/openssl/compare/31240c1a53af...d2cdcb663e64
[openssl/openssl] 4d0340: x509: fix double locking problem
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 4d0340a6d2f327700a059f0b8f954d6160f8eef5 https://github.com/openssl/openssl/commit/4d0340a6d2f327700a059f0b8f954d6160f8eef5 Author: Pauli Date: 2022-12-08 (Thu, 08 Dec 2022) Changed paths: M crypto/x509/pcy_map.c Log Message: --- x509: fix double locking problem This reverts commit 9aa4be691f5c73eb3c68606d824c104550c053f7 and removed the redundant flag setting. Fixes #19643 Fixes LOW CVE-2022-3996 Reviewed-by: Dmitry Belyavskiy Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19652) Commit: 61203c2c59df5d0022e316a4fe614e5d18907715 https://github.com/openssl/openssl/commit/61203c2c59df5d0022e316a4fe614e5d18907715 Author: Pauli Date: 2022-12-08 (Thu, 08 Dec 2022) Changed paths: A test/certs/pkitsta.pem M test/recipes/80-test_cms.t A test/smime-eml/SignedInvalidMappingFromanyPolicyTest7.eml Log Message: --- test: add test case for deadlock reported in #19643 Reviewed-by: Dmitry Belyavskiy Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19652) Compare: https://github.com/openssl/openssl/compare/6c73ca4a2f4e...61203c2c59df
[openssl/openssl] 9ba4f4: evp_test: fix rebase mistake with no_gost
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 9ba4f489ecd30901603d66a8ec578cbca08fac06 https://github.com/openssl/openssl/commit/9ba4f489ecd30901603d66a8ec578cbca08fac06 Author: Pauli Date: 2022-11-30 (Wed, 30 Nov 2022) Changed paths: M test/recipes/30-test_evp.t Log Message: --- evp_test: fix rebase mistake with no_gost Reviewed-by: Richard Levitte Reviewed-by: Hugo Landau (Merged from https://github.com/openssl/openssl/pull/19785)
[openssl/openssl] 059123: doc: fix location of AES-SIV ciphers
Branch: refs/heads/openssl-3.1 Home: https://github.com/openssl/openssl Commit: 059123bed8fa4e6d5af2d30063ebffeb0020ee85 https://github.com/openssl/openssl/commit/059123bed8fa4e6d5af2d30063ebffeb0020ee85 Author: Pauli Date: 2022-11-30 (Wed, 30 Nov 2022) Changed paths: M doc/man7/EVP_CIPHER-AES.pod Log Message: --- doc: fix location of AES-SIV ciphers Reviewed-by: Hugo Landau Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/19776) (cherry picked from commit d1aa7d11363ebb0dff080966f842fade91135eaa)
[openssl/openssl] d1aa7d: doc: fix location of AES-SIV ciphers
Branch: refs/heads/openssl-3.0 Home: https://github.com/openssl/openssl Commit: d1aa7d11363ebb0dff080966f842fade91135eaa https://github.com/openssl/openssl/commit/d1aa7d11363ebb0dff080966f842fade91135eaa Author: Pauli Date: 2022-11-30 (Wed, 30 Nov 2022) Changed paths: M doc/man7/EVP_CIPHER-AES.pod Log Message: --- doc: fix location of AES-SIV ciphers Reviewed-by: Hugo Landau Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/19776)
[openssl/openssl] edaab8: aes: add AES-GCM-SIV modes to the FIPS provider
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: edaab86dc001603741f5b5e406afc1cc3a1c4e6e https://github.com/openssl/openssl/commit/edaab86dc001603741f5b5e406afc1cc3a1c4e6e Author: Pauli Date: 2022-11-30 (Wed, 30 Nov 2022) Changed paths: M doc/man7/EVP_CIPHER-AES.pod M providers/fips/fipsprov.c M providers/implementations/ciphers/build.info M test/recipes/30-test_evp.t M test/recipes/30-test_evp_data/evpciph_aes_gcm_siv.txt Log Message: --- aes: add AES-GCM-SIV modes to the FIPS provider Reviewed-by: Hugo Landau Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/19777) Commit: abff8bd842b802c09b981b7552bd92ef1d0ced64 https://github.com/openssl/openssl/commit/abff8bd842b802c09b981b7552bd92ef1d0ced64 Author: Pauli Date: 2022-11-30 (Wed, 30 Nov 2022) Changed paths: M doc/man7/EVP_CIPHER-AES.pod M test/recipes/30-test_evp_data/evpmac_common.txt Log Message: --- Update fips version check to be more robust Reviewed-by: Hugo Landau Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/19777) Commit: 4a7231df5ca9f3d8759dc8c22cb8e9f27b312024 https://github.com/openssl/openssl/commit/4a7231df5ca9f3d8759dc8c22cb8e9f27b312024 Author: Pauli Date: 2022-11-30 (Wed, 30 Nov 2022) Changed paths: M doc/man7/OSSL_PROVIDER-FIPS.pod Log Message: --- fips prov: remove 3DES from list of inclusions Reviewed-by: Hugo Landau Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/19777) Compare: https://github.com/openssl/openssl/compare/e44b34185268...4a7231df5ca9
[openssl/openssl] c5ca71: uint_set: convert uint_set to use the list data type
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: c5ca718003e69ea0ef98392ce0abd4b6bfedeac8 https://github.com/openssl/openssl/commit/c5ca718003e69ea0ef98392ce0abd4b6bfedeac8 Author: Pauli Date: 2022-11-16 (Wed, 16 Nov 2022) Changed paths: M include/internal/uint_set.h M ssl/quic/quic_ackm.c M ssl/quic/quic_sstream.c M ssl/quic/uint_set.c Log Message: --- uint_set: convert uint_set to use the list data type This is instead of re-implementing a linked list itself. Reviewed-by: Tim Hudson Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/19377) Commit: e32fc5ad0ea1a2d69f12d9208f2de489f7ee9737 https://github.com/openssl/openssl/commit/e32fc5ad0ea1a2d69f12d9208f2de489f7ee9737 Author: Pauli Date: 2022-11-16 (Wed, 16 Nov 2022) Changed paths: M ssl/quic/quic_record_tx.c Log Message: --- QUIC tx record layer: use list.h As opposed to implementing a linked list explicitly. Reviewed-by: Tim Hudson Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/19377) Commit: dead13551c6661d34af3e5ddf1bc53c9efdb5647 https://github.com/openssl/openssl/commit/dead13551c6661d34af3e5ddf1bc53c9efdb5647 Author: Pauli Date: 2022-11-16 (Wed, 16 Nov 2022) Changed paths: M include/internal/quic_ackm.h M ssl/quic/quic_ackm.c M ssl/quic/quic_fifd.c Log Message: --- QUIC ackm: use list.h Instead of implementing a list internally. Reviewed-by: Tim Hudson Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/19377) Commit: 3fb172ef0a635c2e705d3d1cb58624cfc6afd502 https://github.com/openssl/openssl/commit/3fb172ef0a635c2e705d3d1cb58624cfc6afd502 Author: Pauli Date: 2022-11-16 (Wed, 16 Nov 2022) Changed paths: M include/internal/quic_demux.h M ssl/quic/quic_demux.c M ssl/quic/quic_record_rx.c Log Message: --- QUIC: use list.h The demux and record RX implemented lists internally. This changes them over to using list.h. Reviewed-by: Tim Hudson Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/19377) Commit: ccdcb08d05725673a3c416f221905fb362dcf1a6 https://github.com/openssl/openssl/commit/ccdcb08d05725673a3c416f221905fb362dcf1a6 Author: Pauli Date: 2022-11-16 (Wed, 16 Nov 2022) Changed paths: M include/internal/list.h Log Message: --- list: rename internal fields This makes conversion to using list.h easier because the compiler will error on an unknown field name rather than accepting `head` and `tail` and missing some changes. Reviewed-by: Tim Hudson Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/19377) Commit: b6f1b059eefb493d02913e9b32bd267d9017ee73 https://github.com/openssl/openssl/commit/b6f1b059eefb493d02913e9b32bd267d9017ee73 Author: Pauli Date: 2022-11-16 (Wed, 16 Nov 2022) Changed paths: M doc/internal/man3/DEFINE_LIST_OF.pod M include/internal/list.h M test/list_test.c Log Message: --- list: add an is empty function Reviewed-by: Tim Hudson Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/19377) Commit: 30773411264dca0a791a068759ec625bd0d4f34b https://github.com/openssl/openssl/commit/30773411264dca0a791a068759ec625bd0d4f34b Author: Pauli Date: 2022-11-16 (Wed, 16 Nov 2022) Changed paths: M include/internal/list.h M test/list_test.c Log Message: --- list: add debug sanity checks Reviewed-by: Tim Hudson Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/19377) Commit: 96796ab9baedee8b7de8d9ffc9e19dc0d8f8327a https://github.com/openssl/openssl/commit/96796ab9baedee8b7de8d9ffc9e19dc0d8f8327a Author: Pauli Date: 2022-11-16 (Wed, 16 Nov 2022) Changed paths: M doc/internal/man3/DEFINE_LIST_OF.pod Log Message: --- Fix documenation mistakes Reviewed-by: Tim Hudson Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/19377) Compare: https://github.com/openssl/openssl/compare/ec7689186f3e...96796ab9baed
[openssl/openssl] 6953cd: test: add two comparision options to fips version ...
Branch: refs/heads/openssl-3.1 Home: https://github.com/openssl/openssl Commit: 6953cda1edfd80c8d49269ce13314fbaff0d4532 https://github.com/openssl/openssl/commit/6953cda1edfd80c8d49269ce13314fbaff0d4532 Author: Pauli Date: 2022-11-15 (Tue, 15 Nov 2022) Changed paths: M test/testutil.h M test/testutil/provider.c Log Message: --- test: add two comparision options to fips version test utility code Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19666) (cherry picked from commit fe84acc22757e77d48fb6ccc31abe4c72264c877) Commit: 176836fce910d499ff5d494bb61d3efafa820dc5 https://github.com/openssl/openssl/commit/176836fce910d499ff5d494bb61d3efafa820dc5 Author: Pauli Date: 2022-11-15 (Tue, 15 Nov 2022) Changed paths: M test/recipes/03-test_fipsinstall.t Log Message: --- test: fix typo in test description Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19666) (cherry picked from commit cc910f1b316a6ea3d4df57e719adda1922393f8f) Compare: https://github.com/openssl/openssl/compare/08715aaa249f...176836fce910
[openssl/openssl] fe84ac: test: add two comparision options to fips version ...
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: fe84acc22757e77d48fb6ccc31abe4c72264c877 https://github.com/openssl/openssl/commit/fe84acc22757e77d48fb6ccc31abe4c72264c877 Author: Pauli Date: 2022-11-15 (Tue, 15 Nov 2022) Changed paths: M test/testutil.h M test/testutil/provider.c Log Message: --- test: add two comparision options to fips version test utility code Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19666) Commit: cc910f1b316a6ea3d4df57e719adda1922393f8f https://github.com/openssl/openssl/commit/cc910f1b316a6ea3d4df57e719adda1922393f8f Author: Pauli Date: 2022-11-15 (Tue, 15 Nov 2022) Changed paths: M test/recipes/03-test_fipsinstall.t Log Message: --- test: fix typo in test description Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19666) Compare: https://github.com/openssl/openssl/compare/e5202fbd461c...cc910f1b316a
[openssl/openssl] 00cd06: test: add two comparision options to fips version ...
Branch: refs/heads/openssl-3.0 Home: https://github.com/openssl/openssl Commit: 00cd0627252a3159cde4818d4763103af19dad82 https://github.com/openssl/openssl/commit/00cd0627252a3159cde4818d4763103af19dad82 Author: Pauli Date: 2022-11-15 (Tue, 15 Nov 2022) Changed paths: M test/testutil.h M test/testutil/provider.c Log Message: --- test: add two comparision options to fips version test utility code Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/19665) Commit: c3e8128befa7b4d8463d13d35eafdaf950531c43 https://github.com/openssl/openssl/commit/c3e8128befa7b4d8463d13d35eafdaf950531c43 Author: Pauli Date: 2022-11-15 (Tue, 15 Nov 2022) Changed paths: M test/recipes/03-test_fipsinstall.t Log Message: --- fipsinstall test: skip PCT DSA signature test for new providers Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/19665) Compare: https://github.com/openssl/openssl/compare/bb0190e8a4d4...c3e8128befa7
[openssl/openssl] 709c04: punycode: update to use WPACKET instead of using c...
Branch: refs/heads/openssl-3.1 Home: https://github.com/openssl/openssl Commit: 709c04b5dd6a24f88459d9e214e85e396b2471fd https://github.com/openssl/openssl/commit/709c04b5dd6a24f88459d9e214e85e396b2471fd Author: Pauli Date: 2022-11-11 (Fri, 11 Nov 2022) Changed paths: M crypto/punycode.c M crypto/x509/v3_ncons.c M doc/internal/man3/ossl_punycode_decode.pod M include/crypto/punycode.h M test/punycode_test.c Log Message: --- punycode: update to use WPACKET instead of using custom range checking Add test for `.' overflows, remove the output size argument from ossl_a2ulabel() since it was never used and greatly complicated the code. Convert ossl_a2ulabel() to use WPACKET for building the output string. Update the documentation to match the new definition of ossl_a2ulabel(). x509: let punycode handle the '\0' string termination. Saves a memset(3) and some size fiddling. Also update to deal with the modified parameters. Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/19591) (cherry picked from commit 905ba924398f474e647de70345b4ae4089fedba7) Commit: f01ebab0c0ef26677ab6d885922ca1a1b24494fc https://github.com/openssl/openssl/commit/f01ebab0c0ef26677ab6d885922ca1a1b24494fc Author: Pauli Date: 2022-11-11 (Fri, 11 Nov 2022) Changed paths: M fuzz/build.info A fuzz/corpora/punycode/ A fuzz/corpora/punycode/0001 M fuzz/fuzzer.h A fuzz/punycode.c M include/crypto/punycode.h Log Message: --- fuzz: add punycode decoder fuzz test Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/19591) (cherry picked from commit 8aa82b337081b7a22c35dddad8d62fb1ca9ea884) Compare: https://github.com/openssl/openssl/compare/7abe06cbb52c...f01ebab0c0ef
[openssl/openssl] 905ba9: punycode: update to use WPACKET instead of using c...
