2a458397 | 08-Jul-2024 |
erbsland-dev |
Enhance documentation for `BN_mask_bits()` Fixes #5537 Added a note that the error check for `BN_mask_bits()` depends on the internal representation that depends on the platform
Enhance documentation for `BN_mask_bits()` Fixes #5537 Added a note that the error check for `BN_mask_bits()` depends on the internal representation that depends on the platform's word size. Included a reference to the `BN_num_bits()` function for precise bit checking. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24812)
show more ...
|
21dfb975 | 04-Jul-2024 |
Stephen Farrell |
Extend TLSv1.3 record layer padding API calls Added SSL_set_block_padding_ex() and SSL_CTX_set_block_padding_ex() to allow separate padding block size values for handshake messages a
Extend TLSv1.3 record layer padding API calls Added SSL_set_block_padding_ex() and SSL_CTX_set_block_padding_ex() to allow separate padding block size values for handshake messages and application data messages. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24796)
show more ...
|
b544047c | 08-Jul-2024 |
erbsland-dev |
Add documentation for deprecated CMAC_CTX functions Fixes #5539: Create a new manual page `CMAC_CTX.pod` documenting the deprecated `CMAC_CTX` functions and add the necessary build dependenc
Add documentation for deprecated CMAC_CTX functions Fixes #5539: Create a new manual page `CMAC_CTX.pod` documenting the deprecated `CMAC_CTX` functions and add the necessary build dependencies. This page includes function descriptions, usage details, and replacement suggestions with the `EVP_MAC` interface. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24814)
show more ...
|
2c1ef172 | 21-Jun-2024 |
erbsland-dev |
Add and Update Documentation for TS_VERIFY_CTX Functions Mark the existing `TS_VERIFY_CTX_set_certs` function as deprecated in the documentation. Add missing documentation for the de
Add and Update Documentation for TS_VERIFY_CTX Functions Mark the existing `TS_VERIFY_CTX_set_certs` function as deprecated in the documentation. Add missing documentation for the deprecated functions `TS_VERIFY_CTX_set_data`, `TS_VERIFY_CTX_set_imprint`, and `TS_VERIFY_CTX_set_store`. Write missing documentation for the following functions: - `TS_VERIFY_CTX_new` - `TS_VERIFY_CTX_init` - `TS_VERIFY_CTX_free` - `TS_VERIFY_CTX_cleanup` - `TS_VERIFY_CTX_set_flags` - `TS_VERIFY_CTX_add_flags` - `TS_VERIFY_CTX_set0_data` - `TS_VERIFY_CTX_set0_imprint` - `TS_VERIFY_CTX_set0_store` - `TS_VERIFY_CTX_set0_certs` Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24701)
show more ...
|
6f811d83 | 21-Jun-2024 |
erbsland-dev |
Replace and Deprecate TS_VERIFY_CTX Functions Fixes #18854 Replace and deprecate the functions `TS_VERIFY_CTX_set_data`, `TS_VERIFY_CTX_set_store`, `TS_VERIFY_CTX_set_certs`, `T
Replace and Deprecate TS_VERIFY_CTX Functions Fixes #18854 Replace and deprecate the functions `TS_VERIFY_CTX_set_data`, `TS_VERIFY_CTX_set_store`, `TS_VERIFY_CTX_set_certs`, `TS_VERIFY_CTX_set_imprint` with new versions: `TS_VERIFY_CTX_set0_data`, `TS_VERIFY_CTX_set0_store`, `TS_VERIFY_CTX_set0_certs` and `TS_VERIFY_CTX_set0_imprint`. The previous functions had poorly documented memory handling, potentially leading to memory leaks. The new functions improve memory management and provide clearer usage. Also, update existing code to use the new function calls instead of the deprecated ones. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24701)
show more ...
|
77518870 | 08-Jul-2024 |
olszomal |
Clarify supported curves in the s_client/s_server documentation Mention that supported curves (aka groups) include named EC parameters as well as X25519 and X448 or FFDHE groups.
