History log of /openssl/ (Results 6976 – 7000 of 36070)
Revision (<<< Hide revision tags) (Show revision tags >>>)Date Author Comments
(<<< Hide modified files)
(Show modified files >>>)
22d1138f05-May-2021 Dmitry Belyavskiy

Avoid sending alerts after shutdown

Fixes #11388

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15159)


ssl/s3_msg.c
021521aa18-Apr-2021 Petr Gotthard

Fix NULL dereference when ENCODER does not implement IMPORT_OBJECT

External ENCODER may not implement OSSL_FUNC_ENCODER_IMPORT_OBJECT,
so a check for NULL is needed.

Reviewed-by

Fix NULL dereference when ENCODER does not implement IMPORT_OBJECT

External ENCODER may not implement OSSL_FUNC_ENCODER_IMPORT_OBJECT,
so a check for NULL is needed.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14919)

show more ...


crypto/encode_decode/encoder_pkey.c
bfe2fcc804-May-2021 Tomas Mraz

evp_extra_test: Avoid potential double free of params

Fixes #14916

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15135)


test/evp_extra_test.c
6ef2f71a05-May-2021 Daniel Bevenius

Clarify where dispatch functions/ids are defined

When reading the comment for ossl_dispatch_st it seems to indicate that
the function_id numbers are defined further down in the same file

Clarify where dispatch functions/ids are defined

When reading the comment for ossl_dispatch_st it seems to indicate that
the function_id numbers are defined further down in the same file. But I
was not able to find them there, but instead in core_dispatch.h.

This commit suggests updating the comment to point to core_dispatch.h

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15156)

show more ...


include/openssl/core.h
6d418dbc05-May-2021 Daniel Bevenius

Clarify two comments (typos) in fipsprov.c

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull

Clarify two comments (typos) in fipsprov.c

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15150)

show more ...


providers/fips/fipsprov.c
4c8e6f7d06-May-2021 Matt Caswell

Prepare for 3.0 alpha 17

Reviewed-by: Tomas Mraz <tomas@openssl.org>


CHANGES.md
NEWS.md
VERSION.dat
d0c041b106-May-2021 Matt Caswell

Prepare for release of 3.0 alpha 16

Reviewed-by: Tomas Mraz <tomas@openssl.org>


CHANGES.md
NEWS.md
VERSION.dat
aff636a406-May-2021 Matt Caswell

Update copyright year

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15181)


apps/asn1pars.c
apps/engine.c
apps/include/fmt.h
apps/info.c
apps/nseq.c
apps/prime.c
apps/progs.pl
apps/sess_id.c
apps/spkac.c
apps/version.c
crypto/bio/bio_local.h
crypto/bn/bn_nist.c
crypto/cpt_err.c
crypto/evp/evp_cnf.c
crypto/evp/evp_pbe.c
crypto/pkcs12/p12_add.c
crypto/pkcs12/p12_crpt.c
crypto/pkcs12/p12_init.c
crypto/pkcs12/p12_p8d.c
crypto/pkcs12/p12_p8e.c
crypto/pkcs12/p12_sbag.c
crypto/rc2/rc2_skey.c
crypto/x509/t_crl.c
doc/man1/openssl-crl.pod.in
doc/man1/openssl-dhparam.pod.in
doc/man1/openssl-dsa.pod.in
doc/man1/openssl-dsaparam.pod.in
doc/man1/openssl-ecparam.pod.in
doc/man1/openssl-format-options.pod
doc/man1/openssl-rsa.pod.in
doc/man1/openssl-smime.pod.in
doc/man1/openssl-spkac.pod.in
doc/man1/openssl-verify.pod.in
doc/man3/BIO_ctrl.pod
doc/man3/BIO_new.pod
doc/man3/BIO_parse_hostserv.pod
doc/man3/BIO_s_connect.pod
doc/man3/BIO_s_fd.pod
doc/man3/CMS_get1_ReceiptRequest.pod
doc/man3/EVP_PKEY_ASN1_METHOD.pod
doc/man3/EVP_PKEY_meth_new.pod
doc/man3/OSSL_STORE_expect.pod
doc/man3/OSSL_STORE_open.pod
doc/man3/PKCS5_PBKDF2_HMAC.pod
doc/man3/TS_VERIFY_CTX_set_certs.pod
doc/man3/X509_get_version.pod
doc/man7/openssl-core.h.pod
include/openssl/conf.h.in
include/openssl/e_os2.h
include/openssl/hmac.h
include/openssl/pkcs12.h.in
include/openssl/safestack.h.in
include/openssl/stack.h
test/asn1_decode_test.c
test/dtlstest.c
test/ecstresstest.c
test/errtest.c
test/helpers/pkcs12.h
test/memleaktest.c
test/pkcs12_format_test.c
test/recipes/04-test_bio_core.t
test/recipes/15-test_gendh.t
test/recipes/20-test_dgst.t
test/recipes/25-test_crl.t
test/recipes/30-test_evp_data/evpciph_aes_wrap.txt
test/recipes/30-test_evp_data/evpciph_aria.txt
test/recipes/30-test_evp_data/evpciph_camellia.txt
test/recipes/30-test_evp_data/evpciph_des.txt
test/recipes/30-test_evp_data/evpciph_des3_common.txt
test/recipes/30-test_evp_data/evpciph_rc2.txt
test/recipes/30-test_evp_data/evpciph_rc5.txt
test/recipes/30-test_evp_data/evpciph_seed.txt
test/recipes/30-test_evp_data/evppkey_ecdsa.txt
test/recipes/80-test_pkcs12.t
test/recipes/95-test_external_pyca_data/cryptography.sh
test/ssl-tests/16-dtls-certstatus.cnf.in
test/ssl-tests/18-dtls-renegotiate.cnf.in
test/v3nametest.c
util/perl/OpenSSL/Test.pm
util/perl/OpenSSL/stackhash.pm
6269fedf06-May-2021 Matt Caswell

