)]}' { "log": [ { "commit": "22dbb176deef7d9a80f5c94f57a4b518ea935f50", "tree": "f01c8246562d81c13ffbaa6fd854fcaba8f65df7", "parents": [ "0db53e9312f9648874b283124655f9772dfa1690" ], "author": { "name": "Hugo Landau", "email": "hlandau@openssl.org", "time": "Fri May 13 13:11:44 2022 +0100" }, "committer": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Wed May 18 18:44:42 2022 +0200" }, "message": "Use --release in dev/release.sh\n\nFixes #18243.\nFixes #18242.\n\nReviewed-by: Matt Caswell \u003cmatt@openssl.org\u003e\nReviewed-by: Richard Levitte \u003clevitte@openssl.org\u003e\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18305)\n" }, { "commit": "0db53e9312f9648874b283124655f9772dfa1690", "tree": "4aa2849b70e17900c8c69e54116b4703577740db", "parents": [ "5702392f73e679fd9ed9dd912cf4c9dc613c4d71" ], "author": { "name": "Thomas Bellebaum", "email": "91870704+bellebaum@users.noreply.github.com", "time": "Tue May 17 13:42:05 2022 +0200" }, "committer": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Wed May 18 17:15:59 2022 +0200" }, "message": "Documentation: X509_V_ERR_CERT_CHAIN_TOO_LONG is not unused\n\nThe Error `X509_V_ERR_CERT_CHAIN_TOO_LONG` is not unused. See e.g. here:\n\nhttps://github.com/openssl/openssl/blob/598bd7741568a1aae678e5472f18aae1ab991e8d/crypto/x509/x509_vfy.c#L3318-L3319\n\nCLA: trivial\n\nReviewed-by: Matt Caswell \u003cmatt@openssl.org\u003e\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18330)\n" }, { "commit": "5702392f73e679fd9ed9dd912cf4c9dc613c4d71", "tree": "ff717b63b30b9158bb54272af9bc556936459de9", "parents": [ "c73ba81899c291d60851321e6de8913d4800c456" ], "author": { "name": "Hubert Kario", "email": "hkario@redhat.com", "time": "Fri Aug 06 13:39:32 2021 +0200" }, "committer": { "name": "Dmitry Belyavskiy", "email": "beldmit@gmail.com", "time": "Wed May 18 17:08:48 2022 +0200" }, "message": "add tests for PBKDF2 with SHA-3\n\nReviewed-by: Dmitry Belyavskiy \u003cbeldmit@gmail.com\u003e\nReviewed-by: Paul Dale \u003cpauli@openssl.org\u003e\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/16237)\n" }, { "commit": "c73ba81899c291d60851321e6de8913d4800c456", "tree": "5a23cb746d7b4b20fe0cc70541c757f9af75373e", "parents": [ "8b97bfcccc4328c65156bff6886db8733df39fde" ], "author": { "name": "Hubert Kario", "email": "hkario@redhat.com", "time": "Thu Aug 05 22:41:11 2021 +0200" }, "committer": { "name": "Dmitry Belyavskiy", "email": "beldmit@gmail.com", "time": "Wed May 18 17:08:48 2022 +0200" }, "message": "add support for SHA-3 based PRF to PBES2\n\nAs there are no limitations for HMACs used in PBKDF2 inside PBES2,\nas more specifically the SHA-3 hashes are drop-in replacements for\nSHA-2 hashes, we can easily add support for SHA-3 here.\n\nReviewed-by: Dmitry Belyavskiy \u003cbeldmit@gmail.com\u003e\nReviewed-by: Paul Dale \u003cpauli@openssl.org\u003e\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/16237)\n" }, { "commit": "8b97bfcccc4328c65156bff6886db8733df39fde", "tree": "95582b9f28a95cb09fa4a59a625fd73515ea89be", "parents": [ "598bd7741568a1aae678e5472f18aae1ab991e8d" ], "author": { "name": "Dmitry Belyavskiy", "email": "beldmit@gmail.com", "time": "Thu May 12 17:52:21 2022 +0200" }, "committer": { "name": "Dmitry Belyavskiy", "email": "beldmit@gmail.com", "time": "Tue May 17 15:25:11 2022 +0200" }, "message": "Missing changes entry about OPENSSL_str[n]casecmp\n\nReviewed-by: Paul Dale \u003cpauli@openssl.org\u003e\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18302)\n" }, { "commit": "598bd7741568a1aae678e5472f18aae1ab991e8d", "tree": "275f4a2f20b08cc2441650dfb8f21b69e02015e0", "parents": [ "524bac570702a79366b85ff1f66e07d3e002370c" ], "author": { "name": "Bernd Edlinger", "email": "bernd.edlinger@hotmail.de", "time": "Mon May 16 07:06:42 2022 +0200" }, "committer": { "name": "Bernd Edlinger", "email": "bernd.edlinger@hotmail.de", "time": "Tue May 17 13:16:03 2022 +0200" }, "message": "Fix KTLS with BIO_new_connect\n\nWhen a socket connection is done using BIO_new_connect,\nthe ktls_enable is done too early, and fails with ENOTCONN.\nTherefore the KLTS ioctl will fail later with ENOPROTOOPT.\nFix that by doing the ktls_enable after the connection\nsucceeded, not when the socket is created as that will\nalways fail.\n\nOne example where this happens is doit_localhost in\ntest/ssl_old_test.c, and therefore, contrary to the expectation\nthe -client_ktls option did never enable the client KTLS\nconnection, but this was not noticed, because there was no\ndiagnostic output, and it was only visible with strace output.\n\nAlso enhanced the ssl_old_test -client_ktls/-server_ktls\noptions together with -v option to print a summary line\nif and how KTLS was negotiated in server and client.\n\nWhile I am already there adjusted the usage info of\nthe -s_cert, -s_key commands, and allow -time to print the\ntimings of ktls connections.\n\nReviewed-by: Matt Caswell \u003cmatt@openssl.org\u003e\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18318)\n" }, { "commit": "524bac570702a79366b85ff1f66e07d3e002370c", "tree": "19012c9e964a5594bf8bed6789b3062493bf6619", "parents": [ "6646e015a50e5455117c22a27032011689db710f" ], "author": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Tue Apr 26 09:42:01 2022 +0200" }, "committer": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Mon May 16 10:45:48 2022 +0200" }, "message": "Fix BIO_get_ktls_send/recv to return 0 or 1 only\n\nFixes #18176\n\nReviewed-by: Matt Caswell \u003cmatt@openssl.org\u003e\nReviewed-by: Bernd Edlinger \u003cbernd.edlinger@hotmail.de\u003e\n(Merged from https://github.com/openssl/openssl/pull/18178)\n" }, { "commit": "6646e015a50e5455117c22a27032011689db710f", "tree": "396708e393c4f2ab4a2d14697afe96dd3bc328c8", "parents": [ "e5f831a065df1d6e4640ef389f8594a5f10c9c8e" ], "author": { "name": "Zhou Qingyang", "email": "zhou1615@umn.edu", "time": "Fri Apr 08 21:43:37 2022 +0800" }, "committer": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Mon May 16 10:43:09 2022 +0200" }, "message": "Add return value check of EVP_PKEY_copy_parameters () in ssl_set_cert_and_key()\n\nIt seems the return value of EVP_PKEY_copy_parameters() in\nssl_set_cert_and_key(), and could lead to null pointer dereference in\nEVP_PKEY_eq() function.\n\nHowever those functions are complicated and this fix is suggested by\na static analyzer, so please advise.\n\nReviewed-by: Dmitry Belyavskiy \u003cbeldmit@gmail.com\u003e\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18071)\n" }, { "commit": "e5f831a065df1d6e4640ef389f8594a5f10c9c8e", "tree": "e54bd5e50690c5eb767d1b2aa1dfb8626ec55ad2", "parents": [ "f505be999f00232702aeb6918e4a1ffa0b9b588b" ], "author": { "name": "Daniel Fiala", "email": "daniel@openssl.org", "time": "Tue May 10 14:39:19 2022 +0200" }, "committer": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Fri May 13 10:39:16 2022 +0200" }, "message": "mkdef.pl: Add cmd-line flag to differentiate shared libs and DSO.\n\nFixes openssl#16984.\n\nReviewed-by: Richard Levitte \u003clevitte@openssl.org\u003e\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18284)\n" }, { "commit": "f505be999f00232702aeb6918e4a1ffa0b9b588b", "tree": "fb37a5bf130bfc50bc5c655359be996d569944c4", "parents": [ "92d050167713f9a094c149c38435b07512c68936" ], "author": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Tue May 10 17:22:24 2022 +0200" }, "committer": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Fri May 13 08:30:48 2022 +0200" }, "message": "Always try locale initialization from OPENSSL_strcasecmp\n\nFixes #18172\n\nReviewed-by: Dmitry Belyavskiy \u003cbeldmit@gmail.com\u003e\nReviewed-by: Paul Dale \u003cpauli@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18282)\n" }, { "commit": "92d050167713f9a094c149c38435b07512c68936", "tree": "2f8ad0729714e737d7f44c20f37a96095e0875a8", "parents": [ "26ccb0e4e0b100423184636457cd6aab4cc779ab" ], "author": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Tue May 10 17:00:26 2022 +0200" }, "committer": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Fri May 13 08:30:48 2022 +0200" }, "message": "Add fallback in case of locale initialization failure\n\nReviewed-by: Dmitry Belyavskiy \u003cbeldmit@gmail.com\u003e\nReviewed-by: Paul Dale \u003cpauli@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18282)\n" }, { "commit": "26ccb0e4e0b100423184636457cd6aab4cc779ab", "tree": "ccd8994139c907f5eeb462cdfe84182a85e9a123", "parents": [ "71c17c36d913a82742c7d4ecd91ad047906cdae0" ], "author": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Tue May 10 16:46:35 2022 +0200" }, "committer": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Fri May 13 08:30:48 2022 +0200" }, "message": "Avoid code duplication for locale initialization\n\nReviewed-by: Dmitry Belyavskiy \u003cbeldmit@gmail.com\u003e\nReviewed-by: Paul Dale \u003cpauli@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18282)\n" }, { "commit": "71c17c36d913a82742c7d4ecd91ad047906cdae0", "tree": "9c2ae300271ed521c48ed7397cef18816e2b4d40", "parents": [ "cf91a2b3c196ee4d7be93ab9f8fc8e097128ad68" ], "author": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Tue May 10 16:31:20 2022 +0200" }, "committer": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Fri May 13 08:30:41 2022 +0200" }, "message": "Move OPENSSL_strcasecmp() and related to o_str.c\n\nOtherwise the implementation is unnecessarily duplicated in legacy.so.