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 905ba924398f474e647de70345b4ae4089fedba7 https://github.com/openssl/openssl/commit/905ba924398f474e647de70345b4ae4089fedba7 Author: Pauli Date: 2022-11-11 (Fri, 11 Nov 2022) Changed paths: M crypto/punycode.c M crypto/x509/v3_ncons.c M doc/internal/man3/ossl_punycode_decode.pod M include/crypto/punycode.h M test/punycode_test.c Log Message: --- punycode: update to use WPACKET instead of using custom range checking Add test for `.' overflows, remove the output size argument from ossl_a2ulabel() since it was never used and greatly complicated the code. Convert ossl_a2ulabel() to use WPACKET for building the output string. Update the documentation to match the new definition of ossl_a2ulabel(). x509: let punycode handle the '\0' string termination. Saves a memset(3) and some size fiddling. Also update to deal with the modified parameters. Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/19591) Commit: 8aa82b337081b7a22c35dddad8d62fb1ca9ea884 https://github.com/openssl/openssl/commit/8aa82b337081b7a22c35dddad8d62fb1ca9ea884 Author: Pauli Date: 2022-11-11 (Fri, 11 Nov 2022) Changed paths: M fuzz/build.info A fuzz/corpora/punycode/ A fuzz/corpora/punycode/0001 M fuzz/fuzzer.h A fuzz/punycode.c M include/crypto/punycode.h Log Message: --- fuzz: add punycode decoder fuzz test Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/19591) Compare: https://github.com/openssl/openssl/compare/373d90128042...8aa82b337081
[openssl/openssl] d65b52: Put 3DES back into the FIPS provider as a non-appr...
Branch: refs/heads/openssl-3.1 Home: https://github.com/openssl/openssl Commit: d65b52ab5751c0c041d0acff2f09e1c30de16daa https://github.com/openssl/openssl/commit/d65b52ab5751c0c041d0acff2f09e1c30de16daa Author: Pauli Date: 2022-11-10 (Thu, 10 Nov 2022) Changed paths: M providers/fips/fipsprov.c Log Message: --- Put 3DES back into the FIPS provider as a non-approved algorithm This reverts commit fc0bb3411bd0c6ca264f610303933d0bf4f4682c and changes how 3DES is advertised. Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19631) (cherry picked from commit a0ea8ac134e8f503876f19bdc04da69e8862f3a7) Commit: d0afc4ecc004d4d7c7555947ec3307d6af5501f9 https://github.com/openssl/openssl/commit/d0afc4ecc004d4d7c7555947ec3307d6af5501f9 Author: Pauli Date: 2022-11-10 (Thu, 10 Nov 2022) Changed paths: M test/recipes/30-test_evp.t Log Message: --- Revert "Move DES based test cases out of FIPS territory" This reverts commit c511953a0828e126b80a9ea8cee12d001d685ba8. Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19631) (cherry picked from commit c69cf38ec4b592a488f0c8d3042ecc345787ffc9) Commit: a7fb08256d0fbd881f828aa865e6450fdaa9d2b9 https://github.com/openssl/openssl/commit/a7fb08256d0fbd881f828aa865e6450fdaa9d2b9 Author: Pauli Date: 2022-11-10 (Thu, 10 Nov 2022) Changed paths: M test/evp_libctx_test.c Log Message: --- Revert "Remove conditional FIPS dependence for 3DES" This reverts commit 464c1011b02936850fc779739013dba52650840a. Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19631) (cherry picked from commit ccc860a77e542bee24f64e44f7bcea5706068866) Commit: 78a4827dad6db9d45b37dde409ea5d6f3f3deeac https://github.com/openssl/openssl/commit/78a4827dad6db9d45b37dde409ea5d6f3f3deeac Author: Pauli Date: 2022-11-10 (Thu, 10 Nov 2022) Changed paths: M test/recipes/80-test_cms.t Log Message: --- Revert "Skip DES based tests in FIPS mode" This reverts commit 5db2b4a292b4576185287a9e01e4ba4098b4aa66. Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19631) (cherry picked from commit 75fcf1062817421d8c5850ad0d52a913a2e6499a) Compare: https://github.com/openssl/openssl/compare/13d3be4a37fc...78a4827dad6d
[openssl/openssl] a0ea8a: Put 3DES back into the FIPS provider as a non-appr...
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: a0ea8ac134e8f503876f19bdc04da69e8862f3a7 https://github.com/openssl/openssl/commit/a0ea8ac134e8f503876f19bdc04da69e8862f3a7 Author: Pauli Date: 2022-11-10 (Thu, 10 Nov 2022) Changed paths: M providers/fips/fipsprov.c Log Message: --- Put 3DES back into the FIPS provider as a non-approved algorithm This reverts commit fc0bb3411bd0c6ca264f610303933d0bf4f4682c and changes how 3DES is advertised. Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19631) Commit: c69cf38ec4b592a488f0c8d3042ecc345787ffc9 https://github.com/openssl/openssl/commit/c69cf38ec4b592a488f0c8d3042ecc345787ffc9 Author: Pauli Date: 2022-11-10 (Thu, 10 Nov 2022) Changed paths: M test/recipes/30-test_evp.t Log Message: --- Revert "Move DES based test cases out of FIPS territory" This reverts commit c511953a0828e126b80a9ea8cee12d001d685ba8. Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19631) Commit: ccc860a77e542bee24f64e44f7bcea5706068866 https://github.com/openssl/openssl/commit/ccc860a77e542bee24f64e44f7bcea5706068866 Author: Pauli Date: 2022-11-10 (Thu, 10 Nov 2022) Changed paths: M test/evp_libctx_test.c Log Message: --- Revert "Remove conditional FIPS dependence for 3DES" This reverts commit 464c1011b02936850fc779739013dba52650840a. Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19631) Commit: 75fcf1062817421d8c5850ad0d52a913a2e6499a https://github.com/openssl/openssl/commit/75fcf1062817421d8c5850ad0d52a913a2e6499a Author: Pauli Date: 2022-11-10 (Thu, 10 Nov 2022) Changed paths: M test/recipes/80-test_cms.t Log Message: --- Revert "Skip DES based tests in FIPS mode" This reverts commit 5db2b4a292b4576185287a9e01e4ba4098b4aa66. Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19631) Compare: https://github.com/openssl/openssl/compare/2a5c0d93cfe6...75fcf1062817
[openssl/openssl] 5c7a2f: Coverity 1516624: Fix overrun memory access.
Branch: refs/heads/openssl-3.1 Home: https://github.com/openssl/openssl Commit: 5c7a2fc2790114d984526d6ca665affe039490e2 https://github.com/openssl/openssl/commit/5c7a2fc2790114d984526d6ca665affe039490e2 Author: Pauli Date: 2022-11-03 (Thu, 03 Nov 2022) Changed paths: M test/punycode_test.c Log Message: --- Coverity 1516624: Fix overrun memory access. Not possible to hit but good to address. Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19576) (cherry picked from commit ce0a7cadadb973216399e70d3a69f352b0843deb)
[openssl/openssl] de45fe: Coverity 1516624: Fix overrun memory access.
Branch: refs/heads/openssl-3.0 Home: https://github.com/openssl/openssl Commit: de45fecf8aeab68cd137c7737973e00a9669897c https://github.com/openssl/openssl/commit/de45fecf8aeab68cd137c7737973e00a9669897c Author: Pauli Date: 2022-11-03 (Thu, 03 Nov 2022) Changed paths: M test/punycode_test.c Log Message: --- Coverity 1516624: Fix overrun memory access. Not possible to hit but good to address. Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19576) (cherry picked from commit ce0a7cadadb973216399e70d3a69f352b0843deb)
[openssl/openssl] ce0a7c: Coverity 1516624: Fix overrun memory access.
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: ce0a7cadadb973216399e70d3a69f352b0843deb https://github.com/openssl/openssl/commit/ce0a7cadadb973216399e70d3a69f352b0843deb Author: Pauli Date: 2022-11-03 (Thu, 03 Nov 2022) Changed paths: M test/punycode_test.c Log Message: --- Coverity 1516624: Fix overrun memory access. Not possible to hit but good to address. Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19576)
[openssl/openssl] 7c8187: rand: add set0 calls for the private and public DRBGs
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 7c8187d43d043c6a66559ed341ff1e01b8711093 https://github.com/openssl/openssl/commit/7c8187d43d043c6a66559ed341ff1e01b8711093 Author: Pauli Date: 2022-11-02 (Wed, 02 Nov 2022) Changed paths: M crypto/evp/evp_rand.c M crypto/rand/rand_lib.c M doc/man3/EVP_RAND.pod M doc/man3/RAND_get0_primary.pod M include/openssl/evp.h M include/openssl/rand.h M util/libcrypto.num Log Message: --- rand: add set0 calls for the private and public DRBGs The FIPS 140-3 DSA and ECDSA tests need to be known answer tests which means the entropy needs to be cooked. This permits this. Reviewed-by: Tomas Mraz Reviewed-by: Tim Hudson Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/19510) Commit: 5db2b4a292b4576185287a9e01e4ba4098b4aa66 https://github.com/openssl/openssl/commit/5db2b4a292b4576185287a9e01e4ba4098b4aa66 Author: Pauli Date: 2022-11-02 (Wed, 02 Nov 2022) Changed paths: M test/recipes/80-test_cms.t Log Message: --- Skip DES based tests in FIPS mode Reviewed-by: Tomas Mraz Reviewed-by: Tim Hudson Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/19510) Commit: c511953a0828e126b80a9ea8cee12d001d685ba8 https://github.com/openssl/openssl/commit/c511953a0828e126b80a9ea8cee12d001d685ba8 Author: Pauli Date: 2022-11-02 (Wed, 02 Nov 2022) Changed paths: M test/recipes/30-test_evp.t Log Message: --- Move DES based test cases out of FIPS territory Co-authored-by: Randall Steck Co-authored-by: Mark J. Minnoch Co-authored-by: Steve Weymann Reviewed-by: Tomas Mraz Reviewed-by: Tim Hudson Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/19510) Commit: 464c1011b02936850fc779739013dba52650840a https://github.com/openssl/openssl/commit/464c1011b02936850fc779739013dba52650840a Author: Pauli Date: 2022-11-02 (Wed, 02 Nov 2022) Changed paths: M test/evp_libctx_test.c Log Message: --- Remove conditional FIPS dependence for 3DES Reviewed-by: Tomas Mraz Reviewed-by: Tim Hudson Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/19510) Commit: 6e38ac39bbf2bc899485c5f710a2ced6238b1ea1 https://github.com/openssl/openssl/commit/6e38ac39bbf2bc899485c5f710a2ced6238b1ea1 Author: Pauli Date: 2022-11-02 (Wed, 02 Nov 2022) Changed paths: M test/recipes/03-test_fipsinstall.t Log Message: --- Update fipsinstall tests Co-authored-by: Randall Steck Co-authored-by: Mark J. Minnoch Co-authored-by: Steve Weymann Reviewed-by: Tomas Mraz Reviewed-by: Tim Hudson Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/19510) Commit: fc0bb3411bd0c6ca264f610303933d0bf4f4682c https://github.com/openssl/openssl/commit/fc0bb3411bd0c6ca264f610303933d0bf4f4682c Author: Pauli Date: 2022-11-02 (Wed, 02 Nov 2022) Changed paths: M providers/fips/fipsprov.c Log Message: --- Remove DES cipher from the FIPS provider Co-authored-by: Randall Steck Co-authored-by: Mark J. Minnoch Co-authored-by: Steve Weymann Reviewed-by: Tomas Mraz Reviewed-by: Tim Hudson Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/19510) Commit: 5b234be4c44f5b178bc69da3d610ae1b70441873 https://github.com/openssl/openssl/commit/5b234be4c44f5b178bc69da3d610ae1b70441873 Author: Pauli Date: 2022-11-02 (Wed, 02 Nov 2022) Changed paths: M crypto/dsa/dsa_key.c M crypto/ec/ec_key.c Log Message: --- dsa/ec: update pairwise tests to account for 140-3 IG 10.3.A additiocal comment 1 This mandates following SP 800-56A which, in 5.6.2.4, mandates a comparision against a newly calculated public key. Co-authored-by: Randall Steck Co-authored-by: Mark J. Minnoch Co-authored-by: Steve Weymann Reviewed-by: Tomas Mraz Reviewed-by: Tim Hudson Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/19510) Commit: a11064c83b58f9e1b3741704a11cfec2d91aac0e https://github.com/openssl/openssl/commit/a11064c83b58f9e1b3741704a11cfec2d91aac0e Author: Pauli Date: 2022-11-02 (Wed, 02 Nov 2022) Changed paths: M include/openssl/self_test.h M providers/fips/self_test.c M providers/fips/self_test_data.inc M providers/fips/self_test_kats.c Log Message: --- Update FIPS KATs for 140-3 Co-authored-by: Randall Steck Co-authored-by: Mark J. Minnoch Co-authored-by: Steve Weymann Reviewed-by: Tomas Mraz Reviewed-by: Tim Hudson Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/19510) Commit: 7057dddbcb5e053470121adeff0b6595fa6da0d8 https://github.com/openssl/openssl/commit/7057dddbcb5e053470121adeff0b6595fa6da0d8 Author: Pauli Date
[openssl/openssl] e30aad: rand: add set0 calls for the private and public DRBGs
