This can be reproduced with my error injection patch.

The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.

$ ERROR_INJECT=1656112173 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/fe543a8d7e09109a9a08114323eefec802ad79e2
    #0 0x7fb61945eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
    #1 0x402f84 in my_malloc fuzz/test-corpus.c:114
    #2 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
    #3 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280
    #4 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304
    #5 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454
    #6 0x7fb618e7aa13 in asn1_string_to_bn crypto/asn1/a_int.c:503
    #7 0x7fb618e7aa13 in ASN1_INTEGER_to_BN crypto/asn1/a_int.c:559
    #8 0x7fb618fd8e79 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:814
    #9 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
    #10 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
    #11 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
    #12 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
    #13 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
    #14 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
    #15 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
    #16 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
    #17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
    #18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
    #19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
    #20 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
    #21 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
    #22 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
    #23 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
    #24 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
    #25 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
    #26 0x402afb in testfile fuzz/test-corpus.c:182
    #27 0x402656 in main fuzz/test-corpus.c:226
    #28 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
    #29 0x402756  (/home/ed/OPC/openssl/fuzz/x509-test+0x402756)

=================================================================
==12221==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 24 byte(s) in 1 object(s) allocated from:
    #0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
    #1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
    #2 0x7fb618ef5f11 in BN_new crypto/bn/bn_lib.c:246
    #3 0x7fb618ef82f4 in BN_bin2bn crypto/bn/bn_lib.c:440
    #4 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618
    #5 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
    #6 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
    #7 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
    #8 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
    #9 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
    #10 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
    #11 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
    #12 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
    #13 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
    #14 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
    #15 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
    #16 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
    #17 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
    #18 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
    #19 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
    #20 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
    #21 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
    #22 0x402afb in testfile fuzz/test-corpus.c:182
    #23 0x402656 in main fuzz/test-corpus.c:226
    #24 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

Indirect leak of 56 byte(s) in 1 object(s) allocated from:
    #0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
    #1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
    #2 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280
    #3 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304
    #4 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454
    #5 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618
    #6 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
    #7 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
    #8 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
    #9 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
    #10 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
    #11 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
    #12 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
    #13 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
    #14 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
    #15 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
    #16 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
    #17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
    #18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
    #19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
    #20 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
    #21 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
    #22 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
    #23 0x402afb in testfile fuzz/test-corpus.c:182
    #24 0x402656 in main fuzz/test-corpus.c:226
    #25 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

SUMMARY: AddressSanitizer: 80 byte(s) leaked in 2 allocation(s).

Reviewed-by: Tomas Mraz <[email protected]>
Reviewed-by: Kurt Roeckx <[email protected]>
(Merged from #18632)

commit 29708a5
Author: Richard Levitte <[email protected]>
Date:   Tue Jul 5 11:08:33 2022 +0200

    Prepare for 1.1.1q release

    Reviewed-by: Paul Dale <[email protected]>
    Release: yes

commit 95a17c0
Author: Richard Levitte <[email protected]>
Date:   Tue Jul 5 10:33:00 2022 +0200

    Update copyright year

    Reviewed-by: Paul Dale <[email protected]>
    Release: yes

commit 78ba51a
Author: Richard Levitte <[email protected]>
Date:   Tue Jul 5 10:25:00 2022 +0200

    Update CHANGES and NEWS for upcoming release 1.1.1q

    Reviewed-by: Paul Dale <[email protected]>
    Release: yes

commit 9131afd
Author: Alex Chernyakhovsky <[email protected]>
Date:   Thu Jun 16 12:02:37 2022 +1000

    AES OCB test vectors

    Add test vectors for AES OCB for x86 AES-NI multiple of 96 byte issue.

    Co-authored-by: Alejandro Sedeño <[email protected]>
    Co-authored-by: David Benjamin <[email protected]>

    Reviewed-by: Paul Dale <[email protected]>
    Reviewed-by: Tomas Mraz <[email protected]>

commit 9199256
Author: Alex Chernyakhovsky <[email protected]>
Date:   Thu Jun 16 12:00:22 2022 +1000

    Fix AES OCB encrypt/decrypt for x86 AES-NI

    aesni_ocb_encrypt and aesni_ocb_decrypt operate by having a fast-path
    that performs operations on 6 16-byte blocks concurrently (the
    "grandloop") and then proceeds to handle the "short" tail (which can
    be anywhere from 0 to 5 blocks) that remain.

    As part of initialization, the assembly initializes $len to the true
    length, less 96 bytes and converts it to a pointer so that the $inp
    can be compared to it. Each iteration of "grandloop" checks to see if
    there's a full 96-byte chunk to process, and if so, continues. Once
    this has been exhausted, it falls through to "short", which handles
    the remaining zero to five blocks.

    Unfortunately, the jump at the end of "grandloop" had a fencepost
    error, doing a `jb` ("jump below") rather than `jbe` (jump below or
    equal). This should be `jbe`, as $inp is pointing to the *end* of the
    chunk currently being handled. If $inp == $len, that means that
    there's a whole 96-byte chunk waiting to be handled. If $inp > $len,
    then there's 5 or fewer 16-byte blocks left to be handled, and the
    fall-through is intended.

    The net effect of `jb` instead of `jbe` is that the last 16-byte block
    of the last 96-byte chunk was completely omitted. The contents of
    `out` in this position were never written to. Additionally, since
    those bytes were never processed, the authentication tag generated is
    also incorrect.

    The same fencepost error, and identical logic, exists in both
    aesni_ocb_encrypt and aesni_ocb_decrypt.

    This addresses CVE-2022-2097.

    Co-authored-by: Alejandro Sedeño <[email protected]>
    Co-authored-by: David Benjamin <[email protected]>

    Reviewed-by: Paul Dale <[email protected]>
    Reviewed-by: Tomas Mraz <[email protected]>

commit 6495cab
Author: slontis <[email protected]>
Date:   Fri Jul 1 13:47:11 2022 +1000

    Fix bn_gcd code to check return value when calling BN_one()

    BN_one() uses the expand function which calls malloc which may fail.
    All other places that reference BN_one() check the return value.

    The issue is triggered by a memory allocation failure.
    Detected by PR openssl#18355

    Reviewed-by: Tomas Mraz <[email protected]>
    Reviewed-by: Paul Dale <[email protected]>
    (Merged from openssl#18697)

    (cherry picked from commit 7fe7cc5)

commit 7a05fcb
Author: xkernel <[email protected]>
Date:   Mon Jun 20 17:46:39 2022 +0800

    v3_sxnet: add a check for the return of i2s_ASN1_INTEGER()

    Reviewed-by: Matt Caswell <[email protected]>
    Reviewed-by: Ben Kaduk <[email protected]>
    (Merged from openssl#18608)

    (cherry picked from commit 9ef1f84)

commit a1d80ed
Author: Matt Caswell <[email protected]>
Date:   Fri Jun 10 15:58:58 2022 +0100

    Fix range_should_be_prefix() to actually return the correct result

    range_should_be_prefix() was misidentifying whether an IP address range
    should in fact be represented as a prefix. This was due to a bug introduced
    in commit 42d7d7d which made this incorrect change:

    -    OPENSSL_assert(memcmp(min, max, length) <= 0);
    +    if (memcmp(min, max, length) <= 0)
    +        return -1;

    This error leads to incorrect DER being encoded/accepted.

    Reported by Theo Buehler (@botovq)

    Reviewed-by: Paul Dale <[email protected]>
    Reviewed-by: Tomas Mraz <[email protected]>
    (Merged from openssl#18524)

    (cherry picked from commit 30532e5)
    (cherry picked from commit 2c6550c)

commit 4c1cf6d
Author: Bernd Edlinger <[email protected]>
Date:   Fri Jun 17 10:25:24 2022 +0200

    Fix compile issues in test/v3ext.c with no-rfc3779

    There are no ASIdentifiers if OPENSSL_NO_RFC3779 is defined,
    therefore the test cannot be compiled.

    Reviewed-by: Matt Caswell <[email protected]>
    Reviewed-by: Tomas Mraz <[email protected]>
    Reviewed-by: Paul Dale <[email protected]>
    (Merged from openssl#18634)

    (cherry picked from commit b76efe6)
    (cherry picked from commit 665ab12)

commit 8825732
Author: olszomal <[email protected]>
Date:   Fri Jun 17 15:01:11 2022 +0200

    SSL_get_current_cipher() and SSL_get_pending_cipher() return 'const SSL_CIPHER *'

    Fix the documentation.

    CLA: trivial

    Reviewed-by: Matt Caswell <[email protected]>
    Reviewed-by: Todd Short <[email protected]>
    Reviewed-by: Paul Dale <[email protected]>
    Reviewed-by: Tomas Mraz <[email protected]>
    (Merged from openssl#18599)

    (cherry picked from commit d842b6e)

commit 6c8879c
Author: Bernd Edlinger <[email protected]>
Date:   Wed Jun 22 17:05:55 2022 +0200

    Fix a memory leak in EC_GROUP_new_from_ecparameters

    This can be reproduced with my error injection patch.

    The test vector has been validated on the 1.1.1 branch
    but the issue is of course identical in all branches.

    $ ERROR_INJECT=1656112173 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/fe543a8d7e09109a9a08114323eefec802ad79e2
        #0 0x7fb61945eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
        #1 0x402f84 in my_malloc fuzz/test-corpus.c:114
        #2 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
        #3 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280
        #4 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304
        #5 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454
        #6 0x7fb618e7aa13 in asn1_string_to_bn crypto/asn1/a_int.c:503
        #7 0x7fb618e7aa13 in ASN1_INTEGER_to_BN crypto/asn1/a_int.c:559
        #8 0x7fb618fd8e79 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:814
        #9 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
        #10 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
        #11 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
        #12 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
        openssl#13 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
        openssl#14 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
        openssl#15 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
        openssl#16 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
        openssl#17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
        openssl#18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
        openssl#19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
        openssl#20 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
        openssl#21 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
        openssl#22 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
        openssl#23 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
        openssl#24 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
        openssl#25 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
        openssl#26 0x402afb in testfile fuzz/test-corpus.c:182
        openssl#27 0x402656 in main fuzz/test-corpus.c:226
        openssl#28 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
        openssl#29 0x402756  (/home/ed/OPC/openssl/fuzz/x509-test+0x402756)

    =================================================================
    ==12221==ERROR: LeakSanitizer: detected memory leaks

    Direct leak of 24 byte(s) in 1 object(s) allocated from:
        #0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
        #1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
        #2 0x7fb618ef5f11 in BN_new crypto/bn/bn_lib.c:246
        #3 0x7fb618ef82f4 in BN_bin2bn crypto/bn/bn_lib.c:440
        #4 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618
        #5 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
        #6 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
        #7 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
        #8 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
        #9 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
        #10 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
        #11 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
        #12 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
        openssl#13 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
        openssl#14 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
        openssl#15 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
        openssl#16 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
        openssl#17 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
        openssl#18 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
        openssl#19 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
        openssl#20 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
        openssl#21 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
        openssl#22 0x402afb in testfile fuzz/test-corpus.c:182
        openssl#23 0x402656 in main fuzz/test-corpus.c:226
        openssl#24 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

    Indirect leak of 56 byte(s) in 1 object(s) allocated from:
        #0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
        #1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
        #2 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280
        #3 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304
        #4 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454
        #5 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618
        #6 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
        #7 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
        #8 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
        #9 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
        #10 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
        #11 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
        #12 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
        openssl#13 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
        openssl#14 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
        openssl#15 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
        openssl#16 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
        openssl#17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
        openssl#18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
        openssl#19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
        openssl#20 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
        openssl#21 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
        openssl#22 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
        openssl#23 0x402afb in testfile fuzz/test-corpus.c:182
        openssl#24 0x402656 in main fuzz/test-corpus.c:226
        openssl#25 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

    SUMMARY: AddressSanitizer: 80 byte(s) leaked in 2 allocation(s).

    Reviewed-by: Tomas Mraz <[email protected]>
    Reviewed-by: Kurt Roeckx <[email protected]>
    (Merged from openssl#18632)

commit 7f77ecd
Author: Matt Caswell <[email protected]>
Date:   Tue Jun 21 14:39:48 2022 +0100

    Prepare for 1.1.1q-dev

    Reviewed-by: Richard Levitte <[email protected]>
    Release: yes

commit 8aaca20
Author: Matt Caswell <[email protected]>
Date:   Tue Jun 21 14:39:39 2022 +0100

    Prepare for 1.1.1p release

    Reviewed-by: Richard Levitte <[email protected]>
    Release: yes

commit a3fc812
Author: Matt Caswell <[email protected]>
Date:   Tue Jun 21 14:07:32 2022 +0100

    Update copyright year

    Reviewed-by: Richard Levitte <[email protected]>
    Release: yes

commit 51e0652
Author: Matt Caswell <[email protected]>
Date:   Mon Jun 20 14:14:20 2022 +0100

    Update CHANGES and NEWS for new release

    Reviewed-by: Tomas Mraz <[email protected]>
    Release: yes

commit 9639817
Author: Daniel Fiala <[email protected]>
Date:   Sun May 29 20:11:24 2022 +0200

    Fix file operations in c_rehash.

    CVE-2022-2068

    Reviewed-by: Matt Caswell <[email protected]>
    Reviewed-by: Richard Levitte <[email protected]>

commit 20af01d
Author: Fraser Tweedale <[email protected]>
Date:   Wed Jun 15 10:50:57 2022 +1000

    Fix documentation of BIO_FLAGS_BASE64_NO_NL

    Commit 8bfb750 updated
    `BIO_f_base64(3)` to improve the documentation of the
    `BIO_FLAGS_BASE64_NO_NL` flag.  In particular, the updated text
    states that when this flag is used, all newlines in the input are
    ignored.  This is incorrect, as the following program proves:

    ```c

    unsigned char *in_buf =
        "IlRoZSBxdWljayBicm93biBmb3gganVt\ncHMgb3ZlciBhIGxhenkgZG9nLiI=\n";

    int main(int argc, char **argv) {
        BIO *b64 = BIO_new(BIO_f_base64());
        if (b64 == NULL) return 1;
        BIO_set_flags(b64, BIO_get_flags(b64) | BIO_FLAGS_BASE64_NO_NL);
        int in_len = strlen(in_buf);
        BIO *in = BIO_new_mem_buf(in_buf, in_len);
        if (in == NULL) return 2;
        in = BIO_push(b64, in);
        unsigned char *out_buf = calloc(in_len, sizeof(unsigned char));
        if (out_buf == NULL) return 3;
        size_t out_len;
        int r = BIO_read_ex(in, out_buf, in_len, &out_len);
        printf("rv = %d\n", r);
        printf("decoded = %s\n", out_buf);
        return 0;
    }
    ```

    Update the text of `BIO_f_base64(3)` to clarify that when the flag
    is set, the data must be all on one line (with or without a trailing
    newline character).

    Signed-off-by: Fraser Tweedale <[email protected]>

    Reviewed-by: Paul Dale <[email protected]>
    Reviewed-by: Tomas Mraz <[email protected]>
    (Merged from openssl#18568)

    (cherry picked from commit 0edcbac)

commit 8438d3a
Author: Tomas Mraz <[email protected]>
Date:   Thu Jun 9 16:20:05 2022 +0200

    Add an extra reduction step to RSAZ mod_exp implementations

    Inspired by BoringSSL fix by David Benjamin.

    Reviewed-by: Matt Caswell <[email protected]>
    Reviewed-by: Paul Dale <[email protected]>
    (Merged from openssl#18511)

commit 0ed27fb
Author: Tomas Mraz <[email protected]>
Date:   Thu Jun 9 12:34:55 2022 +0200

    Always end BN_mod_exp_mont_consttime with normal Montgomery reduction.

    This partially fixes a bug where, on x86_64, BN_mod_exp_mont_consttime
    would sometimes return m, the modulus, when it should have returned
    zero. Thanks to Guido Vranken for reporting it. It is only a partial fix
    because the same bug also exists in the "rsaz" codepath.

    The bug only affects zero outputs (with non-zero inputs), so we believe
    it has no security impact on our cryptographic functions.

    The fx is to delete lowercase bn_from_montgomery altogether, and have the
    mont5 path use the same BN_from_montgomery ending as the non-mont5 path.
    This only impacts the final step of the whole exponentiation and has no
    measurable perf impact.

    See the original BoringSSL commit
    https://boringssl.googlesource.com/boringssl/+/13c9d5c69d04485a7a8840c12185c832026c8315
    for further analysis.

    Original-author: David Benjamin <[email protected]>

    Reviewed-by: Matt Caswell <[email protected]>
    Reviewed-by: Paul Dale <[email protected]>
    (Merged from openssl#18511)

commit 8f07881
Author: Matt Caswell <[email protected]>
Date:   Thu Jun 9 16:57:30 2022 +0100

    Fix a crash in X509v3_asid_subset()

    If the asnum or rdi fields are NULL and the ASIdentifiers are otherwise
    subsets then this will result in a crash. Of note is that rdi will usually
    be NULL.

    Reported by Theo Buehler (@botovq)

    Reviewed-by: Tomas Mraz <[email protected]>
    Reviewed-by: Paul Yang <[email protected]>
    Reviewed-by: Todd Short <[email protected]>
    (Merged from openssl#18514)

    (cherry picked from commit 01fc9b6)

commit ab7d056
Author: Tomas Mraz <[email protected]>
Date:   Thu Jun 2 18:12:05 2022 +0200

    Update further expiring certificates that affect tests

    Namely the smime certificates used in test_cms
    will expire soon and affect tests.

    Fixes openssl#15179

    Reviewed-by: Dmitry Belyavskiy <[email protected]>
    Reviewed-by: Paul Dale <[email protected]>
    (Merged from openssl#18481)

commit 3bd9765
Author: Tomas Mraz <[email protected]>
Date:   Tue Mar 29 13:31:34 2022 +0200

    Fix strict client chain check with TLS-1.3

    When TLS-1.3 is used and the server does not send any CA names
    the ca_dn will be NULL. sk_X509_NAME_num() returns -1 on null
    argument.

    Reviewed-by: Todd Short <[email protected]>
    Reviewed-by: Matt Caswell <[email protected]>
    (Merged from openssl#17986)

    (cherry picked from commit 89dd854)

commit b7ce611
Author: Tomas Mraz <[email protected]>
Date:   Wed Jun 1 13:06:46 2022 +0200

    ct_test.c: Update the epoch time

    Reviewed-by: Matt Caswell <[email protected]>
    Reviewed-by: Dmitry Belyavskiy <[email protected]>
    (Merged from openssl#18446)

commit 73db5d8
Author: Tomas Mraz <[email protected]>
Date:   Wed Jun 1 12:47:44 2022 +0200

    Update expired SCT certificates

    Reviewed-by: Matt Caswell <[email protected]>
    Reviewed-by: Dmitry Belyavskiy <[email protected]>
    (Merged from openssl#18446)

commit 8754fa5
Author: Bernd Edlinger <[email protected]>
Date:   Sat May 21 07:50:46 2022 +0200

    Fix a memory leak in crl_set_issuers

    This can be reproduced with my error injection patch.

    The test vector has been validated on the 1.1.1 branch
    but the issue is of course identical in all branches.

    $ ERROR_INJECT=1653520461 ../util/shlib_wrap.sh ./cms-test ./corpora/cms/3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1
    log file: cms-3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1-32454-test.out
    ERROR_INJECT=1653520461
        #0 0x7fd5d8b8eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
        #1 0x402fc4 in my_realloc fuzz/test-corpus.c:129
        #2 0x7fd5d8893c49 in sk_reserve crypto/stack/stack.c:198
        #3 0x7fd5d8893c49 in OPENSSL_sk_insert crypto/stack/stack.c:242
        #4 0x7fd5d88d6d7f in sk_GENERAL_NAMES_push include/openssl/x509v3.h:168
        #5 0x7fd5d88d6d7f in crl_set_issuers crypto/x509/x_crl.c:111
        #6 0x7fd5d88d6d7f in crl_cb crypto/x509/x_crl.c:246
        #7 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
        #8 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
        #9 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
        #10 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
        #11 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
        #12 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
        openssl#13 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
        openssl#14 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
        openssl#15 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
        openssl#16 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
        openssl#17 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
        openssl#18 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
        openssl#19 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
        openssl#20 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
        openssl#21 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
        openssl#22 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
        openssl#23 0x402845 in FuzzerTestOneInput fuzz/cms.c:43
        openssl#24 0x402bbb in testfile fuzz/test-corpus.c:182
        openssl#25 0x402626 in main fuzz/test-corpus.c:226
        openssl#26 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
        openssl#27 0x402706  (/home/ed/OPC/openssl/fuzz/cms-test+0x402706)

    =================================================================
    ==29625==ERROR: LeakSanitizer: detected memory leaks

    Direct leak of 32 byte(s) in 1 object(s) allocated from:
        #0 0x7fd5d8b8309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
        #1 0x7fd5d87c2430 in CRYPTO_zalloc crypto/mem.c:230
        #2 0x7fd5d889501f in OPENSSL_sk_new_reserve crypto/stack/stack.c:209
        #3 0x7fd5d85dcbc3 in sk_ASN1_VALUE_new_null include/openssl/asn1t.h:928
        #4 0x7fd5d85dcbc3 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:577
        #5 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
        #6 0x7fd5d85db104 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:178
        #7 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
        #8 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
        #9 0x7fd5d88f86d9 in X509V3_EXT_d2i crypto/x509v3/v3_lib.c:142
        #10 0x7fd5d88d6d3c in crl_set_issuers crypto/x509/x_crl.c:97
        #11 0x7fd5d88d6d3c in crl_cb crypto/x509/x_crl.c:246
        #12 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
        openssl#13 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
        openssl#14 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
        openssl#15 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
        openssl#16 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
        openssl#17 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
        openssl#18 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
        openssl#19 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
        openssl#20 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
        openssl#21 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
        openssl#22 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
        openssl#23 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
        openssl#24 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
        openssl#25 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
        openssl#26 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
        openssl#27 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
        openssl#28 0x402845 in FuzzerTestOneInput fuzz/cms.c:43
        openssl#29 0x402bbb in testfile fuzz/test-corpus.c:182
        openssl#30 0x402626 in main fuzz/test-corpus.c:226
        openssl#31 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

    SUMMARY: AddressSanitizer: 32 byte(s) leaked in 1 allocation(s).

    Reviewed-by: Paul Dale <[email protected]>
    Reviewed-by: Tomas Mraz <[email protected]>
    (Merged from openssl#18391)

    (cherry picked from commit e9007e0)

commit 4a28f84
Author: Bernd Edlinger <[email protected]>
Date:   Sun May 22 20:12:56 2022 +0200

    Fix a crash in ssl_security_cert_chain

    Prior to the crash there is an out of memory error
    in X509_verify_cert which makes the chain NULL or
    empty.  The error is ignored by ssl_add_cert_chain,
    and ssl_security_cert_chain crashes due to the
    unchecked null pointer.

    This is reproducible with my error injection patch.

    The test vector has been validated on the 1.1.1 branch
    but the issue is of course identical in all branches.

    $ ERROR_INJECT=1652848273 ../util/shlib_wrap.sh ./server-test ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8# ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8
        #0 0x7f3a8f766eba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
        #1 0x403ba4 in my_malloc fuzz/test-corpus.c:114
        #2 0x7f3a8f39a430 in CRYPTO_zalloc crypto/mem.c:230
        #3 0x7f3a8f46bd3b in sk_reserve crypto/stack/stack.c:180
        #4 0x7f3a8f46bd3b in OPENSSL_sk_insert crypto/stack/stack.c:242
        #5 0x7f3a8f4a4fd8 in sk_X509_push include/openssl/x509.h:99
        #6 0x7f3a8f4a4fd8 in X509_verify_cert crypto/x509/x509_vfy.c:286
        #7 0x7f3a8fed726e in ssl_add_cert_chain ssl/statem/statem_lib.c:959
        #8 0x7f3a8fed726e in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015
        #9 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812
        #10 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843
        #11 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443
        #12 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718
        openssl#13 0x403202 in FuzzerTestOneInput fuzz/server.c:740
        openssl#14 0x40371b in testfile fuzz/test-corpus.c:182
        openssl#15 0x402856 in main fuzz/test-corpus.c:226
        openssl#16 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
        openssl#17 0x402936  (/home/ed/OPC/openssl/fuzz/server-test+0x402936)

    AddressSanitizer:DEADLYSIGNAL
    =================================================================
    ==8400==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000158 (pc 0x7f3a8f4d822f bp 0x7ffc39b76190 sp 0x7ffc39b760a0 T0)
    ==8400==The signal is caused by a READ memory access.
    ==8400==Hint: address points to the zero page.
        #0 0x7f3a8f4d822f in x509v3_cache_extensions crypto/x509v3/v3_purp.c:386
        #1 0x7f3a8f4d9d3a in X509_check_purpose crypto/x509v3/v3_purp.c:84
        #2 0x7f3a8f4da02a in X509_get_extension_flags crypto/x509v3/v3_purp.c:921
        #3 0x7f3a8feff7d2 in ssl_security_cert_sig ssl/t1_lib.c:2518
        #4 0x7f3a8feff7d2 in ssl_security_cert ssl/t1_lib.c:2542
        #5 0x7f3a8feffa03 in ssl_security_cert_chain ssl/t1_lib.c:2562
        #6 0x7f3a8fed728d in ssl_add_cert_chain ssl/statem/statem_lib.c:963
        #7 0x7f3a8fed728d in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015
        #8 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812
        #9 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843
        #10 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443
        #11 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718
        #12 0x403202 in FuzzerTestOneInput fuzz/server.c:740
        openssl#13 0x40371b in testfile fuzz/test-corpus.c:182
        openssl#14 0x402856 in main fuzz/test-corpus.c:226
        openssl#15 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
        openssl#16 0x402936  (/home/ed/OPC/openssl/fuzz/server-test+0x402936)

    AddressSanitizer can not provide additional info.
    SUMMARY: AddressSanitizer: SEGV crypto/x509v3/v3_purp.c:386 in x509v3_cache_extensions
    ==8400==ABORTING

    Reviewed-by: Tomas Mraz <[email protected]>
    Reviewed-by: Matt Caswell <[email protected]>
    (Merged from openssl#18376)

    (cherry picked from commit dc0ef29)

commit 59b8eca
Author: Bernd Edlinger <[email protected]>
Date:   Sat May 21 15:41:46 2022 +0200

    Fix a memory leak in X509_issuer_and_serial_hash

    This is reproducible with my error injection patch:

    $ ERROR_INJECT=1653267699 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/5f4034ae85d6587dcad4da3e812e80f3d312894d
    ERROR_INJECT=1653267699
        #0 0x7fd485a6ad4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36
        #1 0x55c12d268724 in my_malloc fuzz/test-corpus.c:114
        #2 0x7fd484f51a75 in CRYPTO_zalloc crypto/mem.c:230
        #3 0x7fd484ed778d in EVP_DigestInit_ex crypto/evp/digest.c:139
        #4 0x7fd4850a9849 in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:44
        #5 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44
        #6 0x55c12d268239 in testfile fuzz/test-corpus.c:182
        #7 0x55c12d267c7f in main fuzz/test-corpus.c:226
        #8 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308
        #9 0x55c12d267e5d in _start (/home/ed/OPCToolboxV5/Source/Core/OpenSSL/openssl/fuzz/x509-test+0x3e5d)

    =================================================================
    ==1058475==ERROR: LeakSanitizer: detected memory leaks

    Direct leak of 268 byte(s) in 1 object(s) allocated from:
        #0 0x7fd485a5dc3e in __interceptor_realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:163
        #1 0x7fd484d2eb9b in BUF_MEM_grow crypto/buffer/buffer.c:97
        #2 0x7fd4850b2913 in X509_NAME_oneline crypto/x509/x509_obj.c:43
        #3 0x7fd4850a982f in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:41
        #4 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44
        #5 0x55c12d268239 in testfile fuzz/test-corpus.c:182
        #6 0x55c12d267c7f in main fuzz/test-corpus.c:226
        #7 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308

    SUMMARY: AddressSanitizer: 268 byte(s) leaked in 1 allocation(s).

    Reviewed-by: Tomas Mraz <[email protected]>
    Reviewed-by: Matt Caswell <[email protected]>
    (Merged from openssl#18370)

commit e4b84b7
Author: Bernd Edlinger <[email protected]>
Date:   Fri May 20 16:54:41 2022 +0200

    Fix undefined behaviour in EC_GROUP_new_from_ecparameters

    This happens for instance with
    fuzz/corpora/asn1/65cf44e85614c62f10cf3b7a7184c26293a19e4a
    and causes the OPENSSL_malloc below to choke on the
    zero length allocation request.

    Reviewed-by: Matt Caswell <[email protected]>
    Reviewed-by: Tomas Mraz <[email protected]>
    (Merged from openssl#18363)

commit 8e1ece2
Author: Bernd Edlinger <[email protected]>
Date:   Fri May 20 16:15:44 2022 +0200

    Fix a memory leak in ec_key_simple_oct2priv

    This is reproducible with my error injection patch:

    $ ERROR_INJECT=1652710284 ../util/shlib_wrap.sh ./server-test ./corpora/server/4e48da8aecce6b9b58e8e4dbbf0523e6d2dd56dc
    140587884632000:error:03078041:bignum routines:bn_expand_internal:malloc failure:crypto/bn/bn_lib.c:282:
    140587884632000:error:10103003:elliptic curve routines:ec_key_simple_oct2priv:BN lib:crypto/ec/ec_key.c:662:
    140587884632000:error:100DE08E:elliptic curve routines:old_ec_priv_decode:decode error:crypto/ec/ec_ameth.c:464:
    140587884632000:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1149:
    140587884632000:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:309:Type=X509_ALGOR
    140587884632000:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:Field=pkeyalg, Type=PKCS8_PRIV_KEY_INFO
    140587884632000:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:crypto/pem/pem_pkey.c:88:

    =================================================================
    ==19676==ERROR: LeakSanitizer: detected memory leaks

    Direct leak of 24 byte(s) in 1 object(s) allocated from:
        #0 0x7fdd2a6bb09f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
        #1 0x7fdd2a2fa430 in CRYPTO_zalloc crypto/mem.c:230
        #2 0x7fdd2a15df11 in BN_new crypto/bn/bn_lib.c:246
        #3 0x7fdd2a15df88 in BN_secure_new crypto/bn/bn_lib.c:257
        #4 0x7fdd2a247390 in ec_key_simple_oct2priv crypto/ec/ec_key.c:655
        #5 0x7fdd2a241fc5 in d2i_ECPrivateKey crypto/ec/ec_asn1.c:1030
        #6 0x7fdd2a23dac5 in old_ec_priv_decode crypto/ec/ec_ameth.c:463
        #7 0x7fdd2a109db7 in d2i_PrivateKey crypto/asn1/d2i_pr.c:46
        #8 0x7fdd2a33ab16 in PEM_read_bio_PrivateKey crypto/pem/pem_pkey.c:84
        #9 0x7fdd2a3330b6 in PEM_read_bio_ECPrivateKey crypto/pem/pem_all.c:151
        #10 0x402dba in FuzzerTestOneInput fuzz/server.c:592
        #11 0x40370b in testfile fuzz/test-corpus.c:182
        #12 0x402846 in main fuzz/test-corpus.c:226
        openssl#13 0x7fdd297b9f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

    SUMMARY: AddressSanitizer: 24 byte(s) leaked in 1 allocation(s).

    Reviewed-by: Tomas Mraz <[email protected]>
    Reviewed-by: Matt Caswell <[email protected]>
    (Merged from openssl#18361)

commit 8e60f41
Author: Bernd Edlinger <[email protected]>
Date:   Fri May 20 08:02:47 2022 +0200

    Fix a crash in asn1_item_embed_new

    This happens usually if an template object is created
    and there is an out of memory error before the ASN1_OP_NEW_POST
    method is called, but asn1_item_embed_free calls now the
    ASN1_OP_FREE_POST which may crash because the object is not
    properly initialized.  Apparently that is only an issue with
    the ASN1_OP_FREE_POST handling of crypot/x509/x_crl.c, which
    ought to be tolerant to incomplete initialized objects.

    The error can be reproduced with the reproducible error injection patch:

    $ ERROR_INJECT=1652890550 ../util/shlib_wrap.sh ./asn1-test ./corpora/asn1/0ff17293911f54d1538b9896563a4048d67d9ee4
        #0 0x7faae9dbeeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
        #1 0x408dc4 in my_malloc fuzz/test-corpus.c:114
        #2 0x7faae99f2430 in CRYPTO_zalloc crypto/mem.c:230
        #3 0x7faae97f09e5 in ASN1_STRING_type_new crypto/asn1/asn1_lib.c:341
        #4 0x7faae98118f7 in asn1_primitive_new crypto/asn1/tasn_new.c:318
        #5 0x7faae9812401 in asn1_item_embed_new crypto/asn1/tasn_new.c:78
        #6 0x7faae9812401 in asn1_template_new crypto/asn1/tasn_new.c:240
        #7 0x7faae9812315 in asn1_item_embed_new crypto/asn1/tasn_new.c:137
        #8 0x7faae9812315 in asn1_template_new crypto/asn1/tasn_new.c:240
        #9 0x7faae9812a54 in asn1_item_embed_new crypto/asn1/tasn_new.c:137
        #10 0x7faae9812a54 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39
        #11 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325
        #12 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
        openssl#13 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
        openssl#14 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
        openssl#15 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
        openssl#16 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
        openssl#17 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
        openssl#18 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
        openssl#19 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
        openssl#20 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301
        openssl#21 0x40893b in testfile fuzz/test-corpus.c:182
        openssl#22 0x406b86 in main fuzz/test-corpus.c:226
        openssl#23 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

    AddressSanitizer:DEADLYSIGNAL
    =================================================================
    ==1194==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc 0x7faae9b0625f bp 0x7fffffe41a00 sp 0x7fffffe41920 T0)
    ==1194==The signal is caused by a READ memory access.
    ==1194==Hint: address points to the zero page.
        #0 0x7faae9b0625f in crl_cb crypto/x509/x_crl.c:258
        #1 0x7faae9811255 in asn1_item_embed_free crypto/asn1/tasn_fre.c:113
        #2 0x7faae9812a65 in asn1_item_embed_new crypto/asn1/tasn_new.c:150
        #3 0x7faae9812a65 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39
        #4 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325
        #5 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
        #6 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
        #7 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
        #8 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
        #9 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
        #10 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
        #11 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
        #12 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
        openssl#13 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301
        openssl#14 0x40893b in testfile fuzz/test-corpus.c:182
        openssl#15 0x406b86 in main fuzz/test-corpus.c:226
        openssl#16 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

    AddressSanitizer can not provide additional info.
    SUMMARY: AddressSanitizer: SEGV crypto/x509/x_crl.c:258 in crl_cb
    ==1194==ABORTING

    Reviewed-by: Matt Caswell <[email protected]>
    Reviewed-by: Tomas Mraz <[email protected]>
    (Merged from openssl#18360)

    (cherry picked from commit 557825a)

commit 17519e2
Author: Bernd Edlinger <[email protected]>
Date:   Thu May 19 15:50:28 2022 +0200

    Backport a missing bug-fix from master

    This is a backport of the following commit from master:

    commit 61b0fea
    Author: Matt Caswell <[email protected]>
    Date:   Thu Nov 19 13:58:21 2020 +0000

        Don't Overflow when printing Thawte Strong Extranet Version

        When printing human readable info on the Thawte Strong Extranet extension
        the version number could overflow if the version number == LONG_MAX. This
        is undefined behaviour.

        Issue found by OSSFuzz.

        Reviewed-by: Ben Kaduk <[email protected]>
        (Merged from openssl#13452)

    Reviewed-by: Matt Caswell <[email protected]>
    Reviewed-by: Tomas Mraz <[email protected]>
    (Merged from openssl#18347)

commit 03ba56f
Author: Bernd Edlinger <[email protected]>
Date:   Thu May 19 10:59:25 2022 +0200

    Backport some fuzzing data files from master

    This is a backport of the following commit from master:

    commit 415e6ac
    Author: Tavis Ormandy <[email protected]>
    Date:   Tue Sep 21 15:48:27 2021 -0700

        increase x509 code coverage metrics

        Reviewed-by: Matt Caswell <[email protected]>
        Reviewed-by: Tomas Mraz <[email protected]>
        (Merged from openssl#16651)

    Reviewed-by: Matt Caswell <[email protected]>
    Reviewed-by: Tomas Mraz <[email protected]>
    (Merged from openssl#18347)

commit e04ba88
Author: Daniel Fiala <[email protected]>
Date:   Tue May 10 08:46:37 2022 +0000

    s_serve: Report an error if init-connection fails without an attempt to read.

    Fixes: openssl#18047.

    Reviewed-by: Paul Dale <[email protected]>
    Reviewed-by: Tomas Mraz <[email protected]>
    (Merged from openssl#18283)

commit 6ef91d8
Author: basavesh <[email protected]>
Date:   Tue Apr 5 17:49:09 2022 +0200

    Fix leakage when the cacheline is 32-bytes in CBC_MAC_ROTATE_IN_PLACE

    rotated_mac is a 64-byte aligned buffer of size 64 and rotate_offset is secret.
    Consider a weaker leakage model(CL) where only cacheline base address is leaked,
    i.e address/32 for 32-byte cacheline(CL32).

    Previous code used to perform two loads
        1. rotated_mac[rotate_offset ^ 32] and
        2. rotated_mac[rotate_offset++]
    which would leak 2q + 1, 2q for 0 <= rotate_offset < 32
    and 2q, 2q + 1 for 32 <= rotate_offset < 64

    The proposed fix performs load operations which will always leak 2q, 2q + 1 and
    selects the appropriate value in constant-time.

    Reviewed-by: Matt Caswell <[email protected]>
    Reviewed-by: Tomas Mraz <[email protected]>
    (Merged from openssl#18050)

commit c7d6c08
Author: Tomas Mraz <[email protected]>
Date:   Fri Apr 29 17:02:19 2022 +0200

    Add test for empty supported-groups extension

    Reviewed-by: Paul Dale <[email protected]>
    Reviewed-by: Matt Caswell <[email protected]>
    (Merged from openssl#18213)

commit bd16488
Author: Tomas Mraz <[email protected]>
Date:   Fri Apr 29 16:36:36 2022 +0200

    Do not send an empty supported groups extension

    This allows handshake to proceed if the maximum TLS version enabled is <1.3

    Fixes openssl#13583

    Reviewed-by: Paul Dale <[email protected]>
    Reviewed-by: Matt Caswell <[email protected]>
    (Merged from openssl#18213)

commit ac2d4cb
Author: Allan Jude <[email protected]>
Date:   Fri Nov 19 19:06:52 2021 +0000

    1_1_1-stable: Detect arm64-*-*bsd and enable assembly optimizations

    Reviewed-by: Paul Dale <[email protected]>
    Reviewed-by: Dmitry Belyavskiy <[email protected]>
    Reviewed-by: Tomas Mraz <[email protected]>
    (Merged from openssl#17085)

commit ec1b4bf
Author: Hugo Landau <[email protected]>
Date:   Wed Apr 27 10:11:08 2022 +0100

    (1.1) Add SSL_(CTX_)?get0_(verify|chain)_cert_store functions

    Backport of openssl#18038 to 1.1.

    Fixes openssl#18035.

    Reviewed-by: Tomas Mraz <[email protected]>
    Reviewed-by: Dmitry Belyavskiy <[email protected]>
    (Merged from openssl#18190)

commit 988c7b2
Author: Matt Caswell <[email protected]>
Date:   Tue May 3 14:41:23 2022 +0100

    Prepare for 1.1.1p-dev

    Reviewed-by: Tomas Mraz <[email protected]>
    Release: yes

commit 6fd6179191702eb0562ccbfb22a37405c669b90e
Author: Randall S. Becker <[email protected]>
Date:   Tue Jul 5 17:50:13 2022 -0400

    Missed include on NonStop for memcmp in test/v3ext.c

commit d97281f16602e50f040756029b555645315253df
Author: Randall S. Becker <[email protected]>
Date:   Tue Jul 5 10:37:54 2022 -0400

    Squashed commit of the following:

    commit 29708a562a1887a91de0fa6ca668c71871accde9
    Author: Richard Levitte <[email protected]>
    Date:   Tue Jul 5 11:08:33 2022 +0200

        Prepare for 1.1.1q release

        Reviewed-by: Paul Dale <[email protected]>
        Release: yes

    commit 95a17c0ead00885452d13309eaffd04c1737d05d
    Author: Richard Levitte <[email protected]>
    Date:   Tue Jul 5 10:33:00 2022 +0200

        Update copyright year

        Reviewed-by: Paul Dale <[email protected]>
        Release: yes

    commit 78ba51a3b8b505d8d03abca8fa95e4fb1464d94e
    Author: Richard Levitte <[email protected]>
    Date:   Tue Jul 5 10:25:00 2022 +0200

        Update CHANGES and NEWS for upcoming release 1.1.1q

        Reviewed-by: Paul Dale <[email protected]>
        Release: yes

    commit 9131afdca30b6d1650af9ea6179569a80ab8cb06
    Author: Alex Chernyakhovsky <[email protected]>
    Date:   Thu Jun 16 12:02:37 2022 +1000

        AES OCB test vectors

        Add test vectors for AES OCB for x86 AES-NI multiple of 96 byte issue.

        Co-authored-by: Alejandro Sedeño <[email protected]>
        Co-authored-by: David Benjamin <[email protected]>

        Reviewed-by: Paul Dale <[email protected]>
        Reviewed-by: Tomas Mraz <[email protected]>

    commit 919925673d6c9cfed3c1085497f5dfbbed5fc431
    Author: Alex Chernyakhovsky <[email protected]>
    Date:   Thu Jun 16 12:00:22 2022 +1000

        Fix AES OCB encrypt/decrypt for x86 AES-NI

        aesni_ocb_encrypt and aesni_ocb_decrypt operate by having a fast-path
        that performs operations on 6 16-byte blocks concurrently (the
        "grandloop") and then proceeds to handle the "short" tail (which can
        be anywhere from 0 to 5 blocks) that remain.

        As part of initialization, the assembly initializes $len to the true
        length, less 96 bytes and converts it to a pointer so that the $inp
        can be compared to it. Each iteration of "grandloop" checks to see if
        there's a full 96-byte chunk to process, and if so, continues. Once
        this has been exhausted, it falls through to "short", which handles
        the remaining zero to five blocks.

        Unfortunately, the jump at the end of "grandloop" had a fencepost
        error, doing a `jb` ("jump below") rather than `jbe` (jump below or
        equal). This should be `jbe`, as $inp is pointing to the *end* of the
        chunk currently being handled. If $inp == $len, that means that
        there's a whole 96-byte chunk waiting to be handled. If $inp > $len,
        then there's 5 or fewer 16-byte blocks left to be handled, and the
        fall-through is intended.

        The net effect of `jb` instead of `jbe` is that the last 16-byte block
        of the last 96-byte chunk was completely omitted. The contents of
        `out` in this position were never written to. Additionally, since
        those bytes were never processed, the authentication tag generated is
        also incorrect.

