Skip to main content
swh:1:snp:dc2a5002442a00b1c0eda7c65d04ea7455e166cd
sort by:
RevisionAuthorDateMessageCommit Date
9398e40 Matt Caswell01 August 2023, 13:51:35 UTCPrepare for release of 1.1.1v Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes01 August 2023, 13:51:35 UTC
9c7d302 Matt Caswell01 August 2023, 13:51:30 UTCCopyright year updates Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes01 August 2023, 13:51:30 UTC
2330fdf Tomas Mraz25 July 2023, 14:00:06 UTCAdd CHANGES/NEWS for CVE-2023-3817 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21551)31 July 2023, 13:30:37 UTC
34d0f5c Tomas Mraz25 July 2023, 13:56:53 UTCdhtest.c: Add test of DH_check() with q = p + 1 This must fail with DH_CHECK_INVALID_Q_VALUE and with DH_CHECK_Q_NOT_PRIME unset. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21551)31 July 2023, 13:30:37 UTC
91ddeba Tomas Mraz21 July 2023, 09:39:41 UTCDH_check(): Do not try checking q properties if it is obviously invalid If |q| >= |p| then the q value is obviously wrong as q is supposed to be a prime divisor of p-1. We check if p is overly large so this added test implies that q is not large either when performing subsequent tests using that q value. Otherwise if it is too large these additional checks of the q value such as the primality test can then trigger DoS by doing overly long computations. Fixes CVE-2023-3817 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21551)31 July 2023, 13:30:37 UTC
eec805e Bernd Edlinger23 July 2023, 12:27:54 UTCMake DH_check set some error bits in recently added error The pre-existing error cases where DH_check returned zero are not related to the dh params in any way, but are only triggered by out-of-memory errors, therefore having *ret set to zero feels right, but since the new error case is triggered by too large p values that is something different. On the other hand some callers of this function might not be prepared to handle the return value correctly but only rely on *ret. Therefore we set some error bits in *ret as additional safety measure. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21533)26 July 2023, 11:23:15 UTC
97b4f2b Matt Caswell13 July 2023, 15:14:49 UTCUpdate CHANGES/NEWS for CVE-2023-3446 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21452)19 July 2023, 09:24:06 UTC
e9ddae1 Matt Caswell07 July 2023, 13:39:48 UTCAdd a test for CVE-2023-3446 Confirm that the only errors DH_check() finds with DH parameters with an excessively long modulus is that the modulus is too large. We should not be performing time consuming checks using that modulus. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21452)19 July 2023, 09:24:06 UTC
8780a89 Matt Caswell06 July 2023, 15:36:35 UTCFix DH_check() excessive time with over sized modulus The DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it is excessively large. There is already a maximum DH modulus size (10,000 bits) over which OpenSSL will not generate or derive keys. DH_check() will however still perform various tests for validity on such a large modulus. We introduce a new maximum (32,768) over which DH_check() will just fail. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). CVE-2023-3446 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21452)19 July 2023, 09:24:06 UTC
fe824ce Tomas Mraz30 May 2023, 12:43:18 UTCPrepare for 1.1.1v Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes30 May 2023, 12:43:18 UTC
70c2912 Tomas Mraz30 May 2023, 12:42:39 UTCPrepare for release of 1.1.1u Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes30 May 2023, 12:42:39 UTC
aff2886 Tomas Mraz30 May 2023, 12:42:20 UTCCopyright year updates Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes30 May 2023, 12:42:20 UTC
9e20994 Richard Levitte12 May 2023, 08:00:13 UTCRestrict the size of OBJECT IDENTIFIERs that OBJ_obj2txt will translate OBJ_obj2txt() would translate any size OBJECT IDENTIFIER to canonical numeric text form. For gigantic sub-identifiers, this would take a very long time, the time complexity being O(n^2) where n is the size of that sub-identifier. To mitigate this, a restriction on the size that OBJ_obj2txt() will translate to canonical numeric text form is added, based on RFC 2578 (STD 58), which says this: > 3.5. OBJECT IDENTIFIER values > > An OBJECT IDENTIFIER value is an ordered list of non-negative numbers. > For the SMIv2, each number in the list is referred to as a sub-identifier, > there are at most 128 sub-identifiers in a value, and each sub-identifier > has a maximum value of 2^32-1 (4294967295 decimal). Fixes otc/security#96 Fixes CVE-2023-2650 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>29 May 2023, 13:37:30 UTC