\n\nReviewed-by: Dmitry Belyavskiy \u003cbeldmit@gmail.com\u003e\nReviewed-by: Paul Dale \u003cpauli@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18282)\n" }, { "commit": "cf91a2b3c196ee4d7be93ab9f8fc8e097128ad68", "tree": "59416d5a6a6bec4a73b185c41aeeab1a12c02148", "parents": [ "b98f989e0c741d7534a58ba3fb22f5af0f016ca4" ], "author": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Thu May 05 12:35:11 2022 +0200" }, "committer": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Fri May 13 08:30:41 2022 +0200" }, "message": "Include the e_os.h before string.h\n\nFixes #18244\n\nReviewed-by: Dmitry Belyavskiy \u003cbeldmit@gmail.com\u003e\nReviewed-by: Paul Dale \u003cpauli@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18282)\n" }, { "commit": "b98f989e0c741d7534a58ba3fb22f5af0f016ca4", "tree": "dca8f71bc7f5d7513e584ff061baf2fd257638a0", "parents": [ "615525bd4d6bbc56601fbdc82e7ac20344f48872" ], "author": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Wed May 04 16:58:06 2022 +0200" }, "committer": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Fri May 13 08:30:41 2022 +0200" }, "message": "Fix build on OPENSSL_SYS_TANDEM and older POSIXes\n\nIt also allows for passing -DOPENSSL_NO_LOCALE as a workaround\nto ./Configure command.\n\nFixes #18233\n\nReviewed-by: Dmitry Belyavskiy \u003cbeldmit@gmail.com\u003e\nReviewed-by: Paul Dale \u003cpauli@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18282)\n" }, { "commit": "615525bd4d6bbc56601fbdc82e7ac20344f48872", "tree": "911c7a7da5225e36172c4b1f36f8f934cd8f1b6e", "parents": [ "4b1b629725970384d6cf4dafe9e83e54859574cd" ], "author": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Tue May 10 15:40:58 2022 +0200" }, "committer": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Fri May 13 08:30:41 2022 +0200" }, "message": "int_ctx_new(): Revert extra OPENSSL_init_crypto() call\n\nReviewed-by: Dmitry Belyavskiy \u003cbeldmit@gmail.com\u003e\nReviewed-by: Paul Dale \u003cpauli@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18282)\n" }, { "commit": "4b1b629725970384d6cf4dafe9e83e54859574cd", "tree": "d5d3d618c299fc7dfbb3065bdb0891f302615e99", "parents": [ "70dc0b6d27a11a7f64fe914a3f376988ad1b1720" ], "author": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Mon May 09 13:57:11 2022 +0200" }, "committer": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Thu May 12 08:28:12 2022 +0200" }, "message": "Always try to construct methods as new provider might be added\n\nOtherwise optional properties can be incorrectly ignored.\n\nFixes #18262\n\nReviewed-by: Matt Caswell \u003cmatt@openssl.org\u003e\nReviewed-by: Richard Levitte \u003clevitte@openssl.org\u003e\nReviewed-by: Paul Dale \u003cpauli@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18269)\n" }, { "commit": "70dc0b6d27a11a7f64fe914a3f376988ad1b1720", "tree": "7d7abaa65abb801788432c5faf8cee34d729fbd8", "parents": [ "3b85d9de443c31e49a0215c1fe3c80828d609062" ], "author": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Mon May 09 13:23:10 2022 +0200" }, "committer": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Thu May 12 08:27:55 2022 +0200" }, "message": "Add test for query invalidation after new provider added\n\nReviewed-by: Matt Caswell \u003cmatt@openssl.org\u003e\nReviewed-by: Richard Levitte \u003clevitte@openssl.org\u003e\nReviewed-by: Paul Dale \u003cpauli@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18269)\n" }, { "commit": "3b85d9de443c31e49a0215c1fe3c80828d609062", "tree": "998a1a0181e75f72decb9872041e73892cf0f725", "parents": [ "2787a709c984d3884e1726383c2f2afca428d795" ], "author": { "name": "Keith W. Campbell", "email": "keithc@ca.ibm.com", "time": "Wed Apr 13 18:14:33 2022 -0400" }, "committer": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Wed May 11 15:13:43 2022 +0200" }, "message": "Add quotes around perl scripts\n\nOtherwise, it seems nmake doesn\u0027t invoke perl properly.\n\nSigned-off-by: Keith W. Campbell \u003ckeithc@ca.ibm.com\u003e\n\nReviewed-by: Matt Caswell \u003cmatt@openssl.org\u003e\nReviewed-by: Richard Levitte \u003clevitte@openssl.org\u003e\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18215)\n" }, { "commit": "2787a709c984d3884e1726383c2f2afca428d795", "tree": "7fb9c8d96166175d0267955b460e00c8dc22d9b5", "parents": [ "cb2764f2a8165421dc5ab52159af99cbf766fa2c" ], "author": { "name": "Hongren (Zenithal) Zheng", "email": "i@zenithal.me", "time": "Mon May 09 19:42:39 2022 +0800" }, "committer": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Wed May 11 15:10:07 2022 +0200" }, "message": "Make IV/buf in prov_cipher_ctx_st aligned\n\nMake IV/buf aligned will drastically improve performance\nas some architecture performs badly on misaligned memory\naccess.\n\nRef to\nhttps://gist.github.com/ZenithalHourlyRate/7b5175734f87acb73d0bbc53391d7140#file-2-openssl-long-md\nRef to\nopenssl#18197\n\nSigned-off-by: Hongren (Zenithal) Zheng \u003ci@zenithal.me\u003e\n\nReviewed-by: Paul Dale \u003cpauli@openssl.org\u003e\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18267)\n" }, { "commit": "cb2764f2a8165421dc5ab52159af99cbf766fa2c", "tree": "0dad38b98830a896049fd3998202aac5239c8333", "parents": [ "8712db5e4e0c508de10e887aebf639384dc20710" ], "author": { "name": "Henry Brausen", "email": "henry.brausen@vrull.eu", "time": "Fri Jan 28 01:12:38 2022 -0700" }, "committer": { "name": "Pauli", "email": "pauli@openssl.org", "time": "Wed May 11 18:02:03 2022 +1000" }, "message": "Add riscv64 asm_arch to linux64-riscv64 target\n\nReviewed-by: Philipp Tomsich \u003cphilipp.tomsich@vrull.eu\u003e\nSigned-off-by: Henry Brausen \u003chenry.brausen@vrull.eu\u003e\n\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\nReviewed-by: Paul Dale \u003cpauli@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18275)\n" }, { "commit": "8712db5e4e0c508de10e887aebf639384dc20710", "tree": "052caa20dc711107ef5912b458817c2cf920ac78", "parents": [ "1c8787d5e0b01bedfc3cbe5eab5b85290221d8c1" ], "author": { "name": "Pauli", "email": "pauli@openssl.org", "time": "Fri May 06 16:59:26 2022 +1000" }, "committer": { "name": "Pauli", "email": "pauli@openssl.org", "time": "Tue May 10 19:38:42 2022 +1000" }, "message": "bn_nist: fix strict aliasing problem\n\nAs of clang-14 the strict aliasing is causing code to magically disappear.\nBy explicitly inlining the code, the aliasing problem evaporates.\n\nFixes #18225\n\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\nReviewed-by: Tim Hudson \u003ctjh@openssl.org\u003e\nReviewed-by: Matt Caswell \u003cmatt@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18258)\n" }, { "commit": "1c8787d5e0b01bedfc3cbe5eab5b85290221d8c1", "tree": "ace8480fe48e2065b921ad9a4583deb63434265f", "parents": [ "11e85b8941cb6f728e37f15502f26e67231db6b6" ], "author": { "name": "Dr. Matthias St. Pierre", "email": "matthias.st.pierre@ncp-e.com", "time": "Tue Mar 29 21:50:21 2022 +0200" }, "committer": { "name": "Dr. Matthias St. Pierre", "email": "matthias.st.pierre@ncp-e.com", "time": "Tue May 10 09:47:54 2022 +0200" }, "message": "err: get rid of err_free_strings_int()\n\nEven though the function is not part of the public api, it is not\nentirely removed, in order to minimize the chance of breakage,\nbecause it is exported from libcrypto. Instead, we keep a dummy\nimplementation.\n\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\nReviewed-by: Paul Dale \u003cpauli@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/17974)\n" }, { "commit": "11e85b8941cb6f728e37f15502f26e67231db6b6", "tree": "b7720ffa2e4da33f445ab4dc7b6442585e67cfb2", "parents": [ "3b836385679504579ee1052ed4b4ef1d9f49fa13" ], "author": { "name": "Dr. Matthias St. Pierre", "email": "matthias.st.pierre@ncp-e.com", "time": "Mon Mar 28 11:47:55 2022 +0200" }, "committer": { "name": "Dr. Matthias St. Pierre", "email": "matthias.st.pierre@ncp-e.com", "time": "Tue May 10 09:47:54 2022 +0200" }, "message": "err: fix crash in ERR_load_strings() when configured with no-err\n\nThis commit removes the entire initialization and cleanup of the\nerror string hash table (`int_error_hash`) if `no-err` is configured.\nThe only operative function remaining is `ERR_get_next_error_library()`.\nThat is the reason why the `err_string_lock` and hence the\n`do_err_strings_init()` function can\u0027t be removed entirely.\n\nFixes #17971\n\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\nReviewed-by: Paul Dale \u003cpauli@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/17974)\n" }, { "commit": "3b836385679504579ee1052ed4b4ef1d9f49fa13", "tree": "9aa5351bd0b1185430a50777f1dd324955de09b0", "parents": [ "a6680123643bc3289ecbcbd6bce844a814c1510a" ], "author": { "name": "basavesh", "email": "basavesh.shivakumar@gmail.com", "time": "Sun Apr 03 16:04:53 2022 +0200" }, "committer": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Mon May 09 16:40:21 2022 +0200" }, "message": "Fix leakage when the cacheline is 32-bytes in CBC_MAC_ROTATE_IN_PLACE\n\nrotated_mac is a 64-byte aligned buffer of size 64 and rotate_offset is secret.\nConsider a weaker leakage model(CL) where only cacheline base address is leaked,\ni.e address/32 for 32-byte cacheline(CL32).\n\nPrevious code used to perform two loads\n 1. rotated_mac[rotate_offset ^ 32] and\n 2. rotated_mac[rotate_offset++]\nwhich would leak 2q + 1, 2q for 0 \u003c\u003d rotate_offset \u003c 32\nand 2q, 2q + 1 for 32 \u003c\u003d rotate_offset \u003c 64\n\nThe proposed fix performs load operations which will always leak 2q, 2q + 1 and\nselects the appropriate value in constant-time.