#
f4bd5105 |
| 07-Oct-2020 |
Pauli |
list: add a -provider-info option. Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/13084)
|
#
e8dca211 |
| 15-Oct-2020 |
Matt Caswell |
Prepare for 3.0 alpha 8 Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
|
#
f9a5682e |
| 15-Oct-2020 |
Matt Caswell |
Prepare for release of 3.0 alpha 7 Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
|
#
b4250010 |
| 15-Oct-2020 |
Dr. Matthias St. Pierre |
Rename OPENSSL_CTX prefix to OSSL_LIB_CTX Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix, e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER.
Rename OPENSSL_CTX prefix to OSSL_LIB_CTX Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix, e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER. The OPENSSL_CTX type stands out a little by using a different prefix. For consistency reasons, this type is renamed to OSSL_LIB_CTX. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12621)
show more ...
|
#
db554ae1 |
| 02-Oct-2020 |
Jordan Montgomery |
Expose PKCS7_get_octet_string and PKCS7_type_is_other Add PKCS7_get_octet_string() and PKCS7_type_is_other() to the public interface. Fixes #11139 Reviewed-by: Tim Hudson <tjh@o
Expose PKCS7_get_octet_string and PKCS7_type_is_other Add PKCS7_get_octet_string() and PKCS7_type_is_other() to the public interface. Fixes #11139 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/13059)
show more ...
|
#
d8dc8538 |
| 24-Sep-2020 |
Dr. Matthias St. Pierre |
Change CVE link style in CHANGES and NEWS Replace [collapsed reference links][] for the CVEs by [shortcut reference links], in order to to improve the readability of the raw markdown
Change CVE link style in CHANGES and NEWS Replace [collapsed reference links][] for the CVEs by [shortcut reference links], in order to to improve the readability of the raw markdown text. Consistently add parentheses around the CVE links at the end of the CVE descriptions. (The NEWS file already had the parentheses, in the CHANGES file they where missing.) [collapsed reference links]: https://github.github.com/gfm/#collapsed-reference-link [shortcut reference links]: https://github.github.com/gfm/#shortcut-reference-link Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12967)
show more ...
|
#
6ffc3127 |
| 24-Sep-2020 |
Dr. Matthias St. Pierre |
Update CHANGES and NEWS for 1.1.1h release Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12967)
|
#
3786d748 |
| 24-Sep-2020 |
jwalch |
en EVP_PKEY_CTX_set_rsa_keygen_pubexp() BIGNUM management Fixes #12635 As discussed in the issue, supporting the set0-like semantics long-term is not necessarily desirable, although
en EVP_PKEY_CTX_set_rsa_keygen_pubexp() BIGNUM management Fixes #12635 As discussed in the issue, supporting the set0-like semantics long-term is not necessarily desirable, although necessary for short-term compatibility concerns. So I've deprecated the original method and added an equivalent that is explicitly labelled as set1. I tried to audit existing usages of the (now-deprecated) API and update them to use set1 if that appeared to align with their expectations. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12917)
show more ...
|
Revision tags: OpenSSL_1_1_1h |
|
#
14711fff |
| 18-Sep-2020 |
Richard Levitte |
EVP: Enforce that EVP_PKEY_set_alias_type() only works with legacy keys This also deprecates the function, as it is not necessary any more, and should fall out of use. Reviewed-
EVP: Enforce that EVP_PKEY_set_alias_type() only works with legacy keys This also deprecates the function, as it is not necessary any more, and should fall out of use. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12920)
show more ...
|
#
31605414 |
| 03-Sep-2020 |
Matt Caswell |
Add a CHANGES entry for the safestack updates Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl
Add a CHANGES entry for the safestack updates Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12781)
show more ...
|
#
64713cb1 |
| 03-Sep-2020 |
Chris Novakovic |
apps/ca: allow CRL lastUpdate/nextUpdate fields to be specified When generating a CRL using the "ca" utility, allow values for the lastUpdate and nextUpdate fields to be specified using
apps/ca: allow CRL lastUpdate/nextUpdate fields to be specified When generating a CRL using the "ca" utility, allow values for the lastUpdate and nextUpdate fields to be specified using the command line options -crl_lastupdate and -crl_nextupdate respectively. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12784)
show more ...
|
Revision tags: openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2, openssl-3.0.0-alpha1, OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e, OpenSSL_1_0_2u, OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d, OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s |
|
#
10203a34 |
| 13-Apr-2019 |
Kurt Roeckx |
Support writing RSA keys using the traditional format again Fixes: #6855 Reviewed-by: Richard Levitte <levitte@openssl.org> GH: #8743
|
#
ece9304c |
| 16-Aug-2020 |
Richard Levitte |
Rename OSSL_SERIALIZER / OSSL_DESERIALIZER to OSSL_ENCODE / OSSL_DECODE Fixes #12455 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openss
Rename OSSL_SERIALIZER / OSSL_DESERIALIZER to OSSL_ENCODE / OSSL_DECODE Fixes #12455 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12660)
show more ...
|
#
fc0aae73 |
| 12-Aug-2020 |
Dr. David von Oheimb |
PKCS12_parse(): Fix reversed order of certs parsed and output via *ca Fixes #6698 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/opens
PKCS12_parse(): Fix reversed order of certs parsed and output via *ca Fixes #6698 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12641)
show more ...
