- 20 5月, 2021 2 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Shane Lontis 提交于
Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14710)
-
- 17 5月, 2021 2 次提交
-
-
由 Rich Salz 提交于
Add -client_renegotiation flag support. The -client_renegotiation flag is equivalent to SSL_OP_ALLOW_CLIENT_RENEGOTIATION. Add support to the app, the config code, and the documentation. Add SSL_OP_ALLOW_CLIENT_RENEGOTIATION to the SSL tests. We don't need to always enable it, but there are so many tests so this is the easiest thing to do. Add a test where client tries to renegotiate and it fails as expected. Add a test where server tries to renegotiate and it succeeds. The second test is supported by a new flag, -immediate_renegotiation, which is ignored on the client. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15184)
-
由 Matt Caswell 提交于
Fixes #12283 Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/15282)
-
- 14 5月, 2021 1 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15230)
-
- 12 5月, 2021 1 次提交
-
-
由 Dr. David von Oheimb 提交于
This is a minimal version of pull request #15053 including all the proposed improvements to the HTTP client API and its documentation but only those code adaptations strictly needed for it. The proposed new features include * support for persistent connections (keep-alive), * generalization to arbitrary request and response types, and * support for streaming BIOs for request and response data. The related API changes include: * Split the monolithic OSSL_HTTP_transfer() into OSSL_HTTP_open(), OSSL_HTTP_set_request(), a lean OSSL_HTTP_transfer(), and OSSL_HTTP_close(). * Split the timeout functionality accordingly and improve default behavior. * Extract part of OSSL_HTTP_REQ_CTX_new() to OSSL_HTTP_REQ_CTX_set_expected(). Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15147)
-
- 11 5月, 2021 1 次提交
-
-
由 Dr. David von Oheimb 提交于
Add EVP_PKEY_gen(), EVP_PKEY_Q_gen(), EVP_RSA_gen(), and EVP_EC_gen(). Also export auxiliary function OSSL_EC_curve_nid2name() and improve deprecation info on RSA and EC key generation/management functions. Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14695)
-
- 08 5月, 2021 2 次提交
-
-
由 Dr. David von Oheimb 提交于
Also add hints to SHA256_Init.pod and CHANGES.md how to replace SHA256() etc. Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14741)
-
由 Dr. David von Oheimb 提交于
This helps compensating for deprecated functions such as HMAC() and reduces clutter in the crypto lib, apps, and tests. Also fixes memory leaks in generate_cookie_callback() of apps/lib/s_cb.c. and replaces 'B<...>' by 'I<...>' where appropriate in HMAC.pod Partially fixes #14628. Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14664)
-
- 07 5月, 2021 1 次提交
-
-
由 Pauli 提交于
Fixes #13220 Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15168)
-
- 06 5月, 2021 4 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org>
-
由 Tomas Mraz 提交于
Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15100)
-
由 Dr. David von Oheimb 提交于
This is done by making use of OCSP_REQ_CTX_nbio_d2i(). Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15131)
-
- 05 5月, 2021 4 次提交
-
-
由 Benjamin Kaduk 提交于
Previously we would set SSL_OP_LEGACY_SERVER_CONNECT by default in SSL_CTX_new(), to allow connections to legacy servers that did not implement RFC 5746. It has been more than a decade since RFC 5746 was published, so there has been plenty of time for implmentation support to roll out. Change the default behavior to be to require peers to support secure renegotiation. Existing applications that already cleared SSL_OP_LEGACY_SERVER_CONNECT will see no behavior change, as re-clearing the flag is just a little bit of redundant work. The old behavior is still available by explicitly setting the flag in the application. Also remove SSL_OP_LEGACY_SERVER_CONNECT from SSL_OP_ALL, for similar reasons. Document the behavior change in CHANGES.md, and update the SSL_CTX_set_options() and SSL_CONF_cmd manuals to reflect the change in default behavior. Fixes: 14848 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15127)
-
由 Rich Salz 提交于
Also add a negative test, and fix typo's. Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15090)
-
由 Rich Salz 提交于
It was a mistake to allow relative paths for include files (just like root shouldn't have "." in its PATH), but we probably can't change it now. Add a new pragma "abspath" that someone can put in the system-wide config file to require absolute paths. Also update the config documentation to better explain how file inclusion works. Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15090)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15103)
-
- 30 4月, 2021 3 次提交
-
-
由 Tomas Mraz 提交于