Branch: refs/heads/openssl-3.1 Home: https://github.com/openssl/openssl Commit: e30aad54159aeef15b6386d67d4724242d828d12 https://github.com/openssl/openssl/commit/e30aad54159aeef15b6386d67d4724242d828d12 Author: Pauli Date: 2022-11-02 (Wed, 02 Nov 2022) Changed paths: M crypto/evp/evp_rand.c M crypto/rand/rand_lib.c M doc/man3/EVP_RAND.pod M doc/man3/RAND_get0_primary.pod M include/openssl/evp.h M include/openssl/rand.h M util/libcrypto.num Log Message: --- rand: add set0 calls for the private and public DRBGs The FIPS 140-3 DSA and ECDSA tests need to be known answer tests which means the entropy needs to be cooked. This permits this. Reviewed-by: Tomas Mraz Reviewed-by: Tim Hudson Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/19486) Commit: 3e218fd7bedaeafdb8ff25d8414aa7d70b09c124 https://github.com/openssl/openssl/commit/3e218fd7bedaeafdb8ff25d8414aa7d70b09c124 Author: Pauli Date: 2022-11-02 (Wed, 02 Nov 2022) Changed paths: M test/recipes/80-test_cms.t Log Message: --- Skip DES based tests in FIPS mode Reviewed-by: Tomas Mraz Reviewed-by: Tim Hudson Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/19486) Commit: 55d9f73a43dc5c8036d87b9042beb505af1f1ad6 https://github.com/openssl/openssl/commit/55d9f73a43dc5c8036d87b9042beb505af1f1ad6 Author: Pauli Date: 2022-11-02 (Wed, 02 Nov 2022) Changed paths: M test/recipes/30-test_evp.t Log Message: --- Move DES based test cases out of FIPS territory Co-authored-by: Randall Steck Co-authored-by: Mark J. Minnoch Co-authored-by: Steve Weymann Reviewed-by: Tomas Mraz Reviewed-by: Tim Hudson Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/19486) Commit: bf9c7c4bb42c6bf32023c97f9e90968f7f83a62b https://github.com/openssl/openssl/commit/bf9c7c4bb42c6bf32023c97f9e90968f7f83a62b Author: Pauli Date: 2022-11-02 (Wed, 02 Nov 2022) Changed paths: M test/evp_libctx_test.c Log Message: --- Remove conditional FIPS dependence for 3DES Reviewed-by: Tomas Mraz Reviewed-by: Tim Hudson Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/19486) Commit: f66c14a0cc151e1fee78088cdeee1b320f160f7c https://github.com/openssl/openssl/commit/f66c14a0cc151e1fee78088cdeee1b320f160f7c Author: Pauli Date: 2022-11-02 (Wed, 02 Nov 2022) Changed paths: M test/recipes/03-test_fipsinstall.t Log Message: --- Update fipsinstall tests Co-authored-by: Randall Steck Co-authored-by: Mark J. Minnoch Co-authored-by: Steve Weymann Reviewed-by: Tomas Mraz Reviewed-by: Tim Hudson Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/19486) Commit: dfb79d08e28dcaf1e3ccbc000775d3f52f33d4cf https://github.com/openssl/openssl/commit/dfb79d08e28dcaf1e3ccbc000775d3f52f33d4cf Author: Pauli Date: 2022-11-02 (Wed, 02 Nov 2022) Changed paths: M providers/fips/fipsprov.c Log Message: --- Remove DES cipher from the FIPS provider Co-authored-by: Randall Steck Co-authored-by: Mark J. Minnoch Co-authored-by: Steve Weymann Reviewed-by: Tomas Mraz Reviewed-by: Tim Hudson Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/19486) Commit: df8f8432eb10b2ed56e48b692f930991f9624453 https://github.com/openssl/openssl/commit/df8f8432eb10b2ed56e48b692f930991f9624453 Author: Pauli Date: 2022-11-02 (Wed, 02 Nov 2022) Changed paths: M crypto/dsa/dsa_key.c M crypto/ec/ec_key.c Log Message: --- dsa/ec: update pairwise tests to account for 140-3 IG 10.3.A additiocal comment 1 This mandates following SP 800-56A which, in 5.6.2.4, mandates a comparision against a newly calculated public key. Co-authored-by: Randall Steck Co-authored-by: Mark J. Minnoch Co-authored-by: Steve Weymann Reviewed-by: Tomas Mraz Reviewed-by: Tim Hudson Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/19486) Commit: 18477977496bbb183e0ccb71b71b1a8a87321729 https://github.com/openssl/openssl/commit/18477977496bbb183e0ccb71b71b1a8a87321729 Author: Pauli Date: 2022-11-02 (Wed, 02 Nov 2022) Changed paths: M include/openssl/self_test.h M providers/fips/self_test.c M providers/fips/self_test_data.inc M providers/fips/self_test_kats.c Log Message: --- Update FIPS KATs for 140-3 Co-authored-by: Randall Steck Co-authored-by: Mark J. Minnoch Co-authored-by: Steve Weymann Reviewed-by: Tomas Mraz Reviewed-by: Tim Hudson Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/19486) Commit: dad5676c1a7ad669aac8d83f8ad1d5c4e4d74863 https://github.com/openssl/openssl/commit/dad5676c1a7ad669aac8d83f8ad1d5c4e4d74863 Author: Pauli Date
[openssl/openssl] 3b421e: Fix CVE-2022-3602 in punycode decoder.
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 3b421ebc64c7b52f1b9feb3812bdc7781c784332 https://github.com/openssl/openssl/commit/3b421ebc64c7b52f1b9feb3812bdc7781c784332 Author: Pauli Date: 2022-11-01 (Tue, 01 Nov 2022) Changed paths: M crypto/punycode.c Log Message: --- Fix CVE-2022-3602 in punycode decoder. An off by one error in the punycode decoder allowed for a single unsigned int overwrite of a buffer which could cause a crash and possible code execution. Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (cherry picked from commit fe3b639dc19b325846f4f6801f2f4604f56e3de3) Commit: 680e65b94c916af259bfdc2e25f1ab6e0c7a97d6 https://github.com/openssl/openssl/commit/680e65b94c916af259bfdc2e25f1ab6e0c7a97d6 Author: Pauli Date: 2022-11-01 (Tue, 01 Nov 2022) Changed paths: M crypto/punycode.c Log Message: --- Fix CVE-2022-3786 in punycode decoder. Fixed the ossl_a2ulabel() function which also contained a potential buffer overflow, albeit without control of the contents. This overflow could result in a crash (causing a denial of service). The function also did not NUL-terminate the output in some cases. The two issues fixed here were dentified and reported by Viktor Dukhovni while researching CVE-2022-3602. Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (cherry picked from commit c42165b5706e42f67ef8ef4c351a9a4c5d21639a) Commit: a0af4a3c8b18c435a5a4afb28b3ad1a2730e6ea8 https://github.com/openssl/openssl/commit/a0af4a3c8b18c435a5a4afb28b3ad1a2730e6ea8 Author: Pauli Date: 2022-11-01 (Tue, 01 Nov 2022) Changed paths: M test/build.info A test/punycode_test.c A test/recipes/04-test_punycode.t Log Message: --- punycode: add unit tests These tests verify basic functionality and specifically test for CVE-2022-3602. Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (cherry picked from commit f0f530216bf93e9cdc9c2c9e3c095229d216da15) Compare: https://github.com/openssl/openssl/compare/89d723113277...a0af4a3c8b18
[openssl/openssl] 9fb0ff: rand: remove the ossl_rand_pool_add_additional_dat...
Branch: refs/heads/openssl-3.1 Home: https://github.com/openssl/openssl Commit: 9fb0ff30343a08cf9650159410426468502eaebf https://github.com/openssl/openssl/commit/9fb0ff30343a08cf9650159410426468502eaebf Author: Pauli Date: 2022-10-27 (Thu, 27 Oct 2022) Changed paths: M providers/implementations/include/prov/seeding.h M providers/implementations/rands/seeding/rand_unix.c M providers/implementations/rands/seeding/rand_vms.c M providers/implementations/rands/seeding/rand_vxworks.c M providers/implementations/rands/seeding/rand_win.c Log Message: --- rand: remove the ossl_rand_pool_add_additional_data() function. This function isn't called from anywhere and cannot easily be used by the current RNG infrastructure. Reviewed-by: Tomas Mraz Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/19493) (cherry picked from commit da7db83cc44d2c8761e9074caf8befd443ea8be8)
[openssl/openssl] da7db8: rand: remove the ossl_rand_pool_add_additional_dat...
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: da7db83cc44d2c8761e9074caf8befd443ea8be8 https://github.com/openssl/openssl/commit/da7db83cc44d2c8761e9074caf8befd443ea8be8 Author: Pauli Date: 2022-10-27 (Thu, 27 Oct 2022) Changed paths: M providers/implementations/include/prov/seeding.h M providers/implementations/rands/seeding/rand_unix.c M providers/implementations/rands/seeding/rand_vms.c M providers/implementations/rands/seeding/rand_vxworks.c M providers/implementations/rands/seeding/rand_win.c Log Message: --- rand: remove the ossl_rand_pool_add_additional_data() function. This function isn't called from anywhere and cannot easily be used by the current RNG infrastructure. Reviewed-by: Tomas Mraz Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/19493)
[openssl/openssl] c7a02b: doc: fix copy/paste error
Branch: refs/heads/OpenSSL_1_1_1-stable Home: https://github.com/openssl/openssl Commit: c7a02ba09e3c3088d635a91ab179a1e7bdd5e340 https://github.com/openssl/openssl/commit/c7a02ba09e3c3088d635a91ab179a1e7bdd5e340 Author: Pauli Date: 2022-10-24 (Mon, 24 Oct 2022) Changed paths: M doc/man3/OPENSSL_init_crypto.pod Log Message: --- doc: fix copy/paste error Fixes #19460 Reviewed-by: Tim Hudson Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/19461) (cherry picked from commit 5b9480fc1e814bf8fa2dce0dbbede147f04d477c)
[openssl/openssl] 5b9480: doc: fix copy/paste error
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 5b9480fc1e814bf8fa2dce0dbbede147f04d477c https://github.com/openssl/openssl/commit/5b9480fc1e814bf8fa2dce0dbbede147f04d477c Author: Pauli Date: 2022-10-24 (Mon, 24 Oct 2022) Changed paths: M doc/man3/OPENSSL_init_crypto.pod Log Message: --- doc: fix copy/paste error Fixes #19460 Reviewed-by: Tim Hudson Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/19461)
[openssl/openssl] f713ec: doc: fix copy/paste error
Branch: refs/heads/openssl-3.0 Home: https://github.com/openssl/openssl Commit: f713ec7d9d146194ca572f7b7f8cc3434119f400 https://github.com/openssl/openssl/commit/f713ec7d9d146194ca572f7b7f8cc3434119f400 Author: Pauli Date: 2022-10-24 (Mon, 24 Oct 2022) Changed paths: M doc/man3/OPENSSL_init_crypto.pod Log Message: --- doc: fix copy/paste error Fixes #19460 Reviewed-by: Tim Hudson Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/19461) (cherry picked from commit 5b9480fc1e814bf8fa2dce0dbbede147f04d477c)
[openssl/openssl] 453446: default provider: include RIPEMD160
Branch: refs/heads/openssl-3.0 Home: https://github.com/openssl/openssl Commit: 4534468866c2b29d197c48f0763c32e5a7b65868 https://github.com/openssl/openssl/commit/4534468866c2b29d197c48f0763c32e5a7b65868 Author: Pauli Date: 2022-10-19 (Wed, 19 Oct 2022) Changed paths: M crypto/ripemd/build.info M providers/defltprov.c M providers/implementations/digests/build.info M test/recipes/30-test_evp_data/evpmd_ripemd.txt Log Message: --- default provider: include RIPEMD160 Including RIPEMD160 in both the default and legacy providers shouldn't break anyone and makes the algorithm available more readily. Fixes #17722 Reviewed-by: Richard Levitte Reviewed-by: Tim Hudson Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19375) (cherry picked from commit ecd831469919215b0a45693b00ec0fd7d42d5d61) Commit: 2f355186551c9d7d5285c96a205a8f2767173527 https://github.com/openssl/openssl/commit/2f355186551c9d7d5285c96a205a8f2767173527 Author: Tomas Mraz Date: 2022-10-19 (Wed, 19 Oct 2022) Changed paths: M crypto/ripemd/build.info M providers/implementations/digests/build.info Log Message: --- Avoid putting ripemd_prov.c in libcommon otherwise it is regarded as fips source Reviewed-by: Richard Levitte Reviewed-by: Paul Dale Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/19375) (cherry picked from commit 155a82d1fe1c50d859081ff67f26633b9d7dada8) Commit: f1e990b855ce1613041d847ccd3048ca6835f95a https://github.com/openssl/openssl/commit/f1e990b855ce1613041d847ccd3048ca6835f95a Author: Pauli Date: 2022-10-19 (Wed, 19 Oct 2022) Changed paths: M doc/man7/EVP_MD-RIPEMD160.pod M doc/man7/OSSL_PROVIDER-default.pod Log Message: --- ripemd: document as being present in the default provider Reviewed-by: Richard Levitte Reviewed-by: Tim Hudson Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19375) (cherry picked from commit fdc5043d58900663b493147298e64f11353b35fe) Compare: https://github.com/openssl/openssl/compare/c861c3ee142a...f1e990b855ce
[openssl/openssl] ce9317: Add changes entry for RIPEMD160 being added to the...
