Permalink
Switch branches/tags
rsaref master-pre-reformat master-pre-auto-reformat master-post-reformat master-post-auto-reformat STATE_before_zlib STATE_after_zlib SSLeay_0_9_1b SSLeay_0_9_0b SSLeay_0_8_1b OpenSSL_1_1_1 OpenSSL_1_1_1-pre9 OpenSSL_1_1_1-pre8 OpenSSL_1_1_1-pre7 OpenSSL_1_1_1-pre6 OpenSSL_1_1_1-pre5 OpenSSL_1_1_1-pre4 OpenSSL_1_1_1-pre3 OpenSSL_1_1_1-pre2 OpenSSL_1_1_1-pre1 OpenSSL_1_1_0 OpenSSL_1_1_0i OpenSSL_1_1_0h OpenSSL_1_1_0g OpenSSL_1_1_0f OpenSSL_1_1_0e OpenSSL_1_1_0d OpenSSL_1_1_0c OpenSSL_1_1_0b OpenSSL_1_1_0a OpenSSL_1_1_0-pre6 OpenSSL_1_1_0-pre5 OpenSSL_1_1_0-pre4 OpenSSL_1_1_0-pre3 OpenSSL_1_1_0-pre2 OpenSSL_1_1_0-pre1 OpenSSL_1_0_2 OpenSSL_1_0_2p OpenSSL_1_0_2o OpenSSL_1_0_2n OpenSSL_1_0_2m OpenSSL_1_0_2l OpenSSL_1_0_2k OpenSSL_1_0_2j OpenSSL_1_0_2i OpenSSL_1_0_2h OpenSSL_1_0_2g OpenSSL_1_0_2f OpenSSL_1_0_2e OpenSSL_1_0_2d OpenSSL_1_0_2c OpenSSL_1_0_2b OpenSSL_1_0_2a OpenSSL_1_0_2-pre-reformat OpenSSL_1_0_2-pre-auto-reformat OpenSSL_1_0_2-post-reformat OpenSSL_1_0_2-post-auto-reformat OpenSSL_1_0_2-beta3 OpenSSL_1_0_2-beta2 OpenSSL_1_0_2-beta1 OpenSSL_1_0_1 OpenSSL_1_0_1u OpenSSL_1_0_1t OpenSSL_1_0_1s OpenSSL_1_0_1r OpenSSL_1_0_1q OpenSSL_1_0_1p OpenSSL_1_0_1o OpenSSL_1_0_1n OpenSSL_1_0_1m OpenSSL_1_0_1l OpenSSL_1_0_1k OpenSSL_1_0_1j OpenSSL_1_0_1i OpenSSL_1_0_1h OpenSSL_1_0_1g OpenSSL_1_0_1f OpenSSL_1_0_1e OpenSSL_1_0_1d OpenSSL_1_0_1c OpenSSL_1_0_1b OpenSSL_1_0_1a OpenSSL_1_0_1-pre-reformat OpenSSL_1_0_1-pre-auto-reformat OpenSSL_1_0_1-post-reformat OpenSSL_1_0_1-post-auto-reformat OpenSSL_1_0_1-beta3 OpenSSL_1_0_1-beta2 OpenSSL_1_0_1-beta1 OpenSSL_1_0_0 OpenSSL_1_0_0t OpenSSL_1_0_0s OpenSSL_1_0_0r OpenSSL_1_0_0q OpenSSL_1_0_0p OpenSSL_1_0_0o OpenSSL_1_0_0n OpenSSL_1_0_0m OpenSSL_1_0_0l OpenSSL_1_0_0k
Nothing to show
Commits on Sep 26, 2018
  1. Add missing cipher aliases to openssl(1)

    evqna authored and InfoHunter committed Sep 26, 2018
    And references to other manpages are also added in openssl(1).
    
    Signed-off-by: Antoine Salon <asalon@vmware.com>
    
    Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
    Reviewed-by: Paul Dale <paul.dale@oracle.com>
    (Merged from #7314)
  2. doc/man3/SSL_set_bio.pod: Fix wrong function name in return values se…

    james-callahan authored and InfoHunter committed Aug 23, 2018
    …ction
    
    Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
    Reviewed-by: Tim Hudson <tjh@openssl.org>
    (Merged from #7035)
Commits on Sep 25, 2018
  1. Update enc(1) examples to more recent ciphers and key derivation algo…

    evqna authored and romen committed Sep 17, 2018
    …rithms
    
    Signed-off-by: Antoine Salon <asalon@vmware.com>
    
    Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
    Reviewed-by: Paul Dale <paul.dale@oracle.com>
    (Merged from #7248)
  2. Fix no-tls1_2

    mattcaswell committed Sep 24, 2018
    Reviewed-by: Tim Hudson <tjh@openssl.org>
    (Merged from #7308)
  3. Fix no-psk

    mattcaswell committed Sep 24, 2018
    Reviewed-by: Tim Hudson <tjh@openssl.org>
    (Merged from #7306)
Commits on Sep 24, 2018
  1. Reduce stack usage in tls13_hkdf_expand

    bernd-edlinger committed Sep 23, 2018
    Reviewed-by: Paul Dale <paul.dale@oracle.com>
    Reviewed-by: Matt Caswell <matt@openssl.org>
    (Merged from #7297)
  2. Document OPENSSL_VERSION_TEXT macro

    danbev authored and levitte committed Sep 24, 2018
    This commit documents the OPENSSL_VERSION_TEXT which is currently
    missing in the man page.
    