\n\nReviewed-by: Matt Caswell \u003cmatt@openssl.org\u003e\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18033)\n" }, { "commit": "a6680123643bc3289ecbcbd6bce844a814c1510a", "tree": "e996d86fac0de93be98baaa09e6035ab6894ebe8", "parents": [ "221d65ba534d23a240ccadd0c2679b222aae35b1" ], "author": { "name": "Max Bachmann", "email": "kontakt@maxbachmann.de", "time": "Fri May 06 12:09:27 2022 +0200" }, "committer": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Mon May 09 11:13:37 2022 +0200" }, "message": "remove legacy VxWorks workaround\n\nThe same workaround was already removed in sockets.h\nin 5c8b7b4caa0faedb69277063a7c6b3a8e56c6308\n\nReviewed-by: Paul Dale \u003cpauli@openssl.org\u003e\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18260)\n" }, { "commit": "221d65ba534d23a240ccadd0c2679b222aae35b1", "tree": "07950512dbca4c48369966153f112b8298bad88d", "parents": [ "b807c2fbab2128cf3746bb2ebd51cbe3bb6914a9" ], "author": { "name": "Benjamin Kaduk", "email": "bkaduk@akamai.com", "time": "Mon May 02 10:40:57 2022 -0700" }, "committer": { "name": "Benjamin Kaduk", "email": "kaduk@mit.edu", "time": "Sun May 08 23:48:34 2022 -0700" }, "message": "evp_md: assert digest is provided for algctx reuse\n\nWhen reusing an algctx (it was always freed on reinitialization,\nprior to #18105), assert that the associated digest is provided.\nWe implicitly rely on this for algctx reuse to be safe (since\nan implicit fetch could potentially change the digest object used,\nincluding provider, which accordingly could change the layout of the\nalgctx object.\n\nFrom code inspection, this is currently always the case -- the only\nway to set an algctx requires the provider to be set, and the only\nways to change or remove a provider without destroying the entier\nEVP_MD_CTX will also free the algctx. Adding an assertion will help\nensure that this remains true as the code evolves.\n\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\nReviewed-by: Paul Dale \u003cpauli@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18224)\n" }, { "commit": "b807c2fbab2128cf3746bb2ebd51cbe3bb6914a9", "tree": "61655b971d3b484b60f532d83e4c7d2fb9ec02bb", "parents": [ "ecb1ed1b0e5aea5b71e8a98e95b6f9f022d61c89" ], "author": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Thu May 05 08:11:24 2022 +0200" }, "committer": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Mon May 09 08:43:36 2022 +0200" }, "message": "EVP_PKEY_Q_keygen: Call OPENSSL_init_crypto to init strcasecmp\n\nReviewed-by: Dmitry Belyavskiy \u003cbeldmit@gmail.com\u003e\nReviewed-by: Matt Caswell \u003cmatt@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18247)\n" }, { "commit": "ecb1ed1b0e5aea5b71e8a98e95b6f9f022d61c89", "tree": "68ef2b5d6450d02ed7bc668c5ed3e161ffb7c9a4", "parents": [ "be92036b347e381fd606e100b6c91f1bab4b7718" ], "author": { "name": "Dimitry Andric", "email": "dimitry@unified-streaming.com", "time": "Thu May 05 16:23:16 2022 +0200" }, "committer": { "name": "Pauli", "email": "pauli@openssl.org", "time": "Mon May 09 10:53:25 2022 +1000" }, "message": "Correct padding mode flag name for EVP_PKEY_decrypt/encrypt() examples\n\nThe example code in EVP_PKEY_decrypt(3) and EVP_PKEY_encrypt(3) and uses\na nonexistent padding mode `RSA_OAEP_PADDING`, which should be\n`RSA_PKCS1_OAEP_PADDING` instead.\n\nCLA: trivial\n\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\nReviewed-by: Shane Lontis \u003cshane.lontis@oracle.com\u003e\nReviewed-by: Paul Dale \u003cpauli@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18255)\n" }, { "commit": "be92036b347e381fd606e100b6c91f1bab4b7718", "tree": "388732d06c03ff0fe264d931c3561ef1dc5413e2", "parents": [ "4b4d0ded6df357f76f580b7218abb3fe55f64463" ], "author": { "name": "Ahmed JELIJLI", "email": "ahmedjeljeli@gmail.com", "time": "Thu May 05 11:33:25 2022 +0200" }, "committer": { "name": "Pauli", "email": "pauli@openssl.org", "time": "Mon May 09 10:51:51 2022 +1000" }, "message": "doc: Fix RSA public key parameters\n\nCLA: trivial\n\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\nReviewed-by: Matt Caswell \u003cmatt@openssl.org\u003e\nReviewed-by: Paul Dale \u003cpauli@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18253)\n" }, { "commit": "4b4d0ded6df357f76f580b7218abb3fe55f64463", "tree": "517f7109a34a171d47226c8ca86aebad5c2c54c7", "parents": [ "0b3d2594d060dc19269d3740ad672f065ec6398a" ], "author": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Thu May 05 14:45:23 2022 +0200" }, "committer": { "name": "Pauli", "email": "pauli@openssl.org", "time": "Mon May 09 10:09:39 2022 +1000" }, "message": "Add a testcase for OSSL_PROVIDER_unload() being fully effective\n\nReviewed-by: Matt Caswell \u003cmatt@openssl.org\u003e\nReviewed-by: Richard Levitte \u003clevitte@openssl.org\u003e\nReviewed-by: Paul Dale \u003cpauli@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18254)\n" }, { "commit": "0b3d2594d060dc19269d3740ad672f065ec6398a", "tree": "c524a2c5758c1d3af586d69ff69efba254b23e48", "parents": [ "836bb0890dc4d139215824cc9ac35591361f8117" ], "author": { "name": "slontis", "email": "shane.lontis@oracle.com", "time": "Wed May 04 12:04:43 2022 +1000" }, "committer": { "name": "Pauli", "email": "pauli@openssl.org", "time": "Mon May 09 10:07:42 2022 +1000" }, "message": "Add documentation for key validation that indicates the difference between the\nEVP_PKEY_XXX_check() calls for the default and fips providers.\n\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\nReviewed-by: Paul Dale \u003cpauli@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18235)\n" }, { "commit": "836bb0890dc4d139215824cc9ac35591361f8117", "tree": "4e31d172972359235be0e679fe98aeda4aae4c06", "parents": [ "eab9dbbdd1f102dc1a26549a77fcc5c167385cd5" ], "author": { "name": "Max Bachmann", "email": "kontakt@maxbachmann.de", "time": "Thu May 05 09:56:10 2022 +0200" }, "committer": { "name": "Pauli", "email": "pauli@openssl.org", "time": "Mon May 09 10:06:18 2022 +1000" }, "message": "Exclude IPv6 code using OPENSSL_USE_IPV6 instead of AF_INET6\n\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\nReviewed-by: Bernd Edlinger \u003cbernd.edlinger@hotmail.de\u003e\nReviewed-by: Richard Levitte \u003clevitte@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18250)\n" }, { "commit": "eab9dbbdd1f102dc1a26549a77fcc5c167385cd5", "tree": "d56f6ec8748baecf686526fa4e0c198c4b28fc50", "parents": [ "4e720f12fade8d433e5a0eb3ead9017193dac6e7" ], "author": { "name": "Nathan Sidwell", "email": "nathan@acm.org", "time": "Mon Apr 25 10:50:36 2022 -0700" }, "committer": { "name": "Pauli", "email": "pauli@openssl.org", "time": "Mon May 09 10:04:58 2022 +1000" }, "message": "Header file cleanup for C++20 header-units\n\nC++20 adds \u0027header units\u0027 as a stepping-stone to modules. Header\nunits are regular header-files that have a \u0027self-contained\u0027 property\n-- they do not require previously-included headers to provide typedefs\nand what not.\n\nThis addresses 2 problems discovered when using clang modules (as a\nproxy for C++20 header-units).\n\na) Some headers that pay attention to OPENSSL_NO_STDIO to determine\nwhether to declare certain FILE*-taking functions do not #include\n\u003cstdio.h\u003e themselves, relying on their includer already having done\nthat. That breaks the above mentioned encapuslation requirement.\nFixed by conditionally including stdio.h in those headers. I chose to\nalways include stdio.h in such headers, even when they included\nanother such header that transitively included stdio. That way they\ndo not rely on an artifact of that intermediate header\u0027s behaviour.\n\nb) Some headers have #includes inside \u0027extern \"C\" { ... }\u0027 regions.\nThat has a bad code-smell, but GCC and clang have extensions to permit\nit with implementation-defined effects. Clang needs annotation on the\nincluded files to know that they themselves are entirely inside a\nsimilar region. GCC behavesq as-if there\u0027s an extern \"C++\" region\nwrapping the included header (which must therefore wrap its contents\nin extern \"C\", if that is what it wants. In effect the includer\u0027s\nextern \"C\" region is just misleading. I didn\u0027t audit all the headers\nfor this, only those I noticed when addressing #a.\n\n\\#a is necessary to build the headers as a set of clang-modules. #b\nis not necessary, but as I mentioned, avoids potentially\nimplementation-defined behaviour.\n\nReviewed-by: Todd Short \u003ctodd.short@me.com\u003e\nReviewed-by: Paul Dale \u003cpauli@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18221)\n" }, { "commit": "4e720f12fade8d433e5a0eb3ead9017193dac6e7", "tree": "5f76468fed6406d2f564f2485baa4edd351fd35b", "parents": [ "6d4f63469ed5a0f6e7ccde189e8a6d2bb1d2b26a" ], "author": { "name": "Pauli", "email": "pauli@openssl.org", "time": "Wed Mar 16 14:30:03 2022 +1100" }, "committer": { "name": "Pauli", "email": "pauli@openssl.org", "time": "Sun May 08 17:50:04 2022 +1000" }, "message": "Fix Coverity 1201740 \u0026 1201712: uninitialised values\n\nThese are both false positives since the `d` array is initialised by\nthe `DES_cfb_encrypt()` call via the `l2cn` macro. Rather than ignoring them\nand having them crop up later, it\u0027s easier to just add an initialiser.