| adcaebc3 | 19-Jan-2021 |
Tomas Mraz |
CI: Add some legacy stuff that we do not test in GitHub CI yet
There are some options that seem to belong to the legacy build.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
CI: Add some legacy stuff that we do not test in GitHub CI yet
There are some options that seem to belong to the legacy build.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13903)
show more ...
|
| 52b0bb38 | 13-Jan-2021 |
Michael Baentsch |
fall-back -> fallback find-doc-nit addition
Ensure the same term is used for fallback
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
fall-back -> fallback find-doc-nit addition
Ensure the same term is used for fallback
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13862)
show more ...
|
| 68570580 | 20-Jan-2021 |
Tim Hitchins |
Fix typo in crl2pkcs documentation
Fixes #13910
CLA: trivial
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom
Fix typo in crl2pkcs documentation
Fixes #13910
CLA: trivial
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13911)
show more ...
|
| a3d267f1 | 08-Dec-2020 |
Rich Salz |
Deprecate EVP_KEY_new_CMAC_key and EVP_PKEY_new_CMAC_key_ex
EVP_KEY_new_CMAC_key_ex was in the pre-release 3.0 only, so is safe
to remove.
Restore 1.1.1 version of EVP_PKEY_new_CMAC_
Deprecate EVP_KEY_new_CMAC_key and EVP_PKEY_new_CMAC_key_ex
EVP_KEY_new_CMAC_key_ex was in the pre-release 3.0 only, so is safe
to remove.
Restore 1.1.1 version of EVP_PKEY_new_CMAC_key documentation.
Also make testing of EVP_PKEY_new_CMAC_key properly #ifdef'd.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13829)
show more ...
|
| 3aa7212e | 22-Nov-2020 |
Vadim Fedorenko |
ktls: Initial support for ChaCha20-Poly1305
Linux kernel is going to support ChaCha20-Poly1305 in TLS offload.
Add support for this cipher.
Reviewed-by: Matt Caswell <matt@opens
ktls: Initial support for ChaCha20-Poly1305
Linux kernel is going to support ChaCha20-Poly1305 in TLS offload.
Add support for this cipher.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13475)
show more ...
|
| 5b57aa24 | 06-Jan-2021 |
Matt Caswell |
Ensure SRP BN_mod_exp follows the constant time path
SRP_Calc_client_key calls BN_mod_exp with private data. However it was
not setting BN_FLG_CONSTTIME and therefore not using the const
Ensure SRP BN_mod_exp follows the constant time path
SRP_Calc_client_key calls BN_mod_exp with private data. However it was
not setting BN_FLG_CONSTTIME and therefore not using the constant time
implementation. This could be exploited in a side channel attack to
recover the password.
Since the attack is local host only this is outside of the current OpenSSL
threat model and therefore no CVE is assigned.
Thanks to Mohammed Sabt and Daniel De Almeida Braga for reporting this
issue.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13888)
show more ...
|
| 53d650d1 | 19-Jan-2021 |
Tomas Mraz |
ec_kmgmt.c: OSSL_PKEY_PARAM_DEFAULT_DIGEST is gettable param for EC/SM2 keys
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13901) |
| d8ab30be | 08-Jan-2021 |
Dr. David von Oheimb |
X509v3_get_ext_by_NID.pod: Add warning on counter-intuitive behavior of X509v3_delete_ext() etc.
Also simplify two uses of these functions.
Reviewed-by: Tomas Mraz <tomas@openssl.or
X509v3_get_ext_by_NID.pod: Add warning on counter-intuitive behavior of X509v3_delete_ext() etc.
Also simplify two uses of these functions.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13711)
show more ...
|
| 05458fdb | 08-Jan-2021 |
Dr. David von Oheimb |
apps/x509.c: Make -x509toreq respect -clrext, -sigopt, and -extfile options
Also prevent copying SKID and AKID extension, which make no sense in CSRs
and extend the use -ext to select wi
apps/x509.c: Make -x509toreq respect -clrext, -sigopt, and -extfile options
Also prevent copying SKID and AKID extension, which make no sense in CSRs
and extend the use -ext to select with extensions are copied.
