https://github.com/openssl/openssl
- HEAD
- refs/heads/OpenSSL-engine-0_9_6-stable
- refs/heads/OpenSSL-fips-0_9_7-stable
- refs/heads/OpenSSL-fips-0_9_8-stable
- refs/heads/OpenSSL-fips-1_2-stable
- refs/heads/OpenSSL-fips-2_0-dev
- refs/heads/OpenSSL-fips-2_0-stable
- refs/heads/OpenSSL-fips2-0_9_7-stable
- refs/heads/OpenSSL_0_9_6-stable
- refs/heads/OpenSSL_0_9_7-stable
- refs/heads/OpenSSL_0_9_8-stable
- refs/heads/OpenSSL_0_9_8fg-stable
- refs/heads/OpenSSL_1_0_0-stable
- refs/heads/OpenSSL_1_0_1-stable
- refs/heads/OpenSSL_1_0_2-stable
- refs/heads/OpenSSL_1_1_0-stable
- refs/heads/OpenSSL_1_1_1-stable
- refs/heads/SSLeay
- refs/heads/feature/dtls-1.3
- refs/heads/feature/quic-server
- refs/heads/master
- refs/heads/openssl-3.0
- refs/heads/openssl-3.1
- refs/heads/openssl-3.2
- refs/heads/openssl-3.3
- refs/heads/tls1.3-draft-18
- refs/heads/tls1.3-draft-19
- refs/tags/AFTER_COMPAQ_PATCH
- refs/tags/BEFORE_COMPAQ_PATCH
- refs/tags/BEFORE_engine
- refs/tags/BEN_FIPS_TEST_1
- refs/tags/BEN_FIPS_TEST_2
- refs/tags/BEN_FIPS_TEST_3
- refs/tags/BEN_FIPS_TEST_4
- refs/tags/BEN_FIPS_TEST_5
- refs/tags/BEN_FIPS_TEST_6
- refs/tags/BEN_FIPS_TEST_7
- refs/tags/BEN_FIPS_TEST_8
- refs/tags/FIPS_098_TEST_1
- refs/tags/FIPS_098_TEST_2
- refs/tags/FIPS_098_TEST_3
- refs/tags/FIPS_098_TEST_4
- refs/tags/FIPS_098_TEST_5
- refs/tags/FIPS_098_TEST_6
- refs/tags/FIPS_098_TEST_7
- refs/tags/FIPS_098_TEST_8
- refs/tags/FIPS_TEST_10
- refs/tags/FIPS_TEST_9
- refs/tags/LEVITTE_after_const
- refs/tags/LEVITTE_before_const
- refs/tags/OpenSSL-engine-0_9_6
- refs/tags/OpenSSL-engine-0_9_6-beta1
- refs/tags/OpenSSL-engine-0_9_6-beta2
- refs/tags/OpenSSL-engine-0_9_6-beta3
- refs/tags/OpenSSL-engine-0_9_6a
- refs/tags/OpenSSL-engine-0_9_6a-beta1
- refs/tags/OpenSSL-engine-0_9_6a-beta2
- refs/tags/OpenSSL-engine-0_9_6a-beta3
- refs/tags/OpenSSL-engine-0_9_6b
- refs/tags/OpenSSL-engine-0_9_6c
- refs/tags/OpenSSL-engine-0_9_6d
- refs/tags/OpenSSL-engine-0_9_6d-beta1
- refs/tags/OpenSSL-engine-0_9_6e
- refs/tags/OpenSSL-engine-0_9_6f
- refs/tags/OpenSSL-engine-0_9_6g
- refs/tags/OpenSSL-engine-0_9_6h
- refs/tags/OpenSSL-engine-0_9_6i
- refs/tags/OpenSSL-engine-0_9_6j
- refs/tags/OpenSSL-engine-0_9_6k
- refs/tags/OpenSSL-engine-0_9_6l
- refs/tags/OpenSSL-engine-0_9_6m
- refs/tags/OpenSSL-fips-1_2_0
- refs/tags/OpenSSL-fips-1_2_1
- refs/tags/OpenSSL-fips-1_2_2
- refs/tags/OpenSSL-fips-1_2_3
- refs/tags/OpenSSL-fips-2_0
- refs/tags/OpenSSL-fips-2_0-pl1
- refs/tags/OpenSSL-fips-2_0-rc1
- refs/tags/OpenSSL-fips-2_0-rc2
- refs/tags/OpenSSL-fips-2_0-rc3
- refs/tags/OpenSSL-fips-2_0-rc4
- refs/tags/OpenSSL-fips-2_0-rc5
- refs/tags/OpenSSL-fips-2_0-rc6
- refs/tags/OpenSSL-fips-2_0-rc7
- refs/tags/OpenSSL-fips-2_0-rc8
- refs/tags/OpenSSL-fips-2_0-rc9
- refs/tags/OpenSSL-fips-2_0_1
- refs/tags/OpenSSL_0_9_1c
- refs/tags/OpenSSL_0_9_2b
- refs/tags/OpenSSL_0_9_3
- refs/tags/OpenSSL_0_9_3a
- refs/tags/OpenSSL_0_9_3beta1
- refs/tags/OpenSSL_0_9_3beta2
- refs/tags/OpenSSL_0_9_4
- refs/tags/OpenSSL_0_9_5
- refs/tags/OpenSSL_0_9_5a
- refs/tags/OpenSSL_0_9_5a-beta1
- refs/tags/OpenSSL_0_9_5a-beta2
- refs/tags/OpenSSL_0_9_5beta1
- refs/tags/OpenSSL_0_9_5beta2
- refs/tags/OpenSSL_0_9_6
- refs/tags/OpenSSL_0_9_6-beta1
- refs/tags/OpenSSL_0_9_6-beta2
- refs/tags/OpenSSL_0_9_6-beta3
- refs/tags/OpenSSL_0_9_6a
- refs/tags/OpenSSL_0_9_6a-beta1
- refs/tags/OpenSSL_0_9_6a-beta2
- refs/tags/OpenSSL_0_9_6a-beta3
- refs/tags/OpenSSL_0_9_6b
- refs/tags/OpenSSL_0_9_6c
- refs/tags/OpenSSL_0_9_6d
- refs/tags/OpenSSL_0_9_6d-beta1
- refs/tags/OpenSSL_0_9_6e
- refs/tags/OpenSSL_0_9_6f
- refs/tags/OpenSSL_0_9_6g
- refs/tags/OpenSSL_0_9_6h
- refs/tags/OpenSSL_0_9_6i
- refs/tags/OpenSSL_0_9_6j
- refs/tags/OpenSSL_0_9_6k
- refs/tags/OpenSSL_0_9_6l
- refs/tags/OpenSSL_0_9_6m
- refs/tags/OpenSSL_0_9_7
- refs/tags/OpenSSL_0_9_7-beta1
- refs/tags/OpenSSL_0_9_7-beta2
- refs/tags/OpenSSL_0_9_7-beta3
- refs/tags/OpenSSL_0_9_7-beta4
- refs/tags/OpenSSL_0_9_7-beta5
- refs/tags/OpenSSL_0_9_7-beta6
- refs/tags/OpenSSL_0_9_7a
- refs/tags/OpenSSL_0_9_7b
- refs/tags/OpenSSL_0_9_7c
- refs/tags/OpenSSL_0_9_7d
- refs/tags/OpenSSL_0_9_7e
- refs/tags/OpenSSL_0_9_7f
- refs/tags/OpenSSL_0_9_7g
- refs/tags/OpenSSL_0_9_7h
- refs/tags/OpenSSL_0_9_7i
- refs/tags/OpenSSL_0_9_7j
- refs/tags/OpenSSL_0_9_7k
- refs/tags/OpenSSL_0_9_7l
- refs/tags/OpenSSL_0_9_7m
- refs/tags/OpenSSL_0_9_8
- refs/tags/OpenSSL_0_9_8-beta1
- refs/tags/OpenSSL_0_9_8-beta2
- refs/tags/OpenSSL_0_9_8-beta3
- refs/tags/OpenSSL_0_9_8-beta4
- refs/tags/OpenSSL_0_9_8-beta5
- refs/tags/OpenSSL_0_9_8-beta6
- refs/tags/OpenSSL_0_9_8a
- refs/tags/OpenSSL_0_9_8b
- refs/tags/OpenSSL_0_9_8c
- refs/tags/OpenSSL_0_9_8d
- refs/tags/OpenSSL_0_9_8e
- refs/tags/OpenSSL_0_9_8f
- refs/tags/OpenSSL_0_9_8g
- refs/tags/OpenSSL_0_9_8h
- refs/tags/OpenSSL_0_9_8i
- refs/tags/OpenSSL_0_9_8j
- refs/tags/OpenSSL_0_9_8k
- refs/tags/OpenSSL_0_9_8l
- refs/tags/OpenSSL_0_9_8m
- refs/tags/OpenSSL_0_9_8m-beta1
- refs/tags/OpenSSL_0_9_8n
- refs/tags/OpenSSL_0_9_8o
- refs/tags/OpenSSL_0_9_8p
- refs/tags/OpenSSL_0_9_8q
- refs/tags/OpenSSL_0_9_8r
- refs/tags/OpenSSL_0_9_8s
- refs/tags/OpenSSL_0_9_8t
- refs/tags/OpenSSL_0_9_8u
- refs/tags/OpenSSL_0_9_8v
- refs/tags/OpenSSL_0_9_8w
- refs/tags/OpenSSL_0_9_8x
- refs/tags/OpenSSL_1_0_0
- refs/tags/OpenSSL_1_0_0-beta1
- refs/tags/OpenSSL_1_0_0-beta2
- refs/tags/OpenSSL_1_0_0-beta3
- refs/tags/OpenSSL_1_0_0-beta4
- refs/tags/OpenSSL_1_0_0-beta5
- refs/tags/OpenSSL_1_0_0a
- refs/tags/OpenSSL_1_0_0b
- refs/tags/OpenSSL_1_0_0c
- refs/tags/OpenSSL_1_0_0d
- refs/tags/OpenSSL_1_0_0e
- refs/tags/OpenSSL_1_0_0f
- refs/tags/OpenSSL_1_0_0g
- refs/tags/OpenSSL_1_0_0h
- refs/tags/OpenSSL_1_0_0i
- refs/tags/OpenSSL_1_0_0j
- refs/tags/OpenSSL_1_0_1
- refs/tags/OpenSSL_1_0_1-beta1
- refs/tags/OpenSSL_1_0_1-beta2
- refs/tags/OpenSSL_1_0_1-beta3
- refs/tags/OpenSSL_1_0_1a
- refs/tags/OpenSSL_1_0_1b
- refs/tags/OpenSSL_1_0_1c
- refs/tags/OpenSSL_FIPS_1_0
- refs/tags/SSLeay_0_8_1b
- refs/tags/SSLeay_0_9_0b
- refs/tags/SSLeay_0_9_1b
- refs/tags/STATE_after_zlib
- refs/tags/STATE_before_zlib
- refs/tags/rsaref
- openssl-3.3.0-beta1
- openssl-3.3.0-alpha1
- openssl-3.3.0
- openssl-3.2.1
- openssl-3.2.0-beta1
- openssl-3.2.0-alpha2
- openssl-3.2.0-alpha1
- openssl-3.2.0
- openssl-3.1.5
- openssl-3.1.4
- openssl-3.1.3
- openssl-3.1.2
- openssl-3.1.1
- openssl-3.1.0-beta1
- openssl-3.1.0-alpha1
- openssl-3.1.0
- openssl-3.0.9
- openssl-3.0.8
- openssl-3.0.7
- openssl-3.0.6
- openssl-3.0.5
- openssl-3.0.4
- openssl-3.0.3
- openssl-3.0.2
- openssl-3.0.13
- openssl-3.0.12
- openssl-3.0.11
- openssl-3.0.10
