#
22c2928a |
| 12-Sep-2024 |
Sahana Prasad |
IANA has assigned numbers for new TLS Supported Groups in ML-KEM https://www.ietf.org/archive/id/draft-kwiatkowski-tls-ecdhe-mlkem-01.html#name-iana-considerations Signed-off-by: Sahana Prasa
IANA has assigned numbers for new TLS Supported Groups in ML-KEM https://www.ietf.org/archive/id/draft-kwiatkowski-tls-ecdhe-mlkem-01.html#name-iana-considerations Signed-off-by: Sahana Prasad <sahana@redhat.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/25477)
show more ...
|
#
7ed6de99 |
| 05-Sep-2024 |
Tomas Mraz |
Copyright year updates Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes
|
#
38a71831 |
| 09-Jul-2024 |
Michael Baentsch <57787676+baentsch@users.noreply.github.com> |
adds TLS signature algorithms list feature Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Me
adds TLS signature algorithms list feature Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24821)
show more ...
|
#
cc37ef7d |
| 29-Jul-2024 |
Leonie Theobald |
Add logging support for early data -trace option didn't cover early data message which resulted in misleading logging. CLA: trivial Reviewed-by: Matt Caswell <matt@open
Add logging support for early data -trace option didn't cover early data message which resulted in misleading logging. CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25026)
show more ...
|
#
b6a5e801 |
| 01-Dec-2023 |
Rajeev Ranjan |
Add support for integrity-only cipher suites for TLS v1.3 - add test vectors for tls1_3 integrity-only ciphers - recmethod_local.h: add new member for MAC - tls13_meth.c: add MAC onl
Add support for integrity-only cipher suites for TLS v1.3 - add test vectors for tls1_3 integrity-only ciphers - recmethod_local.h: add new member for MAC - tls13_meth.c: add MAC only to tls 1.3 - tls13_enc.c: extend function to add MAC only - ssl_local.h: add ssl_cipher_get_evp_md_mac() - s3_lib.c: add the new ciphers and add #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS - ssl_ciph.c : add ssl_cipher_get_evp_md_mac() and use it - tls13secretstest.c: add dummy test function - Configure: add integrity-only-ciphers option - document the new ciphers Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22903)
show more ...
|
#
e9241d16 |
| 23-Nov-2023 |
Dmitry Belyavskiy |
IANA has assigned numbers for 2 hybrid PQ KEX widely used in tests Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://githu
IANA has assigned numbers for 2 hybrid PQ KEX widely used in tests Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22803)
show more ...
|
#
b946a3ee |
| 09-May-2023 |
Matt Caswell |
Fix an SSL_trace bug Ensure that SSL_trace can print certificate data even with a non-default libctx. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <h
Fix an SSL_trace bug Ensure that SSL_trace can print certificate data even with a non-default libctx. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20914)
show more ...
|
#
45aac107 |
| 02-May-2023 |
Matt Caswell |
Support trace for QUIC datagrams Extend SSL_trace so that it knows how to dump information about the receipt of a QUIC datagram. Reviewed-by: Tomas Mraz <tomas@openssl.org>
Support trace for QUIC datagrams Extend SSL_trace so that it knows how to dump information about the receipt of a QUIC datagram. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20914)
show more ...
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13, openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11 |
|
#
3c95ef22 |
| 27-Jan-2021 |
Todd Short |
RFC7250 (RPK) support Add support for the RFC7250 certificate-type extensions. Alows the use of only private keys for connection (i.e. certs not needed). Add APIs Add unit t
RFC7250 (RPK) support Add support for the RFC7250 certificate-type extensions. Alows the use of only private keys for connection (i.e. certs not needed). Add APIs Add unit tests Add documentation Add s_client/s_server support Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18185)
show more ...
|
#
f2a6f838 |
| 20-Feb-2021 |
FdaSilvaYY |
Cleanup : directly include of `internal/nelem.h` when required. And so clean a few useless includes Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@ope
Cleanup : directly include of `internal/nelem.h` when required. And so clean a few useless includes Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19721)
show more ...
|
#
1555c86e |
| 01-Oct-2022 |
J.W. Jagersma |
Cast values to match printf format strings. For some reason djgpp uses '(unsigned) long int' for (u)int32_t. This causes errors with -Werror=format, even though these types are in p
Cast values to match printf format strings. For some reason djgpp uses '(unsigned) long int' for (u)int32_t. This causes errors with -Werror=format, even though these types are in practice identical. Obvious solution: cast to the types indicated by the format string. For asn1_time_test.c I changed the format string to %lli since time_t may be 'long long' some platforms. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19322)
show more ...
|
#
00e38edc |
| 27-Oct-2022 |
Todd Short |
Fix coverity 1516093 tainted scalar |uclen| is created from three byte values, so this seems a bit redundant, but if it makes coverity happy Reviewed-by: Hugo Landau <hlandau@op
Fix coverity 1516093 tainted scalar |uclen| is created from three byte values, so this seems a bit redundant, but if it makes coverity happy Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19519)
show more ...