3cc6933 Clemens Lang24 May 2023, 11:12:54 UTCx509: Handle ossl_policy_level_add_node errors The invocation of ossl_policy_level_add_node in tree_calculate_user_set did not have any error handling. Add it to prevent a memory leak for the allocated extra policy data. Also add error handling to sk_X509_POLICY_NODE_push to ensure that if a new node was allocated, but could not be added to the stack, it is freed correctly. Fix error handling if tree->user_policies cannot be allocated by returning 0, indicating failure, rather than 1. Signed-off-by: Clemens Lang <cllang@redhat.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21066)29 May 2023, 12:57:47 UTC
b1cc84e Clemens Lang24 May 2023, 10:22:25 UTCx509: Fix possible use-after-free when OOM ossl_policy_level_add_node() first adds the new node to the level->nodes stack, and then attempts to add extra data if extra_data is true. If memory allocation or adding the extra data to tree->extra_data fails, the allocated node (that has already been added to the level->nodes stack) is freed using ossl_policy_node_free(), which leads to a potential use after free. Additionally, the tree's node count and the parent's child count would not be updated, despite the new node being added. Fix this by either performing the function's purpose completely, or not at all by reverting the changes on error. Signed-off-by: Clemens Lang <cllang@redhat.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21066)29 May 2023, 12:57:47 UTC
d2c6435 Richard Levitte15 May 2023, 12:30:43 UTCutil/mkdef.pl: Take shlib_variant into account For platforms using import libraries, the lack of this causes a disjoint between the name of the DLL that's produced, and the corresponding import library. Fixes #20942 (follows up #20732) Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20968)25 May 2023, 13:54:31 UTC
cd6f72a Tomas Mraz23 May 2023, 13:32:26 UTCAdd OpenSSL OMC key to list of key fingerprints Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21030)23 May 2023, 13:32:26 UTC
e94b438 Bernd Edlinger26 January 2023, 14:45:03 UTCFix the padlock engine ... after it was broken for almost 5 years, since the first 1.1.1 release. Note: The last working version was 1.1.0l release. Fixes #20073 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/20147)21 May 2023, 12:36:38 UTC
0f90c4d Bernd Edlinger13 May 2023, 07:04:18 UTCFix stack corruption in ui_read This is an alternative to #20893 Additionally this fixes also a possible issue in UI_UTIL_read_pw: When UI_new returns NULL, the result code would still be zero as if UI_UTIL_read_pw succeeded, but the password buffer is left uninitialized, with subsequent possible stack corruption or worse. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20957) (cherry picked from commit a64c48cff88e032cf9513578493c4536df725a22)17 May 2023, 10:09:23 UTC
8ddacec mlitre01 May 2023, 09:07:21 UTCAdd negative integer check when using ASN1_BIT_STRING The negative integer check is done to prevent potential overflow. Fixes #20719. CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20862) (cherry picked from commit 1258a8e4361320cd3cfaf9ede692492ce01034c8)03 May 2023, 23:09:21 UTC
0f05c54 Tomas Mraz28 April 2023, 07:41:20 UTCDrop invalid ERR_raise() call from incorrect cherry pick Fixes #20849 Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20852)01 May 2023, 10:17:10 UTC
58440f7 Richard Levitte14 April 2023, 06:42:08 UTCHave Windows and VMS build files use shlib_variant This is an omission, it should have been in place a long time ago. Fixes #20732 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20734)21 April 2023, 16:05:43 UTC
8daa261 Tomas Mraz20 April 2023, 08:24:38 UTCRe-add BN_F_OSSL_BN_RSA_DO_UNBLIND which was incorrectly removed Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20784)20 April 2023, 08:24:38 UTC
