Look at a few low-hanging fruits

docs/audit_report/changes/topics/build_system.yml

@@ -1,5 +1,9 @@
 title: Build System Adaptions and Fixes
 
+description: |
+  Changes to the library's build system. No fundamentally new features were
+  introduced, and no functional changes to the actual library code were made.
+
 patches:
 # Reflect CXXFLAGS into the linker invocation as well  (@randombit)
 - pr: 4206  # https://github.com/randombit/botan/pull/4206
@@ -21,33 +25,19 @@ patches:
 #   Author:    @randombit
 - pr: 4267  # https://github.com/randombit/botan/pull/4267
   merge_commit: f1a91e752e7de034423343e6544afd94da636e38
-  classification: unspecified
+  classification: info
+  auditer: reneme
 
 # Add configure.py option --disable-asm
 #   Author:    @randombit
 - pr: 4273  # https://github.com/randombit/botan/pull/4273
   merge_commit: b647e85dc033f92829ba6f32a3c44bdc89778821
-  classification: unspecified
-
-# Add a script for configuring our build for OSS-Fuzz [ci skip]
-#   Author: Jack Lloyd
-- commit: 99f620410c99d83b197743dcd4a24701b10e66fa  # https://github.com/randombit/botan/commit/99f620410c99d83b197743dcd4a24701b10e66fa
-  classification: unspecified
-
-# Fix an error and some warnings with --disable-asm
-#   Author:    @randombit
-- pr: 4274  # https://github.com/randombit/botan/pull/4274
-  merge_commit: 39dcfa0fc212a99c5cdf8310b24e8ec7a950af4a
-  classification: unspecified
-
-# Fix config_for_oss_fuzz.py script to work even if . isn't in PATH [ci skip]
-#   Author: Jack Lloyd
-- commit: ba957b95eaabb9cf0c7033c784b27081a7e60e2f  # https://github.com/randombit/botan/commit/ba957b95eaabb9cf0c7033c784b27081a7e60e2f
-  classification: unspecified
+  classification: info
+  auditer: reneme
 
 # Use @response_files.txt for linking in Ninja
 #   Author:    @reneme
 #   Approvals: (@randombit)
 - pr: 4350  # https://github.com/randombit/botan/pull/4350
   merge_commit: 4e2e9d59f65bbb597ff3d4e890eb8cfe6890ab89
-  classification: unspecified
+  classification: info

docs/audit_report/changes/topics/chore.yml

@@ -1,5 +1,10 @@
 title: Code Maintenance
 
+description: |
+  Patches in this section improve parts of the code base which typically does not
+  affect the functionality of the library. If the changes directly and substantially
+  affect code relevant for security, they are classified as "relevant".
+
 patches:
 # Chore: Centralize Strong<> type unwrapping  (@reneme)
 - pr: 4170  # https://github.com/randombit/botan/pull/4170
@@ -17,41 +22,47 @@ patches:
 #   Approvals: @reneme
 - pr: 4239  # https://github.com/randombit/botan/pull/4239
   merge_commit: a66e2520739f1988f3d7291432e24e3ff59a8552
-  classification: unspecified
+  classification: info
 
 # FIX: Test a list of UTF-8 encoded root certs
 #   Author:    @reneme
 #   Approvals: (@randombit)
 - pr: 4280  # https://github.com/randombit/botan/pull/4280
   merge_commit: 0d4969aedde1716f5254e20cd9a35ad42939495a
-  classification: unspecified
+  classification: info
 
 # FIX: allow multiple BOTAN_REGISTER_TEST_FN()
 #   Author:    @reneme
 #   Approvals: (@randombit)
 - pr: 4277  # https://github.com/randombit/botan/pull/4277
   merge_commit: 03d8b16bbe4c007e879f2061938d2466247e18ed
-  classification: unspecified
+  classification: info
 
 # Refactor internal usage of PK encryption padding
 #   Author:    @randombit
 #   Approvals: @reneme
 - pr: 4238  # https://github.com/randombit/botan/pull/4238
   merge_commit: ba02fa071fdf22ac7b3843856af4c5202a43936f
-  classification: unspecified
+  classification: relevant
+  comment: |
+    This refactors the handling of RSA paddings for encryption for
+    better memory safety and code clarity.
 
