#
a5d56626 |
| 13-Aug-2024 |
Neil Horman |
Add debuginfo build target In the webinar we are currently producing on debugging openssl applications, we talk about ways to allow debugable binaries without having to ship all the
Add debuginfo build target In the webinar we are currently producing on debugging openssl applications, we talk about ways to allow debugable binaries without having to ship all the debug DWARF information to production systems. Add an optional target to do that DWARF separation to aid users Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25174)
show more ...
|
#
250a7adb |
| 01-Aug-2024 |
slontis |
Add "no-fips-post" configure option. Using this option disables the OpenSSL FIPS provider self tests. This is intended for debugging purposes only, as it breaks FIPS compliance.
Add "no-fips-post" configure option. Using this option disables the OpenSSL FIPS provider self tests. This is intended for debugging purposes only, as it breaks FIPS compliance. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25063)
show more ...
|
#
d0a49eea |
| 02-Aug-2024 |
Andrew Dinh |
Fix some small typos Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25073)
|
#
1e7ff7be |
| 11-Jul-2024 |
Dimitri John Ledkov |
JITTER: excercise all tests in CI with JITTER seed source under certain build configuration Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org>
JITTER: excercise all tests in CI with JITTER seed source under certain build configuration Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24844)
show more ...
|
#
b28b3128 |
| 10-Jul-2024 |
Dimitri John Ledkov |
jitter: add a new provider containing a jitter entropy source alone This entropy source can be used instead of SEED-SRC. Sample openssl.cnf configuration is provided. It is built as a se
jitter: add a new provider containing a jitter entropy source alone This entropy source can be used instead of SEED-SRC. Sample openssl.cnf configuration is provided. It is built as a separate provider, because it is likely to require less frequent updates than fips provider. The same build likely can span multiple generations of FIPS 140 standard revisions. Note that rand-instances currently chain from public/private instances to primary, prior to consuming the seed. Thus currently a unique ESV needs to be obtained, and resue of jitterentropy.a certificate is not possible as is. Separately a patch will be sent to allow for unchaining public/private RAND instances for the purpose of reusing ESV. Also I do wonder if it makes sense to create a fips variant of stock SEED-SRC entropy source, which in addition to using getrandom() also verifies that the kernel is operating in FIPS mode and thus is likely a validated entropy source. As in on Linux, check that /proc/sys/crypto/fips_enabled is set to 1, and similar checks on Windows / MacOS and so on. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24844)
show more ...
|
#
05faa4ff |
| 22-May-2024 |
Dimitri John Ledkov |
rand: remove unimplemented librandom stub code Clean up of unsuable / no-op code. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merg
rand: remove unimplemented librandom stub code Clean up of unsuable / no-op code. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24465)
show more ...
|
#
4e8c4b77 |
| 17-Apr-2024 |
Richard Levitte |
Add installation documentation and notes on ANSI C and POSIX Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.
Add installation documentation and notes on ANSI C and POSIX Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24173)
show more ...
|
#
b6a5e801 |
| 01-Dec-2023 |
Rajeev Ranjan |
Add support for integrity-only cipher suites for TLS v1.3 - add test vectors for tls1_3 integrity-only ciphers - recmethod_local.h: add new member for MAC - tls13_meth.c: add MAC onl
Add support for integrity-only cipher suites for TLS v1.3 - add test vectors for tls1_3 integrity-only ciphers - recmethod_local.h: add new member for MAC - tls13_meth.c: add MAC only to tls 1.3 - tls13_enc.c: extend function to add MAC only - ssl_local.h: add ssl_cipher_get_evp_md_mac() - s3_lib.c: add the new ciphers and add #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS - ssl_ciph.c : add ssl_cipher_get_evp_md_mac() and use it - tls13secretstest.c: add dummy test function - Configure: add integrity-only-ciphers option - document the new ciphers Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22903)
show more ...
|
#
1c4f9684 |
| 01-Apr-2024 |
Craig Lorentzen |
Security hardening: Expose Build flags for Position Independed Execution (PIE) Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged fr
Security hardening: Expose Build flags for Position Independed Execution (PIE) Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22596)
show more ...
|
#
53ef123f |
| 15-Mar-2024 |
Matt Hauck |
Update FIPS hmac key documentation The documentation is slightly incorrect about the FIPS hmac key. CLA: trivial Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Rev
Update FIPS hmac key documentation The documentation is slightly incorrect about the FIPS hmac key. CLA: trivial Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23846)
show more ...
|
#
9dc22698 |
| 20-Feb-2024 |
Tomas Mraz |
Minor wording fixes related to no-atexit Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/o
Minor wording fixes related to no-atexit Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/23642) (cherry picked from commit 66e6f72c3e4221580a7f456ddeaa5027f0bbb8b7)
show more ...
