[openssl/openssl] 21f89f: Fix OCSP_basic_verify signer certificate validation

Tomas Mraz noreply at reply.github.openssl.org
Tue May 3 14:36:25 UTC 2022


  Branch: refs/heads/master
  Home:   https://github.openssl.org/openssl/openssl
  Commit: 21f89f542d745adbf1131338929ae538e200d50d
      https://github.openssl.org/openssl/openssl/commit/21f89f542d745adbf1131338929ae538e200d50d
  Author: Matt Caswell <matt at openssl.org>
  Date:   2022-05-03 (Tue, 03 May 2022)

  Changed paths:
    M crypto/ocsp/ocsp_vfy.c

  Log Message:
  -----------
  Fix OCSP_basic_verify signer certificate validation

The function `OCSP_basic_verify` validates the signer certificate on an OCSP
response. The internal function, ocsp_verify_signer, is responsible for this
and is expected to return a 0 value in the event of a failure to verify.
Unfortunately, due to a bug, it actually returns with a postive success
response in this case. In the normal course of events OCSP_basic_verify
will then continue and will fail anyway in the ocsp_check_issuer function
because the supplied "chain" value will be empty in the case that
ocsp_verify_signer failed to verify the chain. This will cause
OCSP_basic_verify to return with a negative result (fatal error). Normally
in the event of a failure to verify it should return with 0.

However, in the case of the OCSP_NOCHECKS flag being used, OCSP_basic_verify
will return with a positvie result. This could lead to callers trusting an
OCSP Basic response when it should not be.

CVE-2022-1343

Fixes #18053

Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>


  Commit: 6ee1f4f40b5100ef2744866a727bb4b9ef8ea39e
      https://github.openssl.org/openssl/openssl/commit/6ee1f4f40b5100ef2744866a727bb4b9ef8ea39e
  Author: Matt Caswell <matt at openssl.org>
  Date:   2022-05-03 (Tue, 03 May 2022)

  Changed paths:
    M test/recipes/80-test_ocsp.t

  Log Message:
  -----------
  Test ocsp with invalid responses and the "-no_cert_checks" option

The "-no_cert_checks" option causes the flag OCSP_NOCHECKS to be set.
The bug fixed in the previous commit will cause the ocsp app to respond with
a success result in the case when the OCSP response signing certificate
fails to verify and -no_cert_checks is used - so we test that it fails in
this case.

Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>


  Commit: 33219939c782cf363b30e9e899b9997fb1ced440
      https://github.openssl.org/openssl/openssl/commit/33219939c782cf363b30e9e899b9997fb1ced440
  Author: Matt Caswell <matt at openssl.org>
  Date:   2022-05-03 (Tue, 03 May 2022)

  Changed paths:
    M providers/implementations/ciphers/cipher_rc4_hmac_md5.c
    M test/recipes/30-test_evp_data/evpciph_aes_stitched.txt
    M test/recipes/30-test_evp_data/evpciph_rc4_stitched.txt

  Log Message:
  -----------
  Fix the RC4-MD5 cipher

A copy&paste error meant that the RC4-MD5 cipher (used in TLS) used the TLS
AAD data as the MAC key.

CVE-2022-1434

Fixes #18112

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
Reviewed-by: Matt Caswell <matt at openssl.org>


  Commit: 7c33270707b568c524a8ef125fe611a8872cb5e8
      https://github.openssl.org/openssl/openssl/commit/7c33270707b568c524a8ef125fe611a8872cb5e8
  Author: Tomas Mraz <tomas at openssl.org>
  Date:   2022-05-03 (Tue, 03 May 2022)

  Changed paths:
    M tools/c_rehash.in

  Log Message:
  -----------
  c_rehash: Do not use shell to invoke openssl

Except on VMS where it is safe.