Clarify supported curves in the s_client/s_server documentation Mention that supported curves (aka groups) include named EC parameters as well as X25519 and X448 or FFDHE groups. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24774)
show more ...
|
7b1e008d | 03-Jul-2024 |
Tomas Mraz |
os-zoo.yml: Cleanup unnecessary -Wno-switch-default Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <ppzgs1@gma
os-zoo.yml: Cleanup unnecessary -Wno-switch-default Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/24787)
show more ...
|
d8def798 | 02-Jul-2024 |
Neil Horman |
read lock store on ossl_method_store_do_all Theres a data race between ossl_method_store_insert and ossl_method_store_do_all, as the latter doesn't take the property lock before iter
read lock store on ossl_method_store_do_all Theres a data race between ossl_method_store_insert and ossl_method_store_do_all, as the latter doesn't take the property lock before iterating. However, we can't lock in do_all, as the call stack in several cases later attempts to take the write lock. The choices to fix it are I think: 1) add an argument to indicate to ossl_method_store_do_all weather to take the read or write lock when doing iterations, and add an is_locked api to the ossl_property_[read|write] lock family so that subsequent callers can determine if they need to take a lock or not 2) Clone the algs sparse array in ossl_method_store_do_all and use the clone to iterate with no lock held, ensuring that updates to the parent copy of the sparse array are left untoucheTheres a data race between ossl_method_store_insert and ossl_method_store_do_all, as the latter doesn't take the property lock before iterating. I think method (2), while being a bit more expensive, is probably the far less invasive way to go here Fixes #24672 Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24782)
show more ...
|
97bfbb98 | 01-Jul-2024 |
Neil Horman |
Allow openssl version to function in the absence of a config file the openssl application attempts to load a config file on startup always, calling x509_get_default_cert_area() to locate
Allow openssl version to function in the absence of a config file the openssl application attempts to load a config file on startup always, calling x509_get_default_cert_area() to locate the file. On Windows builds with -DOSSL_WINCTX set, this fails if the corresponding registry keys are unset. allow openssl to continue to function properly for applets that don't actually require a configuration file. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24450)
show more ...
|
aa083358 | 28-Jun-2024 |
Neil Horman |
Fix sed/awk usage in windows ci jobs The addition of sed and awk, while available in the windows vm's for CI in powershell, don't behave as I would expect (though the same commands w
Fix sed/awk usage in windows ci jobs The addition of sed and awk, while available in the windows vm's for CI in powershell, don't behave as I would expect (though the same commands work with a local installation on windows using GnuWin32). In trying to figure out what was going on I found it was far more stable and predictable to use the powershell -split and -replace commands instead of sed and awk Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24450)
show more ...
|
a8f99f98 | 28-Jun-2024 |
Neil Horman |
Avoid chicken and egg problem with reg setting Because openssl with -DOSSL_WINCTX no longer falls back to build time defines, we have a chicken and egg problem. CI needs to query openss
Avoid chicken and egg problem with reg setting Because openssl with -DOSSL_WINCTX no longer falls back to build time defines, we have a chicken and egg problem. CI needs to query openssl for its version string so registry keys can be set properly, but openssl version refuses to run because no configuration file can be found So we work around it by, for the purposes of setting the registry keys, we set OPENSSL_CONF to a know config file, so that openssl version runs properly. Once the version is extracted, we can set the registry keys, and openssl will function properly without OPENSSL_CONF set Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24450)
show more ...
|
aa4fc5ea | 28-Jun-2024 |
Neil Horman |
Adjust ci to only use major.minor when setting reg keys Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/opens
Adjust ci to only use major.minor when setting reg keys Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24450)
show more ...
|
caaea8f3 | 27-Jun-2024 |
Neil Horman |
Update defaults to install keys against major.minor we want patch level updates to use the same keys, so only create the key against the major.minor version Reviewed-by: Tomas M
Update defaults to install keys against major.minor we want patch level updates to use the same keys, so only create the key against the major.minor version Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24450)
show more ...
