[openssl/openssl] 21f89f: Fix OCSP_basic_verify signer certificate validation
Tomas Mraz
noreply at reply.github.openssl.org
Tue May 3 14:36:25 UTC 2022
Branch: refs/heads/master
Home: https://github.openssl.org/openssl/openssl
Commit: 21f89f542d745adbf1131338929ae538e200d50d
https://github.openssl.org/openssl/openssl/commit/21f89f542d745adbf1131338929ae538e200d50d
Author: Matt Caswell <matt at openssl.org>
Date: 2022-05-03 (Tue, 03 May 2022)
Changed paths:
M crypto/ocsp/ocsp_vfy.c
Log Message:
-----------
Fix OCSP_basic_verify signer certificate validation
The function `OCSP_basic_verify` validates the signer certificate on an OCSP
response. The internal function, ocsp_verify_signer, is responsible for this
and is expected to return a 0 value in the event of a failure to verify.
Unfortunately, due to a bug, it actually returns with a postive success
response in this case. In the normal course of events OCSP_basic_verify
will then continue and will fail anyway in the ocsp_check_issuer function
because the supplied "chain" value will be empty in the case that
ocsp_verify_signer failed to verify the chain. This will cause
OCSP_basic_verify to return with a negative result (fatal error). Normally
in the event of a failure to verify it should return with 0.
However, in the case of the OCSP_NOCHECKS flag being used, OCSP_basic_verify
will return with a positvie result. This could lead to callers trusting an
OCSP Basic response when it should not be.
CVE-2022-1343
Fixes #18053
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
Commit: 6ee1f4f40b5100ef2744866a727bb4b9ef8ea39e
https://github.openssl.org/openssl/openssl/commit/6ee1f4f40b5100ef2744866a727bb4b9ef8ea39e
Author: Matt Caswell <matt at openssl.org>
Date: 2022-05-03 (Tue, 03 May 2022)
Changed paths:
M test/recipes/80-test_ocsp.t
Log Message:
-----------
Test ocsp with invalid responses and the "-no_cert_checks" option
The "-no_cert_checks" option causes the flag OCSP_NOCHECKS to be set.
The bug fixed in the previous commit will cause the ocsp app to respond with
a success result in the case when the OCSP response signing certificate
fails to verify and -no_cert_checks is used - so we test that it fails in
this case.
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
Commit: 33219939c782cf363b30e9e899b9997fb1ced440
https://github.openssl.org/openssl/openssl/commit/33219939c782cf363b30e9e899b9997fb1ced440
Author: Matt Caswell <matt at openssl.org>
Date: 2022-05-03 (Tue, 03 May 2022)
Changed paths:
M providers/implementations/ciphers/cipher_rc4_hmac_md5.c
M test/recipes/30-test_evp_data/evpciph_aes_stitched.txt
M test/recipes/30-test_evp_data/evpciph_rc4_stitched.txt
Log Message:
-----------
Fix the RC4-MD5 cipher
A copy&paste error meant that the RC4-MD5 cipher (used in TLS) used the TLS
AAD data as the MAC key.
CVE-2022-1434
Fixes #18112
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
Reviewed-by: Matt Caswell <matt at openssl.org>
Commit: 7c33270707b568c524a8ef125fe611a8872cb5e8
https://github.openssl.org/openssl/openssl/commit/7c33270707b568c524a8ef125fe611a8872cb5e8
Author: Tomas Mraz <tomas at openssl.org>
Date: 2022-05-03 (Tue, 03 May 2022)
Changed paths:
M tools/c_rehash.in
Log Message:
-----------
c_rehash: Do not use shell to invoke openssl
Except on VMS where it is safe.