Update the FIPS checksums

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15177)


providers/fips-sources.checksums
providers/fips.checksum
d105a24c03-May-2021 Tomas Mraz

Add some tests for -inform/keyform enforcement

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15100)


test/recipes/20-test_pkeyutl.t
test/recipes/25-test_crl.t
test/recipes/25-test_req.t
test/recipes/25-test_x509.t
bee3f38903-May-2021 Tomas Mraz

Document the behavior of the -inform and related options

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15100)


CHANGES.md
doc/man1/openssl-ca.pod.in
doc/man1/openssl-cmp.pod.in
doc/man1/openssl-cms.pod.in
doc/man1/openssl-crl.pod.in
doc/man1/openssl-dgst.pod.in
doc/man1/openssl-dsa.pod.in
doc/man1/openssl-dsaparam.pod.in
doc/man1/openssl-ec.pod.in
doc/man1/openssl-ecparam.pod.in
doc/man1/openssl-format-options.pod
doc/man1/openssl-pkey.pod.in
doc/man1/openssl-pkeyutl.pod.in
doc/man1/openssl-req.pod.in
doc/man1/openssl-rsa.pod.in
doc/man1/openssl-rsautl.pod.in
doc/man1/openssl-s_client.pod.in
doc/man1/openssl-s_server.pod.in
doc/man1/openssl-smime.pod.in
doc/man1/openssl-spkac.pod.in
doc/man1/openssl-x509.pod.in
3d1becd403-May-2021 Tomas Mraz

provider-storemgmt: Document the input-type and properties parameters.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15100)


doc/man7/provider-storemgmt.pod
0b294f5603-May-2021 Tomas Mraz

Update gost-engine to make it compatible with the added params

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15100)


gost-engine
d382e79630-Apr-2021 Tomas Mraz

Make the -inform option to be respected if possible

Add OSSL_STORE_PARAM_INPUT_TYPE and make it possible to be
set when OSSL_STORE_open_ex() or OSSL_STORE_attach() is called.

Th

Make the -inform option to be respected if possible

Add OSSL_STORE_PARAM_INPUT_TYPE and make it possible to be
set when OSSL_STORE_open_ex() or OSSL_STORE_attach() is called.

The input type format is enforced only in case the file
type file store is used.

By default we use FORMAT_UNDEF meaning the input type
is not enforced.