Further simplifiy the overall structure of the code.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13711)
show more ...
|
| b9fbacaa | 06-Jan-2021 |
Dr. David von Oheimb |
apps/x509.c: Add -copy_extensions option, used when transforming x509 <-> req
Fixes #3638
Fixes #6481
Fixes #10458
Partly fixes #13708
Supersedes #9449
Reviewed-by:
apps/x509.c: Add -copy_extensions option, used when transforming x509 <-> req
Fixes #3638
Fixes #6481
Fixes #10458
Partly fixes #13708
Supersedes #9449
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13711)
show more ...
|
| 1d1d2312 | 06-Jan-2021 |
Dr. David von Oheimb |
80-test_ssl_old.t: Minor corrections: update name of test dir etc.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13711) |
| 03f4e3de | 06-Jan-2021 |
Dr. David von Oheimb |
apps.c: Clean up copy_extensions()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13711) |
| 2367238c | 06-Jan-2021 |
Dr. David von Oheimb |
X509_REQ_print_ex(): Correct indentation of extensions, which are attributes
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13711) |
| db6a47b1 | 06-Jan-2021 |
Dr. David von Oheimb |
X509_REQ_print_ex(): Replace weird 'a0:00' output on empty attributes by '(none)'
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13711) |
| 743975c7 | 05-Jan-2021 |
Dr. David von Oheimb |
constify X509_REQ_add_extensions() and X509_REQ_add_extensions_nid()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13711) |
| b24cfd6b | 19-Dec-2020 |
Dr. David von Oheimb |
apps/x509.c: Major code, user guidance, and documentation cleanup
This brings the options in help output and doc in reasonable order
and fixes various corner cases of option use combinat
apps/x509.c: Major code, user guidance, and documentation cleanup
This brings the options in help output and doc in reasonable order
and fixes various corner cases of option use combinations
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13711)
show more ...
|
| 7c5237e1 | 10-Dec-2020 |
Dr. David von Oheimb |
apps/x509.c: Take the -signkey arg as default pubkey with -new
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13711) |
| 49b36afb | 10-Dec-2020 |
Dr. David von Oheimb |
25-test_x509.t: Make test case w.r.t. self-issued cert run also without EC enabled
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13711) |
| abc4439c | 10-Dec-2020 |
Dr. David von Oheimb |
25-test_x509.t: Minor update: factor out path for test input files
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13711) |
| 8cadc517 | 10-Dec-2020 |
Dr. David von Oheimb |
25-test_x509.t: Minor update: do not anymore unlink test output files
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13711) |
| 63162e3d | 18-Jan-2021 |
Dr. David von Oheimb |
X509: Enable printing cert even with invalid validity times, saying 'Bad time value'
Add internal asn1_time_print_ex() that can return success on invalid time.
This is a workaround for i
X509: Enable printing cert even with invalid validity times, saying 'Bad time value'
Add internal asn1_time_print_ex() that can return success on invalid time.
This is a workaround for inconsistent error behavior of ASN1_TIME_print(),
used in X509_print_ex().
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13714)
show more ...
|
| b09aa550 | 18-Dec-2020 |
Dr. David von Oheimb |
ASN1_TIME_print() etc.: Improve doc and add comment on handling invalid time input
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13714) |
| 9495cfbc | 12-Dec-2020 |
Dr. David von Oheimb |
make various test CA certs RFC 5280 compliant w.r.t. X509 extensions
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13719) |
| 3d63348a | 19-Jan-2021 |
Jon Spillett |
apps/genpkey.c: Use PEM_read_bio_Parameters_ex when reading parameters
Needed to be able to set the libctx and propq.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom
apps/genpkey.c: Use PEM_read_bio_Parameters_ex when reading parameters
Needed to be able to set the libctx and propq.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13894)
show more ...
|
| ac6ea3a7 | 20-Aug-2020 |
Jon Spillett |
test-gendsa: Add test cases with FIPS provider
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/
test-gendsa: Add test cases with FIPS provider
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13894)
show more ...
|