        The same fencepost error, and identical logic, exists in both
        aesni_ocb_encrypt and aesni_ocb_decrypt.

        This addresses CVE-2022-2097.

        Co-authored-by: Alejandro Sedeño <[email protected]>
        Co-authored-by: David Benjamin <[email protected]>

        Reviewed-by: Paul Dale <[email protected]>
        Reviewed-by: Tomas Mraz <[email protected]>

    commit 6495cab1c876ad80ce983d848ccaa1dc286a63e1
    Author: slontis <[email protected]>
    Date:   Fri Jul 1 13:47:11 2022 +1000

        Fix bn_gcd code to check return value when calling BN_one()

        BN_one() uses the expand function which calls malloc which may fail.
        All other places that reference BN_one() check the return value.

        The issue is triggered by a memory allocation failure.
        Detected by PR #18355

        Reviewed-by: Tomas Mraz <[email protected]>
        Reviewed-by: Paul Dale <[email protected]>
        (Merged from https://github.com/openssl/openssl/pull/18697)

        (cherry picked from commit 7fe7cc57af3db1e497877f0329ba17609b2efc8b)

    commit 7a05fcb1fc276a7ecfe599d45655d4e617c5e2d4
    Author: xkernel <[email protected]>
    Date:   Mon Jun 20 17:46:39 2022 +0800

        v3_sxnet: add a check for the return of i2s_ASN1_INTEGER()

        Reviewed-by: Matt Caswell <[email protected]>
        Reviewed-by: Ben Kaduk <[email protected]>
        (Merged from https://github.com/openssl/openssl/pull/18608)

        (cherry picked from commit 9ef1f848a646565d4dd86e56542cf921d4921ad9)

    commit a1d80edcf830739131e0567dc03b1e80b7988b1e
    Author: Matt Caswell <[email protected]>
    Date:   Fri Jun 10 15:58:58 2022 +0100

        Fix range_should_be_prefix() to actually return the correct result

        range_should_be_prefix() was misidentifying whether an IP address range
        should in fact be represented as a prefix. This was due to a bug introduced
        in commit 42d7d7dd which made this incorrect change:

        -    OPENSSL_assert(memcmp(min, max, length) <= 0);
        +    if (memcmp(min, max, length) <= 0)
        +        return -1;

        This error leads to incorrect DER being encoded/accepted.

        Reported by Theo Buehler (@botovq)

        Reviewed-by: Paul Dale <[email protected]>
        Reviewed-by: Tomas Mraz <[email protected]>
        (Merged from https://github.com/openssl/openssl/pull/18524)

        (cherry picked from commit 30532e59f475e0066c030693e4d614311a9e0cae)
        (cherry picked from commit 2c6550c6db9b1b69dc24f968b4ceb534edcf4841)

    commit 4c1cf6d39bb8e85658ac8c743dcff8ede730f76a
    Author: Bernd Edlinger <[email protected]>
    Date:   Fri Jun 17 10:25:24 2022 +0200

        Fix compile issues in test/v3ext.c with no-rfc3779

        There are no ASIdentifiers if OPENSSL_NO_RFC3779 is defined,
        therefore the test cannot be compiled.

        Reviewed-by: Matt Caswell <[email protected]>
        Reviewed-by: Tomas Mraz <[email protected]>
        Reviewed-by: Paul Dale <[email protected]>
        (Merged from https://github.com/openssl/openssl/pull/18634)

        (cherry picked from commit b76efe61ea9710a8f69e1cb8caf1aeb2ba6f1ebe)
        (cherry picked from commit 665ab12ed3f0d78e7cb6a55cdd2b83a2fe150232)

    commit 882573246695088d65956355ca6c954642dcac31
    Author: olszomal <[email protected]>
    Date:   Fri Jun 17 15:01:11 2022 +0200

        SSL_get_current_cipher() and SSL_get_pending_cipher() return 'const SSL_CIPHER *'

        Fix the documentation.

        CLA: trivial

        Reviewed-by: Matt Caswell <[email protected]>
        Reviewed-by: Todd Short <[email protected]>
        Reviewed-by: Paul Dale <[email protected]>
        Reviewed-by: Tomas Mraz <[email protected]>
        (Merged from https://github.com/openssl/openssl/pull/18599)

        (cherry picked from commit d842b6eff0940b6ce337536cb718a8d561290f50)

    commit 6c8879c8bf6030666c851623f93fff03c1266715
    Author: Bernd Edlinger <[email protected]>
    Date:   Wed Jun 22 17:05:55 2022 +0200

        Fix a memory leak in EC_GROUP_new_from_ecparameters

        This can be reproduced with my error injection patch.

        The test vector has been validated on the 1.1.1 branch
        but the issue is of course identical in all branches.

        $ ERROR_INJECT=1656112173 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/fe543a8d7e09109a9a08114323eefec802ad79e2
            #0 0x7fb61945eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
            #1 0x402f84 in my_malloc fuzz/test-corpus.c:114
            #2 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
            #3 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280
            #4 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304
            #5 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454
            #6 0x7fb618e7aa13 in asn1_string_to_bn crypto/asn1/a_int.c:503
            #7 0x7fb618e7aa13 in ASN1_INTEGER_to_BN crypto/asn1/a_int.c:559
            #8 0x7fb618fd8e79 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:814
            #9 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
            #10 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
            #11 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
            #12 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
            #13 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
            #14 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
            #15 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
            #16 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
            #17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
            #18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
            #19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
            #20 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
            #21 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
            #22 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
            #23 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
            #24 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
            #25 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
            #26 0x402afb in testfile fuzz/test-corpus.c:182
            #27 0x402656 in main fuzz/test-corpus.c:226
            #28 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
            #29 0x402756  (/home/ed/OPC/openssl/fuzz/x509-test+0x402756)

        =================================================================
        ==12221==ERROR: LeakSanitizer: detected memory leaks

        Direct leak of 24 byte(s) in 1 object(s) allocated from:
            #0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
            #1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
            #2 0x7fb618ef5f11 in BN_new crypto/bn/bn_lib.c:246
            #3 0x7fb618ef82f4 in BN_bin2bn crypto/bn/bn_lib.c:440
            #4 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618
            #5 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
            #6 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
            #7 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
            #8 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
            #9 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
            #10 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
            #11 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
            #12 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
            #13 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
            #14 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
            #15 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
            #16 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
            #17 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
            #18 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
            #19 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
            #20 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
            #21 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
            #22 0x402afb in testfile fuzz/test-corpus.c:182
            #23 0x402656 in main fuzz/test-corpus.c:226
            #24 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

        Indirect leak of 56 byte(s) in 1 object(s) allocated from:
            #0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
            #1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
            #2 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280
            #3 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304
            #4 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454
            #5 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618
            #6 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
            #7 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
            #8 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
            #9 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
            #10 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
            #11 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
            #12 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
            #13 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
            #14 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
            #15 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
            #16 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
            #17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
            #18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
            #19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
            #20 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
            #21 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
            #22 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
            #23 0x402afb in testfile fuzz/test-corpus.c:182
            #24 0x402656 in main fuzz/test-corpus.c:226
            #25 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

        SUMMARY: AddressSanitizer: 80 byte(s) leaked in 2 allocation(s).

        Reviewed-by: Tomas Mraz <[email protected]>
        Reviewed-by: Kurt Roeckx <[email protected]>
        (Merged from https://github.com/openssl/openssl/pull/18632)

    commit 7f77ecd2facbd9df62ed727fbd1f522376d44bd3
    Author: Matt Caswell <[email protected]>
    Date:   Tue Jun 21 14:39:48 2022 +0100

        Prepare for 1.1.1q-dev

        Reviewed-by: Richard Levitte <[email protected]>
        Release: yes

    commit 8aaca20cf9996257d1ce2e6f4d3059b3698dde3d
    Author: Matt Caswell <[email protected]>
    Date:   Tue Jun 21 14:39:39 2022 +0100

        Prepare for 1.1.1p release

        Reviewed-by: Richard Levitte <[email protected]>
        Release: yes

    commit a3fc812c0c78e2f5db8b9d45bddaff62dfc958ae
    Author: Matt Caswell <[email protected]>
    Date:   Tue Jun 21 14:07:32 2022 +0100

        Update copyright year

        Reviewed-by: Richard Levitte <[email protected]>
        Release: yes

    commit 51e06520734063d6f52b2e596e1089d36d3781e7
    Author: Matt Caswell <[email protected]>
    Date:   Mon Jun 20 14:14:20 2022 +0100

        Update CHANGES and NEWS for new release

        Reviewed-by: Tomas Mraz <[email protected]>
        Release: yes

    commit 9639817dac8bbbaa64d09efad7464ccc405527c7
    Author: Daniel Fiala <[email protected]>
    Date:   Sun May 29 20:11:24 2022 +0200

        Fix file operations in c_rehash.

        CVE-2022-2068

        Reviewed-by: Matt Caswell <[email protected]>
        Reviewed-by: Richard Levitte <[email protected]>

    commit 20af01d46ca4086f6b1339b67c15c81d8b4a040d
    Author: Fraser Tweedale <[email protected]>
    Date:   Wed Jun 15 10:50:57 2022 +1000

        Fix documentation of BIO_FLAGS_BASE64_NO_NL

        Commit 8bfb7506d210841f2ee4eda8afe96441a0e33fa5 updated
        `BIO_f_base64(3)` to improve the documentation of the
        `BIO_FLAGS_BASE64_NO_NL` flag.  In particular, the updated text
        states that when this flag is used, all newlines in the input are
        ignored.  This is incorrect, as the following program proves:

        ```c

        unsigned char *in_buf =
            "IlRoZSBxdWljayBicm93biBmb3gganVt\ncHMgb3ZlciBhIGxhenkgZG9nLiI=\n";

        int main(int argc, char **argv) {
            BIO *b64 = BIO_new(BIO_f_base64());
            if (b64 == NULL) return 1;
            BIO_set_flags(b64, BIO_get_flags(b64) | BIO_FLAGS_BASE64_NO_NL);
            int in_len = strlen(in_buf);
            BIO *in = BIO_new_mem_buf(in_buf, in_len);
            if (in == NULL) return 2;
            in = BIO_push(b64, in);
            unsigned char *out_buf = calloc(in_len, sizeof(unsigned char));
            if (out_buf == NULL) return 3;
            size_t out_len;
            int r = BIO_read_ex(in, out_buf, in_len, &out_len);
            printf("rv = %d\n", r);
            printf("decoded = %s\n", out_buf);
            return 0;
        }
        ```

        Update the text of `BIO_f_base64(3)` to clarify that when the flag
        is set, the data must be all on one line (with or without a trailing
        newline character).

        Signed-off-by: Fraser Tweedale <[email protected]>

        Reviewed-by: Paul Dale <[email protected]>
        Reviewed-by: Tomas Mraz <[email protected]>
        (Merged from https://github.com/openssl/openssl/pull/18568)

        (cherry picked from commit 0edcbacca99ab2b716da395f204610fc2775ea83)

    commit 8438d3a7b7309cbea521d3628fddeda7bd6d6e20
    Author: Tomas Mraz <[email protected]>
    Date:   Thu Jun 9 16:20:05 2022 +0200

        Add an extra reduction step to RSAZ mod_exp implementations

        Inspired by BoringSSL fix by David Benjamin.

        Reviewed-by: Matt Caswell <[email protected]>
        Reviewed-by: Paul Dale <[email protected]>
        (Merged from https://github.com/openssl/openssl/pull/18511)

    commit 0ed27fb7a8d85685cb671bf0a1e41bcdfc2624dc
    Author: Tomas Mraz <[email protected]>
    Date:   Thu Jun 9 12:34:55 2022 +0200

        Always end BN_mod_exp_mont_consttime with normal Montgomery reduction.

        This partially fixes a bug where, on x86_64, BN_mod_exp_mont_consttime
        would sometimes return m, the modulus, when it should have returned
        zero. Thanks to Guido Vranken for reporting it. It is only a partial fix
        because the same bug also exists in the "rsaz" codepath.

        The bug only affects zero outputs (with non-zero inputs), so we believe
        it has no security impact on our cryptographic functions.

        The fx is to delete lowercase bn_from_montgomery altogether, and have the
        mont5 path use the same BN_from_montgomery ending as the non-mont5 path.
        This only impacts the final step of the whole exponentiation and has no
        measurable perf impact.

        See the original BoringSSL commit
        https://boringssl.googlesource.com/boringssl/+/13c9d5c69d04485a7a8840c12185c832026c8315
        for further analysis.

        Original-author: David Benjamin <[email protected]>

        Reviewed-by: Matt Caswell <[email protected]>
        Reviewed-by: Paul Dale <[email protected]>
        (Merged from https://github.com/openssl/openssl/pull/18511)

    commit 8f078819556da83c15751678c39558a59bc746fc
    Author: Matt Caswell <[email protected]>
    Date:   Thu Jun 9 16:57:30 2022 +0100

        Fix a crash in X509v3_asid_subset()

        If the asnum or rdi fields are NULL and the ASIdentifiers are otherwise
        subsets then this will result in a crash. Of note is that rdi will usually
        be NULL.

        Reported by Theo Buehler (@botovq)

        Reviewed-by: Tomas Mraz <[email protected]>
        Reviewed-by: Paul Yang <[email protected]>
        Reviewed-by: Todd Short <[email protected]>
        (Merged from https://github.com/openssl/openssl/pull/18514)

        (cherry picked from commit 01fc9b6bce82f0534d6673659a0e59a71f57ee82)

    commit ab7d05617a444cfcf4f930f81caa4cf66495ab9b
    Author: Tomas Mraz <[email protected]>
    Date:   Thu Jun 2 18:12:05 2022 +0200

        Update further expiring certificates that affect tests

        Namely the smime certificates used in test_cms
        will expire soon and affect tests.

        Fixes #15179

        Reviewed-by: Dmitry Belyavskiy <[email protected]>
        Reviewed-by: Paul Dale <[email protected]>
        (Merged from https://github.com/openssl/openssl/pull/18481)

    commit 3bd976551e549c030bdbd150c7aa8a1980cb00fe
    Author: Tomas Mraz <[email protected]>
    Date:   Tue Mar 29 13:31:34 2022 +0200

        Fix strict client chain check with TLS-1.3

        When TLS-1.3 is used and the server does not send any CA names
        the ca_dn will be NULL. sk_X509_NAME_num() returns -1 on null
        argument.

        Reviewed-by: Todd Short <[email protected]>
        Reviewed-by: Matt Caswell <[email protected]>
        (Merged from https://github.com/openssl/openssl/pull/17986)

        (cherry picked from commit 89dd85430770d39cbfb15eb586c921958ca7687f)

    commit b7ce611887cfac633aacc052b2e71a7f195418b8
    Author: Tomas Mraz <[email protected]>
    Date:   Wed Jun 1 13:06:46 2022 +0200

        ct_test.c: Update the epoch time

        Reviewed-by: Matt Caswell <[email protected]>
        Reviewed-by: Dmitry Belyavskiy <[email protected]>
        (Merged from https://github.com/openssl/openssl/pull/18446)

    commit 73db5d82489b3ec09ccc772dfcee14fef0e8e908
    Author: Tomas Mraz <[email protected]>
    Date:   Wed Jun 1 12:47:44 2022 +0200

        Update expired SCT certificates

        Reviewed-by: Matt Caswell <[email protected]>
        Reviewed-by: Dmitry Belyavskiy <[email protected]>
        (Merged from https://github.com/openssl/openssl/pull/18446)

    commit 8754fa5f60ac4fdb5127f2eded9c7bbe0651c880
    Author: Bernd Edlinger <[email protected]>
    Date:   Sat May 21 07:50:46 2022 +0200

        Fix a memory leak in crl_set_issuers

        This can be reproduced with my error injection patch.

        The test vector has been validated on the 1.1.1 branch
        but the issue is of course identical in all branches.

        $ ERROR_INJECT=1653520461 ../util/shlib_wrap.sh ./cms-test ./corpora/cms/3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1
        log file: cms-3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1-32454-test.out
        ERROR_INJECT=1653520461
            #0 0x7fd5d8b8eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
            #1 0x402fc4 in my_realloc fuzz/test-corpus.c:129
            #2 0x7fd5d8893c49 in sk_reserve crypto/stack/stack.c:198
            #3 0x7fd5d8893c49 in OPENSSL_sk_insert crypto/stack/stack.c:242
            #4 0x7fd5d88d6d7f in sk_GENERAL_NAMES_push include/openssl/x509v3.h:168
            #5 0x7fd5d88d6d7f in crl_set_issuers crypto/x509/x_crl.c:111
            #6 0x7fd5d88d6d7f in crl_cb crypto/x509/x_crl.c:246
            #7 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
            #8 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
            #9 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
            #10 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
            #11 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
            #12 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
            #13 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
            #14 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
            #15 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
            #16 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
            #17 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
            #18 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
            #19 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
            #20 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
            #21 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
            #22 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
            #23 0x402845 in FuzzerTestOneInput fuzz/cms.c:43
            #24 0x402bbb in testfile fuzz/test-corpus.c:182
            #25 0x402626 in main fuzz/test-corpus.c:226
            #26 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
            #27 0x402706  (/home/ed/OPC/openssl/fuzz/cms-test+0x402706)

        =================================================================
        ==29625==ERROR: LeakSanitizer: detected memory leaks

        Direct leak of 32 byte(s) in 1 object(s) allocated from:
            #0 0x7fd5d8b8309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
            #1 0x7fd5d87c2430 in CRYPTO_zalloc crypto/mem.c:230
            #2 0x7fd5d889501f in OPENSSL_sk_new_reserve crypto/stack/stack.c:209
            #3 0x7fd5d85dcbc3 in sk_ASN1_VALUE_new_null include/openssl/asn1t.h:928
            #4 0x7fd5d85dcbc3 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:577
            #5 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
            #6 0x7fd5d85db104 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:178
            #7 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
            #8 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
            #9 0x7fd5d88f86d9 in X509V3_EXT_d2i crypto/x509v3/v3_lib.c:142
            #10 0x7fd5d88d6d3c in crl_set_issuers crypto/x509/x_crl.c:97
            #11 0x7fd5d88d6d3c in crl_cb crypto/x509/x_crl.c:246
            #12 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
            #13 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
            #14 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
            #15 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
            #16 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
            #17 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
            #18 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
            #19 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
            #20 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
            #21 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
            #22 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
            #23 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
            #24 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
            #25 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
            #26 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
            #27 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
            #28 0x402845 in FuzzerTestOneInput fuzz/cms.c:43
            #29 0x402bbb in testfile fuzz/test-corpus.c:182
            #30 0x402626 in main fuzz/test-corpus.c:226
            #31 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

        SUMMARY: AddressSanitizer: 32 byte(s) leaked in 1 allocation(s).

        Reviewed-by: Paul Dale <[email protected]>
        Reviewed-by: Tomas Mraz <[email protected]>
        (Merged from https://github.com/openssl/openssl/pull/18391)

        (cherry picked from commit e9007e09792e3735d4973743634ff55d354fc7d8)

    commit 4a28f8451fbc1848fd2d1b99203a7c75876123f6
    Author: Bernd Edlinger <[email protected]>
    Date:   Sun May 22 20:12:56 2022 +0200

        Fix a crash in ssl_security_cert_chain

        Prior to the crash there is an out of memory error
        in X509_verify_cert which makes the chain NULL or
        empty.  The error is ignored by ssl_add_cert_chain,
        and ssl_security_cert_chain crashes due to the
        unchecked null pointer.

        This is reproducible with my error injection patch.

        The test vector has been validated on the 1.1.1 branch
        but the issue is of course identical in all branches.

        $ ERROR_INJECT=1652848273 ../util/shlib_wrap.sh ./server-test ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8# ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8
            #0 0x7f3a8f766eba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
            #1 0x403ba4 in my_malloc fuzz/test-corpus.c:114
            #2 0x7f3a8f39a430 in CRYPTO_zalloc crypto/mem.c:230
            #3 0x7f3a8f46bd3b in sk_reserve crypto/stack/stack.c:180
            #4 0x7f3a8f46bd3b in OPENSSL_sk_insert crypto/stack/stack.c:242
            #5 0x7f3a8f4a4fd8 in sk_X509_push include/openssl/x509.h:99
            #6 0x7f3a8f4a4fd8 in X509_verify_cert crypto/x509/x509_vfy.c:286
            #7 0x7f3a8fed726e in ssl_add_cert_chain ssl/statem/statem_lib.c:959
            #8 0x7f3a8fed726e in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015
            #9 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812
            #10 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843
            #11 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443
            #12 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718
            #13 0x403202 in FuzzerTestOneInput fuzz/server.c:740
            #14 0x40371b in testfile fuzz/test-corpus.c:182
            #15 0x402856 in main fuzz/test-corpus.c:226
            #16 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
            #17 0x402936  (/home/ed/OPC/openssl/fuzz/server-test+0x402936)

        AddressSanitizer:DEADLYSIGNAL
        =================================================================
        ==8400==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000158 (pc 0x7f3a8f4d822f bp 0x7ffc39b76190 sp 0x7ffc39b760a0 T0)
        ==8400==The signal is caused by a READ memory access.
        ==8400==Hint: address points to the zero page.
            #0 0x7f3a8f4d822f in x509v3_cache_extensions crypto/x509v3/v3_purp.c:386
            #1 0x7f3a8f4d9d3a in X509_check_purpose crypto/x509v3/v3_purp.c:84
            #2 0x7f3a8f4da02a in X509_get_extension_flags crypto/x509v3/v3_purp.c:921
            #3 0x7f3a8feff7d2 in ssl_security_cert_sig ssl/t1_lib.c:2518
            #4 0x7f3a8feff7d2 in ssl_security_cert ssl/t1_lib.c:2542
            #5 0x7f3a8feffa03 in ssl_security_cert_chain ssl/t1_lib.c:2562
            #6 0x7f3a8fed728d in ssl_add_cert_chain ssl/statem/statem_lib.c:963
            #7 0x7f3a8fed728d in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015
            #8 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812
            #9 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843
            #10 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443
            #11 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718
            #12 0x403202 in FuzzerTestOneInput fuzz/server.c:740
            #13 0x40371b in testfile fuzz/test-corpus.c:182
            #14 0x402856 in main fuzz/test-corpus.c:226
            #15 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
            #16 0x402936  (/home/ed/OPC/openssl/fuzz/server-test+0x402936)

        AddressSanitizer can not provide additional info.
        SUMMARY: AddressSanitizer: SEGV crypto/x509v3/v3_purp.c:386 in x509v3_cache_extensions
        ==8400==ABORTING

        Reviewed-by: Tomas Mraz <[email protected]>
        Reviewed-by: Matt Caswell <[email protected]>
        (Merged from https://github.com/openssl/openssl/pull/18376)

        (cherry picked from commit dc0ef292f7df4ce0c49c64b47726a6768f9ac044)

    commit 59b8eca400d9ea7b77dc98fe08a91bbfe35d025a
    Author: Bernd Edlinger <[email protected]>
    Date:   Sat May 21 15:41:46 2022 +0200

        Fix a memory leak in X509_issuer_and_serial_hash

        This is reproducible with my error injection patch:

        $ ERROR_INJECT=1653267699 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/5f4034ae85d6587dcad4da3e812e80f3d312894d
        ERROR_INJECT=1653267699
            #0 0x7fd485a6ad4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36
            #1 0x55c12d268724 in my_malloc fuzz/test-corpus.c:114
            #2 0x7fd484f51a75 in CRYPTO_zalloc crypto/mem.c:230
            #3 0x7fd484ed778d in EVP_DigestInit_ex crypto/evp/digest.c:139
            #4 0x7fd4850a9849 in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:44
            #5 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44
            #6 0x55c12d268239 in testfile fuzz/test-corpus.c:182
            #7 0x55c12d267c7f in main fuzz/test-corpus.c:226
            #8 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308
            #9 0x55c12d267e5d in _start (/home/ed/OPCToolboxV5/Source/Core/OpenSSL/openssl/fuzz/x509-test+0x3e5d)

        =================================================================
        ==1058475==ERROR: LeakSanitizer: detected memory leaks

        Direct leak of 268 byte(s) in 1 object(s) allocated from:
            #0 0x7fd485a5dc3e in __interceptor_realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:163
            #1 0x7fd484d2eb9b in BUF_MEM_grow crypto/buffer/buffer.c:97
            #2 0x7fd4850b2913 in X509_NAME_oneline crypto/x509/x509_obj.c:43
            #3 0x7fd4850a982f in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:41
            #4 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44
            #5 0x55c12d268239 in testfile fuzz/test-corpus.c:182
            #6 0x55c12d267c7f in main fuzz/test-corpus.c:226
            #7 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308

        SUMMARY: AddressSanitizer: 268 byte(s) leaked in 1 allocation(s).

        Reviewed-by: Tomas Mraz <[email protected]>
        Reviewed-by: Matt Caswell <[email protected]>
        (Merged from https://github.com/openssl/openssl/pull/18370)

    commit e4b84b7514e5cbcbfc80e31b4ce609c7584e14bb
    Author: Bernd Edlinger <[email protected]>
    Date:   Fri May 20 16:54:41 2022 +0200

        Fix undefined behaviour in EC_GROUP_new_from_ecparameters

        This happens for instance with
        fuzz/corpora/asn1/65cf44e85614c62f10cf3b7a7184c26293a19e4a
        and causes the OPENSSL_malloc below to choke on the
        zero length allocation request.

        Reviewed-by: Matt Caswell <[email protected]>
        Reviewed-by: Tomas Mraz <[email protected]>
        (Merged from https://github.com/openssl/openssl/pull/18363)

    commit 8e1ece20cdb4a584be5311370256c4e813c09826
    Author: Bernd Edlinger <[email protected]>
    Date:   Fri May 20 16:15:44 2022 +0200

        Fix a memory leak in ec_key_simple_oct2priv

        This is reproducible with my error injection patch:

        $ ERROR_INJECT=1652710284 ../util/shlib_wrap.sh ./server-test ./corpora/server/4e48da8aecce6b9b58e8e4dbbf0523e6d2dd56dc
        140587884632000:error:03078041:bignum routines:bn_expand_internal:malloc failure:crypto/bn/bn_lib.c:282:
        140587884632000:error:10103003:elliptic curve routines:ec_key_simple_oct2priv:BN lib:crypto/ec/ec_key.c:662:
        140587884632000:error:100DE08E:elliptic curve routines:old_ec_priv_decode:decode error:crypto/ec/ec_ameth.c:464:
        140587884632000:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1149:
        140587884632000:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:309:Type=X509_ALGOR
        140587884632000:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:Field=pkeyalg, Type=PKCS8_PRIV_KEY_INFO
        140587884632000:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:crypto/pem/pem_pkey.c:88:

        =================================================================
        ==19676==ERROR: LeakSanitizer: detected memory leaks

        Direct leak of 24 byte(s) in 1 object(s) allocated from:
            #0 0x7fdd2a6bb09f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
            #1 0x7fdd2a2fa430 in CRYPTO_zalloc crypto/mem.c:230
            #2 0x7fdd2a15df11 in BN_new crypto/bn/bn_lib.c:246
            #3 0x7fdd2a15df88 in BN_secure_new crypto/bn/bn_lib.c:257
            #4 0x7fdd2a247390 in ec_key_simple_oct2priv crypto/ec/ec_key.c:655
            #5 0x7fdd2a241fc5 in d2i_ECPrivateKey crypto/ec/ec_asn1.c:1030
            #6 0x7fdd2a23dac5 in old_ec_priv_decode crypto/ec/ec_ameth.c:463
            #7 0x7fdd2a109db7 in d2i_PrivateKey crypto/asn1/d2i_pr.c:46
            #8 0x7fdd2a33ab16 in PEM_read_bio_PrivateKey crypto/pem/pem_pkey.c:84
            #9 0x7fdd2a3330b6 in PEM_read_bio_ECPrivateKey crypto/pem/pem_all.c:151
            #10 0x402dba in FuzzerTestOneInput fuzz/server.c:592
            #11 0x40370b in testfile fuzz/test-corpus.c:182
            #12 0x402846 in main fuzz/test-corpus.c:226
            #13 0x7fdd297b9f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

        SUMMARY: AddressSanitizer: 24 byte(s) leaked in 1 allocation(s).

        Reviewed-by: Tomas Mraz <[email protected]>
        Reviewed-by: Matt Caswell <[email protected]>
        (Merged from https://github.com/openssl/openssl/pull/18361)

    commit 8e60f41d064786f95440e4c56660ffe9777783d7
    Author: Bernd Edlinger <[email protected]>
    Date:   Fri May 20 08:02:47 2022 +0200

        Fix a crash in asn1_item_embed_new

        This happens usually if an template object is created
        and there is an out of memory error before the ASN1_OP_NEW_POST
        method is called, but asn1_item_embed_free calls now the
        ASN1_OP_FREE_POST which may crash because the object is not
        properly initialized.  Apparently that is only an issue with
        the ASN1_OP_FREE_POST handling of crypot/x509/x_crl.c, which
        ought to be tolerant to incomplete initialized objects.

        The error can be reproduced with the reproducible error injection patch:

        $ ERROR_INJECT=1652890550 ../util/shlib_wrap.sh ./asn1-test ./corpora/asn1/0ff17293911f54d1538b9896563a4048d67d9ee4
            #0 0x7faae9dbeeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
            #1 0x408dc4 in my_malloc fuzz/test-corpus.c:114
            #2 0x7faae99f2430 in CRYPTO_zalloc crypto/mem.c:230
            #3 0x7faae97f09e5 in ASN1_STRING_type_new crypto/asn1/asn1_lib.c:341
            #4 0x7faae98118f7 in asn1_primitive_new crypto/asn1/tasn_new.c:318
            #5 0x7faae9812401 in asn1_item_embed_new crypto/asn1/tasn_new.c:78
            #6 0x7faae9812401 in asn1_template_new crypto/asn1/tasn_new.c:240
            #7 0x7faae9812315 in asn1_item_embed_new crypto/asn1/tasn_new.c:137
            #8 0x7faae9812315 in asn1_template_new crypto/asn1/tasn_new.c:240
            #9 0x7faae9812a54 in asn1_item_embed_new crypto/asn1/tasn_new.c:137
            #10 0x7faae9812a54 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39
            #11 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325
            #12 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
            #13 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
            #14 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
            #15 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
            #16 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
            #17 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
            #18 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
            #19 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
            #20 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301
            #21 0x40893b in testfile fuzz/test-corpus.c:182
            #22 0x406b86 in main fuzz/test-corpus.c:226
            #23 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

        AddressSanitizer:DEADLYSIGNAL
        =================================================================
        ==1194==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc 0x7faae9b0625f bp 0x7fffffe41a00 sp 0x7fffffe41920 T0)
        ==1194==The signal is caused by a READ memory access.
        ==1194==Hint: address points to the zero page.
            #0 0x7faae9b0625f in crl_cb crypto/x509/x_crl.c:258
            #1 0x7faae9811255 in asn1_item_embed_free crypto/asn1/tasn_fre.c:113
            #2 0x7faae9812a65 in asn1_item_embed_new crypto/asn1/tasn_new.c:150
            #3 0x7faae9812a65 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39
            #4 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325
            #5 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
            #6 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
            #7 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
            #8 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
            #9 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
            #10 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
            #11 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
            #12 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
            #13 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301
            #14 0x40893b in testfile fuzz/test-corpus.c:182
            #15 0x406b86 in main fuzz/test-corpus.c:226
            #16 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

        AddressSanitizer can not provide additional info.
        SUMMARY: AddressSanitizer: SEGV crypto/x509/x_crl.c:258 in crl_cb
        ==1194==ABORTING

        Reviewed-by: Matt Caswell <[email protected]>
        Reviewed-by: Tomas Mraz <[email protected]>
        (Merged from https://github.com/openssl/openssl/pull/18360)

        (cherry picked from commit 557825acd622f98fc21423aba092e374db84f483)

    commit 17519e2595b5ed8211a7763ff6eb2d6cf47c13cb
    Author: Bernd Edlinger <[email protected]>
    Date:   Thu May 19 15:50:28 2022 +0200

        Backport a missing bug-fix from master

        This is a backport of the following commit from master:

        commit 61b0fead5e6079ca826594df5b9ca00e65883cb0
        Author: Matt Caswell <[email protected]>
        Date:   Thu Nov 19 13:58:21 2020 +0000

            Don't Overflow when printing Thawte Strong Extranet Version

            When printing human readable info on the Thawte Strong Extranet extension
            the version number could overflow if the version number == LONG_MAX. This
            is undefined behaviour.

            Issue found by OSSFuzz.

            Reviewed-by: Ben Kaduk <[email protected]>
            (Merged from https://github.com/openssl/openssl/pull/13452)

        Reviewed-by: Matt Caswell <[email protected]>
        Reviewed-by: Tomas Mraz <[email protected]>
        (Merged from https://github.com/openssl/openssl/pull/18347)

    commit 03ba56f1525c93eb3dfe72f85cdc698b97918e59
    Author: Bernd Edlinger <[email protected]>
    Date:   Thu May 19 10:59:25 2022 +0200

        Backport some fuzzing data files from master

        This is a backport of the following commit from master:

        commit 415e6ac80405e13b20b083315747e431274fbd33
        Author: Tavis Ormandy <[email protected]>
        Date:   Tue Sep 21 15:48:27 2021 -0700

            increase x509 code coverage metrics

            Reviewed-by: Matt Caswell <[email protected]>
            Reviewed-by: Tomas Mraz <[email protected]>
            (Merged from https://github.com/openssl/openssl/pull/16651)

        Reviewed-by: Matt Caswell <[email protected]>
        Reviewed-by: Tomas Mraz <[email protected]>
        (Merged from https://github.com/openssl/openssl/pull/18347)

    commit e04ba889594d84a8805f3d0caeadf0527470e508
    Author: Daniel Fiala <[email protected]>
    Date:   Tue May 10 08:46:37 2022 +0000

        s_serve: Report an error if init-connection fails without an attempt to read.

        Fixes: openssl#18047.

        Reviewed-by: Paul Dale <[email protected]>
        Reviewed-by: Tomas Mraz <[email protected]>
        (Merged from https://github.com/openssl/openssl/pull/18283)

    commit 6ef91d8153e04a2302bff11b29caf7e888b62fe8
    Author: basavesh <[email protected]>
    Date:   Tue Apr 5 17:49:09 2022 +0200

        Fix leakage when the cacheline is 32-bytes in CBC_MAC_ROTATE_IN_PLACE

        rotated_mac is a 64-byte aligned buffer of size 64 and rotate_offset is secret.
        Consider a weaker leakage model(CL) where only cacheline base address is leaked,
        i.e address/32 for 32-byte cacheline(CL32).

        Previous code used to perform two loads
            1. rotated_mac[rotate_offset ^ 32] and
            2. rotated_mac[rotate_offset++]
        which would leak 2q + 1, 2q for 0 <= rotate_offset < 32
        and 2q, 2q + 1 for 32 <= rotate_offset < 64

        The proposed fix performs load operations which will always leak 2q, 2q + 1 and
        selects the appropriate value in constant-time.

        Reviewed-by: Matt Caswell <[email protected]>
        Reviewed-by: Tomas Mraz <[email protected]>
        (Merged from https://github.com/openssl/openssl/pull/18050)

    commit c7d6c08290b67cbeef2b4f636f04788ea405520a
    Author: Tomas Mraz <[email protected]>
    Date:   Fri Apr 29 17:02:19 2022 +0200

        Add test for empty supported-groups extension

        Reviewed-by: Paul Dale <[email protected]>
        Reviewed-by: Matt Caswell <[email protected]>
        (Merged from https://github.com/openssl/openssl/pull/18213)

    commit bd164884f258d99ca876f6cdcdf9bd0dcceee6ad
    Author: Tomas Mraz <[email protected]>
    Date:   Fri Apr 29 16:36:36 2022 +0200

        Do not send an empty supported groups extension

        This allows handshake to proceed if the maximum TLS version enabled is <1.3

        Fixes #13583

        Reviewed-by: Paul Dale <[email protected]>
        Reviewed-by: Matt Caswell <[email protected]>
        (Merged from https://github.com/openssl/openssl/pull/18213)

    commit ac2d4cb656b3a796db3dc6f8873e91e67907372d
    Author: Allan Jude <[email protected]>
    Date:   Fri Nov 19 19:06:52 2021 +0000

        1_1_1-stable: Detect arm64-*-*bsd and enable assembly optimizations

        Reviewed-by: Paul Dale <[email protected]>
        Reviewed-by: Dmitry Belyavskiy <[email protected]>
        Reviewed-by: Tomas Mraz <[email protected]>
        (Merged from https://github.com/openssl/openssl/pull/17085)

    commit ec1b4bf26c1b2440546f323873c578374f60b2de
    Author: Hugo Landau <[email protected]>
    Date:   Wed Apr 27 10:11:08 2022 +0100

        (1.1) Add SSL_(CTX_)?get0_(verify|chain)_cert_store functions

        Backport of #18038 to 1.1.

        Fixes #18035.

        Reviewed-by: Tomas Mraz <[email protected]>
        Reviewed-by: Dmitry Belyavskiy <[email protected]>
        (Merged from https://github.com/openssl/openssl/pull/18190)

    commit 988c7b2d9361dd0ade5ef7ef068fb4ed770ce2a2
    Author: Matt Caswell <[email protected]>
    Date:   Tue May 3 14:41:23 2022 +0100

        Prepare for 1.1.1p-dev

        Reviewed-by: Tomas Mraz <[email protected]>
        Release: yes

commit 5ea6414f0bf861e8fece53b5bf35c849bad64774
Author: Randall S. Becker <[email protected]>
Date:   Wed Jun 22 06:26:40 2022 -0600

    Squashed commit of the following:

    commit 8aaca20cf9996257d1ce2e6f4d3059b3698dde3d
    Author: Matt Caswell <[email protected]>
    Date:   Tue Jun 21 14:39:39 2022 +0100

        Prepare for 1.1.1p release

        Reviewed-by: Richard Levitte <[email protected]>
        Release: yes

    commit a3fc812c0c78e2f5db8b9d45bddaff62dfc958ae
    Author: Matt Caswell <[email protected]>
    Date:   Tue Jun 21 14:07:32 2022 +0100

        Update copyright year

        Reviewed-by: Richard Levitte <[email protected]>
        Release: yes

    commit 51e06520734063d6f52b2e596e1089d36d3781e7
    Author: Matt Caswell <[email protected]>
    Date:   Mon Jun 20 14:14:20 2022 +0100

        Update CHANGES and NEWS for new release

        Reviewed-by: Tomas Mraz <[email protected]>
        Release: yes

    commit 9639817dac8bbbaa64d09efad7464ccc405527c7
    Author: Daniel Fiala <[email protected]>
    Date:   Sun May 29 20:11:24 2022 +0200

        Fix file operations in c_rehash.

        CVE-2022-2068

        Reviewed-by: Matt Caswell <[email protected]>
        Reviewed-by: Richard Levitte <[email protected]>

    commit 20af01d46ca4086f6b1339b67c15c81d8b4a040d
    Author: Fraser Tweedale <[email protected]>
    Date:   Wed Jun 15 10:50:57 2022 +1000

        Fix documentation of BIO_FLAGS_BASE64_NO_NL

        Commit 8bfb7506d210841f2ee4eda8afe96441a0e33fa5 updated
        `BIO_f_base64(3)` to improve the documentation of the
        `BIO_FLAGS_BASE64_NO_NL` flag.  In particular, the updated text
        states that when this flag is used, all newlines in the input are
        ignored.  This is incorrect, as the following program proves:

        ```c

        unsigned char *in_buf =
            "IlRoZSBxdWljayBicm93biBmb3gganVt\ncHMgb3ZlciBhIGxhenkgZG9nLiI=\n";

        int main(int argc, char **argv) {
            BIO *b64 = BIO_new(BIO_f_base64());
            if (b64 == NULL) return 1;
            BIO_set_flags(b64, BIO_get_flags(b64) | BIO_FLAGS_BASE64_NO_NL);
            int in_len = strlen(in_buf);
            BIO *in = BIO_new_mem_buf(in_buf, in_len);
            if (in == NULL) return 2;
            in = BIO_push(b64, in);
            unsigned char *out_buf = calloc(in_len, sizeof(unsigned char));
            if (out_buf == NULL) return 3;
            size_t out_len;
            int r = BIO_read_ex(in, out_buf, in_len, &out_len);
            printf("rv = %d\n", r);
            printf("decoded = %s\n", out_buf);
            return 0;
        }
        ```

        Update the text of `BIO_f_base64(3)` to clarify that when the flag
        is set, the data must be all on one line (with or without a trailing
        newline character).

        Signed-off-by: Fraser Tweedale <[email protected]>

        Reviewed-by: Paul Dale <[email protected]>
        Reviewed-by: Tomas Mraz <[email protected]>
        (Merged from https://github.com/openssl/openssl/pull/18568)

        (cherry picked from commit 0edcbacca99ab2b716da395f204610fc2775ea83)

    commit 8438d3a7b7309cbea521d3628fddeda7bd6d6e20
    Author: Tomas Mraz <[email protected]>
    Date:   Thu Jun 9 16:20:05 2022 +0200

        Add an extra reduction step to RSAZ mod_exp implementations

        Inspired by BoringSSL fix by David Benjamin.

        Reviewed-by: Matt Caswell <[email protected]>
        Reviewed-by: Paul Dale <[email protected]>
        (Merged from https://github.com/openssl/openssl/pull/18511)

    commit 0ed27fb7a8d85685cb671bf0a1e41bcdfc2624dc
    Author: Tomas Mraz <[email protected]>
    Date:   Thu Jun 9 12:34:55 2022 +0200

        Always end BN_mod_exp_mont_consttime with normal Montgomery reduction.

        This partially fixes a bug where, on x86_64, BN_mod_exp_mont_consttime
        would sometimes return m, the modulus, when it should have returned
        zero. Thanks to Guido Vranken for reporting it. It is only a partial fix
        because the same bug also exists in the "rsaz" codepath.

        The bug only affects zero outputs (with non-zero inputs), so we believe
        it has no security impact on our cryptographic functions.

        The fx is to delete lowercase bn_from_montgomery altogether, and have the
        mont5 path use the same BN_from_montgomery ending as the non-mont5 path.
        This only impacts the final step of the whole exponentiation and has no
        measurable perf impact.

        See the original BoringSSL commit
        https://boringssl.googlesource.com/boringssl/+/13c9d5c69d04485a7a8840c12185c832026c8315
        for further analysis.

        Original-author: David Benjamin <[email protected]>

        Reviewed-by: Matt Caswell <[email protected]>
        Reviewed-by: Paul Dale <[email protected]>
        (Merged from https://github.com/openssl/openssl/pull/18511)

    commit 8f078819556da83c15751678c39558a59bc746fc
    Author: Matt Caswell <[email protected]>
    Date:   Thu Jun 9 16:57:30 2022 +0100

        Fix a crash in X509v3_asid_subset()

        If the asnum or rdi fields are NULL and the ASIdentifiers are otherwise
        subsets then this will result in a crash. Of note is that rdi will usually
        be NULL.

