#
b0aae913 |
| 22-Feb-2021 |
Rich Salz |
Remove RSA SSLv23 padding mode Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14248)
|
#
7932982b |
| 28-Jan-2021 |
Dr. David von Oheimb |
OSSL_HTTP_parse_url(): Handle any userinfo, query, and fragment components Now handle [http[s]://][userinfo@]host[:port][/path][?query][#frag] by optionally providing any userinfo, query
OSSL_HTTP_parse_url(): Handle any userinfo, query, and fragment components Now handle [http[s]://][userinfo@]host[:port][/path][?query][#frag] by optionally providing any userinfo, query, and frag components. All usages of this function, which are client-only, silently ignore userinfo and frag components, while the query component is taken as part of the path. Update and extend the unit tests and all affected documentation. Document and deprecat OCSP_parse_url(). Fixes an issue that came up when discussing FR #14001. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14009)
show more ...
|
#
f3ccfc76 |
| 18-Feb-2021 |
Tomas Mraz |
speed: Use EVP for ciphers, cmac, ghash, rsa, dsa, and ecdsa Fixes #13909 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merg
speed: Use EVP for ciphers, cmac, ghash, rsa, dsa, and ecdsa Fixes #13909 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14228)
show more ...
|
#
76e48c9d |
| 22-Feb-2021 |
Tomas Mraz |
Deprecated EVP_PKEY_CTX_get0_dh_kdf_ukm() and EVP_PKEY_CTX_get0_ecdh_kdf_ukm() The functions are not needed and require returning octet ptr parameters from providers that would like to s
Deprecated EVP_PKEY_CTX_get0_dh_kdf_ukm() and EVP_PKEY_CTX_get0_ecdh_kdf_ukm() The functions are not needed and require returning octet ptr parameters from providers that would like to support them which complicates provider implementations. Fixes #12985 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14279)
show more ...
|
#
12631540 |
| 20-Feb-2021 |
Pauli |
changes: note the deprecation of RAND_METHOD APIs Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13652)
|
#
937984ef |
| 18-Feb-2021 |
Matt Caswell |
Prepare for 3.0 alpha 13 Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
#
b467d394 |
| 18-Feb-2021 |
Matt Caswell |
Prepare for release of 3.0 alpha 12 Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
#
c913dbd7 |
| 16-Feb-2021 |
Matt Caswell |
Update CHANGES and NEWS for new release Reviewed-by: Richard Levitte <levitte@openssl.org>
|
#
13888e79 |
| 08-Feb-2021 |
Matt Caswell |
Update documentation following deprecation of SRP Ensure all the man pages correctly reflect the deprecated status of SRP. Fixes #13917 Reviewed-by: Tomas Mraz <tomas@opens
Update documentation following deprecation of SRP Ensure all the man pages correctly reflect the deprecated status of SRP. Fixes #13917 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14132)
show more ...
|
#
7dd5a00f |
| 08-Feb-2021 |
Pauli |
changes: add a CHANGES.md entry for the OSSL_FORCE_NO_CACHE_FETCH option. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from
changes: add a CHANGES.md entry for the OSSL_FORCE_NO_CACHE_FETCH option. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14126)
show more ...
|
#
93b39c85 |
| 04-Feb-2021 |
Tomas Mraz |
CHANGES.md: Mention RSA key generation slowdown related changes Fixes #14068 Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged fro
CHANGES.md: Mention RSA key generation slowdown related changes Fixes #14068 Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14073)
show more ...
|
#
4d2a6159 |
| 04-Feb-2021 |
Tomas Mraz |
Deprecate BN_pseudo_rand() and BN_pseudo_rand_range() The functions are obsolete aliases for BN_rand() and BN_rand_range() since 1.1.0. Reviewed-by: Dmitry Belyavskiy <beldmit@g
Deprecate BN_pseudo_rand() and BN_pseudo_rand_range() The functions are obsolete aliases for BN_rand() and BN_rand_range() since 1.1.0. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14080)
show more ...
|
#
a763ca11 |
| 14-Jan-2021 |
Matt Caswell |
Stop disabling TLSv1.3 if ec and dh are disabled Even if EC and DH are disabled then we may still be able to use TLSv1.3 if we have groups that have been plugged in by an external provid
Stop disabling TLSv1.3 if ec and dh are disabled Even if EC and DH are disabled then we may still be able to use TLSv1.3 if we have groups that have been plugged in by an external provider. Fixes #13767 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13916)
show more ...
|
#
1409b5f6 |
| 28-Jan-2021 |
Rich Salz |
Deprecate EVP_MD_CTX_{set_}update_fn() They are still used internally in legacy code. Also fixed up some minor things in EVP_DigestInit.pod Fixes: #14003 Reviewed-
Deprecate EVP_MD_CTX_{set_}update_fn() They are still used internally in legacy code. Also fixed up some minor things in EVP_DigestInit.pod Fixes: #14003 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14008)
show more ...
|
#
66194839 |
| 01-Feb-2021 |
Tomas Mraz |
Add diacritics to my name in CHANGES.md Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <pau
Add diacritics to my name in CHANGES.md Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14044)
show more ...