- openssl-3.0.1
- openssl-3.0.0-beta2
- openssl-3.0.0-beta1
- openssl-3.0.0-alpha9
- openssl-3.0.0-alpha8
- openssl-3.0.0-alpha7
- openssl-3.0.0-alpha6
- openssl-3.0.0-alpha5
- openssl-3.0.0-alpha4
- openssl-3.0.0-alpha3
- openssl-3.0.0-alpha2
- openssl-3.0.0-alpha17
- openssl-3.0.0-alpha16
- openssl-3.0.0-alpha15
- openssl-3.0.0-alpha14
- openssl-3.0.0-alpha13
- openssl-3.0.0-alpha12
- openssl-3.0.0-alpha11
- openssl-3.0.0-alpha10
- openssl-3.0.0-alpha1
- openssl-3.0.0
- master-pre-reformat
- master-pre-auto-reformat
- master-post-reformat
- master-post-auto-reformat
- OpenSSL_1_1_1w
- OpenSSL_1_1_1v
- OpenSSL_1_1_1u
- OpenSSL_1_1_1t
- OpenSSL_1_1_1s
- OpenSSL_1_1_1r
- OpenSSL_1_1_1q
- OpenSSL_1_1_1p
- OpenSSL_1_1_1o
- OpenSSL_1_1_1n
- OpenSSL_1_1_1m
- OpenSSL_1_1_1l
- OpenSSL_1_1_1k
- OpenSSL_1_1_1j
- OpenSSL_1_1_1i
- OpenSSL_1_1_1h
- OpenSSL_1_1_1g
- OpenSSL_1_1_1f
- OpenSSL_1_1_1e
- OpenSSL_1_1_1d
- OpenSSL_1_1_1c
- OpenSSL_1_1_1b
- OpenSSL_1_1_1a
- OpenSSL_1_1_1-pre9
- OpenSSL_1_1_1-pre8
- OpenSSL_1_1_1-pre7
- OpenSSL_1_1_1-pre6
- OpenSSL_1_1_1-pre5
- OpenSSL_1_1_1-pre4
- OpenSSL_1_1_1-pre3
- OpenSSL_1_1_1-pre2
- OpenSSL_1_1_1-pre1
- OpenSSL_1_1_1
- OpenSSL_1_1_0l
- OpenSSL_1_1_0k
- OpenSSL_1_1_0j
- OpenSSL_1_1_0i
- OpenSSL_1_1_0h
- OpenSSL_1_1_0g
- OpenSSL_1_1_0f
- OpenSSL_1_1_0e
- OpenSSL_1_1_0d
- OpenSSL_1_1_0c
- OpenSSL_1_1_0b
- OpenSSL_1_1_0a
- OpenSSL_1_1_0-pre6
- OpenSSL_1_1_0-pre5
- OpenSSL_1_1_0-pre4
- OpenSSL_1_1_0-pre3
- OpenSSL_1_1_0-pre2
- OpenSSL_1_1_0-pre1
- OpenSSL_1_1_0
- OpenSSL_1_0_2u
- OpenSSL_1_0_2t
- OpenSSL_1_0_2s
- OpenSSL_1_0_2r
- OpenSSL_1_0_2q
- OpenSSL_1_0_2p
- OpenSSL_1_0_2o
- OpenSSL_1_0_2n
- OpenSSL_1_0_2m
- OpenSSL_1_0_2l
- OpenSSL_1_0_2k
- OpenSSL_1_0_2j
- OpenSSL_1_0_2i
- OpenSSL_1_0_2h
- OpenSSL_1_0_2g
- OpenSSL_1_0_2f
- OpenSSL_1_0_2e
- OpenSSL_1_0_2d
- OpenSSL_1_0_2c
- OpenSSL_1_0_2b
- OpenSSL_1_0_2a
- OpenSSL_1_0_2-pre-reformat
- OpenSSL_1_0_2-pre-auto-reformat
- OpenSSL_1_0_2-post-reformat
- OpenSSL_1_0_2-post-auto-reformat
- OpenSSL_1_0_2-beta3
- OpenSSL_1_0_2-beta2
- OpenSSL_1_0_2-beta1
- OpenSSL_1_0_2
- OpenSSL_1_0_1u
- OpenSSL_1_0_1t
- OpenSSL_1_0_1s
- OpenSSL_1_0_1r
- OpenSSL_1_0_1q
- OpenSSL_1_0_1p
- OpenSSL_1_0_1o
- OpenSSL_1_0_1n
- OpenSSL_1_0_1m
- OpenSSL_1_0_1l
- OpenSSL_1_0_1k
- OpenSSL_1_0_1j
- OpenSSL_1_0_1i
- OpenSSL_1_0_1h
- OpenSSL_1_0_1g
- OpenSSL_1_0_1f
- OpenSSL_1_0_1e
- OpenSSL_1_0_1d
- OpenSSL_1_0_1-pre-reformat
- OpenSSL_1_0_1-pre-auto-reformat
- OpenSSL_1_0_1-post-reformat
- OpenSSL_1_0_1-post-auto-reformat
- OpenSSL_1_0_0t
- OpenSSL_1_0_0s
- OpenSSL_1_0_0r
- OpenSSL_1_0_0q
- OpenSSL_1_0_0p
- OpenSSL_1_0_0o
- OpenSSL_1_0_0n
- OpenSSL_1_0_0m
- OpenSSL_1_0_0l
- OpenSSL_1_0_0k
- OpenSSL_1_0_0-pre-reformat
- OpenSSL_1_0_0-pre-auto-reformat
- OpenSSL_1_0_0-post-reformat
- OpenSSL_1_0_0-post-auto-reformat
- OpenSSL_0_9_8zh
- OpenSSL_0_9_8zg
- OpenSSL_0_9_8zf
- OpenSSL_0_9_8ze
- OpenSSL_0_9_8zd
- OpenSSL_0_9_8zc
- OpenSSL_0_9_8zb
- OpenSSL_0_9_8za
- OpenSSL_0_9_8y
- OpenSSL_0_9_8-pre-reformat
- OpenSSL_0_9_8-pre-auto-reformat
- OpenSSL_0_9_8-post-reformat
- OpenSSL_0_9_8-post-auto-reformat
- OpenSSL-fips-2_0_9
- OpenSSL-fips-2_0_8
- OpenSSL-fips-2_0_7
- OpenSSL-fips-2_0_6
- OpenSSL-fips-2_0_5
- OpenSSL-fips-2_0_4
- OpenSSL-fips-2_0_3
- OpenSSL-fips-2_0_2
- OpenSSL-fips-2_0_16
- OpenSSL-fips-2_0_15
- OpenSSL-fips-2_0_14
- OpenSSL-fips-2_0_13
- OpenSSL-fips-2_0_12
- OpenSSL-fips-2_0_11
- OpenSSL-fips-2_0_10
Take a new snapshot of a software origin
If the archived software origin currently browsed is not synchronized with its upstream version (for instance when new commits have been issued), you can explicitly request Software Heritage to take a new snapshot of it.
Use the form below to proceed. Once a request has been submitted and accepted, it will be processed as soon as possible. You can then check its processing state by visiting this dedicated page.
Processing "take a new snapshot" request ...
Permalinks
To reference or cite the objects present in the Software Heritage archive, permalinks based on SoftWare Hash IDentifiers (SWHIDs) must be used.
Select below a type of object currently browsed in order to display its associated SWHID and permalink.
| Revision | Author | Date | Message | Commit Date |
|---|---|---|---|---|
| c3cc0f1 | Matt Caswell | 24 October 2023, 13:48:41 UTC | Prepare for release of 3.0.12 Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes | 24 October 2023, 13:48:41 UTC |
| 6517219 | Matt Caswell | 24 October 2023, 13:48:41 UTC | make update Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes | 24 October 2023, 13:48:41 UTC |
| f3cb369 | Matt Caswell | 24 October 2023, 13:47:21 UTC | Copyright year updates Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes | 24 October 2023, 13:47:21 UTC |
| e37f0fa | Pauli | 05 October 2023, 23:32:20 UTC | test: add unit test for CVE-2023-5363 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit efce76073edc228bbbbc09e65aa076ad5f15ac2c) | 24 October 2023, 13:35:55 UTC |
| 1449ba2 | Pauli | 05 October 2023, 23:43:46 UTC | changes and news entries for CVE-2023-5363 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 3f636830e4dcfe9b6ab57bef42c0b3a1de194399) | 24 October 2023, 13:35:55 UTC |
| 0df4063 | Pauli | 05 October 2023, 23:26:23 UTC | evp: process key length and iv length early if present evp_cipher_init_internal() takes a params array argument and this is processed late in the initialisation process for some ciphers (AEAD ones). This means that changing the IV length as a parameter will either truncate the IV (very bad if SP 800-38d section 8.2.1 is used) or grab extra uninitialised bytes. Truncation is very bad if SP 800-38d section 8.2.1 is being used to contruct a deterministic IV. This leads to an instant loss of confidentiality. Grabbing extra bytes isn't so serious, it will most likely result in a bad decryption. Problem reported by Tony Battersby of Cybernetics.com but earlier discovered and raised as issue #19822. Fixes CVE-2023-5363 Fixes #19822 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 5f69f5c65e483928c4b28ed16af6e5742929f1ee) | 24 October 2023, 13:35:55 UTC |
| 23d2135 | Tomas Mraz | 19 October 2023, 06:37:47 UTC | Fix Coverity 1547856: memset() uses only the lowest byte of c Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/22430) (cherry picked from commit 0bf18140f491024232beca4e139c8feecfe207e9) | 24 October 2023, 13:25:34 UTC |