This fixes CVE-2022-1292.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
Reviewed-by: Matt Caswell <matt at openssl.org>


  Commit: 60e938057439b7b6a1ff542a34209657007d2d17
      https://github.openssl.org/openssl/openssl/commit/60e938057439b7b6a1ff542a34209657007d2d17
  Author: Pauli <pauli at openssl.org>
  Date:   2022-05-03 (Tue, 03 May 2022)

  Changed paths:
    M doc/fingerprints.txt

  Log Message:
  -----------
  Update Paul's pgp key signature

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18219)


  Commit: 73e044bd1aa3ff00e189624b4807e15e8de8f8e4
      https://github.openssl.org/openssl/openssl/commit/73e044bd1aa3ff00e189624b4807e15e8de8f8e4
  Author: Matt Caswell <matt at openssl.org>
  Date:   2022-05-03 (Tue, 03 May 2022)

  Changed paths:
    M CHANGES.md
    M NEWS.md

  Log Message:
  -----------
  Update CHANGES and NEWS for new release

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Release: yes


  Commit: fecb3aae22aeda493f348739ebf7943071ecdbe1
      https://github.openssl.org/openssl/openssl/commit/fecb3aae22aeda493f348739ebf7943071ecdbe1
  Author: Matt Caswell <matt at openssl.org>
  Date:   2022-05-03 (Tue, 03 May 2022)

