#
163b8016 |
| 23-Jun-2020 |
Martin Elshuber |
Add support to zeroize plaintext in S3 record layer Some applications want even all plaintext copies beeing zeroized. However, currently plaintext residuals are kept in rbuf within t
Add support to zeroize plaintext in S3 record layer Some applications want even all plaintext copies beeing zeroized. However, currently plaintext residuals are kept in rbuf within the s3 record layer. This patch add the option SSL_OP_CLEANSE_PLAINTEXT to its friends to optionally enable cleansing of decrypted plaintext data. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12251)
show more ...
|
#
1dc1ea18 |
| 10-Jun-2020 |
Dr. David von Oheimb |
Fix many MarkDown issues in {NOTES*,README*,HACKING,LICENSE}.md files Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12109)
|
#
036cbb6b |
| 10-Jun-2020 |
Dr. David von Oheimb |
Rename NOTES*, README*, VERSION, HACKING, LICENSE to .md or .txt Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12109)
|
#
16b0e0fc |
| 03-Mar-2020 |
Richard Levitte |
DOC: Mention Configure consistently 'config' is now a mere wrapper for backward compatibility. All documentation is changed accordingly. Reviewed-by: Tim Hudson <tjh@openssl.org
DOC: Mention Configure consistently 'config' is now a mere wrapper for backward compatibility. All documentation is changed accordingly. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11230)
show more ...
|
#
3bd65f9b |
| 22-Jun-2020 |
Richard Levitte |
Update NEWS and CHANGES NEWS and CHANGES hasn't mentioned OPENSSL_CTX before, so adding entries now. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com
Update NEWS and CHANGES NEWS and CHANGES hasn't mentioned OPENSSL_CTX before, so adding entries now. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12228)
show more ...
|
#
aba03ae5 |
| 02-Jan-2020 |
Kurt Roeckx |
Reduce the security bits for MD5 and SHA1 based signatures in TLS This has as effect that SHA1 and MD5+SHA1 are no longer supported at security level 1, and that TLS < 1.2 is no longer s
Reduce the security bits for MD5 and SHA1 based signatures in TLS This has as effect that SHA1 and MD5+SHA1 are no longer supported at security level 1, and that TLS < 1.2 is no longer supported at the default security level of 1, and that you need to set the security level to 0 to use TLS < 1.2. Reviewed-by: Tim Hudson <tjh@openssl.org> GH: #10787
show more ...
|
#
0d96afd2 |
| 25-Jun-2020 |
Matt Caswell |
Prepare for 3.0 alpha 5 Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
|
#
38778b78 |
| 25-Jun-2020 |
Matt Caswell |
Prepare for release of 3.0 alpha 4 Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
|
#
d9c2fd51 |
| 08-Jun-2020 |
Pauli |
The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_* functions are now EVP_MAC functions, usually with ctx in their names. Before 3.0 is released, the names are mu
The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_* functions are now EVP_MAC functions, usually with ctx in their names. Before 3.0 is released, the names are mutable and this prevents more inconsistencies being introduced. There are no functional or code changes. Just the renaming and a little reformatting. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11997)
show more ...
|
#
11d3235e |
| 04-Jun-2020 |
Tomas Mraz |
Do not allow dropping Extended Master Secret extension on renegotiaton Abort renegotiation if server receives client hello with Extended Master Secret extension dropped in comparison to
Do not allow dropping Extended Master Secret extension on renegotiaton Abort renegotiation if server receives client hello with Extended Master Secret extension dropped in comparison to the initial session. Fixes #9754 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12045)
show more ...
|
#
59131529 |
| 02-Jun-2020 |
Dr. David von Oheimb |
Consolidate doc of BIO_do_connect() and its alias BIO_do_handshake() Also documents that they meanwhile try all IP addresses resolved for a given domain name Reviewed-by: Tomas Mraz
Consolidate doc of BIO_do_connect() and its alias BIO_do_handshake() Also documents that they meanwhile try all IP addresses resolved for a given domain name Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12017)
show more ...