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: ce9317a4cfc01541964a14745c4d09e2a846981c https://github.com/openssl/openssl/commit/ce9317a4cfc01541964a14745c4d09e2a846981c Author: Pauli Date: 2022-10-19 (Wed, 19 Oct 2022) Changed paths: M CHANGES.md Log Message: --- Add changes entry for RIPEMD160 being added to the default provider Reviewed-by: Richard Levitte Reviewed-by: Tim Hudson Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19375) Commit: ecd831469919215b0a45693b00ec0fd7d42d5d61 https://github.com/openssl/openssl/commit/ecd831469919215b0a45693b00ec0fd7d42d5d61 Author: Pauli Date: 2022-10-19 (Wed, 19 Oct 2022) Changed paths: M crypto/ripemd/build.info M providers/defltprov.c M providers/implementations/digests/build.info M test/recipes/30-test_evp_data/evpmd_ripemd.txt Log Message: --- default provider: include RIPEMD160 Including RIPEMD160 in both the default and legacy providers shouldn't break anyone and makes the algorithm available more readily. Fixes #17722 Reviewed-by: Richard Levitte Reviewed-by: Tim Hudson Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19375) Commit: 155a82d1fe1c50d859081ff67f26633b9d7dada8 https://github.com/openssl/openssl/commit/155a82d1fe1c50d859081ff67f26633b9d7dada8 Author: Tomas Mraz Date: 2022-10-19 (Wed, 19 Oct 2022) Changed paths: M crypto/ripemd/build.info M providers/implementations/digests/build.info Log Message: --- Avoid putting ripemd_prov.c in libcommon otherwise it is regarded as fips source Reviewed-by: Richard Levitte Reviewed-by: Paul Dale Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/19375) Commit: fdc5043d58900663b493147298e64f11353b35fe https://github.com/openssl/openssl/commit/fdc5043d58900663b493147298e64f11353b35fe Author: Pauli Date: 2022-10-19 (Wed, 19 Oct 2022) Changed paths: M doc/man7/EVP_MD-RIPEMD160.pod M doc/man7/OSSL_PROVIDER-default.pod Log Message: --- ripemd: document as being present in the default provider Reviewed-by: Richard Levitte Reviewed-by: Tim Hudson Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19375) Compare: https://github.com/openssl/openssl/compare/72620ac79133...fdc5043d5890
[openssl/openssl] e2b2e6: init: fix defined but unused warning/error
Branch: refs/heads/openssl-3.0 Home: https://github.com/openssl/openssl Commit: e2b2e6b166b2d1b9c094d62e5e8cf79ab9e24430 https://github.com/openssl/openssl/commit/e2b2e6b166b2d1b9c094d62e5e8cf79ab9e24430 Author: Pauli Date: 2022-10-18 (Tue, 18 Oct 2022) Changed paths: M crypto/init.c Log Message: --- init: fix defined but unused warning/error The #ifdefs weren't quite correct at times. Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/18503) (cherry picked from commit 979575c6ef10ab9b8d74d8c00852b2250eb78f29)
[openssl/openssl] 9ab57f: Coverity 1515953: negative loop bound
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 9ab57f29c78d8d69b6ba9c579521594d7170ca44 https://github.com/openssl/openssl/commit/9ab57f29c78d8d69b6ba9c579521594d7170ca44 Author: Pauli Date: 2022-10-14 (Fri, 14 Oct 2022) Changed paths: M crypto/encode_decode/encoder_pkey.c Log Message: --- Coverity 1515953: negative loop bound Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/19413)
[openssl/openssl] 681c46: test: condition out code that relies on CHACHA.
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 681c461910b1b72af263ec735bac1310b2fadcd0 https://github.com/openssl/openssl/commit/681c461910b1b72af263ec735bac1310b2fadcd0 Author: Pauli Date: 2022-10-10 (Mon, 10 Oct 2022) Changed paths: M test/bio_dgram_test.c M test/quic_record_test.c Log Message: --- test: condition out code that relies on CHACHA. Run checker does a no-chacha build and tests fail because it can't be fetched. Fixes #19363 Reviewed-by: Dmitry Belyavskiy Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz Reviewed-by: Tim Hudson Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/19366)
[openssl/openssl] 9690b9: Coverity 1515540: resource leak
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 9690b9737d46cc52cc93682a63b110f5513e7671 https://github.com/openssl/openssl/commit/9690b9737d46cc52cc93682a63b110f5513e7671 Author: Pauli Date: 2022-09-27 (Tue, 27 Sep 2022) Changed paths: M test/pkcs12_format_test.c Log Message: --- Coverity 1515540: resource leak Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19275) Commit: 8bc703c2886c2104f1d472ab681bc7a8c081427a https://github.com/openssl/openssl/commit/8bc703c2886c2104f1d472ab681bc7a8c081427a Author: Pauli Date: 2022-09-27 (Tue, 27 Sep 2022) Changed paths: M apps/pkcs12.c Log Message: --- Coverity 1515538: resource leak Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19275) Compare: https://github.com/openssl/openssl/compare/508e087c4c9e...8bc703c2886c
[openssl/openssl] 4efc96: update overview with a note about many to one conn...
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 4efc969852cdb7883d240e423e887a57504dcd36 https://github.com/openssl/openssl/commit/4efc969852cdb7883d240e423e887a57504dcd36 Author: Pauli Date: 2022-09-23 (Fri, 23 Sep 2022) Changed paths: M doc/designs/quic-design/quic-overview.md Log Message: --- update overview with a note about many to one connection ID cache Reviewed-by: Hugo Landau Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/18824) Commit: 538ee4e0977492009f8ca39d577d8a1aeb8d27fd https://github.com/openssl/openssl/commit/538ee4e0977492009f8ca39d577d8a1aeb8d27fd Author: Pauli Date: 2022-09-23 (Fri, 23 Sep 2022) Changed paths: A doc/designs/quic-design/connection-id-cache.md Log Message: --- Add design document for the QUIC connection ID cache. Reviewed-by: Hugo Landau Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/18824) Compare: https://github.com/openssl/openssl/compare/8e90a12ad82d...538ee4e09774
[openssl/openssl] 33796d: Coverity 1515415: NULL dereference
Branch: refs/heads/openssl-3.0 Home: https://github.com/openssl/openssl Commit: 33796db4a5c3ea68ae80530dcbff60222c5a2008 https://github.com/openssl/openssl/commit/33796db4a5c3ea68ae80530dcbff60222c5a2008 Author: Pauli Date: 2022-09-21 (Wed, 21 Sep 2022) Changed paths: M test/helpers/ssltestlib.c Log Message: --- Coverity 1515415: NULL dereference Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19236) (cherry picked from commit 82d46d14462491681f25d016508715e85c1dc4d1)
[openssl/openssl] 82d46d: Coverity 1515415: NULL dereference
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 82d46d14462491681f25d016508715e85c1dc4d1 https://github.com/openssl/openssl/commit/82d46d14462491681f25d016508715e85c1dc4d1 Author: Pauli Date: 2022-09-21 (Wed, 21 Sep 2022) Changed paths: M test/helpers/ssltestlib.c Log Message: --- Coverity 1515415: NULL dereference Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19236)
[openssl/openssl] 03781b: Remove FIPS condition on SM2 test.
Branch: refs/heads/openssl-3.0 Home: https://github.com/openssl/openssl Commit: 03781b3771092fd095fe9b8b5ba64aca45acf362 https://github.com/openssl/openssl/commit/03781b3771092fd095fe9b8b5ba64aca45acf362 Author: Pauli Date: 2022-09-21 (Wed, 21 Sep 2022) Changed paths: M test/evp_extra_test.c Log Message: --- Remove FIPS condition on SM2 test. Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19237) (cherry picked from commit 919adfcf6683d82f876060b6cf9f57e875d547b2) Commit: 5f3dcdf37e777191b4e859000fd1f9c64262f1b5 https://github.com/openssl/openssl/commit/5f3dcdf37e777191b4e859000fd1f9c64262f1b5 Author: Pauli Date: 2022-09-21 (Wed, 21 Sep 2022) Changed paths: M test/aesgcmtest.c Log Message: --- Remove FIPS condition on IV gen test. Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19237) (cherry picked from commit 3fd255acb7b65a30afd1b23e17db2163fb9ffd8d) Commit: c663fb6fc880269663aa0ee744b579fbfbd255b8 https://github.com/openssl/openssl/commit/c663fb6fc880269663aa0ee744b579fbfbd255b8 Author: Pauli Date: 2022-09-21 (Wed, 21 Sep 2022) Changed paths: M test/drbgtest.c Log Message: --- Runtime detect FIPS RNG usage in test Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19237) (cherry picked from commit c91f972c9fba61c5db761a49e13df4dadcba068a) Commit: ff9b1fe302c2c5022f35ad3b78f05080ff4908da https://github.com/openssl/openssl/commit/ff9b1fe302c2c5022f35ad3b78f05080ff4908da Author: Pauli Date: 2022-09-21 (Wed, 21 Sep 2022) Changed paths: M test/build.info Log Message: --- Remove unnecessary define Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19237) (cherry picked from commit 1cef04091ab12bda0e1c6a5874e9d113c44bbdd8) Compare: https://github.com/openssl/openssl/compare/e711c4b32b09...ff9b1fe302c2
[openssl/openssl] 919adf: Remove FIPS condition on SM2 test.
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 919adfcf6683d82f876060b6cf9f57e875d547b2 https://github.com/openssl/openssl/commit/919adfcf6683d82f876060b6cf9f57e875d547b2 Author: Pauli Date: 2022-09-21 (Wed, 21 Sep 2022) Changed paths: M test/evp_extra_test.c Log Message: --- Remove FIPS condition on SM2 test. Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19237) Commit: 3fd255acb7b65a30afd1b23e17db2163fb9ffd8d https://github.com/openssl/openssl/commit/3fd255acb7b65a30afd1b23e17db2163fb9ffd8d Author: Pauli Date: 2022-09-21 (Wed, 21 Sep 2022) Changed paths: M test/aesgcmtest.c Log Message: --- Remove FIPS condition on IV gen test. Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19237) Commit: c91f972c9fba61c5db761a49e13df4dadcba068a https://github.com/openssl/openssl/commit/c91f972c9fba61c5db761a49e13df4dadcba068a Author: Pauli Date: 2022-09-21 (Wed, 21 Sep 2022) Changed paths: M test/drbgtest.c Log Message: --- Runtime detect FIPS RNG usage in test Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19237) Commit: 1cef04091ab12bda0e1c6a5874e9d113c44bbdd8 https://github.com/openssl/openssl/commit/1cef04091ab12bda0e1c6a5874e9d113c44bbdd8 Author: Pauli Date: 2022-09-21 (Wed, 21 Sep 2022) Changed paths: M test/build.info Log Message: --- Remove unnecessary define Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19237) Compare: https://github.com/openssl/openssl/compare/200d84478295...1cef04091ab1
[openssl/openssl] 4a84c5: test: make unit tests FIPS provider version aware
Branch: refs/heads/openssl-3.0 Home: https://github.com/openssl/openssl Commit: 4a84c54dbe9bbe88fb8138794163e5d04c5bc411 https://github.com/openssl/openssl/commit/4a84c54dbe9bbe88fb8138794163e5d04c5bc411 Author: Pauli Date: 2022-09-16 (Fri, 16 Sep 2022) Changed paths: M test/testutil.h M test/testutil/provider.c Log Message: --- test: make unit tests FIPS provider version aware Fixes #19171 Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/19201) (cherry picked from commit eaac0584db6e7452fdb627502527fb0678bb9a93) Commit: 8462f5d441a3d61810118bb1a548dc0a0152b188 https://github.com/openssl/openssl/commit/8462f5d441a3d61810118bb1a548dc0a0152b188 Author: Pauli Date: 2022-09-16 (Fri, 16 Sep 2022) Changed paths: M test/evp_test.c Log Message: --- evp_test: allow FIPS provider version based escapes in evp_test Also fix a number of regressions when run against the 3.0.0 FIPS provider that result from bug fixes. Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/19201) (cherry picked from commit 54a7bbedf43a1ade98c8f47eb8896d75f3db0165) Commit: 5eabf8e5548607a317b41a437806bb075947d0fa https://github.com/openssl/openssl/commit/5eabf8e5548607a317b41a437806bb075947d0fa Author: Pauli Date: 2022-09-16 (Fri, 16 Sep 2022) Changed paths: M test/recipes/30-test_evp_data/evpciph_des3_common.txt Log Message: --- TDES: fix test with old FIPS provider Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/19201) (cherry picked from commit 4d0249c2d1d0f81c211354d8a36738595936fad8) Commit: e520991371cab8418995586df55f5ab3dfd3d044 https://github.com/openssl/openssl/commit/e520991371cab8418995586df55f5ab3dfd3d044 Author: Pauli Date: 2022-09-16 (Fri, 16 Sep 2022) Changed paths: M test/recipes/30-test_evp_data/evppkey_ffdhe.txt Log Message: --- Fix default padding regression against 3.0.0 FIPS provider Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/19201) (cherry picked from commit 9684335839fcdeac06d21b06628c4c37117b5478) Commit: c2f8d715e54d0f82f0a27fd69b85fd52578d89b8 https://github.com/openssl/openssl/commit/c2f8d715e54d0f82f0a27fd69b85fd52578d89b8 Author: Tomáš Mráz Date: 2022-09-16 (Fri, 16 Sep 2022) Changed paths: M crypto/evp/p_lib.c Log Message: --- EVP_PKEY_eq: regain compatibility with the 3.0.0 FIPS provider Reviewed-by: Matt Caswell Reviewed-by: Shane Lontis Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/19201) (cherry picked from commit c342004e07fd2c03a672f79353d13554fe0ffdaf) Commit: 65759e35afa545835910ea85582522c01087fde3 https://github.com/openssl/openssl/commit/65759e35afa545835910ea85582522c01087fde3 Author: Tomas Mraz Date: 2022-09-16 (Fri, 16 Sep 2022) Changed paths: M test/build.info M test/endecode_test.c M test/evp_test.c A test/fips_version_test.c M test/recipes/25-test_verify.t M test/testutil.h M test/testutil/provider.c Log Message: --- With fips provider 3.0.0 skip tests related to explicit curves handling Reviewed-by: Matt Caswell Reviewed-by: Shane Lontis Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/19201) (cherry picked from commit e1289d90d0069ea1c3ea8ae80bfc3916077ec24e) Commit: 1ab630794dfef98f83b59b5e18981dc3223bb1bf https://github.com/openssl/openssl/commit/1ab630794dfef98f83b59b5e18981dc3223bb1bf Author: Pauli Date: 2022-09-16 (Fri, 16 Sep 2022) Changed paths: A .github/workflows/fips-old.yml Log Message: --- Add CI to test old FIPS provider versions Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/19201) (cherry picked from commit 65080a3e1ebced54af838481e6d40e1c0cb7991e) Compare: https://github.com/openssl/openssl/compare/1ed89de84f6e...1ab630794dfe
[openssl/openssl] eaac05: test: make unit tests FIPS provider version aware
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: eaac0584db6e7452fdb627502527fb0678bb9a93 https://github.com/openssl/openssl/commit/eaac0584db6e7452fdb627502527fb0678bb9a93 Author: Pauli Date: 2022-09-16 (Fri, 16 Sep 2022) Changed paths: M test/testutil.h M test/testutil/provider.c Log Message: --- test: make unit tests FIPS provider version aware Fixes #19171 Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/19201) Commit: 54a7bbedf43a1ade98c8f47eb8896d75f3db0165 https://github.com/openssl/openssl/commit/54a7bbedf43a1ade98c8f47eb8896d75f3db0165 Author: Pauli Date: 2022-09-16 (Fri, 16 Sep 2022) Changed paths: M test/evp_test.c Log Message: --- evp_test: allow FIPS provider version based escapes in evp_test Also fix a number of regressions when run against the 3.0.0 FIPS provider that result from bug fixes. Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/19201) Commit: 4d0249c2d1d0f81c211354d8a36738595936fad8 https://github.com/openssl/openssl/commit/4d0249c2d1d0f81c211354d8a36738595936fad8 Author: Pauli Date: 2022-09-16 (Fri, 16 Sep 2022) Changed paths: M test/recipes/30-test_evp_data/evpciph_des3_common.txt Log Message: --- TDES: fix test with old FIPS provider Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/19201) Commit: 9684335839fcdeac06d21b06628c4c37117b5478 https://github.com/openssl/openssl/commit/9684335839fcdeac06d21b06628c4c37117b5478 Author: Pauli Date: 2022-09-16 (Fri, 16 Sep 2022) Changed paths: M test/recipes/30-test_evp_data/evppkey_ffdhe.txt Log Message: --- Fix default padding regression against 3.0.0 FIPS provider Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/19201) Commit: c342004e07fd2c03a672f79353d13554fe0ffdaf https://github.com/openssl/openssl/commit/c342004e07fd2c03a672f79353d13554fe0ffdaf Author: Tomáš Mráz Date: 2022-09-16 (Fri, 16 Sep 2022) Changed paths: M crypto/evp/p_lib.c Log Message: --- EVP_PKEY_eq: regain compatibility with the 3.0.0 FIPS provider Reviewed-by: Matt Caswell Reviewed-by: Shane Lontis Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/19201) Commit: e1289d90d0069ea1c3ea8ae80bfc3916077ec24e https://github.com/openssl/openssl/commit/e1289d90d0069ea1c3ea8ae80bfc3916077ec24e Author: Tomas Mraz Date: 2022-09-16 (Fri, 16 Sep 2022) Changed paths: M test/build.info M test/endecode_test.c M test/evp_test.c A test/fips_version_test.c M test/recipes/25-test_verify.t M test/testutil.h M test/testutil/provider.c Log Message: --- With fips provider 3.0.0 skip tests related to explicit curves handling Reviewed-by: Matt Caswell Reviewed-by: Shane Lontis Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/19201) Commit: 65080a3e1ebced54af838481e6d40e1c0cb7991e https://github.com/openssl/openssl/commit/65080a3e1ebced54af838481e6d40e1c0cb7991e Author: Pauli Date: 2022-09-16 (Fri, 16 Sep 2022) Changed paths: A .github/workflows/fips-old.yml Log Message: --- Add CI to test old FIPS provider versions Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/19201) Compare: https://github.com/openssl/openssl/compare/edb271ee5d68...65080a3e1ebc
[openssl/openssl] fabce8: design: TX Packetiser
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: fabce8090c3ba49527d434a4621c660eedad2aaa https://github.com/openssl/openssl/commit/fabce8090c3ba49527d434a4621c660eedad2aaa Author: Pauli Date: 2022-09-13 (Tue, 13 Sep 2022) Changed paths: A doc/designs/quic-design/tx-packetiser.md Log Message: --- design: TX Packetiser Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/18570)
[openssl/openssl] 364c3b: time: add some additional utilities and document e...