  Changed paths:
    M .github/workflows/ci.yml
    M .github/workflows/cross-compiles.yml
    M .github/workflows/run-checker-ci.yml
    M .github/workflows/run-checker-daily.yml
    M Configure
    M apps/ciphers.c
    M apps/cmp.c
    M apps/cms.c
    M apps/crl.c
    M apps/dgst.c
    M apps/dhparam.c
    M apps/dsa.c
    M apps/dsaparam.c
    M apps/ec.c
    M apps/ecparam.c
    M apps/enc.c
    M apps/gendsa.c
    M apps/genpkey.c
    M apps/genrsa.c
    M apps/include/cmp_mock_srv.h
    M apps/include/http_server.h
    M apps/include/opt.h
    M apps/include/s_apps.h
    M apps/lib/cmp_mock_srv.c
    M apps/lib/http_server.c
    M apps/lib/names.c
    M apps/lib/opt.c
    M apps/lib/s_cb.c
    M apps/lib/s_socket.c
    M apps/lib/vms_term_sock.c
    M apps/list.c
    M apps/ocsp.c
    M apps/passwd.c
    M apps/pkcs12.c
    M apps/pkcs7.c
    M apps/pkey.c
    M apps/pkeyutl.c
    M apps/prime.c
    M apps/progs.pl
    M apps/rand.c
    M apps/rehash.c
    M apps/req.c
    M apps/rsa.c
    M apps/s_client.c
    M apps/s_server.c
    M apps/smime.c
    M apps/speed.c
    M apps/storeutl.c
    M apps/ts.c
    M apps/verify.c
    M apps/x509.c
    M crypto/LPdir_unix.c
    M crypto/aes/aes_core.c
    M crypto/aes/asm/aesv8-armx.pl
    M crypto/aes/asm/bsaes-armv8.pl
    M crypto/arm64cpuid.pl
    M crypto/arm_arch.h
    M crypto/armcap.c
    M crypto/asn1/a_sign.c
    M crypto/asn1/ameth_lib.c
    M crypto/asn1/asn1_gen.c
    M crypto/asn1/d2i_pu.c
    M crypto/asn1/i2d_evp.c
    M crypto/asn1/p5_pbev2.c
    M crypto/asn1/x_algor.c
    M crypto/async/arch/async_null.c
    M crypto/async/arch/async_null.h
    M crypto/async/arch/async_posix.c
    M crypto/async/arch/async_posix.h
    M crypto/async/arch/async_win.c
    M crypto/async/arch/async_win.h
    M crypto/async/async.c
    M crypto/bio/bio_addr.c
    M crypto/bio/bio_err.c
    M crypto/bio/bio_local.h
    M crypto/bio/bio_print.c
    M crypto/bio/bio_sock2.c
    M crypto/bio/bss_acpt.c
    M crypto/bio/bss_bio.c
    M crypto/bio/bss_conn.c
    M crypto/bio/bss_core.c
    M crypto/bio/bss_sock.c
    M crypto/bn/asm/rsaz-2k-avx512.pl
    M crypto/bn/asm/rsaz-3k-avx512.pl
    M crypto/bn/asm/rsaz-4k-avx512.pl
    M crypto/bn/bn_div.c
    M crypto/bn/bn_exp.c
    M crypto/bn/bn_exp2.c
    M crypto/bn/bn_lib.c
    M crypto/bn/bn_local.h
    M crypto/bn/bn_ppc.c
    M crypto/bn/bn_sqrt.c
    M crypto/camellia/camellia.c
    M crypto/chacha/asm/chacha-armv8.pl
    M crypto/chacha/asm/chachap10-ppc.pl
    M crypto/chacha/chacha_ppc.c
    M crypto/cmp/cmp_client.c
    M crypto/cmp/cmp_hdr.c
    M crypto/cmp/cmp_msg.c
    M crypto/cmp/cmp_protect.c
    M crypto/cmp/cmp_vfy.c
    M crypto/cms/cms_cd.c
    M crypto/cms/cms_dh.c
    M crypto/cms/cms_ec.c
    M crypto/cms/cms_env.c
    M crypto/cms/cms_io.c
    M crypto/cms/cms_lib.c
    M crypto/cms/cms_local.h
    M crypto/cms/cms_rsa.c
    M crypto/cms/cms_sd.c
    M crypto/cms/cms_smime.c
    M crypto/conf/conf_api.c
    M crypto/conf/conf_def.c
    M crypto/conf/conf_lib.c
    M crypto/context.c
    M crypto/core_namemap.c
    M crypto/cpuid.c
    M crypto/cryptlib.c
    M crypto/ctype.c
    M crypto/des/cfb_enc.c
    M crypto/dh/dh_ameth.c
    M crypto/dh/dh_backend.c
    M crypto/dh/dh_group_params.c
    M crypto/dh/dh_kdf.c
    M crypto/dh/dh_key.c
    M crypto/dllmain.c
    M crypto/dsa/dsa_ameth.c
    M crypto/dsa/dsa_backend.c
    M crypto/dso/dso_dlfcn.c
    M crypto/dso/dso_win32.c