\n\nReviewed-by: Matthias St. Pierre \u003cMatthias.St.Pierre@ncp-e.com\u003e\nReviewed-by: Dmitry Belyavskiy \u003cbeldmit@gmail.com\u003e\n(Merged from https://github.com/openssl/openssl/pull/17894)\n" }, { "commit": "6d4f63469ed5a0f6e7ccde189e8a6d2bb1d2b26a", "tree": "a039b4daf2de60594a98eb12c9b0fb487549e0a5", "parents": [ "54b0c534eeb283878092e006e7f1e9315ec62ad6" ], "author": { "name": "Pauli", "email": "pauli@openssl.org", "time": "Fri May 06 17:55:01 2022 +1000" }, "committer": { "name": "Pauli", "email": "pauli@openssl.org", "time": "Sun May 08 16:58:00 2022 +1000" }, "message": "Update GOST engine\n\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\nReviewed-by: Dmitry Belyavskiy \u003cbeldmit@gmail.com\u003e\n(Merged from https://github.com/openssl/openssl/pull/18236)\n" }, { "commit": "54b0c534eeb283878092e006e7f1e9315ec62ad6", "tree": "ce9952ea1927853856cd5c1fcaee5ff6376bc8bc", "parents": [ "7bf2e4d7f0c7ae19b7a8c416910886a7171e9820" ], "author": { "name": "Pauli", "email": "pauli@openssl.org", "time": "Fri May 06 10:42:16 2022 +1000" }, "committer": { "name": "Pauli", "email": "pauli@openssl.org", "time": "Sun May 08 16:58:00 2022 +1000" }, "message": "doc: add not that DTLS 1.0, TLS 1.1 and before are disabled at security level 1\n\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\nReviewed-by: Dmitry Belyavskiy \u003cbeldmit@gmail.com\u003e\n(Merged from https://github.com/openssl/openssl/pull/18236)\n" }, { "commit": "7bf2e4d7f0c7ae19b7a8c416910886a7171e9820", "tree": "0a1e1a9b8a7603bf2d4f2fef7a805a80feb6e29e", "parents": [ "ac23650c1e53658227436aecc8de03a7ac3d1b9a" ], "author": { "name": "Pauli", "email": "pauli@openssl.org", "time": "Wed May 04 13:01:35 2022 +1000" }, "committer": { "name": "Pauli", "email": "pauli@openssl.org", "time": "Sun May 08 16:58:00 2022 +1000" }, "message": "tls: ban SSL3, TLS1, TLS1.1 and DTLS1.0 at security level one and above\n\nThis is in line with the NEWS entry (erroneously) announcing such for 3.0.\n\nFixes #18194\n\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\nReviewed-by: Dmitry Belyavskiy \u003cbeldmit@gmail.com\u003e\n(Merged from https://github.com/openssl/openssl/pull/18236)\n" }, { "commit": "ac23650c1e53658227436aecc8de03a7ac3d1b9a", "tree": "f4bd20bab60419fc847b42119ea4a5d9388f3746", "parents": [ "a6d52f178c4cb4665d0bf235001b5c9c1ff03da7" ], "author": { "name": "Bernd Edlinger", "email": "bernd.edlinger@hotmail.de", "time": "Thu May 05 10:07:41 2022 +0200" }, "committer": { "name": "Bernd Edlinger", "email": "bernd.edlinger@hotmail.de", "time": "Fri May 06 15:39:35 2022 +0200" }, "message": "Update .gitignore\n\nadd /test/evp_pkey_ctx_new_from_name\n\nReviewed-by: Matt Caswell \u003cmatt@openssl.org\u003e\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\nReviewed-by: Paul Dale \u003cpauli@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18251)\n" }, { "commit": "a6d52f178c4cb4665d0bf235001b5c9c1ff03da7", "tree": "b46ba0f004f006e8babaded9f6c471f0a99e356c", "parents": [ "a381897470f5c6ac2f4e71f48d33d71cde7873dd" ], "author": { "name": "Daniel Fiala", "email": "daniel@openssl.org", "time": "Thu Apr 28 13:35:40 2022 +0200" }, "committer": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Fri May 06 14:57:07 2022 +0200" }, "message": "s_serve: Report an error if init-connection fails without an attempt to read.\n\nFixes: openssl#18047.\n\nReviewed-by: Matt Caswell \u003cmatt@openssl.org\u003e\nReviewed-by: Paul Dale \u003cpauli@openssl.org\u003e\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18154)\n" }, { "commit": "a381897470f5c6ac2f4e71f48d33d71cde7873dd", "tree": "7fb3a98e57c0b8df06aa573c74442f4933f34b26", "parents": [ "71b7f34978c7332562300487af497559b67f600a" ], "author": { "name": "Pauli", "email": "pauli@openssl.org", "time": "Fri Apr 01 12:27:15 2022 +1100" }, "committer": { "name": "Pauli", "email": "pauli@openssl.org", "time": "Fri May 06 18:21:28 2022 +1000" }, "message": "Fix Coverity 1503322, 1503324, 1503328 memory accesses\n\nThese are all false positives result from Coverity not understanding our\nup_ref and free pairing.\n\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\nReviewed-by: Shane Lontis \u003cshane.lontis@oracle.com\u003e\n(Merged from https://github.com/openssl/openssl/pull/18014)\n" }, { "commit": "71b7f34978c7332562300487af497559b67f600a", "tree": "25a2b1dc4c28d59817100d4f6791dec60de9c346", "parents": [ "66cb4fcdc5039fe5b1476ed48a936137a307a58b" ], "author": { "name": "Pauli", "email": "pauli@openssl.org", "time": "Fri Apr 01 12:20:26 2022 +1100" }, "committer": { "name": "Pauli", "email": "pauli@openssl.org", "time": "Fri May 06 18:21:22 2022 +1000" }, "message": "Fix Coverity 1503325 use after free\n\nAnother reference counting false positive, now negated.\n\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\nReviewed-by: Shane Lontis \u003cshane.lontis@oracle.com\u003e\n(Merged from https://github.com/openssl/openssl/pull/18014)\n" }, { "commit": "66cb4fcdc5039fe5b1476ed48a936137a307a58b", "tree": "36f0a10a7987501dfa6212f3f60b57f54389a9b1", "parents": [ "588080cbf8e254ca2c033224146bc29fddea75a7" ], "author": { "name": "Pauli", "email": "pauli@openssl.org", "time": "Fri Apr 01 12:18:44 2022 +1100" }, "committer": { "name": "Pauli", "email": "pauli@openssl.org", "time": "Fri May 06 18:21:22 2022 +1000" }, "message": "Fix Coverity 1503329 use after free\n\nAnother false positive tagged as such\n\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\nReviewed-by: Shane Lontis \u003cshane.lontis@oracle.com\u003e\n(Merged from https://github.com/openssl/openssl/pull/18014)\n" }, { "commit": "588080cbf8e254ca2c033224146bc29fddea75a7", "tree": "aaaa89d46f433296cd906202bb2696dfd745fc5f", "parents": [ "3c0e8bc4a797d29b2152aebc6e687ddfa941160b" ], "author": { "name": "Pauli", "email": "pauli@openssl.org", "time": "Fri Apr 01 12:12:07 2022 +1100" }, "committer": { "name": "Pauli", "email": "pauli@openssl.org", "time": "Fri May 06 18:21:22 2022 +1000" }, "message": "Fix coverity 1503330 use after free\n\nThis is a false positive resulting from confusion over up_ref/free.\n\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\nReviewed-by: Shane Lontis \u003cshane.lontis@oracle.com\u003e\n(Merged from https://github.com/openssl/openssl/pull/18014)\n" }, { "commit": "3c0e8bc4a797d29b2152aebc6e687ddfa941160b", "tree": "c05384f90061de530ffc5c425dbe34995db4922a", "parents": [ "50d1d92de9a4cf62723a3c1ea2f39501feea7d6e" ], "author": { "name": "philippe lhardy", "email": "pl@artisanlogiciel.net", "time": "Mon Apr 25 19:42:16 2022 +0200" }, "committer": { "name": "Pauli", "email": "pauli@openssl.org", "time": "Fri May 06 11:16:21 2022 +1000" }, "message": "fix for sslecho in demos echoing garbage #18165\n\n- getline does set \u0026txbufp content at return, make sure it can be done.\n - fixes warning \u0027passing argument 1 of ‘getline’ from incompatible pointer type\u0027\n- remove OPENSSL_free on non allocated fixed size array\n - fixes \u0027free(): invalid pointer\u0027\n\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\nReviewed-by: Paul Dale \u003cpauli@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18177)\n" }, { "commit": "50d1d92de9a4cf62723a3c1ea2f39501feea7d6e", "tree": "f1ad4faa330dbf23b4a009bfb34621baf81f9484", "parents": [ "16ff70a58cfb5c40197e6a940cf4666226f31b79" ], "author": { "name": "Pauli", "email": "pauli@openssl.org", "time": "Wed May 04 11:26:02 2022 +1000" }, "committer": { "name": "Pauli", "email": "pauli@openssl.org", "time": "Fri May 06 10:44:13 2022 +1000" }, "message": "Correct NEWS entry about required security level for old versions of TLS, DTLS and SSL\n\nThe entry was incorrect because suites using RSA key exchange without SHA1\nwere permitted at security level 1.\n\nPartial fix for #18194\n\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\nReviewed-by: Matt Caswell \u003cmatt@openssl.org\u003e\nReviewed-by: Shane Lontis \u003cshane.lontis@oracle.com\u003e\n(Merged from https://github.com/openssl/openssl/pull/18234)\n\n(cherry picked from commit 3226a37a4875567f2bf49aa44a727bcb67bb7dcd)\n" }, { "commit": "16ff70a58cfb5c40197e6a940cf4666226f31b79", "tree": "06fc97def75b045e9bdd339aeaf5aa3dfdc674b8", "parents": [ "32e3c071373280b69be02ba91fc3204495e2e1bf" ], "author": { "name": "Pauli", "email": "pauli@openssl.org", "time": "Wed May 04 14:54:13 2022 +1000" }, "committer": { "name": "Pauli", "email": "pauli@openssl.org", "time": "Fri May 06 10:38:55 2022 +1000" }, "message": "Remove the _fetch_by_number functions\n\nThese functions are unused and untested. They are also implemented rather\ninefficiently. If we ever needed them in the future, they\u0027d almost surely\nneed to be rewritten more efficiently.\n\nFixes #18227\n\nReviewed-by: Matt Caswell \u003cmatt@openssl.org\u003e\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18237)\n" }, { "commit": "32e3c071373280b69be02ba91fc3204495e2e1bf", "tree": "2d2c6b36aec2a7bb3073cd1de29e72a9b78490ab", "parents": [ "4da7663b02bf05542830e85db6f74cf90daf1f49" ], "author": { "name": "Richard Levitte", "email": "levitte@openssl.org", "time": "Wed May 04 09:15:29 2022 +0200" }, "committer": { "name": "Richard Levitte", "email": "levitte@openssl.org", "time": "Thu May 05 15:06:12 2022 +0200" }, "message": "Add method store cache flush and method removal to non-EVP operations\n\nevp_method_store_flush() and evp_method_store_remove_all_provided()\nonly cover EVP operations, but not encoders, decoders and store loaders.\nThis adds corresponding methods for those as well. Without this, their\nmethod stores are never cleaned up when the corresponding providers are\ndeactivated or otherwise modified.\n\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\nReviewed-by: Matt Caswell \u003cmatt@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18151)\n" }, { "commit": "4da7663b02bf05542830e85db6f74cf90daf1f49", "tree": "4f9cff33c44c8e57caefbd23c66a78649a001788", "parents": [ "03454ba2a234197c961920f1bac37cc9f4cf3f54" ], "author": { "name": "Richard Levitte", "email": "levitte@openssl.org", "time": "Fri Apr 29 08:08:06 2022 +0200" }, "committer": { "name": "Richard Levitte", "email": "levitte@openssl.org", "time": "Thu May 05 15:06:11 2022 +0200" }, "message": "For child libctx / provider, don\u0027t count self-references in parent\n\nIn child library contexts, which contain child \"clones\" of the\nproviders the application has in store, one of these children will\nalways be the provider that creates the child library context; let\u0027s\ncall them self-refering child providers.