        Reported by Theo Buehler (@botovq)

        Reviewed-by: Tomas Mraz <[email protected]>
        Reviewed-by: Paul Yang <[email protected]>
        Reviewed-by: Todd Short <[email protected]>
        (Merged from https://github.com/openssl/openssl/pull/18514)

        (cherry picked from commit 01fc9b6bce82f0534d6673659a0e59a71f57ee82)

    commit ab7d05617a444cfcf4f930f81caa4cf66495ab9b
    Author: Tomas Mraz <[email protected]>
    Date:   Thu Jun 2 18:12:05 2022 +0200

        Update further expiring certificates that affect tests

        Namely the smime certificates used in test_cms
        will expire soon and affect tests.

        Fixes #15179

        Reviewed-by: Dmitry Belyavskiy <[email protected]>
        Reviewed-by: Paul Dale <[email protected]>
        (Merged from https://github.com/openssl/openssl/pull/18481)

    commit 3bd976551e549c030bdbd150c7aa8a1980cb00fe
    Author: Tomas Mraz <[email protected]>
    Date:   Tue Mar 29 13:31:34 2022 +0200

        Fix strict client chain check with TLS-1.3

        When TLS-1.3 is used and the server does not send any CA names
        the ca_dn will be NULL. sk_X509_NAME_num() returns -1 on null
        argument.

        Reviewed-by: Todd Short <[email protected]>
        Reviewed-by: Matt Caswell <[email protected]>
        (Merged from https://github.com/openssl/openssl/pull/17986)

        (cherry picked from commit 89dd85430770d39cbfb15eb586c921958ca7687f)

    commit b7ce611887cfac633aacc052b2e71a7f195418b8
    Author: Tomas Mraz <[email protected]>
    Date:   Wed Jun 1 13:06:46 2022 +0200

        ct_test.c: Update the epoch time

        Reviewed-by: Matt Caswell <[email protected]>
        Reviewed-by: Dmitry Belyavskiy <[email protected]>
        (Merged from https://github.com/openssl/openssl/pull/18446)

    commit 73db5d82489b3ec09ccc772dfcee14fef0e8e908
    Author: Tomas Mraz <[email protected]>
    Date:   Wed Jun 1 12:47:44 2022 +0200

        Update expired SCT certificates

        Reviewed-by: Matt Caswell <[email protected]>
        Reviewed-by: Dmitry Belyavskiy <[email protected]>
        (Merged from https://github.com/openssl/openssl/pull/18446)

    commit 8754fa5f60ac4fdb5127f2eded9c7bbe0651c880
    Author: Bernd Edlinger <[email protected]>
    Date:   Sat May 21 07:50:46 2022 +0200

        Fix a memory leak in crl_set_issuers

        This can be reproduced with my error injection patch.

        The test vector has been validated on the 1.1.1 branch
        but the issue is of course identical in all branches.

        $ ERROR_INJECT=1653520461 ../util/shlib_wrap.sh ./cms-test ./corpora/cms/3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1
        log file: cms-3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1-32454-test.out
        ERROR_INJECT=1653520461
            #0 0x7fd5d8b8eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
            #1 0x402fc4 in my_realloc fuzz/test-corpus.c:129
            #2 0x7fd5d8893c49 in sk_reserve crypto/stack/stack.c:198
            #3 0x7fd5d8893c49 in OPENSSL_sk_insert crypto/stack/stack.c:242
            #4 0x7fd5d88d6d7f in sk_GENERAL_NAMES_push include/openssl/x509v3.h:168
            #5 0x7fd5d88d6d7f in crl_set_issuers crypto/x509/x_crl.c:111
            #6 0x7fd5d88d6d7f in crl_cb crypto/x509/x_crl.c:246
            #7 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
            #8 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
            #9 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
            #10 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
            #11 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
            #12 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
            #13 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
            #14 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
            #15 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
            #16 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
            #17 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
            #18 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
            #19 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
            #20 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
            #21 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
            #22 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
            #23 0x402845 in FuzzerTestOneInput fuzz/cms.c:43
            #24 0x402bbb in testfile fuzz/test-corpus.c:182
            #25 0x402626 in main fuzz/test-corpus.c:226
            #26 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
            #27 0x402706  (/home/ed/OPC/openssl/fuzz/cms-test+0x402706)

        =================================================================
        ==29625==ERROR: LeakSanitizer: detected memory leaks

        Direct leak of 32 byte(s) in 1 object(s) allocated from:
            #0 0x7fd5d8b8309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
            #1 0x7fd5d87c2430 in CRYPTO_zalloc crypto/mem.c:230
            #2 0x7fd5d889501f in OPENSSL_sk_new_reserve crypto/stack/stack.c:209
            #3 0x7fd5d85dcbc3 in sk_ASN1_VALUE_new_null include/openssl/asn1t.h:928
            #4 0x7fd5d85dcbc3 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:577
            #5 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
            #6 0x7fd5d85db104 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:178
            #7 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
            #8 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
            #9 0x7fd5d88f86d9 in X509V3_EXT_d2i crypto/x509v3/v3_lib.c:142
            #10 0x7fd5d88d6d3c in crl_set_issuers crypto/x509/x_crl.c:97
            #11 0x7fd5d88d6d3c in crl_cb crypto/x509/x_crl.c:246
            #12 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
            #13 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
            #14 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
            #15 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
            #16 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
            #17 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
            #18 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
            #19 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
            #20 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
            #21 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
            #22 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
            #23 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
            #24 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
            #25 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
            #26 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
            #27 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
            #28 0x402845 in FuzzerTestOneInput fuzz/cms.c:43
            #29 0x402bbb in testfile fuzz/test-corpus.c:182
            #30 0x402626 in main fuzz/test-corpus.c:226
            #31 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

        SUMMARY: AddressSanitizer: 32 byte(s) leaked in 1 allocation(s).

        Reviewed-by: Paul Dale <[email protected]>
        Reviewed-by: Tomas Mraz <[email protected]>
        (Merged from https://github.com/openssl/openssl/pull/18391)

        (cherry picked from commit e9007e09792e3735d4973743634ff55d354fc7d8)

    commit 4a28f8451fbc1848fd2d1b99203a7c75876123f6
    Author: Bernd Edlinger <[email protected]>
    Date:   Sun May 22 20:12:56 2022 +0200

        Fix a crash in ssl_security_cert_chain

        Prior to the crash there is an out of memory error
        in X509_verify_cert which makes the chain NULL or
        empty.  The error is ignored by ssl_add_cert_chain,
        and ssl_security_cert_chain crashes due to the
        unchecked null pointer.

        This is reproducible with my error injection patch.

        The test vector has been validated on the 1.1.1 branch
        but the issue is of course identical in all branches.

        $ ERROR_INJECT=1652848273 ../util/shlib_wrap.sh ./server-test ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8# ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8
            #0 0x7f3a8f766eba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
            #1 0x403ba4 in my_malloc fuzz/test-corpus.c:114
            #2 0x7f3a8f39a430 in CRYPTO_zalloc crypto/mem.c:230
            #3 0x7f3a8f46bd3b in sk_reserve crypto/stack/stack.c:180
            #4 0x7f3a8f46bd3b in OPENSSL_sk_insert crypto/stack/stack.c:242
            #5 0x7f3a8f4a4fd8 in sk_X509_push include/openssl/x509.h:99
            #6 0x7f3a8f4a4fd8 in X509_verify_cert crypto/x509/x509_vfy.c:286
            #7 0x7f3a8fed726e in ssl_add_cert_chain ssl/statem/statem_lib.c:959
            #8 0x7f3a8fed726e in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015
            #9 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812
            #10 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843
            #11 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443
            #12 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718
            #13 0x403202 in FuzzerTestOneInput fuzz/server.c:740
            #14 0x40371b in testfile fuzz/test-corpus.c:182
            #15 0x402856 in main fuzz/test-corpus.c:226
            #16 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
            #17 0x402936  (/home/ed/OPC/openssl/fuzz/server-test+0x402936)

        AddressSanitizer:DEADLYSIGNAL
        =================================================================
        ==8400==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000158 (pc 0x7f3a8f4d822f bp 0x7ffc39b76190 sp 0x7ffc39b760a0 T0)
        ==8400==The signal is caused by a READ memory access.
        ==8400==Hint: address points to the zero page.
            #0 0x7f3a8f4d822f in x509v3_cache_extensions crypto/x509v3/v3_purp.c:386
            #1 0x7f3a8f4d9d3a in X509_check_purpose crypto/x509v3/v3_purp.c:84
            #2 0x7f3a8f4da02a in X509_get_extension_flags crypto/x509v3/v3_purp.c:921
            #3 0x7f3a8feff7d2 in ssl_security_cert_sig ssl/t1_lib.c:2518
            #4 0x7f3a8feff7d2 in ssl_security_cert ssl/t1_lib.c:2542
            #5 0x7f3a8feffa03 in ssl_security_cert_chain ssl/t1_lib.c:2562
            #6 0x7f3a8fed728d in ssl_add_cert_chain ssl/statem/statem_lib.c:963
            #7 0x7f3a8fed728d in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015
            #8 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812
            #9 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843
            #10 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443
            #11 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718
            #12 0x403202 in FuzzerTestOneInput fuzz/server.c:740
            #13 0x40371b in testfile fuzz/test-corpus.c:182
            #14 0x402856 in main fuzz/test-corpus.c:226
            #15 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
            #16 0x402936  (/home/ed/OPC/openssl/fuzz/server-test+0x402936)

        AddressSanitizer can not provide additional info.
        SUMMARY: AddressSanitizer: SEGV crypto/…

commit 1b3fb89163127047b0f99412b8a31522215b3bea
Author: Randall S. Becker <[email protected]>
Date:   Tue Oct 11 11:17:39 2022 -0600

    Squashed commit of the following:

    commit 6fd6179191702eb0562ccbfb22a37405c669b90e
    Author: Randall S. Becker <[email protected]>
    Date:   Tue Jul 5 17:50:13 2022 -0400

        Missed include on NonStop for memcmp in test/v3ext.c

    commit d97281f16602e50f040756029b555645315253df
    Author: Randall S. Becker <[email protected]>
    Date:   Tue Jul 5 10:37:54 2022 -0400

        Squashed commit of the following:

        commit 29708a562a1887a91de0fa6ca668c71871accde9
        Author: Richard Levitte <[email protected]>
        Date:   Tue Jul 5 11:08:33 2022 +0200

            Prepare for 1.1.1q release

            Reviewed-by: Paul Dale <[email protected]>
            Release: yes

        commit 95a17c0ead00885452d13309eaffd04c1737d05d
        Author: Richard Levitte <[email protected]>
        Date:   Tue Jul 5 10:33:00 2022 +0200

            Update copyright year

            Reviewed-by: Paul Dale <[email protected]>
            Release: yes

        commit 78ba51a3b8b505d8d03abca8fa95e4fb1464d94e
        Author: Richard Levitte <[email protected]>
        Date:   Tue Jul 5 10:25:00 2022 +0200

            Update CHANGES and NEWS for upcoming release 1.1.1q

            Reviewed-by: Paul Dale <[email protected]>
            Release: yes

        commit 9131afdca30b6d1650af9ea6179569a80ab8cb06
        Author: Alex Chernyakhovsky <[email protected]>
        Date:   Thu Jun 16 12:02:37 2022 +1000

            AES OCB test vectors

            Add test vectors for AES OCB for x86 AES-NI multiple of 96 byte issue.

            Co-authored-by: Alejandro Sedeño <[email protected]>
            Co-authored-by: David Benjamin <[email protected]>

            Reviewed-by: Paul Dale <[email protected]>
            Reviewed-by: Tomas Mraz <[email protected]>

        commit 919925673d6c9cfed3c1085497f5dfbbed5fc431
        Author: Alex Chernyakhovsky <[email protected]>
        Date:   Thu Jun 16 12:00:22 2022 +1000

            Fix AES OCB encrypt/decrypt for x86 AES-NI

            aesni_ocb_encrypt and aesni_ocb_decrypt operate by having a fast-path
            that performs operations on 6 16-byte blocks concurrently (the
            "grandloop") and then proceeds to handle the "short" tail (which can
            be anywhere from 0 to 5 blocks) that remain.

            As part of initialization, the assembly initializes $len to the true
            length, less 96 bytes and converts it to a pointer so that the $inp
            can be compared to it. Each iteration of "grandloop" checks to see if
            there's a full 96-byte chunk to process, and if so, continues. Once
            this has been exhausted, it falls through to "short", which handles
            the remaining zero to five blocks.

            Unfortunately, the jump at the end of "grandloop" had a fencepost
            error, doing a `jb` ("jump below") rather than `jbe` (jump below or
            equal). This should be `jbe`, as $inp is pointing to the *end* of the
            chunk currently being handled. If $inp == $len, that means that
            there's a whole 96-byte chunk waiting to be handled. If $inp > $len,
            then there's 5 or fewer 16-byte blocks left to be handled, and the
            fall-through is intended.

            The net effect of `jb` instead of `jbe` is that the last 16-byte block
            of the last 96-byte chunk was completely omitted. The contents of
            `out` in this position were never written to. Additionally, since
            those bytes were never processed, the authentication tag generated is
            also incorrect.

            The same fencepost error, and identical logic, exists in both
            aesni_ocb_encrypt and aesni_ocb_decrypt.

            This addresses CVE-2022-2097.

            Co-authored-by: Alejandro Sedeño <[email protected]>
            Co-authored-by: David Benjamin <[email protected]>

            Reviewed-by: Paul Dale <[email protected]>
            Reviewed-by: Tomas Mraz <[email protected]>

        commit 6495cab1c876ad80ce983d848ccaa1dc286a63e1
        Author: slontis <[email protected]>
        Date:   Fri Jul 1 13:47:11 2022 +1000

            Fix bn_gcd code to check return value when calling BN_one()

            BN_one() uses the expand function which calls malloc which may fail.
            All other places that reference BN_one() check the return value.

            The issue is triggered by a memory allocation failure.
            Detected by PR #18355

            Reviewed-by: Tomas Mraz <[email protected]>
            Reviewed-by: Paul Dale <[email protected]>
            (Merged from https://github.com/openssl/openssl/pull/18697)

            (cherry picked from commit 7fe7cc57af3db1e497877f0329ba17609b2efc8b)

        commit 7a05fcb1fc276a7ecfe599d45655d4e617c5e2d4
        Author: xkernel <[email protected]>
        Date:   Mon Jun 20 17:46:39 2022 +0800

            v3_sxnet: add a check for the return of i2s_ASN1_INTEGER()

            Reviewed-by: Matt Caswell <[email protected]>
            Reviewed-by: Ben Kaduk <[email protected]>
            (Merged from https://github.com/openssl/openssl/pull/18608)

            (cherry picked from commit 9ef1f848a646565d4dd86e56542cf921d4921ad9)

        commit a1d80edcf830739131e0567dc03b1e80b7988b1e
        Author: Matt Caswell <[email protected]>
        Date:   Fri Jun 10 15:58:58 2022 +0100

            Fix range_should_be_prefix() to actually return the correct result

            range_should_be_prefix() was misidentifying whether an IP address range
            should in fact be represented as a prefix. This was due to a bug introduced
            in commit 42d7d7dd which made this incorrect change:

            -    OPENSSL_assert(memcmp(min, max, length) <= 0);
            +    if (memcmp(min, max, length) <= 0)
            +        return -1;

            This error leads to incorrect DER being encoded/accepted.

            Reported by Theo Buehler (@botovq)

            Reviewed-by: Paul Dale <[email protected]>
            Reviewed-by: Tomas Mraz <[email protected]>
            (Merged from https://github.com/openssl/openssl/pull/18524)

            (cherry picked from commit 30532e59f475e0066c030693e4d614311a9e0cae)
            (cherry picked from commit 2c6550c6db9b1b69dc24f968b4ceb534edcf4841)

        commit 4c1cf6d39bb8e85658ac8c743dcff8ede730f76a
        Author: Bernd Edlinger <[email protected]>
        Date:   Fri Jun 17 10:25:24 2022 +0200

            Fix compile issues in test/v3ext.c with no-rfc3779

            There are no ASIdentifiers if OPENSSL_NO_RFC3779 is defined,
            therefore the test cannot be compiled.

            Reviewed-by: Matt Caswell <[email protected]>
            Reviewed-by: Tomas Mraz <[email protected]>
            Reviewed-by: Paul Dale <[email protected]>
            (Merged from https://github.com/openssl/openssl/pull/18634)

            (cherry picked from commit b76efe61ea9710a8f69e1cb8caf1aeb2ba6f1ebe)
            (cherry picked from commit 665ab12ed3f0d78e7cb6a55cdd2b83a2fe150232)

        commit 882573246695088d65956355ca6c954642dcac31
        Author: olszomal <[email protected]>
        Date:   Fri Jun 17 15:01:11 2022 +0200

            SSL_get_current_cipher() and SSL_get_pending_cipher() return 'const SSL_CIPHER *'

            Fix the documentation.

            CLA: trivial

            Reviewed-by: Matt Caswell <[email protected]>
            Reviewed-by: Todd Short <[email protected]>
            Reviewed-by: Paul Dale <[email protected]>
            Reviewed-by: Tomas Mraz <[email protected]>
            (Merged from https://github.com/openssl/openssl/pull/18599)

            (cherry picked from commit d842b6eff0940b6ce337536cb718a8d561290f50)

        commit 6c8879c8bf6030666c851623f93fff03c1266715
        Author: Bernd Edlinger <[email protected]>
        Date:   Wed Jun 22 17:05:55 2022 +0200

            Fix a memory leak in EC_GROUP_new_from_ecparameters

            This can be reproduced with my error injection patch.

            The test vector has been validated on the 1.1.1 branch
            but the issue is of course identical in all branches.

            $ ERROR_INJECT=1656112173 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/fe543a8d7e09109a9a08114323eefec802ad79e2
                #0 0x7fb61945eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
                #1 0x402f84 in my_malloc fuzz/test-corpus.c:114
                #2 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
                #3 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280
                #4 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304
                #5 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454
                #6 0x7fb618e7aa13 in asn1_string_to_bn crypto/asn1/a_int.c:503
                #7 0x7fb618e7aa13 in ASN1_INTEGER_to_BN crypto/asn1/a_int.c:559
                #8 0x7fb618fd8e79 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:814
                #9 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
                #10 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
                #11 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
                #12 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
                #13 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
                #14 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
                #15 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
                #16 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
                #17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                #18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                #19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                #20 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                #21 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                #22 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                #23 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
                #24 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
                #25 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
                #26 0x402afb in testfile fuzz/test-corpus.c:182
                #27 0x402656 in main fuzz/test-corpus.c:226
                #28 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
                #29 0x402756  (/home/ed/OPC/openssl/fuzz/x509-test+0x402756)

            =================================================================
            ==12221==ERROR: LeakSanitizer: detected memory leaks

            Direct leak of 24 byte(s) in 1 object(s) allocated from:
                #0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
                #1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
                #2 0x7fb618ef5f11 in BN_new crypto/bn/bn_lib.c:246
                #3 0x7fb618ef82f4 in BN_bin2bn crypto/bn/bn_lib.c:440
                #4 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618
                #5 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
                #6 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
                #7 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
                #8 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
                #9 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
                #10 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
                #11 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
                #12 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
                #13 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                #14 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                #15 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                #16 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                #17 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                #18 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                #19 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
                #20 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
                #21 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
                #22 0x402afb in testfile fuzz/test-corpus.c:182
                #23 0x402656 in main fuzz/test-corpus.c:226
                #24 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

            Indirect leak of 56 byte(s) in 1 object(s) allocated from:
                #0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
                #1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
                #2 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280
                #3 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304
                #4 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454
                #5 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618
                #6 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
                #7 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
                #8 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
                #9 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
                #10 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
                #11 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
                #12 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
                #13 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
                #14 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                #15 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                #16 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                #17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                #18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                #19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                #20 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
                #21 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
                #22 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
                #23 0x402afb in testfile fuzz/test-corpus.c:182
                #24 0x402656 in main fuzz/test-corpus.c:226
                #25 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

            SUMMARY: AddressSanitizer: 80 byte(s) leaked in 2 allocation(s).

            Reviewed-by: Tomas Mraz <[email protected]>
            Reviewed-by: Kurt Roeckx <[email protected]>
            (Merged from https://github.com/openssl/openssl/pull/18632)

        commit 7f77ecd2facbd9df62ed727fbd1f522376d44bd3
        Author: Matt Caswell <[email protected]>
        Date:   Tue Jun 21 14:39:48 2022 +0100

            Prepare for 1.1.1q-dev

            Reviewed-by: Richard Levitte <[email protected]>
            Release: yes

        commit 8aaca20cf9996257d1ce2e6f4d3059b3698dde3d
        Author: Matt Caswell <[email protected]>
        Date:   Tue Jun 21 14:39:39 2022 +0100

            Prepare for 1.1.1p release

            Reviewed-by: Richard Levitte <[email protected]>
            Release: yes

        commit a3fc812c0c78e2f5db8b9d45bddaff62dfc958ae
        Author: Matt Caswell <[email protected]>
        Date:   Tue Jun 21 14:07:32 2022 +0100

            Update copyright year

            Reviewed-by: Richard Levitte <[email protected]>
            Release: yes

        commit 51e06520734063d6f52b2e596e1089d36d3781e7
        Author: Matt Caswell <[email protected]>
        Date:   Mon Jun 20 14:14:20 2022 +0100

            Update CHANGES and NEWS for new release

            Reviewed-by: Tomas Mraz <[email protected]>
            Release: yes

        commit 9639817dac8bbbaa64d09efad7464ccc405527c7
        Author: Daniel Fiala <[email protected]>
        Date:   Sun May 29 20:11:24 2022 +0200

            Fix file operations in c_rehash.

            CVE-2022-2068

            Reviewed-by: Matt Caswell <[email protected]>
            Reviewed-by: Richard Levitte <[email protected]>

        commit 20af01d46ca4086f6b1339b67c15c81d8b4a040d
        Author: Fraser Tweedale <[email protected]>
        Date:   Wed Jun 15 10:50:57 2022 +1000

            Fix documentation of BIO_FLAGS_BASE64_NO_NL

            Commit 8bfb7506d210841f2ee4eda8afe96441a0e33fa5 updated
            `BIO_f_base64(3)` to improve the documentation of the
            `BIO_FLAGS_BASE64_NO_NL` flag.  In particular, the updated text
            states that when this flag is used, all newlines in the input are
            ignored.  This is incorrect, as the following program proves:

            ```c

            unsigned char *in_buf =
                "IlRoZSBxdWljayBicm93biBmb3gganVt\ncHMgb3ZlciBhIGxhenkgZG9nLiI=\n";

            int main(int argc, char **argv) {
                BIO *b64 = BIO_new(BIO_f_base64());
                if (b64 == NULL) return 1;
                BIO_set_flags(b64, BIO_get_flags(b64) | BIO_FLAGS_BASE64_NO_NL);
                int in_len = strlen(in_buf);
                BIO *in = BIO_new_mem_buf(in_buf, in_len);
                if (in == NULL) return 2;
                in = BIO_push(b64, in);
                unsigned char *out_buf = calloc(in_len, sizeof(unsigned char));
                if (out_buf == NULL) return 3;
                size_t out_len;
                int r = BIO_read_ex(in, out_buf, in_len, &out_len);
                printf("rv = %d\n", r);
                printf("decoded = %s\n", out_buf);
                return 0;
            }
            ```

            Update the text of `BIO_f_base64(3)` to clarify that when the flag
            is set, the data must be all on one line (with or without a trailing
            newline character).

            Signed-off-by: Fraser Tweedale <[email protected]>

            Reviewed-by: Paul Dale <[email protected]>
            Reviewed-by: Tomas Mraz <[email protected]>
            (Merged from https://github.com/openssl/openssl/pull/18568)

            (cherry picked from commit 0edcbacca99ab2b716da395f204610fc2775ea83)

        commit 8438d3a7b7309cbea521d3628fddeda7bd6d6e20
        Author: Tomas Mraz <[email protected]>
        Date:   Thu Jun 9 16:20:05 2022 +0200

            Add an extra reduction step to RSAZ mod_exp implementations

            Inspired by BoringSSL fix by David Benjamin.

            Reviewed-by: Matt Caswell <[email protected]>
            Reviewed-by: Paul Dale <[email protected]>
            (Merged from https://github.com/openssl/openssl/pull/18511)

        commit 0ed27fb7a8d85685cb671bf0a1e41bcdfc2624dc
        Author: Tomas Mraz <[email protected]>
        Date:   Thu Jun 9 12:34:55 2022 +0200

            Always end BN_mod_exp_mont_consttime with normal Montgomery reduction.

            This partially fixes a bug where, on x86_64, BN_mod_exp_mont_consttime
            would sometimes return m, the modulus, when it should have returned
            zero. Thanks to Guido Vranken for reporting it. It is only a partial fix
            because the same bug also exists in the "rsaz" codepath.

            The bug only affects zero outputs (with non-zero inputs), so we believe
            it has no security impact on our cryptographic functions.

            The fx is to delete lowercase bn_from_montgomery altogether, and have the
            mont5 path use the same BN_from_montgomery ending as the non-mont5 path.
            This only impacts the final step of the whole exponentiation and has no
            measurable perf impact.

            See the original BoringSSL commit
            https://boringssl.googlesource.com/boringssl/+/13c9d5c69d04485a7a8840c12185c832026c8315
            for further analysis.

            Original-author: David Benjamin <[email protected]>

            Reviewed-by: Matt Caswell <[email protected]>
            Reviewed-by: Paul Dale <[email protected]>
            (Merged from https://github.com/openssl/openssl/pull/18511)

        commit 8f078819556da83c15751678c39558a59bc746fc
        Author: Matt Caswell <[email protected]>
        Date:   Thu Jun 9 16:57:30 2022 +0100

            Fix a crash in X509v3_asid_subset()

            If the asnum or rdi fields are NULL and the ASIdentifiers are otherwise
            subsets then this will result in a crash. Of note is that rdi will usually
            be NULL.

            Reported by Theo Buehler (@botovq)

            Reviewed-by: Tomas Mraz <[email protected]>
            Reviewed-by: Paul Yang <[email protected]>
            Reviewed-by: Todd Short <[email protected]>
            (Merged from https://github.com/openssl/openssl/pull/18514)

            (cherry picked from commit 01fc9b6bce82f0534d6673659a0e59a71f57ee82)

        commit ab7d05617a444cfcf4f930f81caa4cf66495ab9b
        Author: Tomas Mraz <[email protected]>
        Date:   Thu Jun 2 18:12:05 2022 +0200

            Update further expiring certificates that affect tests

            Namely the smime certificates used in test_cms
            will expire soon and affect tests.

            Fixes #15179

            Reviewed-by: Dmitry Belyavskiy <[email protected]>
            Reviewed-by: Paul Dale <[email protected]>
            (Merged from https://github.com/openssl/openssl/pull/18481)

        commit 3bd976551e549c030bdbd150c7aa8a1980cb00fe
        Author: Tomas Mraz <[email protected]>
        Date:   Tue Mar 29 13:31:34 2022 +0200

            Fix strict client chain check with TLS-1.3

            When TLS-1.3 is used and the server does not send any CA names
            the ca_dn will be NULL. sk_X509_NAME_num() returns -1 on null
            argument.

            Reviewed-by: Todd Short <[email protected]>
            Reviewed-by: Matt Caswell <[email protected]>
            (Merged from https://github.com/openssl/openssl/pull/17986)

            (cherry picked from commit 89dd85430770d39cbfb15eb586c921958ca7687f)

        commit b7ce611887cfac633aacc052b2e71a7f195418b8
        Author: Tomas Mraz <[email protected]>
        Date:   Wed Jun 1 13:06:46 2022 +0200

            ct_test.c: Update the epoch time

            Reviewed-by: Matt Caswell <[email protected]>
            Reviewed-by: Dmitry Belyavskiy <[email protected]>
            (Merged from https://github.com/openssl/openssl/pull/18446)

        commit 73db5d82489b3ec09ccc772dfcee14fef0e8e908
        Author: Tomas Mraz <[email protected]>
        Date:   Wed Jun 1 12:47:44 2022 +0200

            Update expired SCT certificates

            Reviewed-by: Matt Caswell <[email protected]>
            Reviewed-by: Dmitry Belyavskiy <[email protected]>
            (Merged from https://github.com/openssl/openssl/pull/18446)

        commit 8754fa5f60ac4fdb5127f2eded9c7bbe0651c880
        Author: Bernd Edlinger <[email protected]>
        Date:   Sat May 21 07:50:46 2022 +0200

            Fix a memory leak in crl_set_issuers

            This can be reproduced with my error injection patch.

            The test vector has been validated on the 1.1.1 branch
            but the issue is of course identical in all branches.

            $ ERROR_INJECT=1653520461 ../util/shlib_wrap.sh ./cms-test ./corpora/cms/3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1
            log file: cms-3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1-32454-test.out
            ERROR_INJECT=1653520461
                #0 0x7fd5d8b8eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
                #1 0x402fc4 in my_realloc fuzz/test-corpus.c:129
                #2 0x7fd5d8893c49 in sk_reserve crypto/stack/stack.c:198
                #3 0x7fd5d8893c49 in OPENSSL_sk_insert crypto/stack/stack.c:242
                #4 0x7fd5d88d6d7f in sk_GENERAL_NAMES_push include/openssl/x509v3.h:168
                #5 0x7fd5d88d6d7f in crl_set_issuers crypto/x509/x_crl.c:111
                #6 0x7fd5d88d6d7f in crl_cb crypto/x509/x_crl.c:246
                #7 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
                #8 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                #9 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                #10 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
                #11 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
                #12 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                #13 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                #14 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
                #15 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                #16 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                #17 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                #18 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
                #19 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                #20 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
                #21 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
                #22 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
                #23 0x402845 in FuzzerTestOneInput fuzz/cms.c:43
                #24 0x402bbb in testfile fuzz/test-corpus.c:182
                #25 0x402626 in main fuzz/test-corpus.c:226
                #26 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
                #27 0x402706  (/home/ed/OPC/openssl/fuzz/cms-test+0x402706)

            =================================================================
            ==29625==ERROR: LeakSanitizer: detected memory leaks

            Direct leak of 32 byte(s) in 1 object(s) allocated from:
                #0 0x7fd5d8b8309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
                #1 0x7fd5d87c2430 in CRYPTO_zalloc crypto/mem.c:230
                #2 0x7fd5d889501f in OPENSSL_sk_new_reserve crypto/stack/stack.c:209
                #3 0x7fd5d85dcbc3 in sk_ASN1_VALUE_new_null include/openssl/asn1t.h:928
                #4 0x7fd5d85dcbc3 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:577
                #5 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                #6 0x7fd5d85db104 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:178
                #7 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
                #8 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
                #9 0x7fd5d88f86d9 in X509V3_EXT_d2i crypto/x509v3/v3_lib.c:142
                #10 0x7fd5d88d6d3c in crl_set_issuers crypto/x509/x_crl.c:97
                #11 0x7fd5d88d6d3c in crl_cb crypto/x509/x_crl.c:246
                #12 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
                #13 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                #14 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                #15 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
                #16 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
                #17 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                #18 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                #19 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
                #20 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                #21 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                #22 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                #23 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
                #24 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                #25 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
                #26 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
                #27 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
                #28 0x402845 in FuzzerTestOneInput fuzz/cms.c:43
                #29 0x402bbb in testfile fuzz/test-corpus.c:182
                #30 0x402626 in main fuzz/test-corpus.c:226
                #31 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

            SUMMARY: AddressSanitizer: 32 byte(s) leaked in 1 allocation(s).

            Reviewed-by: Paul Dale <[email protected]>
            Reviewed-by: Tomas Mraz <[email protected]>
            (Merged from https://github.com/openssl/openssl/pull/18391)

            (cherry picked from commit e9007e09792e3735d4973743634ff55d354fc7d8)

        commit 4a28f8451fbc1848fd2d1b99203a7c75876123f6
        Author: Bernd Edlinger <[email protected]>
        Date:   Sun May 22 20:12:56 2022 +0200

            Fix a crash in ssl_security_cert_chain

            Prior to the crash there is an out of memory error
            in X509_verify_cert which makes the chain NULL or
            empty.  The error is ignored by ssl_add_cert_chain,
            and ssl_security_cert_chain crashes due to the
            unchecked null pointer.

            This is reproducible with my error injection patch.

            The test vector has been validated on the 1.1.1 branch
            but the issue is of course identical in all branches.

            $ ERROR_INJECT=1652848273 ../util/shlib_wrap.sh ./server-test ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8# ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8
                #0 0x7f3a8f766eba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
                #1 0x403ba4 in my_malloc fuzz/test-corpus.c:114
                #2 0x7f3a8f39a430 in CRYPTO_zalloc crypto/mem.c:230
                #3 0x7f3a8f46bd3b in sk_reserve crypto/stack/stack.c:180
                #4 0x7f3a8f46bd3b in OPENSSL_sk_insert crypto/stack/stack.c:242
                #5 0x7f3a8f4a4fd8 in sk_X509_push include/openssl/x509.h:99
                #6 0x7f3a8f4a4fd8 in X509_verify_cert crypto/x509/x509_vfy.c:286
                #7 0x7f3a8fed726e in ssl_add_cert_chain ssl/statem/statem_lib.c:959
                #8 0x7f3a8fed726e in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015
                #9 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812
                #10 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843
                #11 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443
                #12 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718
                #13 0x403202 in FuzzerTestOneInput fuzz/server.c:740
                #14 0x40371b in testfile fuzz/test-corpus.c:182
                #15 0x402856 in main fuzz/test-corpus.c:226
                #16 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
                #17 0x402936  (/home/ed/OPC/openssl/fuzz/server-test+0x402936)

            AddressSanitizer:DEADLYSIGNAL
            =================================================================
            ==8400==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000158 (pc 0x7f3a8f4d822f bp 0x7ffc39b76190 sp 0x7ffc39b760a0 T0)
            ==8400==The signal is caused by a READ memory access.
            ==8400==Hint: address points to the zero page.
                #0 0x7f3a8f4d822f in x509v3_cache_extensions crypto/x509v3/v3_purp.c:386
                #1 0x7f3a8f4d9d3a in X509_check_purpose crypto/x509v3/v3_purp.c:84
                #2 0x7f3a8f4da02a in X509_get_extension_flags crypto/x509v3/v3_purp.c:921
                #3 0x7f3a8feff7d2 in ssl_security_cert_sig ssl/t1_lib.c:2518
                #4 0x7f3a8feff7d2 in ssl_security_cert ssl/t1_lib.c:2542
                #5 0x7f3a8feffa03 in ssl_security_cert_chain ssl/t1_lib.c:2562
                #6 0x7f3a8fed728d in ssl_add_cert_chain ssl/statem/statem_lib.c:963
                #7 0x7f3a8fed728d in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015
                #8 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812
                #9 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843
                #10 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443
                #11 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718
                #12 0x403202 in FuzzerTestOneInput fuzz/server.c:740
                #13 0x40371b in testfile fuzz/test-corpus.c:182
                #14 0x402856 in main fuzz/test-corpus.c:226
                #15 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
                #16 0x402936  (/home/ed/OPC/openssl/fuzz/server-test+0x402936)

            AddressSanitizer can not provide additional info.
            SUMMARY: AddressSanitizer: SEGV crypto/x509v3/v3_purp.c:386 in x509v3_cache_extensions
            ==8400==ABORTING

            Reviewed-by: Tomas Mraz <[email protected]>
            Reviewed-by: Matt Caswell <[email protected]>
            (Merged from https://github.com/openssl/openssl/pull/18376)

            (cherry picked from commit dc0ef292f7df4ce0c49c64b47726a6768f9ac044)

        commit 59b8eca400d9ea7b77dc98fe08a91bbfe35d025a
        Author: Bernd Edlinger <[email protected]>
        Date:   Sat May 21 15:41:46 2022 +0200

            Fix a memory leak in X509_issuer_and_serial_hash

            This is reproducible with my error injection patch:

            $ ERROR_INJECT=1653267699 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/5f4034ae85d6587dcad4da3e812e80f3d312894d
            ERROR_INJECT=1653267699
                #0 0x7fd485a6ad4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36
                #1 0x55c12d268724 in my_malloc fuzz/test-corpus.c:114
                #2 0x7fd484f51a75 in CRYPTO_zalloc crypto/mem.c:230
                #3 0x7fd484ed778d in EVP_DigestInit_ex crypto/evp/digest.c:139
                #4 0x7fd4850a9849 in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:44
                #5 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44
                #6 0x55c12d268239 in testfile fuzz/test-corpus.c:182
                #7 0x55c12d267c7f in main fuzz/test-corpus.c:226
                #8 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308
                #9 0x55c12d267e5d in _start (/home/ed/OPCToolboxV5/Source/Core/OpenSSL/openssl/fuzz/x509-test+0x3e5d)

            =================================================================
            ==1058475==ERROR: LeakSanitizer: detected memory leaks

            Direct leak of 268 byte(s) in 1 object(s) allocated from:
                #0 0x7fd485a5dc3e in __interceptor_realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:163
                #1 0x7fd484d2eb9b in BUF_MEM_grow crypto/buffer/buffer.c:97
                #2 0x7fd4850b2913 in X509_NAME_oneline crypto/x509/x509_obj.c:43
                #3 0x7fd4850a982f in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:41
                #4 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44
                #5 0x55c12d268239 in testfile fuzz/test-corpus.c:182
                #6 0x55c12d267c7f in main fuzz/test-corpus.c:226
                #7 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308

            SUMMARY: AddressSanitizer: 268 byte(s) leaked in 1 allocation(s).

            Reviewed-by: Tomas Mraz <[email protected]>
            Reviewed-by: Matt Caswell <[email protected]>
            (Merged from https://github.com/openssl/openssl/pull/18370)

        commit e4b84b7514e5cbcbfc80e31b4ce609c7584e14bb
        Author: Bernd Edlinger <[email protected]>
        Date:   Fri May 20 16:54:41 2022 +0200

            Fix undefined behaviour in EC_GROUP_new_from_ecparameters

            This happens for instance with
            fuzz/corpora/asn1/65cf44e85614c62f10cf3b7a7184c26293a19e4a
            and causes the OPENSSL_malloc below to choke on the
            zero length allocation request.

            Reviewed-by: Matt Caswell <[email protected]>
            Reviewed-by: Tomas Mraz <[email protected]>
            (Merged from https://github.com/openssl/openssl/pull/18363)

        commit 8e1ece20cdb4a584be5311370256c4e813c09826
        Author: Bernd Edlinger <[email protected]>
        Date:   Fri May 20 16:15:44 2022 +0200

            Fix a memory leak in ec_key_simple_oct2priv

            This is reproducible with my error injection patch:

            $ ERROR_INJECT=1652710284 ../util/shlib_wrap.sh ./server-test ./corpora/server/4e48da8aecce6b9b58e8e4dbbf0523e6d2dd56dc
            140587884632000:error:03078041:bignum routines:bn_expand_internal:malloc failure:crypto/bn/bn_lib.c:282:
            140587884632000:error:10103003:elliptic curve routines:ec_key_simple_oct2priv:BN lib:crypto/ec/ec_key.c:662:
            140587884632000:error:100DE08E:elliptic curve routines:old_ec_priv_decode:decode error:crypto/ec/ec_ameth.c:464:
            140587884632000:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1149:
            140587884632000:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:309:Type=X509_ALGOR
            140587884632000:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:Field=pkeyalg, Type=PKCS8_PRIV_KEY_INFO
            140587884632000:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:crypto/pem/pem_pkey.c:88:

            =================================================================
            ==19676==ERROR: LeakSanitizer: detected memory leaks

            Direct leak of 24 byte(s) in 1 object(s) allocated from:
                #0 0x7fdd2a6bb09f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
                #1 0x7fdd2a2fa430 in CRYPTO_zalloc crypto/mem.c:230
                #2 0x7fdd2a15df11 in BN_new crypto/bn/bn_lib.c:246
                #3 0x7fdd2a15df88 in BN_secure_new crypto/bn/bn_lib.c:257
                #4 0x7fdd2a247390 in ec_key_simple_oct2priv crypto/ec/ec_key.c:655
                #5 0x7fdd2a241fc5 in d2i_ECPrivateKey crypto/ec/ec_asn1.c:1030
                #6 0x7fdd2a23dac5 in old_ec_priv_decode crypto/ec/ec_ameth.c:463
                #7 0x7fdd2a109db7 in d2i_PrivateKey crypto/asn1/d2i_pr.c:46
                #8 0x7fdd2a33ab16 in PEM_read_bio_PrivateKey crypto/pem/pem_pkey.c:84
                #9 0x7fdd2a3330b6 in PEM_read_bio_ECPrivateKey crypto/pem/pem_all.c:151
                #10 0x402dba in FuzzerTestOneInput fuzz/server.c:592
                #11 0x40370b in testfile fuzz/test-corpus.c:182
                #12 0x402846 in main fuzz/test-corpus.c:226
                #13 0x7fdd297b9f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

            SUMMARY: AddressSanitizer: 24 byte(s) leaked in 1 allocation(s).

            Reviewed-by: Tomas Mraz <[email protected]>
            Reviewed-by: Matt Caswell <[email protected]>
            (Merged from https://github.com/openssl/openssl/pull/18361)

        commit 8e60f41d064786f95440e4c56660ffe9777783d7
        Author: Bernd Edlinger <[email protected]>
        Date:   Fri May 20 08:02:47 2022 +0200

            Fix a crash in asn1_item_embed_new

            This happens usually if an template object is created
            and there is an out of memory error before the ASN1_OP_NEW_POST
            method is called, but asn1_item_embed_free calls now the
            ASN1_OP_FREE_POST which may crash because the object is not
            properly initialized.  Apparently that is only an issue with
            the ASN1_OP_FREE_POST handling of crypot/x509/x_crl.c, which
            ought to be tolerant to incomplete initialized objects.