|
#
7d615e21 |
| 22-Jul-2020 |
Pauli |
rand_drbg: remove RAND_DRBG. The RAND_DRBG API did not fit well into the new provider concept as implemented by EVP_RAND and EVP_RAND_CTX. The main reason is that the RAND_DRBG API i
rand_drbg: remove RAND_DRBG. The RAND_DRBG API did not fit well into the new provider concept as implemented by EVP_RAND and EVP_RAND_CTX. The main reason is that the RAND_DRBG API is a mixture of 'front end' and 'back end' API calls and some of its API calls are rather low-level. This holds in particular for the callback mechanism (RAND_DRBG_set_callbacks()) and the RAND_DRBG type changing mechanism (RAND_DRBG_set()). Adding a compatibility layer to continue supporting the RAND_DRBG API as a legacy API for a regular deprecation period turned out to come at the price of complicating the new provider API unnecessarily. Since the RAND_DRBG API exists only since version 1.1.1, it was decided by the OMC to drop it entirely. Other related changes: Use RNG instead of DRBG in EVP_RAND documentation. The documentation was using DRBG in places where it should have been RNG or CSRNG. Move the RAND_DRBG(7) documentation to EVP_RAND(7). Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/12509)
show more ...
|
#
1b2873e4 |
| 06-Aug-2020 |
Matt Caswell |
Prepare for 3.0 alpha 7 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
|
#
e3ec8020 |
| 06-Aug-2020 |
Matt Caswell |
Prepare for release of 3.0 alpha 6 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
|
#
37d898df |
| 19-May-2020 |
David Woodhouse |
Add CHANGES.md entry for SSL_set1_host()/SSL_add1_host() taking IP literals Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merge
Add CHANGES.md entry for SSL_set1_host()/SSL_add1_host() taking IP literals Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9201)
show more ...
|
#
77174598 |
| 17-Jul-2020 |
Viktor Dukhovni |
Avoid errors with a priori inapplicable protocol bounds The 'MinProtocol' and 'MaxProtocol' configuration commands now silently ignore TLS protocol version bounds when configurign DTLS-b
Avoid errors with a priori inapplicable protocol bounds The 'MinProtocol' and 'MaxProtocol' configuration commands now silently ignore TLS protocol version bounds when configurign DTLS-based contexts, and conversely, silently ignore DTLS protocol version bounds when configuring TLS-based contexts. The commands can be repeated to set bounds of both types. The same applies with the corresponding "min_protocol" and "max_protocol" command-line switches, in case some application uses both TLS and DTLS. SSL_CTX instances that are created for a fixed protocol version (e.g. TLSv1_server_method()) also silently ignore version bounds. Previously attempts to apply bounds to these protocol versions would result in an error. Now only the "version-flexible" SSL_CTX instances are subject to limits in configuration files in command-line options. Expected to resolve #12394 Reviewed-by: Paul Dale <paul.dale@oracle.com> GH: #12472
show more ...
|
#
16c6534b |
| 25-Jun-2020 |
Dr. David von Oheimb |
check-format.pl: Add an entry about it to NEWS.md and to CHANGES.md Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12270)
|
#
318565b7 |
| 16-Jul-2020 |
Richard Levitte |
Prepare for 3.0 alpha 6 Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
|
#
e70a2d9f |
| 16-Jul-2020 |
Richard Levitte |
Prepare for release of 3.0 alpha 5 Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
|
#
865adf97 |
| 18-Jun-2020 |
Matt Caswell |
Revert "The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_*" The commit claimed to make things more consistent. In fact it makes it less so. Revert back to the pr
Revert "The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_*" The commit claimed to make things more consistent. In fact it makes it less so. Revert back to the previous namig convention. This reverts commit d9c2fd51e2e278bc3f7793a104ff7b4879f6d63a. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12186)
show more ...
|
#
8dab4de5 |
| 16-Jul-2020 |
Richard Levitte |
Add latest changes and news in CHANGES.md and NEWS.md - Reworked test perl framwork for parallel tests - Reworked ERR codes to make better space for system errors - Deprecation of th
Add latest changes and news in CHANGES.md and NEWS.md - Reworked test perl framwork for parallel tests - Reworked ERR codes to make better space for system errors - Deprecation of the ENGINE API Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12461)
show more ...
|
#
7cc355c2 |
| 08-Jun-2020 |
Shane Lontis |
Add AES_CBC_CTS ciphers to providers Added Algorithm names AES-128-CBC-CTS, AES-192-CBC-CTS and AES-256-CBC-CTS. CS1, CS2 and CS3 variants are supported. Only single shot updates are
Add AES_CBC_CTS ciphers to providers Added Algorithm names AES-128-CBC-CTS, AES-192-CBC-CTS and AES-256-CBC-CTS. CS1, CS2 and CS3 variants are supported. Only single shot updates are supported. The cipher returns the mode EVP_CIPH_CBC_MODE (Internally it shares the aes_cbc cipher code). This would allow existing code that uses AES_CBC to switch to the CTS variant without breaking code that tests for this mode. Because it shares the aes_cbc code the cts128.c functions could not be used directly. The cipher returns the flag EVP_CIPH_FLAG_CTS. EVP_CIPH_FLAG_FIPS & EVP_CIPH_FLAG_NON_FIPS_ALLOW have been deprecated. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12094)
show more ...
|