Fixes #14569

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15100)

show more ...


apps/ca.c
apps/cmp.c
apps/cms.c
apps/crl.c
apps/dgst.c
apps/dsa.c
apps/dsaparam.c
apps/ec.c
apps/ecparam.c
apps/gendsa.c
apps/include/apps.h
apps/lib/apps.c
apps/lib/s_cb.c
apps/ocsp.c
apps/pkcs8.c
apps/pkey.c
apps/pkeyutl.c
apps/req.c
apps/rsa.c
apps/rsautl.c
apps/s_client.c
apps/s_server.c
apps/smime.c
apps/spkac.c
apps/storeutl.c
apps/verify.c
apps/x509.c
crypto/pem/pem_pkey.c
crypto/store/store_lib.c
crypto/x509/by_store.c
doc/man3/OSSL_STORE_attach.pod
doc/man3/OSSL_STORE_open.pod
include/openssl/core_names.h
include/openssl/store.h
providers/fips-sources.checksums
providers/fips.checksum
providers/implementations/storemgmt/file_store.c
test/ossl_store_test.c
b86fa8c503-May-2021 EasySec

try to document changes in salt handling for the 'enc' command

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/

try to document changes in salt handling for the 'enc' command

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4486)

show more ...


doc/man1/openssl-enc.pod.in
Revision tags: OpenSSL_1_1_1, OpenSSL_1_1_1-pre9, OpenSSL_1_0_2p, OpenSSL_1_1_0i, OpenSSL_1_1_1-pre8, OpenSSL_1_1_1-pre7, OpenSSL_1_1_1-pre6, OpenSSL_1_1_1-pre5, OpenSSL_1_1_1-pre4, OpenSSL_1_0_2o, OpenSSL_1_1_0h, OpenSSL_1_1_1-pre3, OpenSSL_1_1_1-pre2, OpenSSL_1_1_1-pre1
c4c8791e30-Dec-2017 EasySec

change salt handling, way 1

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4486)


apps/enc.c
a35536b503-May-2021 Pauli

coverity: fix 1478169: dereference after NULL check

The code path shouldn't occur in our code but could in an application.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(M

coverity: fix 1478169: dereference after NULL check

The code path shouldn't occur in our code but could in an application.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15128)

show more ...


crypto/pkcs12/p12_p8e.c
08a337fa04-May-2021 Rich Salz

Remove all trace of FIPS_mode functions

Removed error codes, and the mention of the functions.
This removal is already documented in the CHANGES doc.

Reviewed-by: Shane Lontis <

Remove all trace of FIPS_mode functions

Removed error codes, and the mention of the functions.
This removal is already documented in the CHANGES doc.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15140)

show more ...


crypto/cpt_err.c
crypto/err/openssl.txt
crypto/evp/evp_cnf.c
crypto/evp/evp_err.c
include/openssl/cryptoerr.h
include/openssl/cryptoerr_legacy.h
include/openssl/evperr.h
include/openssl/sslerr.h
ssl/ssl_err.c
util/libcrypto.num
util/missingcrypto.txt
a07b0bfb04-May-2021 Dr. David von Oheimb

Deprecate X509{,_CRL}_http_nbio() and simplify their definition

This is done by making use of OCSP_REQ_CTX_nbio_d2i().

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from h

Deprecate X509{,_CRL}_http_nbio() and simplify their definition

This is done by making use of OCSP_REQ_CTX_nbio_d2i().

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15131)

show more ...


CHANGES.md
doc/man3/X509_load_http.pod
include/openssl/x509.h.in
util/other.syms
b0f9601801-May-2021 Dr. David von Oheimb

APPS: Replace 'OPT_ERR = -1, OPT_EOF = 0, OPT_HELP' by OPT_COMMON macro

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15111)