            The error can be reproduced with the reproducible error injection patch:

            $ ERROR_INJECT=1652890550 ../util/shlib_wrap.sh ./asn1-test ./corpora/asn1/0ff17293911f54d1538b9896563a4048d67d9ee4
                #0 0x7faae9dbeeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
                #1 0x408dc4 in my_malloc fuzz/test-corpus.c:114
                #2 0x7faae99f2430 in CRYPTO_zalloc crypto/mem.c:230
                #3 0x7faae97f09e5 in ASN1_STRING_type_new crypto/asn1/asn1_lib.c:341
                #4 0x7faae98118f7 in asn1_primitive_new crypto/asn1/tasn_new.c:318
                #5 0x7faae9812401 in asn1_item_embed_new crypto/asn1/tasn_new.c:78
                #6 0x7faae9812401 in asn1_template_new crypto/asn1/tasn_new.c:240
                #7 0x7faae9812315 in asn1_item_embed_new crypto/asn1/tasn_new.c:137
                #8 0x7faae9812315 in asn1_template_new crypto/asn1/tasn_new.c:240
                #9 0x7faae9812a54 in asn1_item_embed_new crypto/asn1/tasn_new.c:137
                #10 0x7faae9812a54 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39
                #11 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325
                #12 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
                #13 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                #14 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                #15 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                #16 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
                #17 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                #18 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
                #19 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
                #20 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301
                #21 0x40893b in testfile fuzz/test-corpus.c:182
                #22 0x406b86 in main fuzz/test-corpus.c:226
                #23 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

            AddressSanitizer:DEADLYSIGNAL
            =================================================================
            ==1194==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc 0x7faae9b0625f bp 0x7fffffe41a00 sp 0x7fffffe41920 T0)
            ==1194==The signal is caused by a READ memory access.
            ==1194==Hint: address points to the zero page.
                #0 0x7faae9b0625f in crl_cb crypto/x509/x_crl.c:258
                #1 0x7faae9811255 in asn1_item_embed_free crypto/asn1/tasn_fre.c:113
                #2 0x7faae9812a65 in asn1_item_embed_new crypto/asn1/tasn_new.c:150
                #3 0x7faae9812a65 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39
                #4 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325
                #5 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
                #6 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                #7 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                #8 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                #9 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
                #10 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                #11 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
                #12 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
                #13 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301
                #14 0x40893b in testfile fuzz/test-corpus.c:182
                #15 0x406b86 in main fuzz/test-corpus.c:226
                #16 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

            AddressSanitizer can not provide additional info.
            SUMMARY: AddressSanitizer: SEGV crypto/x509/x_crl.c:258 in crl_cb
            ==1194==ABORTING

            Reviewed-by: Matt Caswell <[email protected]>
            Reviewed-by: Tomas Mraz <[email protected]>
            (Merged from https://github.com/openssl/openssl/pull/18360)

            (cherry picked from commit 557825acd622f98fc21423aba092e374db84f483)

        commit 17519e2595b5ed8211a7763ff6eb2d6cf47c13cb
        Author: Bernd Edlinger <[email protected]>
        Date:   Thu May 19 15:50:28 2022 +0200

            Backport a missing bug-fix from master

            This is a backport of the following commit from master:

            commit 61b0fead5e6079ca826594df5b9ca00e65883cb0
            Author: Matt Caswell <[email protected]>
            Date:   Thu Nov 19 13:58:21 2020 +0000

                Don't Overflow when printing Thawte Strong Extranet Version

                When printing human readable info on the Thawte Strong Extranet extension
                the version number could overflow if the version number == LONG_MAX. This
                is undefined behaviour.

                Issue found by OSSFuzz.

                Reviewed-by: Ben Kaduk <[email protected]>
                (Merged from https://github.com/openssl/openssl/pull/13452)

            Reviewed-by: Matt Caswell <[email protected]>
            Reviewed-by: Tomas Mraz <[email protected]>
            (Merged from https://github.com/openssl/openssl/pull/18347)

        commit 03ba56f1525c93eb3dfe72f85cdc698b97918e59
        Author: Bernd Edlinger <[email protected]>
        Date:   Thu May 19 10:59:25 2022 +0200

            Backport some fuzzing data files from master

            This is a backport of the following commit from master:

            commit 415e6ac80405e13b20b083315747e431274fbd33
            Author: Tavis Ormandy <[email protected]>
            Date:   Tue Sep 21 15:48:27 2021 -0700

                increase x509 code coverage metrics

                Reviewed-by: Matt Caswell <[email protected]>
                Reviewed-by: Tomas Mraz <[email protected]>
                (Merged from https://github.com/openssl/openssl/pull/16651)

            Reviewed-by: Matt Caswell <[email protected]>
            Reviewed-by: Tomas Mraz <[email protected]>
            (Merged from https://github.com/openssl/openssl/pull/18347)

        commit e04ba889594d84a8805f3d0caeadf0527470e508
        Author: Daniel Fiala <[email protected]>
        Date:   Tue May 10 08:46:37 2022 +0000

            s_serve: Report an error if init-connection fails without an attempt to read.

            Fixes: openssl#18047.

            Reviewed-by: Paul Dale <[email protected]>
            Reviewed-by: Tomas Mraz <[email protected]>
            (Merged from https://github.com/openssl/openssl/pull/18283)

        commit 6ef91d8153e04a2302bff11b29caf7e888b62fe8
        Author: basavesh <[email protected]>
        Date:   Tue Apr 5 17:49:09 2022 +0200

            Fix leakage when the cacheline is 32-bytes in CBC_MAC_ROTATE_IN_PLACE

            rotated_mac is a 64-byte aligned buffer of size 64 and rotate_offset is secret.
            Consider a weaker leakage model(CL) where only cacheline base address is leaked,
            i.e address/32 for 32-byte cacheline(CL32).

            Previous code used to perform two loads
                1. rotated_mac[rotate_offset ^ 32] and
                2. rotated_mac[rotate_offset++]
            which would leak 2q + 1, 2q for 0 <= rotate_offset < 32
            and 2q, 2q + 1 for 32 <= rotate_offset < 64

            The proposed fix performs load operations which will always leak 2q, 2q + 1 and
            selects the appropriate value in constant-time.

            Reviewed-by: Matt Caswell <[email protected]>
            Reviewed-by: Tomas Mraz <[email protected]>
            (Merged from https://github.com/openssl/openssl/pull/18050)

        commit c7d6c08290b67cbeef2b4f636f04788ea405520a
        Author: Tomas Mraz <[email protected]>
        Date:   Fri Apr 29 17:02:19 2022 +0200

            Add test for empty supported-groups extension

            Reviewed-by: Paul Dale <[email protected]>
            Reviewed-by: Matt Caswell <[email protected]>
            (Merged from https://github.com/openssl/openssl/pull/18213)

        commit bd164884f258d99ca876f6cdcdf9bd0dcceee6ad
        Author: Tomas Mraz <[email protected]>
        Date:   Fri Apr 29 16:36:36 2022 +0200

            Do not send an empty supported groups extension

            This allows handshake to proceed if the maximum TLS version enabled is <1.3

            Fixes #13583

            Reviewed-by: Paul Dale <[email protected]>
            Reviewed-by: Matt Caswell <[email protected]>
            (Merged from https://github.com/openssl/openssl/pull/18213)

        commit ac2d4cb656b3a796db3dc6f8873e91e67907372d
        Author: Allan Jude <[email protected]>
        Date:   Fri Nov 19 19:06:52 2021 +0000

            1_1_1-stable: Detect arm64-*-*bsd and enable assembly optimizations

            Reviewed-by: Paul Dale <[email protected]>
            Reviewed-by: Dmitry Belyavskiy <[email protected]>
            Reviewed-by: Tomas Mraz <[email protected]>
            (Merged from https://github.com/openssl/openssl/pull/17085)

        commit ec1b4bf26c1b2440546f323873c578374f60b2de
        Author: Hugo Landau <[email protected]>
        Date:   Wed Apr 27 10:11:08 2022 +0100

            (1.1) Add SSL_(CTX_)?get0_(verify|chain)_cert_store functions

            Backport of #18038 to 1.1.

            Fixes #18035.

            Reviewed-by: Tomas Mraz <[email protected]>
            Reviewed-by: Dmitry Belyavskiy <[email protected]>
            (Merged from https://github.com/openssl/openssl/pull/18190)

        commit 988c7b2d9361dd0ade5ef7ef068fb4ed770ce2a2
        Author: Matt Caswell <[email protected]>
        Date:   Tue May 3 14:41:23 2022 +0100

            Prepare for 1.1.1p-dev

            Reviewed-by: Tomas Mraz <[email protected]>
            Release: yes

    commit 5ea6414f0bf861e8fece53b5bf35c849bad64774
    Author: Randall S. Becker <[email protected]>
    Date:   Wed Jun 22 06:26:40 2022 -0600

        Squashed commit of the following:

        commit 8aaca20cf9996257d1ce2e6f4d3059b3698dde3d
        Author: Matt Caswell <[email protected]>
        Date:   Tue Jun 21 14:39:39 2022 +0100

            Prepare for 1.1.1p release

            Reviewed-by: Richard Levitte <[email protected]>
            Release: yes

        commit a3fc812c0c78e2f5db8b9d45bddaff62dfc958ae
        Author: Matt Caswell <[email protected]>
        Date:   Tue Jun 21 14:07:32 2022 +0100

            Update copyright year

            Reviewed-by: Richard Levitte <[email protected]>
            Release: yes

        commit 51e06520734063d6f52b2e596e1089d36d3781e7
        Author: Matt Caswell <[email protected]>
        Date:   Mon Jun 20 14:14:20 2022 +0100

            Update CHANGES and NEWS for new release

            Reviewed-by: Tomas Mraz <[email protected]>
            Release: yes

        commit 9639817dac8bbbaa64d09efad7464ccc405527c7
        Author: Daniel Fiala <[email protected]>
        Date:   Sun May 29 20:11:24 2022 +0200

            Fix file operations in c_rehash.

            CVE-2022-2068

            Reviewed-by: Matt Caswell <[email protected]>
            Reviewed-by: Richard Levitte <[email protected]>

        commit 20af01d46ca4086f6b1339b67c15c81d8b4a040d
        Author: Fraser Tweedale <[email protected]>
        Date:   Wed Jun 15 10:50:57 2022 +1000

            Fix documentation of BIO_FLAGS_BASE64_NO_NL

            Commit 8bfb7506d210841f2ee4eda8afe96441a0e33fa5 updated
            `BIO_f_base64(3)` to improve the documentation of the
            `BIO_FLAGS_BASE64_NO_NL` flag.  In particular, the updated text
            states that when this flag is used, all newlines in the input are
            ignored.  This is incorrect, as the following program proves:

            ```c

            unsigned char *in_buf =
                "IlRoZSBxdWljayBicm93biBmb3gganVt\ncHMgb3ZlciBhIGxhenkgZG9nLiI=\n";

            int main(int argc, char **argv) {
                BIO *b64 = BIO_new(BIO_f_base64());
                if (b64 == NULL) return 1;
                BIO_set_flags(b64, BIO_get_flags(b64) | BIO_FLAGS_BASE64_NO_NL);
                int in_len = strlen(in_buf);
                BIO *in = BIO_new_mem_buf(in_buf, in_len);
                if (in == NULL) return 2;
                in = BIO_push(b64, in);
                unsigned char *out_buf = calloc(in_len, sizeof(unsigned char));
                if (out_buf == NULL) return 3;
                size_t out_len;
                int r = BIO_read_ex(in, out_buf, in_len, &out_len);
                printf("rv = %d\n", r);
                printf("decoded = %s\n", out_buf);
                return 0;
            }
            ```

            Update the text of `BIO_f_base64(3)` to clarify that when the flag
            is set, the data must be all on one line (with or without a trailing
            newline character).

            Signed-off-by: Fraser Tweedale <[email protected]>

            Reviewed-by: Paul Dale <[email protected]>
            Reviewed-by: Tomas Mraz <[email protected]>
            (Merged from https://github.com/openssl/openssl/pull/18568)

            (cherry picked from commit 0edcbacca99ab2b716da395f204610fc2775ea83)

        commit 8438d3a7b7309cbea521d3628fddeda7bd6d6e20
        Author: Tomas Mraz <[email protected]>
        Date:   Thu Jun 9 16:20:05 2022 +0200

            Add an extra reduction step to RSAZ mod_exp implementations

            Inspired by BoringSSL fix by David Benjamin.

            Reviewed-by: Matt Caswell <[email protected]>
            Reviewed-by: Paul Dale <[email protected]>
            (Merged from https://github.com/openssl/openssl/pull/18511)

        commit 0ed27fb7a8d85685cb671bf0a1e41bcdfc2624dc
        Author: Tomas Mraz <[email protected]>
        Date:   Thu Jun 9 12:34:55 2022 +0200

            Always end BN_mod_exp_mont_consttime with normal Montgomery reduction.

            This partially fixes a bug where, on x86_64, BN_mod_exp_mont_consttime
            would sometimes return m, the modulus, when it should have returned
            zero. Thanks to Guido Vranken for reporting it. It is only a partial fix
            because the same bug also exists in the "rsaz" codepath.

            The bug only affects zero outputs (with non-zero inputs), so we believe
            it has no security impact on our cryptographic functions.

            The fx is to delete lowercase bn_from_montgomery altogether, and have the
            mont5 path use the same BN_from_montgomery ending as the non-mont5 path.
            This only impacts the final step of the whole exponentiation and has no
            measurable perf impact.

            See the original BoringSSL commit
            https://boringssl.googlesource.com/boringssl/+/13c9d5c69d04485a7a8840c12185c832026c8315
            for further analysis.

            Original-author: David Benjamin <[email protected]>

            Reviewed-by: Matt Caswell <[email protected]>
            Reviewed-by: Paul Dale <[email protected]>
            (Merged from https://github.com/openssl/openssl/pull/18511)

        commit 8f078819556da83c15751678c39558a59bc746fc
        Author: Matt Caswell <[email protected]>
        Date:   Thu Jun 9 16:57:30 2022 +0100

            Fix a crash in X509v3_asid_subset()

            If the asnum or rdi fields are NULL and the ASIdentifiers are otherwise
            subsets then this will result in a crash. Of note is that rdi will usually
            be NULL.

            Reported by Theo Buehler (@botovq)

            Reviewed-by: Tomas Mraz <[email protected]>
            Reviewed-by: Paul Yang <[email protected]>
            Reviewed-by: Todd Short <[email protected]>
            (Merged from https://github.com/openssl/openssl/pull/18514)

            (cherry picked from commit 01fc9b6bce82f0534d6673659a0e59a71f57ee82)

        commit ab7d05617a444cfcf4f930f81caa4cf66495ab9b
        Author: Tomas Mraz <[email protected]>
        Date:   Thu Jun 2 18:12:05 2022 +0200

            Update further expiring certificates that affect tests

            Namely the smime certificates used in test_cms
            will expire soon and affect tests.

            Fixes #15179

            Reviewed-by: Dmitry Belyavskiy <[email protected]>
            Reviewed-by: Paul Dale <[email protected]>
            (Merged from https://github.com/openssl/openssl/pull/18481)

        commit 3bd976551e549c030bdbd150c7aa8a1980cb00fe
        Author: Tomas Mraz <[email protected]>
        Date:   Tue Mar 29 13:31:34 2022 +0200

            Fix strict client chain check with TLS-1.3

            When TLS-1.3 is used and the server does not send any CA names
            the ca_dn will be NULL. sk_X509_NAME_num() returns -1 on null
            argument.

            Reviewed-by: Todd Short <[email protected]>
            Reviewed-by: Matt Caswell <[email protected]>
            (Merged from https://github.com/openssl/openssl/pull/17986)

            (cherry picked from commit 89dd85430770d39cbfb15eb586c921958ca7687f)

        commit b7ce611887cfac633aacc052b2e71a7f195418b8
        Author: Tomas Mraz <[email protected]>
        Date:   Wed Jun 1 13:06:46 2022 +0200

            ct_test.c: Update the epoch time

            Reviewed-by: Matt Caswell <[email protected]>
            Reviewed-by: Dmitry Belyavskiy <[email protected]>
            (Merged from https://github.com/openssl/openssl/pull/18446)

        commit 73db5d82489b3ec09ccc772dfcee14fef0e8e908
        Author: Tomas Mraz <[email protected]>
        Date:   Wed Jun 1 12:47:44 2022 +0200

            Update expired SCT certificates

            Reviewed-by: Matt Caswell <[email protected]>
            Reviewed-by: Dmitry Belyavskiy <[email protected]>
            (Merged from https://github.com/openssl/openssl/pull/18446)

        commit 8754fa5f60ac4fdb5127f2eded9c7bbe0651c880
        Author: Bernd Edlinger <[email protected]>
        Date:   Sat May 21 07:50:46 2022 +0200

            Fix a memory leak in crl_set_issuers

            This can be reproduced with my error injection patch.

            The test vector has been validated on the 1.1.1 branch
            but the issue is of course identical in all branches.

            $ ERROR_INJECT=1653520461 ../util/shlib_wrap.sh ./cms-test ./corpora/cms/3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1
            log file: cms-3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1-32454-test.out
            ERROR_INJECT=1653520461
                #0 0x7fd5d8b8eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
                #1 0x402fc4 in my_realloc fuzz/test-corpus.c:129
                #2 0x7fd5d8893c49 in sk_reserve crypto/stack/stack.c:198
                #3 0x7fd5d8893c49 in OPENSSL_sk_insert crypto/stack/stack.c:242
                #4 0x7fd5d88d6d7f in sk_GENERAL_NAMES_push include/openssl/x509v3.h:168
                #5 0x7fd5d88d6d7f in crl_set_issuers crypto/x509/x_crl.c:111
                #6 0x7fd5d88d6d7f in crl_cb crypto/x509/x_crl.c:246
                #7 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
                #8 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                #9 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                #10 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
                #11 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
                #12 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                #13 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                #14 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
                #15 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                #16 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                #17 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                #18 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
                #19 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                #20 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
                #21 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
                #22 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
                #23 0x402845 in FuzzerTestOneInput fuzz/cms.c:43
                #24 0x402bbb in testfile fuzz/test-corpus.c:182
                #25 0x402626 in main fuzz/test-corpus.c:226
                #26 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
                #27 0x402706  (/home/ed/OPC/openssl/fuzz/cms-test+0x402706)

            =================================================================
            ==29625==ERROR: LeakSanitizer: detected memory leaks

            Direct leak of 32 byte(s) in 1 object(s) allocated from:
                #0 0x7fd5d8b8309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
                #1 0x7fd5d87c2430 in CRYPTO_zalloc crypto/mem.c:230
                #2 0x7fd5d889501f in OPENSSL_sk_new_reserve crypto/stack/stack.c:209
                #3 0x7fd5d85dcbc3 in sk_ASN1_VALUE_new_null include/openssl/asn1t.h:928
                #4 0x7fd5d85dcbc3 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:577
                #5 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                #6 0x7fd5d85db104 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:178
                #7 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
                #8 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
                #9 0x7fd5d88f86d9 in X509V3_EXT_d2i crypto/x509v3/v3_lib.c:142
                #10 0x7fd5d88d6d3c in crl_set_issuers crypto/x509/x_crl.c:97
                #11 0x7fd5d88d6d3c in crl_cb crypto/x509/x_crl.c:246
                #12 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
                #13 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                #14 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                #15 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
                #16 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
                #17 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                #18 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                #19 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
                #20 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                #21 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                #22 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                #23 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
                #24 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                #25 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
                #26 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
                #27 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
                #28 0x402845 in FuzzerTestOneInput fuzz/cms.c:43
                #29 0x402bbb in testfile fuzz/test-corpus.c:182
                #30 0x402626 in main fuzz/test-corpus.c:226
                #31 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

            SUMMARY: AddressSanitizer: 32 byte(s) leaked in 1 allocation(s).

            Reviewed-by: Paul Dale <[email protected]>
            Reviewed-by: Tomas Mraz <[email protected]>
            (Merged from https://github.com/openssl/openssl/pull/18391)

    …

commit 44ea69d6aadbbf9b951335e5ed296eed019e9ffe
Author: Randall S. Becker <[email protected]>
Date:   Wed Nov 2 12:49:30 2022 -0600

    Squashed commit of the following:

    commit 1b3fb89163127047b0f99412b8a31522215b3bea
    Author: Randall S. Becker <[email protected]>
    Date:   Tue Oct 11 11:17:39 2022 -0600

        Squashed commit of the following:

        commit 6fd6179191702eb0562ccbfb22a37405c669b90e
        Author: Randall S. Becker <[email protected]>
        Date:   Tue Jul 5 17:50:13 2022 -0400

            Missed include on NonStop for memcmp in test/v3ext.c

        commit d97281f16602e50f040756029b555645315253df
        Author: Randall S. Becker <[email protected]>
        Date:   Tue Jul 5 10:37:54 2022 -0400

            Squashed commit of the following:

            commit 29708a562a1887a91de0fa6ca668c71871accde9
            Author: Richard Levitte <[email protected]>
            Date:   Tue Jul 5 11:08:33 2022 +0200

                Prepare for 1.1.1q release

                Reviewed-by: Paul Dale <[email protected]>
                Release: yes

            commit 95a17c0ead00885452d13309eaffd04c1737d05d
            Author: Richard Levitte <[email protected]>
            Date:   Tue Jul 5 10:33:00 2022 +0200

                Update copyright year

                Reviewed-by: Paul Dale <[email protected]>
                Release: yes

            commit 78ba51a3b8b505d8d03abca8fa95e4fb1464d94e
            Author: Richard Levitte <[email protected]>
            Date:   Tue Jul 5 10:25:00 2022 +0200

                Update CHANGES and NEWS for upcoming release 1.1.1q

                Reviewed-by: Paul Dale <[email protected]>
                Release: yes

            commit 9131afdca30b6d1650af9ea6179569a80ab8cb06
            Author: Alex Chernyakhovsky <[email protected]>
            Date:   Thu Jun 16 12:02:37 2022 +1000

                AES OCB test vectors

                Add test vectors for AES OCB for x86 AES-NI multiple of 96 byte issue.

                Co-authored-by: Alejandro Sedeño <[email protected]>
                Co-authored-by: David Benjamin <[email protected]>

                Reviewed-by: Paul Dale <[email protected]>
                Reviewed-by: Tomas Mraz <[email protected]>

            commit 919925673d6c9cfed3c1085497f5dfbbed5fc431
            Author: Alex Chernyakhovsky <[email protected]>
            Date:   Thu Jun 16 12:00:22 2022 +1000

                Fix AES OCB encrypt/decrypt for x86 AES-NI

                aesni_ocb_encrypt and aesni_ocb_decrypt operate by having a fast-path
                that performs operations on 6 16-byte blocks concurrently (the
                "grandloop") and then proceeds to handle the "short" tail (which can
                be anywhere from 0 to 5 blocks) that remain.

                As part of initialization, the assembly initializes $len to the true
                length, less 96 bytes and converts it to a pointer so that the $inp
                can be compared to it. Each iteration of "grandloop" checks to see if
                there's a full 96-byte chunk to process, and if so, continues. Once
                this has been exhausted, it falls through to "short", which handles
                the remaining zero to five blocks.

                Unfortunately, the jump at the end of "grandloop" had a fencepost
                error, doing a `jb` ("jump below") rather than `jbe` (jump below or
                equal). This should be `jbe`, as $inp is pointing to the *end* of the
                chunk currently being handled. If $inp == $len, that means that
                there's a whole 96-byte chunk waiting to be handled. If $inp > $len,
                then there's 5 or fewer 16-byte blocks left to be handled, and the
                fall-through is intended.

                The net effect of `jb` instead of `jbe` is that the last 16-byte block
                of the last 96-byte chunk was completely omitted. The contents of
                `out` in this position were never written to. Additionally, since
                those bytes were never processed, the authentication tag generated is
                also incorrect.

                The same fencepost error, and identical logic, exists in both
                aesni_ocb_encrypt and aesni_ocb_decrypt.

                This addresses CVE-2022-2097.

                Co-authored-by: Alejandro Sedeño <[email protected]>
                Co-authored-by: David Benjamin <[email protected]>

                Reviewed-by: Paul Dale <[email protected]>
                Reviewed-by: Tomas Mraz <[email protected]>

            commit 6495cab1c876ad80ce983d848ccaa1dc286a63e1
            Author: slontis <[email protected]>
            Date:   Fri Jul 1 13:47:11 2022 +1000

                Fix bn_gcd code to check return value when calling BN_one()

                BN_one() uses the expand function which calls malloc which may fail.
                All other places that reference BN_one() check the return value.

                The issue is triggered by a memory allocation failure.
                Detected by PR #18355

                Reviewed-by: Tomas Mraz <[email protected]>
                Reviewed-by: Paul Dale <[email protected]>
                (Merged from https://github.com/openssl/openssl/pull/18697)

                (cherry picked from commit 7fe7cc57af3db1e497877f0329ba17609b2efc8b)

            commit 7a05fcb1fc276a7ecfe599d45655d4e617c5e2d4
            Author: xkernel <[email protected]>
            Date:   Mon Jun 20 17:46:39 2022 +0800

                v3_sxnet: add a check for the return of i2s_ASN1_INTEGER()

                Reviewed-by: Matt Caswell <[email protected]>
                Reviewed-by: Ben Kaduk <[email protected]>
                (Merged from https://github.com/openssl/openssl/pull/18608)

                (cherry picked from commit 9ef1f848a646565d4dd86e56542cf921d4921ad9)

            commit a1d80edcf830739131e0567dc03b1e80b7988b1e
            Author: Matt Caswell <[email protected]>
            Date:   Fri Jun 10 15:58:58 2022 +0100

                Fix range_should_be_prefix() to actually return the correct result

                range_should_be_prefix() was misidentifying whether an IP address range
                should in fact be represented as a prefix. This was due to a bug introduced
                in commit 42d7d7dd which made this incorrect change:

                -    OPENSSL_assert(memcmp(min, max, length) <= 0);
                +    if (memcmp(min, max, length) <= 0)
                +        return -1;

                This error leads to incorrect DER being encoded/accepted.

                Reported by Theo Buehler (@botovq)

                Reviewed-by: Paul Dale <[email protected]>
                Reviewed-by: Tomas Mraz <[email protected]>
                (Merged from https://github.com/openssl/openssl/pull/18524)

                (cherry picked from commit 30532e59f475e0066c030693e4d614311a9e0cae)
                (cherry picked from commit 2c6550c6db9b1b69dc24f968b4ceb534edcf4841)

            commit 4c1cf6d39bb8e85658ac8c743dcff8ede730f76a
            Author: Bernd Edlinger <[email protected]>
            Date:   Fri Jun 17 10:25:24 2022 +0200

                Fix compile issues in test/v3ext.c with no-rfc3779

                There are no ASIdentifiers if OPENSSL_NO_RFC3779 is defined,
                therefore the test cannot be compiled.

                Reviewed-by: Matt Caswell <[email protected]>
                Reviewed-by: Tomas Mraz <[email protected]>
                Reviewed-by: Paul Dale <[email protected]>
                (Merged from https://github.com/openssl/openssl/pull/18634)

                (cherry picked from commit b76efe61ea9710a8f69e1cb8caf1aeb2ba6f1ebe)
                (cherry picked from commit 665ab12ed3f0d78e7cb6a55cdd2b83a2fe150232)

            commit 882573246695088d65956355ca6c954642dcac31
            Author: olszomal <[email protected]>
            Date:   Fri Jun 17 15:01:11 2022 +0200

                SSL_get_current_cipher() and SSL_get_pending_cipher() return 'const SSL_CIPHER *'

                Fix the documentation.

                CLA: trivial

                Reviewed-by: Matt Caswell <[email protected]>
                Reviewed-by: Todd Short <[email protected]>
                Reviewed-by: Paul Dale <[email protected]>
                Reviewed-by: Tomas Mraz <[email protected]>
                (Merged from https://github.com/openssl/openssl/pull/18599)

                (cherry picked from commit d842b6eff0940b6ce337536cb718a8d561290f50)

            commit 6c8879c8bf6030666c851623f93fff03c1266715
            Author: Bernd Edlinger <[email protected]>
            Date:   Wed Jun 22 17:05:55 2022 +0200

                Fix a memory leak in EC_GROUP_new_from_ecparameters

                This can be reproduced with my error injection patch.

                The test vector has been validated on the 1.1.1 branch
                but the issue is of course identical in all branches.

                $ ERROR_INJECT=1656112173 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/fe543a8d7e09109a9a08114323eefec802ad79e2
                    #0 0x7fb61945eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
                    #1 0x402f84 in my_malloc fuzz/test-corpus.c:114
                    #2 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
                    #3 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280
                    #4 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304
                    #5 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454
                    #6 0x7fb618e7aa13 in asn1_string_to_bn crypto/asn1/a_int.c:503
                    #7 0x7fb618e7aa13 in ASN1_INTEGER_to_BN crypto/asn1/a_int.c:559
                    #8 0x7fb618fd8e79 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:814
                    #9 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
                    #10 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
                    #11 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
                    #12 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
                    #13 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
                    #14 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
                    #15 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
                    #16 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
                    #17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                    #18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                    #19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                    #20 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                    #21 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                    #22 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                    #23 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
                    #24 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
                    #25 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
                    #26 0x402afb in testfile fuzz/test-corpus.c:182
                    #27 0x402656 in main fuzz/test-corpus.c:226
                    #28 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
                    #29 0x402756  (/home/ed/OPC/openssl/fuzz/x509-test+0x402756)

                =================================================================
                ==12221==ERROR: LeakSanitizer: detected memory leaks

                Direct leak of 24 byte(s) in 1 object(s) allocated from:
                    #0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
                    #1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
                    #2 0x7fb618ef5f11 in BN_new crypto/bn/bn_lib.c:246
                    #3 0x7fb618ef82f4 in BN_bin2bn crypto/bn/bn_lib.c:440
                    #4 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618
                    #5 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
                    #6 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
                    #7 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
                    #8 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
                    #9 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
                    #10 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
                    #11 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
                    #12 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
                    #13 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                    #14 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                    #15 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                    #16 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                    #17 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                    #18 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                    #19 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
                    #20 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
                    #21 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
                    #22 0x402afb in testfile fuzz/test-corpus.c:182
                    #23 0x402656 in main fuzz/test-corpus.c:226
                    #24 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

                Indirect leak of 56 byte(s) in 1 object(s) allocated from:
                    #0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
                    #1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
                    #2 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280
                    #3 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304
                    #4 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454
                    #5 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618
                    #6 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
                    #7 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
                    #8 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
                    #9 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
                    #10 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
                    #11 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
                    #12 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
                    #13 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
                    #14 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                    #15 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                    #16 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                    #17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                    #18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                    #19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                    #20 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
                    #21 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
                    #22 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
                    #23 0x402afb in testfile fuzz/test-corpus.c:182
                    #24 0x402656 in main fuzz/test-corpus.c:226
                    #25 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

                SUMMARY: AddressSanitizer: 80 byte(s) leaked in 2 allocation(s).

                Reviewed-by: Tomas Mraz <[email protected]>
                Reviewed-by: Kurt Roeckx <[email protected]>
                (Merged from https://github.com/openssl/openssl/pull/18632)

            commit 7f77ecd2facbd9df62ed727fbd1f522376d44bd3
            Author: Matt Caswell <[email protected]>
            Date:   Tue Jun 21 14:39:48 2022 +0100

                Prepare for 1.1.1q-dev

                Reviewed-by: Richard Levitte <[email protected]>
                Release: yes

            commit 8aaca20cf9996257d1ce2e6f4d3059b3698dde3d
            Author: Matt Caswell <[email protected]>
            Date:   Tue Jun 21 14:39:39 2022 +0100

                Prepare for 1.1.1p release

                Reviewed-by: Richard Levitte <[email protected]>
                Release: yes

            commit a3fc812c0c78e2f5db8b9d45bddaff62dfc958ae
            Author: Matt Caswell <[email protected]>
            Date:   Tue Jun 21 14:07:32 2022 +0100

                Update copyright year

                Reviewed-by: Richard Levitte <[email protected]>
                Release: yes

            commit 51e06520734063d6f52b2e596e1089d36d3781e7
            Author: Matt Caswell <[email protected]>
            Date:   Mon Jun 20 14:14:20 2022 +0100

                Update CHANGES and NEWS for new release

                Reviewed-by: Tomas Mraz <[email protected]>
                Release: yes

            commit 9639817dac8bbbaa64d09efad7464ccc405527c7
            Author: Daniel Fiala <[email protected]>
            Date:   Sun May 29 20:11:24 2022 +0200

                Fix file operations in c_rehash.

                CVE-2022-2068

                Reviewed-by: Matt Caswell <[email protected]>
                Reviewed-by: Richard Levitte <[email protected]>

            commit 20af01d46ca4086f6b1339b67c15c81d8b4a040d
            Author: Fraser Tweedale <[email protected]>
            Date:   Wed Jun 15 10:50:57 2022 +1000

                Fix documentation of BIO_FLAGS_BASE64_NO_NL

                Commit 8bfb7506d210841f2ee4eda8afe96441a0e33fa5 updated
                `BIO_f_base64(3)` to improve the documentation of the
                `BIO_FLAGS_BASE64_NO_NL` flag.  In particular, the updated text
                states that when this flag is used, all newlines in the input are
                ignored.  This is incorrect, as the following program proves:

                ```c

                unsigned char *in_buf =
                    "IlRoZSBxdWljayBicm93biBmb3gganVt\ncHMgb3ZlciBhIGxhenkgZG9nLiI=\n";

                int main(int argc, char **argv) {
                    BIO *b64 = BIO_new(BIO_f_base64());
                    if (b64 == NULL) return 1;
                    BIO_set_flags(b64, BIO_get_flags(b64) | BIO_FLAGS_BASE64_NO_NL);
                    int in_len = strlen(in_buf);
                    BIO *in = BIO_new_mem_buf(in_buf, in_len);
                    if (in == NULL) return 2;
                    in = BIO_push(b64, in);
                    unsigned char *out_buf = calloc(in_len, sizeof(unsigned char));
                    if (out_buf == NULL) return 3;
                    size_t out_len;
                    int r = BIO_read_ex(in, out_buf, in_len, &out_len);
                    printf("rv = %d\n", r);
                    printf("decoded = %s\n", out_buf);
                    return 0;
                }
                ```

                Update the text of `BIO_f_base64(3)` to clarify that when the flag
                is set, the data must be all on one line (with or without a trailing
                newline character).

                Signed-off-by: Fraser Tweedale <[email protected]>

                Reviewed-by: Paul Dale <[email protected]>
                Reviewed-by: Tomas Mraz <[email protected]>
                (Merged from https://github.com/openssl/openssl/pull/18568)

                (cherry picked from commit 0edcbacca99ab2b716da395f204610fc2775ea83)

            commit 8438d3a7b7309cbea521d3628fddeda7bd6d6e20
            Author: Tomas Mraz <[email protected]>
            Date:   Thu Jun 9 16:20:05 2022 +0200

                Add an extra reduction step to RSAZ mod_exp implementations

                Inspired by BoringSSL fix by David Benjamin.

                Reviewed-by: Matt Caswell <[email protected]>
                Reviewed-by: Paul Dale <[email protected]>
                (Merged from https://github.com/openssl/openssl/pull/18511)

            commit 0ed27fb7a8d85685cb671bf0a1e41bcdfc2624dc
            Author: Tomas Mraz <[email protected]>
            Date:   Thu Jun 9 12:34:55 2022 +0200

                Always end BN_mod_exp_mont_consttime with normal Montgomery reduction.

                This partially fixes a bug where, on x86_64, BN_mod_exp_mont_consttime
                would sometimes return m, the modulus, when it should have returned
                zero. Thanks to Guido Vranken for reporting it. It is only a partial fix
                because the same bug also exists in the "rsaz" codepath.

                The bug only affects zero outputs (with non-zero inputs), so we believe
                it has no security impact on our cryptographic functions.

                The fx is to delete lowercase bn_from_montgomery altogether, and have the
                mont5 path use the same BN_from_montgomery ending as the non-mont5 path.
                This only impacts the final step of the whole exponentiation and has no
                measurable perf impact.

                See the original BoringSSL commit
                https://boringssl.googlesource.com/boringssl/+/13c9d5c69d04485a7a8840c12185c832026c8315
                for further analysis.

                Original-author: David Benjamin <[email protected]>

                Reviewed-by: Matt Caswell <[email protected]>
                Reviewed-by: Paul Dale <[email protected]>
                (Merged from https://github.com/openssl/openssl/pull/18511)

            commit 8f078819556da83c15751678c39558a59bc746fc
            Author: Matt Caswell <[email protected]>
            Date:   Thu Jun 9 16:57:30 2022 +0100

                Fix a crash in X509v3_asid_subset()

                If the asnum or rdi fields are NULL and the ASIdentifiers are otherwise
                subsets then this will result in a crash. Of note is that rdi will usually
                be NULL.

                Reported by Theo Buehler (@botovq)

                Reviewed-by: Tomas Mraz <[email protected]>
                Reviewed-by: Paul Yang <[email protected]>
                Reviewed-by: Todd Short <[email protected]>
                (Merged from https://github.com/openssl/openssl/pull/18514)

                (cherry picked from commit 01fc9b6bce82f0534d6673659a0e59a71f57ee82)

            commit ab7d05617a444cfcf4f930f81caa4cf66495ab9b
            Author: Tomas Mraz <[email protected]>
            Date:   Thu Jun 2 18:12:05 2022 +0200

                Update further expiring certificates that affect tests

                Namely the smime certificates used in test_cms
                will expire soon and affect tests.

                Fixes #15179

                Reviewed-by: Dmitry Belyavskiy <[email protected]>
                Reviewed-by: Paul Dale <[email protected]>
                (Merged from https://github.com/openssl/openssl/pull/18481)

            commit 3bd976551e549c030bdbd150c7aa8a1980cb00fe
            Author: Tomas Mraz <[email protected]>
            Date:   Tue Mar 29 13:31:34 2022 +0200

                Fix strict client chain check with TLS-1.3

                When TLS-1.3 is used and the server does not send any CA names
                the ca_dn will be NULL. sk_X509_NAME_num() returns -1 on null
                argument.

                Reviewed-by: Todd Short <[email protected]>
                Reviewed-by: Matt Caswell <[email protected]>
                (Merged from https://github.com/openssl/openssl/pull/17986)

                (cherry picked from commit 89dd85430770d39cbfb15eb586c921958ca7687f)

            commit b7ce611887cfac633aacc052b2e71a7f195418b8
            Author: Tomas Mraz <[email protected]>
            Date:   Wed Jun 1 13:06:46 2022 +0200

                ct_test.c: Update the epoch time

                Reviewed-by: Matt Caswell <[email protected]>
                Reviewed-by: Dmitry Belyavskiy <[email protected]>
                (Merged from https://github.com/openssl/openssl/pull/18446)

            commit 73db5d82489b3ec09ccc772dfcee14fef0e8e908
            Author: Tomas Mraz <[email protected]>
            Date:   Wed Jun 1 12:47:44 2022 +0200

                Update expired SCT certificates

                Reviewed-by: Matt Caswell <[email protected]>
                Reviewed-by: Dmitry Belyavskiy <[email protected]>
                (Merged from https://github.com/openssl/openssl/pull/18446)

            commit 8754fa5f60ac4fdb5127f2eded9c7bbe0651c880
            Author: Bernd Edlinger <[email protected]>
            Date:   Sat May 21 07:50:46 2022 +0200

                Fix a memory leak in crl_set_issuers

                This can be reproduced with my error injection patch.

                The test vector has been validated on the 1.1.1 branch
                but the issue is of course identical in all branches.

                $ ERROR_INJECT=1653520461 ../util/shlib_wrap.sh ./cms-test ./corpora/cms/3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1
                log file: cms-3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1-32454-test.out
                ERROR_INJECT=1653520461
                    #0 0x7fd5d8b8eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
                    #1 0x402fc4 in my_realloc fuzz/test-corpus.c:129
                    #2 0x7fd5d8893c49 in sk_reserve crypto/stack/stack.c:198
                    #3 0x7fd5d8893c49 in OPENSSL_sk_insert crypto/stack/stack.c:242
                    #4 0x7fd5d88d6d7f in sk_GENERAL_NAMES_push include/openssl/x509v3.h:168
                    #5 0x7fd5d88d6d7f in crl_set_issuers crypto/x509/x_crl.c:111
                    #6 0x7fd5d88d6d7f in crl_cb crypto/x509/x_crl.c:246
                    #7 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
                    #8 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                    #9 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                    #10 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
                    #11 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
                    #12 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                    #13 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                    #14 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
                    #15 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                    #16 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                    #17 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                    #18 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
                    #19 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                    #20 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
                    #21 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
                    #22 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
                    #23 0x402845 in FuzzerTestOneInput fuzz/cms.c:43
                    #24 0x402bbb in testfile fuzz/test-corpus.c:182
                    #25 0x402626 in main fuzz/test-corpus.c:226
                    #26 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
                    #27 0x402706  (/home/ed/OPC/openssl/fuzz/cms-test+0x402706)

                =================================================================
                ==29625==ERROR: LeakSanitizer: detected memory leaks

                Direct leak of 32 byte(s) in 1 object(s) allocated from:
                    #0 0x7fd5d8b8309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
                    #1 0x7fd5d87c2430 in CRYPTO_zalloc crypto/mem.c:230
                    #2 0x7fd5d889501f in OPENSSL_sk_new_reserve crypto/stack/stack.c:209
                    #3 0x7fd5d85dcbc3 in sk_ASN1_VALUE_new_null include/openssl/asn1t.h:928
                    #4 0x7fd5d85dcbc3 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:577
                    #5 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                    #6 0x7fd5d85db104 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:178
                    #7 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
                    #8 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
                    #9 0x7fd5d88f86d9 in X509V3_EXT_d2i crypto/x509v3/v3_lib.c:142
                    #10 0x7fd5d88d6d3c in crl_set_issuers crypto/x509/x_crl.c:97
                    #11 0x7fd5d88d6d3c in crl_cb crypto/x509/x_crl.c:246
                    #12 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
                    #13 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                    #14 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                    #15 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
                    #16 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
                    #17 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                    #18 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                    #19 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
                    #20 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                    #21 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                    #22 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                    #23 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
                    #24 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                    #25 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
                    #26 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
                    #27 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
                    #28 0x402845 in FuzzerTestOneInput fuzz/cms.c:43
                    #29 0x402bbb in testfile fuzz/test-corpus.c:182
                    #30 0x402626 in main fuzz/test-corpus.c:226
                    #31 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

                SUMMARY: AddressSanitizer: 32 byte(s) leaked in 1 allocation(s).

                Reviewed-by: Paul Dale <[email protected]>
                Reviewed-by: Tomas Mraz <[email protected]>
                (Merged from https://github.com/openssl/openssl/pull/18391)

                (cherry picked from commit e9007e09792e3735d4973743634ff55d354fc7d8)

            commit 4a28f8451fbc1848fd2d1b99203a7c75876123f6
            Author: Bernd Edlinger <[email protected]>
            Date:   Sun May 22 20:12:56 2022 +0200

                Fix a crash in ssl_security_cert_chain

                Prior to the crash there is an out of memory error
                in X509_verify_cert which makes the chain NULL or
                empty.  The error is ignored by ssl_add_cert_chain,
                and ssl_security_cert_chain crashes due to the
                unchecked null pointer.

                This is reproducible with my error injection patch.

                The test vector has been validated on the 1.1.1 branch
                but the issue is of course identical in all branches.