This fixes CVE-2022-1292.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
Reviewed-by: Matt Caswell <matt at openssl.org>
Commit: 60e938057439b7b6a1ff542a34209657007d2d17
https://github.openssl.org/openssl/openssl/commit/60e938057439b7b6a1ff542a34209657007d2d17
Author: Pauli <pauli at openssl.org>
Date: 2022-05-03 (Tue, 03 May 2022)
Changed paths:
M doc/fingerprints.txt
Log Message:
-----------
Update Paul's pgp key signature
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18219)
Commit: 73e044bd1aa3ff00e189624b4807e15e8de8f8e4
https://github.openssl.org/openssl/openssl/commit/73e044bd1aa3ff00e189624b4807e15e8de8f8e4
Author: Matt Caswell <matt at openssl.org>
Date: 2022-05-03 (Tue, 03 May 2022)
Changed paths:
M CHANGES.md
M NEWS.md
Log Message:
-----------
Update CHANGES and NEWS for new release
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Release: yes
Commit: fecb3aae22aeda493f348739ebf7943071ecdbe1
https://github.openssl.org/openssl/openssl/commit/fecb3aae22aeda493f348739ebf7943071ecdbe1
Author: Matt Caswell <matt at openssl.org>
Date: 2022-05-03 (Tue, 03 May 2022)
Changed paths:
M .github/workflows/ci.yml
M .github/workflows/cross-compiles.yml
M .github/workflows/run-checker-ci.yml
M .github/workflows/run-checker-daily.yml
M Configure
M apps/ciphers.c
M apps/cmp.c
M apps/cms.c
M apps/crl.c
M apps/dgst.c
M apps/dhparam.c
M apps/dsa.c
M apps/dsaparam.c
M apps/ec.c
M apps/ecparam.c
M apps/enc.c
M apps/gendsa.c
M apps/genpkey.c
M apps/genrsa.c
M apps/include/cmp_mock_srv.h
M apps/include/http_server.h
M apps/include/opt.h
M apps/include/s_apps.h
M apps/lib/cmp_mock_srv.c
M apps/lib/http_server.c
M apps/lib/names.c
M apps/lib/opt.c
M apps/lib/s_cb.c
M apps/lib/s_socket.c
M apps/lib/vms_term_sock.c
M apps/list.c
M apps/ocsp.c
M apps/passwd.c
M apps/pkcs12.c
M apps/pkcs7.c
M apps/pkey.c
M apps/pkeyutl.c
M apps/prime.c
M apps/progs.pl
M apps/rand.c
M apps/rehash.c
M apps/req.c
M apps/rsa.c
M apps/s_client.c
M apps/s_server.c
M apps/smime.c
M apps/speed.c
M apps/storeutl.c
M apps/ts.c
M apps/verify.c
M apps/x509.c
M crypto/LPdir_unix.c
M crypto/aes/aes_core.c
M crypto/aes/asm/aesv8-armx.pl
M crypto/aes/asm/bsaes-armv8.pl
M crypto/arm64cpuid.pl
M crypto/arm_arch.h
M crypto/armcap.c
M crypto/asn1/a_sign.c
M crypto/asn1/ameth_lib.c
M crypto/asn1/asn1_gen.c
M crypto/asn1/d2i_pu.c
M crypto/asn1/i2d_evp.c
M crypto/asn1/p5_pbev2.c
M crypto/asn1/x_algor.c
M crypto/async/arch/async_null.c
M crypto/async/arch/async_null.h
M crypto/async/arch/async_posix.c
M crypto/async/arch/async_posix.h
M crypto/async/arch/async_win.c
M crypto/async/arch/async_win.h
M crypto/async/async.c
M crypto/bio/bio_addr.c
M crypto/bio/bio_err.c
M crypto/bio/bio_local.h
M crypto/bio/bio_print.c
M crypto/bio/bio_sock2.c
M crypto/bio/bss_acpt.c
