#
4d49b685 |
| 29-Mar-2021 |
Dr. David von Oheimb |
Crypto: Add deprecation compatibility declarations for SHA* message digest functions Also add hints to SHA256_Init.pod and CHANGES.md how to replace SHA256() etc. Reviewed-by: Paul
Crypto: Add deprecation compatibility declarations for SHA* message digest functions Also add hints to SHA256_Init.pod and CHANGES.md how to replace SHA256() etc. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14741)
show more ...
|
#
0a8a6afd |
| 29-Mar-2021 |
Dr. David von Oheimb |
Add quick one-shot EVP_Q_mac() and deprecation compensation decls for MAC functions This helps compensating for deprecated functions such as HMAC() and reduces clutter in the crypto lib,
Add quick one-shot EVP_Q_mac() and deprecation compensation decls for MAC functions This helps compensating for deprecated functions such as HMAC() and reduces clutter in the crypto lib, apps, and tests. Also fixes memory leaks in generate_cookie_callback() of apps/lib/s_cb.c. and replaces 'B<...>' by 'I<...>' where appropriate in HMAC.pod Partially fixes #14628. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14664)
show more ...
|
#
28a8d07d |
| 06-May-2021 |
Pauli |
changes: add note about application output formatting differences. Fixes #13220 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/
changes: add note about application output formatting differences. Fixes #13220 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15168)
show more ...
|
#
4c8e6f7d |
| 06-May-2021 |
Matt Caswell |
Prepare for 3.0 alpha 17 Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
#
d0c041b1 |
| 06-May-2021 |
Matt Caswell |
Prepare for release of 3.0 alpha 16 Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
#
bee3f389 |
| 03-May-2021 |
Tomas Mraz |
Document the behavior of the -inform and related options Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15100)
|
#
a07b0bfb |
| 04-May-2021 |
Dr. David von Oheimb |
Deprecate X509{,_CRL}_http_nbio() and simplify their definition This is done by making use of OCSP_REQ_CTX_nbio_d2i(). Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from h
Deprecate X509{,_CRL}_http_nbio() and simplify their definition This is done by making use of OCSP_REQ_CTX_nbio_d2i(). Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15131)
show more ...
|
#
72d2670b |
| 03-May-2021 |
Benjamin Kaduk |
Enforce secure renegotiation support by default Previously we would set SSL_OP_LEGACY_SERVER_CONNECT by default in SSL_CTX_new(), to allow connections to legacy servers that did not
Enforce secure renegotiation support by default Previously we would set SSL_OP_LEGACY_SERVER_CONNECT by default in SSL_CTX_new(), to allow connections to legacy servers that did not implement RFC 5746. It has been more than a decade since RFC 5746 was published, so there has been plenty of time for implmentation support to roll out. Change the default behavior to be to require peers to support secure renegotiation. Existing applications that already cleared SSL_OP_LEGACY_SERVER_CONNECT will see no behavior change, as re-clearing the flag is just a little bit of redundant work. The old behavior is still available by explicitly setting the flag in the application. Also remove SSL_OP_LEGACY_SERVER_CONNECT from SSL_OP_ALL, for similar reasons. Document the behavior change in CHANGES.md, and update the SSL_CTX_set_options() and SSL_CONF_cmd manuals to reflect the change in default behavior. Fixes: 14848 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15127)
show more ...
|
#
f7050588 |
| 30-Apr-2021 |
Rich Salz |
Add .includedir pragma Also add a negative test, and fix typo's. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from
Add .includedir pragma Also add a negative test, and fix typo's. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15090)
show more ...
|
#
3fb985fd |
| 29-Apr-2021 |
Rich Salz |
Allow absolute paths to be set It was a mistake to allow relative paths for include files (just like root shouldn't have "." in its PATH), but we probably can't change it now. Add a
Allow absolute paths to be set It was a mistake to allow relative paths for include files (just like root shouldn't have "." in its PATH), but we probably can't change it now. Add a new pragma "abspath" that someone can put in the system-wide config file to require absolute paths. Also update the config documentation to better explain how file inclusion works. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15090)
show more ...
|
#
7031f582 |
| 30-Apr-2021 |
Dr. David von Oheimb |
OCSP: Minor improvements of documentation and header file Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15103)
|
#
9ac653d8 |
| 28-Apr-2021 |
Tomas Mraz |
Document the API breaking constification changes The EVP_PKEY_asn1_set_public and EVP_PKEY_meth_set_copy have some API breaking constification changes in 3.0. Fixes #9296
Document the API breaking constification changes The EVP_PKEY_asn1_set_public and EVP_PKEY_meth_set_copy have some API breaking constification changes in 3.0. Fixes #9296 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15068)
show more ...
|
#
c7d848e2 |
| 29-Apr-2021 |
Pauli |
remove end of line whitespace Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14434)
|
#
b536880c |
| 17-Feb-2021 |
Jon Spillett |
Add library context and property query support into the PKCS12 API Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.