 # Use array-based load_be/le in MD hashes
 #   Author:    @reneme
 #   Approvals: (@randombit)
 - pr: 4244  # https://github.com/randombit/botan/pull/4244
   merge_commit: e1fc592917ae0b31b7364cd9b13aae8acf81030e
-  classification: unspecified
+  classification: relevant
+  comment: |
+    Simplifies the code of the inner hash loops by using better abstractions.
 
 # Add CPUID enablement for x86 VAES, GFNI, SHA-512, SM3, and SM4
 #   Author:    @randombit
 - pr: 4286  # https://github.com/randombit/botan/pull/4286
   merge_commit: 954a758e6ffda30ff2b851eb2ebaacde133bc44b
-  classification: unspecified
+  classification: info
+  auditer: reneme
 
 # Fix: Deprecated Module in BSI Policy
 #   Author:    @FAlbertDev
@@ -60,92 +71,102 @@ patches:
   merge_commit: e0a3ed6b92117e85128b97af9e7e4069c41ced17
   classification: relevant
   auditer: reneme
+  comment: |
+    Fixes a compile error when building with the BSI policy and disabling
+    deprecated modules.
 
 # Avoid testing multiple bits in CPUID feature checks
 #   Author:    @randombit
 - pr: 4290  # https://github.com/randombit/botan/pull/4290
   merge_commit: 6a88af1d6e5be1ce415a5df6f44c727bc3460645
-  classification: unspecified
+  classification: info
+  auditer: reneme
 
 # Fix: MSVC Unreachable Code Debug Warnings
 #   Author:    @FAlbertDev
 #   Approvals: @reneme
 - pr: 4297  # https://github.com/randombit/botan/pull/4297
   merge_commit: d0f11a6a0f3ab7b0b13510a34682d6e3aa7b72bd
-  classification: unspecified
+  classification: info
 
 # Fix artifact of applying clang-format
 #   Author:    @randombit
 #   Approvals: @reneme
 - pr: 4306  # https://github.com/randombit/botan/pull/4306
   merge_commit: 06061a9e773712d421007e91114681abd4289be4
-  classification: unspecified
+  classification: info
 
 # Fix timer usage in benchmarks
 #   Author:    @randombit
 - pr: 4311  # https://github.com/randombit/botan/pull/4311
   merge_commit: d463bc0187fc30cd1630191b39d1238601533591
-  classification: unspecified
+  classification: info
+  auditer: reneme
 
 # Provides auxiliary vector support for OpenBSD
 #   Author:    @brad0
 #   Approvals: (@randombit)
 - pr: 4312  # https://github.com/randombit/botan/pull/4312
   merge_commit: 69ad604ff8ba35860cfb22be3ed4e763ea07ba2c
-  classification: unspecified
+  classification: info
+  auditer: reneme
 
 # Fix ppc64 CPUID
 #   Author:    @randombit
 - pr: 4316  # https://github.com/randombit/botan/pull/4316
   merge_commit: 90c5665c0f4c4bfa835e41b3d2f32d7bea1a151d
-  classification: unspecified
+  classification: info
+  auditer: reneme
 
 # Fix header include in a test
 #   Author:    @randombit
 - pr: 4319  # https://github.com/randombit/botan/pull/4319
   merge_commit: 197979994b17a3adc2ec944db2119a4a9abbca11
-  classification: unspecified
+  classification: info
+  auditer: reneme
 
 # Remove obsolete hack for Android getauxval
 #   Author:    @randombit
 #   Approvals: @reneme
 - pr: 4317  # https://github.com/randombit/botan/pull/4317
   merge_commit: 917857c74b2c4334b1e8b6427753bf5c9718e884
-  classification: unspecified
+  classification: info
 