\n\nFor these self-refering child providers, we don\u0027t increment the parent\nprovider reference count, nor do we free the parent provider, as those\nbecome self defeating and hinder the teardown and unloading process\nwhen the application cleans up.\n\nFor non self-refering child providers, we must retain this propagation\nof reference count to the parent, so that aren\u0027t torn down too early,\ni.e. when there\u0027s still a \"foreign\" reference (fetched algorithm).\n\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\nReviewed-by: Matt Caswell \u003cmatt@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18151)\n" }, { "commit": "03454ba2a234197c961920f1bac37cc9f4cf3f54", "tree": "555b5b6dc0ec58446a4ef26ae579ea84b333452d", "parents": [ "2e4d0677ea858c619a33235265dbee19520a9d35" ], "author": { "name": "Richard Levitte", "email": "levitte@openssl.org", "time": "Mon Apr 25 07:22:27 2022 +0200" }, "committer": { "name": "Richard Levitte", "email": "levitte@openssl.org", "time": "Thu May 05 15:06:11 2022 +0200" }, "message": "Complete the cleanup of an algorithm in OSSL_METHOD_STORE\n\nThe `alg_cleanup` didn\u0027t properly clear the OPENSSL_SA leaf that it\nhad just freed the contents of. Fortunately, `ossl_sa_ALGORITHM_doall_arg()`\nallows us to pass the store pointer itself as an extra argument, which\nallows a modified `alg_cleanup` to complete the job.\n\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\nReviewed-by: Matt Caswell \u003cmatt@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18151)\n" }, { "commit": "2e4d0677ea858c619a33235265dbee19520a9d35", "tree": "9d8df904bc5e2c15919065c7fe0e7f85c88d76a6", "parents": [ "60640d79ca7ea0980dc09c71fe6a297b5f8588a2" ], "author": { "name": "Richard Levitte", "email": "levitte@openssl.org", "time": "Fri Apr 22 16:44:51 2022 +0200" }, "committer": { "name": "Richard Levitte", "email": "levitte@openssl.org", "time": "Thu May 05 15:05:55 2022 +0200" }, "message": "Make it possible to remove methods by the provider that provides them\n\nThis adds ossl_method_store_remove_all_provided(), which selectively\nremoves methods from the given store that are provided by the given\nprovider.\n\nThis also adds the EVP specific evp_method_store_remove_all_provided(),\nwhich matches ossl_method_store_remove_all_provided() but can also\nretrieve the correct store to manipulate for EVP functions.\n\nThis allows us to modify ossl_provider_self_test() to do the job it\u0027s\nsupposed to do, but through clearly defined functions instead of a\ncache flushing call that previously did more than that.\n\nossl_provider_deactivate() is also modified to remove methods associated\nwith the deactivated provider, and not just clearing the cache.\n\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\nReviewed-by: Matt Caswell \u003cmatt@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18151)\n" }, { "commit": "60640d79ca7ea0980dc09c71fe6a297b5f8588a2", "tree": "b6d7d3a6986abc2e8bfccc4ec532dabe34068706", "parents": [ "10937d5867039afbf869c8514245ed7599b61307" ], "author": { "name": "Richard Levitte", "email": "levitte@openssl.org", "time": "Fri Apr 22 11:00:36 2022 +0200" }, "committer": { "name": "Richard Levitte", "email": "levitte@openssl.org", "time": "Thu May 05 15:05:54 2022 +0200" }, "message": "Don\u0027t empty the method store when flushing the query cache\n\nWhen evp_method_store_flush() flushed the query cache, it also freed\nall methods in the EVP method store, through an unfortunate call of\nossl_method_store_flush_cache() with an argument saying that all\nmethods should indeed be dropped.\n\nTo undo some of the confusion, ossl_method_store_flush_cache() is\nrenamed to ossl_method_store_cache_flush_all(), and limited to do\nonly that. Some if the items in the internal ALGORITHM structure are\nalso renamed and commented to clarify what they are for.\n\nFixes #18150\n\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\nReviewed-by: Matt Caswell \u003cmatt@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18151)\n" }, { "commit": "10937d5867039afbf869c8514245ed7599b61307", "tree": "127a19971fd40001f570f165e7c53e241af3c8ad", "parents": [ "20b6d85ab2b9cfa4cd29d2422d69c3e3f4db0a41" ], "author": { "name": "Richard Levitte", "email": "levitte@openssl.org", "time": "Wed Apr 20 18:34:09 2022 +0200" }, "committer": { "name": "Richard Levitte", "email": "levitte@openssl.org", "time": "Thu May 05 15:05:54 2022 +0200" }, "message": "Refactor method construction pre- and post-condition\n\nThe existing pre- and post-condition functions are supposed to check if\nmethods have already been created and stored, using provider operation\nbits. This is supposed to only be done for \"permanent\" method stores.\n\nHowever, the way the pre-condition was called, it could not know if the\nset of implementations to be stored is likely to end up in a \"permanent\"\nor a temporary store. It needs access to the |no_store| flag returned\nby the provider\u0027s operation query function, because that call was done\nafter the pre-condition was called.\n\nThis requires a bit of refactoring, primarly of |algorithm_do_this()|,\nbut also of |ossl_method_construct_precondition()|.\n\nFixes #18150\n\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\nReviewed-by: Matt Caswell \u003cmatt@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18151)\n" }, { "commit": "20b6d85ab2b9cfa4cd29d2422d69c3e3f4db0a41", "tree": "b36e80fcc6b3c399828112365c01f4c4f4b61706", "parents": [ "802cacf34f2db9111becb4f0d3aa00460df13a19" ], "author": { "name": "Richard Levitte", "email": "levitte@openssl.org", "time": "Wed Apr 20 16:43:13 2022 +0200" }, "committer": { "name": "Richard Levitte", "email": "levitte@openssl.org", "time": "Thu May 05 15:05:54 2022 +0200" }, "message": "Drop ossl_provider_clear_all_operation_bits() and all uses of it\n\nThis is a misused function, as it was called during query cache flush,\nwhen the provider operation bits were meant to record if methods for a\ncertain operation has already been added to the method store.\n\nFixes #18150\n\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\nReviewed-by: Matt Caswell \u003cmatt@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18151)\n" }, { "commit": "802cacf34f2db9111becb4f0d3aa00460df13a19", "tree": "6043bc8fa7e3dc272efeae8d8594076ee5f30d25", "parents": [ "de56f726e163e99128ff93a04d74a8461f5a724b" ], "author": { "name": "Vita Batrla", "email": "vitezslav.batrla@oracle.com", "time": "Fri Mar 18 22:02:50 2022 +0100" }, "committer": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Thu May 05 13:36:23 2022 +0200" }, "message": "s_client -proxy / -starttls shouldn\u0027t be mutually exclusive\n\nThe option -proxy of openssl s_client works fine. The option\n-starttls also works fine. However, try putting both of them\non command line. It breaks, these options don\u0027t work together.\n\nThe problem is that -proxy option is implemented using starttls_proto\n(the option parsing code sets it to PROTO_CONNECT) and -starttls option\noverwrites the same variable again based on argument value.\n\nThe suggested fix is to independently handle -proxy option before\n-starttls so the s_client can connect through HTTP proxy server and\nthen use STARTTLS command.\n\nReviewed-by: Matt Caswell \u003cmatt@openssl.org\u003e\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/17925)\n" }, { "commit": "de56f726e163e99128ff93a04d74a8461f5a724b", "tree": "dccb01da7ccf5cc4ab426d6b65e85f17632229a0", "parents": [ "0ce8271c20c95d21d9641c0ead76a86f818c45e9" ], "author": { "name": "Dr. David von Oheimb", "email": "David.von.Oheimb@siemens.com", "time": "Wed Apr 27 19:07:46 2022 +0200" }, "committer": { "name": "Dr. David von Oheimb", "email": "dev@ddvo.net", "time": "Thu May 05 09:52:27 2022 +0200" }, "message": "crmf_lib.c: Make sure Ed signature for POPO is called without digest\n\nFixes #18184\n\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\nReviewed-by: Paul Dale \u003cpauli@openssl.org\u003e\nReviewed-by: David von Oheimb \u003cdavid.von.oheimb@siemens.com\u003e\n(Merged from https://github.com/openssl/openssl/pull/18230)\n" }, { "commit": "0ce8271c20c95d21d9641c0ead76a86f818c45e9", "tree": "99f641354e9520254651dec45b5908dcba2746ab", "parents": [ "34959f7a2256eadd23d56f0efe855be7fde282b2" ], "author": { "name": "Dr. David von Oheimb", "email": "David.von.Oheimb@siemens.com", "time": "Wed Mar 03 20:10:34 2021 +0100" }, "committer": { "name": "Dr. David von Oheimb", "email": "dev@ddvo.net", "time": "Wed May 04 16:25:44 2022 +0200" }, "message": "X509{,_LOOKUP}: Improve distinction between not found and fatal/internal error\n\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\nReviewed-by: Shane Lontis \u003cshane.lontis@oracle.com\u003e\nReviewed-by: David von Oheimb \u003cdavid.von.oheimb@siemens.com\u003e\n(Merged from https://github.com/openssl/openssl/pull/14417)\n" }, { "commit": "34959f7a2256eadd23d56f0efe855be7fde282b2", "tree": "d8c74a4329031870f5b74389260a38caf95aaa2e", "parents": [ "6d952291762246f6533e19ca413277390db4aae2" ], "author": { "name": "Dr. David von Oheimb", "email": "David.von.Oheimb@siemens.com", "time": "Tue Jun 15 22:06:48 2021 +0200" }, "committer": { "name": "Dr. David von Oheimb", "email": "dev@ddvo.net", "time": "Wed May 04 13:23:31 2022 +0200" }, "message": "objects.txt: Add newly registered OIDs according to CMP Updates, for use in extended CMPv2\n\nReviewed-by: Paul Dale \u003cpauli@openssl.org\u003e\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\nReviewed-by: David von Oheimb \u003cdavid.von.oheimb@siemens.com\u003e\n(Merged from https://github.com/openssl/openssl/pull/15778)\n" }, { "commit": "6d952291762246f6533e19ca413277390db4aae2", "tree": "98e834d01d4d886fb39a430726acff834b09c379", "parents": [ "b11183be0cd3ad675248804922bb240fbbd448e4" ], "author": { "name": "Daniel Fiala", "email": "daniel@openssl.org", "time": "Fri Apr 29 09:33:49 2022 +0200" }, "committer": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Wed May 04 09:29:17 2022 +0200" }, "message": "openssl: dhparam: Print warning if -in argument is ignored\n\nFixes: openssl#18146\n\nReviewed-by: Paul Dale \u003cpauli@openssl.org\u003e\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18206)\n" }, { "commit": "b11183be0cd3ad675248804922bb240fbbd448e4", "tree": "a89ff9f523debf511d836f65e0ef87db30635778", "parents": [ "e257d3e76ffb848b7607b04057257323dc51c3b4" ], "author": { "name": "Pauli", "email": "pauli@openssl.org", "time": "Fri Apr 01 09:59:49 2022 +1100" }, "committer": { "name": "Pauli", "email": "pauli@openssl.org", "time": "Wed May 04 17:15:20 2022 +1000" }, "message": "Fix Coverity 1503314 unchecked return value\n\nReviewed-by: David von Oheimb \u003cdavid.von.oheimb@siemens.com\u003e\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18013)\n" }, { "commit": "e257d3e76ffb848b7607b04057257323dc51c3b4", "tree": "16b56cbe3ff608862ff7e9d6e17d5b3f5af27afe", "parents": [ "cac250755efd0c40cc6127a0e4baceb8d226c7e3" ], "author": { "name": "JHH20", "email": "jhh.20@icloud.com", "time": "Mon May 02 19:50:04 2022 +0900" }, "committer": { "name": "Pauli", "email": "pauli@openssl.org", "time": "Wed May 04 13:46:10 2022 +1000" }, "message": "Remove duplicated #include headers\n\nCLA: trivial\n\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\nReviewed-by: Todd Short \u003ctodd.short@me.com\u003e\nReviewed-by: Paul Dale \u003cpauli@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18220)\n" }, { "commit": "cac250755efd0c40cc6127a0e4baceb8d226c7e3", "tree": "0eb85d0252c28b5f0facfcd0be745e84ed6333f4", "parents": [ "fecb3aae22aeda493f348739ebf7943071ecdbe1" ], "author": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Tue May 03 14:57:08 2022 +0200" }, "committer": { "name": "Matt Caswell", "email": "matt@openssl.org", "time": "Tue May 03 14:03:24 2022 +0100" }, "message": "CHANGES.md: Attribute the OPENSSL_LH_flush() fix properly\n\nReviewed-by: Matt Caswell \u003cmatt@openssl.org\u003e\nRelease: yes\n" }, { "commit": "fecb3aae22aeda493f348739ebf7943071ecdbe1", "tree": "29e2cdb1df8b7d90fa7c2bf15a65e5319e5ad9ea", "parents": [ "73e044bd1aa3ff00e189624b4807e15e8de8f8e4" ], "author": { "name": "Matt Caswell", "email": "matt@openssl.org", "time": "Tue May 03 11:52:38 2022 +0100" }, "committer": { "name": "Matt Caswell", "email": "matt@openssl.org", "time": "Tue May 03 13:34:51 2022 +0100" }, "message": "Update copyright year\n\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\nRelease: yes\n" }, { "commit": "73e044bd1aa3ff00e189624b4807e15e8de8f8e4", "tree": "c5343cceb17a5ed18a3c951e855148220f2a7570", "parents": [ "60e938057439b7b6a1ff542a34209657007d2d17" ], "author": { "name": "Matt Caswell", "email": "matt@openssl.org", "time": "Tue Apr 26 14:39:34 2022 +0100" }, "committer": { "name": "Matt Caswell", "email": "matt@openssl.org", "time": "Tue May 03 13:26:00 2022 +0100" }, "message": "Update CHANGES and NEWS for new release\n\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\nRelease: yes\n" }, { "commit": "60e938057439b7b6a1ff542a34209657007d2d17", "tree": "8644892c6e9af8e7a3bca4d097bcea28e1dadb34", "parents": [ "7c33270707b568c524a8ef125fe611a8872cb5e8" ], "author": { "name": "Pauli", "email": "pauli@openssl.org", "time": "Mon May 02 18:16:09 2022 +1000" }, "committer": { "name": "Matt Caswell", "email": "matt@openssl.org", "time": "Tue May 03 12:34:46 2022 +0100" }, "message": "Update Paul\u0027s pgp key signature\n\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\nReviewed-by: Richard Levitte \u003clevitte@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18219)\n" }, { "commit": "7c33270707b568c524a8ef125fe611a8872cb5e8", "tree": "2e5196c0868cb41c3d8837efbdcc707e8625f856", "parents": [ "33219939c782cf363b30e9e899b9997fb1ced440" ], "author": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Tue Apr 26 12:40:24 2022 +0200" }, "committer": { "name": "Matt Caswell", "email": "matt@openssl.org", "time": "Tue May 03 11:07:36 2022 +0100" }, "message": "c_rehash: Do not use shell to invoke openssl\n\nExcept on VMS where it is safe.\n\nThis fixes CVE-2022-1292.\n\nReviewed-by: Matthias St. Pierre \u003cMatthias.St.Pierre@ncp-e.com\u003e\nReviewed-by: Matt Caswell \u003cmatt@openssl.org\u003e\n" }, { "commit": "33219939c782cf363b30e9e899b9997fb1ced440", "tree": "e6605709ac475658010eda6c495e80f53f1dcad0", "parents": [ "6ee1f4f40b5100ef2744866a727bb4b9ef8ea39e" ], "author": { "name": "Matt Caswell", "email": "matt@openssl.org", "time": "Fri Apr 15 10:22:59 2022 +0100" }, "committer": { "name": "Matt Caswell", "email": "matt@openssl.org", "time": "Tue May 03 10:46:49 2022 +0100" }, "message": "Fix the RC4-MD5 cipher\n\nA copy\u0026paste error meant that the RC4-MD5 cipher (used in TLS) used the TLS\nAAD data as the MAC key.\n\nCVE-2022-1434\n\nFixes #18112\n\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\nReviewed-by: Shane Lontis \u003cshane.lontis@oracle.com\u003e\nReviewed-by: Matt Caswell \u003cmatt@openssl.org\u003e\n" }, { "commit": "6ee1f4f40b5100ef2744866a727bb4b9ef8ea39e", "tree": "9a83e02763cf7ec97745e12b61dd36b4c9fea2ed", "parents": [ "21f89f542d745adbf1131338929ae538e200d50d" ], "author": { "name": "Matt Caswell", "email": "matt@openssl.org", "time": "Wed Apr 13 16:47:35 2022 +0100" }, "committer": { "name": "Matt Caswell", "email": "matt@openssl.org", "time": "Tue May 03 10:46:49 2022 +0100" }, "message": "Test ocsp with invalid responses and the \"-no_cert_checks\" option\n\nThe \"-no_cert_checks\" option causes the flag OCSP_NOCHECKS to be set.\nThe bug fixed in the previous commit will cause the ocsp app to respond with\na success result in the case when the OCSP response signing certificate\nfails to verify and -no_cert_checks is used - so we test that it fails in\nthis case.\n\nReviewed-by: Paul Dale \u003cpauli@openssl.org\u003e\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\nReviewed-by: Matt Caswell \u003cmatt@openssl.org\u003e\n" }, { "commit": "21f89f542d745adbf1131338929ae538e200d50d", "tree": "c28718b84cb2a2e64f6d3b0752e1318bc4eee315", "parents": [ "b1b2146ded9ce5a84c62f30c6c4a922b449f6c90" ], "author": { "name": "Matt Caswell", "email": "matt@openssl.org", "time": "Wed Apr 13 16:36:54 2022 +0100" }, "committer": { "name": "Matt Caswell", "email": "matt@openssl.org", "time": "Tue May 03 10:46:49 2022 +0100" }, "message": "Fix OCSP_basic_verify signer certificate validation\n\nThe function `OCSP_basic_verify` validates the signer certificate on an OCSP\nresponse. The internal function, ocsp_verify_signer, is responsible for this\nand is expected to return a 0 value in the event of a failure to verify.\nUnfortunately, due to a bug, it actually returns with a postive success\nresponse in this case. In the normal course of events OCSP_basic_verify\nwill then continue and will fail anyway in the ocsp_check_issuer function\nbecause the supplied \"chain\" value will be empty in the case that\nocsp_verify_signer failed to verify the chain. This will cause\nOCSP_basic_verify to return with a negative result (fatal error). Normally\nin the event of a failure to verify it should return with 0.\n\nHowever, in the case of the OCSP_NOCHECKS flag being used, OCSP_basic_verify\nwill return with a positvie result. This could lead to callers trusting an\nOCSP Basic response when it should not be.\n\nCVE-2022-1343\n\nFixes #18053\n\nReviewed-by: Paul Dale \u003cpauli@openssl.org\u003e\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\nReviewed-by: Matt Caswell \u003cmatt@openssl.org\u003e\n" }, { "commit": "b1b2146ded9ce5a84c62f30c6c4a922b449f6c90", "tree": "969d007a0e310df537f7f9495b353bbad4e984d4", "parents": [ "04904a0fff639c058d38b355d75485ca5dde0a89" ], "author": { "name": "Daniel Hu", "email": "Daniel.Hu@arm.com", "time": "Mon Feb 07 10:17:06 2022 +0000" }, "committer": { "name": "Pauli", "email": "pauli@openssl.org", "time": "Tue May 03 14:37:46 2022 +1000" }, "message": "Acceleration of chacha20 on aarch64 by SVE\n\nThis patch accelerates chacha20 on aarch64 when Scalable Vector Extension\n(SVE) is supported by CPU. Tested on modern micro-architecture with\n256-bit SVE, it has the potential to improve performance up to 20%\n\nThe solution takes a hybrid approach. SVE will handle multi-blocks that fit\nthe SVE vector length, with Neon/Scalar to process any tail data\n\nTest result:\nWith SVE\ntype 1024 bytes 8192 bytes 16384 bytes\nChaCha20 1596208.13k 1650010.79k 1653151.06k\n\nWithout SVE (by Neon/Scalar)\ntype 1024 bytes 8192 bytes 16384 bytes\nchacha20 1355487.91k 1372678.83k 1372662.44k\n\nThe assembly code has been reviewed internally by\nARM engineer Fangming.Fang@arm.com\n\nSigned-off-by: Daniel Hu \u003cDaniel.Hu@arm.com\u003e\n\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\nReviewed-by: Paul Dale \u003cpauli@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/17916)\n" }, { "commit": "04904a0fff639c058d38b355d75485ca5dde0a89", "tree": "7a56f4a432b91555fa97e3a70d4382ce69d63335", "parents": [ "93983e555531a8d9bf70d12e4cfdb5ce2f337e3b" ], "author": { "name": "Jonathan Swinney", "email": "jswinney@amazon.com", "time": "Wed Oct 27 16:50:30 2021 +0000" }, "committer": { "name": "Pauli", "email": "pauli@openssl.org", "time": "Tue May 03 14:36:17 2022 +1000" }, "message": "md5: add assembly implementation for aarch64\n\nThis change improves md5 performance significantly by using a hand-optimized\nassembly implementation of the inner loop of md5 calculation. The instructions\nare carefully ordered to separate data dependencies as much as possible.