apps/asn1pars.c
apps/ca.c
apps/ciphers.c
apps/cmp.c
apps/cms.c
apps/crl.c
apps/crl2p7.c
apps/dgst.c
apps/dhparam.c
apps/dsa.c
apps/dsaparam.c
apps/ec.c
apps/ecparam.c
apps/enc.c
apps/engine.c
apps/fipsinstall.c
apps/gendsa.c
apps/genpkey.c
apps/genrsa.c
apps/include/opt.h
apps/info.c
apps/kdf.c
apps/list.c
apps/mac.c
apps/nseq.c
apps/ocsp.c
apps/passwd.c
apps/pkcs12.c
apps/pkcs7.c
apps/pkcs8.c
apps/pkey.c
apps/pkeyparam.c
apps/pkeyutl.c
apps/prime.c
apps/rand.c
apps/rehash.c
apps/req.c
apps/rsa.c
apps/rsautl.c
apps/s_client.c
apps/s_server.c
apps/s_time.c
apps/sess_id.c
apps/smime.c
apps/speed.c
apps/spkac.c
apps/srp.c
apps/storeutl.c
apps/ts.c
apps/verify.c
apps/version.c
apps/x509.c
doc/internal/man3/OPTIONS.pod
2840769801-May-2021 Dr. David von Oheimb

APPS: Slightly extend and improve documentation of the opt_ API

Also remove redundant opt_name() and make names of opt_{i,u}ntmax() consistent.

Reviewed-by: Tomas Mraz <tomas@openss

APPS: Slightly extend and improve documentation of the opt_ API

Also remove redundant opt_name() and make names of opt_{i,u}ntmax() consistent.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15111)

show more ...


apps/cmp.c
apps/include/opt.h
apps/lib/apps.c
apps/lib/opt.c
apps/x509.c
doc/internal/man3/OPTIONS.pod
test/ecstresstest.c
6c0ac9b903-May-2021 Benjamin Kaduk

adapt tests to SSL_OP_LEGACY_SERVER_CONNECT change

The "bad DTLS" tests run into trouble due to the special behavior
for that "bad" version, and the SSL record tests need to set the

adapt tests to SSL_OP_LEGACY_SERVER_CONNECT change

The "bad DTLS" tests run into trouble due to the special behavior
for that "bad" version, and the SSL record tests need to set the
-legacy_server_connect flag to allow an SSLv2 ClientHello to work
against any TLS server (since SSLv2 ClientHello messages cannot
carry extensions as would be needed in order to negotiate the use
of the renegitiation_info extension).

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15127)

show more ...


test/bad_dtls_test.c
test/recipes/70-test_sslrecords.t
cbbbc8fc03-May-2021 Benjamin Kaduk

Correct ssl_conf logic for "legacy_server_connect"

This option is only useful for the client, but it was previously
marked as only being applicable for servers.

Correct the entr

Correct ssl_conf logic for "legacy_server_connect"

This option is only useful for the client, but it was previously
marked as only being applicable for servers.

Correct the entry to properly mark it as client-only, and update the
s_server/s_client manuals accordingly.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15127)

show more ...


doc/man1/openssl-s_client.pod.in
doc/man1/openssl-s_server.pod.in
ssl/ssl_conf.c
72d2670b03-May-2021 Benjamin Kaduk

Enforce secure renegotiation support by default

Previously we would set SSL_OP_LEGACY_SERVER_CONNECT by default in
SSL_CTX_new(), to allow connections to legacy servers that did not

Enforce secure renegotiation support by default

Previously we would set SSL_OP_LEGACY_SERVER_CONNECT by default in
SSL_CTX_new(), to allow connections to legacy servers that did not
implement RFC 5746.

It has been more than a decade since RFC 5746 was published, so
there has been plenty of time for implmentation support to roll out.

Change the default behavior to be to require peers to support
secure renegotiation. Existing applications that already cleared
SSL_OP_LEGACY_SERVER_CONNECT will see no behavior change, as
re-clearing the flag is just a little bit of redundant work.
The old behavior is still available by explicitly setting the flag
in the application.

Also remove SSL_OP_LEGACY_SERVER_CONNECT from SSL_OP_ALL, for
similar reasons.

Document the behavior change in CHANGES.md, and update the
SSL_CTX_set_options() and SSL_CONF_cmd manuals to reflect the change
in default behavior.

Fixes: 14848

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15127)

show more ...


CHANGES.md
doc/man3/SSL_CONF_cmd.pod
doc/man3/SSL_CTX_set_options.pod
include/openssl/ssl.h.in
ssl/ssl_lib.c
8369592d04-May-2021 Tomas Mraz

Fix missing symbols in no-cms and no-ts build

Fixes #15137

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15138)


crypto/ess/build.info

1...<<271272273274275276277278279280>>...1443