|
#
eca47139 |
| 03-Jun-2020 |
Richard Levitte |
APPS: Drop interactive mode in the 'openssl' program This mode is severely untested and unmaintained, is seems not to be used very much. Closes #4679 Closes #6292 R
APPS: Drop interactive mode in the 'openssl' program This mode is severely untested and unmaintained, is seems not to be used very much. Closes #4679 Closes #6292 Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12023)
show more ...
|
#
987e3a0e |
| 03-Jun-2020 |
Dr. David von Oheimb |
Announce renamed EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters() in CHANGES.md This is a follow-up of PR #12013. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tom
Announce renamed EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters() in CHANGES.md This is a follow-up of PR #12013. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12026)
show more ...
|
#
c2db6839 |
| 04-Jun-2020 |
Matt Caswell |
Prepare for 3.0 alpha 4 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
|
#
3952c5a3 |
| 04-Jun-2020 |
Matt Caswell |
Prepare for release of 3.0 alpha 3 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
|
#
23ccae80 |
| 27-May-2020 |
Billy Brumley |
Move EC_METHOD to internal-only Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/
Move EC_METHOD to internal-only Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11928)
show more ...
|
#
c7f837cf |
| 01-Jun-2020 |
Tim Hudson |
undeprecate SSL_CTX_load_verify_locations and X509_STORE_load_locations The underlying functions remain and these are widely used. This undoes the deprecation part of PR8442 Rev
undeprecate SSL_CTX_load_verify_locations and X509_STORE_load_locations The underlying functions remain and these are widely used. This undoes the deprecation part of PR8442 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12001)
show more ...
|
#
9e3c510b |
| 12-Jun-2019 |
FdaSilvaYY |
crypto/cms: add CAdES-BES signed attributes validation for signing certificate V2 and signing certificate extensions. CAdES: lowercase name for now internal methods. crypto
crypto/cms: add CAdES-BES signed attributes validation for signing certificate V2 and signing certificate extensions. CAdES: lowercase name for now internal methods. crypto/cms: generated file changes. Add some CHANGES entries. [extended tests] Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/8098)
show more ...
|
#
c2f2db9b |
| 19-May-2020 |
Billy Brumley |
deprecate EC_POINT_make_affine and EC_POINTs_make_affine Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.
deprecate EC_POINT_make_affine and EC_POINTs_make_affine Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11874)
show more ...
|
#
09b90e0e |
| 05-May-2020 |
Dmitry Belyavskiy |
Introducing option SSL_OP_IGNORE_UNEXPECTED_EOF Partially fixes #11209. Before OpenSSL 3.0 in case when peer does not send close_notify, the behaviour was to set SSL_ERROR_SYSCA
Introducing option SSL_OP_IGNORE_UNEXPECTED_EOF Partially fixes #11209. Before OpenSSL 3.0 in case when peer does not send close_notify, the behaviour was to set SSL_ERROR_SYSCALL error with errno 0. This behaviour has changed. The SSL_OP_IGNORE_UNEXPECTED_EOF restores the old behaviour for compatibility's sake. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11735)
show more ...
|
#
6b4eb933 |
| 17-May-2020 |
Billy Brumley |
deprecate EC precomputation functionality Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/op
deprecate EC precomputation functionality Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/11851)
show more ...
|
#
4fcd15c1 |
| 13-May-2020 |
Billy Brumley |
deprecate EC_POINTs_mul function Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1
deprecate EC_POINTs_mul function Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11807)
show more ...
|
#
43a70f02 |
| 13-May-2020 |
Rich Salz |
Fix all MD036 (emphasis used instead of heading) The main fixes were errors in itemized lists "*)" instead of "*" Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by:
Fix all MD036 (emphasis used instead of heading) The main fixes were errors in itemized lists "*)" instead of "*" Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/11770)
show more ...
|
#
5d979e04 |
| 15-May-2020 |
Matt Caswell |
Prepare for 3.0 alpha 3 Reviewed-by: Richard Levitte <levitte@openssl.org>
|
#
9e8604b8 |
| 15-May-2020 |
Matt Caswell |
Prepare for release of 3.0 alpha 2 Reviewed-by: Richard Levitte <levitte@openssl.org>
|