| 943cb9b | наб | 18 October 2023, 13:35:55 UTC | Reference the non-"legacy" provider names directly from EVP_md5(3) &c. Earlier today, it took me five manuals! to find what on earth the "Performance"/"EVP_MD_fetch(3)" crosslinks actually mean: EVP_sha1(3) crypto(7) EVP_MD_fetch(3) (but not there! don't read that!) OSSL_PROVIDER-default(7) EVP_MD-SHA1(7) If, instead, EVP_sha1(3) referenced EVP_MD-SHA1(7) at /all/, which it should do, since it's supposed to be what you're replacing it with, but it doesn't actually say that, maybe people would use it. I know I didn't because it's basically just deadass buried As found by git grep -l 'and should consider using' Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22420) (cherry picked from commit b6eb95fa4439ea6254a5330487dabb2a499fb6c8) | 20 October 2023, 15:53:24 UTC |
| d97993a | Tomas Mraz | 19 October 2023, 08:30:15 UTC | load_key_certs_crls(): There is no quiet argument This fixes broken cherry-pick from the master branch where there is a quiet argument. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22434) (cherry picked from commit 307048cd4e887de688eb71af713c64962261cd29) | 19 October 2023, 08:52:30 UTC |
| b130e18 | Tomas Mraz | 19 October 2023, 07:23:43 UTC | cms_enc.c: Include crypto/asn1.h for struct asn1_object_st Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22432) (cherry picked from commit fa9e6ad46860ea92aa2e1ba997b20c6dff76b42c) | 19 October 2023, 08:17:10 UTC |
| e70f5b2 | Tomas Mraz | 09 October 2023, 09:36:50 UTC | apps: Print out a proper message when a store cannot be opened Fixes #22306 Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22318) (cherry picked from commit edc2b6e3b1950ab0fb71e2d7dca0836b43a9ec3b) | 19 October 2023, 08:11:04 UTC |
| 4a1c530 | Neil Horman | 11 October 2023, 16:45:44 UTC | Add a test to confirm that legacy rsa keys work Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22334) (cherry picked from commit e62097f48c3d0b8b61ca6a061b8098b0086b3fbc) | 18 October 2023, 16:12:01 UTC |
| cfd5b05 | Neil Horman | 10 October 2023, 15:06:44 UTC | Dont require CRT params on ossl_rsa_set0_all_params Its not required that crt params be available in an RSA key, so don't perform an error check on them Fixes #29135 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22334) (cherry picked from commit 2647726bd3ca63dc5f07ae3f10e16dff35d95626) | 18 October 2023, 16:11:57 UTC |
| cdfc6d4 | Neil Horman | 05 September 2023, 16:08:19 UTC | remove sanity check from ossl_rsa_todata Theres no reason we should gate ossl_rsa_todata on there being a minimum set of parameters. EVP_PKEY_todata makes no guarantees about the validity of a key, it only returns the parameters that are set in the requested key, whatever they may be. Remove the check. Fixes #21935 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22334) (cherry picked from commit 4ad3a44ba45a4026170336161228d435f6784564) | 18 October 2023, 16:11:54 UTC |
| 100198f | Tomas Mraz | 04 September 2023, 09:10:42 UTC | ossl_param_build_set_multi_key_bn(): Do not set NULL BIGNUMs This makes them zeroes otherwise where NULLs actually mean the values aren't present. Fixes #21935 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/22334) (cherry picked from commit 15a39e7025e0ed4e31664c499894006e41582068) | 18 October 2023, 16:11:46 UTC |
| 33e18be | James Muir | 14 October 2023, 23:36:57 UTC | cms encrypt, better OBJ_nid2obj() return check Fixes #22225 In OBJ_nid2obj(), if the NID does not have an OID, then a pointer to the special "undefined" ASN1_OBJECT is returned. Check for the undefined-ASN1_OBJECT and return an error. Also, add a test for this in 80-test_cms.t. Testing: #!/bin/bash -x shopt -s expand_aliases alias openssl="LD_LIBRARY_PATH=~/git/openssl ~/git/openssl/apps/openssl" echo "This is a confidential message. It should be encrypted." > msg.txt ## this should fail b/c there is no OID for aes-256-ctr openssl cms -encrypt -in msg.txt -aes-256-ctr -out msg.txt.cms -recip demos/cms/signer.pem echo $? Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22392) (cherry picked from commit bd160912dcc5e39bcdc925d9aa6538f20e37ad16) | 18 October 2023, 14:51:43 UTC |
| d630423 | Pavel Stetsuk | 14 September 2023, 20:05:49 UTC | fix: LINEAR search doesn't work properly (if CHARSET_EBCDIC is defined) CLA: trivial Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22108) (cherry picked from commit a47fc4ed401da4e2d84e035cc4add566e85b03d0) | 18 October 2023, 14:40:19 UTC |
| 86f3fae | Daiki Ueno | 16 October 2023, 05:42:12 UTC | rsa: Accept NULL OAEP label for backward compatibility According to the manual page, EVP_PKEY_CTX_set0_rsa_oaep_label() should accept NULL as the label argument, though the function currently rejects it while setting the corresponding octet string parameter with OSSL_PARAM_construct_octet_string, which expects non-NULL input. This adds a workaround to the caller for backward compatibility. Signed-off-by: Daiki Ueno <dueno@redhat.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22397) (cherry picked from commit 21b98da9d80c561b6273b0c51c259196d6740e70) | 18 October 2023, 14:26:17 UTC |
| a9c69e0 | James Muir | 10 October 2023, 16:41:59 UTC | Update unix Makefile template to handle paths with spaces Fixes #4668 (on unix-like platforms) Testing: rm -rf "$HOME/tmp/beforespace afterspace" ./Configure -Werror --strict-warnings --prefix="$HOME/tmp/beforespace afterspace" make -j6 update make -j6 make install make test Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22386) (cherry picked from commit f4bc5568a973e640a70f416da37a030c25a38ebc) | 18 October 2023, 07:24:27 UTC |
| 7343a08 | Dr. David von Oheimb | 13 October 2023, 20:27:31 UTC | EVP shake_ctrl(): add missing NULL evp_ctx check Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22390) (cherry picked from commit 410c80dc7bf2085167553ab9fa517189eed2b3a6) | 17 October 2023, 20:06:35 UTC |
| 3dee5c2 | Dr. David von Oheimb | 13 October 2023, 20:12:22 UTC | CMS_add1_signer(): add missing ERR_raise() calls Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22390) (cherry picked from commit 72a99ef665b26fa207c0eee6e7e4842d1e42752c) | 17 October 2023, 20:06:32 UTC |
| 8b2bc1f | Dr. David von Oheimb | 13 October 2023, 20:39:25 UTC | CMS_add1_signer.pod: add missing info on CMS_SignerInfo_sign() return values Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22390) (cherry picked from commit 2c581eb2fd92e997dfe0761b086eb690271cefc2) | 17 October 2023, 20:04:06 UTC |
| 3801c68 | Dr. David von Oheimb | 13 October 2023, 20:30:31 UTC | PKCS7_SIGNER_INFO: point out confusing names of digest_enc_alg and enc_digest fields Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22390) (cherry picked from commit e15891b477fe9c3d3dc6f331812c9e8afc48dc05) | 17 October 2023, 20:04:02 UTC |
