| #
4d49b685 |
| 29-Mar-2021 |
Dr. David von Oheimb |
Crypto: Add deprecation compatibility declarations for SHA* message digest functions
Also add hints to SHA256_Init.pod and CHANGES.md how to replace SHA256() etc.
Reviewed-by: Paul
Crypto: Add deprecation compatibility declarations for SHA* message digest functions
Also add hints to SHA256_Init.pod and CHANGES.md how to replace SHA256() etc.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14741)
show more ...
|
| #
0a8a6afd |
| 29-Mar-2021 |
Dr. David von Oheimb |
Add quick one-shot EVP_Q_mac() and deprecation compensation decls for MAC functions
This helps compensating for deprecated functions such as HMAC()
and reduces clutter in the crypto lib,
Add quick one-shot EVP_Q_mac() and deprecation compensation decls for MAC functions
This helps compensating for deprecated functions such as HMAC()
and reduces clutter in the crypto lib, apps, and tests.
Also fixes memory leaks in generate_cookie_callback() of apps/lib/s_cb.c.
and replaces 'B<...>' by 'I<...>' where appropriate in HMAC.pod
Partially fixes #14628.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14664)
show more ...
|
| #
28a8d07d |
| 06-May-2021 |
Pauli |
changes: add note about application output formatting differences.
Fixes #13220
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/
changes: add note about application output formatting differences.
Fixes #13220
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15168)
show more ...
|
| #
4c8e6f7d |
| 06-May-2021 |
Matt Caswell |
Prepare for 3.0 alpha 17
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
| #
d0c041b1 |
| 06-May-2021 |
Matt Caswell |
Prepare for release of 3.0 alpha 16
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
| #
bee3f389 |
| 03-May-2021 |
Tomas Mraz |
Document the behavior of the -inform and related options
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15100)
|
| #
a07b0bfb |
| 04-May-2021 |
Dr. David von Oheimb |
Deprecate X509{,_CRL}_http_nbio() and simplify their definition
This is done by making use of OCSP_REQ_CTX_nbio_d2i().
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from h
Deprecate X509{,_CRL}_http_nbio() and simplify their definition
This is done by making use of OCSP_REQ_CTX_nbio_d2i().
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15131)
show more ...
|
| #
72d2670b |
| 03-May-2021 |
Benjamin Kaduk |
Enforce secure renegotiation support by default
Previously we would set SSL_OP_LEGACY_SERVER_CONNECT by default in
SSL_CTX_new(), to allow connections to legacy servers that did not
Enforce secure renegotiation support by default
Previously we would set SSL_OP_LEGACY_SERVER_CONNECT by default in
SSL_CTX_new(), to allow connections to legacy servers that did not
implement RFC 5746.
It has been more than a decade since RFC 5746 was published, so
there has been plenty of time for implmentation support to roll out.
Change the default behavior to be to require peers to support
secure renegotiation. Existing applications that already cleared
SSL_OP_LEGACY_SERVER_CONNECT will see no behavior change, as
re-clearing the flag is just a little bit of redundant work.
The old behavior is still available by explicitly setting the flag
in the application.
Also remove SSL_OP_LEGACY_SERVER_CONNECT from SSL_OP_ALL, for
similar reasons.
Document the behavior change in CHANGES.md, and update the
SSL_CTX_set_options() and SSL_CONF_cmd manuals to reflect the change
in default behavior.
Fixes: 14848
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15127)
show more ...
|
| #
f7050588 |
| 30-Apr-2021 |
Rich Salz |
Add .includedir pragma
Also add a negative test, and fix typo's.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from
Add .includedir pragma
Also add a negative test, and fix typo's.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15090)
show more ...
|
| #
3fb985fd |
| 29-Apr-2021 |
Rich Salz |
Allow absolute paths to be set
It was a mistake to allow relative paths for include files (just
like root shouldn't have "." in its PATH), but we probably can't
change it now. Add a
Allow absolute paths to be set
It was a mistake to allow relative paths for include files (just
like root shouldn't have "." in its PATH), but we probably can't
change it now. Add a new pragma "abspath" that someone can put
in the system-wide config file to require absolute paths.
Also update the config documentation to better explain how file
inclusion works.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15090)
show more ...
|
| #
7031f582 |
| 30-Apr-2021 |
Dr. David von Oheimb |
OCSP: Minor improvements of documentation and header file
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15103)
|
| #
9ac653d8 |
| 28-Apr-2021 |
Tomas Mraz |
Document the API breaking constification changes
The EVP_PKEY_asn1_set_public and EVP_PKEY_meth_set_copy have
some API breaking constification changes in 3.0.
Fixes #9296
Document the API breaking constification changes
The EVP_PKEY_asn1_set_public and EVP_PKEY_meth_set_copy have
some API breaking constification changes in 3.0.
Fixes #9296
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15068)
show more ...
|
| #
c7d848e2 |
| 29-Apr-2021 |
Pauli |
remove end of line whitespace
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14434)
|
| #
b536880c |
| 17-Feb-2021 |
Jon Spillett |
Add library context and property query support into the PKCS12 API
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.
Add library context and property query support into the PKCS12 API
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14434)
show more ...
|
| #
3b9e4769 |
| 26-Apr-2021 |
Dr. Matthias St. Pierre |
CHANGES: document the FIPS provider configuration and installation
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13684)
|
| #
c85c5e1a |
| 23-Apr-2021 |
Shane Lontis |
Deprecate EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters().