 # Clean up CPU extension flags
 #   Author:    @randombit
 #   Approvals: @reneme
 - pr: 4331  # https://github.com/randombit/botan/pull/4331
   merge_commit: a7f2305ae71c1c7e877f1663becfe9f980614751
-  classification: unspecified
+  classification: info
 
 # Update Fuzzer documentation and Configuration
 #   Author:    @Logix64
 #   Approvals: (@randombit)
 - pr: 4114  # https://github.com/randombit/botan/pull/4114
   merge_commit: 00eb2d290189340500a8096e1817ad53a1340170
-  classification: unspecified
+  classification: out of scope
+  auditer: reneme
 
 # Fix mp_redc_crandall fuzzer
 #   Author:    @randombit
 - pr: 4358  # https://github.com/randombit/botan/pull/4358
   merge_commit: 1fe3150f597053313ecd2b22127ddd9a097c81ca
-  classification: unspecified
+  classification: out of scope
+  auditer: reneme
 
 # Deprecate various aliases for the public key padding code
 #   Author:    @randombit
 #   Approvals: @reneme
 - pr: 4355  # https://github.com/randombit/botan/pull/4355
   merge_commit: bd89aa31452ac3d17774f1df7329471512c6e7e5
-  classification: unspecified
+  classification: info
 
 # Reorder/rephrase output from X509_Certificate::to_string
 #   Author:    @randombit
 #   Approvals: @reneme
 - pr: 4330  # https://github.com/randombit/botan/pull/4330
   merge_commit: 175b1f2a8df2cf8003880ec1c79bcf9d25c09918
-  classification: unspecified
+  classification: info
 
 # Allow using `secure_allocator` for enum types, like `std::byte`
 #   Author:    @Delta-dev-99
@@ -171,29 +192,33 @@ patches:
 #   Author:    @randombit
 - pr: 4363  # https://github.com/randombit/botan/pull/4363
   merge_commit: 924060344d0ce0b6b3736a37fb779e9f70250b4e
-  classification: unspecified
+  classification: info
+  auditer: reneme
 
 # Refactor public key related performance test code
 #   Author:    @randombit
 - pr: 4367  # https://github.com/randombit/botan/pull/4367
   merge_commit: 2cc573c31ceaa71d04adbd201a7105abd61d3cee
-  classification: unspecified
+  classification: info
+  auditer: reneme
 
 # Refactor performance testing of symmetric algorithms
 #   Author:    @randombit
 - pr: 4369  # https://github.com/randombit/botan/pull/4369
   merge_commit: 0cbc2fe3f76feb2e34ccf1d6904f5e3b1b00bb06
-  classification: unspecified
+  classification: info
+  auditer: reneme
 
 # Cleanups after refactoring of speed cli
 #   Author:    @randombit
 - pr: 4378  # https://github.com/randombit/botan/pull/4378
   merge_commit: 76e11d7bf488ad499477573828c318756c86a718
-  classification: unspecified
+  classification: info
+  auditer: reneme
 
 # test_pk_pad.cpp #ifdef fix
 #   Author:    @FAlbertDev
 #   Approvals: (@randombit)
 - pr: 4380  # https://github.com/randombit/botan/pull/4380
   merge_commit: c2c8f16d32b3c3bd7e77f1fb9b16be046001fab0
-  classification: unspecified
+  classification: info

docs/audit_report/changes/topics/continuous_integration.yml

@@ -75,3 +75,15 @@ patches:
 - pr: 4389  # https://github.com/randombit/botan/pull/4389
   merge_commit: 2849ec74e772ffdceb18740fed27df9fe3689431
   classification: unspecified
+
+# Add a script for configuring our build for OSS-Fuzz [ci skip]
+#   Author: Jack Lloyd
+- commit: 99f620410c99d83b197743dcd4a24701b10e66fa  # https://github.com/randombit/botan/commit/99f620410c99d83b197743dcd4a24701b10e66fa
+  classification: info
+  auditer: reneme
+
+# Fix config_for_oss_fuzz.py script to work even if . isn't in PATH [ci skip]
+#   Author: Jack Lloyd
+- commit: ba957b95eaabb9cf0c7033c784b27081a7e60e2f  # https://github.com/randombit/botan/commit/ba957b95eaabb9cf0c7033c784b27081a7e60e2f
+  classification: info
+  auditer: reneme

docs/audit_report/changes/topics/documentation.yml

@@ -35,13 +35,14 @@ patches:
 #   Approvals: (@randombit)
 - pr: 4281  # https://github.com/randombit/botan/pull/4281
   merge_commit: a660b8451437448dd86701db44bd30d6257bcfd1
-  classification: unspecified
+  classification: info
 