|
#
5e569f0a |
| 19-Oct-2022 |
Todd Short |
Fix coverity 1516093 tainted scalar Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19440)
|
#
b67cb09f |
| 09-Aug-2021 |
Todd Short |
Add support for compressed certificates (RFC8879) * Compressed Certificate extension (server/client) * Server certificates (send/receive) * Client certificate (send/receive)
Add support for compressed certificates (RFC8879) * Compressed Certificate extension (server/client) * Server certificates (send/receive) * Client certificate (send/receive) Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18186)
show more ...
|
#
c9ee6e36 |
| 30-Sep-2022 |
Matt Caswell |
Reimplement brainpool TLSv1.3 support group support Create new TLS_GROUP_ENTRY values for these groups. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavski
Reimplement brainpool TLSv1.3 support group support Create new TLS_GROUP_ENTRY values for these groups. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/19315)
show more ...
|
#
38b051a1 |
| 20-Jun-2022 |
Tomas Mraz |
SSL object refactoring using SSL_CONNECTION object Make the SSL object polymorphic based on whether this is a traditional SSL connection, QUIC connection, or later to be implemented
SSL object refactoring using SSL_CONNECTION object Make the SSL object polymorphic based on whether this is a traditional SSL connection, QUIC connection, or later to be implemented a QUIC stream. It requires adding if after every SSL_CONNECTION_FROM_SSL() call which itself has to be added to almost every public SSL_ API call. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18612)
show more ...
|
Revision tags: openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7, OpenSSL_1_1_1h, openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2, openssl-3.0.0-alpha1, OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e, OpenSSL_1_0_2u, OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d, OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s, OpenSSL_1_0_2r, OpenSSL_1_1_1b, OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a |
|
#
0a10825a |
| 24-Oct-2018 |
Bernd Edlinger |
Enable brainpool curves for TLS1.3 See the recently assigned brainpool code points at: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml Reviewed-by: Paul Dal
Enable brainpool curves for TLS1.3 See the recently assigned brainpool code points at: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7485)
show more ...
|
#
a28d06f3 |
| 18-Feb-2021 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14235)
|
#
462f4f4b |
| 15-Jan-2021 |
Matt Caswell |
Remove OPENSSL_NO_EC guards from libssl Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13916)
|
#
7486c718 |
| 19-May-2020 |
Tomas Mraz |
t1_trce: Fix remaining places where the 24 bit shift overflow happens [extended tests] Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl
t1_trce: Fix remaining places where the 24 bit shift overflow happens [extended tests] Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11857)
show more ...
|
#
5a5530a2 |
| 30-Mar-2020 |
Dmitry Belyavskiy |
New Russian TLS 1.2 implementation Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11442)
|
#
fa555aa8 |
| 18-Apr-2020 |
Nikolay Morozov |
GOST2012 TLS Supported Groups Identifiers Support For GOST2012-GOST8912-GOST8912 IANA introduce TLS Supported Groups Identifiers https://www.iana.org/assignments/tls-parameters/tls-param
GOST2012 TLS Supported Groups Identifiers Support For GOST2012-GOST8912-GOST8912 IANA introduce TLS Supported Groups Identifiers https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/11568)
show more ...
|
#
6f892296 |
| 07-Apr-2020 |
Nikolay Morozov |
TLSEXT_SIGALG_gostr34102012 0x0840 and 0x0841 support For GOST2012-GOST8912-GOST8912 IANA introduce signature Signature Algorithm parametrs https://www.iana.org/assignments/tls-parameter
TLSEXT_SIGALG_gostr34102012 0x0840 and 0x0841 support For GOST2012-GOST8912-GOST8912 IANA introduce signature Signature Algorithm parametrs https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-16 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/11482)
show more ...
|
#
98278b96 |
| 25-Mar-2020 |
Nikolay Morozov |
TLS Cipher Suite 0xC102 Support For GOST2012-GOST8912-GOST8912 was used 0xFF85 identifier, but new identifier 0xc102 was assigned. Because of old software we will support both number
TLS Cipher Suite 0xC102 Support For GOST2012-GOST8912-GOST8912 was used 0xFF85 identifier, but new identifier 0xc102 was assigned. Because of old software we will support both numbers. https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-2 https://datatracker.ietf.org/doc/draft-smyshlyaev-tls12-gost-suites/ Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/11403)
show more ...
|
#
6834df12 |
| 24-Sep-2019 |
Daniil Zotkin |
Process GOST ClientKeyExchange message in SSL_trace Use ssl_print_hex to print message in case of GOST key exchange algorithm. CLA: trivial Reviewed-by: Paul Dale <paul.dal
Process GOST ClientKeyExchange message in SSL_trace Use ssl_print_hex to print message in case of GOST key exchange algorithm. CLA: trivial Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/9995)
show more ...
|