    M crypto/ec/curve25519.c
    M crypto/ec/curve448/arch_32/f_impl32.c
    M crypto/ec/curve448/curve448.c
    M crypto/ec/ec2_oct.c
    M crypto/ec/ec_backend.c
    M crypto/ec/ec_lib.c
    M crypto/ec/ecp_nistz256.c
    M crypto/ec/ecp_s390x_nistp.c
    M crypto/ec/ecx_meth.c
    M crypto/encode_decode/decoder_lib.c
    M crypto/encode_decode/decoder_meth.c
    M crypto/encode_decode/decoder_pkey.c
    M crypto/encode_decode/encoder_lib.c
    M crypto/encode_decode/encoder_local.h
    M crypto/encode_decode/encoder_meth.c
    M crypto/encode_decode/encoder_pkey.c
    M crypto/engine/eng_dyn.c
    M crypto/engine/eng_init.c
    M crypto/engine/eng_lib.c
    M crypto/engine/tb_asnmth.c
    M crypto/err/err.c
    M crypto/evp/c_allc.c
    M crypto/evp/ctrl_params_translate.c
    M crypto/evp/digest.c
    M crypto/evp/e_aes.c
    M crypto/evp/e_aes_cbc_hmac_sha1.c
    M crypto/evp/e_sm4.c
    M crypto/evp/ec_support.c
    M crypto/evp/evp_enc.c
    M crypto/evp/evp_fetch.c
    M crypto/evp/evp_lib.c
    M crypto/evp/evp_local.h
    M crypto/evp/exchange.c
    M crypto/evp/keymgmt_lib.c
    M crypto/evp/m_sigver.c
    M crypto/evp/p5_crpt2.c
    M crypto/evp/p_lib.c
    M crypto/evp/pmeth_gn.c
    M crypto/evp/pmeth_lib.c
    M crypto/ffc/ffc_backend.c
    M crypto/ffc/ffc_dh.c
    M crypto/ffc/ffc_params.c
    M crypto/ffc/ffc_params_generate.c
    M crypto/getenv.c
    M crypto/http/http_client.c
    M crypto/info.c
    M crypto/init.c
    M crypto/initthread.c
    M crypto/lhash/lh_stats.c
    M crypto/lhash/lhash.c
    M crypto/lhash/lhash_local.h
    M crypto/md5/md5_local.h
    M crypto/mem.c
    M crypto/mem_sec.c
    M crypto/modes/asm/aes-gcm-armv8-unroll8_64.pl
    M crypto/modes/asm/aes-gcm-avx512.pl
    M crypto/modes/asm/aes-gcm-ppc.pl
    M crypto/modes/asm/ghashv8-armx.pl
    M crypto/o_dir.c
    M crypto/o_fopen.c
    M crypto/o_init.c
    M crypto/o_str.c
    M crypto/objects/o_names.c
    M crypto/objects/obj_dat.c
    M crypto/objects/obj_xref.c
    M crypto/ocsp/ocsp_vfy.c
    M crypto/param_build.c
    M crypto/param_build_set.c
    M crypto/params.c
    M crypto/params_dup.c
    M crypto/passphrase.c
    M crypto/pem/pem_lib.c
    M crypto/pem/pem_pk8.c
    M crypto/perlasm/ppc-xlate.pl
    M crypto/perlasm/x86_64-xlate.pl
    M crypto/pkcs12/p12_kiss.c
    M crypto/pkcs7/pk7_lib.c
    M crypto/poly1305/asm/poly1305-armv8.pl
    M crypto/ppccap.c
    M crypto/ppccpuid.pl
    M crypto/property/defn_cache.c
    M crypto/property/property.c
    M crypto/property/property_parse.c
    M crypto/property/property_string.c
    M crypto/provider_child.c
    M crypto/provider_conf.c
    M crypto/provider_core.c
    M crypto/rand/rand_deprecated.c
    M crypto/rand/rand_egd.c
    M crypto/rand/rand_lib.c
    M crypto/rsa/rsa_ameth.c
    M crypto/rsa/rsa_backend.c
    M crypto/rsa/rsa_lib.c
    M crypto/rsa/rsa_ossl.c
    M crypto/s390x_arch.h
    M crypto/self_test_core.c
    M crypto/sha/asm/keccak1600-armv8.pl
    M crypto/sha/sha1dgst.c
    M crypto/sha/sha512.c
    M crypto/siphash/siphash.c
    M crypto/sm3/asm/sm3-armv8.pl
    M crypto/sm3/sm3_local.h
    M crypto/sm4/asm/vpsm4-armv8.pl
    M crypto/sm4/sm4.c
    M crypto/sparse_array.c
    M crypto/store/store_lib.c
    M crypto/store/store_meth.c
    M crypto/store/store_result.c
    M crypto/threads_pthread.c
    M crypto/trace.c
    M crypto/ts/ts_rsp_sign.c
    M crypto/ui/ui_openssl.c
    M crypto/ui/ui_util.c
    M crypto/x509/by_dir.c