                $ ERROR_INJECT=1652848273 ../util/shlib_wrap.sh ./server-test ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8# ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8
                    #0 0x7f3a8f766eba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
                    #1 0x403ba4 in my_malloc fuzz/test-corpus.c:114
                    #2 0x7f3a8f39a430 in CRYPTO_zalloc crypto/mem.c:230
                    #3 0x7f3a8f46bd3b in sk_reserve crypto/stack/stack.c:180
                    #4 0x7f3a8f46bd3b in OPENSSL_sk_insert crypto/stack/stack.c:242
                    #5 0x7f3a8f4a4fd8 in sk_X509_push include/openssl/x509.h:99
                    #6 0x7f3a8f4a4fd8 in X509_verify_cert crypto/x509/x509_vfy.c:286
                    #7 0x7f3a8fed726e in ssl_add_cert_chain ssl/statem/statem_lib.c:959
                    #8 0x7f3a8fed726e in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015
                    #9 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812
                    #10 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843
                    #11 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443
                    #12 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718
                    #13 0x403202 in FuzzerTestOneInput fuzz/server.c:740
                    #14 0x40371b in testfile fuzz/test-corpus.c:182
                    #15 0x402856 in main fuzz/test-corpus.c:226
                    #16 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
                    #17 0x402936  (/home/ed/OPC/openssl/fuzz/server-test+0x402936)

                AddressSanitizer:DEADLYSIGNAL
                =================================================================
                ==8400==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000158 (pc 0x7f3a8f4d822f bp 0x7ffc39b76190 sp 0x7ffc39b760a0 T0)
                ==8400==The signal is caused by a READ memory access.
                ==8400==Hint: address points to the zero page.
                    #0 0x7f3a8f4d822f in x509v3_cache_extensions crypto/x509v3/v3_purp.c:386
                    #1 0x7f3a8f4d9d3a in X509_check_purpose crypto/x509v3/v3_purp.c:84
                    #2 0x7f3a8f4da02a in X509_get_extension_flags crypto/x509v3/v3_purp.c:921
                    #3 0x7f3a8feff7d2 in ssl_security_cert_sig ssl/t1_lib.c:2518
                    #4 0x7f3a8feff7d2 in ssl_security_cert ssl/t1_lib.c:2542
                    #5 0x7f3a8feffa03 in ssl_security_cert_chain ssl/t1_lib.c:2562
                    #6 0x7f3a8fed728d in ssl_add_cert_chain ssl/statem/statem_lib.c:963
                    #7 0x7f3a8fed728d in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015
                    #8 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812
                    #9 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843
                    #10 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443
                    #11 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718
                    #12 0x403202 in FuzzerTestOneInput fuzz/server.c:740
                    #13 0x40371b in testfile fuzz/test-corpus.c:182
                    #14 0x402856 in main fuzz/test-corpus.c:226
                    #15 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
                    #16 0x402936  (/home/ed/OPC/openssl/fuzz/server-test+0x402936)

                AddressSanitizer can not provide additional info.
                SUMMARY: AddressSanitizer: SEGV crypto/x509v3/v3_purp.c:386 in x509v3_cache_extensions
                ==8400==ABORTING

                Reviewed-by: Tomas Mraz <[email protected]>
                Reviewed-by: Matt Caswell <[email protected]>
                (Merged from https://github.com/openssl/openssl/pull/18376)

                (cherry picked from commit dc0ef292f7df4ce0c49c64b47726a6768f9ac044)

            commit 59b8eca400d9ea7b77dc98fe08a91bbfe35d025a
            Author: Bernd Edlinger <[email protected]>
            Date:   Sat May 21 15:41:46 2022 +0200

                Fix a memory leak in X509_issuer_and_serial_hash

                This is reproducible with my error injection patch:

                $ ERROR_INJECT=1653267699 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/5f4034ae85d6587dcad4da3e812e80f3d312894d
                ERROR_INJECT=1653267699
                    #0 0x7fd485a6ad4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36
                    #1 0x55c12d268724 in my_malloc fuzz/test-corpus.c:114
                    #2 0x7fd484f51a75 in CRYPTO_zalloc crypto/mem.c:230
                    #3 0x7fd484ed778d in EVP_DigestInit_ex crypto/evp/digest.c:139
                    #4 0x7fd4850a9849 in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:44
                    #5 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44
                    #6 0x55c12d268239 in testfile fuzz/test-corpus.c:182
                    #7 0x55c12d267c7f in main fuzz/test-corpus.c:226
                    #8 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308
                    #9 0x55c12d267e5d in _start (/home/ed/OPCToolboxV5/Source/Core/OpenSSL/openssl/fuzz/x509-test+0x3e5d)

                =================================================================
                ==1058475==ERROR: LeakSanitizer: detected memory leaks

                Direct leak of 268 byte(s) in 1 object(s) allocated from:
                    #0 0x7fd485a5dc3e in __interceptor_realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:163
                    #1 0x7fd484d2eb9b in BUF_MEM_grow crypto/buffer/buffer.c:97
                    #2 0x7fd4850b2913 in X509_NAME_oneline crypto/x509/x509_obj.c:43
                    #3 0x7fd4850a982f in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:41
                    #4 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44
                    #5 0x55c12d268239 in testfile fuzz/test-corpus.c:182
                    #6 0x55c12d267c7f in main fuzz/test-corpus.c:226
                    #7 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308

                SUMMARY: AddressSanitizer: 268 byte(s) leaked in 1 allocation(s).

                Reviewed-by: Tomas Mraz <[email protected]>
                Reviewed-by: Matt Caswell <[email protected]>
                (Merged from https://github.com/openssl/openssl/pull/18370)

            commit e4b84b7514e5cbcbfc80e31b4ce609c7584e14bb
            Author: Bernd Edlinger <[email protected]>
            Date:   Fri May 20 16:54:41 2022 +0200

                Fix undefined behaviour in EC_GROUP_new_from_ecparameters

                This happens for instance with
                fuzz/corpora/asn1/65cf44e85614c62f10cf3b7a7184c26293a19e4a
                and causes the OPENSSL_malloc below to choke on the
                zero length allocation request.

                Reviewed-by: Matt Caswell <[email protected]>
                Reviewed-by: Tomas Mraz <[email protected]>
                (Merged from https://github.com/openssl/openssl/pull/18363)

            commit 8e1ece20cdb4a584be5311370256c4e813c09826
            Author: Bernd Edlinger <[email protected]>
            Date:   Fri May 20 16:15:44 2022 +0200

                Fix a memory leak in ec_key_simple_oct2priv

                This is reproducible with my error injection patch:

                $ ERROR_INJECT=1652710284 ../util/shlib_wrap.sh ./server-test ./corpora/server/4e48da8aecce6b9b58e8e4dbbf0523e6d2dd56dc
                140587884632000:error:03078041:bignum routines:bn_expand_internal:malloc failure:crypto/bn/bn_lib.c:282:
                140587884632000:error:10103003:elliptic curve routines:ec_key_simple_oct2priv:BN lib:crypto/ec/ec_key.c:662:
                140587884632000:error:100DE08E:elliptic curve routines:old_ec_priv_decode:decode error:crypto/ec/ec_ameth.c:464:
                140587884632000:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1149:
                140587884632000:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:309:Type=X509_ALGOR
                140587884632000:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:Field=pkeyalg, Type=PKCS8_PRIV_KEY_INFO
                140587884632000:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:crypto/pem/pem_pkey.c:88:

                =================================================================
                ==19676==ERROR: LeakSanitizer: detected memory leaks

                Direct leak of 24 byte(s) in 1 object(s) allocated from:
                    #0 0x7fdd2a6bb09f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
                    #1 0x7fdd2a2fa430 in CRYPTO_zalloc crypto/mem.c:230
                    #2 0x7fdd2a15df11 in BN_new crypto/bn/bn_lib.c:246
                    #3 0x7fdd2a15df88 in BN_secure_new crypto/bn/bn_lib.c:257
                    #4 0x7fdd2a247390 in ec_key_simple_oct2priv crypto/ec/ec_key.c:655
                    #5 0x7fdd2a241fc5 in d2i_ECPrivateKey crypto/ec/ec_asn1.c:1030
                    #6 0x7fdd2a23dac5 in old_ec_priv_decode crypto/ec/ec_ameth.c:463
                    #7 0x7fdd2a109db7 in d2i_PrivateKey crypto/asn1/d2i_pr.c:46
                    #8 0x7fdd2a33ab16 in PEM_read_bio_PrivateKey crypto/pem/pem_pkey.c:84
                    #9 0x7fdd2a3330b6 in PEM_read_bio_ECPrivateKey crypto/pem/pem_all.c:151
                    #10 0x402dba in FuzzerTestOneInput fuzz/server.c:592
                    #11 0x40370b in testfile fuzz/test-corpus.c:182
                    #12 0x402846 in main fuzz/test-corpus.c:226
                    #13 0x7fdd297b9f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

                SUMMARY: AddressSanitizer: 24 byte(s) leaked in 1 allocation(s).

                Reviewed-by: Tomas Mraz <[email protected]>
                Reviewed-by: Matt Caswell <[email protected]>
                (Merged from https://github.com/openssl/openssl/pull/18361)

            commit 8e60f41d064786f95440e4c56660ffe9777783d7
            Author: Bernd Edlinger <[email protected]>
            Date:   Fri May 20 08:02:47 2022 +0200

                Fix a crash in asn1_item_embed_new

                This happens usually if an template object is created
                and there is an out of memory error before the ASN1_OP_NEW_POST
                method is called, but asn1_item_embed_free calls now the
                ASN1_OP_FREE_POST which may crash because the object is not
                properly initialized.  Apparently that is only an issue with
                the ASN1_OP_FREE_POST handling of crypot/x509/x_crl.c, which
                ought to be tolerant to incomplete initialized objects.

                The error can be reproduced with the reproducible error injection patch:

                $ ERROR_INJECT=1652890550 ../util/shlib_wrap.sh ./asn1-test ./corpora/asn1/0ff17293911f54d1538b9896563a4048d67d9ee4
                    #0 0x7faae9dbeeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
                    #1 0x408dc4 in my_malloc fuzz/test-corpus.c:114
                    #2 0x7faae99f2430 in CRYPTO_zalloc crypto/mem.c:230
                    #3 0x7faae97f09e5 in ASN1_STRING_type_new crypto/asn1/asn1_lib.c:341
                    #4 0x7faae98118f7 in asn1_primitive_new crypto/asn1/tasn_new.c:318
                    #5 0x7faae9812401 in asn1_item_embed_new crypto/asn1/tasn_new.c:78
                    #6 0x7faae9812401 in asn1_template_new crypto/asn1/tasn_new.c:240
                    #7 0x7faae9812315 in asn1_item_embed_new crypto/asn1/tasn_new.c:137
                    #8 0x7faae9812315 in asn1_template_new crypto/asn1/tasn_new.c:240
                    #9 0x7faae9812a54 in asn1_item_embed_new crypto/asn1/tasn_new.c:137
                    #10 0x7faae9812a54 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39
                    #11 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325
                    #12 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
                    #13 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                    #14 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                    #15 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                    #16 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
                    #17 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                    #18 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
                    #19 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
                    #20 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301
                    #21 0x40893b in testfile fuzz/test-corpus.c:182
                    #22 0x406b86 in main fuzz/test-corpus.c:226
                    #23 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

                AddressSanitizer:DEADLYSIGNAL
                =================================================================
                ==1194==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc 0x7faae9b0625f bp 0x7fffffe41a00 sp 0x7fffffe41920 T0)
                ==1194==The signal is caused by a READ memory access.
                ==1194==Hint: address points to the zero page.
                    #0 0x7faae9b0625f in crl_cb crypto/x509/x_crl.c:258
                    #1 0x7faae9811255 in asn1_item_embed_free crypto/asn1/tasn_fre.c:113
                    #2 0x7faae9812a65 in asn1_item_embed_new crypto/asn1/tasn_new.c:150
                    #3 0x7faae9812a65 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39
                    #4 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325
                    #5 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
                    #6 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                    #7 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                    #8 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                    #9 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
                    #10 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                    #11 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
                    #12 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
                    #13 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301
                    #14 0x40893b in testfile fuzz/test-corpus.c:182
                    #15 0x406b86 in main fuzz/test-corpus.c:226
                    #16 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

                AddressSanitizer can not provide additional info.
                SUMMARY: AddressSanitizer: SEGV crypto/x509/x_crl.c:258 in crl_cb
                ==1194==ABORTING

                Reviewed-by: Matt Caswell <[email protected]>
                Reviewed-by: Tomas Mraz <[email protected]>
                (Merged from https://github.com/openssl/openssl/pull/18360)

                (cherry picked from commit 557825acd622f98fc21423aba092e374db84f483)

            commit 17519e2595b5ed8211a7763ff6eb2d6cf47c13cb
            Author: Bernd Edlinger <[email protected]>
            Date:   Thu May 19 15:50:28 2022 +0200

                Backport a missing bug-fix from master

                This is a backport of the following commit from master:

                commit 61b0fead5e6079ca826594df5b9ca00e65883cb0
                Author: Matt Caswell <[email protected]>
                Date:   Thu Nov 19 13:58:21 2020 +0000

                    Don't Overflow when printing Thawte Strong Extranet Version

                    When printing human readable info on the Thawte Strong Extranet extension
                    the version number could overflow if the version number == LONG_MAX. This
                    is undefined behaviour.

                    Issue found by OSSFuzz.

                    Reviewed-by: Ben Kaduk <[email protected]>
                    (Merged from https://github.com/openssl/openssl/pull/13452)

                Reviewed-by: Matt Caswell <[email protected]>
                Reviewed-by: Tomas Mraz <[email protected]>
                (Merged from https://github.com/openssl/openssl/pull/18347)

            commit 03ba56f1525c93eb3dfe72f85cdc698b97918e59
            Author: Bernd Edlinger <[email protected]>
            Date:   Thu May 19 10:59:25 2022 +0200

                Backport some fuzzing data files from master

                This is a backport of the following commit from master:

                commit 415e6ac80405e13b20b083315747e431274fbd33
                Author: Tavis Ormandy <[email protected]>
                Date:   Tue Sep 21 15:48:27 2021 -0700

                    increase x509 code coverage metrics

                    Reviewed-by: Matt Caswell <[email protected]>
                    Reviewed-by: Tomas Mraz <[email protected]>
                    (Merged from https://github.com/openssl/openssl/pull/16651)

                Reviewed-by: Matt Caswell <[email protected]>
                Reviewed-by: Tomas Mraz <[email protected]>
                (Merged from https://github.com/openssl/openssl/pull/18347)

            commit e04ba889594d84a8805f3d0caeadf0527470e508
            Author: Daniel Fiala <[email protected]>
            Date:   Tue May 10 08:46:37 2022 +0000

                s_serve: Report an error if init-connection fails without an attempt to read.

                Fixes: openssl#18047.

                Reviewed-by: Paul Dale <[email protected]>
                Reviewed-by: Tomas Mraz <[email protected]>
                (Merged from https://github.com/openssl/openssl/pull/18283)

            commit 6ef91d8153e04a2302bff11b29caf7e888b62fe8
            Author: basavesh <[email protected]>
            Date:   Tue Apr 5 17:49:09 2022 +0200

                Fix leakage when the cacheline is 32-bytes in CBC_MAC_ROTATE_IN_PLACE

                rotated_mac is a 64-byte aligned buffer of size 64 and rotate_offset is secret.
                Consider a weaker leakage model(CL) where only cacheline base address is leaked,
                i.e address/32 for 32-byte cacheline(CL32).

                Previous code used to perform two loads
                    1. rotated_mac[rotate_offset ^ 32] and
                    2. rotated_mac[rotate_offset++]
                which would leak 2q + 1, 2q for 0 <= rotate_offset < 32
                and 2q, 2q + 1 for 32 <= rotate_offset < 64

                The proposed fix performs load operations which will always leak 2q, 2q + 1 and
                selects the appropriate value in constant-time.

                Reviewed-by: Matt Caswell <[email protected]>
                Reviewed-by: Tomas Mraz <[email protected]>
                (Merged from https://github.com/openssl/openssl/pull/18050)

            commit c7d6c08290b67cbeef2b4f636f04788ea405520a
            Author: Tomas Mraz <[email protected]>
            Date:   Fri Apr 29 17:02:19 2022 +0200

                Add test for empty supported-groups extension

                Reviewed-by: Paul Dale <[email protected]>
                Reviewed-by: Matt Caswell <[email protected]>
                (Merged from https://github.com/openssl/openssl/pull/18213)

            commit bd164884f258d99ca876f6cdcdf9bd0dcceee6ad
            Author: Tomas Mraz <[email protected]>
            Date:   Fri Apr 29 16:36:36 2022 +0200

                Do not send an empty supported groups extension

                This allows handshake to proceed if the maximum TLS version enabled is <1.3

                Fixes #13583

                Reviewed-by: Paul Dale <[email protected]>
                Reviewed-by: Matt Caswell <[email protected]>
                (Merged from https://github.com/openssl/openssl/pull/18213)

            commit ac2d4cb656b3a796db3dc6f8873e91e67907372d
            Author: Allan Jude <[email protected]>
            Date:   Fri Nov 19 19:06:52 2021 +0000

                1_1_1-stable: Detect arm64-*-*bsd and enable assembly optimizations

                Reviewed-by: Paul Dale <[email protected]>
                Reviewed-by: Dmitry Belyavskiy <[email protected]>
                Reviewed-by: Tomas Mraz <[email protected]>
                (Merged from https://github.com/openssl/openssl/pull/17085)

            commit ec1b4bf26c1b2440546f323873c578374f60b2de
            Author: Hugo Landau <[email protected]>
            Date:   Wed Apr 27 10:11:08 2022 +0100

                (1.1) Add SSL_(CTX_)?get0_(verify|chain)_cert_store functions

                Backport of #18038 to 1.1.

                Fixes #18035.

                Reviewed-by: Tomas Mraz <[email protected]>
                Reviewed-by: Dmitry Belyavskiy <[email protected]>
                (Merged from https://github.com/openssl/openssl/pull/18190)

            commit 988c7b2d9361dd0ade5ef7ef068fb4ed770ce2a2
            Author: Matt Caswell <[email protected]>
            Date:   Tue May 3 14:41:23 2022 +0100

                Prepare for 1.1.1p-dev

                Reviewed-by: Tomas Mraz <[email protected]>
                Release: yes

        commit 5ea6414f0bf861e8fece53b5bf35c849bad64774
        Author: Randall S. Becker <[email protected]>
        Date:   Wed Jun 22 06:26:40 2022 -0600

            Squashed commit of the following:

            commit 8aaca20cf9996257d1ce2e6f4d3059b3698dde3d
            Author: Matt Caswell <[email protected]>
            Date:   Tue Jun 21 14:39:39 2022 +0100

                Prepare for 1.1.1p release

                Reviewed-by: Richard Levitte <[email protected]>
                Release: yes

            commit a3fc812c0c78e2f5db8b9d45bddaff62dfc958ae
            Author: Matt Caswell <[email protected]>
            Date:   Tue Jun 21 14:07:32 2022 +0100

                Update copyright year

                Reviewed-by: Richard Levitte <[email protected]>
                Release: yes

            commit 51e06520734063d6f52b2e596e1089d36d3781e7
            Author: Matt Caswell <[email protected]>
            Date:   Mon Jun 20 14:14:20 2022 +0100

                Update CHANGES and NEWS for new release

                Reviewed-by: Tomas Mraz <[email protected]>
                Release: yes

            commit 9639817dac8bbbaa64d09efad7464ccc405527c7
            Author: Daniel Fiala <[email protected]>
            Date:   Sun May 29 20:11:24 2022 +0200

                Fix file operations in c_rehash.

                CVE-2022-2068

                Reviewed-by: Matt Caswell <[email protected]>
                Reviewed-by: Richard Levitte <[email protected]>

            commit 20af01d46ca4086f6b1339b67c15c81d8b4a040d
            Author: Fraser Tweedale <[email protected]>
            Date:   Wed Jun 15 10:50:57 2022 +1000

                Fix documentation of BIO_FLAGS_BASE64_NO_NL

                Commit 8bfb7506d210841f2ee4eda8afe96441a0e33fa5 updated
                `BIO_f_base64(3)` to improve the documentation of the
                `BIO_FLAGS_BASE64_NO_NL` flag.  In particular, the updated text
                states that when this flag is used, all newlines in the input are
                ignored.  This is incorrect, as the following program proves:

                ```c

                unsigned char *in_buf =
                    "IlRoZSBxdWljayBicm93biBmb3gganVt\ncHMgb3ZlciBhIGxhenkgZG9nLiI=\n";

                int main(int argc, char **argv) {
                    BIO *b64 = BIO_new(BIO_f_base64());
                    if (b64 == NULL) return 1;
                    BIO_set_flags(b64, BIO_get_flags(b64) | BIO_FLAGS_BASE64_NO_NL);
                    int in_len = strlen(in_buf);
                    BIO *in = BIO_new_mem_buf(in_buf, in_len);
                    if (in == NULL) return 2;
                    in = BIO_push(b64, in);
                    unsigned char *out_buf = calloc(in_len, sizeof(unsigned char));
                    if (out_buf == NULL) return 3;
                    size_t out_len;
                    int r = BIO_read_ex(in, out_buf, in_len, &out_len);
                    printf("rv = %d\n", r);
                    printf("decoded = %s\n", out_buf);
                    return 0;
                }
                ```

                Update the text of `BIO_f_base64(3)` to clarify that when the flag
                is set, the data must be all on one line (with or without a trailing
                newline character).

                Signed-off-by: Fraser Tweedale <[email protected]>

                Reviewed-by: Paul Dale <[email protected]>
                Reviewed-by: Tomas Mraz <[email protected]>
                (Merged from https://github.com/openssl/openssl/pull/18568)

                (cherry picked from commit 0edcbacca99ab2b716da395f204610fc2775ea83)

            commit 8438d3a7b7309cbea521d3628fddeda7bd6d6e20
            Author: Tomas Mraz <[email protected]>
            Date:   Thu Jun 9 16:20:05 2022 +0200

                Add an extra reduction step to RSAZ mod_exp implementations

                Inspired by BoringSSL fix by David Benjamin.

                Reviewed-by: Matt Caswell <[email protected]>
                Reviewed-by: Paul Dale <[email protected]>
                (Merged from https://github.com/openssl/openssl/pull/18511)

            commit 0ed27fb7a8d85685cb671bf0a1e41bcdfc2624dc
            Author: Tomas Mraz <[email protected]>
            Date:   Thu Jun 9 12:34:55 2022 +0200

                Always end BN_mod_exp_mont_consttime with normal Montgomery reduction.

                This partially fixes a bug where, on x86_64, BN_mod_exp_mont_consttime
                would sometimes return m, the modulus, when it should have returned
                zero. Thanks to Guido Vranken for reporting it. It is only a partial fix
                because the same bug also exists in the "rsaz" codepath.

                The bug only affects zero outputs (with non-zero inputs), so we believe
                it has no security impact on our cryptographic functions.

                The fx is to delete lowercase bn_from_montgomery altogether, and have the
                mont5 path use the same BN_from_montgomery ending as the non-mont5 path.
                This only impacts the final step of the whole exponentiation and has no
                measurable perf impact.

                See the original BoringSSL commit
                https://boringssl.googlesource.com/boringssl/+/13c9d5c69d04485a7a8840c12185c832026c8315
                for further analysis.

                Original-author: David Benjamin <[email protected]>

                Reviewed-by: Matt Caswell <[email protected]>
                Reviewed-by: Paul Dale <[email protected]>
                (Merged from https://github.com/openssl/openssl/pull/18511)

            commit 8f078819556da83c15751678c39558a59bc746fc
            Author: Matt Caswell <[email protected]>
            Date:   Thu Jun 9 16:57:30 2022 +0100

                Fix a crash in X509v3_asid_subset()

                If the asnum or rdi fields are NULL and the ASIdentifiers are otherwise
                subsets then this will result in a crash. Of note is that rdi will usually
                be NULL.

                Reported by Theo Buehler (@botovq)

                Reviewed-by: Tomas Mraz <[email protected]>
                Reviewed-by: Paul Yang <[email protected]>
                Reviewed-by: Todd Short <[email protected]>
                (Merged from https://github.com/openssl/openssl/pull/18514)

                (cherry picked from commit 01fc9b6bce82f0534d6673659a0e59a71f57ee82)

            commit ab7d05617a444cfcf4f930f81caa4cf66495ab9b
            Author: Tomas Mraz <[email protected]>
            Date:   Thu Jun 2 18:12:05 2022 +0200

                Update further expiring certificates that affect tests

                Namely the smime certificates used in test_cms
                will expire soon and affect tests.

                Fixes #15179

                Reviewed-by: Dmitry Belyavskiy <[email protected]>
                Reviewed-by: Paul Dale <[email protected]>
                (Merged from https://github.com/openssl/openssl/pull/18481)

            commit 3bd976551e549c030bdbd150c7aa8a1980cb00fe
            Author: Tomas Mraz <[email protected]>
            Date:   Tue Mar 29 13:31:34 2022 +0200

                Fix strict client chain check with TLS-1.3

                When TLS-1.3 is used and the server does not send any CA names
                the ca_dn will be NULL. sk_X509_NAME_num() returns -1 on null
                argument.

                Reviewed-by: Todd Short <[email protected]>
                Reviewed-by: Matt Caswell <[email protected]>
                (Merged from https://github.com/openssl/openssl/pull/17986)

                (cherry picked from commit 89dd85430770d39cbfb15eb586c921958ca7687f)

            commit b7ce611887cfac633aacc052b2e71a7f195418b8
            Author: Tomas Mraz <[email protected]>
            Date:   Wed Jun 1 13:06:46 2022 +0200

                ct_test.c: Update the epoch time

                Reviewed-by: Matt Caswell <[email protected]>
                Reviewed-by: Dmitry Belyavskiy <[email protected]>
                (Merged from https://github.com/openssl/openssl/pull/18446)

            commit 73db5d82489b3ec09ccc772dfcee14fef0e8e908
            Author: Tomas Mraz <[email protected]>
            Date:   Wed Jun 1 12:47:44 2022 +0200

                Update expired SCT certificates

                Reviewed-by: Matt Caswell <[email protected]>
                Reviewed-by: Dmitry Belyavskiy <[email protected]>
                (Merged from https://github.com/openssl/openssl/pull/18446)

            commit 8754fa5f60ac4fdb5127f2eded9c7bbe0651c880
            Author: Bernd Edlinger <[email protected]>
            Date:   Sat May 21 07:50:46 2022 +0200

                Fix a memory leak in crl_set_issuers

                This can be reproduced with my error injection patch.

                The test vector has been validated on the 1.1.1 branch
                but the issue is of course identical in all branches.

                $ ERROR_INJECT=1653520461 ../util/shlib_wrap.sh ./cms-test ./corpora/cms/3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1
                log file: cms-3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1-32454-test.out
                ERROR_INJECT=1653520461
                    #0 0x7fd5d8b8eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
                    #1 0x402fc4 in my_realloc fuzz/test-corpus.c:129
                    #2 0x7fd5d8893c49 in sk_reserve crypto/stack/stack.c:198
                    #3 0x7fd5d8893c49 in OPENSSL_sk_insert crypto/stack/stack.c:242
                    #4 0x7fd5d88d6d7f in sk_GENERAL_NAMES_push include/openssl/x509v3.h:168
                    #5 0x7fd5d88d6d7f in crl_set_issuers crypto/x509/x_crl.c:111
                    #6 0x7fd5d88d6d7f in crl_cb crypto/x509/x_crl.c:246
                    #7 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
                    #8 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                    #9 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                    #10 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
                    #11 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
                    #12 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                    #13 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                    #14 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
                    #15 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                    #16 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                    #17 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                    #18 0x7fd5d85dd7d3 in asn…

commit 65be16881b71f4d66c77664775c93340a7b89c6d
Author: Randall S. Becker <[email protected]>
Date:   Tue Feb 7 09:13:22 2023 -0700

    Squashed commit of the following:

    commit 44ea69d6aadbbf9b951335e5ed296eed019e9ffe
    Author: Randall S. Becker <[email protected]>
    Date:   Wed Nov 2 12:49:30 2022 -0600

        Squashed commit of the following:

        commit 1b3fb89163127047b0f99412b8a31522215b3bea
        Author: Randall S. Becker <[email protected]>
        Date:   Tue Oct 11 11:17:39 2022 -0600

            Squashed commit of the following:

            commit 6fd6179191702eb0562ccbfb22a37405c669b90e
            Author: Randall S. Becker <[email protected]>
            Date:   Tue Jul 5 17:50:13 2022 -0400

                Missed include on NonStop for memcmp in test/v3ext.c

            commit d97281f16602e50f040756029b555645315253df
            Author: Randall S. Becker <[email protected]>
            Date:   Tue Jul 5 10:37:54 2022 -0400

                Squashed commit of the following:

                commit 29708a562a1887a91de0fa6ca668c71871accde9
                Author: Richard Levitte <[email protected]>
                Date:   Tue Jul 5 11:08:33 2022 +0200

                    Prepare for 1.1.1q release

                    Reviewed-by: Paul Dale <[email protected]>
                    Release: yes

                commit 95a17c0ead00885452d13309eaffd04c1737d05d
                Author: Richard Levitte <[email protected]>
                Date:   Tue Jul 5 10:33:00 2022 +0200

                    Update copyright year

                    Reviewed-by: Paul Dale <[email protected]>
                    Release: yes

                commit 78ba51a3b8b505d8d03abca8fa95e4fb1464d94e
                Author: Richard Levitte <[email protected]>
                Date:   Tue Jul 5 10:25:00 2022 +0200

                    Update CHANGES and NEWS for upcoming release 1.1.1q

                    Reviewed-by: Paul Dale <[email protected]>
                    Release: yes

                commit 9131afdca30b6d1650af9ea6179569a80ab8cb06
                Author: Alex Chernyakhovsky <[email protected]>
                Date:   Thu Jun 16 12:02:37 2022 +1000

                    AES OCB test vectors

                    Add test vectors for AES OCB for x86 AES-NI multiple of 96 byte issue.

                    Co-authored-by: Alejandro Sedeño <[email protected]>
                    Co-authored-by: David Benjamin <[email protected]>

                    Reviewed-by: Paul Dale <[email protected]>
                    Reviewed-by: Tomas Mraz <[email protected]>

                commit 919925673d6c9cfed3c1085497f5dfbbed5fc431
                Author: Alex Chernyakhovsky <[email protected]>
                Date:   Thu Jun 16 12:00:22 2022 +1000

                    Fix AES OCB encrypt/decrypt for x86 AES-NI

                    aesni_ocb_encrypt and aesni_ocb_decrypt operate by having a fast-path
                    that performs operations on 6 16-byte blocks concurrently (the
                    "grandloop") and then proceeds to handle the "short" tail (which can
                    be anywhere from 0 to 5 blocks) that remain.

                    As part of initialization, the assembly initializes $len to the true
                    length, less 96 bytes and converts it to a pointer so that the $inp
                    can be compared to it. Each iteration of "grandloop" checks to see if
                    there's a full 96-byte chunk to process, and if so, continues. Once
                    this has been exhausted, it falls through to "short", which handles
                    the remaining zero to five blocks.

                    Unfortunately, the jump at the end of "grandloop" had a fencepost
                    error, doing a `jb` ("jump below") rather than `jbe` (jump below or
                    equal). This should be `jbe`, as $inp is pointing to the *end* of the
                    chunk currently being handled. If $inp == $len, that means that
                    there's a whole 96-byte chunk waiting to be handled. If $inp > $len,
                    then there's 5 or fewer 16-byte blocks left to be handled, and the
                    fall-through is intended.

                    The net effect of `jb` instead of `jbe` is that the last 16-byte block
                    of the last 96-byte chunk was completely omitted. The contents of
                    `out` in this position were never written to. Additionally, since
                    those bytes were never processed, the authentication tag generated is
                    also incorrect.

                    The same fencepost error, and identical logic, exists in both
                    aesni_ocb_encrypt and aesni_ocb_decrypt.

                    This addresses CVE-2022-2097.

                    Co-authored-by: Alejandro Sedeño <[email protected]>
                    Co-authored-by: David Benjamin <[email protected]>

                    Reviewed-by: Paul Dale <[email protected]>
                    Reviewed-by: Tomas Mraz <[email protected]>

                commit 6495cab1c876ad80ce983d848ccaa1dc286a63e1
                Author: slontis <[email protected]>
                Date:   Fri Jul 1 13:47:11 2022 +1000

                    Fix bn_gcd code to check return value when calling BN_one()

                    BN_one() uses the expand function which calls malloc which may fail.
                    All other places that reference BN_one() check the return value.

                    The issue is triggered by a memory allocation failure.
                    Detected by PR #18355

                    Reviewed-by: Tomas Mraz <[email protected]>
                    Reviewed-by: Paul Dale <[email protected]>
                    (Merged from https://github.com/openssl/openssl/pull/18697)

                    (cherry picked from commit 7fe7cc57af3db1e497877f0329ba17609b2efc8b)

                commit 7a05fcb1fc276a7ecfe599d45655d4e617c5e2d4
                Author: xkernel <[email protected]>
                Date:   Mon Jun 20 17:46:39 2022 +0800

                    v3_sxnet: add a check for the return of i2s_ASN1_INTEGER()

                    Reviewed-by: Matt Caswell <[email protected]>
                    Reviewed-by: Ben Kaduk <[email protected]>
                    (Merged from https://github.com/openssl/openssl/pull/18608)

                    (cherry picked from commit 9ef1f848a646565d4dd86e56542cf921d4921ad9)

                commit a1d80edcf830739131e0567dc03b1e80b7988b1e
                Author: Matt Caswell <[email protected]>
                Date:   Fri Jun 10 15:58:58 2022 +0100

                    Fix range_should_be_prefix() to actually return the correct result

                    range_should_be_prefix() was misidentifying whether an IP address range
                    should in fact be represented as a prefix. This was due to a bug introduced
                    in commit 42d7d7dd which made this incorrect change:

                    -    OPENSSL_assert(memcmp(min, max, length) <= 0);
                    +    if (memcmp(min, max, length) <= 0)
                    +        return -1;

                    This error leads to incorrect DER being encoded/accepted.

                    Reported by Theo Buehler (@botovq)

                    Reviewed-by: Paul Dale <[email protected]>
                    Reviewed-by: Tomas Mraz <[email protected]>
                    (Merged from https://github.com/openssl/openssl/pull/18524)

                    (cherry picked from commit 30532e59f475e0066c030693e4d614311a9e0cae)
                    (cherry picked from commit 2c6550c6db9b1b69dc24f968b4ceb534edcf4841)

                commit 4c1cf6d39bb8e85658ac8c743dcff8ede730f76a
                Author: Bernd Edlinger <[email protected]>
                Date:   Fri Jun 17 10:25:24 2022 +0200

                    Fix compile issues in test/v3ext.c with no-rfc3779

                    There are no ASIdentifiers if OPENSSL_NO_RFC3779 is defined,
                    therefore the test cannot be compiled.

                    Reviewed-by: Matt Caswell <[email protected]>
                    Reviewed-by: Tomas Mraz <[email protected]>
                    Reviewed-by: Paul Dale <[email protected]>
                    (Merged from https://github.com/openssl/openssl/pull/18634)

                    (cherry picked from commit b76efe61ea9710a8f69e1cb8caf1aeb2ba6f1ebe)
                    (cherry picked from commit 665ab12ed3f0d78e7cb6a55cdd2b83a2fe150232)

                commit 882573246695088d65956355ca6c954642dcac31
                Author: olszomal <[email protected]>
                Date:   Fri Jun 17 15:01:11 2022 +0200

                    SSL_get_current_cipher() and SSL_get_pending_cipher() return 'const SSL_CIPHER *'

                    Fix the documentation.

                    CLA: trivial

                    Reviewed-by: Matt Caswell <[email protected]>
                    Reviewed-by: Todd Short <[email protected]>
                    Reviewed-by: Paul Dale <[email protected]>
                    Reviewed-by: Tomas Mraz <[email protected]>
                    (Merged from https://github.com/openssl/openssl/pull/18599)

                    (cherry picked from commit d842b6eff0940b6ce337536cb718a8d561290f50)

                commit 6c8879c8bf6030666c851623f93fff03c1266715
                Author: Bernd Edlinger <[email protected]>
                Date:   Wed Jun 22 17:05:55 2022 +0200

                    Fix a memory leak in EC_GROUP_new_from_ecparameters

                    This can be reproduced with my error injection patch.

                    The test vector has been validated on the 1.1.1 branch
                    but the issue is of course identical in all branches.

                    $ ERROR_INJECT=1656112173 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/fe543a8d7e09109a9a08114323eefec802ad79e2
                        #0 0x7fb61945eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
                        #1 0x402f84 in my_malloc fuzz/test-corpus.c:114
                        #2 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
                        #3 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280
                        #4 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304
                        #5 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454
                        #6 0x7fb618e7aa13 in asn1_string_to_bn crypto/asn1/a_int.c:503
                        #7 0x7fb618e7aa13 in ASN1_INTEGER_to_BN crypto/asn1/a_int.c:559
                        #8 0x7fb618fd8e79 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:814
                        #9 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
                        #10 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
                        #11 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
                        #12 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
                        #13 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
                        #14 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
                        #15 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
                        #16 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
                        #17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                        #18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                        #19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                        #20 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                        #21 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                        #22 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                        #23 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
                        #24 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
                        #25 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
                        #26 0x402afb in testfile fuzz/test-corpus.c:182
                        #27 0x402656 in main fuzz/test-corpus.c:226
                        #28 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
                        #29 0x402756  (/home/ed/OPC/openssl/fuzz/x509-test+0x402756)

                    =================================================================
                    ==12221==ERROR: LeakSanitizer: detected memory leaks

                    Direct leak of 24 byte(s) in 1 object(s) allocated from:
                        #0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
                        #1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
                        #2 0x7fb618ef5f11 in BN_new crypto/bn/bn_lib.c:246
                        #3 0x7fb618ef82f4 in BN_bin2bn crypto/bn/bn_lib.c:440
                        #4 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618
                        #5 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
                        #6 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
                        #7 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
                        #8 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
                        #9 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
                        #10 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
                        #11 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
                        #12 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
                        #13 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                        #14 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                        #15 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                        #16 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                        #17 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                        #18 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                        #19 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
                        #20 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
                        #21 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
                        #22 0x402afb in testfile fuzz/test-corpus.c:182
                        #23 0x402656 in main fuzz/test-corpus.c:226
                        #24 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

                    Indirect leak of 56 byte(s) in 1 object(s) allocated from:
                        #0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
                        #1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
                        #2 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280
                        #3 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304
                        #4 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454
                        #5 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618
                        #6 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
                        #7 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
                        #8 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
                        #9 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
                        #10 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
                        #11 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
                        #12 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
                        #13 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
                        #14 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                        #15 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                        #16 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                        #17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                        #18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                        #19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                        #20 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
                        #21 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
                        #22 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
                        #23 0x402afb in testfile fuzz/test-corpus.c:182
                        #24 0x402656 in main fuzz/test-corpus.c:226
                        #25 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

                    SUMMARY: AddressSanitizer: 80 byte(s) leaked in 2 allocation(s).

                    Reviewed-by: Tomas Mraz <[email protected]>
                    Reviewed-by: Kurt Roeckx <[email protected]>
                    (Merged from https://github.com/openssl/openssl/pull/18632)

                commit 7f77ecd2facbd9df62ed727fbd1f522376d44bd3
                Author: Matt Caswell <[email protected]>
                Date:   Tue Jun 21 14:39:48 2022 +0100

                    Prepare for 1.1.1q-dev

                    Reviewed-by: Richard Levitte <[email protected]>
                    Release: yes

                commit 8aaca20cf9996257d1ce2e6f4d3059b3698dde3d
                Author: Matt Caswell <[email protected]>
                Date:   Tue Jun 21 14:39:39 2022 +0100

                    Prepare for 1.1.1p release

                    Reviewed-by: Richard Levitte <[email protected]>
                    Release: yes

                commit a3fc812c0c78e2f5db8b9d45bddaff62dfc958ae
                Author: Matt Caswell <[email protected]>
                Date:   Tue Jun 21 14:07:32 2022 +0100

                    Update copyright year

                    Reviewed-by: Richard Levitte <[email protected]>
                    Release: yes

                commit 51e06520734063d6f52b2e596e1089d36d3781e7
                Author: Matt Caswell <[email protected]>
                Date:   Mon Jun 20 14:14:20 2022 +0100

                    Update CHANGES and NEWS for new release

                    Reviewed-by: Tomas Mraz <[email protected]>
                    Release: yes

                commit 9639817dac8bbbaa64d09efad7464ccc405527c7
                Author: Daniel Fiala <[email protected]>
                Date:   Sun May 29 20:11:24 2022 +0200

                    Fix file operations in c_rehash.

                    CVE-2022-2068

                    Reviewed-by: Matt Caswell <[email protected]>
                    Reviewed-by: Richard Levitte <[email protected]>

                commit 20af01d46ca4086f6b1339b67c15c81d8b4a040d
                Author: Fraser Tweedale <[email protected]>
                Date:   Wed Jun 15 10:50:57 2022 +1000

                    Fix documentation of BIO_FLAGS_BASE64_NO_NL

                    Commit 8bfb7506d210841f2ee4eda8afe96441a0e33fa5 updated
                    `BIO_f_base64(3)` to improve the documentation of the
                    `BIO_FLAGS_BASE64_NO_NL` flag.  In particular, the updated text
                    states that when this flag is used, all newlines in the input are
                    ignored.  This is incorrect, as the following program proves:

                    ```c

                    unsigned char *in_buf =
                        "IlRoZSBxdWljayBicm93biBmb3gganVt\ncHMgb3ZlciBhIGxhenkgZG9nLiI=\n";

                    int main(int argc, char **argv) {
                        BIO *b64 = BIO_new(BIO_f_base64());
                        if (b64 == NULL) return 1;
                        BIO_set_flags(b64, BIO_get_flags(b64) | BIO_FLAGS_BASE64_NO_NL);
                        int in_len = strlen(in_buf);
                        BIO *in = BIO_new_mem_buf(in_buf, in_len);
                        if (in == NULL) return 2;
                        in = BIO_push(b64, in);
                        unsigned char *out_buf = calloc(in_len, sizeof(unsigned char));
                        if (out_buf == NULL) return 3;
                        size_t out_len;
                        int r = BIO_read_ex(in, out_buf, in_len, &out_len);
                        printf("rv = %d\n", r);
                        printf("decoded = %s\n", out_buf);
                        return 0;
                    }
                    ```

                    Update the text of `BIO_f_base64(3)` to clarify that when the flag
                    is set, the data must be all on one line (with or without a trailing
                    newline character).

                    Signed-off-by: Fraser Tweedale <[email protected]>

                    Reviewed-by: Paul Dale <[email protected]>
                    Reviewed-by: Tomas Mraz <[email protected]>
                    (Merged from https://github.com/openssl/openssl/pull/18568)

                    (cherry picked from commit 0edcbacca99ab2b716da395f204610fc2775ea83)

                commit 8438d3a7b7309cbea521d3628fddeda7bd6d6e20
                Author: Tomas Mraz <[email protected]>
                Date:   Thu Jun 9 16:20:05 2022 +0200

                    Add an extra reduction step to RSAZ mod_exp implementations

                    Inspired by BoringSSL fix by David Benjamin.

                    Reviewed-by: Matt Caswell <[email protected]>
                    Reviewed-by: Paul Dale <[email protected]>
                    (Merged from https://github.com/openssl/openssl/pull/18511)

                commit 0ed27fb7a8d85685cb671bf0a1e41bcdfc2624dc
                Author: Tomas Mraz <[email protected]>
                Date:   Thu Jun 9 12:34:55 2022 +0200

                    Always end BN_mod_exp_mont_consttime with normal Montgomery reduction.