M crypto/bio/bss_bio.c
M crypto/bio/bss_conn.c
M crypto/bio/bss_core.c
M crypto/bio/bss_sock.c
M crypto/bn/asm/rsaz-2k-avx512.pl
M crypto/bn/asm/rsaz-3k-avx512.pl
M crypto/bn/asm/rsaz-4k-avx512.pl
M crypto/bn/bn_div.c
M crypto/bn/bn_exp.c
M crypto/bn/bn_exp2.c
M crypto/bn/bn_lib.c
M crypto/bn/bn_local.h
M crypto/bn/bn_ppc.c
M crypto/bn/bn_sqrt.c
M crypto/camellia/camellia.c
M crypto/chacha/asm/chacha-armv8.pl
M crypto/chacha/asm/chachap10-ppc.pl
M crypto/chacha/chacha_ppc.c
M crypto/cmp/cmp_client.c
M crypto/cmp/cmp_hdr.c
M crypto/cmp/cmp_msg.c
M crypto/cmp/cmp_protect.c
M crypto/cmp/cmp_vfy.c
M crypto/cms/cms_cd.c
M crypto/cms/cms_dh.c
M crypto/cms/cms_ec.c
M crypto/cms/cms_env.c
M crypto/cms/cms_io.c
M crypto/cms/cms_lib.c
M crypto/cms/cms_local.h
M crypto/cms/cms_rsa.c
M crypto/cms/cms_sd.c
M crypto/cms/cms_smime.c
M crypto/conf/conf_api.c
M crypto/conf/conf_def.c
M crypto/conf/conf_lib.c
M crypto/context.c
M crypto/core_namemap.c
M crypto/cpuid.c
M crypto/cryptlib.c
M crypto/ctype.c
M crypto/des/cfb_enc.c
M crypto/dh/dh_ameth.c
M crypto/dh/dh_backend.c
M crypto/dh/dh_group_params.c
M crypto/dh/dh_kdf.c
M crypto/dh/dh_key.c
M crypto/dllmain.c
M crypto/dsa/dsa_ameth.c
M crypto/dsa/dsa_backend.c
M crypto/dso/dso_dlfcn.c
M crypto/dso/dso_win32.c
M crypto/ec/curve25519.c
M crypto/ec/curve448/arch_32/f_impl32.c
M crypto/ec/curve448/curve448.c
M crypto/ec/ec2_oct.c
M crypto/ec/ec_backend.c
M crypto/ec/ec_lib.c
M crypto/ec/ecp_nistz256.c
M crypto/ec/ecp_s390x_nistp.c
M crypto/ec/ecx_meth.c
M crypto/encode_decode/decoder_lib.c
M crypto/encode_decode/decoder_meth.c
M crypto/encode_decode/decoder_pkey.c
M crypto/encode_decode/encoder_lib.c
M crypto/encode_decode/encoder_local.h
M crypto/encode_decode/encoder_meth.c
M crypto/encode_decode/encoder_pkey.c
M crypto/engine/eng_dyn.c
M crypto/engine/eng_init.c
M crypto/engine/eng_lib.c
M crypto/engine/tb_asnmth.c
M crypto/err/err.c
M crypto/evp/c_allc.c
M crypto/evp/ctrl_params_translate.c
M crypto/evp/digest.c
M crypto/evp/e_aes.c
M crypto/evp/e_aes_cbc_hmac_sha1.c
M crypto/evp/e_sm4.c
M crypto/evp/ec_support.c
M crypto/evp/evp_enc.c
M crypto/evp/evp_fetch.c
M crypto/evp/evp_lib.c
M crypto/evp/evp_local.h
M crypto/evp/exchange.c
M crypto/evp/keymgmt_lib.c
M crypto/evp/m_sigver.c
M crypto/evp/p5_crpt2.c
M crypto/evp/p_lib.c
M crypto/evp/pmeth_gn.c
M crypto/evp/pmeth_lib.c
M crypto/ffc/ffc_backend.c
M crypto/ffc/ffc_dh.c
M crypto/ffc/ffc_params.c
M crypto/ffc/ffc_params_generate.c
M crypto/getenv.c
M crypto/http/http_client.c
M crypto/info.c
M crypto/init.c
M crypto/initthread.c
M crypto/lhash/lh_stats.c
M crypto/lhash/lhash.c
M crypto/lhash/lhash_local.h
M crypto/md5/md5_local.h
M crypto/mem.c
M crypto/mem_sec.c
M crypto/modes/asm/aes-gcm-armv8-unroll8_64.pl
M crypto/modes/asm/aes-gcm-avx512.pl
