hmac: stop using secure memory for the HMAC key#28411
Closed
paulidale wants to merge 1 commit intoopenssl:masterfrom
Closed
hmac: stop using secure memory for the HMAC key#28411paulidale wants to merge 1 commit intoopenssl:masterfrom
paulidale wants to merge 1 commit intoopenssl:masterfrom
Conversation
Secure memory is design for long term storage of private material. HMAC keys are not this. Secure memory use was introduced in July 2020 by commit 3fddbb2. Fixes openssl#28346
paulidale
added
branch: master
github-actions
bot
added
the
severity: fips change
paulidale
added
branch: 3.0
Contributor
Author
|
Trivial conflict merging to 3.0, 3.2 and 3.3, so separate PR for them over in #28412. |
paulidale
removed
branch: 3.0
Contributor
Author
|
Since this is unlikely to make it into the 3.6 release, it should go there too. |
t8m
approved these changes
Sep 2, 2025
Contributor
Author
|
Ping for second review please |
esyr
approved these changes
Sep 3, 2025
openssl-machine
pushed a commit
that referenced
this pull request
Sep 7, 2025
Secure memory is design for long term storage of private material. HMAC keys are not this. Secure memory use was introduced in July 2020 by commit 3fddbb2. Fixes #28346 Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> (Merged from #28411) (cherry picked from commit 362739d)
openssl-machine
pushed a commit
that referenced
this pull request
Sep 7, 2025
Secure memory is design for long term storage of private material. HMAC keys are not this. Secure memory use was introduced in July 2020 by commit 3fddbb2. Fixes #28346 Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> (Merged from #28411)
openssl-machine
pushed a commit
that referenced
this pull request
Sep 7, 2025
Secure memory is design for long term storage of private material. HMAC keys are not this. Secure memory use was introduced in July 2020 by commit 3fddbb2. Fixes #28346 Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> (Merged from #28411) (cherry picked from commit 362739d)
Contributor
Author
|
Merged to 3.6, 3.5 and 3.4. |
esyr
added a commit
to esyr/openssl
that referenced
this pull request
Sep 11, 2025
CHANGES.md: * openssl#28398 * openssl#28411 * openssl#28447 * openssl#28449 NEWS.md: * openssl#28447 Release: yes Signed-off-by: Eugene Syromiatnikov <[email protected]>
esyr
added a commit
to esyr/openssl
that referenced
this pull request
Sep 11, 2025
CHANGES.md: * openssl#28398 * openssl#28411 * openssl#28447 * openssl#28449 NEWS.md: * openssl#28447 Release: yes Signed-off-by: Eugene Syromiatnikov <[email protected]>
esyr
added a commit
to esyr/openssl
that referenced
this pull request
Sep 11, 2025
CHANGES.md: * openssl#28398 * openssl#28411 * openssl#28447 * openssl#28449 NEWS.md: * openssl#28447 Release: yes Signed-off-by: Eugene Syromiatnikov <[email protected]>
openssl-machine
pushed a commit
that referenced
this pull request
Sep 13, 2025
CHANGES.md: * #28398 * #28411 * #28447 * #28449 NEWS.md: * #28447 Release: yes Signed-off-by: Eugene Syromiatnikov <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from #28521)
esyr
added a commit
to esyr/openssl
that referenced
this pull request
Sep 15, 2025
CHANGES.md: * openssl#28398 * openssl#28411 * openssl#28447 * openssl#28449 NEWS.md: * openssl#28447 Release: yes Signed-off-by: Eugene Syromiatnikov <[email protected]>
esyr
added a commit
to esyr/openssl
that referenced
this pull request
Sep 15, 2025
CHANGES.md: * openssl#28198 * openssl#28398 * openssl#28411 * openssl#28447 * openssl#28449 NEWS.md: * openssl#28447 Release: Yes Signed-off-by: Eugene Syromiatnikov <[email protected]>
esyr
added a commit
to esyr/openssl
that referenced
this pull request
Sep 16, 2025
CHANGES.md: * openssl#28198 * openssl#28398 * openssl#28411 * openssl#28447 * openssl#28449 NEWS.md: * openssl#28447 Release: Yes Signed-off-by: Eugene Syromiatnikov <[email protected]>
openssl-machine
pushed a commit
that referenced
this pull request
Sep 16, 2025
CHANGES.md: * #28198 * #28398 * #28411 * #28447 * #28449 NEWS.md: * #28447 Release: Yes Signed-off-by: Eugene Syromiatnikov <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from #28558)
openssl-machine
pushed a commit
that referenced
this pull request
Sep 16, 2025
CHANGES.md: * #28398 * #28411 * #28447 * #28449 NEWS.md: * #28447 Release: yes Signed-off-by: Eugene Syromiatnikov <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #28547)
esyr
added a commit
to esyr/openssl
that referenced
this pull request
Sep 30, 2025
3.0.18 CHANGES.md includes the following: * openssl#28098 * openssl#28198 * openssl#28398 * openssl#28411 * openssl#28449 * openssl#28504 * openssl#28535 * openssl#28591 * openssl#28624 Release: Yes Signed-off-by: Eugene Syromiatnikov <[email protected]>