3f499b2 Bernd Edlinger13 February 2023, 16:46:41 UTCAlternative fix for CVE-2022-4304 This is about a timing leak in the topmost limb of the internal result of RSA_private_decrypt, before the padding check. There are in fact at least three bugs together that caused the timing leak: First and probably most important is the fact that the blinding did not use the constant time code path at all when the RSA object was used for a private decrypt, due to the fact that the Montgomery context rsa->_method_mod_n was not set up early enough in rsa_ossl_private_decrypt, when BN_BLINDING_create_param needed it, and that was persisted as blinding->m_ctx, although the RSA object creates the Montgomery context just a bit later. Then the infamous bn_correct_top was used on the secret value right after the blinding was removed. And finally the function BN_bn2binpad did not use the constant-time code path since the BN_FLG_CONSTTIME was not set on the secret value. In order to address the first problem, this patch makes sure that the rsa->_method_mod_n is initialized right before the blinding context. And to fix the second problem, we add a new utility function bn_correct_top_consttime, a const-time variant of bn_correct_top. Together with the fact, that BN_bn2binpad is already constant time if the flag BN_FLG_CONSTTIME is set, this should eliminate the timing oracle completely. In addition the no-asm variant may also have branches that depend on secret values, because the last invocation of bn_sub_words in bn_from_montgomery_word had branches when the function is compiled by certain gcc compiler versions, due to the clumsy coding style. So additionally this patch stream-lined the no-asm C-code in order to avoid branches where possible and improve the resulting code quality. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20284)31 March 2023, 19:06:23 UTC
0372649 Bernd Edlinger14 February 2023, 13:28:47 UTCRevert "Fix Timing Oracle in RSA decryption" This reverts commit 43d8f88511991533f53680a751e9326999a6a31f. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20284)31 March 2023, 10:46:29 UTC
0d16b7e Tomas Mraz21 March 2023, 15:15:47 UTCFix documentation of X509_VERIFY_PARAM_add0_policy() The function was incorrectly documented as enabling policy checking. Fixes: CVE-2023-0466 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20564)28 March 2023, 12:13:38 UTC
8bc232b Matt Caswell23 March 2023, 15:31:25 UTCUpdated CHANGES and NEWS for CVE-2023-0465 Also updated the entries for CVE-2023-0464 Related-to: CVE-2023-0465 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20588)28 March 2023, 12:09:38 UTC
23a4cbe Matt Caswell07 March 2023, 17:07:57 UTCAdd a Certificate Policies Test Test that a valid certificate policy is accepted and that an invalid certificate policy is rejected. Specifically we are checking that a leaf certificate with an invalid policy is detected. Related-to: CVE-2023-0465 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20588)28 March 2023, 12:09:38 UTC
b013765 Matt Caswell07 March 2023, 16:52:55 UTCEnsure that EXFLAG_INVALID_POLICY is checked even in leaf certs Even though we check the leaf cert to confirm it is valid, we later ignored the invalid flag and did not notice that the leaf cert was bad. Fixes: CVE-2023-0465 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20588)28 March 2023, 12:09:38 UTC
f675d16 Matt Caswell07 March 2023, 15:22:40 UTCGenerate some certificates with the certificatePolicies extension Related-to: CVE-2023-0465 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20588)23 March 2023, 15:50:07 UTC
13e030c Pauli22 March 2023, 01:13:07 UTCDisable the policy tree exponential growth test conditionally If there is no EC specified, the test won't pass. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/20572) (cherry picked from commit f5935fcf8e4bc2191ac4a32e5b7ec32817642f1e)23 March 2023, 09:10:11 UTC
fa425f2 Pauli15 March 2023, 03:29:22 UTCchanges: note about policy tree size limits and circumvention Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/20569)22 March 2023, 00:42:30 UTC
b44a67c Pauli08 March 2023, 03:39:25 UTCtest: add test cases for the policy resource overuse These trees have pathological properties with respect to building. The small tree stays within the imposed limit, the large tree doesn't. The large tree would consume over 150Gb of RAM to process. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/20569)22 March 2023, 00:42:30 UTC
879f708 Pauli08 March 2023, 04:28:20 UTCx509: excessive resource use verifying policy constraints A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Fixes CVE-2023-0464 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/20569)22 March 2023, 00:42:30 UTC
9693273 Mike Gilbert12 February 2023, 22:56:58 UTCFix Configure test for -mips in CFLAGS We want to add -mips2 or -mips3 only if the user hasn't already specified a mips version in CFLAGS. The existing test was a double-negative. CLA: trivial Fixes: https://github.com/openssl/openssl/issues/20214 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20536)17 March 2023, 15:34:47 UTC
