#
770ea54b |
| 12-May-2022 |
Tomas Mraz |
Add OSSL_QUIC methods to headers and manual pages Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/open
Add OSSL_QUIC methods to headers and manual pages Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18307)
show more ...
|
#
13a53fbf |
| 25-Oct-2021 |
Phus Lu |
add SSL_get0_iana_groups() & SSL_client_hello_get_extension_order() The function/macro allow user get groups/extensions without memory allcations. So we could calculate the ssl fignerpri
add SSL_get0_iana_groups() & SSL_client_hello_get_extension_order() The function/macro allow user get groups/extensions without memory allcations. So we could calculate the ssl fignerprint(ja3) in low cost. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16910)
show more ...
|
#
2ed0a45a |
| 20-May-2021 |
Matt Caswell |
Add ordinal numbers to the .num files Now that our next release is expected to be a beta release, "make update" wants to see ordinal numbers in the .num files. Run make update t
Add ordinal numbers to the .num files Now that our next release is expected to be a beta release, "make update" wants to see ordinal numbers in the .num files. Run make update to add them. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15384)
show more ...
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k |
|
#
b33cf202 |
| 20-Mar-2021 |
Dr. David von Oheimb |
ssl.h.in: Fix deprecation exclusion for SRP-related declarations Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15176)
|
Revision tags: openssl-3.0.0-alpha13, openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10 |
|
#
becbacd7 |
| 07-Jan-2021 |
Michael Baentsch |
Adding TLS group name retrieval Function SSL_group_to_name() added, together with documentation and tests. This now permits displaying names of internal and external provider-impleme
Adding TLS group name retrieval Function SSL_group_to_name() added, together with documentation and tests. This now permits displaying names of internal and external provider-implemented groups. Partial fix of #13767 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13785)
show more ...
|
#
3a1ee3c1 |
| 17-Dec-2020 |
Richard Levitte |
Drop OPENSSL_NO_RSA everywhere The configuration option 'no-rsa' was dropped with OpenSSL 1.1.0, so this is simply a cleanup of the remains. Reviewed-by: Tomas Mraz <tmraz@fedor
Drop OPENSSL_NO_RSA everywhere The configuration option 'no-rsa' was dropped with OpenSSL 1.1.0, so this is simply a cleanup of the remains. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13700)
show more ...
|
Revision tags: OpenSSL_1_1_1i, openssl-3.0.0-alpha9 |
|
#
f5a46ed7 |
| 12-Nov-2020 |
Richard Levitte |
Modify the ERR init functions to use the internal ERR string loaders This deprecates all the ERR_load_ functions, and moves their definition to separate C source files that can easily be
Modify the ERR init functions to use the internal ERR string loaders This deprecates all the ERR_load_ functions, and moves their definition to separate C source files that can easily be removed when those functions are finally removed. This also reduces include/openssl/kdferr.h to include cryptoerr_legacy.h, moves the declaration of ERR_load_ERR_strings() from include/openssl/err.h to include/openssl/cryptoerr_legacy.h, and finally removes the declaration of ERR_load_DSO_strings(), which was entirely internal anyway. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13390)
show more ...
|
Revision tags: openssl-3.0.0-alpha8, openssl-3.0.0-alpha7 |
|
#
d7e498ac |
| 04-Oct-2020 |
Richard Levitte |
Deprecate RSA harder This deprecates all functions that deal with the types RSA and RSA_METHOD Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/open
Deprecate RSA harder This deprecates all functions that deal with the types RSA and RSA_METHOD Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13096)
show more ...
|
#
163f6dc1 |
| 15-Oct-2020 |
Matt Caswell |
Implement a replacement for SSL_set_tmp_dh() The old function took a DH as a parameter. In the new version we pass an EVP_PKEY instead. Similarly for the SSL_CTX version of this function
Implement a replacement for SSL_set_tmp_dh() The old function took a DH as a parameter. In the new version we pass an EVP_PKEY instead. Similarly for the SSL_CTX version of this function. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13368)
show more ...