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 364c3b7b1ac3172dbe2108be23ae215b86ef8e08 https://github.com/openssl/openssl/commit/364c3b7b1ac3172dbe2108be23ae215b86ef8e08 Author: Pauli Date: 2022-09-13 (Tue, 13 Sep 2022) Changed paths: M doc/internal/man3/OSSL_TIME.pod M include/internal/time.h M ssl/time.c Log Message: --- time: add some additional utilities and document everything Some of the recently added functions were not documents. This has been addressed. Also added utility functions for conversions between time_t, seconds and struct timeval to/from OSSL_TIME. Reviewed-by: Todd Short Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/19082) Commit: f0131dc04a39afcb1629f5bec2814ef3a4925bbf https://github.com/openssl/openssl/commit/f0131dc04a39afcb1629f5bec2814ef3a4925bbf Author: Pauli Date: 2022-09-13 (Tue, 13 Sep 2022) Changed paths: M ssl/d1_lib.c M ssl/quic/quic_impl.c M ssl/quic/quic_local.h M ssl/s3_lib.c M ssl/ssl_asn1.c M ssl/ssl_lib.c M ssl/ssl_local.h M ssl/ssl_sess.c M ssl/ssl_txt.c M ssl/statem/extensions_clnt.c M ssl/statem/extensions_srvr.c M ssl/statem/statem_clnt.c M ssl/statem/statem_srvr.c M ssl/t1_lib.c Log Message: --- ssl: modify libssl so that it uses OSSL_TIME This is instead of time_t and struct timeval. Some public APIs mandate a presence of these two types, but they are converted to OSSL_TIME internally. Reviewed-by: Todd Short Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/19082) Commit: 4fc04c71acf180dad0b4418d12b3ed31ba46179a https://github.com/openssl/openssl/commit/4fc04c71acf180dad0b4418d12b3ed31ba46179a Author: Pauli Date: 2022-09-13 (Tue, 13 Sep 2022) Changed paths: M ssl/quic/quic_ackm.c M ssl/quic/quic_statm.c Log Message: --- Avoid struct timeval in QUIC code Reviewed-by: Todd Short Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/19082) Commit: 02d0f87a8ba143eaeaee3334a2f63543b10148a9 https://github.com/openssl/openssl/commit/02d0f87a8ba143eaeaee3334a2f63543b10148a9 Author: Pauli Date: 2022-09-13 (Tue, 13 Sep 2022) Changed paths: M crypto/build.info A crypto/time.c M ssl/build.info R ssl/time.c Log Message: --- time: move OSSL_TIME to libcrypto Keep building it for libssl without exposing any symbols. Reviewed-by: Todd Short Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/19082) Commit: 5d1bb4fc47582b06dd224a788bdfaaced60e72a0 https://github.com/openssl/openssl/commit/5d1bb4fc47582b06dd224a788bdfaaced60e72a0 Author: Pauli Date: 2022-09-13 (Tue, 13 Sep 2022) Changed paths: M crypto/bio/bss_dgram.c M crypto/ct/ct_policy.c M crypto/ts/ts_rsp_sign.c M include/internal/e_os.h Log Message: --- libcrypto: remove reliance on struct timeval Reviewed-by: Todd Short Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/19082) Commit: 0f4be8a14a2bcb8a92cf78d94d157152c0a03d88 https://github.com/openssl/openssl/commit/0f4be8a14a2bcb8a92cf78d94d157152c0a03d88 Author: Pauli Date: 2022-09-13 (Tue, 13 Sep 2022) Changed paths: M include/internal/safe_math.h Log Message: --- Fix white space Reviewed-by: Todd Short Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/19082) Compare: https://github.com/openssl/openssl/compare/ee68d2b95792...0f4be8a14a2b
[openssl/openssl] 35b670: list: add an option to list all available algorithms
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 35b670702466b91b3baa724635e5aecbc2061fa7 https://github.com/openssl/openssl/commit/35b670702466b91b3baa724635e5aecbc2061fa7 Author: Pauli Date: 2022-09-11 (Sun, 11 Sep 2022) Changed paths: M apps/list.c M doc/man1/openssl-list.pod.in Log Message: --- list: add an option to list all available algorithms Fixes #19145 Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/19168)
[openssl/openssl] fbeb48: Coverity: explicit null dereference
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: fbeb4866f4250a4a23e7afb884a0aa0456d152f8 https://github.com/openssl/openssl/commit/fbeb4866f4250a4a23e7afb884a0aa0456d152f8 Author: Pauli Date: 2022-09-07 (Wed, 07 Sep 2022) Changed paths: M test/list_test.c Log Message: --- Coverity: explicit null dereference Coverity is being pretty silly here but adding the explicit pointer checks will stop a crash if something goes badly awry. Fixes Coverity 1513706 - 1513709 Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19136)
[openssl/openssl] cb12a6: Coverity 1513478: negative return
Branch: refs/heads/openssl-3.0 Home: https://github.com/openssl/openssl Commit: cb12a691796372f73c13ac8a3ecb17a8d3a059d9 https://github.com/openssl/openssl/commit/cb12a691796372f73c13ac8a3ecb17a8d3a059d9 Author: Pauli Date: 2022-09-06 (Tue, 06 Sep 2022) Changed paths: M ssl/tls13_enc.c Log Message: --- Coverity 1513478: negative return Reviewed-by: Dmitry Belyavskiy Reviewed-by: Tomas Mraz Reviewed-by: Hugo Landau (Merged from https://github.com/openssl/openssl/pull/19126) (cherry picked from commit 1d1537067304b8c8d87b2df393363b40370ad640)
[openssl/openssl] 1d1537: Coverity 1513478: negative return
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 1d1537067304b8c8d87b2df393363b40370ad640 https://github.com/openssl/openssl/commit/1d1537067304b8c8d87b2df393363b40370ad640 Author: Pauli Date: 2022-09-06 (Tue, 06 Sep 2022) Changed paths: M ssl/tls13_enc.c Log Message: --- Coverity 1513478: negative return Reviewed-by: Dmitry Belyavskiy Reviewed-by: Tomas Mraz Reviewed-by: Hugo Landau (Merged from https://github.com/openssl/openssl/pull/19126)
[openssl/openssl] f5eac2: list: add a doubly linked list type.