332093f Pauli15 March 2023, 08:19:35 UTCFix copyright disclaimer. The mention of the GPL shouldn't have been there. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20517) (cherry picked from commit c879f8ac56170a5cf929fab8067beb2a5902be2b)16 March 2023, 09:18:56 UTC
d863610 Pauli09 March 2023, 07:26:32 UTCFix copyright header Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20473)09 March 2023, 07:26:32 UTC
82dfb98 Gang Chen21 February 2023, 06:54:46 UTCcrypto/conf: gcc build warning fix Fix the gcc build warning from conf_sap.c: variable flags set but not used [-Wunused-but-set-variable] variable appname set but not used [-Wunused-but-set-variable] variable filename set but not used [-Wunused-but-set-variable] CLA: trivial Signed-off-by: Gang Chen <gang.c.chen@intel.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20347)22 February 2023, 00:41:36 UTC
9f461a9 Bernd Edlinger13 February 2023, 11:58:33 UTCFix failing cms test when no-des is used The test tries to use DES but that may not be available. But for the purpose of regression testing CVE-2023-0215 the cipher is not relevant, so we use AES-128 instead. Fixes #20249 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/20276) (cherry picked from commit c400a1fe477b44a5eacbad2be8d50f2eaa92925c)20 February 2023, 05:03:53 UTC
eec3403 Hubert Kario08 February 2023, 13:13:24 UTCrsa: add msvc intrinsic for non x64 platforms _umul128() is x86_64 (x64) only, while __umulh() works everywhere, but doesn't generate optimal code on x64 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20244) (cherry picked from commit 075652f224479dad2e64b92e791b296177af8705)11 February 2023, 13:57:16 UTC
fd42c91 Richard Levitte07 February 2023, 13:37:22 UTCPrepare for 1.1.1u-dev Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes07 February 2023, 13:37:22 UTC
830bf8e Richard Levitte07 February 2023, 13:37:05 UTCPrepare for 1.1.1t release Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes07 February 2023, 13:37:05 UTC
c3a54c3 Richard Levitte07 February 2023, 11:55:04 UTCUpdate copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes07 February 2023, 11:55:04 UTC
a85fbb5 Tomas Mraz23 January 2023, 17:27:11 UTCAdd CHANGES and NEWS entries for the 1.1.1t release Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org>03 February 2023, 10:22:47 UTC
2c6c9d4 Hugo Landau17 January 2023, 17:45:42 UTCCVE-2023-0286: Fix GENERAL_NAME_cmp for x400Address (1.1.1) Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>03 February 2023, 10:22:47 UTC
f040f25 Matt Caswell14 December 2022, 17:15:18 UTCCheck CMS failure during BIO setup with -stream is handled correctly Test for the issue fixed in the previous commit Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>03 February 2023, 10:22:47 UTC
c3829dd Matt Caswell14 December 2022, 16:18:14 UTCFix a UAF resulting from a bug in BIO_new_NDEF If the aux->asn1_cb() call fails in BIO_new_NDEF then the "out" BIO will be part of an invalid BIO chain. This causes a "use after free" when the BIO is eventually freed. Based on an original patch by Viktor Dukhovni and an idea from Theo Buehler. Thanks to Octavio Galland for reporting this issue. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>03 February 2023, 10:22:47 UTC
2bd6112 Matt Caswell13 December 2022, 15:02:26 UTCAdd a test for CVE-2022-4450 Call PEM_read_bio_ex() and expect a failure. There should be no dangling ptrs and therefore there should be no double free if we free the ptrs on error. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org>03 February 2023, 10:22:47 UTC
bbcf509 Matt Caswell13 December 2022, 14:54:55 UTCAvoid dangling ptrs in header and data params for PEM_read_bio_ex In the event of a failure in PEM_read_bio_ex() we free the buffers we allocated for the header and data buffers. However we were not clearing the ptrs stored in *header and *data. Since, on success, the caller is responsible for freeing these ptrs this can potentially lead to a double free if the caller frees them even on failure. Thanks to Dawei Wang for reporting this issue. Based on a proposed patch by Kurt Roeckx. CVE-2022-4450 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org>03 February 2023, 10:22:47 UTC
43d8f88 Matt Caswell20 January 2023, 15:26:54 UTCFix Timing Oracle in RSA decryption A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. Patch written by Dmitry Belyavsky and Hubert Kario CVE-2022-4304 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>03 February 2023, 10:22:47 UTC