|
bf74cf35 | 26-Jun-2024 |
Neil Horman |
Fixes for defaults code Fix up some indenting, and ensure that the run_once routines don't get defined if OSSL_WINCTX isn't defined to avoid compiler errors Reviewed-by: Tomas M
Fixes for defaults code Fix up some indenting, and ensure that the run_once routines don't get defined if OSSL_WINCTX isn't defined to avoid compiler errors Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24450)
show more ...
|
290452f2 | 26-Jun-2024 |
Neil Horman |
Augment version.c to not display -w options on non-windows Don't need the -w option on non-windows builds Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <
Augment version.c to not display -w options on non-windows Don't need the -w option on non-windows builds Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24450)
show more ...
|
62dd0f17 | 26-Jun-2024 |
Neil Horman |
Update NOTES-WINDOWS.md The behavior of windows with registry keys is somewhat confusing, and based on both build time defines, and reg key availablility. Add a table defining behav
Update NOTES-WINDOWS.md The behavior of windows with registry keys is somewhat confusing, and based on both build time defines, and reg key availablility. Add a table defining behavior in all cases Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24450)
show more ...
|
7c58769a | 26-Jun-2024 |
Neil Horman |
Add Changes entry Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24450) |
917f3719 | 25-Jun-2024 |
Neil Horman |
Allow OPENSSLDIR/ENGINESDIR/MODULESDIR to be NULL To prevent inadvertent use of insecure directories, we need to be able to detect and react when our new registry keys aren't set, which
Allow OPENSSLDIR/ENGINESDIR/MODULESDIR to be NULL To prevent inadvertent use of insecure directories, we need to be able to detect and react when our new registry keys aren't set, which implies allowing the values for the dynamic representations of OPENSSLDIR/ENGINESDIR/MODULESDIR to return NULL. This in turn requires that we detect and handle NULL string in several call sites that previously assumed they would never be NULL. This commit fixes those up Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24450)
show more ...
|
c7dae9c2 | 21-Jun-2024 |
Neil Horman |
Update docs Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24450) |
4fc9e5e0 | 21-Jun-2024 |
Neil Horman |
update windows_comp ci run to use new registry reads Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/
update windows_comp ci run to use new registry reads Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24450)
show more ...
|
901e2798 | 21-Jun-2024 |
Neil Horman |
Update NOTES-WINDOWS for typos/grammar Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2
Update NOTES-WINDOWS for typos/grammar Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24450)
show more ...
|
4edcf0b4 | 21-Jun-2024 |
Neil Horman |
Don't fall back to pre-defined constants on windows We don't want to allow windows systems on new installs to use OPENSSLDIR/MODULESDIR/ENGINESDIR at all, as it makes no sense to define
Don't fall back to pre-defined constants on windows We don't want to allow windows systems on new installs to use OPENSSLDIR/MODULESDIR/ENGINESDIR at all, as it makes no sense to define paths at build time that have no meaning at install time. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24450)
show more ...
|
525f2bf5 | 07-Jun-2024 |
Neil Horman |
Fix windows ci to use proper OSSL_WINCTX define Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/opens
Fix windows ci to use proper OSSL_WINCTX define Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24450)
show more ...
|
630e3a16 | 07-Jun-2024 |
Neil Horman |
Change WININSTALLCONTEXT to OSSL_WINCTX Make it more in line with other command line defines, and a bit shorter Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Cas
Change WININSTALLCONTEXT to OSSL_WINCTX Make it more in line with other command line defines, and a bit shorter Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24450)
show more ...
|
f4540c1b | 07-Jun-2024 |
Neil Horman |
dont fall back to build time defaults on windows to prevent security issues, don't fall back to build time default locations, instead return the string "UNDEFINED" Reviewed-by:
dont fall back to build time defaults on windows to prevent security issues, don't fall back to build time default locations, instead return the string "UNDEFINED" Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24450)
show more ...
|