The EVP_PKEY_asn1_set_public and EVP_PKEY_meth_set_copy have some API breaking constification changes in 3.0. Fixes #9296 Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15068)
-
由 Pauli 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14434)
-
由 Jon Spillett 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14434)
-
- 29 4月, 2021 1 次提交
-
-
由 Dr. Matthias St. Pierre 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13684)
-
- 27 4月, 2021 2 次提交
-
-
由 Shane Lontis 提交于
The replacement functions EVP_PKEY_eq() and EVP_PKEY_parameters_eq() already exist. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NDavid von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/14997)
-
由 Shane Lontis 提交于
Fix dh_rfc5114 option in genpkey. Fixes #14145 Fixes #13956 Fixes #13952 Fixes #13871 Fixes #14054 Fixes #14444 Updated documentation for app to indicate what options are available for DH and DHX keys. DH and DHX now have different keymanager gen_set_params() methods. Added CHANGES entry to indicate the breaking change. Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14883)
-
- 22 4月, 2021 3 次提交
-
-
由 Hubert Kario 提交于
Raja added support for FFDHE in TLS 1.3 in commits 9aaecbfc, 8e63900a, dfa1f547 in 2019, reflect this in the changelog. Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/14972)
-
由 Matt Caswell 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org>
-
- 19 4月, 2021 1 次提交
-
-
由 Matt Caswell 提交于
We now use the MANSUFFIX "ossl" by default. Fixes #14318 Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14847)
-
- 15 4月, 2021 1 次提交
-
-
由 Pauli 提交于
Providers do not distinguish between invalid and other errors via the return code. Fixes #14442 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14864)
-
- 13 4月, 2021 1 次提交
-
-
由 Pauli 提交于
These functions are deprecated with no replacement specified: DH_clear_flags, DH_get_1024_160, DH_get_2048_224, DH_get_2048_256, DH_set_flags, DH_test_flags, DSA_clear_flags, DSA_dup_DH, DSAparams_dup, DSA_set_flags, DSA_test_flags, RSA_blinding_off, RSA_blinding_on, RSA_clear_flags, RSA_get_version, RSAPrivateKey_dup, RSAPublicKey_dup, RSA_set_flags, RSA_setup_blinding and RSA_test_flags. The flags that are going are: DH_FLAG_CACHE_MONT_P, DSA_FLAG_CACHE_MONT_P, RSA_FLAG_BLINDING, RSA_FLAG_CACHE_PRIVATE, RSA_FLAG_CACHE_PUBLIC, RSA_FLAG_EXT_PKEY, RSA_FLAG_NO_BLINDING, RSA_FLAG_THREAD_SAFE and RSA_METHOD_FLAG_NO_CHECK. These two flags are "readable" via EVP_is_a(). They are not writable: DH_FLAG_TYPE_DHX and DH_FLAG_TYPE_DH. Fixes #14616 Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14824)
-
- 12 4月, 2021 2 次提交
-
-
由 Matt Caswell 提交于
OTC recently voted that EVP_PKEY types will be immutable in 3.0. This means that EVP_PKEY_set_alias_type can no longer work and should be removed entirely (applications will need to be rewritten not to use it). It was primarily used for SM2 which no longer needs this call. Applications should generate SM2 keys directly (without going via an EC key first), or otherwise when loading keys they should automatically be detected as SM2 keys. Fixes #14379 Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14803)
-
由 Matt Caswell 提交于
KTLS support has been changed to be off by default, and configuration is via a single "option" rather two "modes". Documentation is updated accordingly. Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14799)
-
- 08 4月, 2021 2 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org>
-
- 06 4月, 2021 1 次提交
-
-
由 Tomas Mraz 提交于
Improve the ossl_rsa_check_key() to prevent non-signature operations with PSS keys. Do not invoke the EVP_PKEY controls for CMS and PKCS#7 anymore as they are not needed anymore and deprecate them. Fixes #14276 Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/14760)
-
- 01 4月, 2021 2 次提交
-
-
由 Shane Lontis 提交于
Fixes #14401 Note that this moves the public key check out of DH compute_key() since key validation does not belong inside this primitive.. The check has been moved to the EVP_PKEY_derive_set_peer() function so that it generally applies to all exchange operations.. Use EVP_PKEY_derive_set_peer_ex() to disable this behaviour. Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14717)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14630)
-
- 25 3月, 2021 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org>
-
- 22 3月, 2021 1 次提交
-
-
由 Andrey Matyukov 提交于
with AVX512_IFMA + AVX512_VL instructions, primarily for RSA CRT private key operations. It uses 256-bit registers to avoid CPU frequency scaling issues. The performance speedup for RSA2k signature on ICL is ~2x. Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13750)
-
- 18 3月, 2021 1 次提交
-
-
由 Dr. David von Oheimb 提交于
Also constify related CMS/PKCS7 functions and improve error codes thrown. Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14503)
-