M crypto/modes/asm/aes-gcm-ppc.pl
M crypto/modes/asm/ghashv8-armx.pl
M crypto/o_dir.c
M crypto/o_fopen.c
M crypto/o_init.c
M crypto/o_str.c
M crypto/objects/o_names.c
M crypto/objects/obj_dat.c
M crypto/objects/obj_xref.c
M crypto/ocsp/ocsp_vfy.c
M crypto/param_build.c
M crypto/param_build_set.c
M crypto/params.c
M crypto/params_dup.c
M crypto/passphrase.c
M crypto/pem/pem_lib.c
M crypto/pem/pem_pk8.c
M crypto/perlasm/ppc-xlate.pl
M crypto/perlasm/x86_64-xlate.pl
M crypto/pkcs12/p12_kiss.c
M crypto/pkcs7/pk7_lib.c
M crypto/poly1305/asm/poly1305-armv8.pl
M crypto/ppccap.c
M crypto/ppccpuid.pl
M crypto/property/defn_cache.c
M crypto/property/property.c
M crypto/property/property_parse.c
M crypto/property/property_string.c
M crypto/provider_child.c
M crypto/provider_conf.c
M crypto/provider_core.c
M crypto/rand/rand_deprecated.c
M crypto/rand/rand_egd.c
M crypto/rand/rand_lib.c
M crypto/rsa/rsa_ameth.c
M crypto/rsa/rsa_backend.c
M crypto/rsa/rsa_lib.c
M crypto/rsa/rsa_ossl.c
M crypto/s390x_arch.h
M crypto/self_test_core.c
M crypto/sha/asm/keccak1600-armv8.pl
M crypto/sha/sha1dgst.c
M crypto/sha/sha512.c
M crypto/siphash/siphash.c
M crypto/sm3/asm/sm3-armv8.pl
M crypto/sm3/sm3_local.h
M crypto/sm4/asm/vpsm4-armv8.pl
M crypto/sm4/sm4.c
M crypto/sparse_array.c
M crypto/store/store_lib.c
M crypto/store/store_meth.c
M crypto/store/store_result.c
M crypto/threads_pthread.c
M crypto/trace.c
M crypto/ts/ts_rsp_sign.c
M crypto/ui/ui_openssl.c
M crypto/ui/ui_util.c
M crypto/x509/by_dir.c
M crypto/x509/t_x509.c
M crypto/x509/v3_akid.c
M crypto/x509/v3_crld.c
M crypto/x509/v3_ist.c
M crypto/x509/v3_sxnet.c
M crypto/x509/v3_tlsf.c
M crypto/x509/v3_utf8.c
M crypto/x509/v3_utl.c
M crypto/x509/v3err.c
M crypto/x509/x509_lu.c
M crypto/x509/x509_trust.c
M crypto/x509/x509_vfy.c
M crypto/x509/x_pubkey.c
M demos/digest/EVP_MD_demo.c
M demos/mac/gmac.c
M demos/pkey/EVP_PKEY_EC_keygen.c
M dev/release.sh
M doc/internal/man3/OPTIONS.pod
M doc/internal/man3/OSSL_METHOD_STORE.pod
M doc/internal/man3/OSSL_SAFE_MATH_SIGNED.pod
M doc/internal/man3/ossl_cmp_mock_srv_new.pod
M doc/internal/man3/ossl_lib_ctx_get_data.pod
M doc/internal/man3/ossl_random_add_conf_module.pod
M doc/internal/man7/EVP_PKEY.pod
M doc/man1/openssl-ca.pod.in
M doc/man1/openssl-cms.pod.in
M doc/man1/openssl-dgst.pod.in
M doc/man1/openssl-dhparam.pod.in
M doc/man1/openssl-dsaparam.pod.in
M doc/man1/openssl-enc.pod.in
M doc/man1/openssl-gendsa.pod.in
M doc/man1/openssl-genpkey.pod.in
M doc/man1/openssl-genrsa.pod.in
M doc/man1/openssl-kdf.pod.in
M doc/man1/openssl-ocsp.pod.in
M doc/man1/openssl-pkcs7.pod.in
M doc/man1/openssl-s_client.pod.in
M doc/man1/openssl-s_server.pod.in
M doc/man1/openssl-speed.pod.in
M doc/man1/openssl-verification-options.pod
M doc/man1/openssl.pod
M doc/man3/ASN1_aux_cb.pod