| 6ff6966 | Pauli | 11 October 2023, 21:46:19 UTC | cmp: add null pointer check in tear_down test function problem reported by: 2ourc3 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22355) (cherry picked from commit 91a5c0e40cf272d18b65c9e4c9a0268f244758a8) | 13 October 2023, 15:35:45 UTC |
| a8293b4 | James Muir | 11 October 2023, 22:11:42 UTC | Fix parenthesis, use a colon Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22356) (cherry picked from commit 008ca01e506d85acf0cc06ea8f219a883328344c) | 13 October 2023, 15:24:35 UTC |
| 6509e65 | Tomas Mraz | 11 October 2023, 09:20:02 UTC | Windows: use srand() instead of srandom() This is used for memory allocation failure debugging only Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22347) (cherry picked from commit 3b107b86ca7d1c6309bc7071ead59acb8c098f3b) | 13 October 2023, 13:09:31 UTC |
| e657444 | Tomas Mraz | 11 October 2023, 09:05:37 UTC | Windows CI: Add some non-default options to check they are working Some of the non-default options that enable more code to be built need to be enabled in one of the Windows builds to avoid regressions. Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22347) (cherry picked from commit 10767fd9db14b6eedfb0827f9e404c0d4b94424b) | 13 October 2023, 13:09:27 UTC |
| 6e8700f | Tomas Mraz | 05 October 2023, 09:11:16 UTC | DH_check_pub_key() should not fail when setting result code The semantics of ossl_ffc_validate_public_key() and ossl_ffc_validate_public_key_partial() needs to be changed to not return error on non-fatal problems. Fixes #22287 Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22291) (cherry picked from commit eaee1765a49c6a8ba728e3e2d18bb67bff8aaa55) | 11 October 2023, 14:23:06 UTC |
| 9255fd8 | Richard Levitte | 10 October 2023, 10:32:40 UTC | test/recipes/05-test_rand.t: replace 'and' with '&&' The lower priority 'and' seems to have some "interesting" interactions with function argument parsing in some perl versions (presumably because 'and' is lower priority than the comma). For the lines that are changed here, perl v5.20.1 says this: Useless use of string eq in void context at [.test.recipes]05-test_rand.t line 33. Useless use of numeric eq (==) in void context at [.test.recipes]05-test_rand.t line 39. Replacing 'and' with '&&' in these two cases fixes the problem. Replacing Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22331) (cherry picked from commit 715242b1ca2b7267a70fb13c3544a84b947a6e81) | 11 October 2023, 12:20:14 UTC |
| 1eeada0 | Bernd Edlinger | 18 September 2023, 06:16:01 UTC | Improve Malloc Failure Test Allow 2 digits after the comma in percentage in OPENSSL_MALLOC_FAILURES. Add OPENSSL_MALLOC_SEED to allow for some randomization. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22127) (cherry picked from commit 3df5736cf303d2c69654ba1c295a9772b738608e) | 11 October 2023, 07:01:51 UTC |
| f5fb3ac | Klavishnik | 10 August 2023, 10:56:24 UTC | Added check for the return value of the RAND_bytes() function Call app_bail_out if RAND_bytes() fails. Also changed the output parameter of RAND_bytes() to inp as writing to encrypted output buffer does not make sense. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21706) (cherry picked from commit 8d120aef951d7bb7deac0b8b559f8003f5ea6384) | 10 October 2023, 15:18:47 UTC |
| 73c5668 | Klavishnik | 09 August 2023, 14:05:03 UTC | Avoid divide-by-zero in kmac_prov.c's bytepad() This would happen if EVP_MD_get_block_size() returned 0 so we return an error instead. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21698) (cherry picked from commit 91895e39b10033178e662fc7427a09d7562cf8e1) | 09 October 2023, 10:05:20 UTC |
| 1c01dbc | Tomas Mraz | 26 September 2023, 15:39:50 UTC | Optimize out unneeded up_ref/free of EVP_CIPHER Fixes #22189 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22198) (cherry picked from commit 8ed76c62b5d3214e807e684c06efd69c6471c800) | 05 October 2023, 18:07:31 UTC |
| 8110612 | David Benjamin | 29 December 2021, 18:05:12 UTC | Don't use __ARMEL__/__ARMEB__ in aarch64 assembly GCC's __ARMEL__ and __ARMEB__ defines denote little- and big-endian arm, respectively. They are not defined on aarch64, which instead use __AARCH64EL__ and __AARCH64EB__. However, OpenSSL's assembly originally used the 32-bit defines on both platforms and even define __ARMEL__ and __ARMEB__ in arm_arch.h. This is less portable and can even interfere with other headers, which use __ARMEL__ to detect little-endian arm. Over time, the aarch64 assembly has switched to the correct defines, such as in 32bbb62ea634239e7cb91d6450ba23517082bab6. This commit finishes the job: poly1305-armv8.pl needed a fix and the dual-arch armx.pl files get one more transform to convert from 32-bit to 64-bit. (There is an even more official endianness detector, __ARM_BIG_ENDIAN in the Arm C Language Extensions. But I've stuck with the GCC ones here as that would be a larger change.) Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/22176) | 05 October 2023, 18:04:29 UTC |
| b0ba159 | Tomas Mraz | 03 October 2023, 13:45:13 UTC | d2i_X509.pod: Better document using the reuse capability for libctx setup Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22265) (cherry picked from commit 4ca56f51803a8ae010423180ac80ef991cf78fc5) | 05 October 2023, 17:11:28 UTC |
| c2dbf9e | Tomas Mraz | 04 October 2023, 07:30:43 UTC | BN_gcd(): Avoid shifts of negative values Fixes #22216 Thanks to Leland Mills for investigation and testing. Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22272) (cherry picked from commit 0f7a3b0caa33a87c900536dc1c02fa553d2193cc) | 05 October 2023, 10:05:57 UTC |
| ff0995c | Tomas Mraz | 03 October 2023, 12:43:13 UTC | DH_check: Emphasize the importance of return value check Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22262) (cherry picked from commit f7b80136a3df4396b19ebb86d4814d8cefe6d6db) | 05 October 2023, 09:25:23 UTC |
| 7e2ca1e | Pauli | 24 September 2023, 23:34:07 UTC | ossl_property_list_to_string: handle quoted strings ossl_property_list_to_string() didn't quote strings correctly which could result in a generated property string being unparsable. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22182) (cherry picked from commit fb20e66c6b2651067f50bab8cf098c71e2caed4b) | 04 October 2023, 21:10:19 UTC |
| 604ec0d | Tomas Mraz | 04 October 2023, 10:30:22 UTC | d2i_PKCS8PrivateKey_bio.pod: evp.h include is unnecessary It is also not allowed by doc nits check to have multiple includes. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/22276) (cherry picked from commit 831602922f19a8f39d0c0fae425b81e9ab402c69) | 04 October 2023, 11:03:26 UTC |