Add library context and property query support into the PKCS12 API Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14434)
show more ...
|
#
3b9e4769 |
| 26-Apr-2021 |
Dr. Matthias St. Pierre |
CHANGES: document the FIPS provider configuration and installation Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13684)
|
#
c85c5e1a |
| 23-Apr-2021 |
Shane Lontis |
Deprecate EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters(). The replacement functions EVP_PKEY_eq() and EVP_PKEY_parameters_eq() already exist. Reviewed-by: Richard Levitte <levitte
Deprecate EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters(). The replacement functions EVP_PKEY_eq() and EVP_PKEY_parameters_eq() already exist. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/14997)
show more ...
|
#
f1ffaaee |
| 15-Apr-2021 |
Shane Lontis |
Fixes related to separation of DH and DHX types Fix dh_rfc5114 option in genpkey. Fixes #14145 Fixes #13956 Fixes #13952 Fixes #13871 Fixes #14054 Fixes #14444
Fixes related to separation of DH and DHX types Fix dh_rfc5114 option in genpkey. Fixes #14145 Fixes #13956 Fixes #13952 Fixes #13871 Fixes #14054 Fixes #14444 Updated documentation for app to indicate what options are available for DH and DHX keys. DH and DHX now have different keymanager gen_set_params() methods. Added CHANGES entry to indicate the breaking change. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14883)
show more ...
|
#
fc5245a9 |
| 21-Apr-2021 |
Hubert Kario |
add Changelog item for TLS1.3 FFDHE work Raja added support for FFDHE in TLS 1.3 in commits 9aaecbfc98eb89, 8e63900a71df38ff, dfa1f5476e86f3 in 2019, reflect this in the changelog.
add Changelog item for TLS1.3 FFDHE work Raja added support for FFDHE in TLS 1.3 in commits 9aaecbfc98eb89, 8e63900a71df38ff, dfa1f5476e86f3 in 2019, reflect this in the changelog. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/14972)
show more ...
|
#
ed82976b |
| 22-Apr-2021 |
Matt Caswell |
Prepare for 3.0 alpha 16 Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
#
b07412ef |
| 22-Apr-2021 |
Matt Caswell |
Prepare for release of 3.0 alpha 15 Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
#
ae6f65ae |
| 12-Apr-2021 |
Matt Caswell |
Change the default MANSUFFIX We now use the MANSUFFIX "ossl" by default. Fixes #14318 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@o
Change the default MANSUFFIX We now use the MANSUFFIX "ossl" by default. Fixes #14318 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14847)
show more ...
|
#
9c1b19eb |
| 14-Apr-2021 |
Pauli |
changes: note that some ctrl calls have a different error return. Providers do not distinguish between invalid and other errors via the return code. Fixes #14442 Review
changes: note that some ctrl calls have a different error return. Providers do not distinguish between invalid and other errors via the return code. Fixes #14442 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14864)
show more ...
|
#
b47e7bbc |
| 12-Apr-2021 |
Pauli |
Note deprecated function/macros with no replacement. These functions are deprecated with no replacement specified: DH_clear_flags, DH_get_1024_160, DH_get_2048_224, DH_get_2048_
Note deprecated function/macros with no replacement. These functions are deprecated with no replacement specified: DH_clear_flags, DH_get_1024_160, DH_get_2048_224, DH_get_2048_256, DH_set_flags, DH_test_flags, DSA_clear_flags, DSA_dup_DH, DSAparams_dup, DSA_set_flags, DSA_test_flags, RSA_blinding_off, RSA_blinding_on, RSA_clear_flags, RSA_get_version, RSAPrivateKey_dup, RSAPublicKey_dup, RSA_set_flags, RSA_setup_blinding and RSA_test_flags. The flags that are going are: DH_FLAG_CACHE_MONT_P, DSA_FLAG_CACHE_MONT_P, RSA_FLAG_BLINDING, RSA_FLAG_CACHE_PRIVATE, RSA_FLAG_CACHE_PUBLIC, RSA_FLAG_EXT_PKEY, RSA_FLAG_NO_BLINDING, RSA_FLAG_THREAD_SAFE and RSA_METHOD_FLAG_NO_CHECK. These two flags are "readable" via EVP_is_a(). They are not writable: DH_FLAG_TYPE_DHX and DH_FLAG_TYPE_DH. Fixes #14616 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14824)
show more ...
|
#
28fd8953 |
| 08-Apr-2021 |
Matt Caswell |
Remove the function EVP_PKEY_set_alias_type OTC recently voted that EVP_PKEY types will be immutable in 3.0. This means that EVP_PKEY_set_alias_type can no longer work and should be
Remove the function EVP_PKEY_set_alias_type OTC recently voted that EVP_PKEY types will be immutable in 3.0. This means that EVP_PKEY_set_alias_type can no longer work and should be removed entirely (applications will need to be rewritten not to use it). It was primarily used for SM2 which no longer needs this call. Applications should generate SM2 keys directly (without going via an EC key first), or otherwise when loading keys they should automatically be detected as SM2 keys. Fixes #14379 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14803)
show more ...
|
#
6878f430 |
| 07-Apr-2021 |
Matt Caswell |
Update KTLS documentation KTLS support has been changed to be off by default, and configuration is via a single "option" rather two "modes". Documentation is updated accordingly.
Update KTLS documentation KTLS support has been changed to be off by default, and configuration is via a single "option" rather two "modes". Documentation is updated accordingly. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14799)
show more ...
|