| Age | Commit message (Collapse) | Author |
|---|
|
CLA:trivial
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25338)
(cherry picked from commit 6fd9bc65689cf62854797927121a580bed1565c4)
|
|
Fixes #8310: Document that the number of authenticated bytes returned by EVP_CipherUpdate() varies with the cipher used. Mention that stream ciphers like ChaCha20 can handle 1 byte at a time, while OCB mode requires processing data one block at a time. Ensure it's clear that passing unpadded data in one call is safe.
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24961)
(cherry picked from commit d15077d336e4b6144f8a5fdb0c1bb58ca9d3552f)
|
|
Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
|
|
CLA: trivial
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24215)
(cherry picked from commit e77eb1dc0be75c98c53c932c861dd52e8896cc13)
|
|
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
(Merged from https://github.com/openssl/openssl/pull/24950)
(cherry picked from commit 4b86dbb596c179b519dfb7ceb7e1d223556442c5)
|
|
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25073)
(cherry picked from commit d0a49eea4a8bb50f7d2269bac390a0ce2cddeb1f)
|
|
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/24927)
(cherry picked from commit a4fd94851261c55f9ad020bf22d4f29bda0b58be)
(cherry picked from commit 12c38af865a0a60c98f6b63de5be4b8ce2d1ace5)
(cherry picked from commit 607e186d070df2bc8c5abafbc949e8ef568614bd)
|
|
Fixed #7310: Enhanced existing documentation for password input methods
- Refined descriptions for password input methods: `file:`, `fd:`, and `stdin`
- Enhanced readability and consistency in the instructions
- Clarified handling of multiple lines in read files.
- Clarified that `fd:` is not supported on Windows.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24878)
(cherry picked from commit 0d4663ca6a91eb5eeb7bbe24a3b5a7cbee9e0fad)
|
|
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/24819)
(cherry picked from commit cf3d65b8664f11904ad34f21fe78a6694f23ae62)
|
|
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/24819)
(cherry picked from commit 45611a8a8962c06e1d7ba0e5c00974da17e9c37a)
|
|
Fixes #7941: Update the `EVP_EncryptUpdate` documentation to specify that in-place encryption is guaranteed only if the context does not contain incomplete data from previous operations.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24887)
(cherry picked from commit f692ceeedcd104407b7672c67d62d6f86f8ac182)
|
|
The "max_request" string is defined via the OSSL_RAND_PARAM_MAX_REQUEST
macro.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24863)
(cherry picked from commit 5c6975bd44dce4bb342b7bc130de5aaefbe2c35b)
|
|
The introduction of a deprecation notice between the header include
line and the function prototypes left the inclusion in the previous
block. Move the #include to after the deprecation notice to ensure
that the headers is included together with the corresponding MDX_y*
functions.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24864)
(cherry picked from commit b33f2697d953ac5dbadbe99d4110fe907b215ad8)
|
|
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/24858)
(cherry picked from commit e8c7febc8f1b0ef9e5b62b0944748d2830b1a0b4)
|
|
Add documentation for the internal flags `EVP_MD_CTX_FLAG_CLEANED` and
`EVP_MD_CTX_FLAG_REUSE`, explicitly stating that these flags are for
internal use only and must not be used in user code.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24829)
(cherry picked from commit b74646b627ade4ff801914d45a7733af2ebf4b5f)
|
|
Fixes #5537
Added a note that the error check for `BN_mask_bits()` depends
on the internal representation that depends on the platform's word size.
Included a reference to the `BN_num_bits()` function for precise bit checking.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24812)
(cherry picked from commit 2a45839778955ffcab01918f10544d46e42f9a5b)
|
|
Mention that supported curves (aka groups) include named EC parameters
as well as X25519 and X448 or FFDHE groups.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24774)
(cherry picked from commit 775188702574dcd6cc53b7a9d3501a639c146121)
|
|
Remove superfluous "the" from sentence.
CLA: trivial
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24790)
(cherry picked from commit 59c415a45f47cb34147427e46c78d945919b1da2)
|
|
Addressing issue (#24517):
Updated the example in CRYPTO_THREAD_run_once.pod to reflect that an unlock call should not be made if a write_lock failed.
Updated BIO_lookup_ex in bio_addr.c and ossl_engine_table_select in eng_table.c to not call unlock if the lock failed.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/24779)
(cherry picked from commit 3f4da93678497fe64d262d03c388932f7ecfe74e)
|
|
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18783)
(cherry picked from commit b1e7bc5bdfc73ef841afa30ac321975b0d63219a)
|
|
Explicitly documents that *_free(NULL) does nothing.
Fixes two cases where that wasn't true.
Fixes #24675.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Sasa Nedvedicky <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24735)
(cherry picked from commit 981d129a5609ee2e031367c34c67a9f61a5bfd66)
|
|
We clarify the input preconditions and the expected behaviour in the event
of no overlap.
Follow on from CVE-2024-5535
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24718)
|
|
Bulk editing had history wrongly specify current functions as deprecated,
among other small errors.