esyr
added a commit
to esyr/openssl
that referenced
this pull request
Sep 30, 2025
3.2.6 CHANGES.md includes the following: * openssl#28098 * openssl#28198 * openssl#28398 * openssl#28411 * openssl#28449 * openssl#28504 * openssl#28535 * openssl#28591 * openssl#28603 * openssl#28624 * openssl#28642 3.2.6 NEWS.md do not have any updates. Updated the changes and news in the previous branches. Release: Yes Signed-off-by: Eugene Syromiatnikov <[email protected]>
esyr
added a commit
to esyr/openssl
that referenced
this pull request
Sep 30, 2025
3.3.5 CHANGES.md includes the following: * openssl#28098 * openssl#28198 * openssl#28398 * openssl#28411 * openssl#28449 * openssl#28504 * openssl#28535 * openssl#28591 * openssl#28603 * openssl#28624 * openssl#28642 3.3.5 NEWS.md do not have any updates. Updated the changes and news in the previous branches. Release: Yes Signed-off-by: Eugene Syromiatnikov <[email protected]>
esyr
added a commit
to esyr/openssl
that referenced
this pull request
Sep 30, 2025
3.4.3 CHANGES.md includes the following: * openssl#28098 * openssl#28198 * openssl#28398 * openssl#28411 * openssl#28415 * openssl#28449 * openssl#28504 * openssl#28535 * openssl#28591 * openssl#28603 * openssl#28624 * openssl#28642 3.4.3 NEWS.md do not have any updates. Updated the changes and news in the previous branches. Release: Yes Signed-off-by: Eugene Syromiatnikov <[email protected]>
esyr
added a commit
to esyr/openssl
that referenced
this pull request
Sep 30, 2025
3.3.5 CHANGES.md includes the following: * openssl#28098 * openssl#28198 * openssl#28398 * openssl#28411 * openssl#28449 * openssl#28504 * openssl#28535 * openssl#28591 * openssl#28603 * openssl#28624 * openssl#28642 3.3.5 NEWS.md do not have any updates. Updated the changes and news in the previous branches. Release: Yes Signed-off-by: Eugene Syromiatnikov <[email protected]>
esyr
added a commit
to esyr/openssl
that referenced
this pull request
Sep 30, 2025
3.4.3 CHANGES.md includes the following: * openssl#28098 * openssl#28198 * openssl#28398 * openssl#28411 * openssl#28415 * openssl#28449 * openssl#28504 * openssl#28535 * openssl#28591 * openssl#28603 * openssl#28624 * openssl#28642 3.4.3 NEWS.md do not have any updates. Updated the changes and news in the previous branches. Release: Yes Signed-off-by: Eugene Syromiatnikov <[email protected]>
esyr
added a commit
to esyr/openssl
that referenced
this pull request
Sep 30, 2025
3.2.6 CHANGES.md includes the following: * openssl#28098 * openssl#28198 * openssl#28398 * openssl#28411 * openssl#28449 * openssl#28504 * openssl#28535 * openssl#28591 * openssl#28603 * openssl#28624 * openssl#28642 3.2.6 NEWS.md do not have any updates. Updated the changes and news in the previous branches. Release: Yes Signed-off-by: Eugene Syromiatnikov <[email protected]>
esyr
added a commit
to esyr/openssl
that referenced
this pull request
Sep 30, 2025
3.0.18 CHANGES.md includes the following: * openssl#28098 * openssl#28198 * openssl#28398 * openssl#28411 * openssl#28449 * openssl#28504 * openssl#28535 * openssl#28591 * openssl#28624 Release: Yes Signed-off-by: Eugene Syromiatnikov <[email protected]>
openssl-machine
pushed a commit
that referenced
this pull request
Sep 30, 2025
3.4.3 CHANGES.md includes the following: * #28198 * #28398 * #28411 * #28415 * #28449 Release: Yes Signed-off-by: Eugene Syromiatnikov <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Tomas Mraz <[email protected]>
openssl-machine
pushed a commit
that referenced
this pull request
Sep 30, 2025
3.3.5 CHANGES.md includes the following: * #28198 * #28398 * #28411 * #28449 Release: Yes Signed-off-by: Eugene Syromiatnikov <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Tomas Mraz <[email protected]>
openssl-machine
pushed a commit
that referenced
this pull request
Sep 30, 2025
3.2.6 CHANGES.md includes the following: * #28198 * #28398 * #28411 * #28449 Release: Yes Signed-off-by: Eugene Syromiatnikov <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Tomas Mraz <[email protected]>
openssl-machine
pushed a commit
that referenced
this pull request
Sep 30, 2025
3.0.18 CHANGES.md includes the following: * #28198 * #28398 * #28411 * #28449 Release: Yes Signed-off-by: Eugene Syromiatnikov <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Tomas Mraz <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Secure memory is designed for long term storage of private material. HMAC keys are not this.
Fixes #28346
Secure memory use was introduced in July 2020 by commit 3fddbb2.