 # Update ECC documentation for EC_Scalar / EC_AffinePoint
 #   Author:    @randombit
 - pr: 4284  # https://github.com/randombit/botan/pull/4284
   merge_commit: d5062e515910a978c8157b936e6ef2f4f8b3003e
-  classification: unspecified
+  classification: info
+  auditer: reneme
 
 # Update todos [ci skip]
 #   Author: Jack Lloyd
@@ -54,49 +55,51 @@ patches:
 #   Approvals: (@randombit)
 - pr: 4310  # https://github.com/randombit/botan/pull/4310
   merge_commit: c2491c7808e92527146c3dbe88608b664804549a
-  classification: unspecified
+  classification: info
 
 # Display the module name in the doxygen modules
 #   Author:    @reneme
 #   Approvals: (@randombit)
 - pr: 4333  # https://github.com/randombit/botan/pull/4333
   merge_commit: 33c953a108d93c6a569a59bfebfafd0efd103db4
-  classification: unspecified
+  classification: info
 
 # Example fix: Use more secure KEM combination in example
 #   Author:    @FAlbertDev
 #   Approvals: @reneme
 - pr: 4344  # https://github.com/randombit/botan/pull/4344
   merge_commit: 7e28dda59a89c5d261c12603b4287224483e2595
-  classification: unspecified
+  classification: info
 
 # Shift the release schedule over by one month, and to Tuesdays.
 #   Author:    @randombit
 #   Approvals: @reneme
 - pr: 4370  # https://github.com/randombit/botan/pull/4370
   merge_commit: 05f4053c779cdf98310a1698e958d12dfdf68689
-  classification: unspecified
+  classification: info
 
 # Update block cipher docs a bit [ci skip]
 #   Author: Jack Lloyd
 - commit: 7b80f600a328b90d54023c5c55f23747df516fda  # https://github.com/randombit/botan/commit/7b80f600a328b90d54023c5c55f23747df516fda
-  classification: unspecified
+  classification: info
+  auditer: reneme
 
 # Add a todo [ci skip]
 #   Author: Jack Lloyd
 - commit: 04653933c6885d3104c47712dd9b9f2e1a8fca0c  # https://github.com/randombit/botan/commit/04653933c6885d3104c47712dd9b9f2e1a8fca0c
-  classification: unspecified
+  classification: info
+  auditer: reneme
 
 # Doc: Minor Cleanups and TODO updates
 #   Author:    @reneme
 #   Approvals: (@randombit)
 - pr: 4392  # https://github.com/randombit/botan/pull/4392
   merge_commit: 087f6ca2fbf8ad4267e60bf2ae65a9319619d130
-  classification: unspecified
+  classification: info
 
 # Update credits.rst and authors.txt
 #   Author:    @reneme
 #   Approvals: (@randombit)
 - pr: 4387  # https://github.com/randombit/botan/pull/4387
   merge_commit: e24dd8aa34db77587a178f47271bd3fdcbbffc63
-  classification: unspecified
+  classification: info

docs/audit_report/changes/topics/fixes.yml

@@ -87,3 +87,10 @@ patches:
 - pr: 4395  # https://github.com/randombit/botan/pull/4395
   merge_commit: b9f712741791bff3dcc2303c3202037555f64f0a
   classification: unspecified
+
+# Fix an error and some warnings with --disable-asm
+#   Author:    @randombit
+- pr: 4274  # https://github.com/randombit/botan/pull/4274
+  merge_commit: 39dcfa0fc212a99c5cdf8310b24e8ec7a950af4a
+  classification: info
+  auditer: reneme