The replacement functions EVP_PKEY_eq() and EVP_PKEY_parameters_eq()
already exist.
Reviewed-by: Richard Levitte <levitte
Deprecate EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters().
The replacement functions EVP_PKEY_eq() and EVP_PKEY_parameters_eq()
already exist.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/14997)
show more ...
|
| #
f1ffaaee |
| 15-Apr-2021 |
Shane Lontis |
Fixes related to separation of DH and DHX types
Fix dh_rfc5114 option in genpkey.
Fixes #14145
Fixes #13956
Fixes #13952
Fixes #13871
Fixes #14054
Fixes #14444
Fixes related to separation of DH and DHX types
Fix dh_rfc5114 option in genpkey.
Fixes #14145
Fixes #13956
Fixes #13952
Fixes #13871
Fixes #14054
Fixes #14444
Updated documentation for app to indicate what options are available for
DH and DHX keys.
DH and DHX now have different keymanager gen_set_params() methods.
Added CHANGES entry to indicate the breaking change.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14883)
show more ...
|
| #
fc5245a9 |
| 21-Apr-2021 |
Hubert Kario |
add Changelog item for TLS1.3 FFDHE work
Raja added support for FFDHE in TLS 1.3 in commits 9aaecbfc98eb89,
8e63900a71df38ff, dfa1f5476e86f3 in 2019, reflect this in the changelog.
add Changelog item for TLS1.3 FFDHE work
Raja added support for FFDHE in TLS 1.3 in commits 9aaecbfc98eb89,
8e63900a71df38ff, dfa1f5476e86f3 in 2019, reflect this in the changelog.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/14972)
show more ...
|
| #
ed82976b |
| 22-Apr-2021 |
Matt Caswell |
Prepare for 3.0 alpha 16
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
| #
b07412ef |
| 22-Apr-2021 |
Matt Caswell |
Prepare for release of 3.0 alpha 15
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
| #
ae6f65ae |
| 12-Apr-2021 |
Matt Caswell |
Change the default MANSUFFIX
We now use the MANSUFFIX "ossl" by default.
Fixes #14318
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@o
Change the default MANSUFFIX
We now use the MANSUFFIX "ossl" by default.
Fixes #14318
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14847)
show more ...
|
| #
9c1b19eb |
| 14-Apr-2021 |
Pauli |
changes: note that some ctrl calls have a different error return.
Providers do not distinguish between invalid and other errors via the return
code.
Fixes #14442
Review
changes: note that some ctrl calls have a different error return.
Providers do not distinguish between invalid and other errors via the return
code.
Fixes #14442
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14864)
show more ...
|
| #
b47e7bbc |
| 12-Apr-2021 |
Pauli |
Note deprecated function/macros with no replacement.
These functions are deprecated with no replacement specified:
DH_clear_flags, DH_get_1024_160, DH_get_2048_224, DH_get_2048_
Note deprecated function/macros with no replacement.
These functions are deprecated with no replacement specified:
DH_clear_flags, DH_get_1024_160, DH_get_2048_224, DH_get_2048_256,
DH_set_flags, DH_test_flags, DSA_clear_flags, DSA_dup_DH,
DSAparams_dup, DSA_set_flags, DSA_test_flags, RSA_blinding_off,
RSA_blinding_on, RSA_clear_flags, RSA_get_version, RSAPrivateKey_dup,
RSAPublicKey_dup, RSA_set_flags, RSA_setup_blinding and
RSA_test_flags.
The flags that are going are:
DH_FLAG_CACHE_MONT_P, DSA_FLAG_CACHE_MONT_P,
RSA_FLAG_BLINDING, RSA_FLAG_CACHE_PRIVATE, RSA_FLAG_CACHE_PUBLIC,
RSA_FLAG_EXT_PKEY, RSA_FLAG_NO_BLINDING, RSA_FLAG_THREAD_SAFE and
RSA_METHOD_FLAG_NO_CHECK.
These two flags are "readable" via EVP_is_a(). They are not writable:
DH_FLAG_TYPE_DHX and DH_FLAG_TYPE_DH.
Fixes #14616
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14824)
show more ...
|
| #
28fd8953 |
| 08-Apr-2021 |
Matt Caswell |
Remove the function EVP_PKEY_set_alias_type
OTC recently voted that EVP_PKEY types will be immutable in 3.0. This
means that EVP_PKEY_set_alias_type can no longer work and should be
Remove the function EVP_PKEY_set_alias_type
OTC recently voted that EVP_PKEY types will be immutable in 3.0. This
means that EVP_PKEY_set_alias_type can no longer work and should be
removed entirely (applications will need to be rewritten not to use it).
It was primarily used for SM2 which no longer needs this call.
Applications should generate SM2 keys directly (without going via an EC
key first), or otherwise when loading keys they should automatically be
detected as SM2 keys.
Fixes #14379
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14803)
show more ...
|
| #
6878f430 |
| 07-Apr-2021 |
Matt Caswell |
Update KTLS documentation
KTLS support has been changed to be off by default, and configuration is
via a single "option" rather two "modes". Documentation is updated
accordingly.
Update KTLS documentation
KTLS support has been changed to be off by default, and configuration is
via a single "option" rather two "modes". Documentation is updated
accordingly.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14799)
show more ...
|