|
#
de60b122 |
| 23-Jan-2024 |
Hugo Landau |
QLOG: Editorial fixes (QLOG is spelled 'qlog') Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/ope
QLOG: Editorial fixes (QLOG is spelled 'qlog') Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22037)
show more ...
|
#
000e72ec |
| 23-Jan-2024 |
Hugo Landau |
Mention QLOG in INSTALL.md Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22037)
|
#
99fb31c1 |
| 25-Jan-2024 |
Randall S. Becker |
Add atexit configuration option to using atexit() in libcrypto at build-time. This fixes an issue with a mix of atexit() usage in DLL and statically linked libcrypto that came out in the
Add atexit configuration option to using atexit() in libcrypto at build-time. This fixes an issue with a mix of atexit() usage in DLL and statically linked libcrypto that came out in the test suite on NonStop, which has slightly different DLL unload processing semantics compared to Linux. The change allows a build configuration to select whether to register OPENSSL_cleanup() with atexit() or not, so avoid situations where atexit() registration causes SIGSEGV. INSTALL.md and CHANGES.md have been modified to include and describe this option. The no-atexit option has been added to .github/workflows/run-checker-daily.yml. Fixes: #23135 Signed-of-by: Randall S. Becker <randall.becker@nexbridge.ca> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/23394)
show more ...
|
#
008ca01e |
| 11-Oct-2023 |
James Muir |
Fix parenthesis, use a colon Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https
Fix parenthesis, use a colon Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22356)
show more ...
|
#
6399d785 |
| 23-Aug-2023 |
Xu Yizhou |
Optimize SM2 on aarch64 Signed-off-by: Xu Yizhou <xuyizhou1@huawei.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merge
Optimize SM2 on aarch64 Signed-off-by: Xu Yizhou <xuyizhou1@huawei.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20754)
show more ...
|
#
8a764202 |
| 30-Jun-2023 |
Matt Caswell |
Enable QUIC by default Ensure builds enable QUIC without explicitly having to ask for it. To disable QUIC pass "no-quic" to Configure. As a result we can remove all use of "enab
Enable QUIC by default Ensure builds enable QUIC without explicitly having to ask for it. To disable QUIC pass "no-quic" to Configure. As a result we can remove all use of "enable-quic" from the various CI runs. We also add a CHANGES and NEWS entry for QUIC support. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21332)
show more ...
|
#
956b4c75 |
| 19-Jun-2023 |
Vladimír Kotal |
add no-docs option Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21240)
|
#
ff88545e |
| 15-Jun-2023 |
Vladimír Kotal |
Allow to disable apps building with no-apps Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
Allow to disable apps building with no-apps Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21212)
show more ...
|
#
6b1f763c |
| 15-Jun-2023 |
Vladimír Kotal |
add no-http Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.co
add no-http Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21217)
show more ...
|
#
eb4129e1 |
| 09-May-2023 |
Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com> |
Fix typos found by codespell Typos in doc/man* will be fixed in a different commit. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (M
Fix typos found by codespell Typos in doc/man* will be fixed in a different commit. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20910)
show more ...
|
#
ce451fb8 |
| 17-May-2023 |
Matthias St. Pierre |
INSTALL: document shared library pinning for static builds The libcrypto library uses shared library pinning to prevent its cleanup handlers from crashing at program termination because
INSTALL: document shared library pinning for static builds The libcrypto library uses shared library pinning to prevent its cleanup handlers from crashing at program termination because of a premature unloading of the shared library. However, shared library pinning is enabled also for static builds, which may lead to surpising behaviour if libcrypto is linked statically to a shared third-party library, because in this case the third-party library gets pinned. This surprising behaviour is caused by the fact that the `no-shared` configure option does not imply `no-pinshared`. Since this quirk can't be changed without potentially breaking existing code, we just document it here and provide a workaround. Fixes #20977 Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20985)
show more ...
|
#
18891efd |
| 19-Jan-2023 |
klaus triendl |
Added 'hybrid CRT' targets for the Windows platform Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/
Added 'hybrid CRT' targets for the Windows platform Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20081)
show more ...
|
#
aa2d7e0e |
| 30-Jan-2023 |
Richard Levitte |
Use $config{build_file} instead of $target{build_file} If the user specifies an alternative build file than the default, this alternative is recorded in $config{build_file}, not $target{
Use $config{build_file} instead of $target{build_file} If the user specifies an alternative build file than the default, this alternative is recorded in $config{build_file}, not $target{build_file}. Therefore, the former should be used, leaving the latter as a mere default. This is a bug. While fixing it, document it better too. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20173)
show more ...
|
#
98663afc |
| 22-Dec-2022 |
Tomas Mraz |
INSTALL.md: Remove trailing space Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/
INSTALL.md: Remove trailing space Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/19960)
show more ...
|