M doc/man3/ASN1_item_sign.pod
M doc/man3/ASYNC_start_job.pod
M doc/man3/BIO_ADDR.pod
M doc/man3/BIO_connect.pod
M doc/man3/BIO_ctrl.pod
M doc/man3/BIO_f_base64.pod
M doc/man3/BIO_meth_new.pod
M doc/man3/BIO_s_accept.pod
M doc/man3/BIO_s_core.pod
M doc/man3/BN_add.pod
M doc/man3/BN_bn2bin.pod
M doc/man3/BN_rand.pod
M doc/man3/CMS_final.pod
M doc/man3/CONF_modules_load_file.pod
M doc/man3/DH_get0_pqg.pod
M doc/man3/ERR_get_error.pod
M doc/man3/EVP_DigestInit.pod
M doc/man3/EVP_EncryptInit.pod
M doc/man3/EVP_KEYMGMT.pod
M doc/man3/EVP_PKEY2PKCS8.pod
M doc/man3/EVP_PKEY_derive.pod
M doc/man3/EVP_PKEY_gettable_params.pod
M doc/man3/EVP_PKEY_new.pod
M doc/man3/EVP_PKEY_todata.pod
M doc/man3/EVP_blake2b512.pod
M doc/man3/EVP_md2.pod
M doc/man3/EVP_md4.pod
M doc/man3/EVP_md5.pod
M doc/man3/EVP_mdc2.pod
M doc/man3/EVP_ripemd160.pod
M doc/man3/EVP_sha1.pod
M doc/man3/EVP_sha224.pod
M doc/man3/EVP_sha3_224.pod
M doc/man3/EVP_sm3.pod
M doc/man3/EVP_whirlpool.pod
M doc/man3/OCSP_resp_find_status.pod
M doc/man3/OCSP_sendreq_new.pod
M doc/man3/OPENSSL_LH_stats.pod
M doc/man3/OPENSSL_hexchar2int.pod
M doc/man3/OSSL_CMP_CTX_new.pod
M doc/man3/OSSL_CMP_MSG_get0_header.pod
M doc/man3/OSSL_CMP_log_open.pod
M doc/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.pod
M doc/man3/OSSL_DECODER.pod
M doc/man3/OSSL_DECODER_CTX_new_for_pkey.pod
M doc/man3/OSSL_ENCODER.pod
M doc/man3/OSSL_ENCODER_CTX.pod
M doc/man3/OSSL_ENCODER_CTX_new_for_pkey.pod
M doc/man3/OSSL_ESS_check_signing_certs.pod
M doc/man3/OSSL_HTTP_REQ_CTX.pod
M doc/man3/OSSL_HTTP_parse_url.pod
M doc/man3/OSSL_PARAM.pod
M doc/man3/OSSL_PARAM_BLD.pod
M doc/man3/OSSL_PARAM_int.pod
M doc/man3/OSSL_STORE_LOADER.pod
M doc/man3/OSSL_trace_set_channel.pod
M doc/man3/OpenSSL_version.pod
M doc/man3/PEM_read_bio_PrivateKey.pod
M doc/man3/PKCS12_decrypt_skey.pod
M doc/man3/PKCS12_gen_mac.pod
M doc/man3/RAND_bytes.pod
M doc/man3/RSA_get0_key.pod
M doc/man3/SSL_CONF_cmd.pod
M doc/man3/SSL_CTX_get0_param.pod
M doc/man3/SSL_CTX_set1_curves.pod
M doc/man3/SSL_CTX_set1_verify_cert_store.pod
M doc/man3/SSL_CTX_set_cert_verify_callback.pod
M doc/man3/SSL_CTX_set_client_hello_cb.pod
M doc/man3/SSL_CTX_set_ssl_version.pod
M doc/man3/SSL_CTX_set_timeout.pod
M doc/man3/SSL_CTX_set_tmp_dh_callback.pod
M doc/man3/SSL_CTX_set_verify.pod
M doc/man3/SSL_set_session.pod
M doc/man3/SSL_want.pod
M doc/man3/X509V3_get_d2i.pod
M doc/man3/X509V3_set_ctx.pod
M doc/man3/X509_ALGOR_dup.pod
M doc/man3/X509_STORE_CTX_new.pod
M doc/man3/X509_VERIFY_PARAM_set_flags.pod
M doc/man3/X509_add_cert.pod
M doc/man3/X509_check_host.pod
M doc/man3/X509_cmp.pod
M doc/man3/X509_digest.pod
M doc/man3/X509_dup.pod
M doc/man3/X509_verify_cert.pod
M doc/man3/X509v3_get_ext_by_NID.pod
M doc/man5/config.pod
M doc/man5/x509v3_config.pod
