#
2f8fca79 |
| 08-Apr-2021 |
Matt Caswell |
Prepare for 3.0 alpha 15 Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
#
f510d614 |
| 08-Apr-2021 |
Matt Caswell |
Prepare for release of 3.0 alpha 14 Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
#
0cfbc828 |
| 01-Apr-2021 |
Tomas Mraz |
Deprecate the EVP_PKEY controls for CMS and PKCS#7 Improve the ossl_rsa_check_key() to prevent non-signature operations with PSS keys. Do not invoke the EVP_PKEY controls for CM
Deprecate the EVP_PKEY controls for CMS and PKCS#7 Improve the ossl_rsa_check_key() to prevent non-signature operations with PSS keys. Do not invoke the EVP_PKEY controls for CMS and PKCS#7 anymore as they are not needed anymore and deprecate them. Fixes #14276 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/14760)
show more ...
|
#
e454a393 |
| 29-Mar-2021 |
Shane Lontis |
Add a range check (from SP800-56Ar3) to DH key derivation. Fixes #14401 Note that this moves the public key check out of DH compute_key() since key validation does not belong in
Add a range check (from SP800-56Ar3) to DH key derivation. Fixes #14401 Note that this moves the public key check out of DH compute_key() since key validation does not belong inside this primitive.. The check has been moved to the EVP_PKEY_derive_set_peer() function so that it generally applies to all exchange operations.. Use EVP_PKEY_derive_set_peer_ex() to disable this behaviour. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14717)
show more ...
|
#
9e6f30e6 |
| 29-Mar-2021 |
Dr. David von Oheimb |
CHANGES.md: reflect OSSL_HTTP_REQ_CTX_i2d renamed to OSSL_HTTP_REQ_CTX_set1_req Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14630)
|
#
468d9d55 |
| 25-Mar-2021 |
Matt Caswell |
Update CHANGES.md and NEWS.md for new release Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
#
c781eb1c |
| 08-Dec-2020 |
Andrey Matyukov |
Dual 1024-bit exponentiation optimization for Intel IceLake CPU with AVX512_IFMA + AVX512_VL instructions, primarily for RSA CRT private key operations. It uses 256-bit registers to avoid CPU
Dual 1024-bit exponentiation optimization for Intel IceLake CPU with AVX512_IFMA + AVX512_VL instructions, primarily for RSA CRT private key operations. It uses 256-bit registers to avoid CPU frequency scaling issues. The performance speedup for RSA2k signature on ICL is ~2x. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13750)
show more ...
|
#
63b64f19 |
| 12-Mar-2021 |
Dr. David von Oheimb |
TS and CMS CAdES-BES: Refactor check_signing_certs() funcs into common ESS func Also constify related CMS/PKCS7 functions and improve error codes thrown. Reviewed-by: Tomas Mraz <to
TS and CMS CAdES-BES: Refactor check_signing_certs() funcs into common ESS func Also constify related CMS/PKCS7 functions and improve error codes thrown. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14503)
show more ...
|
#
bef876f9 |
| 12-Mar-2021 |
Dr. David von Oheimb |
ts_check_signing_certs(): Make sure both ESSCertID and ESSCertIDv2 are checked Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14503)
|
#
6b937ae3 |
| 10-Mar-2021 |
Dr. David von Oheimb |
TS ESS: Invert the search logic of ts_check_signing_certs() to correctly cover cert ID list Fixes #14190 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.
TS ESS: Invert the search logic of ts_check_signing_certs() to correctly cover cert ID list Fixes #14190 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14503)
show more ...
|
#
2db5834c |
| 09-Mar-2021 |
Matt Caswell |
Add a CHANGES entry for the cosmetic differences in textual output Numerous functions have had their textual output amended. We add a CHANGES entry for this. Fixes #14476
Add a CHANGES entry for the cosmetic differences in textual output Numerous functions have had their textual output amended. We add a CHANGES entry for this. Fixes #14476 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14485)
show more ...
|
#
34347512 |
| 07-Mar-2021 |
Jakub Zelenka |
Update CHANGES with info about AuthEnvelopedData addition Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/opens
Update CHANGES with info about AuthEnvelopedData addition Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14456)
show more ...
|
#
e66682a8 |
| 11-Mar-2021 |
Matt Caswell |
Prepare for 3.0 alpha 14 Reviewed-by: Richard Levitte <levitte@openssl.org>
|
#
88df2c0b |
| 11-Mar-2021 |
Matt Caswell |
Prepare for release of 3.0 alpha 13 Reviewed-by: Richard Levitte <levitte@openssl.org>
|
#
f70863d9 |
| 01-Mar-2021 |
Vincent Drake |
Use read/write locking on Windows Fixes #13914 The "SRWLock" synchronization primitive is available in Windows Vista and later. CRYPTO_THREAD functions now use SRWLock function
Use read/write locking on Windows Fixes #13914 The "SRWLock" synchronization primitive is available in Windows Vista and later. CRYPTO_THREAD functions now use SRWLock functions when the target operating system supports them. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14381)
show more ...