1dc2ae4 Richard Levitte30 January 2023, 14:19:10 UTCUse $config{build_file} instead of $target{build_file} If the user specifies an alternative build file than the default, this alternative is recorded in $config{build_file}, not $target{build_file}. Therefore, the former should be used, leaving the latter as a mere default. This is a bug. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/20174)03 February 2023, 10:13:01 UTC
b9e3749 Gerd Hoffmann12 January 2022, 09:30:15 UTCcrypto/bio: drop float formating for UEFI Using floating point is not supported in UEFI and can cause build problems, for example due to SSE being disabled and x64 calling convention passing floats in SSE registers. Avoid those problems by not compiling the formating code for floating point numbers. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19738)31 January 2023, 10:25:59 UTC
44da716 Hugo Landau18 January 2023, 15:43:56 UTCFix corruption when searching for CRLs in hashed directories (1.1) The by_dir certificate/CRL lookup code uses an OPENSSL_STACK to track how many sequentially numbered CRL files have been loaded for a given X509_NAME hash which is being requested. This avoids loading already loaded CRL files and repeated stat() calls. This OPENSSL_STACK is searched using sk_find, however this mutates the OPENSSL_STACK unless it is known to be sorted. This operation therefore requires a write lock, which was not taken. Fix this issue by sorting the OPENSSL_STACK whenever it is mutated. This guarantees no mutation will occur during sk_find. This is chosen over taking a write lock during sk_find as retrieving a CRL by X509_NAME is assumed to be a hotter path than the case where a new CRL is installed. Also optimise the code by avoiding creating the structure to track the last CRL file sequence number in the circumstance where it would match the initial value, namely where no CRL with the given hash is installed. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20127)24 January 2023, 14:45:50 UTC
adc3cfe Matt Caswell20 January 2023, 14:08:42 UTCAdd DTLS support to the large app data test Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20087)24 January 2023, 10:24:35 UTC
4b5ec7c Matt Caswell19 January 2023, 11:59:44 UTCEnsure our buffer allocation allows for the Explicit IV Some ciphers/protocol versions have an explicit IV. We need to make sure we have sufficient room for it in the underlying buffer. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20087)24 January 2023, 10:24:35 UTC
b958ecf Matt Caswell19 January 2023, 10:52:45 UTCAdd a test for large app data Test that sending large app data records works correctly. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20087)24 January 2023, 10:24:35 UTC
2bcf8e6 ValdikSS18 January 2023, 17:14:48 UTCPadlock: fix byte swapping assembly for AES-192 and 256 Byte swapping code incorrectly uses the number of AES rounds to swap expanded AES key, while swapping only a single dword in a loop, resulting in swapped key and partially swapped expanded keys, breaking AES encryption and decryption on VIA Padlock hardware. This commit correctly sets the number of swapping loops to be done. Fixes #20073 CLA: trivial Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20077) (cherry picked from commit 7331e7ef79fe4499d81cc92249e9c97e9ff9291a)20 January 2023, 07:32:55 UTC
d90907d Bernd Edlinger05 December 2022, 05:50:02 UTCFix CI failures with ubuntu-22.04 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19930)19 January 2023, 17:16:33 UTC
d49c98d Bernd Edlinger04 December 2022, 13:19:55 UTCFix various clang-14/15 compiler warnings Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19930)19 January 2023, 17:16:33 UTC
5bbd921 Bernd Edlinger08 November 2022, 16:43:22 UTCLimit size of modulus for bn_mul_mont and BN_mod_exp_mont_consttime Otherwise the alloca can cause an exception. Issue reported by Jiayi Lin. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19735)14 January 2023, 10:51:54 UTC
1d0fa26 Matt Caswell06 December 2022, 14:51:54 UTCEnsure ossl_cms_EncryptedContent_init_bio() reports an error on no OID If the cipher being used in ossl_cms_EncryptedContent_init_bio() has no associated OID then we should report an error rather than continuing on regardless. Continuing on still ends up failing - but later on and with a more cryptic error message. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19920)22 December 2022, 10:07:07 UTC
e913b91 Matt Caswell06 December 2022, 14:35:53 UTCFix BIO_f_asn1() to properly report some errors Some things that may go wrong in asn1_bio_write() are serious errors that should be reported as -1, rather than 0 (which just means "we wrote no data"). Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19920)22 December 2022, 10:07:07 UTC