Fixes #24678
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24680)
(cherry picked from commit b23cd39f0a4e3cfe142694402a5246a498a3574f)
|
|
* "shortcuts the TLS" -> "shortcuts the TLS handshake"
* "don't occur" -> "doesn't occur"
* "storing client certificate" -> "storing the client certificate"
* "an all other" -> "and all other"
CLA: trivial
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24674)
(cherry picked from commit e2a4d68a03b8a3576b0fe917a602b3a283d105a5)
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24056)
(cherry picked from commit d5412c94a399d3923b2dec2431ead60288d857c8)
|
|
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24662)
(cherry picked from commit f159d861e2761ffc6421b0486fdd482f37215f9f)
|
|
- Free objects returned from PEM read
- Free objects returned from d2i_*
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24478)
(cherry picked from commit d4700c0b237c05315e3bf14fc416abcbdfe51ff2)
|
|
All public releases have the information of the new PGP key in
doc/fingerprints.txt, so it is finally time to drop the old.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24563)
(cherry picked from commit a9fa07f47cea6a43d5ac4a3aa336ab34756c2e9b)
|
|
Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24520)
(cherry picked from commit 0c73d65eeae9086c37149f4a512946040c8c2af3)
|
|
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24435)
(cherry picked from commit a73e07dbb7df4795c4ec537f19516b541fb8dd3c)
|
|
Remove duplicate entries for -nocerts and -noattr
CLA:trivial
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24052)
(cherry picked from commit 5a0c92cf093b4f0aa65f4fdbff88d7bdc83491f3)
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24375)
(cherry picked from commit 987baef4fa54d268d7eaa93837a56398409698a1)
|
|
This fixes a couple of copy and paste error from EVP_MD_CTX_dup,
where: EVP_CIPHER_CTX_dup is useful to avoid multiple
EVP_CIPHER_fetch (instead of EVP_MD_fetch) and returns
EVP_CIPHER_CTX (instead of EVP_MD_CTX).
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/24376)
(cherry picked from commit 7860bca22c404cfd763ae2648d708d5cc4df6c2f)
|
|
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24078)
|
|
Previously the documentation for `SSL_CIPHER_description` said:
> If buf is provided, it must be at least 128 bytes, otherwise a buffer
> will be allocated using OPENSSL_malloc().
In reality, `OPENSSL_malloc` is only invoked if the provided `buf`
argument is `NULL`. If the `buf` arg is not `NULL`, but smaller than
128 bytes, the function returns `NULL` without attempting to allocate
a new buffer for the description.
This commit adjusts the documentation to better describe the implemented
behaviour.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23921)
(cherry picked from commit 6a4a714045415be6720f4165c4d70a0ff229a26a)
|
|
Fixes #23854
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24041)
(cherry picked from commit 6594baf6457c64f6fce3ec60cb2617f75d98d159)
|
|
This will be used for future releases
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24063)
(cherry picked from commit 4ffef97d3755a0425d5d72680daebfa07383b05c)
|
|
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/24049)
(cherry picked from commit 27005cecc75ec7a22a673d57fc35a11dea30ac0a)
|
|
Signed-off-by: Hubert Kario <hkario@redhat.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23986)
(cherry picked from commit 9b87c5a3ffa1ca233be96dd0bce812c04bad53fe)
|
|
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/24024)
(cherry picked from commit a16f2e7651b22ee992bb0c279e25164b519c1e80)
|
|
They take non-const STACK_OF(TYPE)* argument.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/24023)
(cherry picked from commit e898c367312c3ab6eb5eaac9b4be768f0d2e4b0e)
|
|
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23699)
(cherry picked from commit 2410cb42e62c3be69dcf1aad1bdf1eb0233b670f)
|
|
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/23919)
(cherry picked from commit 693c479a2ca671e0dfca8d1ad14e789169b982ff)
|
|
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23913)
(cherry picked from commit f1c14f1853d2df94e339208eed1df823c2238389)
|
|
In the man page for SSL_add_dir_cert_subjects_to_stack(), the functions
returning int have undocumented return values.
Fixes #23171
Signed-off-by: Shakti Shah <shaktishah33@gmail.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23433)
(cherry picked from commit 9f3a7ca2cfff948b21f8fdbe92069b3eea1c01fa)
|
|
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23805)
(cherry picked from commit 52a75f4088f2b2c59721152d9ec6ecf4d17c7e43)
|
|
The EVP_DigestInit(3) manual page contains wrong name for the define
macro for the OSSL_DIGEST_PARAM_MICALG param.
Fixes #23580
CLA: trivial
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23615)
(cherry picked from commit 5e5c256bbad572cf8d8d9ef9127722ca028d2704)
|
|
https://www.openssl.org/docs/man3.1/man3/EVP_KDF_CTX.html
The pages for 3.0/3.1/master seem to have the following
EVP_KDF_CTX *EVP_KDF_CTX_new(const EVP_KDF *kdf);
which does not match with the actual header which is
EVP_KDF_CTX *EVP_KDF_CTX_new(EVP_KDF *kdf);
Fixes #23532
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23541)
(cherry picked from commit 4f6133f9db2b9b7ce5e59d8b8ec38202a154c524)
|
|
Only modify doc/man* in the openssl-3.1 branch.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23544)
|