\n\nTest with:\n$ openssl speed md5\n\nAWS Graviton 2\ntype 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes\nmd5 46990.60k 132778.65k 270376.96k 364718.08k 405962.75k 409201.32k\nmd5-modified 51725.23k 152236.22k 323469.14k 453869.57k 514102.61k 519056.04k\n +10% +15% +20% +24% +27% +27%\n\nApple M1\ntype 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes\nmd5 74634.39k 195561.25k 375434.45k 491004.23k 532361.40k 536636.48k\nmd5-modified 84637.11k 229017.09k 444609.62k 588069.50k 655114.24k 660850.56k\n +13% +17% +18% +20% +23% +23%\n\nReviewed-by: Matt Caswell \u003cmatt@openssl.org\u003e\nReviewed-by: Paul Dale \u003cpauli@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/16928)\n" }, { "commit": "93983e555531a8d9bf70d12e4cfdb5ce2f337e3b", "tree": "e01dd30b974e267e59d315d1f9b41b99418541fe", "parents": [ "359dad5178285d5471f2a57a5aa99c1f588dffcb" ], "author": { "name": "Dmitry Belyavskiy", "email": "beldmit@gmail.com", "time": "Fri Apr 29 14:22:24 2022 +0200" }, "committer": { "name": "Dmitry Belyavskiy", "email": "beldmit@gmail.com", "time": "Mon May 02 12:53:19 2022 +0200" }, "message": "Improving locale test\n\nFixes #18205\n\nReviewed-by: Paul Dale \u003cpauli@openssl.org\u003e\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18211)\n" }, { "commit": "359dad5178285d5471f2a57a5aa99c1f588dffcb", "tree": "c0adbd6dfa0051f22d89dbb5362188a9983da9cb", "parents": [ "fe5c5cb85197aec7d68ab095b866ed22076850d0" ], "author": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Thu Apr 28 17:04:05 2022 +0200" }, "committer": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Mon May 02 08:35:54 2022 +0200" }, "message": "fix_dh_paramgen_type: Avoid crash with invalid paramgen type\n\nReviewed-by: Dmitry Belyavskiy \u003cbeldmit@gmail.com\u003e\nReviewed-by: Paul Dale \u003cpauli@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18202)\n" }, { "commit": "fe5c5cb85197aec7d68ab095b866ed22076850d0", "tree": "60d218822200a872d27d460f7f34f47fac865866", "parents": [ "e3477d3e5ccd971da3d8a90a7d5096b47372d288" ], "author": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Wed Apr 13 16:26:18 2022 +0200" }, "committer": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Mon May 02 08:26:01 2022 +0200" }, "message": "evp_md_init_internal: Avoid reallocating algctx if digest unchanged\n\nFixes #16947\n\nAlso refactor out algctx freeing into a separate function.\n\nReviewed-by: Dmitry Belyavskiy \u003cbeldmit@gmail.com\u003e\nReviewed-by: Ben Kaduk \u003ckaduk@mit.edu\u003e\nReviewed-by: Paul Dale \u003cpauli@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18105)\n" }, { "commit": "e3477d3e5ccd971da3d8a90a7d5096b47372d288", "tree": "18120d8c89251bb20eeaa0829b3363ef81c42ad0", "parents": [ "2d96bfd957149e491feba55a3d04afb26b2668b5" ], "author": { "name": "Dr. David von Oheimb", "email": "David.von.Oheimb@siemens.com", "time": "Thu Apr 28 15:35:13 2022 +0200" }, "committer": { "name": "Dr. David von Oheimb", "email": "dev@ddvo.net", "time": "Mon May 02 08:22:31 2022 +0200" }, "message": "http_client.c: check expected content type only if HTTP status code is 200 (OK)\n\nReviewed-by: Paul Dale \u003cpauli@openssl.org\u003e\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\nReviewed-by: David von Oheimb \u003cdavid.von.oheimb@siemens.com\u003e\n(Merged from https://github.com/openssl/openssl/pull/18204)\n" }, { "commit": "2d96bfd957149e491feba55a3d04afb26b2668b5", "tree": "d970ecf2e40a3e9fa77213ca83e17ed3e2f78415", "parents": [ "e560655f72dc27bcea973c6abfe99af75d313ad7" ], "author": { "name": "Dmitry Belyavskiy", "email": "beldmit@gmail.com", "time": "Fri Apr 22 19:26:08 2022 +0200" }, "committer": { "name": "Dmitry Belyavskiy", "email": "beldmit@gmail.com", "time": "Fri Apr 29 14:13:02 2022 +0200" }, "message": "Testing the EVP_PKEY_CTX_new_from_name without preliminary init\n\nReviewed-by: Matt Caswell \u003cmatt@openssl.org\u003e\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18199)\n" }, { "commit": "e560655f72dc27bcea973c6abfe99af75d313ad7", "tree": "cbf8d08bac8c0651efbf8e60b278234b0d8967dc", "parents": [ "49d874e0b7514cb270e817103ff0e13d4689e1f0" ], "author": { "name": "Dmitry Belyavskiy", "email": "beldmit@gmail.com", "time": "Fri Apr 22 18:16:56 2022 +0200" }, "committer": { "name": "Dmitry Belyavskiy", "email": "beldmit@gmail.com", "time": "Fri Apr 29 14:13:02 2022 +0200" }, "message": "Ensure we initialized the locale before evp_pkey_name2type\n\nFixes #18158\n\nReviewed-by: Matt Caswell \u003cmatt@openssl.org\u003e\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18199)\n" }, { "commit": "49d874e0b7514cb270e817103ff0e13d4689e1f0", "tree": "8a25c1d696abf242127a03b68f6ea393844a4f77", "parents": [ "4d63eaf99b4c546fede9a732c2693d0b84641cf9" ], "author": { "name": "Richard Levitte", "email": "levitte@openssl.org", "time": "Tue Apr 26 11:04:49 2022 +0200" }, "committer": { "name": "Richard Levitte", "email": "levitte@openssl.org", "time": "Fri Apr 29 13:20:18 2022 +0200" }, "message": "Fix memleak in test/provider_test.c\n\nThis memory leak is triggered when configuring with \u0027no-legacy\u0027\n\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\nReviewed-by: Dmitry Belyavskiy \u003cbeldmit@gmail.com\u003e\n(Merged from https://github.com/openssl/openssl/pull/18179)\n" }, { "commit": "4d63eaf99b4c546fede9a732c2693d0b84641cf9", "tree": "7e383e5a8a460a777a66bf22b40b46e5d52c432e", "parents": [ "bbe909d00e9a593bd5954dfca4d3020467977565" ], "author": { "name": "yavtuk", "email": "yavtuk@ya.ru", "time": "Mon Apr 11 23:40:59 2022 +0300" }, "committer": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Fri Apr 29 08:49:07 2022 +0200" }, "message": "Prefer .inst rather than .long for probe instructions in arm64cpuid.pl\n\nFixes an issue disassembling the functions because the symtab contains\nan attribute indicating the presence of data within them.\n\nCLA: trivial\n\nReviewed-by: Paul Dale \u003cpauli@openssl.org\u003e\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18086)\n" }, { "commit": "bbe909d00e9a593bd5954dfca4d3020467977565", "tree": "c94d4cbe35cf1b2303b868a7397ce200af9ff2d5", "parents": [ "ae2efd63c6fcd9b7e043692184762da19c5eb99b" ], "author": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Thu Apr 21 17:33:26 2022 +0200" }, "committer": { "name": "Pauli", "email": "pauli@openssl.org", "time": "Fri Apr 29 10:00:06 2022 +1000" }, "message": "poly1305: Properly copy the whole context on dup\n\nAlso reset the updated flag when Poly1305_Init is called.\n\nReviewed-by: Matt Caswell \u003cmatt@openssl.org\u003e\nReviewed-by: Paul Dale \u003cpauli@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18143)\n" }, { "commit": "ae2efd63c6fcd9b7e043692184762da19c5eb99b", "tree": "9603413dc10317e05e00ec1ae5dee4e3ef9770fd", "parents": [ "2dc3a4a4a57eca0d9bebd87234c7d682506188fc" ], "author": { "name": "Jan Engelhardt", "email": "jengelh@inai.de", "time": "Mon Apr 25 10:51:00 2022 +0200" }, "committer": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Wed Apr 27 10:25:25 2022 +0200" }, "message": "doc: replace \"symmetric cipher\" phrase in EVP_MD manpages\n\nCLA: trivial\n\nReviewed-by: Ben Kaduk \u003ckaduk@mit.edu\u003e\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18169)\n" }, { "commit": "2dc3a4a4a57eca0d9bebd87234c7d682506188fc", "tree": "904e6227eaa06e5fd3327fd940a63cd70ecaf3bd", "parents": [ "4b694f29ea78ab8a94e67c89d4d81df18c5e3bf1" ], "author": { "name": "Jon Spillett", "email": "jon.spillett@oracle.com", "time": "Thu Apr 21 16:49:04 2022 +1000" }, "committer": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Wed Apr 27 10:08:19 2022 +0200" }, "message": "Prefer GNU library initialization mechanism over platform one\n\nIf GNU toolchain is used, use the __attribute__((constructor))\n\nReviewed-by: Matt Caswell \u003cmatt@openssl.org\u003e\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18147)\n" }, { "commit": "4b694f29ea78ab8a94e67c89d4d81df18c5e3bf1", "tree": "c196bed6964e8558a0963bd8d4f0b5185af2bd6e", "parents": [ "905fec4f4d6bb8a978476cbce0f293ffc683b5fd" ], "author": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Thu Apr 21 17:13:44 2022 +0200" }, "committer": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Wed Apr 27 10:05:03 2022 +0200" }, "message": "Test that SipHash_Final() fails on uninited context\n\nReviewed-by: Paul Dale \u003cpauli@openssl.org\u003e\nReviewed-by: Matt Caswell \u003cmatt@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18142)\n" }, { "commit": "905fec4f4d6bb8a978476cbce0f293ffc683b5fd", "tree": "73cd55ab1bd8acccebb0c88decf4c3d4999dadb1", "parents": [ "650b142c2e4c1d57868bdbbe1f7f4549ee77f8eb" ], "author": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Thu Apr 21 17:09:14 2022 +0200" }, "committer": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Wed Apr 27 10:05:03 2022 +0200" }, "message": "siphash: Properly set mac size in sipcopy\n\nAlso fully duplicate the context on dup\n\nReviewed-by: Paul Dale \u003cpauli@openssl.org\u003e\nReviewed-by: Matt Caswell \u003cmatt@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18142)\n" }, { "commit": "650b142c2e4c1d57868bdbbe1f7f4549ee77f8eb", "tree": "c314eed990adbec0c7bc9edbae79703e5e0f7bb2", "parents": [ "1d64b068ca74b68394c96fd2e3020235d32928f2" ], "author": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Thu Apr 21 17:07:40 2022 +0200" }, "committer": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Wed Apr 27 10:04:53 2022 +0200" }, "message": "siphash: Fail finalization on uninitialized siphash context\n\nFixes #18140\n\nReviewed-by: Paul Dale \u003cpauli@openssl.org\u003e\nReviewed-by: Matt Caswell \u003cmatt@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18142)\n" }, { "commit": "1d64b068ca74b68394c96fd2e3020235d32928f2", "tree": "f789c8b1e85979f30942aad7141d72a8a8775b05", "parents": [ "7510aee28a3262cde442230c06daffa1e7609fd6" ], "author": { "name": "Mathias Berchtold", "email": "mberchtold@gmail.com", "time": "Fri Apr 22 19:26:18 2022 -0500" }, "committer": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Tue Apr 26 16:44:42 2022 +0200" }, "message": "Move ossl_deinit_casecmp to the end of OPENSSL_cleanup()\n\nCalls like evp_cleanup_int() depend on OPENSSL_strcasecmp().