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: f5eac259a03c68c96c77f9b998b1b9c16a8439e7 https://github.com/openssl/openssl/commit/f5eac259a03c68c96c77f9b998b1b9c16a8439e7 Author: Pauli Date: 2022-09-05 (Mon, 05 Sep 2022) Changed paths: A doc/internal/man3/DEFINE_LIST_OF.pod A include/internal/list.h M test/build.info A test/list_test.c A test/recipes/02-test_list.t Log Message: --- list: add a doubly linked list type. These list can be embedded into structures and structures can be members of multiple lists. Moreover, this is done without dynamic memory allocation. That is, this is legal: typedef struct item_st ITEM; struct item_st { ... OSSL_LIST_MEMBER(new_items, ITEM); OSSL_LIST_MEMBER(failed_items, ITEM); ... }; DEFINE_LIST_OF(new_items, TESTL); DEFINE_LIST_OF(failed_items, TESTL); struct { ... OSSL_LIST(new_items) new; OSSL_LIST(failed_items) failed; ... } *st; ITEM *p; for (p = ossl_list_new_items_head(>new); p != NULL; p = ossl_list_new_items_next(p)) /* do something */ Reviewed-by: Shane Lontis Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19115)
[openssl/openssl] 3c1f8f: Add missing ')' to command help
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 3c1f8fb13e064ad7f42e9b65c601c68e1aa79f7d https://github.com/openssl/openssl/commit/3c1f8fb13e064ad7f42e9b65c601c68e1aa79f7d Author: Pauli Date: 2022-08-26 (Fri, 26 Aug 2022) Changed paths: M apps/rsa.c Log Message: --- Add missing ')' to command help Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/19049)
[openssl/openssl] b15764: Add missing ')' to command help
Branch: refs/heads/openssl-3.0 Home: https://github.com/openssl/openssl Commit: b15764e515da395e4d7fed1df7f01255834c1769 https://github.com/openssl/openssl/commit/b15764e515da395e4d7fed1df7f01255834c1769 Author: Pauli Date: 2022-08-26 (Fri, 26 Aug 2022) Changed paths: M apps/rsa.c Log Message: --- Add missing ')' to command help Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/19049) (cherry picked from commit 3c1f8fb13e064ad7f42e9b65c601c68e1aa79f7d)
[openssl/openssl] 25c486: Coverity 1508532: out of bounds access
Branch: refs/heads/openssl-3.0 Home: https://github.com/openssl/openssl Commit: 25c486762daf8a279676e3e98136855e2e021100 https://github.com/openssl/openssl/commit/25c486762daf8a279676e3e98136855e2e021100 Author: Pauli Date: 2022-08-23 (Tue, 23 Aug 2022) Changed paths: M crypto/dh/dh_pmeth.c Log Message: --- Coverity 1508532: out of bounds access Reviewed-by: Tomas Mraz Reviewed-by: Hugo Landau (Merged from https://github.com/openssl/openssl/pull/19033) (cherry picked from commit eb7a5cc3454174094c0c09f1d00aec464ce0f786)
[openssl/openssl] eb7a5c: Coverity 1508532: out of bounds access
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: eb7a5cc3454174094c0c09f1d00aec464ce0f786 https://github.com/openssl/openssl/commit/eb7a5cc3454174094c0c09f1d00aec464ce0f786 Author: Pauli Date: 2022-08-23 (Tue, 23 Aug 2022) Changed paths: M crypto/dh/dh_pmeth.c Log Message: --- Coverity 1508532: out of bounds access Reviewed-by: Tomas Mraz Reviewed-by: Hugo Landau (Merged from https://github.com/openssl/openssl/pull/19033)
[openssl/openssl] 07ecb7: Coverity 1508506: misuse of time_t
Branch: refs/heads/OpenSSL_1_1_1-stable Home: https://github.com/openssl/openssl Commit: 07ecb790b02c0e8781ae591e7efb2a4f93177354 https://github.com/openssl/openssl/commit/07ecb790b02c0e8781ae591e7efb2a4f93177354 Author: Pauli Date: 2022-08-22 (Mon, 22 Aug 2022) Changed paths: M ssl/packet.c M ssl/packet_local.h M ssl/statem/extensions_srvr.c Log Message: --- Coverity 1508506: misuse of time_t Fixes a bug in the cookie code which would have caused problems for ten minutes before and after the lower 32 bits of time_t rolled over. Reviewed-by: Ben Kaduk Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/19022)
[openssl/openssl] ec47c3: Coverity 1508506: misuse of time_t
Branch: refs/heads/openssl-3.0 Home: https://github.com/openssl/openssl Commit: ec47c3060bd3b7c3e75dbcfada113de9d94de747 https://github.com/openssl/openssl/commit/ec47c3060bd3b7c3e75dbcfada113de9d94de747 Author: Pauli Date: 2022-08-22 (Mon, 22 Aug 2022) Changed paths: M crypto/packet.c M include/internal/packet.h M ssl/statem/extensions_srvr.c Log Message: --- Coverity 1508506: misuse of time_t Fixes a bug in the cookie code which would have caused problems for ten minutes before and after the lower 32 bits of time_t rolled over. Reviewed-by: Ben Kaduk Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/19023)
[openssl/openssl] 87ceff: evp enc: cache cipher IV length
Branch: refs/heads/openssl-3.0 Home: https://github.com/openssl/openssl Commit: 87ceff925f5f1d43dac0413f36c8b7bba94e4a41 https://github.com/openssl/openssl/commit/87ceff925f5f1d43dac0413f36c8b7bba94e4a41 Author: Pauli Date: 2022-08-19 (Fri, 19 Aug 2022) Changed paths: M crypto/evp/evp_enc.c M crypto/evp/evp_lib.c M crypto/evp/evp_local.h Log Message: --- evp enc: cache cipher IV length Instead of doing a heavy params based query every time a context is asked for its IV length, this value is cached in the context and only queried if it could have been modified. Fixes #17064 Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/18995) Commit: 2e4b074800a293c5f3049286116a0a5030ea9312 https://github.com/openssl/openssl/commit/2e4b074800a293c5f3049286116a0a5030ea9312 Author: Pauli Date: 2022-08-19 (Fri, 19 Aug 2022) Changed paths: M crypto/evp/evp_lib.c Log Message: --- Fix bug in EVP_CIPHER_CTX_get_iv_length() Out of range values could possibly be returned due to a lack of range checking. Very unlikely to be exploitable for our provider because sensible values are returned for all ciphers. Also fixed the defaulting code so that the cipher's IV length is returned if the cipher ctx doesn't support getting. Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/18995) Compare: https://github.com/openssl/openssl/compare/d3072f3f3ba3...2e4b074800a2
[openssl/openssl] d3072f: Limit the size of various MAXCHUNK definitions
Branch: refs/heads/openssl-3.0 Home: https://github.com/openssl/openssl Commit: d3072f3f3ba3a6385bd41473483c9ee81443b684 https://github.com/openssl/openssl/commit/d3072f3f3ba3a6385bd41473483c9ee81443b684 Author: Pauli Date: 2022-08-19 (Fri, 19 Aug 2022) Changed paths: M include/crypto/evp.h M providers/implementations/include/prov/ciphercommon.h Log Message: --- Limit the size of various MAXCHUNK definitions The current code has issues when sizeof(long) <> sizeof(size_t). The two types are assumed to be interchangeable and them being different will cause crashes and endless loops. This fix limits the maximum chunk size for many of the symmetric ciphers to 2^30 bytes. This chunk size limits the amount of data that will be encrypted/decrypted in one lump. The code internally handles block of data later than the chunk limit, so this will present no difference to the caller. Any loss of efficiency due to limiting the chunking to 1Gbyte rather than more should be insignificant. Fixes Coverity issues: 1508498, 1508500 - 1508505, 1508507 - 1508527, 1508529 - 1508533, 1508535 - 1508537, 1508539, 1508541 - 1508549, 1508551 - 1508569 & 1508571 - 1508582. Reviewed-by: Dmitry Belyavskiy Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18997) (cherry picked from commit 709d4be78f64a8ba0707fb5682b90039e848dad4)
[openssl/openssl] 709d4b: Limit the size of various MAXCHUNK definitions
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 709d4be78f64a8ba0707fb5682b90039e848dad4 https://github.com/openssl/openssl/commit/709d4be78f64a8ba0707fb5682b90039e848dad4 Author: Pauli Date: 2022-08-19 (Fri, 19 Aug 2022) Changed paths: M include/crypto/evp.h M providers/implementations/include/prov/ciphercommon.h Log Message: --- Limit the size of various MAXCHUNK definitions The current code has issues when sizeof(long) <> sizeof(size_t). The two types are assumed to be interchangeable and them being different will cause crashes and endless loops. This fix limits the maximum chunk size for many of the symmetric ciphers to 2^30 bytes. This chunk size limits the amount of data that will be encrypted/decrypted in one lump. The code internally handles block of data later than the chunk limit, so this will present no difference to the caller. Any loss of efficiency due to limiting the chunking to 1Gbyte rather than more should be insignificant. Fixes Coverity issues: 1508498, 1508500 - 1508505, 1508507 - 1508527, 1508529 - 1508533, 1508535 - 1508537, 1508539, 1508541 - 1508549, 1508551 - 1508569 & 1508571 - 1508582. Reviewed-by: Dmitry Belyavskiy Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18997)
[openssl/openssl] 552603: Coverity 1508534 & 1508540: misuses of time_t
Branch: refs/heads/OpenSSL_1_1_1-stable Home: https://github.com/openssl/openssl Commit: 552603edfed18f30466277d29b70939390fea65b https://github.com/openssl/openssl/commit/552603edfed18f30466277d29b70939390fea65b Author: Pauli Date: 2022-08-19 (Fri, 19 Aug 2022) Changed paths: M ssl/statem/extensions_clnt.c M ssl/statem/extensions_srvr.c Log Message: --- Coverity 1508534 & 1508540: misuses of time_t Avoid problems when the lower 32 bits of time_t roll over by delaying the cast to integer until after the time delta has been computed. Reviewed-by: Ben Kaduk Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/19004) (cherry picked from commit a6cadcbdc3b4f3fbd0fd228e41177f0661b68264)
[openssl/openssl] a6cadc: Coverity 1508534 & 1508540: misuses of time_t
Branch: refs/heads/openssl-3.0 Home: https://github.com/openssl/openssl Commit: a6cadcbdc3b4f3fbd0fd228e41177f0661b68264 https://github.com/openssl/openssl/commit/a6cadcbdc3b4f3fbd0fd228e41177f0661b68264 Author: Pauli Date: 2022-08-19 (Fri, 19 Aug 2022) Changed paths: M ssl/statem/extensions_clnt.c M ssl/statem/extensions_srvr.c Log Message: --- Coverity 1508534 & 1508540: misuses of time_t Avoid problems when the lower 32 bits of time_t roll over by delaying the cast to integer until after the time delta has been computed. Reviewed-by: Ben Kaduk Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/19004) (cherry picked from commit e8a557dc3c1ed16faff4aeb39268f8f5a3f8b81d)
[openssl/openssl] e8a557: Coverity: misuses of time_t
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: e8a557dc3c1ed16faff4aeb39268f8f5a3f8b81d https://github.com/openssl/openssl/commit/e8a557dc3c1ed16faff4aeb39268f8f5a3f8b81d Author: Pauli Date: 2022-08-19 (Fri, 19 Aug 2022) Changed paths: M ssl/statem/extensions_clnt.c M ssl/statem/extensions_srvr.c Log Message: --- Coverity: misuses of time_t Coverity 1508506: Fixes a bug in the cookie code which would have caused problems for ten minutes before and after the lower 32 bits of time_t rolled over. Coverity 1508534 & 1508540: Avoid problems when the lower 32 bits of time_t roll over by delaying the cast to integer until after the time delta has been computed. Reviewed-by: Ben Kaduk Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/19004)
[openssl/openssl] 624664: bn_nist: fix strict aliasing problem
Branch: refs/heads/OpenSSL_1_1_1-stable Home: https://github.com/openssl/openssl Commit: 6246649d657127a031782b29ba6132a4203260b2 https://github.com/openssl/openssl/commit/6246649d657127a031782b29ba6132a4203260b2 Author: Pauli Date: 2022-08-17 (Wed, 17 Aug 2022) Changed paths: M crypto/bn/bn_nist.c Log Message: --- bn_nist: fix strict aliasing problem As of clang-14 the strict aliasing is causing code to magically disappear. By explicitly inlining the code, the aliasing problem evaporates. Fixes #18225 Backport of #18258 to 1.1.1. Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18948)
[openssl/openssl] 93e5c6: Avoid using tsan_add
Branch: refs/heads/openssl-3.0 Home: https://github.com/openssl/openssl Commit: 93e5c63ee7a7ef627d234558e850ff962e5dbc71 https://github.com/openssl/openssl/commit/93e5c63ee7a7ef627d234558e850ff962e5dbc71 Author: Pauli Date: 2022-08-17 (Wed, 17 Aug 2022) Changed paths: M crypto/property/property.c Log Message: --- Avoid using tsan_add Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/19009)
[openssl/openssl] d6e3a2: property: make cache flushing slight less determin...
Branch: refs/heads/openssl-3.0 Home: https://github.com/openssl/openssl Commit: d6e3a2c15929a793d15e034f81cca19e1808efdc https://github.com/openssl/openssl/commit/d6e3a2c15929a793d15e034f81cca19e1808efdc Author: Pauli Date: 2022-08-17 (Wed, 17 Aug 2022) Changed paths: M crypto/property/property.c Log Message: --- property: make cache flushing slight less deterministic If there is no timer available to seed the stochastic flushing, revert to a global seed that gets updated each flush. Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/18906) (cherry picked from commit 56d4ff6cd7fc200943197dff65146a8864b7df98)
[openssl/openssl] d13c8b: Make OSSL_TIME a structure
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: d13c8b7725437490be8c1a2b438936af10f808d0 https://github.com/openssl/openssl/commit/d13c8b7725437490be8c1a2b438936af10f808d0 Author: Pauli Date: 2022-08-12 (Fri, 12 Aug 2022) Changed paths: M doc/internal/man3/OSSL_TIME.pod M include/internal/time.h M ssl/event_queue.c M ssl/quic/quic_wire.c M ssl/time.c M test/event_queue_test.c M test/quic_wire_test.c Log Message: --- Make OSSL_TIME a structure This prevents misuses creeping in. Reviewed-by: Hugo Landau Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/18882)
[openssl/openssl] 56d4ff: property: make cache flushing slight less determin...
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 56d4ff6cd7fc200943197dff65146a8864b7df98 https://github.com/openssl/openssl/commit/56d4ff6cd7fc200943197dff65146a8864b7df98 Author: Pauli Date: 2022-08-10 (Wed, 10 Aug 2022) Changed paths: M crypto/property/property.c Log Message: --- property: make cache flushing slight less deterministic If there is no timer available to seed the stochastic flushing, revert to a global seed that gets updated each flush. Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/18906)
[openssl/openssl] f428e2: Fix bug in EVP_CIPHER_CTX_get_iv_length()
Branch: refs/heads/openssl-3.0 Home: https://github.com/openssl/openssl Commit: f428e2112c6c795db76d804e0fcb36aac40f1477 https://github.com/openssl/openssl/commit/f428e2112c6c795db76d804e0fcb36aac40f1477 Author: Pauli Date: 2022-08-03 (Wed, 03 Aug 2022) Changed paths: M crypto/evp/evp_lib.c Log Message: --- Fix bug in EVP_CIPHER_CTX_get_iv_length() Out of range values could possibly be returned due to a lack of range checking. Very unlikely to be exploitable for our provider because sensible values are returned for all ciphers. Also fixed the defaulting code so that the cipher's IV length is returned if the cipher ctx doesn't support getting. Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/18875) (cherry picked from commit e0e338c8c50c226efc92fe79c788c9cdc03fc01f) Commit: 2a6275f58bdb2371c603be7f89310f7b4906e5c0 https://github.com/openssl/openssl/commit/2a6275f58bdb2371c603be7f89310f7b4906e5c0 Author: Pauli Date: 2022-08-03 (Wed, 03 Aug 2022) Changed paths: M doc/man3/EVP_EncryptInit.pod Log Message: --- Note that EVP_CIPHER_get_iv_length returns negative values on error Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/18875) (cherry picked from commit 0a90577e717f76483525b2d8be6a42a9f04020d8) Compare: https://github.com/openssl/openssl/compare/cc750a9a81e2...2a6275f58bdb
[openssl/openssl] e0e338: Fix bug in EVP_CIPHER_CTX_get_iv_length()
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: e0e338c8c50c226efc92fe79c788c9cdc03fc01f https://github.com/openssl/openssl/commit/e0e338c8c50c226efc92fe79c788c9cdc03fc01f Author: Pauli Date: 2022-08-03 (Wed, 03 Aug 2022) Changed paths: M crypto/evp/evp_lib.c Log Message: --- Fix bug in EVP_CIPHER_CTX_get_iv_length() Out of range values could possibly be returned due to a lack of range checking. Very unlikely to be exploitable for our provider because sensible values are returned for all ciphers. Also fixed the defaulting code so that the cipher's IV length is returned if the cipher ctx doesn't support getting. Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/18875) Commit: 0a90577e717f76483525b2d8be6a42a9f04020d8 https://github.com/openssl/openssl/commit/0a90577e717f76483525b2d8be6a42a9f04020d8 Author: Pauli Date: 2022-08-03 (Wed, 03 Aug 2022) Changed paths: M doc/man3/EVP_EncryptInit.pod Log Message: --- Note that EVP_CIPHER_get_iv_length returns negative values on error Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/18875) Compare: https://github.com/openssl/openssl/compare/771fef7793ae...0a90577e717f
[openssl/openssl] 76ad9a: Coverity 1507484: dereference before null check
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 76ad9ae6fa459af0bd804c01d3d681ec02cddb4b https://github.com/openssl/openssl/commit/76ad9ae6fa459af0bd804c01d3d681ec02cddb4b Author: Pauli Date: 2022-08-01 (Mon, 01 Aug 2022) Changed paths: M ssl/tls_srp.c Log Message: --- Coverity 1507484: dereference before null check Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18907)
[openssl/openssl] 7dfe4a: Note that EVP_CIPHER_iv_length returns negative va...
