Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13, openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11 |
|
#
3c95ef22 |
| 27-Jan-2021 |
Todd Short |
RFC7250 (RPK) support Add support for the RFC7250 certificate-type extensions. Alows the use of only private keys for connection (i.e. certs not needed). Add APIs Add unit t
RFC7250 (RPK) support Add support for the RFC7250 certificate-type extensions. Alows the use of only private keys for connection (i.e. certs not needed). Add APIs Add unit tests Add documentation Add s_client/s_server support Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18185)
show more ...
|
#
f0131dc0 |
| 29-Aug-2022 |
Pauli |
ssl: modify libssl so that it uses OSSL_TIME This is instead of time_t and struct timeval. Some public APIs mandate a presence of these two types, but they are converted to OSSL_TIME in
ssl: modify libssl so that it uses OSSL_TIME This is instead of time_t and struct timeval. Some public APIs mandate a presence of these two types, but they are converted to OSSL_TIME internally. Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19082)
show more ...
|
#
72a509f9 |
| 26-Aug-2021 |
Tomas Mraz |
Make the -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION pass tests Fixes #16428 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Make the -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION pass tests Fixes #16428 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/16433)
show more ...
|
Revision tags: openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7, OpenSSL_1_1_1h, openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2, openssl-3.0.0-alpha1, OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e, OpenSSL_1_0_2u, OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d, OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s |
|
#
25959e04 |
| 05-Apr-2019 |
Todd Short |
Optimize session cache flushing Sort SSL_SESSION structures by timeout in the linked list. Iterate over the linked list for timeout, stopping when no more session can be flushed.
Optimize session cache flushing Sort SSL_SESSION structures by timeout in the linked list. Iterate over the linked list for timeout, stopping when no more session can be flushed. Do SSL_SESSION_free() outside of SSL_CTX lock Update timeout upon use Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8687)
show more ...
|
#
0789c7d8 |
| 20-May-2021 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15381)
|
#
aa6bd216 |
| 16-Mar-2021 |
Benjamin Kaduk |
Promote SSL_get_negotiated_group() for non-TLSv1.3 It can be useful to know what group was used for the handshake's key exchange process even on non-TLS 1.3 connections. Allow this
Promote SSL_get_negotiated_group() for non-TLSv1.3 It can be useful to know what group was used for the handshake's key exchange process even on non-TLS 1.3 connections. Allow this API, new in OpenSSL 3.0.0, to be used on other TLS versions as well. Since pre-TLS-1.3 key exchange occurs only on full handshakes, this necessitates adding a field to the SSL_SESSION object to carry the group information across resumptions. The key exchange group in the SSL_SESSION can also be relevant in TLS 1.3 when the resumption handshake uses the "psk_ke" key-exchange mode, so also track whether a fresh key exchange was done for TLS 1.3. Since the new field is optional in the ASN.1 sense, there is no need to increment SSL_SESSION_ASN1_VERSION (which incurs strong incompatibility churn). Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14750)
show more ...
|
#
605856d7 |
| 26-Nov-2020 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13533)
|
#
6849b73c |
| 04-Nov-2020 |
Richard Levitte |
Convert all {NAME}err() in ssl/ to their corresponding ERR_raise() call This was done using util/err-to-raise Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://
Convert all {NAME}err() in ssl/ to their corresponding ERR_raise() call This was done using util/err-to-raise Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13316)
show more ...
|
#
12a765a5 |
| 16-Sep-2019 |
Rich Salz |
Explicitly test against NULL; do not use !p or similar Also added blanks lines after declarations in a couple of places. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Review
Explicitly test against NULL; do not use !p or similar Also added blanks lines after declarations in a couple of places. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9916)
show more ...
|
#
706457b7 |
| 27-Sep-2019 |
Dr. Matthias St. Pierre |
Reorganize local header files Apart from public and internal header files, there is a third type called local header files, which are located next to source files in the source direc
Reorganize local header files Apart from public and internal header files, there is a third type called local header files, which are located next to source files in the source directory. Currently, they have different suffixes like '*_lcl.h', '*_local.h', or '*_int.h' This commit changes the different suffixes to '*_local.h' uniformly. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9333)
show more ...
|
Revision tags: OpenSSL_1_0_2r, OpenSSL_1_1_1b |
|
#
9fdcc21f |
| 15-Jan-2019 |
David von Oheimb |
constify *_dup() and *i2d_*() and related functions as far as possible, introducing DECLARE_ASN1_DUP_FUNCTION Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell
constify *_dup() and *i2d_*() and related functions as far as possible, introducing DECLARE_ASN1_DUP_FUNCTION Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8029)
show more ...
|
#
2c18d164 |
| 06-Dec-2018 |
Richard Levitte |
Following the license change, modify the boilerplates in ssl/ Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7768)
|
Revision tags: OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a, OpenSSL_1_1_1, OpenSSL_1_1_1-pre9, OpenSSL_1_0_2p, OpenSSL_1_1_0i, OpenSSL_1_1_1-pre8 |
|
#
27232cc3 |
| 18-Jun-2018 |
Matt Caswell |
Don't use OPENSSL_strdup() for copying alpn_selected An alpn_selected value containing NUL bytes in it will result in ext.alpn_selected_len having a larger value than the number of bytes
Don't use OPENSSL_strdup() for copying alpn_selected An alpn_selected value containing NUL bytes in it will result in ext.alpn_selected_len having a larger value than the number of bytes allocated in ext.alpn_selected. Issue found by OSS-fuzz. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6507)
show more ...