    M crypto/x509/t_x509.c
    M crypto/x509/v3_akid.c
    M crypto/x509/v3_crld.c
    M crypto/x509/v3_ist.c
    M crypto/x509/v3_sxnet.c
    M crypto/x509/v3_tlsf.c
    M crypto/x509/v3_utf8.c
    M crypto/x509/v3_utl.c
    M crypto/x509/v3err.c
    M crypto/x509/x509_lu.c
    M crypto/x509/x509_trust.c
    M crypto/x509/x509_vfy.c
    M crypto/x509/x_pubkey.c
    M demos/digest/EVP_MD_demo.c
    M demos/mac/gmac.c
    M demos/pkey/EVP_PKEY_EC_keygen.c
    M dev/release.sh
    M doc/internal/man3/OPTIONS.pod
    M doc/internal/man3/OSSL_METHOD_STORE.pod
    M doc/internal/man3/OSSL_SAFE_MATH_SIGNED.pod
    M doc/internal/man3/ossl_cmp_mock_srv_new.pod
    M doc/internal/man3/ossl_lib_ctx_get_data.pod
    M doc/internal/man3/ossl_random_add_conf_module.pod
    M doc/internal/man7/EVP_PKEY.pod
    M doc/man1/openssl-ca.pod.in
    M doc/man1/openssl-cms.pod.in
    M doc/man1/openssl-dgst.pod.in
    M doc/man1/openssl-dhparam.pod.in
    M doc/man1/openssl-dsaparam.pod.in
    M doc/man1/openssl-enc.pod.in
    M doc/man1/openssl-gendsa.pod.in
    M doc/man1/openssl-genpkey.pod.in
    M doc/man1/openssl-genrsa.pod.in
    M doc/man1/openssl-kdf.pod.in
    M doc/man1/openssl-ocsp.pod.in
    M doc/man1/openssl-pkcs7.pod.in
    M doc/man1/openssl-s_client.pod.in
    M doc/man1/openssl-s_server.pod.in
    M doc/man1/openssl-speed.pod.in
    M doc/man1/openssl-verification-options.pod
    M doc/man1/openssl.pod
    M doc/man3/ASN1_aux_cb.pod
    M doc/man3/ASN1_item_sign.pod
    M doc/man3/ASYNC_start_job.pod
    M doc/man3/BIO_ADDR.pod
    M doc/man3/BIO_connect.pod
    M doc/man3/BIO_ctrl.pod
    M doc/man3/BIO_f_base64.pod
    M doc/man3/BIO_meth_new.pod
    M doc/man3/BIO_s_accept.pod
    M doc/man3/BIO_s_core.pod
    M doc/man3/BN_add.pod
    M doc/man3/BN_bn2bin.pod
    M doc/man3/BN_rand.pod
    M doc/man3/CMS_final.pod
    M doc/man3/CONF_modules_load_file.pod
    M doc/man3/DH_get0_pqg.pod
    M doc/man3/ERR_get_error.pod
    M doc/man3/EVP_DigestInit.pod
    M doc/man3/EVP_EncryptInit.pod
    M doc/man3/EVP_KEYMGMT.pod
    M doc/man3/EVP_PKEY2PKCS8.pod
    M doc/man3/EVP_PKEY_derive.pod
    M doc/man3/EVP_PKEY_gettable_params.pod
    M doc/man3/EVP_PKEY_new.pod
    M doc/man3/EVP_PKEY_todata.pod
    M doc/man3/EVP_blake2b512.pod
    M doc/man3/EVP_md2.pod
    M doc/man3/EVP_md4.pod
    M doc/man3/EVP_md5.pod
    M doc/man3/EVP_mdc2.pod
    M doc/man3/EVP_ripemd160.pod
    M doc/man3/EVP_sha1.pod
    M doc/man3/EVP_sha224.pod
    M doc/man3/EVP_sha3_224.pod
    M doc/man3/EVP_sm3.pod
    M doc/man3/EVP_whirlpool.pod
    M doc/man3/OCSP_resp_find_status.pod
    M doc/man3/OCSP_sendreq_new.pod
    M doc/man3/OPENSSL_LH_stats.pod
    M doc/man3/OPENSSL_hexchar2int.pod
    M doc/man3/OSSL_CMP_CTX_new.pod
    M doc/man3/OSSL_CMP_MSG_get0_header.pod
    M doc/man3/OSSL_CMP_log_open.pod
    M doc/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.pod
    M doc/man3/OSSL_DECODER.pod
    M doc/man3/OSSL_DECODER_CTX_new_for_pkey.pod
    M doc/man3/OSSL_ENCODER.pod
    M doc/man3/OSSL_ENCODER_CTX.pod
    M doc/man3/OSSL_ENCODER_CTX_new_for_pkey.pod
    M doc/man3/OSSL_ESS_check_signing_certs.pod
    M doc/man3/OSSL_HTTP_REQ_CTX.pod
    M doc/man3/OSSL_HTTP_parse_url.pod
    M doc/man3/OSSL_PARAM.pod
    M doc/man3/OSSL_PARAM_BLD.pod
    M doc/man3/OSSL_PARAM_int.pod
    M doc/man3/OSSL_STORE_LOADER.pod
    M doc/man3/OSSL_trace_set_channel.pod
    M doc/man3/OpenSSL_version.pod
    M doc/man3/PEM_read_bio_PrivateKey.pod