Branch: refs/heads/OpenSSL_1_1_1-stable Home: https://github.com/openssl/openssl Commit: 7dfe4aa2b08d1c3111b0861e26cac0246e3e8f58 https://github.com/openssl/openssl/commit/7dfe4aa2b08d1c3111b0861e26cac0246e3e8f58 Author: Pauli Date: 2022-07-29 (Fri, 29 Jul 2022) Changed paths: M doc/man3/EVP_EncryptInit.pod Log Message: --- Note that EVP_CIPHER_iv_length returns negative values on error Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy Reviewed-by: Hugo Landau (Merged from https://github.com/openssl/openssl/pull/18894)
[openssl/openssl] 7dfe4a: Note that EVP_CIPHER_iv_length returns negative va...
Branch: refs/heads/OpenSSL_1_1_1-stable Home: https://github.openssl.org/openssl/openssl Commit: 7dfe4aa2b08d1c3111b0861e26cac0246e3e8f58 https://github.openssl.org/openssl/openssl/commit/7dfe4aa2b08d1c3111b0861e26cac0246e3e8f58 Author: Pauli Date: 2022-07-29 (Fri, 29 Jul 2022) Changed paths: M doc/man3/EVP_EncryptInit.pod Log Message: --- Note that EVP_CIPHER_iv_length returns negative values on error Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy Reviewed-by: Hugo Landau (Merged from https://github.com/openssl/openssl/pull/18894)
[openssl/openssl] 3b9082: Fixes segfault occurrence in PEM_write()
Branch: refs/heads/OpenSSL_1_1_1-stable Home: https://github.openssl.org/openssl/openssl Commit: 3b9082c844913d3a0efada9fac0bd2924ce1a8f2 https://github.openssl.org/openssl/openssl/commit/3b9082c844913d3a0efada9fac0bd2924ce1a8f2 Author: valdaarhun Date: 2022-07-29 (Fri, 29 Jul 2022) Changed paths: M crypto/pem/pem_lib.c Log Message: --- Fixes segfault occurrence in PEM_write() Checks if header is NULL or not before calling strlen(). CLA: trivial Fixes #18825 Reviewed-by: Tomas Mraz Reviewed-by: Ben Kaduk Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/18865) (cherry picked from commit 205957405d08ef199e6ab654e333a627bbca9ccc)
[openssl/openssl] 683480: Fixes segfault occurrence in PEM_write()
Branch: refs/heads/openssl-3.0 Home: https://github.openssl.org/openssl/openssl Commit: 683480726f6ab46216e30c7505d1a3c4ec90ace9 https://github.openssl.org/openssl/openssl/commit/683480726f6ab46216e30c7505d1a3c4ec90ace9 Author: valdaarhun Date: 2022-07-29 (Fri, 29 Jul 2022) Changed paths: M crypto/pem/pem_lib.c Log Message: --- Fixes segfault occurrence in PEM_write() Checks if header is NULL or not before calling strlen(). CLA: trivial Fixes #18825 Reviewed-by: Tomas Mraz Reviewed-by: Ben Kaduk Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/18865) (cherry picked from commit 205957405d08ef199e6ab654e333a627bbca9ccc)
[openssl/openssl] 205957: Fixes segfault occurrence in PEM_write()
Branch: refs/heads/master Home: https://github.openssl.org/openssl/openssl Commit: 205957405d08ef199e6ab654e333a627bbca9ccc https://github.openssl.org/openssl/openssl/commit/205957405d08ef199e6ab654e333a627bbca9ccc Author: valdaarhun Date: 2022-07-29 (Fri, 29 Jul 2022) Changed paths: M crypto/pem/pem_lib.c Log Message: --- Fixes segfault occurrence in PEM_write() Checks if header is NULL or not before calling strlen(). CLA: trivial Fixes #18825 Reviewed-by: Tomas Mraz Reviewed-by: Ben Kaduk Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/18865)
[openssl/openssl] a1598f: Correction: uncompressed is the default value
Branch: refs/heads/openssl-3.0 Home: https://github.openssl.org/openssl/openssl Commit: a1598fb98e93fdf947327561071341012acc5c99 https://github.openssl.org/openssl/openssl/commit/a1598fb98e93fdf947327561071341012acc5c99 Author: GregoryTrzonkowski Date: 2022-07-29 (Fri, 29 Jul 2022) Changed paths: M doc/man1/openssl-ec.pod.in Log Message: --- Correction: uncompressed is the default value CLA: trivial The description was incorrect. The uncompressed is the default value. Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/18889) (cherry picked from commit df274c334c523f7375d5aa60ff4b9a846c3e2a6c)
[openssl/openssl] df274c: Correction: uncompressed is the default value
Branch: refs/heads/master Home: https://github.openssl.org/openssl/openssl Commit: df274c334c523f7375d5aa60ff4b9a846c3e2a6c https://github.openssl.org/openssl/openssl/commit/df274c334c523f7375d5aa60ff4b9a846c3e2a6c Author: GregoryTrzonkowski Date: 2022-07-29 (Fri, 29 Jul 2022) Changed paths: M doc/man1/openssl-ec.pod.in Log Message: --- Correction: uncompressed is the default value CLA: trivial The description was incorrect. The uncompressed is the default value. Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/18889)
[openssl/openssl] 680612: Update EVP_KDF-X942-ASN1.pod
Branch: refs/heads/openssl-3.0 Home: https://github.openssl.org/openssl/openssl Commit: 68061255db06623e7332ac4dd1b2765a7d173a31 https://github.openssl.org/openssl/openssl/commit/68061255db06623e7332ac4dd1b2765a7d173a31 Author: Joachim Vandersmissen Date: 2022-07-28 (Thu, 28 Jul 2022) Changed paths: M doc/man7/EVP_KDF-X942-ASN1.pod Log Message: --- Update EVP_KDF-X942-ASN1.pod Replaced OSSL_KDF_PARAM_KEY with OSSL_KDF_PARAM_SECRET as that seems to be the intended value from the code (OSSL_KDF_PARAM_KEY is also supported but looks like a fallback). Fixed name for OSSL_KDF_PARAM_X942_USE_KEYBITS. CLA: trivial Reviewed-by: Shane Lontis Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/18878) (cherry picked from commit 08c00377cb82f7eefcf7433606e687f348b9e7a0)
[openssl/openssl] 08c003: Update EVP_KDF-X942-ASN1.pod
Branch: refs/heads/master Home: https://github.openssl.org/openssl/openssl Commit: 08c00377cb82f7eefcf7433606e687f348b9e7a0 https://github.openssl.org/openssl/openssl/commit/08c00377cb82f7eefcf7433606e687f348b9e7a0 Author: Joachim Vandersmissen Date: 2022-07-28 (Thu, 28 Jul 2022) Changed paths: M doc/man7/EVP_KDF-X942-ASN1.pod Log Message: --- Update EVP_KDF-X942-ASN1.pod Replaced OSSL_KDF_PARAM_KEY with OSSL_KDF_PARAM_SECRET as that seems to be the intended value from the code (OSSL_KDF_PARAM_KEY is also supported but looks like a fallback). Fixed name for OSSL_KDF_PARAM_X942_USE_KEYBITS. CLA: trivial Reviewed-by: Shane Lontis Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/18878)
[openssl/openssl] 1f6eb7: GCM: record limit counter gets reset on AAD changes
Branch: refs/heads/openssl-3.0 Home: https://github.com/openssl/openssl Commit: 1f6eb7b9799d3a8b8ebc071f5fbd17b11c914b8f https://github.com/openssl/openssl/commit/1f6eb7b9799d3a8b8ebc071f5fbd17b11c914b8f Author: Pauli Date: 2022-07-27 (Wed, 27 Jul 2022) Changed paths: M providers/implementations/ciphers/ciphercommon_gcm.c Log Message: --- GCM: record limit counter gets reset on AAD changes It shouldn't be. This moves the reset to the init function instead and only does the reset on a key change. Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18860) (cherry picked from commit 3ebcb2fff56bda788ab1f363eb0023715018a4e5)
[openssl/openssl] 3ebcb2: GCM: record limit counter gets reset on AAD changes
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 3ebcb2fff56bda788ab1f363eb0023715018a4e5 https://github.com/openssl/openssl/commit/3ebcb2fff56bda788ab1f363eb0023715018a4e5 Author: Pauli Date: 2022-07-27 (Wed, 27 Jul 2022) Changed paths: M providers/implementations/ciphers/ciphercommon_gcm.c Log Message: --- GCM: record limit counter gets reset on AAD changes It shouldn't be. This moves the reset to the init function instead and only does the reset on a key change. Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18860)
[openssl/openssl] 1f6eb7: GCM: record limit counter gets reset on AAD changes
Branch: refs/heads/openssl-3.0 Home: https://github.openssl.org/openssl/openssl Commit: 1f6eb7b9799d3a8b8ebc071f5fbd17b11c914b8f https://github.openssl.org/openssl/openssl/commit/1f6eb7b9799d3a8b8ebc071f5fbd17b11c914b8f Author: Pauli Date: 2022-07-27 (Wed, 27 Jul 2022) Changed paths: M providers/implementations/ciphers/ciphercommon_gcm.c Log Message: --- GCM: record limit counter gets reset on AAD changes It shouldn't be. This moves the reset to the init function instead and only does the reset on a key change. Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18860) (cherry picked from commit 3ebcb2fff56bda788ab1f363eb0023715018a4e5)
[openssl/openssl] 3ebcb2: GCM: record limit counter gets reset on AAD changes
Branch: refs/heads/master Home: https://github.openssl.org/openssl/openssl Commit: 3ebcb2fff56bda788ab1f363eb0023715018a4e5 https://github.openssl.org/openssl/openssl/commit/3ebcb2fff56bda788ab1f363eb0023715018a4e5 Author: Pauli Date: 2022-07-27 (Wed, 27 Jul 2022) Changed paths: M providers/implementations/ciphers/ciphercommon_gcm.c Log Message: --- GCM: record limit counter gets reset on AAD changes It shouldn't be. This moves the reset to the init function instead and only does the reset on a key change. Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18860)
[openssl/openssl] e544f3: Fix error in LHASH documentation
Branch: refs/heads/OpenSSL_1_1_1-stable Home: https://github.com/openssl/openssl Commit: e544f3ec8354db9e187ac5883cc20cb96e679a25 https://github.com/openssl/openssl/commit/e544f3ec8354db9e187ac5883cc20cb96e679a25 Author: Pauli Date: 2022-07-26 (Tue, 26 Jul 2022) Changed paths: M doc/man3/OPENSSL_LH_COMPFUNC.pod Log Message: --- Fix error in LHASH documentation Reviewed-by: Hugo Landau Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/18859) (cherry picked from commit 316fad64c1e541a530910a13160d48b7545ac1e0)
[openssl/openssl] ea66c8: Fix error in LHASH documentation
Branch: refs/heads/openssl-3.0 Home: https://github.com/openssl/openssl Commit: ea66c8d85a7104b9da9169e4130bd739215ea12d https://github.com/openssl/openssl/commit/ea66c8d85a7104b9da9169e4130bd739215ea12d Author: Pauli Date: 2022-07-26 (Tue, 26 Jul 2022) Changed paths: M doc/man3/OPENSSL_LH_COMPFUNC.pod Log Message: --- Fix error in LHASH documentation Reviewed-by: Hugo Landau Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/18859) (cherry picked from commit 316fad64c1e541a530910a13160d48b7545ac1e0)
[openssl/openssl] 316fad: Fix error in LHASH documentation
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 316fad64c1e541a530910a13160d48b7545ac1e0 https://github.com/openssl/openssl/commit/316fad64c1e541a530910a13160d48b7545ac1e0 Author: Pauli Date: 2022-07-26 (Tue, 26 Jul 2022) Changed paths: M doc/man3/OPENSSL_LH_COMPFUNC.pod Log Message: --- Fix error in LHASH documentation Reviewed-by: Hugo Landau Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/18859)
[openssl/openssl] e544f3: Fix error in LHASH documentation
Branch: refs/heads/OpenSSL_1_1_1-stable Home: https://github.openssl.org/openssl/openssl Commit: e544f3ec8354db9e187ac5883cc20cb96e679a25 https://github.openssl.org/openssl/openssl/commit/e544f3ec8354db9e187ac5883cc20cb96e679a25 Author: Pauli Date: 2022-07-26 (Tue, 26 Jul 2022) Changed paths: M doc/man3/OPENSSL_LH_COMPFUNC.pod Log Message: --- Fix error in LHASH documentation Reviewed-by: Hugo Landau Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/18859) (cherry picked from commit 316fad64c1e541a530910a13160d48b7545ac1e0)
[openssl/openssl] ea66c8: Fix error in LHASH documentation
Branch: refs/heads/openssl-3.0 Home: https://github.openssl.org/openssl/openssl Commit: ea66c8d85a7104b9da9169e4130bd739215ea12d https://github.openssl.org/openssl/openssl/commit/ea66c8d85a7104b9da9169e4130bd739215ea12d Author: Pauli Date: 2022-07-26 (Tue, 26 Jul 2022) Changed paths: M doc/man3/OPENSSL_LH_COMPFUNC.pod Log Message: --- Fix error in LHASH documentation Reviewed-by: Hugo Landau Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/18859) (cherry picked from commit 316fad64c1e541a530910a13160d48b7545ac1e0)
[openssl/openssl] 316fad: Fix error in LHASH documentation
Branch: refs/heads/master Home: https://github.openssl.org/openssl/openssl Commit: 316fad64c1e541a530910a13160d48b7545ac1e0 https://github.openssl.org/openssl/openssl/commit/316fad64c1e541a530910a13160d48b7545ac1e0 Author: Pauli Date: 2022-07-26 (Tue, 26 Jul 2022) Changed paths: M doc/man3/OPENSSL_LH_COMPFUNC.pod Log Message: --- Fix error in LHASH documentation Reviewed-by: Hugo Landau Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/18859)
[openssl/openssl] 4f1f3e: Coverity 1507376: Dereference after null check
Branch: refs/heads/openssl-3.0 Home: https://github.com/openssl/openssl Commit: 4f1f3e14728a1c5bccd2e49e988e8c8634caae58 https://github.com/openssl/openssl/commit/4f1f3e14728a1c5bccd2e49e988e8c8634caae58 Author: Pauli Date: 2022-07-22 (Fri, 22 Jul 2022) Changed paths: M crypto/sparse_array.c Log Message: --- Coverity 1507376: Dereference after null check Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18837) (cherry picked from commit 93429fc0ce9468242a463ff5878cd53b97e7f13f)
[openssl/openssl] 93429f: Coverity 1507376: Dereference after null check
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 93429fc0ce9468242a463ff5878cd53b97e7f13f https://github.com/openssl/openssl/commit/93429fc0ce9468242a463ff5878cd53b97e7f13f Author: Pauli Date: 2022-07-22 (Fri, 22 Jul 2022) Changed paths: M crypto/sparse_array.c Log Message: --- Coverity 1507376: Dereference after null check Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18837)
[openssl/openssl] 4f1f3e: Coverity 1507376: Dereference after null check
Branch: refs/heads/openssl-3.0 Home: https://github.openssl.org/openssl/openssl Commit: 4f1f3e14728a1c5bccd2e49e988e8c8634caae58 https://github.openssl.org/openssl/openssl/commit/4f1f3e14728a1c5bccd2e49e988e8c8634caae58 Author: Pauli Date: 2022-07-22 (Fri, 22 Jul 2022) Changed paths: M crypto/sparse_array.c Log Message: --- Coverity 1507376: Dereference after null check Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18837) (cherry picked from commit 93429fc0ce9468242a463ff5878cd53b97e7f13f)
[openssl/openssl] 93429f: Coverity 1507376: Dereference after null check
Branch: refs/heads/master Home: https://github.openssl.org/openssl/openssl Commit: 93429fc0ce9468242a463ff5878cd53b97e7f13f https://github.openssl.org/openssl/openssl/commit/93429fc0ce9468242a463ff5878cd53b97e7f13f Author: Pauli Date: 2022-07-22 (Fri, 22 Jul 2022) Changed paths: M crypto/sparse_array.c Log Message: --- Coverity 1507376: Dereference after null check Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18837)
[openssl/openssl] 32eb72: Fix error in example.