|
#
1b2b4755 |
| 14-Oct-2020 |
Matt Caswell |
Deprecate SSL_CTRL_SET_TMP_DH and other related ctrls These ctrls pass around a DH object which is now deprecated, so we deprecate the ctrls themselves. Reviewed-by: Richard Lev
Deprecate SSL_CTRL_SET_TMP_DH and other related ctrls These ctrls pass around a DH object which is now deprecated, so we deprecate the ctrls themselves. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13368)
show more ...
|
#
746f3674 |
| 24-Sep-2020 |
Matt Caswell |
Fix some things the rename script didn't quite get right The previous commit ran an automated rename throughout the codebase. There are a small number of things it didn't quite get right
Fix some things the rename script didn't quite get right The previous commit ran an automated rename throughout the codebase. There are a small number of things it didn't quite get right so we fix those in this commit. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12970)
show more ...
|
Revision tags: OpenSSL_1_1_1h, openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2, openssl-3.0.0-alpha1, OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e, OpenSSL_1_0_2u, OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d, OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s, OpenSSL_1_0_2r, OpenSSL_1_1_1b, OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a |
|
#
dd0164e7 |
| 20-Sep-2018 |
Benjamin Kaduk |
Mark SSL_CTX_set_ssl_version() as deprecated in 3.0 Also, document its unusual semantics of resetting the cipher list (but preserving other configuration). Reviewed-by: Paul Dal
Mark SSL_CTX_set_ssl_version() as deprecated in 3.0 Also, document its unusual semantics of resetting the cipher list (but preserving other configuration). Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/7274)
show more ...
|
#
6725682d |
| 24-Jul-2020 |
Shane Lontis |
Add X509 related libctx changes. - In order to not add many X509_XXXX_with_libctx() functions the libctx and propq may be stored in the X509 object via a call to X509_new_with_libctx().
Add X509 related libctx changes. - In order to not add many X509_XXXX_with_libctx() functions the libctx and propq may be stored in the X509 object via a call to X509_new_with_libctx(). - Loading via PEM_read_bio_X509() or d2i_X509() should pass in a created cert using X509_new_with_libctx(). - Renamed some XXXX_ex() to XXX_with_libctx() for X509 API's. - Removed the extra parameters in check_purpose.. - X509_digest() has been modified so that it expects a const EVP_MD object() and then internally it does the fetch when it needs to (via ASN1_item_digest_with_libctx()). - Added API's that set the libctx when they load such as X509_STORE_new_with_libctx() so that the cert chains can be verified. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12153)
show more ...
|
#
8c2bfd25 |
| 11-Apr-2019 |
Todd Short |
Add SSL_get[01]_peer_certificate() Deprecate SSL_get_peer_certificte() and replace with SSL_get1_peer_certificate(). Add SSL_get0_peer_certificate. Reviewed-by: Paul Dale <p
Add SSL_get[01]_peer_certificate() Deprecate SSL_get_peer_certificte() and replace with SSL_get1_peer_certificate(). Add SSL_get0_peer_certificate. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/8730)
show more ...
|
#
c7f837cf |
| 01-Jun-2020 |
Tim Hudson |
undeprecate SSL_CTX_load_verify_locations and X509_STORE_load_locations The underlying functions remain and these are widely used. This undoes the deprecation part of PR8442 Rev
undeprecate SSL_CTX_load_verify_locations and X509_STORE_load_locations The underlying functions remain and these are widely used. This undoes the deprecation part of PR8442 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12001)
show more ...
|
#
e908f292 |
| 02-Apr-2020 |
Benjamin Kaduk |
make update for SSL_new_session_ticket Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11416)
|
#
a76ce286 |
| 24-Jan-2020 |
Pauli |
TLS: use EVP for HMAC throughout libssl. Backwards compatibility with the old ticket key call back is maintained. This will be removed when the low level HMAC APIs are finally removed.