|
#
a30823c8 |
| 09-Mar-2021 |
Shane Lontis |
Add new filter BIO BIO_f_readbuffer() This allows BIO_tell() and BIO_seek() to work for BIO's that do not support these methods. The main use case for this is file/fd BIO's that use
Add new filter BIO BIO_f_readbuffer() This allows BIO_tell() and BIO_seek() to work for BIO's that do not support these methods. The main use case for this is file/fd BIO's that use stdin. This works for stdin taken from input redirection (command < file), and stdin via pipe (cat file | command). Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14407)
show more ...
|
#
762970bd |
| 05-Mar-2021 |
Tomas Mraz |
Change default algorithms in PKCS12_create() and PKCS12_set_mac() Use the modern defaults as now set in the pkcs12 app. This also allows modifying the application to not override the def
Change default algorithms in PKCS12_create() and PKCS12_set_mac() Use the modern defaults as now set in the pkcs12 app. This also allows modifying the application to not override the default values when calling the API. Fixes #14034 Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/14450)
show more ...
|
#
18fdebf1 |
| 08-Mar-2021 |
Matt Caswell |
Mention the change of licence in NEWS.md Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14
Mention the change of licence in NEWS.md Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14465)
show more ...
|
#
0966aee5 |
| 08-Mar-2021 |
Matt Caswell |
Expand the CHANGES entry for SHA1 and libssl As well as SSL 3, TLS 1.0, TLS 1.1 and DTLS 1.0 not working at security level 1 we also document that TLS 1.2 connection will fail if the
Expand the CHANGES entry for SHA1 and libssl As well as SSL 3, TLS 1.0, TLS 1.1 and DTLS 1.0 not working at security level 1 we also document that TLS 1.2 connection will fail if the ClientHello does not have a signature algorithms extension. Fixes #14447 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14465)
show more ...
|
#
f74f416b |
| 08-Mar-2021 |
Matt Caswell |
Add a CHANGES for OSSL_STORE_INFO_get_type() The function OSSL_STORE_INFO_get_type() may now return a new object type. Applications may have to be amended accordingly. Fixes #14
Add a CHANGES for OSSL_STORE_INFO_get_type() The function OSSL_STORE_INFO_get_type() may now return a new object type. Applications may have to be amended accordingly. Fixes #14446 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14465)
show more ...
|
#
c7d4d032 |
| 08-Mar-2021 |
Matt Caswell |
Add a missing CHANGES.md entry for the legacy provider Numerous ciphers and digests have been moved to the legacy provider. There should be a CHANGES.md entry pointing this out.
Add a missing CHANGES.md entry for the legacy provider Numerous ciphers and digests have been moved to the legacy provider. There should be a CHANGES.md entry pointing this out. Fixes #14441 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14465)
show more ...
|
#
896dcda1 |
| 08-Mar-2021 |
Dmitry Belyavskiy |
Non-const accessor to legacy keys Fixes #14466. Reverting the changes of the EVP_PKEY_get0 function. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://gi
Non-const accessor to legacy keys Fixes #14466. Reverting the changes of the EVP_PKEY_get0 function. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14468)
show more ...
|
#
7bc0fdd3 |
| 02-Mar-2021 |
Matt Caswell |
Make the EVP_PKEY_get0* functions have a const return type OTC have decided that the EVP_PKEY_get0* functions should have a const return type. This is a breaking change to emphasise that
Make the EVP_PKEY_get0* functions have a const return type OTC have decided that the EVP_PKEY_get0* functions should have a const return type. This is a breaking change to emphasise that these values should be considered as immutable. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14319)
show more ...
|
#
cc57dc96 |
| 25-Feb-2021 |
Matt Caswell |
Document the change in behaviour of the the low level key getters/setters Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Revie
Document the change in behaviour of the the low level key getters/setters Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14319)
show more ...
|
#
8e53d94d |
| 25-Feb-2021 |
Matt Caswell |
Ensure the various legacy key EVP_PKEY getters/setters are deprecated Most of these were already deprecated but a few have been missed. This commit corrects that. Fixes #14303
Ensure the various legacy key EVP_PKEY getters/setters are deprecated Most of these were already deprecated but a few have been missed. This commit corrects that. Fixes #14303 Fixes #14317 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14319)
show more ...
|