| 0905ad2 | Matthias St. Pierre | 02 October 2023, 10:10:01 UTC | Don't (re-)initialize the FFC_PARAMs in dh_init and dsa_init The initialization was introduced in commit dc8de3e6f1ee and changes the behaviour of the `init` method for DSA and DH between 1.1.1 and 3.0, while the behaviour for RSA and EC_KEY remains unchanged. The initialization is not necessary in 3.x and master imho and breaks the use-case of intercepting the methods of an existing key. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22185) (cherry picked from commit 706512ecbc31585d447b53c3aa89acdf6951f996) | 04 October 2023, 10:23:13 UTC |
| 5e01ec3 | Matthias St. Pierre | 23 September 2023, 23:13:20 UTC | test: evp_extra: test signing with legacy app method based keys This commit adds `test_EVP_PKEY_sign_with_app_method`, a regression test for the bug fix in commit 1acc3e8cc3c6 (pull request #22163). It is analogous to `test_EVP_PKEY_sign`, only with a fake app method based key. (The EC key test case was omitted, because there is no `EC_KEY_METHOD_dup` method.) Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22185) (cherry picked from commit 860e36d0dd72f4aa4791e88aa185cb42065a30c4) | 04 October 2023, 10:23:12 UTC |
| 91208ae | Matthias St. Pierre | 23 September 2023, 23:24:59 UTC | test: evp_extra: fix indentation error Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22185) (cherry picked from commit b49cafd86b295aa5e177d6c1368b06a1202ec2b3) | 04 October 2023, 10:23:10 UTC |
| 624ea82 | Sumitra Sharma | 03 October 2023, 03:58:44 UTC | Correct documentation for PKCS5_PBKDF2_HMAC In OpenSSL 3.x, the documentation for PKCS5_PBKDF2_HMAC incorrectly states that an iter value less than 1 is treated as a single iteration. Upon further investigation in providers/implementations/kdfs/pbkdf2.c, it appears that invalid iter values will result in failure and raise the PROV_R_INVALID_ITERATION_COUNT error. This commit corrects the documentation to accurately reflect the behavior in OpenSSL 3.x. Closes openssl#22168 Signed-off-by: Sumitra Sharma <sumitraartsy@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22252) (cherry picked from commit 82496b8663f20ff12f02adbe46a060a94b0cbfc5) | 04 October 2023, 10:20:43 UTC |
| 4893559 | Richard Levitte | 02 October 2023, 07:12:12 UTC | Restore the meaning of EVP_PKEY_print_private() With pre-3.0 OpenSSL, EVP_PKEY_print_private() calls the EVP_PKEY_ASN1_METHOD function "priv_print", effectively asking the backend to print whatever it regards as private key components. In all backends that were built into libcrypto, this function printed what was included in the private key structure, which usually includes the public key components as well. With OpenSSL 3.0, some of the corresponding key2text encoders got a slightly different behavior, where the presence of the selector OSSL_KEYMGMT_SELECT_PRIVATE_KEY without the presence of the selector OSSL_KEYMGMT_SELECT_PUBLIC_KEY would only get what would intuitively be regarded as private key components printed. This isn't entirely consistent, though, as the RSA key2text encoder will still print the public key components regardless. To compensate for the changed backend behavior, EVP_PKEY_print_private() was made to ask the encoder to print the keypair rather than just the private key, thereby moving the backend semantics to the application API. Unfortunately, this causes confusion for providers where the key2text encoder really should print the private key only. This change restores the built-in 1.1.1 backend behavior in the encoders that OpenSSL provides, and renders EVP_PKEY_print_private() more true to its documented behavior, leaving it to the backend to decide what it regards as "private key components". Fixes #22233 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22237) (cherry picked from commit 1296c2ec7866a4f2f4d210432c771142e8de33a0) | 04 October 2023, 06:15:04 UTC |
| 02b87cc | Dmitry Belyavskiy | 26 December 2022, 19:38:44 UTC | Improved detection of engine-provided private "classic" keys Resolves #17092 (?) Resolves #17286 (?) Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19965) (cherry picked from commit 2b74e75331a27fc89cad9c8ea6a26c70019300b5) | 04 October 2023, 00:03:15 UTC |
| 315fe88 | Frederik Wedel-Heinen | 02 October 2023, 08:58:48 UTC | Remove duplicates of EVP_aes_xxx_wrap() from EVP_aes_128_gcm.pod Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22236) (cherry picked from commit 5c20c202699ba9c08183c5227df0ad4352e0974b) | 03 October 2023, 23:55:29 UTC |
| 9fc93ba | Matthias St. Pierre | 26 September 2023, 16:25:27 UTC | doc/man3: fix misnamed function name Rename `DSA_generate_prime[_ex]` to `DSA_generate_parameters[_ex]`, fixing a copy&paste error from the `BN_generate_prime[_ex]` paragraph in commit b3696a55a5ed. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22242) (cherry picked from commit 515856f5ceb1ef0065466ac85164766623457000) | 03 October 2023, 23:53:11 UTC |
| defd1a8 | Sumitra Sharma | 02 October 2023, 15:23:52 UTC | Add openssl/pem.h inclusion for d2i_PKCS8PrivateKey Include the necessary header file openssl/pem.h in the documentation to ensure that all functions related to d2i_PKCS8PrivateKey are correctly defined. Closes openssl#22188 Signed-off-by: Sumitra Sharma <sumitraartsy@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22253) (cherry picked from commit cda2e7c914bffc904e3ee79f360953fd370e19e9) | 03 October 2023, 20:55:03 UTC |
| a16df8b | dependabot[bot] | 02 October 2023, 17:23:41 UTC | Bump actions/setup-python from 4.7.0 to 4.7.1 Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.7.0 to 4.7.1. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v4.7.0...v4.7.1) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> CLA: trivial Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22254) (cherry picked from commit f7e7bbcd7850b96d02dd0f4dd49b3365b320776c) | 03 October 2023, 06:33:33 UTC |
| 992d24d | Matthias St. Pierre | 29 September 2023, 13:31:37 UTC | doc: correct the SSL_CTX_set_info_callback(3) manual page The info callback is not prototyped correctly, and the code example fails to compile because of const-incorrectness. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22224) (cherry picked from commit 92986c0be56bc8bf9c414dab59d4f1e128f1e843) | 02 October 2023, 12:13:19 UTC |