                    This partially fixes a bug where, on x86_64, BN_mod_exp_mont_consttime
                    would sometimes return m, the modulus, when it should have returned
                    zero. Thanks to Guido Vranken for reporting it. It is only a partial fix
                    because the same bug also exists in the "rsaz" codepath.

                    The bug only affects zero outputs (with non-zero inputs), so we believe
                    it has no security impact on our cryptographic functions.

                    The fx is to delete lowercase bn_from_montgomery altogether, and have the
                    mont5 path use the same BN_from_montgomery ending as the non-mont5 path.
                    This only impacts the final step of the whole exponentiation and has no
                    measurable perf impact.

                    See the original BoringSSL commit
                    https://boringssl.googlesource.com/boringssl/+/13c9d5c69d04485a7a8840c12185c832026c8315
                    for further analysis.

                    Original-author: David Benjamin <[email protected]>

                    Reviewed-by: Matt Caswell <[email protected]>
                    Reviewed-by: Paul Dale <[email protected]>
                    (Merged from https://github.com/openssl/openssl/pull/18511)

                commit 8f078819556da83c15751678c39558a59bc746fc
                Author: Matt Caswell <[email protected]>
                Date:   Thu Jun 9 16:57:30 2022 +0100

                    Fix a crash in X509v3_asid_subset()

                    If the asnum or rdi fields are NULL and the ASIdentifiers are otherwise
                    subsets then this will result in a crash. Of note is that rdi will usually
                    be NULL.

                    Reported by Theo Buehler (@botovq)

                    Reviewed-by: Tomas Mraz <[email protected]>
                    Reviewed-by: Paul Yang <[email protected]>
                    Reviewed-by: Todd Short <[email protected]>
                    (Merged from https://github.com/openssl/openssl/pull/18514)

                    (cherry picked from commit 01fc9b6bce82f0534d6673659a0e59a71f57ee82)

                commit ab7d05617a444cfcf4f930f81caa4cf66495ab9b
                Author: Tomas Mraz <[email protected]>
                Date:   Thu Jun 2 18:12:05 2022 +0200

                    Update further expiring certificates that affect tests

                    Namely the smime certificates used in test_cms
                    will expire soon and affect tests.

                    Fixes #15179

                    Reviewed-by: Dmitry Belyavskiy <[email protected]>
                    Reviewed-by: Paul Dale <[email protected]>
                    (Merged from https://github.com/openssl/openssl/pull/18481)

                commit 3bd976551e549c030bdbd150c7aa8a1980cb00fe
                Author: Tomas Mraz <[email protected]>
                Date:   Tue Mar 29 13:31:34 2022 +0200

                    Fix strict client chain check with TLS-1.3

                    When TLS-1.3 is used and the server does not send any CA names
                    the ca_dn will be NULL. sk_X509_NAME_num() returns -1 on null
                    argument.

                    Reviewed-by: Todd Short <[email protected]>
                    Reviewed-by: Matt Caswell <[email protected]>
                    (Merged from https://github.com/openssl/openssl/pull/17986)

                    (cherry picked from commit 89dd85430770d39cbfb15eb586c921958ca7687f)

                commit b7ce611887cfac633aacc052b2e71a7f195418b8
                Author: Tomas Mraz <[email protected]>
                Date:   Wed Jun 1 13:06:46 2022 +0200

                    ct_test.c: Update the epoch time

                    Reviewed-by: Matt Caswell <[email protected]>
                    Reviewed-by: Dmitry Belyavskiy <[email protected]>
                    (Merged from https://github.com/openssl/openssl/pull/18446)

                commit 73db5d82489b3ec09ccc772dfcee14fef0e8e908
                Author: Tomas Mraz <[email protected]>
                Date:   Wed Jun 1 12:47:44 2022 +0200

                    Update expired SCT certificates

                    Reviewed-by: Matt Caswell <[email protected]>
                    Reviewed-by: Dmitry Belyavskiy <[email protected]>
                    (Merged from https://github.com/openssl/openssl/pull/18446)

                commit 8754fa5f60ac4fdb5127f2eded9c7bbe0651c880
                Author: Bernd Edlinger <[email protected]>
                Date:   Sat May 21 07:50:46 2022 +0200

                    Fix a memory leak in crl_set_issuers

                    This can be reproduced with my error injection patch.

                    The test vector has been validated on the 1.1.1 branch
                    but the issue is of course identical in all branches.

                    $ ERROR_INJECT=1653520461 ../util/shlib_wrap.sh ./cms-test ./corpora/cms/3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1
                    log file: cms-3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1-32454-test.out
                    ERROR_INJECT=1653520461
                        #0 0x7fd5d8b8eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
                        #1 0x402fc4 in my_realloc fuzz/test-corpus.c:129
                        #2 0x7fd5d8893c49 in sk_reserve crypto/stack/stack.c:198
                        #3 0x7fd5d8893c49 in OPENSSL_sk_insert crypto/stack/stack.c:242
                        #4 0x7fd5d88d6d7f in sk_GENERAL_NAMES_push include/openssl/x509v3.h:168
                        #5 0x7fd5d88d6d7f in crl_set_issuers crypto/x509/x_crl.c:111
                        #6 0x7fd5d88d6d7f in crl_cb crypto/x509/x_crl.c:246
                        #7 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
                        #8 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                        #9 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                        #10 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
                        #11 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
                        #12 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                        #13 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                        #14 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
                        #15 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                        #16 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                        #17 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                        #18 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
                        #19 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                        #20 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
                        #21 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
                        #22 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
                        #23 0x402845 in FuzzerTestOneInput fuzz/cms.c:43
                        #24 0x402bbb in testfile fuzz/test-corpus.c:182
                        #25 0x402626 in main fuzz/test-corpus.c:226
                        #26 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
                        #27 0x402706  (/home/ed/OPC/openssl/fuzz/cms-test+0x402706)

                    =================================================================
                    ==29625==ERROR: LeakSanitizer: detected memory leaks

                    Direct leak of 32 byte(s) in 1 object(s) allocated from:
                        #0 0x7fd5d8b8309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
                        #1 0x7fd5d87c2430 in CRYPTO_zalloc crypto/mem.c:230
                        #2 0x7fd5d889501f in OPENSSL_sk_new_reserve crypto/stack/stack.c:209
                        #3 0x7fd5d85dcbc3 in sk_ASN1_VALUE_new_null include/openssl/asn1t.h:928
                        #4 0x7fd5d85dcbc3 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:577
                        #5 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                        #6 0x7fd5d85db104 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:178
                        #7 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
                        #8 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
                        #9 0x7fd5d88f86d9 in X509V3_EXT_d2i crypto/x509v3/v3_lib.c:142
                        #10 0x7fd5d88d6d3c in crl_set_issuers crypto/x509/x_crl.c:97
                        #11 0x7fd5d88d6d3c in crl_cb crypto/x509/x_crl.c:246
                        #12 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
                        #13 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                        #14 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                        #15 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
                        #16 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
                        #17 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                        #18 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                        #19 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
                        #20 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                        #21 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                        #22 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                        #23 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
                        #24 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                        #25 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
                        #26 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
                        #27 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
                        #28 0x402845 in FuzzerTestOneInput fuzz/cms.c:43
                        #29 0x402bbb in testfile fuzz/test-corpus.c:182
                        #30 0x402626 in main fuzz/test-corpus.c:226
                        #31 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

                    SUMMARY: AddressSanitizer: 32 byte(s) leaked in 1 allocation(s).

                    Reviewed-by: Paul Dale <[email protected]>
                    Reviewed-by: Tomas Mraz <[email protected]>
                    (Merged from https://github.com/openssl/openssl/pull/18391)

                    (cherry picked from commit e9007e09792e3735d4973743634ff55d354fc7d8)

                commit 4a28f8451fbc1848fd2d1b99203a7c75876123f6
                Author: Bernd Edlinger <[email protected]>
                Date:   Sun May 22 20:12:56 2022 +0200

                    Fix a crash in ssl_security_cert_chain

                    Prior to the crash there is an out of memory error
                    in X509_verify_cert which makes the chain NULL or
                    empty.  The error is ignored by ssl_add_cert_chain,
                    and ssl_security_cert_chain crashes due to the
                    unchecked null pointer.

                    This is reproducible with my error injection patch.

                    The test vector has been validated on the 1.1.1 branch
                    but the issue is of course identical in all branches.

                    $ ERROR_INJECT=1652848273 ../util/shlib_wrap.sh ./server-test ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8# ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8
                        #0 0x7f3a8f766eba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
                        #1 0x403ba4 in my_malloc fuzz/test-corpus.c:114
                        #2 0x7f3a8f39a430 in CRYPTO_zalloc crypto/mem.c:230
                        #3 0x7f3a8f46bd3b in sk_reserve crypto/stack/stack.c:180
                        #4 0x7f3a8f46bd3b in OPENSSL_sk_insert crypto/stack/stack.c:242
                        #5 0x7f3a8f4a4fd8 in sk_X509_push include/openssl/x509.h:99
                        #6 0x7f3a8f4a4fd8 in X509_verify_cert crypto/x509/x509_vfy.c:286
                        #7 0x7f3a8fed726e in ssl_add_cert_chain ssl/statem/statem_lib.c:959
                        #8 0x7f3a8fed726e in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015
                        #9 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812
                        #10 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843
                        #11 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443
                        #12 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718
                        #13 0x403202 in FuzzerTestOneInput fuzz/server.c:740
                        #14 0x40371b in testfile fuzz/test-corpus.c:182
                        #15 0x402856 in main fuzz/test-corpus.c:226
                        #16 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
                        #17 0x402936  (/home/ed/OPC/openssl/fuzz/server-test+0x402936)

                    AddressSanitizer:DEADLYSIGNAL
                    =================================================================
                    ==8400==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000158 (pc 0x7f3a8f4d822f bp 0x7ffc39b76190 sp 0x7ffc39b760a0 T0)
                    ==8400==The signal is caused by a READ memory access.
                    ==8400==Hint: address points to the zero page.
                        #0 0x7f3a8f4d822f in x509v3_cache_extensions crypto/x509v3/v3_purp.c:386
                        #1 0x7f3a8f4d9d3a in X509_check_purpose crypto/x509v3/v3_purp.c:84
                        #2 0x7f3a8f4da02a in X509_get_extension_flags crypto/x509v3/v3_purp.c:921
                        #3 0x7f3a8feff7d2 in ssl_security_cert_sig ssl/t1_lib.c:2518
                        #4 0x7f3a8feff7d2 in ssl_security_cert ssl/t1_lib.c:2542
                        #5 0x7f3a8feffa03 in ssl_security_cert_chain ssl/t1_lib.c:2562
                        #6 0x7f3a8fed728d in ssl_add_cert_chain ssl/statem/statem_lib.c:963
                        #7 0x7f3a8fed728d in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015
                        #8 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812
                        #9 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843
                        #10 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443
                        #11 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718
                        #12 0x403202 in FuzzerTestOneInput fuzz/server.c:740
                        #13 0x40371b in testfile fuzz/test-corpus.c:182
                        #14 0x402856 in main fuzz/test-corpus.c:226
                        #15 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
                        #16 0x402936  (/home/ed/OPC/openssl/fuzz/server-test+0x402936)

                    AddressSanitizer can not provide additional info.
                    SUMMARY: AddressSanitizer: SEGV crypto/x509v3/v3_purp.c:386 in x509v3_cache_extensions
                    ==8400==ABORTING

                    Reviewed-by: Tomas Mraz <[email protected]>
                    Reviewed-by: Matt Caswell <[email protected]>
                    (Merged from https://github.com/openssl/openssl/pull/18376)

                    (cherry picked from commit dc0ef292f7df4ce0c49c64b47726a6768f9ac044)

                commit 59b8eca400d9ea7b77dc98fe08a91bbfe35d025a
                Author: Bernd Edlinger <[email protected]>
                Date:   Sat May 21 15:41:46 2022 +0200

                    Fix a memory leak in X509_issuer_and_serial_hash

                    This is reproducible with my error injection patch:

                    $ ERROR_INJECT=1653267699 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/5f4034ae85d6587dcad4da3e812e80f3d312894d
                    ERROR_INJECT=1653267699
                        #0 0x7fd485a6ad4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36
                        #1 0x55c12d268724 in my_malloc fuzz/test-corpus.c:114
                        #2 0x7fd484f51a75 in CRYPTO_zalloc crypto/mem.c:230
                        #3 0x7fd484ed778d in EVP_DigestInit_ex crypto/evp/digest.c:139
                        #4 0x7fd4850a9849 in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:44
                        #5 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44
                        #6 0x55c12d268239 in testfile fuzz/test-corpus.c:182
                        #7 0x55c12d267c7f in main fuzz/test-corpus.c:226
                        #8 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308
                        #9 0x55c12d267e5d in _start (/home/ed/OPCToolboxV5/Source/Core/OpenSSL/openssl/fuzz/x509-test+0x3e5d)

                    =================================================================
                    ==1058475==ERROR: LeakSanitizer: detected memory leaks

                    Direct leak of 268 byte(s) in 1 object(s) allocated from:
                        #0 0x7fd485a5dc3e in __interceptor_realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:163
                        #1 0x7fd484d2eb9b in BUF_MEM_grow crypto/buffer/buffer.c:97
                        #2 0x7fd4850b2913 in X509_NAME_oneline crypto/x509/x509_obj.c:43
                        #3 0x7fd4850a982f in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:41
                        #4 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44
                        #5 0x55c12d268239 in testfile fuzz/test-corpus.c:182
                        #6 0x55c12d267c7f in main fuzz/test-corpus.c:226
                        #7 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308

                    SUMMARY: AddressSanitizer: 268 byte(s) leaked in 1 allocation(s).

                    Reviewed-by: Tomas Mraz <[email protected]>
                    Reviewed-by: Matt Caswell <[email protected]>
                    (Merged from https://github.com/openssl/openssl/pull/18370)

                commit e4b84b7514e5cbcbfc80e31b4ce609c7584e14bb
                Author: Bernd Edlinger <[email protected]>
                Date:   Fri May 20 16:54:41 2022 +0200

                    Fix undefined behaviour in EC_GROUP_new_from_ecparameters

                    This happens for instance with
                    fuzz/corpora/asn1/65cf44e85614c62f10cf3b7a7184c26293a19e4a
                    and causes the OPENSSL_malloc below to choke on the
                    zero length allocation request.

                    Reviewed-by: Matt Caswell <[email protected]>
                    Reviewed-by: Tomas Mraz <[email protected]>
                    (Merged from https://github.com/openssl/openssl/pull/18363)

                commit 8e1ece20cdb4a584be5311370256c4e813c09826
                Author: Bernd Edlinger <[email protected]>
                Date:   Fri May 20 16:15:44 2022 +0200

                    Fix a memory leak in ec_key_simple_oct2priv

                    This is reproducible with my error injection patch:

                    $ ERROR_INJECT=1652710284 ../util/shlib_wrap.sh ./server-test ./corpora/server/4e48da8aecce6b9b58e8e4dbbf0523e6d2dd56dc
                    140587884632000:error:03078041:bignum routines:bn_expand_internal:malloc failure:crypto/bn/bn_lib.c:282:
                    140587884632000:error:10103003:elliptic curve routines:ec_key_simple_oct2priv:BN lib:crypto/ec/ec_key.c:662:
                    140587884632000:error:100DE08E:elliptic curve routines:old_ec_priv_decode:decode error:crypto/ec/ec_ameth.c:464:
                    140587884632000:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1149:
                    140587884632000:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:309:Type=X509_ALGOR
                    140587884632000:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:Field=pkeyalg, Type=PKCS8_PRIV_KEY_INFO
                    140587884632000:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:crypto/pem/pem_pkey.c:88:

                    =================================================================
                    ==19676==ERROR: LeakSanitizer: detected memory leaks

                    Direct leak of 24 byte(s) in 1 object(s) allocated from:
                        #0 0x7fdd2a6bb09f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
                        #1 0x7fdd2a2fa430 in CRYPTO_zalloc crypto/mem.c:230
                        #2 0x7fdd2a15df11 in BN_new crypto/bn/bn_lib.c:246
                        #3 0x7fdd2a15df88 in BN_secure_new crypto/bn/bn_lib.c:257
                        #4 0x7fdd2a247390 in ec_key_simple_oct2priv crypto/ec/ec_key.c:655
                        #5 0x7fdd2a241fc5 in d2i_ECPrivateKey crypto/ec/ec_asn1.c:1030
                        #6 0x7fdd2a23dac5 in old_ec_priv_decode crypto/ec/ec_ameth.c:463
                        #7 0x7fdd2a109db7 in d2i_PrivateKey crypto/asn1/d2i_pr.c:46
                        #8 0x7fdd2a33ab16 in PEM_read_bio_PrivateKey crypto/pem/pem_pkey.c:84
                        #9 0x7fdd2a3330b6 in PEM_read_bio_ECPrivateKey crypto/pem/pem_all.c:151
                        #10 0x402dba in FuzzerTestOneInput fuzz/server.c:592
                        #11 0x40370b in testfile fuzz/test-corpus.c:182
                        #12 0x402846 in main fuzz/test-corpus.c:226
                        #13 0x7fdd297b9f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

                    SUMMARY: AddressSanitizer: 24 byte(s) leaked in 1 allocation(s).

                    Reviewed-by: Tomas Mraz <[email protected]>
                    Reviewed-by: Matt Caswell <[email protected]>
                    (Merged from https://github.com/openssl/openssl/pull/18361)

                commit 8e60f41d064786f95440e4c56660ffe9777783d7
                Author: Bernd Edlinger <[email protected]>
                Date:   Fri May 20 08:02:47 2022 +0200

                    Fix a crash in asn1_item_embed_new

                    This happens usually if an template object is created
                    and there is an out of memory error before the ASN1_OP_NEW_POST
                    method is called, but asn1_item_embed_free calls now the
                    ASN1_OP_FREE_POST which may crash because the object is not
                    properly initialized.  Apparently that is only an issue with
                    the ASN1_OP_FREE_POST handling of crypot/x509/x_crl.c, which
                    ought to be tolerant to incomplete initialized objects.

                    The error can be reproduced with the reproducible error injection patch:

                    $ ERROR_INJECT=1652890550 ../util/shlib_wrap.sh ./asn1-test ./corpora/asn1/0ff17293911f54d1538b9896563a4048d67d9ee4
                        #0 0x7faae9dbeeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
                        #1 0x408dc4 in my_malloc fuzz/test-corpus.c:114
                        #2 0x7faae99f2430 in CRYPTO_zalloc crypto/mem.c:230
                        #3 0x7faae97f09e5 in ASN1_STRING_type_new crypto/asn1/asn1_lib.c:341
                        #4 0x7faae98118f7 in asn1_primitive_new crypto/asn1/tasn_new.c:318
                        #5 0x7faae9812401 in asn1_item_embed_new crypto/asn1/tasn_new.c:78
                        #6 0x7faae9812401 in asn1_template_new crypto/asn1/tasn_new.c:240
                        #7 0x7faae9812315 in asn1_item_embed_new crypto/asn1/tasn_new.c:137
                        #8 0x7faae9812315 in asn1_template_new crypto/asn1/tasn_new.c:240
                        #9 0x7faae9812a54 in asn1_item_embed_new crypto/asn1/tasn_new.c:137
                        #10 0x7faae9812a54 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39
                        #11 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325
                        #12 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
                        #13 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                        #14 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                        #15 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                        #16 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
                        #17 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                        #18 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
                        #19 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
                        #20 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301
                        #21 0x40893b in testfile fuzz/test-corpus.c:182
                        #22 0x406b86 in main fuzz/test-corpus.c:226
                        #23 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

                    AddressSanitizer:DEADLYSIGNAL
                    =================================================================
                    ==1194==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc 0x7faae9b0625f bp 0x7fffffe41a00 sp 0x7fffffe41920 T0)
                    ==1194==The signal is caused by a READ memory access.
                    ==1194==Hint: address points to the zero page.
                        #0 0x7faae9b0625f in crl_cb crypto/x509/x_crl.c:258
                        #1 0x7faae9811255 in asn1_item_embed_free crypto/asn1/tasn_fre.c:113
                        #2 0x7faae9812a65 in asn1_item_embed_new crypto/asn1/tasn_new.c:150
                        #3 0x7faae9812a65 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39
                        #4 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325
                        #5 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
                        #6 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                        #7 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                        #8 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                        #9 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
                        #10 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                        #11 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
                        #12 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
                        #13 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301
                        #14 0x40893b in testfile fuzz/test-corpus.c:182
                        #15 0x406b86 in main fuzz/test-corpus.c:226
                        #16 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

                    AddressSanitizer can not provide additional info.
                    SUMMARY: AddressSanitizer: SEGV crypto/x509/x_crl.c:258 in crl_cb
                    ==1194==ABORTING

                    Reviewed-by: Matt Caswell <[email protected]>
                    Reviewed-by: Tomas Mraz <[email protected]>
                    (Merged from https://github.com/openssl/openssl/pull/18360)

                    (cherry picked from commit 557825acd622f98fc21423aba092e374db84f483)

                commit 17519e2595b5ed8211a7763ff6eb2d6cf47c13cb
                Author: Bernd Edlinger <[email protected]>
                Date:   Thu May 19 15:50:28 2022 +0200

                    Backport a missing bug-fix from master

                    This is a backport of the following commit from master:

                    commit 61b0fead5e6079ca826594df5b9ca00e65883cb0
                    Author: Matt Caswell <[email protected]>
                    Date:   Thu Nov 19 13:58:21 2020 +0000

                        Don't Overflow when printing Thawte Strong Extranet Version

                        When printing human readable info on the Thawte Strong Extranet extension
                        the version number could overflow if the version number == LONG_MAX. This
                        is undefined behaviour.

                        Issue found by OSSFuzz.

                        Reviewed-by: Ben Kaduk <[email protected]>
                        (Merged from https://github.com/openssl/openssl/pull/13452)

                    Reviewed-by: Matt Caswell <[email protected]>
                    Reviewed-by: Tomas Mraz <[email protected]>
                    (Merged from https://github.com/openssl/openssl/pull/18347)

                commit 03ba56f1525c93eb3dfe72f85cdc698b97918e59
                Author: Bernd Edlinger <[email protected]>
                Date:   Thu May 19 10:59:25 2022 +0200

                    Backport some fuzzing data files from master

                    This is a backport of the following commit from master:

                    commit 415e6ac80405e13b20b083315747e431274fbd33
                    Author: Tavis Ormandy <[email protected]>
                    Date:   Tue Sep 21 15:48:27 2021 -0700

                        increase x509 code coverage metrics

                        Reviewed-by: Matt Caswell <[email protected]>
                        Reviewed-by: Tomas Mraz <[email protected]>
                        (Merged from https://github.com/openssl/openssl/pull/16651)

                    Reviewed-by: Matt Caswell <[email protected]>
                    Reviewed-by: Tomas Mraz <[email protected]>
                    (Merged from https://github.com/openssl/openssl/pull/18347)

                commit e04ba889594d84a8805f3d0caeadf0527470e508
                Author: Daniel Fiala <[email protected]>
                Date:   Tue May 10 08:46:37 2022 +0000

                    s_serve: Report an error if init-connection fails without an attempt to read.

                    Fixes: openssl#18047.

                    Reviewed-by: Paul Dale <[email protected]>
                    Reviewed-by: Tomas Mraz <[email protected]>
                    (Merged from https://github.com/openssl/openssl/pull/18283)

                commit 6ef91d8153e04a2302bff11b29caf7e888b62fe8
                Author: basavesh <[email protected]>
                Date:   Tue Apr 5 17:49:09 2022 +0200

                    Fix leakage when the cacheline is 32-bytes in CBC_MAC_ROTATE_IN_PLACE

                    rotated_mac is a 64-byte aligned buffer of size 64 and rotate_offset is secret.
                    Consider a weaker leakage model(CL) where only cacheline base address is leaked,
                    i.e address/32 for 32-byte cacheline(CL32).

                    Previous code used to perform two loads
                        1. rotated_mac[rotate_offset ^ 32] and
                        2. rotated_mac[rotate_offset++]
                    which would leak 2q + 1, 2q for 0 <= rotate_offset < 32
                    and 2q, 2q + 1 for 32 <= rotate_offset < 64

                    The proposed fix performs load operations which will always leak 2q, 2q + 1 and
                    selects the appropriate value in constant-time.

                    Reviewed-by: Matt Caswell <[email protected]>
                    Reviewed-by: Tomas Mraz <[email protected]>
                    (Merged from https://github.com/openssl/openssl/pull/18050)

                commit c7d6c08290b67cbeef2b4f636f04788ea405520a
                Author: Tomas Mraz <[email protected]>
                Date:   Fri Apr 29 17:02:19 2022 +0200

                    Add test for empty supported-groups extension

                    Reviewed-by: Paul Dale <[email protected]>
                    Reviewed-by: Matt Caswell <[email protected]>
                    (Merged from https://github.com/openssl/openssl/pull/18213)

                commit bd164884f258d99ca876f6cdcdf9bd0dcceee6ad
                Author: Tomas Mraz <[email protected]>
                Date:   Fri Apr 29 16:36:36 2022 +0200

                    Do not send an empty supported groups extension

                    This allows handshake to proceed if the maximum TLS version enabled is <1.3

                    Fixes #13583

                    Reviewed-by: Paul Dale <[email protected]>
                    Reviewed-by: Matt Caswell <[email protected]>
                    (Merged from https://github.com/openssl/openssl/pull/18213)

                commit ac2d4cb656b3a796db3dc6f8873e91e67907372d
                Author: Allan Jude <[email protected]>
                Date:   Fri Nov 19 19:06:52 2021 +0000

                    1_1_1-stable: Detect arm64-*-*bsd and enable assembly optimizations

                    Reviewed-by: Paul Dale <[email protected]>
                    Reviewed-by: Dmitry Belyavskiy <[email protected]>
                    Reviewed-by: Tomas Mraz <[email protected]>
                    (Merged from https://github.com/openssl/openssl/pull/17085)

                commit ec1b4bf26c1b2440546f323873c578374f60b2de
                Author: Hugo Landau <[email protected]>
                Date:   Wed Apr 27 10:11:08 2022 +0100

                    (1.1) Add SSL_(CTX_)?get0_(verify|chain)_cert_store functions

                    Backport of #18038 to 1.1.

                    Fixes #18035.

                    Reviewed-by: Tomas Mraz <[email protected]>
                    Reviewed-by: Dmitry Belyavskiy <[email protected]>
                    (Merged from https://github.com/openssl/openssl/pull/18190)

                commit 988c7b2d9361dd0ade5ef7ef068fb4ed770ce2a2
                Author: Matt Caswell <[email protected]>
                Date:   Tue May 3 14:41:23 2022 +0100

                    Prepare for 1.1.1p-dev

                    Reviewed-by: Tomas Mraz <[email protected]>
                    Release: yes

            commit 5ea6414f0bf861e8fece53b5bf35c849bad64774
            Author: Randall S. Becker <[email protected]>
            Date:   Wed Jun 22 06:26:40 2022 -0600

                Squashed commit of the following:

                commit 8aaca20cf9996257d1ce2e6f4d3059b3698dde3d
                Author: Matt Caswell <[email protected]>
                Date:   Tue Jun 21 14:39:39 2022 +0100

                    Prepare for 1.1.1p release

                    Reviewed-by: Richard Levitte <[email protected]>
                    Release: yes

                commit a3fc812c0c78e2f5db8b9d45bddaff62dfc958ae
                Author: Matt Caswell <[email protected]>
                Date:   Tue Jun 21 14:07:32 2022 +0100

                    Update copyright year

                    Reviewed-by: Richard Levitte <[email protected]>
                    Release: yes

                commit 51e06520734063d6f52b2e596e1089d36d3781e7
                Author: Matt Caswell <[email protected]>
                Date:   Mon Jun 20 14:14:20 2022 +0100

                    Update CHANGES and NEWS for new release

                    Reviewed-by: Tomas Mraz <[email protected]>
                    Release: yes

                commit 9639817dac8bbbaa64d09efad7464ccc405527c7
                Author: Daniel Fiala <[email protected]>
                Date:   Sun May 29 20:11:24 2022 +0200

                    Fix file operations in c_rehash.

                    CVE-2022-2068

                    Reviewed-by: Matt Caswell <[email protected]>
                    Reviewed-by: Richard Levitte <[email protected]>

                commit 20af01d46ca4086f6b1339b67c15c81d8b4a040d
                Author: Fraser Tweedale <[email protected]>
                Date:   Wed Jun 15 10:50:57 2022 +1000

                    Fix documentation of BIO_FLAGS_BASE64_NO_NL

                    Commit 8bfb7506d210841f2ee4eda8afe96441a0e33fa5 updated
                    `BIO_f_base64(3)` to improve the documentation of the
                    `BIO_FLAGS_BASE64_NO_NL` flag.  In particular, the updated text
                    states that when this flag is used, all newlines in the input are
                    ignored.  This is incorrect, as the following program proves:

                    ```c

                    unsigned char *in_buf =
                        "IlRoZSBxdWljayBicm93biBmb3gganVt\ncHMgb3ZlciBhIGxhenkgZG9nLiI=\n";

                    int main(int argc, char **argv) {
                        BIO *b64 = BIO_new(BIO_f_base64());
                        if (b64 == NULL) return 1;
                        BIO_set_flags(b64, BIO_get_flags(b64) | BIO_FLAGS_BASE64_NO_NL);
                        int in_len = strlen(in_buf);
                        BIO *in = BIO_new_mem_buf(in_buf, in_len);
                        if (in == NULL) return 2;
                        in = BIO_push(b64, in);
                        unsigned char *out_buf = calloc(in_len, sizeof(unsigned char));
                        if (out_buf == NULL) return 3;
                        size_t out_len;
                        int r = BIO_read_ex(in, out_buf, in_len, &out_len);
                        printf("rv = %d\n", r);
                        printf("decoded = %s\n", out_buf);
                        return 0;
                    }
                    ```

                    Update the text of `BIO_f_base64(3)` to clarify that when the flag
                    is set, the data must be all on one line (with or without a trailing
                    newline character).

                    Signed-off-by: Fraser Tweedale <[email protected]>

                    Reviewed-by: Paul Dale <[email protected]>
                    Reviewed-by: Tomas Mraz <[email protected]>
                    (Merged from https://github.com/openssl/openssl/pull/18568)

                    (cherry picked from commit 0edcbacca99ab2b716da395f204610fc2775ea83)

                commit 8438d3a7b7309cbea521d3628fddeda7bd6d6e20
                Author: Tomas Mraz <[email protected]>
                Date:   Thu Jun 9 16:20:05 2022 +0200

                    Add an extra reduction step to RSAZ mod_exp implementations

                    Inspired by BoringSSL fix by David Benjamin.

                    Reviewed-by: Matt Caswell <[email protected]>
                    Reviewed-by: Paul Dale <[email protected]>
                    (Merged from https://github.com/openssl/openssl/pull/18511)

                commit 0ed27fb7a8d85685cb671bf0a1e41bcdfc2624dc
                Author: Tomas Mraz <[email protected]>
                Date:   Thu Jun 9 12:34:55 2022 +0200

                    Always end BN_mod_exp_mont_consttime with normal Montgomery reduction.

                    This partially fixes a bug where, on x86_64, BN_mod_exp_mont_consttime
                    would sometimes return m, the modulus, when it should have returned
                    zero. Thanks to Guido Vranken for reporting it. It is only a partial fix
                    because the same bug also exists in the "rsaz" codepath.

                    The bug only affects zero outputs (with non-zero inputs), so we believe
                    it has no security impact on our cryptographic functions.

                    The fx is to delete lowercase bn_from_montgomery altogether, and have the
                    mont5 path use the same BN_from_montgomery ending as the non-mont5 path.
                    This only impacts the final step of the whole exponentiation and has no
                    measurable perf impact.

                    See the original BoringSSL commit
                    https://boringssl.googlesource.com/boringssl/+/13c9d5c69d04485a7a8840c12185c832026c8315
                    for further analysis.

                    Original-author: David Benjamin <[email protected]>

                    Reviewed-by: Matt Caswell <[email protected]>
                    Reviewed-by: Paul Dale <[email protected]>
                    (Merged from https://github.com/openssl/openssl/pull/18511)

                commit 8f078819556da83c15751678c39558a59bc746fc
                Author: Matt Caswell <[email protected]>
                Date:   Thu Jun 9 16:57:30 2022 +0100

                    Fix a crash in X509v3_asid_subset()

                    If the asnum or rdi fields are NULL and the ASIdentifiers are otherwise
                    subsets then this will result in a crash. Of note is that rdi will usually
                    be NULL.

                    Reported by Theo Buehler (@botovq)

                    Reviewed-by: Tomas Mraz <[email protected]>
                    Reviewed-by: Paul Yang <[email protected]>
                    Reviewed-by: Todd Short <[email protected]>
                    (Merged from https://github.com/openssl/openssl/pull/18514)

                    (cherry picked from commit 01fc9b6bce82f0534d6673659a0e59a71f57ee82)

                commit ab7d05617a444cfcf4f930f81caa4cf66495ab9b
                Author: Tomas Mraz <[email protected]>
                Date:   Thu Jun 2 18:12:05 2022 +0200

                    Update further expiring certificates that affect tests

                    Namely the smime certificates used in test_cms
                    will expire soon and affect tests.

                    Fixes #15179

                    Reviewed-by: Dmitry Belyavskiy <[email protected]>
                    Reviewed-by: Paul Dale <[email protected]>
                    (Merged from https://github.com/openssl/openssl/pull/18481)

                commit 3bd976551e549c030bdbd150c7aa8a1980cb00fe
                Author: Tomas Mraz <[email protected]>
                Date:   Tue Mar 29 13:31:34 2022 +0200

     …

commit 84ef302bbb2c1bb9a3c10abfd31984e2a8731e7f
Author: Randall S. Becker <[email protected]>
Date:   Tue May 30 08:30:00 2023 -0600

    Merged OpenSSL 1.1.1u with ituglib_release

    commit 65be16881b71f4d66c77664775c93340a7b89c6d
    Author: Randall S. Becker <[email protected]>
    Date:   Tue Feb 7 09:13:22 2023 -0700

        Squashed commit of the following:

        commit 44ea69d6aadbbf9b951335e5ed296eed019e9ffe
        Author: Randall S. Becker <[email protected]>
        Date:   Wed Nov 2 12:49:30 2022 -0600

            Squashed commit of the following:

            commit 1b3fb89163127047b0f99412b8a31522215b3bea
            Author: Randall S. Becker <[email protected]>
            Date:   Tue Oct 11 11:17:39 2022 -0600

                Squashed commit of the following:

                commit 6fd6179191702eb0562ccbfb22a37405c669b90e
                Author: Randall S. Becker <[email protected]>
                Date:   Tue Jul 5 17:50:13 2022 -0400

                    Missed include on NonStop for memcmp in test/v3ext.c

                commit d97281f16602e50f040756029b555645315253df
                Author: Randall S. Becker <[email protected]>
                Date:   Tue Jul 5 10:37:54 2022 -0400

                    Squashed commit of the following:

                    commit 29708a562a1887a91de0fa6ca668c71871accde9
                    Author: Richard Levitte <[email protected]>
                    Date:   Tue Jul 5 11:08:33 2022 +0200

                        Prepare for 1.1.1q release

                        Reviewed-by: Paul Dale <[email protected]>
                        Release: yes

                    commit 95a17c0ead00885452d13309eaffd04c1737d05d
                    Author: Richard Levitte <[email protected]>
                    Date:   Tue Jul 5 10:33:00 2022 +0200

                        Update copyright year

                        Reviewed-by: Paul Dale <[email protected]>
                        Release: yes

                    commit 78ba51a3b8b505d8d03abca8fa95e4fb1464d94e
                    Author: Richard Levitte <[email protected]>
                    Date:   Tue Jul 5 10:25:00 2022 +0200

                        Update CHANGES and NEWS for upcoming release 1.1.1q

                        Reviewed-by: Paul Dale <[email protected]>
                        Release: yes

                    commit 9131afdca30b6d1650af9ea6179569a80ab8cb06
                    Author: Alex Chernyakhovsky <[email protected]>
                    Date:   Thu Jun 16 12:02:37 2022 +1000

                        AES OCB test vectors

                        Add test vectors for AES OCB for x86 AES-NI multiple of 96 byte issue.

                        Co-authored-by: Alejandro Sedeño <[email protected]>
                        Co-authored-by: David Benjamin <[email protected]>

                        Reviewed-by: Paul Dale <[email protected]>
                        Reviewed-by: Tomas Mraz <[email protected]>

                    commit 919925673d6c9cfed3c1085497f5dfbbed5fc431
                    Author: Alex Chernyakhovsky <[email protected]>
                    Date:   Thu Jun 16 12:00:22 2022 +1000

                        Fix AES OCB encrypt/decrypt for x86 AES-NI

                        aesni_ocb_encrypt and aesni_ocb_decrypt operate by having a fast-path
                        that performs operations on 6 16-byte blocks concurrently (the
                        "grandloop") and then proceeds to handle the "short" tail (which can
                        be anywhere from 0 to 5 blocks) that remain.

                        As part of initialization, the assembly initializes $len to the true
                        length, less 96 bytes and converts it to a pointer so that the $inp
                        can be compared to it. Each iteration of "grandloop" checks to see if
                        there's a full 96-byte chunk to process, and if so, continues. Once
                        this has been exhausted, it falls through to "short", which handles
                        the remaining zero to five blocks.

                        Unfortunately, the jump at the end of "grandloop" had a fencepost
                        error, doing a `jb` ("jump below") rather than `jbe` (jump below or
                        equal). This should be `jbe`, as $inp is pointing to the *end* of the
                        chunk currently being handled. If $inp == $len, that means that
                        there's a whole 96-byte chunk waiting to be handled. If $inp > $len,
                        then there's 5 or fewer 16-byte blocks left to be handled, and the
                        fall-through is intended.

                        The net effect of `jb` instead of `jbe` is that the last 16-byte block
                        of the last 96-byte chunk was completely omitted. The contents of
                        `out` in this position were never written to. Additionally, since
                        those bytes were never processed, the authentication tag generated is
                        also incorrect.

                        The same fencepost error, and identical logic, exists in both
                        aesni_ocb_encrypt and aesni_ocb_decrypt.

                        This addresses CVE-2022-2097.

                        Co-authored-by: Alejandro Sedeño <[email protected]>
                        Co-authored-by: David Benjamin <[email protected]>

                        Reviewed-by: Paul Dale <[email protected]>
                        Reviewed-by: Tomas Mraz <[email protected]>

                    commit 6495cab1c876ad80ce983d848ccaa1dc286a63e1
                    Author: slontis <[email protected]>
                    Date:   Fri Jul 1 13:47:11 2022 +1000

                        Fix bn_gcd code to check return value when calling BN_one()

                        BN_one() uses the expand function which calls malloc which may fail.
                        All other places that reference BN_one() check the return value.

                        The issue is triggered by a memory allocation failure.
                        Detected by PR #18355

                        Reviewed-by: Tomas Mraz <[email protected]>
                        Reviewed-by: Paul Dale <[email protected]>
                        (Merged from https://github.com/openssl/openssl/pull/18697)

                        (cherry picked from commit 7fe7cc57af3db1e497877f0329ba17609b2efc8b)

                    commit 7a05fcb1fc276a7ecfe599d45655d4e617c5e2d4
                    Author: xkernel <[email protected]>
                    Date:   Mon Jun 20 17:46:39 2022 +0800

                        v3_sxnet: add a check for the return of i2s_ASN1_INTEGER()

                        Reviewed-by: Matt Caswell <[email protected]>
                        Reviewed-by: Ben Kaduk <[email protected]>
                        (Merged from https://github.com/openssl/openssl/pull/18608)

                        (cherry picked from commit 9ef1f848a646565d4dd86e56542cf921d4921ad9)

                    commit a1d80edcf830739131e0567dc03b1e80b7988b1e
                    Author: Matt Caswell <[email protected]>
                    Date:   Fri Jun 10 15:58:58 2022 +0100

                        Fix range_should_be_prefix() to actually return the correct result

                        range_should_be_prefix() was misidentifying whether an IP address range
                        should in fact be represented as a prefix. This was due to a bug introduced
                        in commit 42d7d7dd which made this incorrect change:

                        -    OPENSSL_assert(memcmp(min, max, length) <= 0);
                        +    if (memcmp(min, max, length) <= 0)
                        +        return -1;

                        This error leads to incorrect DER being encoded/accepted.

                        Reported by Theo Buehler (@botovq)

                        Reviewed-by: Paul Dale <[email protected]>
                        Reviewed-by: Tomas Mraz <[email protected]>
                        (Merged from https://github.com/openssl/openssl/pull/18524)

                        (cherry picked from commit 30532e59f475e0066c030693e4d614311a9e0cae)
                        (cherry picked from commit 2c6550c6db9b1b69dc24f968b4ceb534edcf4841)

                    commit 4c1cf6d39bb8e85658ac8c743dcff8ede730f76a
                    Author: Bernd Edlinger <[email protected]>
                    Date:   Fri Jun 17 10:25:24 2022 +0200

                        Fix compile issues in test/v3ext.c with no-rfc3779

                        There are no ASIdentifiers if OPENSSL_NO_RFC3779 is defined,
                        therefore the test cannot be compiled.

                        Reviewed-by: Matt Caswell <[email protected]>
                        Reviewed-by: Tomas Mraz <[email protected]>
                        Reviewed-by: Paul Dale <[email protected]>
                        (Merged from https://github.com/openssl/openssl/pull/18634)

                        (cherry picked from commit b76efe61ea9710a8f69e1cb8caf1aeb2ba6f1ebe)
                        (cherry picked from commit 665ab12ed3f0d78e7cb6a55cdd2b83a2fe150232)

                    commit 882573246695088d65956355ca6c954642dcac31
                    Author: olszomal <[email protected]>
                    Date:   Fri Jun 17 15:01:11 2022 +0200

                        SSL_get_current_cipher() and SSL_get_pending_cipher() return 'const SSL_CIPHER *'

                        Fix the documentation.

                        CLA: trivial

                        Reviewed-by: Matt Caswell <[email protected]>
                        Reviewed-by: Todd Short <[email protected]>
                        Reviewed-by: Paul Dale <[email protected]>
                        Reviewed-by: Tomas Mraz <[email protected]>
                        (Merged from https://github.com/openssl/openssl/pull/18599)

                        (cherry picked from commit d842b6eff0940b6ce337536cb718a8d561290f50)

                    commit 6c8879c8bf6030666c851623f93fff03c1266715
                    Author: Bernd Edlinger <[email protected]>
                    Date:   Wed Jun 22 17:05:55 2022 +0200

                        Fix a memory leak in EC_GROUP_new_from_ecparameters

                        This can be reproduced with my error injection patch.

                        The test vector has been validated on the 1.1.1 branch
                        but the issue is of course identical in all branches.