M doc/man7/EVP_KDF-SSHKDF.pod
M doc/man7/EVP_KEYEXCH-DH.pod
M doc/man7/EVP_KEYEXCH-ECDH.pod
M doc/man7/EVP_MD-BLAKE2.pod
M doc/man7/EVP_PKEY-EC.pod
M doc/man7/bio.pod
M doc/man7/crypto.pod
M doc/man7/fips_module.pod
M doc/man7/life_cycle-pkey.pod
M doc/man7/migration_guide.pod
M doc/man7/openssl-glossary.pod
M doc/man7/provider-kdf.pod
M doc/man7/provider-keyexch.pod
M doc/man7/provider-object.pod
M doc/man7/provider-signature.pod
M doc/man7/provider.pod
M engines/e_dasync.c
M engines/e_devcrypto.c
M engines/e_loader_attic.c
M fuzz/asn1.c
M fuzz/client.c
M fuzz/fuzz_rand.c
M include/crypto/aes_platform.h
M include/crypto/ctype.h
M include/crypto/dh.h
M include/crypto/dsa.h
M include/crypto/evp.h
M include/crypto/md32_common.h
M include/crypto/modes.h
M include/crypto/ppc_arch.h
M include/crypto/rsa.h
M include/internal/bio.h
M include/internal/common.h
M include/internal/core.h
M include/internal/cryptlib.h
M include/internal/der.h
M include/internal/e_os.h
M include/internal/ktls.h
M include/internal/param_build_set.h
M include/internal/safe_math.h
M include/internal/sockets.h
M include/internal/tsan_assist.h
M include/openssl/async.h
M include/openssl/bio.h.in
M include/openssl/bioerr.h
M include/openssl/bn.h
M include/openssl/cms.h.in
M include/openssl/core_dispatch.h
M include/openssl/crypto.h.in
M include/openssl/ec.h
M include/openssl/engine.h
M include/openssl/evp.h
M include/openssl/self_test.h
M include/openssl/ssl.h.in
M include/openssl/x509.h.in
M include/openssl/x509v3err.h
M providers/common/capabilities.c
M providers/common/include/prov/provider_util.h
M providers/common/provider_util.c
M providers/fips/fipsprov.c
M providers/fips/self_test.c
M providers/fips/self_test_data.inc
M providers/implementations/ciphers/cipher_aes_gcm_hw.c
M providers/implementations/ciphers/cipher_aes_gcm_hw_aesni.inc
M providers/implementations/ciphers/cipher_aes_gcm_hw_armv8.inc
M providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc
M providers/implementations/ciphers/cipher_aes_gcm_hw_vaes_avx512.inc
M providers/implementations/ciphers/cipher_cts.c
M providers/implementations/ciphers/cipher_rc4_hmac_md5.c
M providers/implementations/ciphers/cipher_sm4.h
M providers/implementations/ciphers/cipher_sm4_gcm_hw.c
M providers/implementations/ciphers/cipher_sm4_hw.c
M providers/implementations/ciphers/cipher_tdes.c
M providers/implementations/ciphers/cipher_tdes_default.c
M providers/implementations/digests/sha3_prov.c
M providers/implementations/encode_decode/decode_der2key.c
M providers/implementations/encode_decode/decode_epki2pki.c
M providers/implementations/encode_decode/decode_msblob2key.c
M providers/implementations/encode_decode/decode_pem2der.c
M providers/implementations/encode_decode/decode_pvk2key.c