|
#
6cf2dbd9 |
| 05-Jun-2018 |
Matt Caswell |
Don't store the ticket nonce in the session We generate the secrets based on the nonce immediately so there is no need to keep the nonce. Reviewed-by: Andy Polyakov <appro@opens
Don't store the ticket nonce in the session We generate the secrets based on the nonce immediately so there is no need to keep the nonce. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6415)
show more ...
|
#
4ff1a526 |
| 01-Jun-2018 |
Matt Caswell |
Fix TLSv1.3 ticket nonces All tickets on a connection need to have a unique nonce. When this was originally implemented we only ever sent one ticket on the conneciton so this didn't
Fix TLSv1.3 ticket nonces All tickets on a connection need to have a unique nonce. When this was originally implemented we only ever sent one ticket on the conneciton so this didn't matter. We were just using the value 0. Now we can get multiple tickets to we need to start doing the ticket nonce properly. Fixes #6387 Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6415)
show more ...
|
Revision tags: OpenSSL_1_1_1-pre7, OpenSSL_1_1_1-pre6, OpenSSL_1_1_1-pre5, OpenSSL_1_1_1-pre4, OpenSSL_1_0_2o, OpenSSL_1_1_0h, OpenSSL_1_1_1-pre3 |
|
#
b0edda11 |
| 20-Mar-2018 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5689)
|
Revision tags: OpenSSL_1_1_1-pre2, OpenSSL_1_1_1-pre1, OpenSSL_1_0_2n, OpenSSL_1_0_2m, OpenSSL_1_1_0g, OpenSSL_1_0_2l, OpenSSL_1_1_0f, OpenSSL-fips-2_0_16 |
|
#
df0fed9a |
| 15-Mar-2017 |
Todd Short |
Session Ticket app data Adds application data into the encrypted session ticket Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (M
Session Ticket app data Adds application data into the encrypted session ticket Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3802)
show more ...
|
#
802127e8 |
| 11-Nov-2017 |
Andy Polyakov |
ssl/ssl_asn1.c: resolve warnings in VC-WIN32 build, which allows to add /WX. It's argued that /WX allows to keep better focus on new code, which motivates its comeback... [Keep
ssl/ssl_asn1.c: resolve warnings in VC-WIN32 build, which allows to add /WX. It's argued that /WX allows to keep better focus on new code, which motivates its comeback... [Keep this commit separate as reminder for time overhaul.] Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4721)
show more ...
|
#
cf72c757 |
| 05-Nov-2017 |
FdaSilvaYY |
Implement Maximum Fragment Length TLS extension. Based on patch from Tomasz Moń: https://groups.google.com/forum/#!topic/mailing.openssl.dev/fQxXvCg1uQY Reviewed-by: Matt Caswel
Implement Maximum Fragment Length TLS extension. Based on patch from Tomasz Moń: https://groups.google.com/forum/#!topic/mailing.openssl.dev/fQxXvCg1uQY Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/1008)
show more ...
|
#
9b6a8254 |
| 05-Jul-2017 |
Matt Caswell |
Send and receive the ticket_nonce field in a NewSessionTicket This just adds the processing for sending and receiving the newly added ticket_nonce field. It doesn't actually use it yet.
Send and receive the ticket_nonce field in a NewSessionTicket This just adds the processing for sending and receiving the newly added ticket_nonce field. It doesn't actually use it yet. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3852)
show more ...
|
#
c80149d9 |
| 20-Jun-2017 |
Rich Salz |
Merge Nokia copyright notice into standard This is done with the kind permission of Nokia. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/o
Merge Nokia copyright notice into standard This is done with the kind permission of Nokia. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3722)
show more ...
|
#
9612e157 |
| 12-Apr-2017 |
Richard Levitte |
ASN.1: adapt our use of INTxx et al by making them explicitely embedded Fixes #3191 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/
ASN.1: adapt our use of INTxx et al by making them explicitely embedded Fixes #3191 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3199)
show more ...
|
#
64f11ee8 |
| 05-Apr-2017 |
Richard Levitte |
Publish our INT32, UINT32, INT64, UINT64 ASN.1 types and Z variants Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://githu
Publish our INT32, UINT32, INT64, UINT64 ASN.1 types and Z variants Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3126)
show more ...
|
#
66ecfb54 |
| 30-Mar-2017 |
Richard Levitte |
Convert SSL_SESSION_ASN1 to use size specific integers This increases portability of SSL_SESSION files between architectures where the size of |long| may vary. Before this, SSL_SESSION
Convert SSL_SESSION_ASN1 to use size specific integers This increases portability of SSL_SESSION files between architectures where the size of |long| may vary. Before this, SSL_SESSION files produced on a 64-bit long architecture may break on a 32-bit long architecture. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3088)
show more ...
|
#
f6370040 |
| 24-Feb-2017 |
Matt Caswell |
Only accept early_data if the negotiated ALPN is the same Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2737)
|