                        $ ERROR_INJECT=1656112173 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/fe543a8d7e09109a9a08114323eefec802ad79e2
                            #0 0x7fb61945eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
                            #1 0x402f84 in my_malloc fuzz/test-corpus.c:114
                            #2 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
                            #3 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280
                            #4 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304
                            #5 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454
                            #6 0x7fb618e7aa13 in asn1_string_to_bn crypto/asn1/a_int.c:503
                            #7 0x7fb618e7aa13 in ASN1_INTEGER_to_BN crypto/asn1/a_int.c:559
                            #8 0x7fb618fd8e79 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:814
                            #9 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
                            #10 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
                            #11 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
                            #12 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
                            #13 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
                            #14 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
                            #15 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
                            #16 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
                            #17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                            #18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                            #19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                            #20 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                            #21 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                            #22 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                            #23 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
                            #24 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
                            #25 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
                            #26 0x402afb in testfile fuzz/test-corpus.c:182
                            #27 0x402656 in main fuzz/test-corpus.c:226
                            #28 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
                            #29 0x402756  (/home/ed/OPC/openssl/fuzz/x509-test+0x402756)

                        =================================================================
                        ==12221==ERROR: LeakSanitizer: detected memory leaks

                        Direct leak of 24 byte(s) in 1 object(s) allocated from:
                            #0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
                            #1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
                            #2 0x7fb618ef5f11 in BN_new crypto/bn/bn_lib.c:246
                            #3 0x7fb618ef82f4 in BN_bin2bn crypto/bn/bn_lib.c:440
                            #4 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618
                            #5 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
                            #6 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
                            #7 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
                            #8 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
                            #9 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
                            #10 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
                            #11 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
                            #12 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
                            #13 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                            #14 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                            #15 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                            #16 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                            #17 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                            #18 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                            #19 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
                            #20 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
                            #21 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
                            #22 0x402afb in testfile fuzz/test-corpus.c:182
                            #23 0x402656 in main fuzz/test-corpus.c:226
                            #24 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

                        Indirect leak of 56 byte(s) in 1 object(s) allocated from:
                            #0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
                            #1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
                            #2 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280
                            #3 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304
                            #4 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454
                            #5 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618
                            #6 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
                            #7 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
                            #8 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
                            #9 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
                            #10 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
                            #11 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
                            #12 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
                            #13 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
                            #14 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                            #15 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                            #16 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                            #17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                            #18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                            #19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                            #20 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
                            #21 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
                            #22 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
                            #23 0x402afb in testfile fuzz/test-corpus.c:182
                            #24 0x402656 in main fuzz/test-corpus.c:226
                            #25 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

                        SUMMARY: AddressSanitizer: 80 byte(s) leaked in 2 allocation(s).

                        Reviewed-by: Tomas Mraz <[email protected]>
                        Reviewed-by: Kurt Roeckx <[email protected]>
                        (Merged from https://github.com/openssl/openssl/pull/18632)

                    commit 7f77ecd2facbd9df62ed727fbd1f522376d44bd3
                    Author: Matt Caswell <[email protected]>
                    Date:   Tue Jun 21 14:39:48 2022 +0100

                        Prepare for 1.1.1q-dev

                        Reviewed-by: Richard Levitte <[email protected]>
                        Release: yes

                    commit 8aaca20cf9996257d1ce2e6f4d3059b3698dde3d
                    Author: Matt Caswell <[email protected]>
                    Date:   Tue Jun 21 14:39:39 2022 +0100

                        Prepare for 1.1.1p release

                        Reviewed-by: Richard Levitte <[email protected]>
                        Release: yes

                    commit a3fc812c0c78e2f5db8b9d45bddaff62dfc958ae
                    Author: Matt Caswell <[email protected]>
                    Date:   Tue Jun 21 14:07:32 2022 +0100

                        Update copyright year

                        Reviewed-by: Richard Levitte <[email protected]>
                        Release: yes

                    commit 51e06520734063d6f52b2e596e1089d36d3781e7
                    Author: Matt Caswell <[email protected]>
                    Date:   Mon Jun 20 14:14:20 2022 +0100

                        Update CHANGES and NEWS for new release

                        Reviewed-by: Tomas Mraz <[email protected]>
                        Release: yes

                    commit 9639817dac8bbbaa64d09efad7464ccc405527c7
                    Author: Daniel Fiala <[email protected]>
                    Date:   Sun May 29 20:11:24 2022 +0200

                        Fix file operations in c_rehash.

                        CVE-2022-2068

                        Reviewed-by: Matt Caswell <[email protected]>
                        Reviewed-by: Richard Levitte <[email protected]>

                    commit 20af01d46ca4086f6b1339b67c15c81d8b4a040d
                    Author: Fraser Tweedale <[email protected]>
                    Date:   Wed Jun 15 10:50:57 2022 +1000

                        Fix documentation of BIO_FLAGS_BASE64_NO_NL

                        Commit 8bfb7506d210841f2ee4eda8afe96441a0e33fa5 updated
                        `BIO_f_base64(3)` to improve the documentation of the
                        `BIO_FLAGS_BASE64_NO_NL` flag.  In particular, the updated text
                        states that when this flag is used, all newlines in the input are
                        ignored.  This is incorrect, as the following program proves:

                        ```c

                        unsigned char *in_buf =
                            "IlRoZSBxdWljayBicm93biBmb3gganVt\ncHMgb3ZlciBhIGxhenkgZG9nLiI=\n";

                        int main(int argc, char **argv) {
                            BIO *b64 = BIO_new(BIO_f_base64());
                            if (b64 == NULL) return 1;
                            BIO_set_flags(b64, BIO_get_flags(b64) | BIO_FLAGS_BASE64_NO_NL);
                            int in_len = strlen(in_buf);
                            BIO *in = BIO_new_mem_buf(in_buf, in_len);
                            if (in == NULL) return 2;
                            in = BIO_push(b64, in);
                            unsigned char *out_buf = calloc(in_len, sizeof(unsigned char));
                            if (out_buf == NULL) return 3;
                            size_t out_len;
                            int r = BIO_read_ex(in, out_buf, in_len, &out_len);
                            printf("rv = %d\n", r);
                            printf("decoded = %s\n", out_buf);
                            return 0;
                        }
                        ```

                        Update the text of `BIO_f_base64(3)` to clarify that when the flag
                        is set, the data must be all on one line (with or without a trailing
                        newline character).

                        Signed-off-by: Fraser Tweedale <[email protected]>

                        Reviewed-by: Paul Dale <[email protected]>
                        Reviewed-by: Tomas Mraz <[email protected]>
                        (Merged from https://github.com/openssl/openssl/pull/18568)

                        (cherry picked from commit 0edcbacca99ab2b716da395f204610fc2775ea83)

                    commit 8438d3a7b7309cbea521d3628fddeda7bd6d6e20
                    Author: Tomas Mraz <[email protected]>
                    Date:   Thu Jun 9 16:20:05 2022 +0200

                        Add an extra reduction step to RSAZ mod_exp implementations

                        Inspired by BoringSSL fix by David Benjamin.

                        Reviewed-by: Matt Caswell <[email protected]>
                        Reviewed-by: Paul Dale <[email protected]>
                        (Merged from https://github.com/openssl/openssl/pull/18511)

                    commit 0ed27fb7a8d85685cb671bf0a1e41bcdfc2624dc
                    Author: Tomas Mraz <[email protected]>
                    Date:   Thu Jun 9 12:34:55 2022 +0200

                        Always end BN_mod_exp_mont_consttime with normal Montgomery reduction.

                        This partially fixes a bug where, on x86_64, BN_mod_exp_mont_consttime
                        would sometimes return m, the modulus, when it should have returned
                        zero. Thanks to Guido Vranken for reporting it. It is only a partial fix
                        because the same bug also exists in the "rsaz" codepath.

                        The bug only affects zero outputs (with non-zero inputs), so we believe
                        it has no security impact on our cryptographic functions.

                        The fx is to delete lowercase bn_from_montgomery altogether, and have the
                        mont5 path use the same BN_from_montgomery ending as the non-mont5 path.
                        This only impacts the final step of the whole exponentiation and has no
                        measurable perf impact.

                        See the original BoringSSL commit
                        https://boringssl.googlesource.com/boringssl/+/13c9d5c69d04485a7a8840c12185c832026c8315
                        for further analysis.

                        Original-author: David Benjamin <[email protected]>

                        Reviewed-by: Matt Caswell <[email protected]>
                        Reviewed-by: Paul Dale <[email protected]>
                        (Merged from https://github.com/openssl/openssl/pull/18511)

                    commit 8f078819556da83c15751678c39558a59bc746fc
                    Author: Matt Caswell <[email protected]>
                    Date:   Thu Jun 9 16:57:30 2022 +0100

                        Fix a crash in X509v3_asid_subset()

                        If the asnum or rdi fields are NULL and the ASIdentifiers are otherwise
                        subsets then this will result in a crash. Of note is that rdi will usually
                        be NULL.

                        Reported by Theo Buehler (@botovq)

                        Reviewed-by: Tomas Mraz <[email protected]>
                        Reviewed-by: Paul Yang <[email protected]>
                        Reviewed-by: Todd Short <[email protected]>
                        (Merged from https://github.com/openssl/openssl/pull/18514)

                        (cherry picked from commit 01fc9b6bce82f0534d6673659a0e59a71f57ee82)

                    commit ab7d05617a444cfcf4f930f81caa4cf66495ab9b
                    Author: Tomas Mraz <[email protected]>
                    Date:   Thu Jun 2 18:12:05 2022 +0200

                        Update further expiring certificates that affect tests

                        Namely the smime certificates used in test_cms
                        will expire soon and affect tests.

                        Fixes #15179

                        Reviewed-by: Dmitry Belyavskiy <[email protected]>
                        Reviewed-by: Paul Dale <[email protected]>
                        (Merged from https://github.com/openssl/openssl/pull/18481)

                    commit 3bd976551e549c030bdbd150c7aa8a1980cb00fe
                    Author: Tomas Mraz <[email protected]>
                    Date:   Tue Mar 29 13:31:34 2022 +0200

                        Fix strict client chain check with TLS-1.3

                        When TLS-1.3 is used and the server does not send any CA names
                        the ca_dn will be NULL. sk_X509_NAME_num() returns -1 on null
                        argument.

                        Reviewed-by: Todd Short <[email protected]>
                        Reviewed-by: Matt Caswell <[email protected]>
                        (Merged from https://github.com/openssl/openssl/pull/17986)

                        (cherry picked from commit 89dd85430770d39cbfb15eb586c921958ca7687f)

                    commit b7ce611887cfac633aacc052b2e71a7f195418b8
                    Author: Tomas Mraz <[email protected]>
                    Date:   Wed Jun 1 13:06:46 2022 +0200

                        ct_test.c: Update the epoch time

                        Reviewed-by: Matt Caswell <[email protected]>
                        Reviewed-by: Dmitry Belyavskiy <[email protected]>
                        (Merged from https://github.com/openssl/openssl/pull/18446)

                    commit 73db5d82489b3ec09ccc772dfcee14fef0e8e908
                    Author: Tomas Mraz <[email protected]>
                    Date:   Wed Jun 1 12:47:44 2022 +0200

                        Update expired SCT certificates

                        Reviewed-by: Matt Caswell <[email protected]>
                        Reviewed-by: Dmitry Belyavskiy <[email protected]>
                        (Merged from https://github.com/openssl/openssl/pull/18446)

                    commit 8754fa5f60ac4fdb5127f2eded9c7bbe0651c880
                    Author: Bernd Edlinger <[email protected]>
                    Date:   Sat May 21 07:50:46 2022 +0200

                        Fix a memory leak in crl_set_issuers

                        This can be reproduced with my error injection patch.

                        The test vector has been validated on the 1.1.1 branch
                        but the issue is of course identical in all branches.

                        $ ERROR_INJECT=1653520461 ../util/shlib_wrap.sh ./cms-test ./corpora/cms/3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1
                        log file: cms-3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1-32454-test.out
                        ERROR_INJECT=1653520461
                            #0 0x7fd5d8b8eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
                            #1 0x402fc4 in my_realloc fuzz/test-corpus.c:129
                            #2 0x7fd5d8893c49 in sk_reserve crypto/stack/stack.c:198
                            #3 0x7fd5d8893c49 in OPENSSL_sk_insert crypto/stack/stack.c:242
                            #4 0x7fd5d88d6d7f in sk_GENERAL_NAMES_push include/openssl/x509v3.h:168
                            #5 0x7fd5d88d6d7f in crl_set_issuers crypto/x509/x_crl.c:111
                            #6 0x7fd5d88d6d7f in crl_cb crypto/x509/x_crl.c:246
                            #7 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
                            #8 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                            #9 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                            #10 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
                            #11 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
                            #12 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                            #13 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                            #14 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
                            #15 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                            #16 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                            #17 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                            #18 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
                            #19 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                            #20 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
                            #21 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
                            #22 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
                            #23 0x402845 in FuzzerTestOneInput fuzz/cms.c:43
                            #24 0x402bbb in testfile fuzz/test-corpus.c:182
                            #25 0x402626 in main fuzz/test-corpus.c:226
                            #26 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
                            #27 0x402706  (/home/ed/OPC/openssl/fuzz/cms-test+0x402706)

                        =================================================================
                        ==29625==ERROR: LeakSanitizer: detected memory leaks

                        Direct leak of 32 byte(s) in 1 object(s) allocated from:
                            #0 0x7fd5d8b8309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
                            #1 0x7fd5d87c2430 in CRYPTO_zalloc crypto/mem.c:230
                            #2 0x7fd5d889501f in OPENSSL_sk_new_reserve crypto/stack/stack.c:209
                            #3 0x7fd5d85dcbc3 in sk_ASN1_VALUE_new_null include/openssl/asn1t.h:928
                            #4 0x7fd5d85dcbc3 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:577
                            #5 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                            #6 0x7fd5d85db104 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:178
                            #7 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
                            #8 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
                            #9 0x7fd5d88f86d9 in X509V3_EXT_d2i crypto/x509v3/v3_lib.c:142
                            #10 0x7fd5d88d6d3c in crl_set_issuers crypto/x509/x_crl.c:97
                            #11 0x7fd5d88d6d3c in crl_cb crypto/x509/x_crl.c:246
                            #12 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
                            #13 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                            #14 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                            #15 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
                            #16 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
                            #17 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                            #18 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                            #19 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
                            #20 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                            #21 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                            #22 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                            #23 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
                            #24 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                            #25 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
                            #26 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
                            #27 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
                            #28 0x402845 in FuzzerTestOneInput fuzz/cms.c:43
                            #29 0x402bbb in testfile fuzz/test-corpus.c:182
                            #30 0x402626 in main fuzz/test-corpus.c:226
                            #31 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

                        SUMMARY: AddressSanitizer: 32 byte(s) leaked in 1 allocation(s).

                        Reviewed-by: Paul Dale <[email protected]>
                        Reviewed-by: Tomas Mraz <[email protected]>
                        (Merged from https://github.com/openssl/openssl/pull/18391)

                        (cherry picked from commit e9007e09792e3735d4973743634ff55d354fc7d8)

                    commit 4a28f8451fbc1848fd2d1b99203a7c75876123f6
                    Author: Bernd Edlinger <[email protected]>
                    Date:   Sun May 22 20:12:56 2022 +0200

                        Fix a crash in ssl_security_cert_chain

                        Prior to the crash there is an out of memory error
                        in X509_verify_cert which makes the chain NULL or
                        empty.  The error is ignored by ssl_add_cert_chain,
                        and ssl_security_cert_chain crashes due to the
                        unchecked null pointer.

                        This is reproducible with my error injection patch.

                        The test vector has been validated on the 1.1.1 branch
                        but the issue is of course identical in all branches.

                        $ ERROR_INJECT=1652848273 ../util/shlib_wrap.sh ./server-test ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8# ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8
                            #0 0x7f3a8f766eba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
                            #1 0x403ba4 in my_malloc fuzz/test-corpus.c:114
                            #2 0x7f3a8f39a430 in CRYPTO_zalloc crypto/mem.c:230
                            #3 0x7f3a8f46bd3b in sk_reserve crypto/stack/stack.c:180
                            #4 0x7f3a8f46bd3b in OPENSSL_sk_insert crypto/stack/stack.c:242
                            #5 0x7f3a8f4a4fd8 in sk_X509_push include/openssl/x509.h:99
                            #6 0x7f3a8f4a4fd8 in X509_verify_cert crypto/x509/x509_vfy.c:286
                            #7 0x7f3a8fed726e in ssl_add_cert_chain ssl/statem/statem_lib.c:959
                            #8 0x7f3a8fed726e in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015
                            #9 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812
                            #10 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843
                            #11 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443
                            #12 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718
                            #13 0x403202 in FuzzerTestOneInput fuzz/server.c:740
                            #14 0x40371b in testfile fuzz/test-corpus.c:182
                            #15 0x402856 in main fuzz/test-corpus.c:226
                            #16 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
                            #17 0x402936  (/home/ed/OPC/openssl/fuzz/server-test+0x402936)

                        AddressSanitizer:DEADLYSIGNAL
                        =================================================================
                        ==8400==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000158 (pc 0x7f3a8f4d822f bp 0x7ffc39b76190 sp 0x7ffc39b760a0 T0)
                        ==8400==The signal is caused by a READ memory access.
                        ==8400==Hint: address points to the zero page.
                            #0 0x7f3a8f4d822f in x509v3_cache_extensions crypto/x509v3/v3_purp.c:386
                            #1 0x7f3a8f4d9d3a in X509_check_purpose crypto/x509v3/v3_purp.c:84
                            #2 0x7f3a8f4da02a in X509_get_extension_flags crypto/x509v3/v3_purp.c:921
                            #3 0x7f3a8feff7d2 in ssl_security_cert_sig ssl/t1_lib.c:2518
                            #4 0x7f3a8feff7d2 in ssl_security_cert ssl/t1_lib.c:2542
                            #5 0x7f3a8feffa03 in ssl_security_cert_chain ssl/t1_lib.c:2562
                            #6 0x7f3a8fed728d in ssl_add_cert_chain ssl/statem/statem_lib.c:963
                            #7 0x7f3a8fed728d in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015
                            #8 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812
                            #9 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843
                            #10 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443
                            #11 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718
                            #12 0x403202 in FuzzerTestOneInput fuzz/server.c:740
                            #13 0x40371b in testfile fuzz/test-corpus.c:182
                            #14 0x402856 in main fuzz/test-corpus.c:226
                            #15 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
                            #16 0x402936  (/home/ed/OPC/openssl/fuzz/server-test+0x402936)

                        AddressSanitizer can not provide additional info.
                        SUMMARY: AddressSanitizer: SEGV crypto/x509v3/v3_purp.c:386 in x509v3_cache_extensions
                        ==8400==ABORTING

                        Reviewed-by: Tomas Mraz <[email protected]>
                        Reviewed-by: Matt Caswell <[email protected]>
                        (Merged from https://github.com/openssl/openssl/pull/18376)

                        (cherry picked from commit dc0ef292f7df4ce0c49c64b47726a6768f9ac044)

                    commit 59b8eca400d9ea7b77dc98fe08a91bbfe35d025a
                    Author: Bernd Edlinger <[email protected]>
                    Date:   Sat May 21 15:41:46 2022 +0200

                        Fix a memory leak in X509_issuer_and_serial_hash

                        This is reproducible with my error injection patch:

                        $ ERROR_INJECT=1653267699 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/5f4034ae85d6587dcad4da3e812e80f3d312894d
                        ERROR_INJECT=1653267699
                            #0 0x7fd485a6ad4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36
                            #1 0x55c12d268724 in my_malloc fuzz/test-corpus.c:114
                            #2 0x7fd484f51a75 in CRYPTO_zalloc crypto/mem.c:230
                            #3 0x7fd484ed778d in EVP_DigestInit_ex crypto/evp/digest.c:139
                            #4 0x7fd4850a9849 in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:44
                            #5 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44
                            #6 0x55c12d268239 in testfile fuzz/test-corpus.c:182
                            #7 0x55c12d267c7f in main fuzz/test-corpus.c:226
                            #8 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308
                            #9 0x55c12d267e5d in _start (/home/ed/OPCToolboxV5/Source/Core/OpenSSL/openssl/fuzz/x509-test+0x3e5d)

                        =================================================================
                        ==1058475==ERROR: LeakSanitizer: detected memory leaks

                        Direct leak of 268 byte(s) in 1 object(s) allocated from:
                            #0 0x7fd485a5dc3e in __interceptor_realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:163
                            #1 0x7fd484d2eb9b in BUF_MEM_grow crypto/buffer/buffer.c:97
                            #2 0x7fd4850b2913 in X509_NAME_oneline crypto/x509/x509_obj.c:43
                            #3 0x7fd4850a982f in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:41
                            #4 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44
                            #5 0x55c12d268239 in testfile fuzz/test-corpus.c:182
                            #6 0x55c12d267c7f in main fuzz/test-corpus.c:226
                            #7 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308

                        SUMMARY: AddressSanitizer: 268 byte(s) leaked in 1 allocation(s).

                        Reviewed-by: Tomas Mraz <[email protected]>
                        Reviewed-by: Matt Caswell <[email protected]>
                        (Merged from https://github.com/openssl/openssl/pull/18370)

                    commit e4b84b7514e5cbcbfc80e31b4ce609c7584e14bb
                    Author: Bernd Edlinger <[email protected]>
                    Date:   Fri May 20 16:54:41 2022 +0200

                        Fix undefined behaviour in EC_GROUP_new_from_ecparameters

                        This happens for instance with
                        fuzz/corpora/asn1/65cf44e85614c62f10cf3b7a7184c26293a19e4a
                        and causes the OPENSSL_malloc below to choke on the
                        zero length allocation request.

                        Reviewed-by: Matt Caswell <[email protected]>
                        Reviewed-by: Tomas Mraz <[email protected]>
                        (Merged from https://github.com/openssl/openssl/pull/18363)

                    commit 8e1ece20cdb4a584be5311370256c4e813c09826
                    Author: Bernd Edlinger <[email protected]>
                    Date:   Fri May 20 16:15:44 2022 +0200

                        Fix a memory leak in ec_key_simple_oct2priv

                        This is reproducible with my error injection patch:

                        $ ERROR_INJECT=1652710284 ../util/shlib_wrap.sh ./server-test ./corpora/server/4e48da8aecce6b9b58e8e4dbbf0523e6d2dd56dc
                        140587884632000:error:03078041:bignum routines:bn_expand_internal:malloc failure:crypto/bn/bn_lib.c:282:
                        140587884632000:error:10103003:elliptic curve routines:ec_key_simple_oct2priv:BN lib:crypto/ec/ec_key.c:662:
                        140587884632000:error:100DE08E:elliptic curve routines:old_ec_priv_decode:decode error:crypto/ec/ec_ameth.c:464:
                        140587884632000:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1149:
                        140587884632000:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:309:Type=X509_ALGOR
                        140587884632000:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:Field=pkeyalg, Type=PKCS8_PRIV_KEY_INFO
                        140587884632000:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:crypto/pem/pem_pkey.c:88:

                        =================================================================
                        ==19676==ERROR: LeakSanitizer: detected memory leaks

                        Direct leak of 24 byte(s) in 1 object(s) allocated from:
                            #0 0x7fdd2a6bb09f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
                            #1 0x7fdd2a2fa430 in CRYPTO_zalloc crypto/mem.c:230
                            #2 0x7fdd2a15df11 in BN_new crypto/bn/bn_lib.c:246
                            #3 0x7fdd2a15df88 in BN_secure_new crypto/bn/bn_lib.c:257
                            #4 0x7fdd2a247390 in ec_key_simple_oct2priv crypto/ec/ec_key.c:655
                            #5 0x7fdd2a241fc5 in d2i_ECPrivateKey crypto/ec/ec_asn1.c:1030
                            #6 0x7fdd2a23dac5 in old_ec_priv_decode crypto/ec/ec_ameth.c:463
                            #7 0x7fdd2a109db7 in d2i_PrivateKey crypto/asn1/d2i_pr.c:46
                            #8 0x7fdd2a33ab16 in PEM_read_bio_PrivateKey crypto/pem/pem_pkey.c:84
                            #9 0x7fdd2a3330b6 in PEM_read_bio_ECPrivateKey crypto/pem/pem_all.c:151
                            #10 0x402dba in FuzzerTestOneInput fuzz/server.c:592
                            #11 0x40370b in testfile fuzz/test-corpus.c:182
                            #12 0x402846 in main fuzz/test-corpus.c:226
                            #13 0x7fdd297b9f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

                        SUMMARY: AddressSanitizer: 24 byte(s) leaked in 1 allocation(s).

                        Reviewed-by: Tomas Mraz <[email protected]>
                        Reviewed-by: Matt Caswell <[email protected]>
                        (Merged from https://github.com/openssl/openssl/pull/18361)

                    commit 8e60f41d064786f95440e4c56660ffe9777783d7
                    Author: Bernd Edlinger <[email protected]>
                    Date:   Fri May 20 08:02:47 2022 +0200

                        Fix a crash in asn1_item_embed_new

                        This happens usually if an template object is created
                        and there is an out of memory error before the ASN1_OP_NEW_POST
                        method is called, but asn1_item_embed_free calls now the
                        ASN1_OP_FREE_POST which may crash because the object is not
                        properly initialized.  Apparently that is only an issue with
                        the ASN1_OP_FREE_POST handling of crypot/x509/x_crl.c, which
                        ought to be tolerant to incomplete initialized objects.

                        The error can be reproduced with the reproducible error injection patch:

                        $ ERROR_INJECT=1652890550 ../util/shlib_wrap.sh ./asn1-test ./corpora/asn1/0ff17293911f54d1538b9896563a4048d67d9ee4
                            #0 0x7faae9dbeeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
                            #1 0x408dc4 in my_malloc fuzz/test-corpus.c:114
                            #2 0x7faae99f2430 in CRYPTO_zalloc crypto/mem.c:230
                            #3 0x7faae97f09e5 in ASN1_STRING_type_new crypto/asn1/asn1_lib.c:341
                            #4 0x7faae98118f7 in asn1_primitive_new crypto/asn1/tasn_new.c:318
                            #5 0x7faae9812401 in asn1_item_embed_new crypto/asn1/tasn_new.c:78
                            #6 0x7faae9812401 in asn1_template_new crypto/asn1/tasn_new.c:240
                            #7 0x7faae9812315 in asn1_item_embed_new crypto/asn1/tasn_new.c:137
                            #8 0x7faae9812315 in asn1_template_new crypto/asn1/tasn_new.c:240
                            #9 0x7faae9812a54 in asn1_item_embed_new crypto/asn1/tasn_new.c:137
                            #10 0x7faae9812a54 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39
                            #11 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325
                            #12 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
                            #13 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                            #14 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                            #15 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                            #16 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
                            #17 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                            #18 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
                            #19 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
                            #20 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301
                            #21 0x40893b in testfile fuzz/test-corpus.c:182
                            #22 0x406b86 in main fuzz/test-corpus.c:226
                            #23 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

                        AddressSanitizer:DEADLYSIGNAL
                        =================================================================
                        ==1194==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc 0x7faae9b0625f bp 0x7fffffe41a00 sp 0x7fffffe41920 T0)
                        ==1194==The signal is caused by a READ memory access.
                        ==1194==Hint: address points to the zero page.
                            #0 0x7faae9b0625f in crl_cb crypto/x509/x_crl.c:258
                            #1 0x7faae9811255 in asn1_item_embed_free crypto/asn1/tasn_fre.c:113
                            #2 0x7faae9812a65 in asn1_item_embed_new crypto/asn1/tasn_new.c:150
                            #3 0x7faae9812a65 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39
                            #4 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325
                            #5 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
                            #6 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                            #7 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                            #8 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                            #9 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
                            #10 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                            #11 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
                            #12 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
                            #13 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301
                            #14 0x40893b in testfile fuzz/test-corpus.c:182
                            #15 0x406b86 in main fuzz/test-corpus.c:226
                            #16 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

                        AddressSanitizer can not provide additional info.
                        SUMMARY: AddressSanitizer: SEGV crypto/x509/x_crl.c:258 in crl_cb
                        ==1194==ABORTING

                        Reviewed-by: Matt Caswell <[email protected]>
                        Reviewed-by: Tomas Mraz <[email protected]>
                        (Merged from https://github.com/openssl/openssl/pull/18360)

                        (cherry picked from commit 557825acd622f98fc21423aba092e374db84f483)

                    commit 17519e2595b5ed8211a7763ff6eb2d6cf47c13cb
                    Author: Bernd Edlinger <[email protected]>
                    Date:   Thu May 19 15:50:28 2022 +0200

                        Backport a missing bug-fix from master

                        This is a backport of the following commit from master:

                        commit 61b0fead5e6079ca826594df5b9ca00e65883cb0
                        Author: Matt Caswell <[email protected]>
                        Date:   Thu Nov 19 13:58:21 2020 +0000

                            Don't Overflow when printing Thawte Strong Extranet Version

                            When printing human readable info on the Thawte Strong Extranet extension
                            the version number could overflow if the version number == LONG_MAX. This
                            is undefined behaviour.

                            Issue found by OSSFuzz.

                            Reviewed-by: Ben Kaduk <[email protected]>
                            (Merged from https://github.com/openssl/openssl/pull/13452)

                        Reviewed-by: Matt Caswell <[email protected]>
                        Reviewed-by: Tomas Mraz <[email protected]>
                        (Merged from https://github.com/openssl/openssl/pull/18347)

                    commit 03ba56f1525c93eb3dfe72f85cdc698b97918e59
                    Author: Bernd Edlinger <[email protected]>
                    Date:   Thu May 19 10:59:25 2022 +0200

                        Backport some fuzzing data files from master

                        This is a backport of the following commit from master:

                        commit 415e6ac80405e13b20b083315747e431274fbd33
                        Author: Tavis Ormandy <[email protected]>
                        Date:   Tue Sep 21 15:48:27 2021 -0700

                            increase x509 code coverage metrics

                            Reviewed-by: Matt Caswell <[email protected]>
                            Reviewed-by: Tomas Mraz <[email protected]>
                            (Merged from https://github.com/openssl/openssl/pull/16651)

                        Reviewed-by: Matt Caswell <[email protected]>
                        Reviewed-by: Tomas Mraz <[email protected]>
                        (Merged from https://github.com/openssl/openssl/pull/18347)

                    commit e04ba889594d84a8805f3d0caeadf0527470e508
                    Author: Daniel Fiala <[email protected]>
                    Date:   Tue May 10 08:46:37 2022 +0000

                        s_serve: Report an error if init-connection fails without an attempt to read.

                        Fixes: openssl#18047.

                        Reviewed-by: Paul Dale <[email protected]>
                        Reviewed-by: Tomas Mraz <[email protected]>
                        (Merged from https://github.com/openssl/openssl/pull/18283)

                    commit 6ef91d8153e04a2302bff11b29caf7e888b62fe8
                    Author: basavesh <[email protected]>
                    Date:   Tue Apr 5 17:49:09 2022 +0200

                        Fix leakage when the cacheline is 32-bytes in CBC_MAC_ROTATE_IN_PLACE

                        rotated_mac is a 64-byte aligned buffer of size 64 and rotate_offset is secret.
                        Consider a weaker leakage model(CL) where only cacheline base address is leaked,
                        i.e address/32 for 32-byte cacheline(CL32).

                        Previous code used to perform two loads
                            1. rotated_mac[rotate_offset ^ 32] and
                            2. rotated_mac[rotate_offset++]
                        which would leak 2q + 1, 2q for 0 <= rotate_offset < 32
                        and 2q, 2q + 1 for 32 <= rotate_offset < 64

                        The proposed fix performs load operations which will always leak 2q, 2q + 1 and
                        selects the appropriate value in constant-time.

                        Reviewed-by: Matt Caswell <[email protected]>
                        Reviewed-by: Tomas Mraz <[email protected]>
                        (Merged from https://github.com/openssl/openssl/pull/18050)

                    commit c7d6c08290b67cbeef2b4f636f04788ea405520a
                    Author: Tomas Mraz <[email protected]>
                    Date:   Fri Apr 29 17:02:19 2022 +0200

                        Add test for empty supported-groups extension

                        Reviewed-by: Paul Dale <[email protected]>
                        Reviewed-by: Matt Caswell <[email protected]>
                        (Merged from https://github.com/openssl/openssl/pull/18213)

                    commit bd164884f258d99ca876f6cdcdf9bd0dcceee6ad
                    Author: Tomas Mraz <[email protected]>
                    Date:   Fri Apr 29 16:36:36 2022 +0200

                        Do not send an empty supported groups extension

                        This allows handshake to proceed if the maximum TLS version enabled is <1.3

                        Fixes #13583

                        Reviewed-by: Paul Dale <[email protected]>
                        Reviewed-by: Matt Caswell <[email protected]>
                        (Merged from https://github.com/openssl/openssl/pull/18213)

                    commit ac2d4cb656b3a796db3dc6f8873e91e67907372d
                    Author: Allan Jude <[email protected]>
                    Date:   Fri Nov 19 19:06:52 2021 +0000

                        1_1_1-stable: Detect arm64-*-*bsd and enable assembly optimizations

                        Reviewed-by: Paul Dale <[email protected]>
                        Reviewed-by: Dmitry Belyavskiy <[email protected]>
                        Reviewed-by: Tomas Mraz <[email protected]>
                        (Merged from https://github.com/openssl/openssl/pull/17085)

                    commit ec1b4bf26c1b2440546f323873c578374f60b2de
                    Author: Hugo Landau <[email protected]>
                    Date:   Wed Apr 27 10:11:08 2022 +0100

                        (1.1) Add SSL_(CTX_)?get0_(verify|chain)_cert_store functions

                        Backport of #18038 to 1.1.

                        Fixes #18035.

                        Reviewed-by: Tomas Mraz <[email protected]>
                        Reviewed-by: Dmitry Belyavskiy <[email protected]>
                        (Merged from https://github.com/openssl/openssl/pull/18190)

                    commit 988c7b2d9361dd0ade5ef7ef068fb4ed770ce2a2
                    Author: Matt Caswell <[email protected]>
                    Date:   Tue May 3 14:41:23 2022 +0100

                        Prepare for 1.1.1p-dev

                        Reviewed-by: Tomas Mraz <[email protected]>
                        Release: yes

                commit 5ea6414f0bf861e8fece53b5bf35c849bad64774
                Author: Randall S. Becker <[email protected]>
                Date:   Wed Jun 22 06:26:40 2022 -0600

                    Squashed commit of the following:

                    commit 8aaca20cf9996257d1ce2e6f4d3059b3698dde3d
                    Author: Matt Caswell <[email protected]>
                    Date:   Tue Jun 21 14:39:39 2022 +0100

                        Prepare for 1.1.1p release

                        Reviewed-by: Richard Levitte <[email protected]>
                        Release: yes

                    commit a3fc812c0c78e2f5db8b9d45bddaff62dfc958ae
                    Author: Matt Caswell <[email protected]>
                    Date:   Tue Jun 21 14:07:32 2022 +0100

                        Update copyright year

                        Reviewed-by: Richard Levitte <[email protected]>
                        Release: yes

                    commit 51e06520734063d6f52b2e596e1089d36d3781e7
                    Author: Matt Caswell <[email protected]>
                    Date:   Mon Jun 20 14:14:20 2022 +0100

                        Update CHANGES and NEWS for new release

                        Reviewed-by: Tomas Mraz <[email protected]>
                        Release: yes

                    commit 9639817dac8bbbaa64d09efad7464ccc405527c7
                    Author: Daniel Fiala <[email protected]>
                    Date:   Sun May 29 20:11:24 2022 +0200

                        Fix file operations in c_rehash.

                        CVE-2022-2068

                        Reviewed-by: Matt Caswell <[email protected]>
                        Reviewed-by: Richard Levitte <[email protected]>

                    commit 20af01d46ca4086f6b1339b67c15c81d8b4a040d
                    Author: Fraser Tweedale <[email protected]>
                    Date:   Wed Jun 15 10:50:57 2022 +1000

                        Fix documentation of BIO_FLAGS_BASE64_NO_NL

                        Commit 8bfb7506d210841f2ee4eda8afe96441a0e33fa5 updated
                        `BIO_f_base64(3)` to improve the documentation of the
                        `BIO_FLAGS_BASE64_NO_NL` flag.  In particular, the updated text
                        states that when this flag is used, all newlines in the input are
                        ignored.  This is incorrect, as the following program proves:

                        ```c

                        unsigned char *in_buf =
                            "IlRoZSBxdWljayBicm93biBmb3gganVt\ncHMgb3ZlciBhIGxhenkgZG9nLiI=\n";

                        int main(int argc, char **argv) {
                            BIO *b64 = BIO_new(BIO_f_base64());
                            if (b64 == NULL) return 1;
                            BIO_set_flags(b64, BIO_get_flags(b64) | BIO_FLAGS_BASE64_NO_NL);
                            int in_len = strlen(in_buf);
                            BIO *in = BIO_new_mem_buf(in_buf, in_len);
                            if (in == NULL) return 2;
                            in = BIO_push(b64, in);
                            unsigned char *out_buf = calloc(in_len, sizeof(unsigned char));
                            if (out_buf == NULL) return 3;
                            size_t out_len;
                            int r = BIO_read_ex(in, out_buf, in_len, &out_len);
                            printf("rv = %d\n", r);
                            printf("decoded = %s\n", out_buf);
                            return 0;
                        }
                        ```

                        Update the text of `BIO_f_base64(3)` to clarify that when the flag
                        is set, the data must be all on one line (with or without a trailing
                        newline character).

                        Signed-off-by: Fraser Tweedale <[email protected]>

                        Reviewed-by: Paul Dale <[email protected]>
                        Reviewed-by: Tomas Mraz <[email protected]>
                        (Merged from https://github.com/openssl/openssl/pull/18568)

                        (cherry picked from commit 0edcbacca99ab2b716da395f204610fc2775ea83)

                    commit 8438d3a7b7309cbea521d3628fddeda7bd6d6e20
                    Author: Tomas Mraz <[email protected]>
                    Date:   Thu Jun 9 16:20:05 2022 +0200

                        Add an extra reduction step to RSAZ mod_exp implementations

                        Inspired by B…

Squashed commit of the following:

commit ec67064bdce4af6b490ea542a028046aaaaf014e
Author: Randall S. Becker <[email protected]>
Date:   Tue Aug 1 23:36:20 2023 +0100

    Merged OpenSSL 1.1.1v with ituglib_release

    commit 84ef302bbb2c1bb9a3c10abfd31984e2a8731e7f
    Author: Randall S. Becker <[email protected]>
    Date:   Tue May 30 08:30:00 2023 -0600

        Merged OpenSSL 1.1.1u with ituglib_release

        commit 65be16881b71f4d66c77664775c93340a7b89c6d
        Author: Randall S. Becker <[email protected]>
        Date:   Tue Feb 7 09:13:22 2023 -0700

            Squashed commit of the following:

            commit 44ea69d6aadbbf9b951335e5ed296eed019e9ffe
            Author: Randall S. Becker <[email protected]>
            Date:   Wed Nov 2 12:49:30 2022 -0600

                Squashed commit of the following:

                commit 1b3fb89163127047b0f99412b8a31522215b3bea
                Author: Randall S. Becker <[email protected]>
                Date:   Tue Oct 11 11:17:39 2022 -0600

                    Squashed commit of the following:

                    commit 6fd6179191702eb0562ccbfb22a37405c669b90e
                    Author: Randall S. Becker <[email protected]>
                    Date:   Tue Jul 5 17:50:13 2022 -0400

                        Missed include on NonStop for memcmp in test/v3ext.c

                    commit d97281f16602e50f040756029b555645315253df
                    Author: Randall S. Becker <[email protected]>
                    Date:   Tue Jul 5 10:37:54 2022 -0400

                        Squashed commit of the following:

                        commit 29708a562a1887a91de0fa6ca668c71871accde9
                        Author: Richard Levitte <[email protected]>
                        Date:   Tue Jul 5 11:08:33 2022 +0200

                            Prepare for 1.1.1q release

                            Reviewed-by: Paul Dale <[email protected]>
                            Release: yes

                        commit 95a17c0ead00885452d13309eaffd04c1737d05d
                        Author: Richard Levitte <[email protected]>
                        Date:   Tue Jul 5 10:33:00 2022 +0200

                            Update copyright year

                            Reviewed-by: Paul Dale <[email protected]>
                            Release: yes

                        commit 78ba51a3b8b505d8d03abca8fa95e4fb1464d94e
                        Author: Richard Levitte <[email protected]>
                        Date:   Tue Jul 5 10:25:00 2022 +0200

                            Update CHANGES and NEWS for upcoming release 1.1.1q

                            Reviewed-by: Paul Dale <[email protected]>
                            Release: yes

                        commit 9131afdca30b6d1650af9ea6179569a80ab8cb06
                        Author: Alex Chernyakhovsky <[email protected]>
                        Date:   Thu Jun 16 12:02:37 2022 +1000

                            AES OCB test vectors

                            Add test vectors for AES OCB for x86 AES-NI multiple of 96 byte issue.

                            Co-authored-by: Alejandro Sedeño <[email protected]>
                            Co-authored-by: David Benjamin <[email protected]>

                            Reviewed-by: Paul Dale <[email protected]>
                            Reviewed-by: Tomas Mraz <[email protected]>

                        commit 919925673d6c9cfed3c1085497f5dfbbed5fc431
                        Author: Alex Chernyakhovsky <[email protected]>
                        Date:   Thu Jun 16 12:00:22 2022 +1000

                            Fix AES OCB encrypt/decrypt for x86 AES-NI

                            aesni_ocb_encrypt and aesni_ocb_decrypt operate by having a fast-path
                            that performs operations on 6 16-byte blocks concurrently (the
                            "grandloop") and then proceeds to handle the "short" tail (which can
                            be anywhere from 0 to 5 blocks) that remain.

                            As part of initialization, the assembly initializes $len to the true
                            length, less 96 bytes and converts it to a pointer so that the $inp
                            can be compared to it. Each iteration of "grandloop" checks to see if
                            there's a full 96-byte chunk to process, and if so, continues. Once
                            this has been exhausted, it falls through to "short", which handles
                            the remaining zero to five blocks.

                            Unfortunately, the jump at the end of "grandloop" had a fencepost
                            error, doing a `jb` ("jump below") rather than `jbe` (jump below or
                            equal). This should be `jbe`, as $inp is pointing to the *end* of the
                            chunk currently being handled. If $inp == $len, that means that
                            there's a whole 96-byte chunk waiting to be handled. If $inp > $len,
                            then there's 5 or fewer 16-byte blocks left to be handled, and the
                            fall-through is intended.

                            The net effect of `jb` instead of `jbe` is that the last 16-byte block
                            of the last 96-byte chunk was completely omitted. The contents of
                            `out` in this position were never written to. Additionally, since
                            those bytes were never processed, the authentication tag generated is
                            also incorrect.

                            The same fencepost error, and identical logic, exists in both
                            aesni_ocb_encrypt and aesni_ocb_decrypt.

                            This addresses CVE-2022-2097.