1354191 Matt Caswell06 December 2022, 14:21:23 UTCFix SMIME_crlf_copy() to properly report an error If the BIO unexpectedly fails to flush then SMIME_crlf_copy() was not correctly reporting the error. We modify it to properly propagate the error condition. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19920)22 December 2022, 10:07:07 UTC
6446cb4 Matt Caswell06 December 2022, 14:18:53 UTCFix BIO_f_cipher() flushing If an error occurs during a flush on a BIO_f_cipher() then in some cases we could get into an infinite loop. We add a check to make sure we are making progress during flush and exit if not. This issue was reported by Octavio Galland who also demonstrated an infinite loop in CMS encryption as a result of this bug. The security team has assessed this issue as not a CVE. This occurs on *encryption* only which is typically processing trusted data. We are not aware of a way to trigger this with untrusted data. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19920)22 December 2022, 10:07:07 UTC
ed8af05 Bernd Edlinger16 December 2022, 18:30:29 UTCFix a logic flaw in test_mod_exp_zero Due to the logic flaw, possible test failures in this test case might be ignored. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19929) (cherry picked from commit 42061268ee8f9ae0555d522870740fc91b744f4f)21 December 2022, 15:36:14 UTC
68cec7e Bernd Edlinger16 November 2022, 11:32:06 UTCFix a memory leak in rsa_priv_encode If PKCS8_pkey_set0 fails, the memory in rk need to be clear freed otherwise it is owned by the PKCS8_PRIV_KEY_INFO. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19694)16 December 2022, 18:05:37 UTC
31efcf2 Matt Caswell27 October 2022, 13:14:53 UTCFix the ceiling on how much encryption growth we can have Stitched ciphersuites can grow by more during encryption than the code allowed for. We fix the calculation and add an assert to check we go it right. Also if we are adding the MAC independently of the cipher algorithm then the encryption growth will not include that MAC so we should remove it from the amount of bytes that we reserve for that growth. Otherwise we might exceed our buffer size and the WPACKET_reserve operation will fail. Note that this is not a security issue. Even though we can overflow the amount of bytes reserved in the WPACKET for the encryption, the underlying buffer is still big enough. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19585)05 December 2022, 11:10:55 UTC
f868abc Bernd Edlinger10 November 2022, 17:51:44 UTCResign test/certs/rootCA.pem to expire in 100 years Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19654) (cherry picked from commit 43086b1bd48958ce95fadba8459ad88675da4fdf)12 November 2022, 12:22:27 UTC
cf1a7cf Bernd Edlinger10 November 2022, 17:23:25 UTCUpdate the validity period of ed25519 cerificates Note: The private key is test/certs/root-ed25519.privkey.pem Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19654) (cherry picked from commit 42f917432999b34ad8618ae03a5f199738a2b5ba)12 November 2022, 12:22:07 UTC
2c0ae1e Tomas Mraz02 November 2022, 07:53:36 UTCUpdate GitHub actions as suggested by dependabot Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19581) (cherry picked from commit ec33ed712665ca65cabcd87d446e5db79a64379e)03 November 2022, 11:25:50 UTC
8a9a71b Tomas Mraz01 November 2022, 12:36:17 UTCPrepare for 1.1.1t-dev Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes01 November 2022, 12:36:17 UTC
1290581 Tomas Mraz01 November 2022, 12:36:10 UTCPrepare for 1.1.1s release Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes01 November 2022, 12:36:10 UTC
7d8a20c Tomas Mraz01 November 2022, 12:17:34 UTCUpdate copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes (Merged from https://github.com/openssl/openssl/pull/19560)01 November 2022, 12:28:05 UTC
7e8642c Tomas Mraz01 November 2022, 10:50:22 UTCUpdate CHANGES and NEWS for new release Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19558)01 November 2022, 10:52:01 UTC
aa542d2 Richard Levitte06 July 2022, 04:09:01 UTCMake openVMS seeding less dependent of OpenVMS version SYS$GETTIM_PREC is a very new function, only available on OpenVMS v8.4. OpenSSL binaries built on OpenVMS v8.4 become unusable on older OpenVM versions, but building for the older CRTL version will make the high precision time functions unavailable. Tests have shown that on Alpha and Itanium, the time update granularity between SYS$GETTIM and SYS$GETTIM_PREC is marginal, so the former plus a sequence number turns out to be better to guarantee a unique nonce. Fixes #18727 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18730)27 October 2022, 10:32:13 UTC