    M doc/man3/PKCS12_decrypt_skey.pod
    M doc/man3/PKCS12_gen_mac.pod
    M doc/man3/RAND_bytes.pod
    M doc/man3/RSA_get0_key.pod
    M doc/man3/SSL_CONF_cmd.pod
    M doc/man3/SSL_CTX_get0_param.pod
    M doc/man3/SSL_CTX_set1_curves.pod
    M doc/man3/SSL_CTX_set1_verify_cert_store.pod
    M doc/man3/SSL_CTX_set_cert_verify_callback.pod
    M doc/man3/SSL_CTX_set_client_hello_cb.pod
    M doc/man3/SSL_CTX_set_ssl_version.pod
    M doc/man3/SSL_CTX_set_timeout.pod
    M doc/man3/SSL_CTX_set_tmp_dh_callback.pod
    M doc/man3/SSL_CTX_set_verify.pod
    M doc/man3/SSL_set_session.pod
    M doc/man3/SSL_want.pod
    M doc/man3/X509V3_get_d2i.pod
    M doc/man3/X509V3_set_ctx.pod
    M doc/man3/X509_ALGOR_dup.pod
    M doc/man3/X509_STORE_CTX_new.pod
    M doc/man3/X509_VERIFY_PARAM_set_flags.pod
    M doc/man3/X509_add_cert.pod
    M doc/man3/X509_check_host.pod
    M doc/man3/X509_cmp.pod
    M doc/man3/X509_digest.pod
    M doc/man3/X509_dup.pod
    M doc/man3/X509_verify_cert.pod
    M doc/man3/X509v3_get_ext_by_NID.pod
    M doc/man5/config.pod
    M doc/man5/x509v3_config.pod
    M doc/man7/EVP_KDF-SSHKDF.pod
    M doc/man7/EVP_KEYEXCH-DH.pod
    M doc/man7/EVP_KEYEXCH-ECDH.pod
    M doc/man7/EVP_MD-BLAKE2.pod
    M doc/man7/EVP_PKEY-EC.pod
    M doc/man7/bio.pod
    M doc/man7/crypto.pod
    M doc/man7/fips_module.pod
    M doc/man7/life_cycle-pkey.pod
    M doc/man7/migration_guide.pod
    M doc/man7/openssl-glossary.pod
    M doc/man7/provider-kdf.pod
    M doc/man7/provider-keyexch.pod
    M doc/man7/provider-object.pod
    M doc/man7/provider-signature.pod
    M doc/man7/provider.pod
    M engines/e_dasync.c
    M engines/e_devcrypto.c
    M engines/e_loader_attic.c
    M fuzz/asn1.c
    M fuzz/client.c
    M fuzz/fuzz_rand.c
    M include/crypto/aes_platform.h
    M include/crypto/ctype.h
    M include/crypto/dh.h
    M include/crypto/dsa.h
    M include/crypto/evp.h
    M include/crypto/md32_common.h
    M include/crypto/modes.h
    M include/crypto/ppc_arch.h
    M include/crypto/rsa.h
    M include/internal/bio.h
    M include/internal/common.h
    M include/internal/core.h
    M include/internal/cryptlib.h
    M include/internal/der.h
    M include/internal/e_os.h
    M include/internal/ktls.h
    M include/internal/param_build_set.h
    M include/internal/safe_math.h
    M include/internal/sockets.h
    M include/internal/tsan_assist.h
    M include/openssl/async.h
    M include/openssl/bio.h.in
    M include/openssl/bioerr.h
    M include/openssl/bn.h
    M include/openssl/cms.h.in
    M include/openssl/core_dispatch.h
    M include/openssl/crypto.h.in
    M include/openssl/ec.h
    M include/openssl/engine.h
    M include/openssl/evp.h
    M include/openssl/self_test.h
    M include/openssl/ssl.h.in
    M include/openssl/x509.h.in
    M include/openssl/x509v3err.h
    M providers/common/capabilities.c
    M providers/common/include/prov/provider_util.h
    M providers/common/provider_util.c
    M providers/fips/fipsprov.c
    M providers/fips/self_test.c
    M providers/fips/self_test_data.inc
    M providers/implementations/ciphers/cipher_aes_gcm_hw.c
    M providers/implementations/ciphers/cipher_aes_gcm_hw_aesni.inc
    M providers/implementations/ciphers/cipher_aes_gcm_hw_armv8.inc
    M providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc
    M providers/implementations/ciphers/cipher_aes_gcm_hw_vaes_avx512.inc
    M providers/implementations/ciphers/cipher_cts.c