M providers/implementations/encode_decode/encode_key2any.c
M providers/implementations/encode_decode/encode_key2blob.c
M providers/implementations/encode_decode/encode_key2ms.c
M providers/implementations/encode_decode/encode_key2text.c
M providers/implementations/encode_decode/endecoder_common.c
M providers/implementations/exchange/dh_exch.c
M providers/implementations/exchange/ecdh_exch.c
M providers/implementations/include/prov/ciphercommon.h
M providers/implementations/include/prov/ciphercommon_aead.h
M providers/implementations/include/prov/ciphercommon_ccm.h
M providers/implementations/include/prov/ciphercommon_gcm.h
M providers/implementations/kdfs/hkdf.c
M providers/implementations/kdfs/kbkdf.c
M providers/implementations/kdfs/krb5kdf.c
M providers/implementations/kdfs/pbkdf1.c
M providers/implementations/kdfs/pbkdf2.c
M providers/implementations/kdfs/pkcs12kdf.c
M providers/implementations/kdfs/pvkkdf.c
M providers/implementations/kdfs/scrypt.c
M providers/implementations/kdfs/sshkdf.c
M providers/implementations/kdfs/sskdf.c
M providers/implementations/kdfs/tls1_prf.c
M providers/implementations/kdfs/x942kdf.c
M providers/implementations/kem/rsa_kem.c
M providers/implementations/keymgmt/dh_kmgmt.c
M providers/implementations/keymgmt/dsa_kmgmt.c
M providers/implementations/keymgmt/ec_kmgmt.c
M providers/implementations/keymgmt/ecx_kmgmt.c
M providers/implementations/keymgmt/kdf_legacy_kmgmt.c
M providers/implementations/keymgmt/mac_legacy_kmgmt.c
M providers/implementations/keymgmt/rsa_kmgmt.c
M providers/implementations/macs/cmac_prov.c
M providers/implementations/macs/gmac_prov.c
M providers/implementations/macs/hmac_prov.c
M providers/implementations/macs/poly1305_prov.c
M providers/implementations/macs/siphash_prov.c
M providers/implementations/rands/crngt.c
M providers/implementations/rands/drbg.c
M providers/implementations/rands/drbg_ctr.c
M providers/implementations/rands/seeding/rand_unix.c
M providers/implementations/rands/seeding/rand_vms.c
M providers/implementations/signature/rsa_sig.c
M providers/implementations/signature/sm2_sig.c
M providers/implementations/storemgmt/file_store.c
M providers/legacyprov.c
M ssl/d1_lib.c
M ssl/ktls.c
M ssl/record/rec_layer_s3.c
M ssl/record/ssl3_record.c
M ssl/s3_lib.c
M ssl/ssl_cert.c
M ssl/ssl_conf.c
M ssl/ssl_err.c
M ssl/ssl_init.c
M ssl/ssl_lib.c
M ssl/ssl_local.h
M ssl/ssl_rsa.c
M ssl/ssl_sess.c
M ssl/ssl_txt.c
M ssl/statem/extensions.c
M ssl/statem/extensions_clnt.c
M ssl/statem/extensions_srvr.c
M ssl/statem/statem.c
M ssl/statem/statem_clnt.c
M ssl/statem/statem_dtls.c
M ssl/statem/statem_lib.c
M ssl/statem/statem_local.h
M ssl/statem/statem_srvr.c
M ssl/t1_enc.c
M ssl/t1_lib.c
M ssl/tls13_enc.c
M test/asynctest.c
M test/bio_enc_test.c
M test/bntest.c
M test/cmp_client_test.c