Branch: refs/heads/openssl-3.0 Home: https://github.com/openssl/openssl Commit: 32eb729a420e2eaaa05e9fa4abb4c93ce132cdbd https://github.com/openssl/openssl/commit/32eb729a420e2eaaa05e9fa4abb4c93ce132cdbd Author: Pauli Date: 2022-07-22 (Fri, 22 Jul 2022) Changed paths: M doc/man3/EVP_PKEY_gettable_params.pod Log Message: --- Fix error in example. Fixes #18828 Reviewed-by: Tomas Mraz Reviewed-by: Hugo Landau (Merged from https://github.com/openssl/openssl/pull/18829) (cherry picked from commit 2752ab2eb61dcfc799775d34eaeda3621b85f95f)
[openssl/openssl] 2752ab: Fix error in example.
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 2752ab2eb61dcfc799775d34eaeda3621b85f95f https://github.com/openssl/openssl/commit/2752ab2eb61dcfc799775d34eaeda3621b85f95f Author: Pauli Date: 2022-07-22 (Fri, 22 Jul 2022) Changed paths: M doc/man3/EVP_PKEY_gettable_params.pod Log Message: --- Fix error in example. Fixes #18828 Reviewed-by: Tomas Mraz Reviewed-by: Hugo Landau (Merged from https://github.com/openssl/openssl/pull/18829)
[openssl/openssl] 32eb72: Fix error in example.
Branch: refs/heads/openssl-3.0 Home: https://github.openssl.org/openssl/openssl Commit: 32eb729a420e2eaaa05e9fa4abb4c93ce132cdbd https://github.openssl.org/openssl/openssl/commit/32eb729a420e2eaaa05e9fa4abb4c93ce132cdbd Author: Pauli Date: 2022-07-22 (Fri, 22 Jul 2022) Changed paths: M doc/man3/EVP_PKEY_gettable_params.pod Log Message: --- Fix error in example. Fixes #18828 Reviewed-by: Tomas Mraz Reviewed-by: Hugo Landau (Merged from https://github.com/openssl/openssl/pull/18829) (cherry picked from commit 2752ab2eb61dcfc799775d34eaeda3621b85f95f)
[openssl/openssl] 2752ab: Fix error in example.
Branch: refs/heads/master Home: https://github.openssl.org/openssl/openssl Commit: 2752ab2eb61dcfc799775d34eaeda3621b85f95f https://github.openssl.org/openssl/openssl/commit/2752ab2eb61dcfc799775d34eaeda3621b85f95f Author: Pauli Date: 2022-07-22 (Fri, 22 Jul 2022) Changed paths: M doc/man3/EVP_PKEY_gettable_params.pod Log Message: --- Fix error in example. Fixes #18828 Reviewed-by: Tomas Mraz Reviewed-by: Hugo Landau (Merged from https://github.com/openssl/openssl/pull/18829)
[openssl/openssl] 3cfc2a: Coverity 1503321 & 1503327: dereference after null...
Branch: refs/heads/openssl-3.0 Home: https://github.openssl.org/openssl/openssl Commit: 3cfc2a967a4a5313f141ae433b833f3c6c9a5643 https://github.openssl.org/openssl/openssl/commit/3cfc2a967a4a5313f141ae433b833f3c6c9a5643 Author: Pauli Date: 2022-07-20 (Wed, 20 Jul 2022) Changed paths: M crypto/provider_core.c Log Message: --- Coverity 1503321 & 1503327: dereference after null check The earlier fix being inadequate Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/18822) (cherry picked from commit f913c3cd7e22eecbcc8f84b72c645081fa37fdf4) Commit: d3cc10eb0ee31a3950bb310c8201614fb076f759 https://github.openssl.org/openssl/openssl/commit/d3cc10eb0ee31a3950bb310c8201614fb076f759 Author: Pauli Date: 2022-07-20 (Wed, 20 Jul 2022) Changed paths: M test/evp_extra_test2.c Log Message: --- Coverity 1507372: explicit null dereference Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/18822) (cherry picked from commit d768f853bb05b5a49a2aeb5b5702776834e68d06) Compare: https://github.openssl.org/openssl/openssl/compare/3f348a0f6c31...d3cc10eb0ee3
[openssl/openssl] f913c3: Coverity 1503321 & 1503327: dereference after null...
Branch: refs/heads/master Home: https://github.openssl.org/openssl/openssl Commit: f913c3cd7e22eecbcc8f84b72c645081fa37fdf4 https://github.openssl.org/openssl/openssl/commit/f913c3cd7e22eecbcc8f84b72c645081fa37fdf4 Author: Pauli Date: 2022-07-20 (Wed, 20 Jul 2022) Changed paths: M crypto/provider_core.c Log Message: --- Coverity 1503321 & 1503327: dereference after null check The earlier fix being inadequate Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/18822) Commit: d768f853bb05b5a49a2aeb5b5702776834e68d06 https://github.openssl.org/openssl/openssl/commit/d768f853bb05b5a49a2aeb5b5702776834e68d06 Author: Pauli Date: 2022-07-20 (Wed, 20 Jul 2022) Changed paths: M test/evp_extra_test2.c Log Message: --- Coverity 1507372: explicit null dereference Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/18822) Compare: https://github.openssl.org/openssl/openssl/compare/1efd8533e1cc...d768f853bb05
[openssl/openssl] c7f510: Coverity 1503321 & 1503327: dereference after null...
Branch: refs/heads/openssl-3.0 Home: https://github.openssl.org/openssl/openssl Commit: c7f5109e5f847ccb96b761774186ec0ff6c8fec6 https://github.openssl.org/openssl/openssl/commit/c7f5109e5f847ccb96b761774186ec0ff6c8fec6 Author: Pauli Date: 2022-07-17 (Sun, 17 Jul 2022) Changed paths: M crypto/provider_core.c Log Message: --- Coverity 1503321 & 1503327: dereference after null check Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy Reviewed-by: Hugo Landau (Merged from https://github.com/openssl/openssl/pull/18799) (cherry picked from commit f80910390cb882f346fe59c9803fc914b9c367c2) Commit: 1d6c45694a1ae4ac5f9aa8f76dc1de68089f8a72 https://github.openssl.org/openssl/openssl/commit/1d6c45694a1ae4ac5f9aa8f76dc1de68089f8a72 Author: Pauli Date: 2022-07-17 (Sun, 17 Jul 2022) Changed paths: M crypto/evp/evp_lib.c M crypto/evp/evp_rand.c M crypto/evp/exchange.c M crypto/evp/kdf_lib.c M crypto/evp/kem.c M crypto/evp/keymgmt_meth.c M crypto/evp/mac_lib.c M crypto/evp/p_lib.c M crypto/evp/signature.c Log Message: --- evp: make all _is_a functions accept and handle a NULL argument Makes life easier for callers. Fixes Coverity 1503326 Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy Reviewed-by: Hugo Landau (Merged from https://github.com/openssl/openssl/pull/18799) (cherry picked from commit ee8db8c5fb5b091f48d29914126d35a7e29cdcf2) Commit: 87dcdcc12434d2ed251efc182f2a24a244e74e4d https://github.openssl.org/openssl/openssl/commit/87dcdcc12434d2ed251efc182f2a24a244e74e4d Author: Pauli Date: 2022-07-17 (Sun, 17 Jul 2022) Changed paths: M crypto/bio/bss_dgram.c Log Message: --- Coverity 1506566: unchecked return value There isn't much else that can be done here unfortunately. Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy Reviewed-by: Hugo Landau (Merged from https://github.com/openssl/openssl/pull/18799) (cherry picked from commit 358103b4a651ab3f392f088d86cd30469dccce2e) Compare: https://github.openssl.org/openssl/openssl/compare/a3845612a690...87dcdcc12434
[openssl/openssl] f80910: Coverity 1503321 & 1503327: dereference after null...
Branch: refs/heads/master Home: https://github.openssl.org/openssl/openssl Commit: f80910390cb882f346fe59c9803fc914b9c367c2 https://github.openssl.org/openssl/openssl/commit/f80910390cb882f346fe59c9803fc914b9c367c2 Author: Pauli Date: 2022-07-17 (Sun, 17 Jul 2022) Changed paths: M crypto/provider_core.c Log Message: --- Coverity 1503321 & 1503327: dereference after null check Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy Reviewed-by: Hugo Landau (Merged from https://github.com/openssl/openssl/pull/18799) Commit: ee8db8c5fb5b091f48d29914126d35a7e29cdcf2 https://github.openssl.org/openssl/openssl/commit/ee8db8c5fb5b091f48d29914126d35a7e29cdcf2 Author: Pauli Date: 2022-07-17 (Sun, 17 Jul 2022) Changed paths: M crypto/evp/evp_lib.c M crypto/evp/evp_rand.c M crypto/evp/exchange.c M crypto/evp/kdf_lib.c M crypto/evp/kem.c M crypto/evp/keymgmt_meth.c M crypto/evp/mac_lib.c M crypto/evp/p_lib.c M crypto/evp/signature.c Log Message: --- evp: make all _is_a functions accept and handle a NULL argument Makes life easier for callers. Fixes Coverity 1503326 Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy Reviewed-by: Hugo Landau (Merged from https://github.com/openssl/openssl/pull/18799) Commit: 358103b4a651ab3f392f088d86cd30469dccce2e https://github.openssl.org/openssl/openssl/commit/358103b4a651ab3f392f088d86cd30469dccce2e Author: Pauli Date: 2022-07-17 (Sun, 17 Jul 2022) Changed paths: M crypto/bio/bss_dgram.c Log Message: --- Coverity 1506566: unchecked return value There isn't much else that can be done here unfortunately. Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy Reviewed-by: Hugo Landau (Merged from https://github.com/openssl/openssl/pull/18799) Compare: https://github.openssl.org/openssl/openssl/compare/98b183d3c65e...358103b4a651
[openssl/openssl] a0ff8e: add a check for the return of OBJ_new_nid()
Branch: refs/heads/master Home: https://github.openssl.org/openssl/openssl Commit: a0ff8e413e94ba46720a4bf3a5032c50531c526c https://github.openssl.org/openssl/openssl/commit/a0ff8e413e94ba46720a4bf3a5032c50531c526c Author: xkernel Date: 2022-07-13 (Wed, 13 Jul 2022) Changed paths: M crypto/objects/obj_dat.c Log Message: --- add a check for the return of OBJ_new_nid() Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/18773)
[openssl/openssl] 8d222d: add a check for the return of OBJ_new_nid()
Branch: refs/heads/openssl-3.0 Home: https://github.openssl.org/openssl/openssl Commit: 8d222dd9ec5f1542035b55395c7d7a4b42d618b0 https://github.openssl.org/openssl/openssl/commit/8d222dd9ec5f1542035b55395c7d7a4b42d618b0 Author: xkernel Date: 2022-07-13 (Wed, 13 Jul 2022) Changed paths: M crypto/objects/obj_dat.c Log Message: --- add a check for the return of OBJ_new_nid() Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/18773) (cherry picked from commit a0ff8e413e94ba46720a4bf3a5032c50531c526c)