    M providers/implementations/ciphers/cipher_rc4_hmac_md5.c
    M providers/implementations/ciphers/cipher_sm4.h
    M providers/implementations/ciphers/cipher_sm4_gcm_hw.c
    M providers/implementations/ciphers/cipher_sm4_hw.c
    M providers/implementations/ciphers/cipher_tdes.c
    M providers/implementations/ciphers/cipher_tdes_default.c
    M providers/implementations/digests/sha3_prov.c
    M providers/implementations/encode_decode/decode_der2key.c
    M providers/implementations/encode_decode/decode_epki2pki.c
    M providers/implementations/encode_decode/decode_msblob2key.c
    M providers/implementations/encode_decode/decode_pem2der.c
    M providers/implementations/encode_decode/decode_pvk2key.c
    M providers/implementations/encode_decode/encode_key2any.c
    M providers/implementations/encode_decode/encode_key2blob.c
    M providers/implementations/encode_decode/encode_key2ms.c
    M providers/implementations/encode_decode/encode_key2text.c
    M providers/implementations/encode_decode/endecoder_common.c
    M providers/implementations/exchange/dh_exch.c
    M providers/implementations/exchange/ecdh_exch.c
    M providers/implementations/include/prov/ciphercommon.h
    M providers/implementations/include/prov/ciphercommon_aead.h
    M providers/implementations/include/prov/ciphercommon_ccm.h
    M providers/implementations/include/prov/ciphercommon_gcm.h
    M providers/implementations/kdfs/hkdf.c
    M providers/implementations/kdfs/kbkdf.c
    M providers/implementations/kdfs/krb5kdf.c
    M providers/implementations/kdfs/pbkdf1.c
    M providers/implementations/kdfs/pbkdf2.c
    M providers/implementations/kdfs/pkcs12kdf.c
    M providers/implementations/kdfs/pvkkdf.c
    M providers/implementations/kdfs/scrypt.c
    M providers/implementations/kdfs/sshkdf.c
    M providers/implementations/kdfs/sskdf.c
    M providers/implementations/kdfs/tls1_prf.c
    M providers/implementations/kdfs/x942kdf.c
    M providers/implementations/kem/rsa_kem.c
    M providers/implementations/keymgmt/dh_kmgmt.c
    M providers/implementations/keymgmt/dsa_kmgmt.c
    M providers/implementations/keymgmt/ec_kmgmt.c
    M providers/implementations/keymgmt/ecx_kmgmt.c
    M providers/implementations/keymgmt/kdf_legacy_kmgmt.c
    M providers/implementations/keymgmt/mac_legacy_kmgmt.c
    M providers/implementations/keymgmt/rsa_kmgmt.c
    M providers/implementations/macs/cmac_prov.c
    M providers/implementations/macs/gmac_prov.c
    M providers/implementations/macs/hmac_prov.c
    M providers/implementations/macs/poly1305_prov.c
    M providers/implementations/macs/siphash_prov.c
    M providers/implementations/rands/crngt.c
    M providers/implementations/rands/drbg.c
    M providers/implementations/rands/drbg_ctr.c
    M providers/implementations/rands/seeding/rand_unix.c
    M providers/implementations/rands/seeding/rand_vms.c
    M providers/implementations/signature/rsa_sig.c
    M providers/implementations/signature/sm2_sig.c
    M providers/implementations/storemgmt/file_store.c
    M providers/legacyprov.c
    M ssl/d1_lib.c
    M ssl/ktls.c
    M ssl/record/rec_layer_s3.c
    M ssl/record/ssl3_record.c
    M ssl/s3_lib.c
    M ssl/ssl_cert.c
    M ssl/ssl_conf.c
    M ssl/ssl_err.c
    M ssl/ssl_init.c
    M ssl/ssl_lib.c
    M ssl/ssl_local.h
    M ssl/ssl_rsa.c
    M ssl/ssl_sess.c
    M ssl/ssl_txt.c
    M ssl/statem/extensions.c
    M ssl/statem/extensions_clnt.c
    M ssl/statem/extensions_srvr.c