                            Co-authored-by: Alejandro Sedeño <[email protected]>
                            Co-authored-by: David Benjamin <[email protected]>

                            Reviewed-by: Paul Dale <[email protected]>
                            Reviewed-by: Tomas Mraz <[email protected]>

                        commit 6495cab1c876ad80ce983d848ccaa1dc286a63e1
                        Author: slontis <[email protected]>
                        Date:   Fri Jul 1 13:47:11 2022 +1000

                            Fix bn_gcd code to check return value when calling BN_one()

                            BN_one() uses the expand function which calls malloc which may fail.
                            All other places that reference BN_one() check the return value.

                            The issue is triggered by a memory allocation failure.
                            Detected by PR #18355

                            Reviewed-by: Tomas Mraz <[email protected]>
                            Reviewed-by: Paul Dale <[email protected]>
                            (Merged from https://github.com/openssl/openssl/pull/18697)

                            (cherry picked from commit 7fe7cc57af3db1e497877f0329ba17609b2efc8b)

                        commit 7a05fcb1fc276a7ecfe599d45655d4e617c5e2d4
                        Author: xkernel <[email protected]>
                        Date:   Mon Jun 20 17:46:39 2022 +0800

                            v3_sxnet: add a check for the return of i2s_ASN1_INTEGER()

                            Reviewed-by: Matt Caswell <[email protected]>
                            Reviewed-by: Ben Kaduk <[email protected]>
                            (Merged from https://github.com/openssl/openssl/pull/18608)

                            (cherry picked from commit 9ef1f848a646565d4dd86e56542cf921d4921ad9)

                        commit a1d80edcf830739131e0567dc03b1e80b7988b1e
                        Author: Matt Caswell <[email protected]>
                        Date:   Fri Jun 10 15:58:58 2022 +0100

                            Fix range_should_be_prefix() to actually return the correct result

                            range_should_be_prefix() was misidentifying whether an IP address range
                            should in fact be represented as a prefix. This was due to a bug introduced
                            in commit 42d7d7dd which made this incorrect change:

                            -    OPENSSL_assert(memcmp(min, max, length) <= 0);
                            +    if (memcmp(min, max, length) <= 0)
                            +        return -1;

                            This error leads to incorrect DER being encoded/accepted.

                            Reported by Theo Buehler (@botovq)

                            Reviewed-by: Paul Dale <[email protected]>
                            Reviewed-by: Tomas Mraz <[email protected]>
                            (Merged from https://github.com/openssl/openssl/pull/18524)

                            (cherry picked from commit 30532e59f475e0066c030693e4d614311a9e0cae)
                            (cherry picked from commit 2c6550c6db9b1b69dc24f968b4ceb534edcf4841)

                        commit 4c1cf6d39bb8e85658ac8c743dcff8ede730f76a
                        Author: Bernd Edlinger <[email protected]>
                        Date:   Fri Jun 17 10:25:24 2022 +0200

                            Fix compile issues in test/v3ext.c with no-rfc3779

                            There are no ASIdentifiers if OPENSSL_NO_RFC3779 is defined,
                            therefore the test cannot be compiled.

                            Reviewed-by: Matt Caswell <[email protected]>
                            Reviewed-by: Tomas Mraz <[email protected]>
                            Reviewed-by: Paul Dale <[email protected]>
                            (Merged from https://github.com/openssl/openssl/pull/18634)

                            (cherry picked from commit b76efe61ea9710a8f69e1cb8caf1aeb2ba6f1ebe)
                            (cherry picked from commit 665ab12ed3f0d78e7cb6a55cdd2b83a2fe150232)

                        commit 882573246695088d65956355ca6c954642dcac31
                        Author: olszomal <[email protected]>
                        Date:   Fri Jun 17 15:01:11 2022 +0200

                            SSL_get_current_cipher() and SSL_get_pending_cipher() return 'const SSL_CIPHER *'

                            Fix the documentation.

                            CLA: trivial

                            Reviewed-by: Matt Caswell <[email protected]>
                            Reviewed-by: Todd Short <[email protected]>
                            Reviewed-by: Paul Dale <[email protected]>
                            Reviewed-by: Tomas Mraz <[email protected]>
                            (Merged from https://github.com/openssl/openssl/pull/18599)

                            (cherry picked from commit d842b6eff0940b6ce337536cb718a8d561290f50)

                        commit 6c8879c8bf6030666c851623f93fff03c1266715
                        Author: Bernd Edlinger <[email protected]>
                        Date:   Wed Jun 22 17:05:55 2022 +0200

                            Fix a memory leak in EC_GROUP_new_from_ecparameters

                            This can be reproduced with my error injection patch.

                            The test vector has been validated on the 1.1.1 branch
                            but the issue is of course identical in all branches.

                            $ ERROR_INJECT=1656112173 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/fe543a8d7e09109a9a08114323eefec802ad79e2
                                #0 0x7fb61945eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
                                #1 0x402f84 in my_malloc fuzz/test-corpus.c:114
                                #2 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
                                #3 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280
                                #4 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304
                                #5 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454
                                #6 0x7fb618e7aa13 in asn1_string_to_bn crypto/asn1/a_int.c:503
                                #7 0x7fb618e7aa13 in ASN1_INTEGER_to_BN crypto/asn1/a_int.c:559
                                #8 0x7fb618fd8e79 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:814
                                #9 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
                                #10 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
                                #11 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
                                #12 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
                                #13 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
                                #14 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
                                #15 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
                                #16 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
                                #17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                                #18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                                #19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                                #20 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                                #21 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                                #22 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                                #23 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
                                #24 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
                                #25 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
                                #26 0x402afb in testfile fuzz/test-corpus.c:182
                                #27 0x402656 in main fuzz/test-corpus.c:226
                                #28 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
                                #29 0x402756  (/home/ed/OPC/openssl/fuzz/x509-test+0x402756)

                            =================================================================
                            ==12221==ERROR: LeakSanitizer: detected memory leaks

                            Direct leak of 24 byte(s) in 1 object(s) allocated from:
                                #0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
                                #1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
                                #2 0x7fb618ef5f11 in BN_new crypto/bn/bn_lib.c:246
                                #3 0x7fb618ef82f4 in BN_bin2bn crypto/bn/bn_lib.c:440
                                #4 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618
                                #5 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
                                #6 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
                                #7 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
                                #8 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
                                #9 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
                                #10 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
                                #11 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
                                #12 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
                                #13 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                                #14 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                                #15 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                                #16 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                                #17 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                                #18 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                                #19 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
                                #20 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
                                #21 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
                                #22 0x402afb in testfile fuzz/test-corpus.c:182
                                #23 0x402656 in main fuzz/test-corpus.c:226
                                #24 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

                            Indirect leak of 56 byte(s) in 1 object(s) allocated from:
                                #0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
                                #1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
                                #2 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280
                                #3 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304
                                #4 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454
                                #5 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618
                                #6 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
                                #7 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
                                #8 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
                                #9 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
                                #10 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
                                #11 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
                                #12 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
                                #13 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
                                #14 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                                #15 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                                #16 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                                #17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                                #18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                                #19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                                #20 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
                                #21 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
                                #22 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
                                #23 0x402afb in testfile fuzz/test-corpus.c:182
                                #24 0x402656 in main fuzz/test-corpus.c:226
                                #25 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

                            SUMMARY: AddressSanitizer: 80 byte(s) leaked in 2 allocation(s).

                            Reviewed-by: Tomas Mraz <[email protected]>
                            Reviewed-by: Kurt Roeckx <[email protected]>
                            (Merged from https://github.com/openssl/openssl/pull/18632)

                        commit 7f77ecd2facbd9df62ed727fbd1f522376d44bd3
                        Author: Matt Caswell <[email protected]>
                        Date:   Tue Jun 21 14:39:48 2022 +0100

                            Prepare for 1.1.1q-dev

                            Reviewed-by: Richard Levitte <[email protected]>
                            Release: yes

                        commit 8aaca20cf9996257d1ce2e6f4d3059b3698dde3d
                        Author: Matt Caswell <[email protected]>
                        Date:   Tue Jun 21 14:39:39 2022 +0100

                            Prepare for 1.1.1p release

                            Reviewed-by: Richard Levitte <[email protected]>
                            Release: yes

                        commit a3fc812c0c78e2f5db8b9d45bddaff62dfc958ae
                        Author: Matt Caswell <[email protected]>
                        Date:   Tue Jun 21 14:07:32 2022 +0100

                            Update copyright year

                            Reviewed-by: Richard Levitte <[email protected]>
                            Release: yes

                        commit 51e06520734063d6f52b2e596e1089d36d3781e7
                        Author: Matt Caswell <[email protected]>
                        Date:   Mon Jun 20 14:14:20 2022 +0100

                            Update CHANGES and NEWS for new release

                            Reviewed-by: Tomas Mraz <[email protected]>
                            Release: yes

                        commit 9639817dac8bbbaa64d09efad7464ccc405527c7
                        Author: Daniel Fiala <[email protected]>
                        Date:   Sun May 29 20:11:24 2022 +0200

                            Fix file operations in c_rehash.

                            CVE-2022-2068

                            Reviewed-by: Matt Caswell <[email protected]>
                            Reviewed-by: Richard Levitte <[email protected]>

                        commit 20af01d46ca4086f6b1339b67c15c81d8b4a040d
                        Author: Fraser Tweedale <[email protected]>
                        Date:   Wed Jun 15 10:50:57 2022 +1000

                            Fix documentation of BIO_FLAGS_BASE64_NO_NL

                            Commit 8bfb7506d210841f2ee4eda8afe96441a0e33fa5 updated
                            `BIO_f_base64(3)` to improve the documentation of the
                            `BIO_FLAGS_BASE64_NO_NL` flag.  In particular, the updated text
                            states that when this flag is used, all newlines in the input are
                            ignored.  This is incorrect, as the following program proves:

                            ```c

                            unsigned char *in_buf =
                                "IlRoZSBxdWljayBicm93biBmb3gganVt\ncHMgb3ZlciBhIGxhenkgZG9nLiI=\n";

                            int main(int argc, char **argv) {
                                BIO *b64 = BIO_new(BIO_f_base64());
                                if (b64 == NULL) return 1;
                                BIO_set_flags(b64, BIO_get_flags(b64) | BIO_FLAGS_BASE64_NO_NL);
                                int in_len = strlen(in_buf);
                                BIO *in = BIO_new_mem_buf(in_buf, in_len);
                                if (in == NULL) return 2;
                                in = BIO_push(b64, in);
                                unsigned char *out_buf = calloc(in_len, sizeof(unsigned char));
                                if (out_buf == NULL) return 3;
                                size_t out_len;
                                int r = BIO_read_ex(in, out_buf, in_len, &out_len);
                                printf("rv = %d\n", r);
                                printf("decoded = %s\n", out_buf);
                                return 0;
                            }
                            ```

                            Update the text of `BIO_f_base64(3)` to clarify that when the flag
                            is set, the data must be all on one line (with or without a trailing
                            newline character).

                            Signed-off-by: Fraser Tweedale <[email protected]>

                            Reviewed-by: Paul Dale <[email protected]>
                            Reviewed-by: Tomas Mraz <[email protected]>
                            (Merged from https://github.com/openssl/openssl/pull/18568)

                            (cherry picked from commit 0edcbacca99ab2b716da395f204610fc2775ea83)

                        commit 8438d3a7b7309cbea521d3628fddeda7bd6d6e20
                        Author: Tomas Mraz <[email protected]>
                        Date:   Thu Jun 9 16:20:05 2022 +0200

                            Add an extra reduction step to RSAZ mod_exp implementations

                            Inspired by BoringSSL fix by David Benjamin.

                            Reviewed-by: Matt Caswell <[email protected]>
                            Reviewed-by: Paul Dale <[email protected]>
                            (Merged from https://github.com/openssl/openssl/pull/18511)

                        commit 0ed27fb7a8d85685cb671bf0a1e41bcdfc2624dc
                        Author: Tomas Mraz <[email protected]>
                        Date:   Thu Jun 9 12:34:55 2022 +0200

                            Always end BN_mod_exp_mont_consttime with normal Montgomery reduction.

                            This partially fixes a bug where, on x86_64, BN_mod_exp_mont_consttime
                            would sometimes return m, the modulus, when it should have returned
                            zero. Thanks to Guido Vranken for reporting it. It is only a partial fix
                            because the same bug also exists in the "rsaz" codepath.

                            The bug only affects zero outputs (with non-zero inputs), so we believe
                            it has no security impact on our cryptographic functions.

                            The fx is to delete lowercase bn_from_montgomery altogether, and have the
                            mont5 path use the same BN_from_montgomery ending as the non-mont5 path.
                            This only impacts the final step of the whole exponentiation and has no
                            measurable perf impact.

                            See the original BoringSSL commit
                            https://boringssl.googlesource.com/boringssl/+/13c9d5c69d04485a7a8840c12185c832026c8315
                            for further analysis.

                            Original-author: David Benjamin <[email protected]>

                            Reviewed-by: Matt Caswell <[email protected]>
                            Reviewed-by: Paul Dale <[email protected]>
                            (Merged from https://github.com/openssl/openssl/pull/18511)

                        commit 8f078819556da83c15751678c39558a59bc746fc
                        Author: Matt Caswell <[email protected]>
                        Date:   Thu Jun 9 16:57:30 2022 +0100

                            Fix a crash in X509v3_asid_subset()

                            If the asnum or rdi fields are NULL and the ASIdentifiers are otherwise
                            subsets then this will result in a crash. Of note is that rdi will usually
                            be NULL.

                            Reported by Theo Buehler (@botovq)

                            Reviewed-by: Tomas Mraz <[email protected]>
                            Reviewed-by: Paul Yang <[email protected]>
                            Reviewed-by: Todd Short <[email protected]>
                            (Merged from https://github.com/openssl/openssl/pull/18514)

                            (cherry picked from commit 01fc9b6bce82f0534d6673659a0e59a71f57ee82)

                        commit ab7d05617a444cfcf4f930f81caa4cf66495ab9b
                        Author: Tomas Mraz <[email protected]>
                        Date:   Thu Jun 2 18:12:05 2022 +0200

                            Update further expiring certificates that affect tests

                            Namely the smime certificates used in test_cms
                            will expire soon and affect tests.

                            Fixes #15179

                            Reviewed-by: Dmitry Belyavskiy <[email protected]>
                            Reviewed-by: Paul Dale <[email protected]>
                            (Merged from https://github.com/openssl/openssl/pull/18481)

                        commit 3bd976551e549c030bdbd150c7aa8a1980cb00fe
                        Author: Tomas Mraz <[email protected]>
                        Date:   Tue Mar 29 13:31:34 2022 +0200

                            Fix strict client chain check with TLS-1.3

                            When TLS-1.3 is used and the server does not send any CA names
                            the ca_dn will be NULL. sk_X509_NAME_num() returns -1 on null
                            argument.

                            Reviewed-by: Todd Short <[email protected]>
                            Reviewed-by: Matt Caswell <[email protected]>
                            (Merged from https://github.com/openssl/openssl/pull/17986)

                            (cherry picked from commit 89dd85430770d39cbfb15eb586c921958ca7687f)

                        commit b7ce611887cfac633aacc052b2e71a7f195418b8
                        Author: Tomas Mraz <[email protected]>
                        Date:   Wed Jun 1 13:06:46 2022 +0200

                            ct_test.c: Update the epoch time

                            Reviewed-by: Matt Caswell <[email protected]>
                            Reviewed-by: Dmitry Belyavskiy <[email protected]>
                            (Merged from https://github.com/openssl/openssl/pull/18446)

                        commit 73db5d82489b3ec09ccc772dfcee14fef0e8e908
                        Author: Tomas Mraz <[email protected]>
                        Date:   Wed Jun 1 12:47:44 2022 +0200

                            Update expired SCT certificates

                            Reviewed-by: Matt Caswell <[email protected]>
                            Reviewed-by: Dmitry Belyavskiy <[email protected]>
                            (Merged from https://github.com/openssl/openssl/pull/18446)

                        commit 8754fa5f60ac4fdb5127f2eded9c7bbe0651c880
                        Author: Bernd Edlinger <[email protected]>
                        Date:   Sat May 21 07:50:46 2022 +0200

                            Fix a memory leak in crl_set_issuers

                            This can be reproduced with my error injection patch.

                            The test vector has been validated on the 1.1.1 branch
                            but the issue is of course identical in all branches.

                            $ ERROR_INJECT=1653520461 ../util/shlib_wrap.sh ./cms-test ./corpora/cms/3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1
                            log file: cms-3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1-32454-test.out
                            ERROR_INJECT=1653520461
                                #0 0x7fd5d8b8eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
                                #1 0x402fc4 in my_realloc fuzz/test-corpus.c:129
                                #2 0x7fd5d8893c49 in sk_reserve crypto/stack/stack.c:198
                                #3 0x7fd5d8893c49 in OPENSSL_sk_insert crypto/stack/stack.c:242
                                #4 0x7fd5d88d6d7f in sk_GENERAL_NAMES_push include/openssl/x509v3.h:168
                                #5 0x7fd5d88d6d7f in crl_set_issuers crypto/x509/x_crl.c:111
                                #6 0x7fd5d88d6d7f in crl_cb crypto/x509/x_crl.c:246
                                #7 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
                                #8 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                                #9 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                                #10 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
                                #11 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
                                #12 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                                #13 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                                #14 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
                                #15 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                                #16 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                                #17 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                                #18 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
                                #19 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                                #20 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
                                #21 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
                                #22 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
                                #23 0x402845 in FuzzerTestOneInput fuzz/cms.c:43
                                #24 0x402bbb in testfile fuzz/test-corpus.c:182
                                #25 0x402626 in main fuzz/test-corpus.c:226
                                #26 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
                                #27 0x402706  (/home/ed/OPC/openssl/fuzz/cms-test+0x402706)

                            =================================================================
                            ==29625==ERROR: LeakSanitizer: detected memory leaks

                            Direct leak of 32 byte(s) in 1 object(s) allocated from:
                                #0 0x7fd5d8b8309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
                                #1 0x7fd5d87c2430 in CRYPTO_zalloc crypto/mem.c:230
                                #2 0x7fd5d889501f in OPENSSL_sk_new_reserve crypto/stack/stack.c:209
                                #3 0x7fd5d85dcbc3 in sk_ASN1_VALUE_new_null include/openssl/asn1t.h:928
                                #4 0x7fd5d85dcbc3 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:577
                                #5 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                                #6 0x7fd5d85db104 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:178
                                #7 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
                                #8 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
                                #9 0x7fd5d88f86d9 in X509V3_EXT_d2i crypto/x509v3/v3_lib.c:142
                                #10 0x7fd5d88d6d3c in crl_set_issuers crypto/x509/x_crl.c:97
                                #11 0x7fd5d88d6d3c in crl_cb crypto/x509/x_crl.c:246
                                #12 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
                                #13 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                                #14 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                                #15 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
                                #16 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
                                #17 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                                #18 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                                #19 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
                                #20 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                                #21 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                                #22 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                                #23 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
                                #24 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                                #25 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
                                #26 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
                                #27 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
                                #28 0x402845 in FuzzerTestOneInput fuzz/cms.c:43
                                #29 0x402bbb in testfile fuzz/test-corpus.c:182
                                #30 0x402626 in main fuzz/test-corpus.c:226
                                #31 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

                            SUMMARY: AddressSanitizer: 32 byte(s) leaked in 1 allocation(s).

                            Reviewed-by: Paul Dale <[email protected]>
                            Reviewed-by: Tomas Mraz <[email protected]>
                            (Merged from https://github.com/openssl/openssl/pull/18391)

                            (cherry picked from commit e9007e09792e3735d4973743634ff55d354fc7d8)

                        commit 4a28f8451fbc1848fd2d1b99203a7c75876123f6
                        Author: Bernd Edlinger <[email protected]>
                        Date:   Sun May 22 20:12:56 2022 +0200

                            Fix a crash in ssl_security_cert_chain

                            Prior to the crash there is an out of memory error
                            in X509_verify_cert which makes the chain NULL or
                            empty.  The error is ignored by ssl_add_cert_chain,
                            and ssl_security_cert_chain crashes due to the
                            unchecked null pointer.

                            This is reproducible with my error injection patch.

                            The test vector has been validated on the 1.1.1 branch
                            but the issue is of course identical in all branches.

                            $ ERROR_INJECT=1652848273 ../util/shlib_wrap.sh ./server-test ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8# ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8
                                #0 0x7f3a8f766eba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
                                #1 0x403ba4 in my_malloc fuzz/test-corpus.c:114
                                #2 0x7f3a8f39a430 in CRYPTO_zalloc crypto/mem.c:230
                                #3 0x7f3a8f46bd3b in sk_reserve crypto/stack/stack.c:180
                                #4 0x7f3a8f46bd3b in OPENSSL_sk_insert crypto/stack/stack.c:242
                                #5 0x7f3a8f4a4fd8 in sk_X509_push include/openssl/x509.h:99
                                #6 0x7f3a8f4a4fd8 in X509_verify_cert crypto/x509/x509_vfy.c:286
                                #7 0x7f3a8fed726e in ssl_add_cert_chain ssl/statem/statem_lib.c:959
                                #8 0x7f3a8fed726e in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015
                                #9 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812
                                #10 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843
                                #11 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443
                                #12 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718
                                #13 0x403202 in FuzzerTestOneInput fuzz/server.c:740
                                #14 0x40371b in testfile fuzz/test-corpus.c:182
                                #15 0x402856 in main fuzz/test-corpus.c:226
                                #16 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
                                #17 0x402936  (/home/ed/OPC/openssl/fuzz/server-test+0x402936)

                            AddressSanitizer:DEADLYSIGNAL
                            =================================================================
                            ==8400==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000158 (pc 0x7f3a8f4d822f bp 0x7ffc39b76190 sp 0x7ffc39b760a0 T0)
                            ==8400==The signal is caused by a READ memory access.
                            ==8400==Hint: address points to the zero page.
                                #0 0x7f3a8f4d822f in x509v3_cache_extensions crypto/x509v3/v3_purp.c:386
                                #1 0x7f3a8f4d9d3a in X509_check_purpose crypto/x509v3/v3_purp.c:84
                                #2 0x7f3a8f4da02a in X509_get_extension_flags crypto/x509v3/v3_purp.c:921
                                #3 0x7f3a8feff7d2 in ssl_security_cert_sig ssl/t1_lib.c:2518
                                #4 0x7f3a8feff7d2 in ssl_security_cert ssl/t1_lib.c:2542
                                #5 0x7f3a8feffa03 in ssl_security_cert_chain ssl/t1_lib.c:2562
                                #6 0x7f3a8fed728d in ssl_add_cert_chain ssl/statem/statem_lib.c:963
                                #7 0x7f3a8fed728d in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015
                                #8 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812
                                #9 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843
                                #10 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443
                                #11 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718
                                #12 0x403202 in FuzzerTestOneInput fuzz/server.c:740
                                #13 0x40371b in testfile fuzz/test-corpus.c:182
                                #14 0x402856 in main fuzz/test-corpus.c:226
                                #15 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
                                #16 0x402936  (/home/ed/OPC/openssl/fuzz/server-test+0x402936)

                            AddressSanitizer can not provide additional info.
                            SUMMARY: AddressSanitizer: SEGV crypto/x509v3/v3_purp.c:386 in x509v3_cache_extensions
                            ==8400==ABORTING

                            Reviewed-by: Tomas Mraz <[email protected]>
                            Reviewed-by: Matt Caswell <[email protected]>
                            (Merged from https://github.com/openssl/openssl/pull/18376)

                            (cherry picked from commit dc0ef292f7df4ce0c49c64b47726a6768f9ac044)

                        commit 59b8eca400d9ea7b77dc98fe08a91bbfe35d025a
                        Author: Bernd Edlinger <[email protected]>
                        Date:   Sat May 21 15:41:46 2022 +0200

                            Fix a memory leak in X509_issuer_and_serial_hash

                            This is reproducible with my error injection patch:

                            $ ERROR_INJECT=1653267699 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/5f4034ae85d6587dcad4da3e812e80f3d312894d
                            ERROR_INJECT=1653267699
                                #0 0x7fd485a6ad4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36
                                #1 0x55c12d268724 in my_malloc fuzz/test-corpus.c:114
                                #2 0x7fd484f51a75 in CRYPTO_zalloc crypto/mem.c:230
                                #3 0x7fd484ed778d in EVP_DigestInit_ex crypto/evp/digest.c:139
                                #4 0x7fd4850a9849 in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:44
                                #5 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44
                                #6 0x55c12d268239 in testfile fuzz/test-corpus.c:182
                                #7 0x55c12d267c7f in main fuzz/test-corpus.c:226
                                #8 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308
                                #9 0x55c12d267e5d in _start (/home/ed/OPCToolboxV5/Source/Core/OpenSSL/openssl/fuzz/x509-test+0x3e5d)

                            =================================================================
                            ==1058475==ERROR: LeakSanitizer: detected memory leaks

                            Direct leak of 268 byte(s) in 1 object(s) allocated from:
                                #0 0x7fd485a5dc3e in __interceptor_realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:163
                                #1 0x7fd484d2eb9b in BUF_MEM_grow crypto/buffer/buffer.c:97
                                #2 0x7fd4850b2913 in X509_NAME_oneline crypto/x509/x509_obj.c:43
                                #3 0x7fd4850a982f in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:41
                                #4 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44
                                #5 0x55c12d268239 in testfile fuzz/test-corpus.c:182
                                #6 0x55c12d267c7f in main fuzz/test-corpus.c:226
                                #7 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308

                            SUMMARY: AddressSanitizer: 268 byte(s) leaked in 1 allocation(s).

                            Reviewed-by: Tomas Mraz <[email protected]>
                            Reviewed-by: Matt Caswell <[email protected]>
                            (Merged from https://github.com/openssl/openssl/pull/18370)

                        commit e4b84b7514e5cbcbfc80e31b4ce609c7584e14bb
                        Author: Bernd Edlinger <[email protected]>
                        Date:   Fri May 20 16:54:41 2022 +0200

                            Fix undefined behaviour in EC_GROUP_new_from_ecparameters

                            This happens for instance with
                            fuzz/corpora/asn1/65cf44e85614c62f10cf3b7a7184c26293a19e4a
                            and causes the OPENSSL_malloc below to choke on the
                            zero length allocation request.

                            Reviewed-by: Matt Caswell <[email protected]>
                            Reviewed-by: Tomas Mraz <[email protected]>
                            (Merged from https://github.com/openssl/openssl/pull/18363)

                        commit 8e1ece20cdb4a584be5311370256c4e813c09826
                        Author: Bernd Edlinger <[email protected]>
                        Date:   Fri May 20 16:15:44 2022 +0200

                            Fix a memory leak in ec_key_simple_oct2priv

                            This is reproducible with my error injection patch:

                            $ ERROR_INJECT=1652710284 ../util/shlib_wrap.sh ./server-test ./corpora/server/4e48da8aecce6b9b58e8e4dbbf0523e6d2dd56dc
                            140587884632000:error:03078041:bignum routines:bn_expand_internal:malloc failure:crypto/bn/bn_lib.c:282:
                            140587884632000:error:10103003:elliptic curve routines:ec_key_simple_oct2priv:BN lib:crypto/ec/ec_key.c:662:
                            140587884632000:error:100DE08E:elliptic curve routines:old_ec_priv_decode:decode error:crypto/ec/ec_ameth.c:464:
                            140587884632000:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1149:
                            140587884632000:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:309:Type=X509_ALGOR
                            140587884632000:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:Field=pkeyalg, Type=PKCS8_PRIV_KEY_INFO
                            140587884632000:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:crypto/pem/pem_pkey.c:88:

                            =================================================================
                            ==19676==ERROR: LeakSanitizer: detected memory leaks

                            Direct leak of 24 byte(s) in 1 object(s) allocated from:
                                #0 0x7fdd2a6bb09f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
                                #1 0x7fdd2a2fa430 in CRYPTO_zalloc crypto/mem.c:230
                                #2 0x7fdd2a15df11 in BN_new crypto/bn/bn_lib.c:246
                                #3 0x7fdd2a15df88 in BN_secure_new crypto/bn/bn_lib.c:257
                                #4 0x7fdd2a247390 in ec_key_simple_oct2priv crypto/ec/ec_key.c:655
                                #5 0x7fdd2a241fc5 in d2i_ECPrivateKey crypto/ec/ec_asn1.c:1030
                                #6 0x7fdd2a23dac5 in old_ec_priv_decode crypto/ec/ec_ameth.c:463
                                #7 0x7fdd2a109db7 in d2i_PrivateKey crypto/asn1/d2i_pr.c:46
                                #8 0x7fdd2a33ab16 in PEM_read_bio_PrivateKey crypto/pem/pem_pkey.c:84
                                #9 0x7fdd2a3330b6 in PEM_read_bio_ECPrivateKey crypto/pem/pem_all.c:151
                                #10 0x402dba in FuzzerTestOneInput fuzz/server.c:592
                                #11 0x40370b in testfile fuzz/test-corpus.c:182
                                #12 0x402846 in main fuzz/test-corpus.c:226
                                #13 0x7fdd297b9f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

                            SUMMARY: AddressSanitizer: 24 byte(s) leaked in 1 allocation(s).

                            Reviewed-by: Tomas Mraz <[email protected]>
                            Reviewed-by: Matt Caswell <[email protected]>
                            (Merged from https://github.com/openssl/openssl/pull/18361)

                        commit 8e60f41d064786f95440e4c56660ffe9777783d7
                        Author: Bernd Edlinger <[email protected]>
                        Date:   Fri May 20 08:02:47 2022 +0200

                            Fix a crash in asn1_item_embed_new

                            This happens usually if an template object is created
                            and there is an out of memory error before the ASN1_OP_NEW_POST
                            method is called, but asn1_item_embed_free calls now the
                            ASN1_OP_FREE_POST which may crash because the object is not
                            properly initialized.  Apparently that is only an issue with
                            the ASN1_OP_FREE_POST handling of crypot/x509/x_crl.c, which
                            ought to be tolerant to incomplete initialized objects.

                            The error can be reproduced with the reproducible error injection patch:

                            $ ERROR_INJECT=1652890550 ../util/shlib_wrap.sh ./asn1-test ./corpora/asn1/0ff17293911f54d1538b9896563a4048d67d9ee4
                                #0 0x7faae9dbeeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
                                #1 0x408dc4 in my_malloc fuzz/test-corpus.c:114
                                #2 0x7faae99f2430 in CRYPTO_zalloc crypto/mem.c:230
                                #3 0x7faae97f09e5 in ASN1_STRING_type_new crypto/asn1/asn1_lib.c:341
                                #4 0x7faae98118f7 in asn1_primitive_new crypto/asn1/tasn_new.c:318
                                #5 0x7faae9812401 in asn1_item_embed_new crypto/asn1/tasn_new.c:78
                                #6 0x7faae9812401 in asn1_template_new crypto/asn1/tasn_new.c:240
                                #7 0x7faae9812315 in asn1_item_embed_new crypto/asn1/tasn_new.c:137
                                #8 0x7faae9812315 in asn1_template_new crypto/asn1/tasn_new.c:240
                                #9 0x7faae9812a54 in asn1_item_embed_new crypto/asn1/tasn_new.c:137
                                #10 0x7faae9812a54 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39
                                #11 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325
                                #12 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
                                #13 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                                #14 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                                #15 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                                #16 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
                                #17 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                                #18 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
                                #19 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
                                #20 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301
                                #21 0x40893b in testfile fuzz/test-corpus.c:182
                                #22 0x406b86 in main fuzz/test-corpus.c:226
                                #23 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

                            AddressSanitizer:DEADLYSIGNAL
                            =================================================================
                            ==1194==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc 0x7faae9b0625f bp 0x7fffffe41a00 sp 0x7fffffe41920 T0)
                            ==1194==The signal is caused by a READ memory access.
                            ==1194==Hint: address points to the zero page.
                                #0 0x7faae9b0625f in crl_cb crypto/x509/x_crl.c:258
                                #1 0x7faae9811255 in asn1_item_embed_free crypto/asn1/tasn_fre.c:113
                                #2 0x7faae9812a65 in asn1_item_embed_new crypto/asn1/tasn_new.c:150
                                #3 0x7faae9812a65 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39
                                #4 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325
                                #5 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
                                #6 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
                                #7 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                                #8 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
                                #9 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
                                #10 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
                                #11 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
                                #12 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
                                #13 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301
                                #14 0x40893b in testfile fuzz/test-corpus.c:182
                                #15 0x406b86 in main fuzz/test-corpus.c:226
                                #16 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

                            AddressSanitizer can not provide additional info.
                            SUMMARY: AddressSanitizer: SEGV crypto/x509/x_crl.c:258 in crl_cb
                            ==1194==ABORTING

                            Reviewed-by: Matt Caswell <[email protected]>
                            Reviewed-by: Tomas Mraz <[email protected]>
                            (Merged from https://github.com/openssl/openssl/pull/18360)

                            (cherry picked from commit 557825acd622f98fc21423aba092e374db84f483)

                        commit 17519e2595b5ed8211a7763ff6eb2d6cf47c13cb
                        Author: Bernd Edlinger <[email protected]>
                        Date:   Thu May 19 15:50:28 2022 +0200

                            Backport a missing bug-fix from master

                            This is a backport of the following commit from master:

                            commit 61b0fead5e6079ca826594df5b9ca00e65883cb0
                            Author: Matt Caswell <[email protected]>
                            Date:   Thu Nov 19 13:58:21 2020 +0000

                                Don't Overflow when printing Thawte Strong Extranet Version

                                When printing human readable info on the Thawte Strong Extranet extension
                                the version number could overflow if the version number == LONG_MAX. This
                                is undefined behaviour.

                                Issue found by OSSFuzz.

                                Reviewed-by: Ben Kaduk <[email protected]>
                                (Merged from https://github.com/openssl/openssl/pull/13452)

                            Reviewed-by: Matt Caswell <[email protected]>
                            Reviewed-by: Tomas Mraz <[email protected]>
                            (Merged from https://github.com/openssl/openssl/pull/18347)

                        commit 03ba56f1525c93eb3dfe72f85cdc698b97918e59
                        Author: Bernd Edlinger <[email protected]>
                        Date:   Thu May 19 10:59:25 2022 +0200

                            Backport some fuzzing data files from master

                            This is a backport of the following commit from master:

                            commit 415e6ac80405e13b20b083315747e431274fbd33
                            Author: Tavis Ormandy <[email protected]>
                            Date:   Tue Sep 21 15:48:27 2021 -0700

                                increase x509 code coverage metrics

                                Reviewed-by: Matt Caswell <[email protected]>
                                Reviewed-by: Tomas Mraz <[email protected]>
                                (Merged from https://github.com/openssl/openssl/pull/16651)

                            Reviewed-by: Matt Caswell <[email protected]>
                            Reviewed-by: Tomas Mraz <[email protected]>
                            (Merged from https://github.com/openssl/openssl/pull/18347)

                        commit e04ba889594d84a8805f3d0caeadf0527470e508
                        Author: Daniel Fiala <[email protected]>
                        Date:   Tue May 10 08:46:37 2022 +0000

                            s_serve: Report an error if init-connection fails without an attempt to read.

                            Fixes: openssl#18047.

                            Reviewed-by: Paul Dale <[email protected]>
                            Reviewed-by: Tomas Mraz <[email protected]>
                            (Merged from https://github.com/openssl/openssl/pull/18283)

                        commit 6ef91d8153e04a2302bff11b29caf7e888b62fe8
                        Author: basavesh <[email protected]>
                        Date:   Tue Apr 5 17:49:09 2022 +0200

                            Fix leakage when the cacheline is 32-bytes in CBC_MAC_ROTATE_IN_PLACE

                            rotated_mac is a 64-byte aligned buffer of size 64 and rotate_offset is secret.
                            Consider a weaker leakage model(CL) where only cacheline base address is leaked,
                            i.e address/32 for 32-byte cacheline(CL32).

                            Previous code used to perform two loads
                                1. rotated_mac[rotate_offset ^ 32] and
                                2. rotated_mac[rotate_offset++]
                            which would leak 2q + 1, 2q for 0 <= rotate_offset < 32
                            and 2q, 2q + 1 for 32 <= rotate_offset < 64

                            The proposed fix performs load operations which will always leak 2q, 2q + 1 and
                            selects the appropriate value in constant-time.

                            Reviewed-by: Matt Caswell <[email protected]>
                            Reviewed-by: Tomas Mraz <[email protected]>
                            (Merged from https://github.com/openssl/openssl/pull/18050)

                        commit c7d6c08290b67cbeef2b4f636f04788ea405520a
                        Author: Tomas Mraz <[email protected]>
                        Date:   Fri Apr 29 17:02:19 2022 +0200

                            Add test for empty supported-groups extension

                            Reviewed-by: Paul Dale <[email protected]>
                            Reviewed-by: Matt Caswell <[email protected]>
                            (Merged from https://github.com/openssl/openssl/pull/18213)

                        commit bd164884f258d99ca876f6cdcdf9bd0dcceee6ad
                        Author: Tomas Mraz <[email protected]>
                        Date:   Fri Apr 29 16:36:36 2022 +0200

                            Do not send an empty supported groups extension

                            This allows handshake to proceed if the maximum TLS version enabled is <1.3

                            Fixes #13583

                            Reviewed-by: Paul Dale <[email protected]>
                            Reviewed-by: Matt Caswell <[email protected]>
                            (Merged from https://github.com/openssl/openssl/pull/18213)

                        commit ac2d4cb656b3a796db3dc6f8873e91e67907372d
                        Author: Allan Jude <[email protected]>
                        Date:   Fri Nov 19 19:06:52 2021 +0000

                            1_1_1-stable: Detect arm64-*-*bsd and enable assembly optimizations

                            Reviewed-by: Paul Dale <[email protected]>
                            Reviewed-by: Dmitry Belyavskiy <[email protected]>
                            Reviewed-by: Tomas Mraz <[email protected]>
                            (Merged from https://github.com/openssl/openssl/pull/17085)

                        commit ec1b4bf26c1b2440546f323873c578374f60b2de
                        Author: Hugo Landau <[email protected]>
                        Date:   Wed Apr 27 10:11:08 2022 +0100

                            (1.1) Add SSL_(CTX_)?get0_(verify|chain)_cert_store functions

                            Backport of #18038 to 1.1.

                            Fixes #18035.

                            Reviewed-by: Tomas Mraz <[email protected]>
                            Reviewed-by: Dmitry Belyavskiy <[email protected]>
                            (Merged from https://github.com/openssl/openssl/pull/18190)

                        commit 988c7b2d9361dd0ade5ef7ef068fb4ed770ce2a2
                        Author: Matt Caswell <[email protected]>
                        Date:   Tue May 3 14:41:23 2022 +0100

                            Prepare for 1.1.1p-dev

                            Reviewed-by: Tomas Mraz <[email protected]>
                            Release: yes

                    commit 5ea6414f0bf861e8fece53b5bf35c849bad64774
                    Author: Randall S. Becker <[email protected]>
                    Date:   Wed Jun 22 06:26:40 2022 -0600

                        Squashed commit of the following:

                        commit 8aaca20cf9996257d1ce2e6f4d3059b3698dde3d
                        Author: Matt Caswell <[email protected]>
                        Date:   Tue Jun 21 14:39:39 2022 +0100

                            Prepare for 1.1.1p release

                            Reviewed-by: Richard Levitte <[email protected]>
                            Release: yes

                        commit a3fc812c0c78e2f5db8b9d45bddaff62dfc958ae
                        Author: Matt Caswell <[email protected]>
                        Date:   Tue Jun 21 14:07:32 2022 +0100

                            Update copyright year

                            Reviewed-by: Richard Levitte <[email protected]>
                            Release: yes

                        commit 51e06520734063d6f52b2e596e1089d36d3781e7
                        Author: Matt Caswell <[email protected]>
                        Date:   Mon Jun 20 14:14:20 2022 +0100

                  …

This can be reproduced with my error injection patch.

The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.

$ ERROR_INJECT=1656112173 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/fe543a8d7e09109a9a08114323eefec802ad79e2
    #0 0x7fb61945eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
    rogii-com#1 0x402f84 in my_malloc fuzz/test-corpus.c:114
    rogii-com#2 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
    rogii-com#3 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280
    rogii-com#4 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304
    rogii-com#5 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454
    openssl#6 0x7fb618e7aa13 in asn1_string_to_bn crypto/asn1/a_int.c:503
    openssl#7 0x7fb618e7aa13 in ASN1_INTEGER_to_BN crypto/asn1/a_int.c:559
    openssl#8 0x7fb618fd8e79 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:814
    openssl#9 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
    openssl#10 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
    openssl#11 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
    openssl#12 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
    openssl#13 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
    openssl#14 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
    openssl#15 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
    openssl#16 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
    openssl#17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
    openssl#18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
    openssl#19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
    openssl#20 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
    openssl#21 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
    openssl#22 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
    openssl#23 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
    openssl#24 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
    openssl#25 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
    openssl#26 0x402afb in testfile fuzz/test-corpus.c:182
    openssl#27 0x402656 in main fuzz/test-corpus.c:226
    openssl#28 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
    openssl#29 0x402756  (/home/ed/OPC/openssl/fuzz/x509-test+0x402756)

=================================================================
==12221==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 24 byte(s) in 1 object(s) allocated from:
    #0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
    rogii-com#1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
    rogii-com#2 0x7fb618ef5f11 in BN_new crypto/bn/bn_lib.c:246
    rogii-com#3 0x7fb618ef82f4 in BN_bin2bn crypto/bn/bn_lib.c:440
    rogii-com#4 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618
    rogii-com#5 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
    openssl#6 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
    openssl#7 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
    openssl#8 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
    openssl#9 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
    openssl#10 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
    openssl#11 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
    openssl#12 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
    openssl#13 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
    openssl#14 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
    openssl#15 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
    openssl#16 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
    openssl#17 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
    openssl#18 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
    openssl#19 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
    openssl#20 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
    openssl#21 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
    openssl#22 0x402afb in testfile fuzz/test-corpus.c:182
    openssl#23 0x402656 in main fuzz/test-corpus.c:226
    openssl#24 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

Indirect leak of 56 byte(s) in 1 object(s) allocated from:
    #0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
    rogii-com#1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
    rogii-com#2 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280
    rogii-com#3 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304
    rogii-com#4 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454
    rogii-com#5 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618
    openssl#6 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
    openssl#7 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
    openssl#8 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
    openssl#9 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
    openssl#10 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
    openssl#11 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
    openssl#12 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
    openssl#13 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
    openssl#14 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
    openssl#15 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
    openssl#16 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
    openssl#17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
    openssl#18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
    openssl#19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
    openssl#20 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
    openssl#21 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
    openssl#22 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
    openssl#23 0x402afb in testfile fuzz/test-corpus.c:182
    openssl#24 0x402656 in main fuzz/test-corpus.c:226
    openssl#25 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

SUMMARY: AddressSanitizer: 80 byte(s) leaked in 2 allocation(s).

Reviewed-by: Tomas Mraz <[email protected]>
Reviewed-by: Kurt Roeckx <[email protected]>
(Merged from openssl#18632)