| 553d3c0 | Matthias St. Pierre | 21 September 2023, 14:43:43 UTC | no-engine: fix signing with legacy app method based keys Signing with an app method based key (i.e. an `EVP_PKEY` which wraps an `RSA` key with an application defined `RSA_METHOD`) used to work in 1.1.1. That feature was broken in commit 60488d2434, but later on fixed by @t8m in commit b247113c05 (see #14859). This commit corrects a minor flaw of the fix, which affects only `no-engine` builds: the special treatment for foreign keys is guarded by an `OPENSSL_NO_ENGINE` check. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/22163) (cherry picked from commit 1acc3e8cc3c69187b55cc557c1bc03278ab38063) (cherry picked from commit c67a1988fcf8fe34b1d31e29849f2528d553dd66) | 22 September 2023, 19:27:31 UTC |
| a31cd07 | Huiyue Xu | 14 September 2023, 08:21:35 UTC | Do not include sparse_array.o in libssl sparse_array.o is not needed in libssl at 3.0.x version. Signed-off-by: Huiyue Xu <xuhuiyue@huawei.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22111) | 22 September 2023, 18:41:38 UTC |
| 564a4b8 | Steffen Klee | 19 September 2023, 22:04:18 UTC | Fix test_cms if DSA is not supported CLA: trivial Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22150) (cherry picked from commit dee2129802d9694d72e8745aec2d8bd4577ee4ee) | 21 September 2023, 16:42:34 UTC |
| bf01afe | Bernd Edlinger | 20 September 2023, 13:45:56 UTC | Fix error handling in lhash contract When the realloc fails in contract, this not a fatal error, since the memory is only shrinked. It is also no option to exit the function at this point, since that would leave the hash table in an inconsistent state. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22154) (cherry picked from commit 5fbfd641aeebdf4b29a0749e13a79a1e59502878) | 21 September 2023, 12:51:25 UTC |
| 44cea98 | Bernd Edlinger | 19 September 2023, 18:15:18 UTC | Fix error handling in CRYPTO_get_ex_new_index If an out of memory error happens when the index zero is reserved in a newly created ip->meth stack object, that reservation is not done in a second attempt, which makes various X_set_ex_data overwrite the value of X_set_app_data. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22149) (cherry picked from commit d4f22a915ac50570015a23ad794032c4fb9496cb) | 21 September 2023, 12:47:37 UTC |
| 296fc3c | Bernd Edlinger | 11 September 2023, 04:38:31 UTC | Fix some memory leaks in the openssl app In some error cases the normal cleanup did not happen, but instead an exit(1) which caused some memory leaks, as reported in #22049. Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/22055) (cherry picked from commit 8c040c086ca11a519975c58961a5dc933aa6524a) | 21 September 2023, 12:40:45 UTC |
| 50f3f93 | Pauli | 19 September 2023, 01:07:21 UTC | coverity: NULL dereference Fixes coverity 1544699. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/22138) (cherry picked from commit be01f609f98a8930f2c91b813715e515a88f4d54) | 20 September 2023, 03:32:03 UTC |
| 27f4243 | Sumitra Sharma | 18 September 2023, 11:08:11 UTC | Add documentation for the function SSL_CONF_CTX_finish. Add documentation for the function SSL_CONF_CTX_finish() in man3. Fixes #22084 Signed-off-by: Sumitra Sharma <sumitraartsy@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22128) (cherry picked from commit 955c133ccccd2b6e3f5a1b1342045111fe8b3e86) | 20 September 2023, 00:26:36 UTC |
| 27eb4fa | Mathieu Tortuyaux | 18 September 2023, 14:02:21 UTC | enc: "bad decrypt" only in decryption CLA: trivial Signed-off-by: Mathieu Tortuyaux <mathieu.tortuyaux@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22134) (cherry picked from commit 0e138b7b591f160a50aff22f662254d1b39c9cac) | 19 September 2023, 22:12:48 UTC |
| 40f8e57 | Richard Levitte | 19 September 2023, 13:03:18 UTC | Prepare for 3.0.12 Reviewed-by: Matt Caswell <matt@openssl.org> Release: yes | 19 September 2023, 13:03:18 UTC |
| 6ba3884 | Richard Levitte | 19 September 2023, 13:02:31 UTC | Prepare for release of 3.0.11 Reviewed-by: Matt Caswell <matt@openssl.org> Release: yes | 19 September 2023, 13:02:31 UTC |
| ac59555 | Richard Levitte | 19 September 2023, 13:02:19 UTC | make update Reviewed-by: Matt Caswell <matt@openssl.org> Release: yes | 19 September 2023, 13:02:19 UTC |
| fd80578 | Richard Levitte | 19 September 2023, 12:58:35 UTC | Copyright year updates Reviewed-by: Matt Caswell <matt@openssl.org> Release: yes | 19 September 2023, 12:58:35 UTC |
| 5e721ec | Dr. David von Oheimb | 03 June 2023, 15:17:14 UTC | CMP app and API doc: add note on critical server auth on receiving trust anchor certs Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/21138) | 18 September 2023, 18:09:34 UTC |
| 4a10739 | Dr. David von Oheimb | 03 June 2023, 15:15:06 UTC | CMP doc: various small corrections, mostly on PBM vs. MAC-based protection Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/21138) | 18 September 2023, 18:09:34 UTC |
| 36f1b6e | Sumitra Sharma | 12 September 2023, 06:30:21 UTC | Enhance code safety and readability in SSL_get_shared_ciphers() This commit introduces two key improvements: 1. Improve code safety by replacing the conditional statement with `if (n >= size)` and using OPENSSL_strnlen() instead of strlen(). This change ensures proper buffer size handling and adheres to secure coding practices. 2. Enhance code readability by substituting `strcpy(p, c->name)` with `memcpy(p, c->name, n)`. This adjustment prioritizes code clarity and maintenance, even while mitigating a minimal buffer overflow risk. These enhancements bolster the code's robustness and comprehensibility, aligning with secure coding principles and best practices. Fixes #19837 Signed-off-by: Sumitra Sharma <sumitraartsy@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21934) (cherry picked from commit 2743594d73e65c38375c619e89ec62579e2c24a9) | 18 September 2023, 12:12:09 UTC |
| 3558a8c | Olga Batyshkina | 07 August 2023, 13:14:53 UTC | Fix PKCS#12 creation error when certificate contains auxiliary data Prefer friendly name passed by the caller and calculated local key id to ones found in certificate auxiliary data when creating PKCS#12. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21675) (cherry picked from commit 388a8e731445d190a46ec27b2ff5b4bf334d526b) | 15 September 2023, 14:17:42 UTC |
| 7f81dec | Bernd Edlinger | 15 September 2023, 07:56:01 UTC | Fix a merge mistake in engne_list_add master version increments the struct_ref early and needs to decrement the struct_ref on error, while 3.1 and 3.0 increment the struct_ref later. Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22115) (cherry picked from commit bb67dff95aeb21047b95f92c5119cb63e75cfd2f) | 15 September 2023, 08:13:58 UTC |