|
#
7ff9fdd4 |
| 28-Jan-2021 |
Rich Salz |
Deprecate X509_certificate_type Fixes: #13997 Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://g
Deprecate X509_certificate_type Fixes: #13997 Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14002)
show more ...
|
#
302e63cb |
| 28-Jan-2021 |
Richard Levitte |
Prepare for 3.0 alpha 12 Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
#
31a89254 |
| 28-Jan-2021 |
Richard Levitte |
Prepare for release of 3.0 alpha 11 Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
Revision tags: OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7 |
|
#
5b5eea4b |
| 15-Oct-2020 |
Shane Lontis |
Deprecate EC_KEY + Update ec apps to use EVP_PKEY Co-author: Richard Levitte <levitte@openssl.org> Co-author: Tomas Mraz <tmraz@openssl.org> Reviewed-by: Matt Caswell <matt@open
Deprecate EC_KEY + Update ec apps to use EVP_PKEY Co-author: Richard Levitte <levitte@openssl.org> Co-author: Tomas Mraz <tmraz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13139)
show more ...
|
#
c27e7922 |
| 21-Jan-2021 |
Tomas Mraz |
bn: Deprecate the X9.31 RSA key generation related functions This key generation method is obsolete. Fixes #10111 Reviewed-by: Richard Levitte <levitte@openssl.org> (Me
bn: Deprecate the X9.31 RSA key generation related functions This key generation method is obsolete. Fixes #10111 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13921)
show more ...
|
#
cddbcf02 |
| 18-Jan-2021 |
Dr. David von Oheimb |
rename OSSL_HTTP_REQ_CTX_header to OSSL_HTTP_REQ_CTX_set_request_line Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13898)
|
#
5b57aa24 |
| 06-Jan-2021 |
Matt Caswell |
Ensure SRP BN_mod_exp follows the constant time path SRP_Calc_client_key calls BN_mod_exp with private data. However it was not setting BN_FLG_CONSTTIME and therefore not using the const
Ensure SRP BN_mod_exp follows the constant time path SRP_Calc_client_key calls BN_mod_exp with private data. However it was not setting BN_FLG_CONSTTIME and therefore not using the constant time implementation. This could be exploited in a side channel attack to recover the password. Since the attack is local host only this is outside of the current OpenSSL threat model and therefore no CVE is assigned. Thanks to Mohammed Sabt and Daniel De Almeida Braga for reporting this issue. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13888)
show more ...
|
#
b9fbacaa |
| 06-Jan-2021 |
Dr. David von Oheimb |
apps/x509.c: Add -copy_extensions option, used when transforming x509 <-> req Fixes #3638 Fixes #6481 Fixes #10458 Partly fixes #13708 Supersedes #9449 Reviewed-by:
apps/x509.c: Add -copy_extensions option, used when transforming x509 <-> req Fixes #3638 Fixes #6481 Fixes #10458 Partly fixes #13708 Supersedes #9449 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13711)
show more ...
|
#
83b6dc8d |
| 26-Dec-2020 |
Rich Salz |
Deprecate OCSP_xxx API for OSSL_HTTP_xxx Deprecations made: OCSP_REQ_CTX typedef->OSSL_HTTP_REQ_CTX OCSP_REQ_CTX_new->OSSL_HTTP_REQ_CTX_new OCSP_REQ_CTX_free->OSSL_HT
Deprecate OCSP_xxx API for OSSL_HTTP_xxx Deprecations made: OCSP_REQ_CTX typedef->OSSL_HTTP_REQ_CTX OCSP_REQ_CTX_new->OSSL_HTTP_REQ_CTX_new OCSP_REQ_CTX_free->OSSL_HTTP_REQ_CTX_free OCSP_REQ_CTX_http-> OSSL_HTTP_REQ_CTX_header OCSP_REQ_CTX_add1_header->OSSL_HTTP_REQ_CTX_add1_header OCSP_REQ_CTX_i2d->OSSL_HTTP_REQ_CTX_i2d OCSP_REQ_CTX_get0_mem_bio->OSSL_HTTP_REQ_CTX_get0_mem_bio OCSP_set_max_response_length->OSSL_HTTP_REQ_CTX_set_max_response_length OCSP_REQ_CTX_nbio_d2i->OSSL_HTTP_REQ_CTX_sendreq_d2i OCSP_REQ_CTX_nbio->OSSL_HTTP_REQ_CTX_nbio Made some editorial changes to man3/OCSP_sendreq.pod; move the NOTES text inline. Some of the original functions had no documentation: OCSP_REQ_CTX_new, OCSP_REQ_CTX_http, OCSP_REQ_CTX_get0_mem_bio, OCSP_REQ_CTX_nbio_d2i, and OCSP_REQ_CTX_nbio. Their new counterparts are now documented in doc/man3/OSSL_HTTP_REQ_CTX.pod Fixes #12234 Co-authored-by: Richard Levitte <levitte@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13742)
show more ...
|
#
b65c5ec8 |
| 24-Dec-2020 |
Dr. David von Oheimb |
apps/req.c: Add -copy_extensions option for use with -x509; default: none Fixes #13708 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/
apps/req.c: Add -copy_extensions option for use with -x509; default: none Fixes #13708 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13658)
show more ...
|