\n\nFixes https://github.com/openssl/openssl/issues/18160\n\nReviewed-by: Dmitry Belyavskiy \u003cbeldmit@gmail.com\u003e\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18161)\n" }, { "commit": "7510aee28a3262cde442230c06daffa1e7609fd6", "tree": "6020ecbffbe595c854e5d18965adbc50a70a61b7", "parents": [ "36699c12d37c5bef000cbe3d9b4b2b89bee4e17e" ], "author": { "name": "EasySec", "email": "easy.sec@free.fr", "time": "Sun Apr 24 18:57:39 2022 +0200" }, "committer": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Tue Apr 26 16:34:15 2022 +0200" }, "message": "pem_password_cb(3): References to other man pages\n\nRefer to OSSL_ENCODER_to_bio and OSSL_DECODER_from_bio man pages.\n\nReviewed-by: Richard Levitte \u003clevitte@openssl.org\u003e\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18164)\n" }, { "commit": "36699c12d37c5bef000cbe3d9b4b2b89bee4e17e", "tree": "85307d278f6a602c425b70be734b7d43fa12e6d9", "parents": [ "6009997abd2594d5a7c0606176f404190922b74d" ], "author": { "name": "zhouzilong", "email": "zhouzilong@uniontech.com", "time": "Mon Apr 25 14:40:24 2022 +0800" }, "committer": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Tue Apr 26 16:32:15 2022 +0200" }, "message": "Clear unused variables in X509_print_ex()\n\nCLA: trivial\n\nReviewed-by: Matt Caswell \u003cmatt@openssl.org\u003e\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18167)\n" }, { "commit": "6009997abd2594d5a7c0606176f404190922b74d", "tree": "3a1934dfa98496622086662be8fc1b6ca65268cb", "parents": [ "e5da68183410c06f7b350a0721bc2bd6057e438e" ], "author": { "name": "Jon Spillett", "email": "jon.spillett@oracle.com", "time": "Thu Apr 21 12:08:16 2022 +1000" }, "committer": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Mon Apr 25 14:04:57 2022 +0200" }, "message": "Use .s extension for ia64 assembler\n\nReviewed-by: Shane Lontis \u003cshane.lontis@oracle.com\u003e\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18136)\n" }, { "commit": "e5da68183410c06f7b350a0721bc2bd6057e438e", "tree": "57f013a6ff605d4b86c9e2ba89448e61544fa654", "parents": [ "a625354d82aad711141172efb3b39b7689318fe2" ], "author": { "name": "Hugo Landau", "email": "hlandau@openssl.org", "time": "Thu Apr 21 16:10:33 2022 +0100" }, "committer": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Mon Apr 25 13:19:41 2022 +0200" }, "message": "Fix bug in OPENSSL_LH_flush\n\nFixes #18139.\n\nReviewed-by: Richard Levitte \u003clevitte@openssl.org\u003e\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18141)\n" }, { "commit": "a625354d82aad711141172efb3b39b7689318fe2", "tree": "8a8a31482511e975c3874e91fff1e04b1d4e35b7", "parents": [ "2c0a944c69dc92cb280147997696cd88acd7b395" ], "author": { "name": "Hugo Landau", "email": "hlandau@devever.net", "time": "Fri Apr 22 14:17:44 2022 +0100" }, "committer": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Mon Apr 25 12:14:39 2022 +0200" }, "message": "Add support for new release commit review requirement bypass\n\nReviewed-by: Matt Caswell \u003cmatt@openssl.org\u003e\nReviewed-by: Richard Levitte \u003clevitte@openssl.org\u003e\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18155)\n" }, { "commit": "2c0a944c69dc92cb280147997696cd88acd7b395", "tree": "abafe6fa29440041d88a4269889572a256d51c1e", "parents": [ "d39de4792dbdb6ab5f78c79d52d0210b44584538" ], "author": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Thu Apr 21 12:44:18 2022 +0200" }, "committer": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Fri Apr 22 16:31:50 2022 +0200" }, "message": "Add Tomas Mraz key to release key fingerprints\n\nReviewed-by: Matt Caswell \u003cmatt@openssl.org\u003e\nReviewed-by: Richard Levitte \u003clevitte@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18138)\n" }, { "commit": "d39de4792dbdb6ab5f78c79d52d0210b44584538", "tree": "99065181d1ae6abd6fa6c8e24bebe7a1eb202f98", "parents": [ "c29cf39449f78008e39af8f83760f2464815248b" ], "author": { "name": "Kirill A. Korinsky", "email": "kirill@korins.ky", "time": "Thu Apr 07 15:07:37 2022 +0200" }, "committer": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Fri Apr 22 15:25:20 2022 +0200" }, "message": "Never use `__atomic_*` on macOS 10.7 and 10.8\n\nmacOS 10.7 and 10.8 had a bit wired clang which is detected as\n`__GNUC__` which has `__ATOMIC_ACQ_REL` but it excepts one option at\n`__atomic_is_lock_free` instead of 2.\n\nThis prevents OpenSSL to be compiled on such systems.\n\nFixes: #18055\n\nSigned-off-by: Kirill A. Korinsky \u003ckirill@korins.ky\u003e\n\nReviewed-by: Paul Dale \u003cpauli@openssl.org\u003e\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18056)\n" }, { "commit": "c29cf39449f78008e39af8f83760f2464815248b", "tree": "ee131abc1a258cf4486a25d1c1d2a00ca49c27fe", "parents": [ "c5e7de5dee9995cbc7247e37ccd0a6ddd1f7db56" ], "author": { "name": "Dmitry Belyavskiy", "email": "beldmit@gmail.com", "time": "Tue Apr 12 12:35:25 2022 +0200" }, "committer": { "name": "Dmitry Belyavskiy", "email": "beldmit@gmail.com", "time": "Fri Apr 22 11:34:42 2022 +0200" }, "message": "Minimal test checking we can get public key in Turkish locale\n\nReviewed-by: Tim Hudson \u003ctjh@openssl.org\u003e\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18069)\n" }, { "commit": "c5e7de5dee9995cbc7247e37ccd0a6ddd1f7db56", "tree": "9efc57fe0cdd431e14b3a7f8f71baafa902b0a02", "parents": [ "fba140c73541c03e22b4fdb219a05d129bf0406d" ], "author": { "name": "Dmitry Belyavskiy", "email": "beldmit@gmail.com", "time": "Wed Apr 13 12:33:21 2022 +0200" }, "committer": { "name": "Dmitry Belyavskiy", "email": "beldmit@gmail.com", "time": "Fri Apr 22 11:34:41 2022 +0200" }, "message": "FIPS provider modifications\n\nReviewed-by: Tim Hudson \u003ctjh@openssl.org\u003e\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18069)\n" }, { "commit": "fba140c73541c03e22b4fdb219a05d129bf0406d", "tree": "b5c692f73ff063c2f071ef2383979fb8aa572164", "parents": [ "4b2bd2722b8294a6b27c9e1fcf7d76f7d9de9b44" ], "author": { "name": "Dmitry Belyavskiy", "email": "beldmit@gmail.com", "time": "Tue Apr 12 12:30:08 2022 +0200" }, "committer": { "name": "Dmitry Belyavskiy", "email": "beldmit@gmail.com", "time": "Fri Apr 22 11:34:41 2022 +0200" }, "message": "str[n]casecmp \u003d\u003e OPENSSL_strncasecmp\n\nReviewed-by: Tim Hudson \u003ctjh@openssl.org\u003e\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18069)\n" }, { "commit": "4b2bd2722b8294a6b27c9e1fcf7d76f7d9de9b44", "tree": "0d88b8de3e2a7ef5e6c0fe8efa13d64c4e802771", "parents": [ "5adddcd96255112ff04b350d661518302159e7e2" ], "author": { "name": "Dmitry Belyavskiy", "email": "beldmit@gmail.com", "time": "Wed Apr 13 12:32:14 2022 +0200" }, "committer": { "name": "Dmitry Belyavskiy", "email": "beldmit@gmail.com", "time": "Fri Apr 22 11:34:41 2022 +0200" }, "message": "Public API functions OPENSSL_str[n]casecmp\n\nReviewed-by: Tim Hudson \u003ctjh@openssl.org\u003e\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18069)\n" }, { "commit": "5adddcd96255112ff04b350d661518302159e7e2", "tree": "f80ae975ca189469ed860867c6eccb1b263c4ffb", "parents": [ "45a3c592b94b66cab72e5bffbaf9d810c3fb29c0" ], "author": { "name": "Tom Cosgrove", "email": "tom.cosgrove@arm.com", "time": "Fri Apr 15 18:43:49 2022 +0100" }, "committer": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Thu Apr 21 10:37:00 2022 +0200" }, "message": "Fix gcc 6.3 builds of aarch64 BSAES\n\ngcc6.3 doesn\u0027t seem to support the register aliases fp and lr for x29 and x30,\nso use the x names.\n\nFixes #18114\n\nChange-Id: I077edda42af4c7cdb7b24f28ac82d1603f550108\n\nReviewed-by: Shane Lontis \u003cshane.lontis@oracle.com\u003e\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18127)\n" }, { "commit": "45a3c592b94b66cab72e5bffbaf9d810c3fb29c0", "tree": "b82da08711920dddade0c57e040cd03b6d2d2b9a", "parents": [ "3f075967f664aac12951a1d7aa3124d9235cd299" ], "author": { "name": "Daniel Fiala", "email": "daniel@openssl.org", "time": "Mon Mar 28 12:53:08 2022 +0000" }, "committer": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Thu Apr 21 08:38:13 2022 +0200" }, "message": "Clear incorrectly reported errors in cms_io.\n\nFixes openssl#17841.\n\nReviewed-by: Shane Lontis \u003cshane.lontis@oracle.com\u003e\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18109)\n" }, { "commit": "3f075967f664aac12951a1d7aa3124d9235cd299", "tree": "0198743659f5910b0173f2018d73ccab7c1f8960", "parents": [ "4d50a5467b0a208c61d163239a3544bae06343ea" ], "author": { "name": "Zhou Qingyang", "email": "zhou1615@umn.edu", "time": "Thu Apr 07 00:48:09 2022 +0800" }, "committer": { "name": "Tomas Mraz", "email": "tomas@openssl.org", "time": "Thu Apr 21 08:34:09 2022 +0200" }, "message": "Fix a possible NULL pointer dereference in create_cert_store()\n\nIn create_cert_store(), X509_STORE_new() is called and there is a\ndereference of it in following function X509_STORE_add_lookup()\nwithout check, which could lead to NULL pointer dereference.\n\nFix this by adding a NULL check of X509_STORE_new()\n\nReviewed-by: Shane Lontis \u003cshane.lontis@oracle.com\u003e\nReviewed-by: Tomas Mraz \u003ctomas@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/18057)\n" } ], "next": "4d50a5467b0a208c61d163239a3544bae06343ea" }