| ecd41bb | Bernd Edlinger | 05 September 2023, 14:59:45 UTC | Fix engine cleanup error handling Error handling in engine_cleanup_add_first/last was broken and caused memory leaks. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21971) (cherry picked from commit 00f2efccf5b9671a7af2b12571068258e9c255a5) | 15 September 2023, 06:18:07 UTC |
| 1362474 | Bernd Edlinger | 11 September 2023, 10:26:46 UTC | Fix memory leaks in ssl_old_test.c This fixes a few memory leaks reported in #22049. If SSL_CTX_set0_tmp_dh_pkey rejects the temp dh key due to security restrictions (even when @SECLEVEL=0 is used!) then the caller has to delete the PKEY object. That is different to how the deprecated SSL_CTX_set_tmp_dh_pkey was designed to work. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22060) (cherry picked from commit 21f0b80cd4b32ba80843b812b01a6056daf14093) | 13 September 2023, 12:31:50 UTC |
| 0d168f3 | Tomas Mraz | 11 September 2023, 15:23:46 UTC | d2i_ECPKParameters and i2d_ECPKParameters are not deprecated So do not document them as such. Fixes #22068 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22069) (cherry picked from commit 2508629765403375b3075300a0951705ec26fe27) | 13 September 2023, 11:10:44 UTC |
| bb0ad19 | Dimitri Papadopoulos | 11 September 2023, 11:32:06 UTC | Fix typos found by codespell in openssl-3.0 Only modify doc/man* in the openssl-3.0 branch. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22064) | 13 September 2023, 06:16:18 UTC |
| 76385c3 | Bernd Edlinger | 11 September 2023, 10:34:02 UTC | Fix a memleak in prepare_rsa_params This affects only RSA-PSS keys with params using negative salt legth, or in case of out of memory. This fixes a memory leak reported in #22049. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22061) (cherry picked from commit 46def829afa4d8bed8f53d484bdf842d65f0e176) | 13 September 2023, 05:47:19 UTC |
| ff3d5bc | Vladimir Kotal | 05 September 2023, 09:13:47 UTC | augment man pages with information about PKCS12KDF in FIPS mode Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21965) (cherry picked from commit 4ee8c1fb51687ea811fc2abf87e173c70d018bc2) | 11 September 2023, 09:01:25 UTC |
| db97646 | Tomas Mraz | 08 September 2023, 13:28:45 UTC | Add CVE-2023-4807 fix to CHANGES.md and NEWS.md Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22033) (cherry picked from commit 0be7510f49e498532708fd03628fc3fc62ee7875) | 11 September 2023, 08:57:03 UTC |
| b98fdb3 | Bernd Edlinger | 07 September 2023, 17:22:25 UTC | Fix a possible memleak in rsa_pub_encode That seems to be only an issue for RSA-PSS with parameters. Spotted by code review, so it looks like there is no test coverage for this. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22032) (cherry picked from commit 285eb1688f05ad477fefc681bf05d0afedc46d40) | 11 September 2023, 08:50:34 UTC |
| a6101a3 | Dmitry Misharov | 07 September 2023, 11:52:46 UTC | remove unused Appveyour config Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22000) (cherry picked from commit 8ac32e1e1b1a786366333acf897d332339610e6b) | 11 September 2023, 08:42:36 UTC |
| b893b59 | Randall S. Becker | 09 September 2023, 20:18:04 UTC | Fix typographical error in 80-test_cms.t (missing ;) Fixes: #22045 Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/22046) | 09 September 2023, 20:18:04 UTC |
| a3e71dc | Bernd Edlinger | 08 September 2023, 08:33:24 UTC | Fix output corruption in req command when used in conjunction with -out and -modulus options. Fixes #21403 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22026) (cherry picked from commit d2873946dfaff5537ea3d1adf3890e33a3f276ff) | 09 September 2023, 15:04:39 UTC |
| 0c4f6a4 | Bernd Edlinger | 06 September 2023, 12:06:52 UTC | Fix a possible memleak in SRP_VBASE_new In the error handling case the memory in vb->users_pwd was accidentally not released. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21981) (cherry picked from commit 68e95f7840d0d8ac4e5e03381cf9d305578dd1c7) | 08 September 2023, 07:21:08 UTC |
| 137e3a9 | Richard Levitte | 06 September 2023, 05:13:26 UTC | OSSL_STORE: Fix error flag clearing and setting (provider path only) When the provider's load function returned with an error, the libcrypto error flag was only set if EOF hadn't been reached. This is troublesome, as an error can very well occur during the last load before EOF is reached! Also, the error flag was never reset, even though documentation specifies that it should indicate an error in the last load (i.e. not the one before that). Fixes #21968 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21976) (cherry picked from commit 17dd9a2c6262c00800301fddd9441a9c590a630e) | 08 September 2023, 06:36:03 UTC |
| 41136a9 | Pauli | 07 September 2023, 02:35:10 UTC | Add test case for #21986 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/21988) (cherry picked from commit c870a465864259f0bdec0953ad085da31941bc27) | 08 September 2023, 06:35:27 UTC |
| 2482061 | Pauli | 06 September 2023, 23:27:37 UTC | Check error return from cms_sd_asn1_ctrl() correctly. Fixes #21986 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/21988) (cherry picked from commit 00a413e2483257a17239cef5dde52df14926284c) | 08 September 2023, 06:34:53 UTC |
| 457fd05 | wangcheng | 06 September 2023, 13:29:38 UTC | Modify the dkeyform type to support engine The valtype value of dkeyform defined in the s_server_options structure is F, which leads to the judgment that the engine is not supported when processing parameters in the opt_next function. This the valtype value of dkeyform should be changed to "f". CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21982) (cherry picked from commit b9a189ce87fde1de4bf691031624538262f005c5) | 08 September 2023, 06:17:09 UTC |
| cd06438 | Min Zhou | 06 September 2023, 03:52:26 UTC | test/chacha: replace CPUID_OBJ with OPENSSL_CPUID_OBJ Fixes #21977 Signed-off-by: Min Zhou <zhoumin@loongson.cn> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21978) (cherry picked from commit e6b6b18af3e85a6b5f0d8ea1070f7070557d6357) | 07 September 2023, 12:58:11 UTC |
| 0e34367 | Dr. David von Oheimb | 04 August 2023, 17:02:28 UTC | apps/cmp.c: fix bug not allowing to reset -csr and -serial option values Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21659) (cherry picked from commit 374945a9aa545d4d6f015de0b48cbed6a90258e0) | 05 September 2023, 19:06:29 UTC |
