- May 06, 2021
-
-
Matt Caswell authored
Reviewed-by: Tomas Mraz <tomas@openssl.org>
-
Matt Caswell authored
Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15181)
-
Matt Caswell authored
Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15177)
-
Tomas Mraz authored
Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15100)
-
Tomas Mraz authored
Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15100)
-
Tomas Mraz authored
Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15100)
-
Tomas Mraz authored
Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15100)
-
Tomas Mraz authored
Add OSSL_STORE_PARAM_INPUT_TYPE and make it possible to be set when OSSL_STORE_open_ex() or OSSL_STORE_attach() is called. The input type format is enforced only in case the file type file store is used. By default we use FORMAT_UNDEF meaning the input type is not enforced. Fixes #14569 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15100)
-
EasySec authored
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4486)
-
EasySec authored
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4486)
-
Pauli authored
The code path shouldn't occur in our code but could in an application. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/15128)
-
- May 05, 2021
-
-
Rich Salz authored
Removed error codes, and the mention of the functions. This removal is already documented in the CHANGES doc. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15140)
-
Dr. David von Oheimb authored
This is done by making use of OCSP_REQ_CTX_nbio_d2i(). Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15131)
-
Dr. David von Oheimb authored
Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15111)
-
Dr. David von Oheimb authored
Also remove redundant opt_name() and make names of opt_{i,u}ntmax() consistent. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15111)
-
Benjamin Kaduk authored
The "bad DTLS" tests run into trouble due to the special behavior for that "bad" version, and the SSL record tests need to set the -legacy_server_connect flag to allow an SSLv2 ClientHello to work against any TLS server (since SSLv2 ClientHello messages cannot carry extensions as would be needed in order to negotiate the use of the renegitiation_info extension). Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15127)
-
Benjamin Kaduk authored
This option is only useful for the client, but it was previously marked as only being applicable for servers. Correct the entry to properly mark it as client-only, and update the s_server/s_client manuals accordingly. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15127)
-
Benjamin Kaduk authored
Previously we would set SSL_OP_LEGACY_SERVER_CONNECT by default in SSL_CTX_new(), to allow connections to legacy servers that did not implement RFC 5746. It has been more than a decade since RFC 5746 was published, so there has been plenty of time for implmentation support to roll out. Change the default behavior to be to require peers to support secure renegotiation. Existing applications that already cleared SSL_OP_LEGACY_SERVER_CONNECT will see no behavior change, as re-clearing the flag is just a little bit of redundant work. The old behavior is still available by explicitly setting the flag in the application. Also remove SSL_OP_LEGACY_SERVER_CONNECT from SSL_OP_ALL, for similar reasons. Document the behavior change in CHANGES.md, and update the SSL_CTX_set_options() and SSL_CONF_cmd manuals to reflect the change in default behavior. Fixes: 14848 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15127)
-
Tomas Mraz authored
Fixes #15137 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15138)
-
Pauli authored
Fixes #14140 Fixes #13232 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15061)
-
Pauli authored
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15061)
-
Pauli authored
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15061)
-
Pauli authored
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15061)
-
Rich Salz authored
Also add a negative test, and fix typo's. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15090)
-
Rich Salz authored
It was a mistake to allow relative paths for include files (just like root shouldn't have "." in its PATH), but we probably can't change it now. Add a new pragma "abspath" that someone can put in the system-wide config file to require absolute paths. Also update the config documentation to better explain how file inclusion works. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15090)
-
Rich Salz authored
Fix other wording, too. Fixes: #13151 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15038)
-
Dr. David von Oheimb authored
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14413)
-
Dr. David von Oheimb authored
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14413)
-
Dr. David von Oheimb authored
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14413)
-
Dr. David von Oheimb authored
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14413)
-
Rich Salz authored
Use official (first) names for wrapping algorithms. Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14182)
-
Shane Lontis authored
Setting an output length higher than 8191 was causing a buffer overflow. This was reported by Acumen (FIPS lab). The max output size has increased to ~2M and it now checks this during set_parameters. The encoder related functions now pass in the maximum size of the output buffer so they can correctly check their size. kmac_bytepad_encode_key() calls bytepad twice in order to calculate and check the length before encoding. Note that right_encode() is currently only used in one place but this may change if other algorithms are supported (such as TupleHash). Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15106)
-
- May 04, 2021
-
-
Tomas Mraz authored
The maximum (theoretical) block size of SHA3 is 200 bytes. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15125)
-
Richard Levitte authored
Fixes #11165 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15073)
-
Dr. David von Oheimb authored
Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15104)
-
Dr. David von Oheimb authored
Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15120)
-
Dr. David von Oheimb authored
Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15029)
-
Dr. David von Oheimb authored
Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15029)
-
Dr. David von Oheimb authored
Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15029)
-
Dr. David von Oheimb authored
Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15029)
-