    M ssl/statem/statem.c
    M ssl/statem/statem_clnt.c
    M ssl/statem/statem_dtls.c
    M ssl/statem/statem_lib.c
    M ssl/statem/statem_local.h
    M ssl/statem/statem_srvr.c
    M ssl/t1_enc.c
    M ssl/t1_lib.c
    M ssl/tls13_enc.c
    M test/asynctest.c
    M test/bio_enc_test.c
    M test/bntest.c
    M test/cmp_client_test.c
    M test/cmp_vfy_test.c
    M test/cmsapitest.c
    M test/context_internal_test.c
    M test/crltest.c
    M test/ct_test.c
    M test/dhtest.c
    M test/dtls_mtu_test.c
    M test/endecode_test.c
    M test/enginetest.c
    M test/evp_extra_test.c
    M test/evp_extra_test2.c
    M test/evp_fetch_prov_test.c
    M test/evp_libctx_test.c
    M test/evp_pkey_dparams_test.c
    M test/evp_pkey_provided_test.c
    M test/evp_test.c
    M test/helpers/handshake.c
    M test/helpers/handshake_srp.c
    M test/helpers/predefined_dhparams.c
    M test/helpers/predefined_dhparams.h
    M test/helpers/ssl_test_ctx.c
    M test/helpers/ssltestlib.c
    M test/mdc2test.c
    M test/p_test.c
    M test/param_build_test.c
    M test/params_api_test.c
    M test/params_conversion_test.c
    M test/params_test.c
    M test/provfetchtest.c
    M test/provider_test.c
    M test/rdcpu_sanitytest.c
    M test/recipes/02-test_localetest.t
    M test/recipes/03-test_fipsinstall.t
    M test/recipes/04-test_bio_tfo.t
    M test/recipes/10-test_bn_data/bnmod.txt
    M test/recipes/15-test_ecparam.t
    M test/recipes/15-test_gendhparam.t
    M test/recipes/15-test_genrsa.t
    M test/recipes/15-test_rsapss.t
    M test/recipes/20-test_dgst.t
    M test/recipes/25-test_pkcs7.t
    M test/recipes/25-test_req.t
    M test/recipes/30-test_evp_data/evpciph_aes_ccm_cavs.txt
    M test/recipes/30-test_evp_data/evpciph_des3_common.txt
    M test/recipes/30-test_evp_data/evpmac_poly1305.txt
    M test/recipes/30-test_evp_data/evppkey_ffdhe.txt
    M test/recipes/70-test_sslrecords.t
    M test/recipes/70-test_tls13hrr.t
    M test/recipes/70-test_verify_extra.t
    M test/recipes/80-test_cms.t
    M test/recipes/80-test_cmsapi.t
    M test/recipes/80-test_ocsp.t
    M test/recipes/80-test_pkcs12.t
    M test/recipes/80-test_ssl_old.t
    M test/recipes/90-test_sslapi.t
    M test/recipes/90-test_threads.t
    M test/recipes/95-test_external_tlsfuzzer.t
    M test/run_tests.pl
    M test/safe_math_test.c
    M test/sanitytest.c
    M test/secmemtest.c
    M test/siphash_internal_test.c
    M test/ssl-tests/28-seclevel.cnf.in
    M test/ssl_old_test.c
    M test/sslapitest.c
    M test/threadstest.c
    M test/tls-provider.c
    M test/upcallstest.c
    M test/v3nametest.c
    M test/verify_extra_test.c
    M tools/c_rehash.in
    M util/add-depends.pl
    M util/perl/OpenSSL/config.pm
    M util/perl/OpenSSL/copyright.pm

  Log Message:
  -----------
  Update copyright year

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Release: yes


  Commit: cac250755efd0c40cc6127a0e4baceb8d226c7e3
      https://github.openssl.org/openssl/openssl/commit/cac250755efd0c40cc6127a0e4baceb8d226c7e3
  Author: Tomas Mraz <tomas at openssl.org>
  Date:   2022-05-03 (Tue, 03 May 2022)

  Changed paths:
    M CHANGES.md

  Log Message:
  -----------
  CHANGES.md: Attribute the OPENSSL_LH_flush() fix properly

Reviewed-by: Matt Caswell <matt at openssl.org>
Release: yes


Compare: https://github.openssl.org/openssl/openssl/compare/b1b2146ded9c...cac250755efd


More information about the openssl-commits mailing list