| 9e7cc1c | Dr. David von Oheimb | 04 August 2023, 06:23:58 UTC | apps.c: improve warning texts of parse_name() when skipping RDN input Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21659) (cherry picked from commit 49e097344ba51a8b25016794d482813b9c1e137f) | 05 September 2023, 19:04:13 UTC |
| cbec14f | Dr. David von Oheimb | 03 August 2023, 14:52:49 UTC | apps.c: fix error messages (newline and needless text) in load_key_certs_crls() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21659) (cherry picked from commit 81d037b8adb0232c8a4d4654f79c883dafb102bc) | 05 September 2023, 19:04:10 UTC |
| 7c14ec8 | Bernd Edlinger | 04 September 2023, 07:40:28 UTC | Fix internal memory leaks from OPENSSL_MALLOC_FAILURES There is a rarely used feature that can be enabled with `./config enable-crypto-mdebug` when additionally the environment variable OPENSSL_MALLOC_FAILURES is used. It turns out to be possible that CRYPTO_zalloc may create a leak when the memory is allocated and then the shouldfail happens, then the memory is lost. Likewise when OPENSSL_realloc is used with size=0, then the memory is to be free'd but here the shouldfail check is too early, and the failure may prevent the memory to be freed thus creating a bogus memory leak. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21944) (cherry picked from commit e2cf38d5751d6b48c8625b622c3765d0a39958d7) | 05 September 2023, 10:52:59 UTC |
| c503577 | dependabot[bot] | 05 September 2023, 07:56:28 UTC | Bump actions/checkout from 2 to 4 Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v2...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> CLA: trivial Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21953) (cherry picked from commit d4231af60a8d04196b3b873c2fa8638daff36173) | 05 September 2023, 09:23:49 UTC |
| 2fb934d | Neil Horman | 28 August 2023, 16:07:16 UTC | Implement dupctx for chacha20 cipher Implement the dupctx method for the chacha20 cipher, so that EVP_PKEY_CTX_copy works Its pretty straightforward, its basically just a memdup. Checking the pointers that might need fixing up: in PROV_CHACHA20_CTX all members are statically declared, so memduping should be fine in PROV_CHACHA20_CTX->base (PROV_CIPHER_CTX): Non statically declared members: *tlsmac needs to get memduped to avoid double free conditions, but only if base.alloced is set *hw pointer is always assigned to the chacha20_hw global variable, so can be left alone *libctx can be left alone as provctx is always NULL in chacha20_newctx *ks appears unused by chacha20, so can be ignored Fixes #20978 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21878) (cherry picked from commit 61cfc22b60e33bc77b1e1944759af48c8e58f0d2) | 04 September 2023, 00:16:51 UTC |
| 6754de4 | Bernd Edlinger | 22 August 2023, 14:07:30 UTC | Avoid clobbering non-volatile XMM registers This affects some Poly1305 assembler functions which are only used for certain CPU types. Remove those functions for Windows targets, as a simple interim solution. Fixes #21522 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21808) (cherry picked from commit 7b8e27bc2e02238986d89ef0ece067ec1b48e165) | 02 September 2023, 08:28:52 UTC |
| 9e4418f | Kurt Roeckx | 18 December 2022, 19:54:15 UTC | Update X509 fuzzer to verify a chain It add supports for verifying that it's been signed by a CA, and checks the CRL and OCSP status Can find CVE-2022-4203 and CVE-2023-0286 Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20243) (cherry picked from commit 399c2da08ab9c6a382f8e9950742a022e847fec0) (cherry picked from commit 869d95b00e22b68897a541abf3bcee3589d2d519) | 01 September 2023, 09:16:19 UTC |
| fc46712 | Ingo Franzki | 30 August 2023, 06:41:43 UTC | OPENSSL_init_crypto load config into initial global default library context OPENSSL_init_crypto() with OPENSSL_INIT_LOAD_CONFIG must load the configuration into the initial global default library context, not the currently set default library context. OPENSSL_init_crypto() with OPENSSL_INIT_LOAD_CONFIG may be called within other OpenSSL API functions, e.g. from within EVP_PKEY_CTX_new_xxx() when initializing a pkey context, to perform implicit initialization, if it has not been initialized yet. This implicit initialization may happen at a time when an application has already create its own library context and made it the default library context. So loading the config into the current default library context would load it into the applications library context. Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21897) (cherry picked from commit ecb6cdf02a302af18fe4bc20097a9ea3177f897c) | 31 August 2023, 15:07:44 UTC |
| 4f4da07 | Kai Pastor | 05 August 2023, 06:34:35 UTC | Set VC win64 perlasm scheme during Configure Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21661) (cherry picked from commit a2608e4bc430d6216bbf36f50a29278e8759103a) | 29 August 2023, 15:02:44 UTC |
| ec51c80 | Ingo Franzki | 23 August 2023, 13:08:51 UTC | Allow RSA-PSS also in EVP_PKEY_assign() and EVP_PKEY_can_sign() Treat keys with EVP_PKEY_RSA_PSS the same as EVP_PKEY_RSA in EVP_PKEY_can_sign() and detect_foreign_key() which is called by EVP_PKEY_assign(). Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21819) (cherry picked from commit e2972982c64f3f1ac10b3ebe1086d99ec67631bd) | 24 August 2023, 16:08:06 UTC |
| bf7021d | Ingo Franzki | 23 August 2023, 07:45:45 UTC | ctrl_params_translate: Allow get_rsa_payload_x() also for RSA-PSS The get_rsa_payload_x() functions should also allow to get the payload for RSA-PSS keys. Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21818) (cherry picked from commit cf712830b7b5a20a768a1fc5f78dc48841b7617f) | 24 August 2023, 14:12:32 UTC |
| 53dca2f | Ingo Franzki | 23 August 2023, 07:20:52 UTC | ctrl_params_translate: Allow RSA controls also for RSA-PSS Controls 'rsa_keygen_pubexp' and 'rsa_keygen_primes' should also be allowed for RSA-PSS keys. Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21818) (cherry picked from commit e2c2cca4b2fd1ad946d93507e9ca4f9ea910a114) | 24 August 2023, 14:12:31 UTC |
| 8e122f4 | Jakub Jelen | 23 August 2023, 11:24:57 UTC | doc: Avoid usage of non-existing constant CLA: trivial Fixes: #21809 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21817) (cherry picked from commit de4661b23776dde80fe5832eea34c63d5e15a6e4) | 24 August 2023, 14:06:12 UTC |
| 193b8ea | olszomal | 22 August 2023, 08:20:07 UTC | Fixed default value of the "ess_cert_id_alg" option in man openssl-ts(1) CLA: trivial Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21805) (cherry picked from commit 5ffad4bad9bd701cc3d14c96304484884ace0831) | 24 August 2023, 08:48:36 UTC |