M test/cmp_vfy_test.c
M test/cmsapitest.c
M test/context_internal_test.c
M test/crltest.c
M test/ct_test.c
M test/dhtest.c
M test/dtls_mtu_test.c
M test/endecode_test.c
M test/enginetest.c
M test/evp_extra_test.c
M test/evp_extra_test2.c
M test/evp_fetch_prov_test.c
M test/evp_libctx_test.c
M test/evp_pkey_dparams_test.c
M test/evp_pkey_provided_test.c
M test/evp_test.c
M test/helpers/handshake.c
M test/helpers/handshake_srp.c
M test/helpers/predefined_dhparams.c
M test/helpers/predefined_dhparams.h
M test/helpers/ssl_test_ctx.c
M test/helpers/ssltestlib.c
M test/mdc2test.c
M test/p_test.c
M test/param_build_test.c
M test/params_api_test.c
M test/params_conversion_test.c
M test/params_test.c
M test/provfetchtest.c
M test/provider_test.c
M test/rdcpu_sanitytest.c
M test/recipes/02-test_localetest.t
M test/recipes/03-test_fipsinstall.t
M test/recipes/04-test_bio_tfo.t
M test/recipes/10-test_bn_data/bnmod.txt
M test/recipes/15-test_ecparam.t
M test/recipes/15-test_gendhparam.t
M test/recipes/15-test_genrsa.t
M test/recipes/15-test_rsapss.t
M test/recipes/20-test_dgst.t
M test/recipes/25-test_pkcs7.t
M test/recipes/25-test_req.t
M test/recipes/30-test_evp_data/evpciph_aes_ccm_cavs.txt
M test/recipes/30-test_evp_data/evpciph_des3_common.txt
M test/recipes/30-test_evp_data/evpmac_poly1305.txt
M test/recipes/30-test_evp_data/evppkey_ffdhe.txt
M test/recipes/70-test_sslrecords.t
M test/recipes/70-test_tls13hrr.t
M test/recipes/70-test_verify_extra.t
M test/recipes/80-test_cms.t
M test/recipes/80-test_cmsapi.t
M test/recipes/80-test_ocsp.t
M test/recipes/80-test_pkcs12.t
M test/recipes/80-test_ssl_old.t
M test/recipes/90-test_sslapi.t
M test/recipes/90-test_threads.t
M test/recipes/95-test_external_tlsfuzzer.t
M test/run_tests.pl
M test/safe_math_test.c
M test/sanitytest.c
M test/secmemtest.c
M test/siphash_internal_test.c
M test/ssl-tests/28-seclevel.cnf.in
M test/ssl_old_test.c
M test/sslapitest.c
M test/threadstest.c
M test/tls-provider.c
M test/upcallstest.c
M test/v3nametest.c
M test/verify_extra_test.c
M tools/c_rehash.in
M util/add-depends.pl
M util/perl/OpenSSL/config.pm
M util/perl/OpenSSL/copyright.pm
Log Message:
-----------
Update copyright year
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Release: yes
Commit: cac250755efd0c40cc6127a0e4baceb8d226c7e3
https://github.openssl.org/openssl/openssl/commit/cac250755efd0c40cc6127a0e4baceb8d226c7e3
Author: Tomas Mraz <tomas at openssl.org>
Date: 2022-05-03 (Tue, 03 May 2022)
Changed paths:
M CHANGES.md
Log Message:
-----------
CHANGES.md: Attribute the OPENSSL_LH_flush() fix properly
Reviewed-by: Matt Caswell <matt at openssl.org>
Release: yes
Compare: https://github.openssl.org/openssl/openssl/compare/b1b2146ded9c...cac250755efd
More information about the openssl-commits
mailing list