TLS: use EVP for HMAC throughout libssl. Backwards compatibility with the old ticket key call back is maintained. This will be removed when the low level HMAC APIs are finally removed. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10836)
show more ...
|
#
ba18627e |
| 16-Jan-2020 |
Matt Caswell |
Introduce SSL_CTX_new_with_libex() We add the ability to specify an OPENSSL_CTX (which may be NULL for the default context) and a property query string for use during algorithm fetch
Introduce SSL_CTX_new_with_libex() We add the ability to specify an OPENSSL_CTX (which may be NULL for the default context) and a property query string for use during algorithm fetch operations. For example, in this way one SSL_CTX could be used the default provider, and another one could be used with the FIPS provider. At this stage we don't use these values. That will come later. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10866)
show more ...
|
#
936c2b9e |
| 05-Nov-2019 |
Richard Levitte |
Update source files for deprecation at 3.0 Previous macros suggested that from 3.0, we're only allowed to deprecate things at a major version. However, there's no policy stating thi
Update source files for deprecation at 3.0 Previous macros suggested that from 3.0, we're only allowed to deprecate things at a major version. However, there's no policy stating this, but there is for removal, saying that to remove something, it must have been deprecated for 5 years, and that removal can only happen at a major version. Meanwhile, the semantic versioning rule is that deprecation should trigger a MINOR version update, which is reflected in the macro names as of this change. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10364)
show more ...
|
#
5d61758e |
| 04-Nov-2019 |
Richard Levitte |
util/*.num: deassign ordinal numbers from new symbols Symbols that have appeared since 1.1.1 was released are considered unassigned in the development branch. This is marked by having
util/*.num: deassign ordinal numbers from new symbols Symbols that have appeared since 1.1.1 was released are considered unassigned in the development branch. This is marked by having a question mark as its ordinal number. This introduces two new markers to be used instead of ordinal numbers: ? signifying it gets the previous symbol's number plus one ?+ signifying it gets the same number as the previous symbol '?+' should remain rare, but is useful to create aliases when needed (for example when two different symbols clash because they only differ in character case, see include/openssl/symhacks.h) The intention is that a development branch won't have set numbers for new symbols, and that the final numbers will only get allocated when making beta or final releases. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10348)
show more ...
|
#
6dcb100f |
| 06-Mar-2019 |
Richard Levitte |
X509_LOOKUP_store: new X509_LOOKUP_METHOD that works by OSSL_STORE URI This is a wrapper around OSSL_STORE. This also adds necessary support functions: - X509_STORE_load_fi
X509_LOOKUP_store: new X509_LOOKUP_METHOD that works by OSSL_STORE URI This is a wrapper around OSSL_STORE. This also adds necessary support functions: - X509_STORE_load_file - X509_STORE_load_path - X509_STORE_load_store - SSL_add_store_cert_subjects_to_stack - SSL_CTX_set_default_verify_store - SSL_CTX_load_verify_file - SSL_CTX_load_verify_dir - SSL_CTX_load_verify_store and deprecates X509_STORE_load_locations and SSL_CTX_load_verify_locations, as they aren't extensible. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8442)
show more ...
|
#
5d120511 |
| 05-Apr-2019 |
Todd Short |
Change cipher default strings to a function Making the default cipher strings a function gives the library more control over the defaults. Potentially allowing a change in the future
Change cipher default strings to a function Making the default cipher strings a function gives the library more control over the defaults. Potentially allowing a change in the future as ciphers become deprecated or dangerous. Also allows third party distributors to change the defaults for their installations. Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8686)
show more ...
|
#
7c3a7561 |
| 13-Apr-2019 |
Boris Pismenny |
ssl: Add SSL_sendfile This commit adds the SSL_sendfile call, which allows KTLS sockets to transmit file using zero-copy semantics. Signed-off-by: Boris Pismenny <borisp@mellano
ssl: Add SSL_sendfile This commit adds the SSL_sendfile call, which allows KTLS sockets to transmit file using zero-copy semantics. Signed-off-by: Boris Pismenny <borisp@mellanox.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8727)
show more ...
|
#
9f5a87fd |
| 05-Nov-2018 |
Ping Yu |
add an additional async notification communication method based on callback Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Signed-of
add an additional async notification communication method based on callback Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Signed-off-by: Ping Yu <ping.yu@intel.com> Signed-off-by: Steven Linsell <stevenx.linsell@intel.com> (Merged from https://github.com/openssl/openssl/pull/7573)
show more ...
|
#
3b391858 |
| 07-Dec-2018 |
Richard Levitte |
make update Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7740)
|