9b3219b Todd C. Miller24 October 2022, 14:00:48 UTCssl_cipher_process_rulestr: don't read outside rule_str buffer If rule_str ended in a "-", "l" was incremented one byte past the end of the buffer. This resulted in an out-of-bounds read when "l" is dereferenced at the end of the loop. It is safest to just return early in this case since the condition occurs inside a nested loop. CLA: trivial Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19166) (cherry picked from commit 428511ca66670e169a0e1b12e7540714b0be4cf8)26 October 2022, 10:52:23 UTC
c7a02ba Pauli20 October 2022, 23:29:09 UTCdoc: fix copy/paste error Fixes #19460 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/19461) (cherry picked from commit 5b9480fc1e814bf8fa2dce0dbbede147f04d477c)23 October 2022, 22:52:46 UTC
ad714ba Dr. David von Oheimb29 July 2022, 11:09:52 UTCFix many inconsistencies in doc of CMS_verify() and PKC7_verify() etc. Also change B< to I< in {CMS,PKCS7}_verify.pod, PKCS7_sign{,_add_signer}.pod Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19108) (cherry picked from commit 312a6b3a0327a986344c85aa6bc43e135d70bc6c)19 October 2022, 18:31:22 UTC
a3c229e Gibeom Gwon11 October 2022, 17:57:21 UTCFix no longer implicitly refresh the cached TBSCertificate This reverts commit 748df1874f0488ce0c86b6d2d083921abb34b1e3. Fixes #19388 Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19392)13 October 2022, 13:54:29 UTC
0ca7eae Matt Caswell11 October 2022, 12:46:07 UTCPrepare for 1.1.1s-dev Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes11 October 2022, 12:46:07 UTC
fbda8a9 Matt Caswell11 October 2022, 12:45:58 UTCPrepare for 1.1.1r release Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes11 October 2022, 12:45:58 UTC
0874d7f Matt Caswell11 October 2022, 12:13:47 UTCUpdate copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes (Merged from https://github.com/openssl/openssl/pull/19383)11 October 2022, 12:26:59 UTC
3d28f74 Matt Caswell10 October 2022, 10:53:46 UTCUpdated CHANGES and NEWS for new release Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes (Merged from https://github.com/openssl/openssl/pull/19381)11 October 2022, 12:11:42 UTC
01b5335 Adam Joseph01 October 2022, 03:55:29 UTCConfigurations: mips64*-linux-*abin32 needs bn_ops SIXTY_FOUR_BIT The IRIX mips64-cpu, n32-abi configurations include SIXTY_FOUR_BIT in bn_ops, but it is missing from mips64*-linux-*abin32 (which OpenSSL calls "linux-mips64"). This causes heap corruption when verifying TLS certificates (which tend to be RSA-signed) with openssl 1.1.1q: ``` nix@oak:~$ /nix/store/4k04dh6a1zs6hxiacwcg4a4nvxvgli2j-openssl-mips64el-unknown-linux-gnuabin32-1.1.1q-bin/bin/openssl s_client -host www.google.com -port 443free(): invalid pointer Aborted ``` and a slightly different failure with current HEAD: ``` nix@oak:~$ /nix/store/9bqxharxajsl9fid0c8ls6fb9wxp8kdc-openssl-mips64el-unknown-linux-gnuabin32-1.1.1q-bin/bin/openssl s_client -host www.google.com -port 443 Connecting to 142.250.180.4 CONNECTED(00000003) Fatal glibc error: malloc assertion failure in sysmalloc: (old_top == initial_top (av) && old_size == 0) || ((unsigned long) (old_size) >= MINSIZE && prev_inuse (old_top) && ((unsigned long) old_end & (pagesize - 1)) == 0) Aborted ``` Applying this patch and recompiling produces the expected output instead of a crash. Note that Gentoo (and to my knowledge all other other distributions which support mips64n32) use the `linux-generic32` configuration, which uses only 32-bit arithmetic (rather than full 64-bit arithmetic) and lacks assembler implementations for the SHA hash functions: https://gitweb.gentoo.org/repo/gentoo.git/tree/dev-libs/openssl/files/gentoo.config-1.0.2#n102 For support in nixpkgs we would like to use the full 64-bit integer registers and perlasm routines, so I'm submitting this upstream as well. Fixes #19319 CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19320) (cherry picked from commit d250e8563fa400fd3d9b93cff609c7503149b908)03 October 2022, 00:26:52 UTC
748df18 Gibeom Gwon27 August 2022, 13:29:28 UTCX509 x_all.c: Set 'modified' flag when ASN1_item_sign{,_ctx} call was successful Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18879)24 September 2022, 14:49:54 UTC
002cf9a Gibeom Gwon27 August 2022, 13:04:38 UTCX509 x509_req.c: Set 'modified' flag when X509_req_info_st member data updated We need to reencode X509_req_info_st if member data updated. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18879)24 September 2022, 14:49:54 UTC
6e6aad3 Daniel Fiala28 August 2022, 09:53:32 UTCConvert serverinfo in SSL_CTX_use_serverinfo() to v2. Fixes #18183. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19081)09 September 2022, 12:10:03 UTC
9eae491 Ryan Kelley16 August 2022, 05:28:50 UTCMoving notify check after the no time check CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19007) (cherry picked from commit c92c3dfb99485eb2cfb840e92bd0ece8cdd72d0c)23 August 2022, 01:05:54 UTC
07ecb79 Pauli16 August 2022, 01:05:02 UTCCoverity 1508506: misuse of time_t Fixes a bug in the cookie code which would have caused problems for ten minutes before and after the lower 32 bits of time_t rolled over. Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19022)22 August 2022, 04:46:00 UTC
552603e Pauli16 August 2022, 01:05:02 UTCCoverity 1508534 & 1508540: misuses of time_t Avoid problems when the lower 32 bits of time_t roll over by delaying the cast to integer until after the time delta has been computed. Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19004) (cherry picked from commit a6cadcbdc3b4f3fbd0fd228e41177f0661b68264)18 August 2022, 22:40:35 UTC
6246649 Pauli06 May 2022, 06:59:26 UTCbn_nist: fix strict aliasing problem As of clang-14 the strict aliasing is causing code to magically disappear. By explicitly inlining the code, the aliasing problem evaporates. Fixes #18225 Backport of #18258 to 1.1.1. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18948)17 August 2022, 15:44:45 UTC
d87e99d Matt Caswell25 July 2022, 11:39:52 UTCTest that swapping the first app data record with Finished msg works If the first app data record arrives before the Finished message we should be able to buffer it and move on to the Finished message. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18976)10 August 2022, 10:42:29 UTC
01fc812 Matt Caswell25 July 2022, 14:59:38 UTCFix SSL_pending() and SSL_has_pending() with DTLS If app data is received before a Finished message in DTLS then we buffer it to return later. The function SSL_pending() is supposed to tell you how much processed app data we have already buffered, and SSL_has_pending() is supposed to tell you if we have any data buffered (whether processed or not, and whether app data or not). Neither SSL_pending() or SSL_has_pending() were taking account of this DTLS specific app data buffer. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18976)10 August 2022, 10:39:26 UTC
4648839 Roberto Hueso Gomez01 August 2022, 18:11:22 UTCFix EC_KEY_set_private_key() NULL priv_key docs Updates the docs to describe EC_KEY_set_private_key() function behavior when a NULL priv_key argument is passed. Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18874)04 August 2022, 09:09:16 UTC
1c2f52b Roberto Hueso Gomez01 August 2022, 00:08:47 UTCAdd test for EC_KEY_set_private_key() This tests the behavior and API of the EC_KEY_set_private_key function. It tests compliance with legacy features related to NULL private keys too. Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18874)04 August 2022, 09:09:15 UTC
143d7d4 Roberto Hueso Gomez26 July 2022, 18:41:02 UTCFix EC_KEY_set_private_key() priv_key regression This allows to set EC_KEY's private key to NULL and fixes regression issue following OTC guideline in https://github.com/openssl/openssl/issues/18744#issuecomment-1195175696 Fixes #18744. Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18874)04 August 2022, 09:09:14 UTC
0b755cd Dr. David von Oheimb08 January 2021, 07:27:17 UTCX509_REQ_get_extensions(): Return empty stack if no extensions found Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18926)03 August 2022, 15:27:50 UTC
26cfeb7 Bernd Edlinger05 January 2022, 16:25:02 UTCFix copyright year issues Fixes: #13765 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17706)30 July 2022, 10:23:26 UTC
7dfe4aa Pauli28 July 2022, 01:23:29 UTCNote that EVP_CIPHER_iv_length returns negative values on error Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18894)29 July 2022, 09:15:06 UTC
3b9082c valdaarhun25 July 2022, 13:19:19 UTCFixes segfault occurrence in PEM_write() Checks if header is NULL or not before calling strlen(). CLA: trivial Fixes #18825 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18865) (cherry picked from commit 205957405d08ef199e6ab654e333a627bbca9ccc)29 July 2022, 02:39:51 UTC
back to top