    Reviewed-by: Tim Hudson <tjh@openssl.org>
    Reviewed-by: Richard Levitte <levitte@openssl.org>
    (Merged from #7301)
  3. Use secure_getenv(3) when available.

    paulidale committed Sep 24, 2018
    Change all calls to getenv() inside libcrypto to use a new wrapper function
    that use secure_getenv() if available and an issetugid then getenv if not.
    
    CPU processor override flags are unchanged.
    
    Extra checks for OPENSSL_issetugid() have been removed in favour of the
    safe getenv.
    
    Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
    (Merged from #7047)
Commits on Sep 23, 2018
  1. Create the .rnd file it it does not exist

    bernd-edlinger committed Sep 13, 2018
    It's a bit annoying, since some commands try to read a .rnd file,
    and print an error message if the file does not exist.
    
    But previously a .rnd file was created on exit, and that does no longer
    happen.
    
    Fixed by continuing in app_RAND_load_conf regardless of the error in
    RAND_load_file.
    
    If the random number generator is still not initalized on exit, the
    function RAND_write_file will fail and no .rnd file would be created.
    
    Remove RANDFILE from openssl.cnf
    
    Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
    (Merged from #7217)
Commits on Sep 21, 2018
  1. typo-fixes: miscellaneous typo fixes

    agnosticdev authored and mspncp committed Sep 20, 2018
    Reviewed-by: Richard Levitte <levitte@openssl.org>
    Reviewed-by: Paul Dale <paul.dale@oracle.com>
    Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
    (Merged from #7277)
  2. Fix the max psk len for TLSv1.3

    mattcaswell committed Sep 19, 2018
    If using an old style TLSv1.2 PSK callback then the maximum possible PSK
    len is PSK_MAX_PSK_LEN (256) - not 64.
    
    Fixes #7261
    
    Reviewed-by: Paul Dale <paul.dale@oracle.com>
    (Merged from #7267)
  3. Add a test for the certificate callback

    mattcaswell committed Sep 19, 2018
    Reviewed-by: Ben Kaduk <kaduk@mit.edu>
    (Merged from #7257)
  4. Delay setting the sig algs until after the cert_cb has been called

    mattcaswell committed Sep 18, 2018
    Otherwise the sig algs are reset if SSL_set_SSL_CTX() gets called.
    
    Fixes #7244
    
    Reviewed-by: Ben Kaduk <kaduk@mit.edu>
    (Merged from #7257)
  5. crypto/bn/asm/x86_64-gcc.c: remove unnecessary redefinition of BN_ULONG

    levitte committed Sep 21, 2018
    This module includes bn.h via other headers, so it picks up the
    definition from there and doesn't need to define them locally (any
    more?).  Worst case scenario, the redefinition may be different and
    cause all sorts of compile errors.
    
    Fixes #7227
    
    Reviewed-by: Tim Hudson <tjh@openssl.org>
    Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
    (Merged from #7287)
Commits on Sep 20, 2018
  1. /dev/crypto engine: add missing RC4 parameter

    levitte committed Sep 20, 2018
    Fixes #7280
    
    Reviewed-by: Matt Caswell <matt@openssl.org>
    Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
    (Merged from #7281)
  2. Add some missing ciphers in 'enc' document

    InfoHunter committed Sep 20, 2018
    The original issue is #7273 and this commit fixes part of that issue.
    
    [skip ci]
    
    Reviewed-by: Paul Dale <paul.dale@oracle.com>
    (Merged from #7275)
  3. util/mkdef.pl, util/add-depends.pl: don't lowercase file names

    levitte committed Sep 12, 2018
    It turns out to be detrimental on some file systems that may or may not
    be case sensitive (such as NTFS, which has a case sensitive mode).
    
    Fixes #7172
    
    Reviewed-by: Tim Hudson <tjh@openssl.org>
    (Merged from #7172)
  4. crypto/ui/ui_openssl.c: make sure to recognise ENXIO and EIO too

    levitte committed Sep 19, 2018
    These both indicate that the file descriptor we're trying to use as a
    terminal isn't, in fact, a terminal.
    
    Fixes #7271
    
    Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
    (Merged from #7272)
Commits on Sep 19, 2018
  1. Reset TLS 1.3 ciphers in SSL_CTX_set_ssl_version()

    kaduk committed Sep 19, 2018
    Historically SSL_CTX_set_ssl_version() has reset the cipher list
    to the default.  Splitting TLS 1.3 ciphers to be tracked separately
    caused a behavior change, in that TLS 1.3 cipher configuration was
    preserved across calls to SSL_CTX_set_ssl_version().  To restore commensurate
    behavior with the historical behavior, set the ciphersuites to the default as
    well as setting the cipher list to the default.
    
    Closes: #7226
    
    Reviewed-by: Matt Caswell <matt@openssl.org>
    (Merged from #7270)
  2. Add a GMAC demonstration program.

    paulidale committed Sep 18, 2018
    Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
    (Merged from #7249)
Commits on Sep 18, 2018
  1. ssl/ssl_ciph.c: make set_ciphersuites static

    mspncp committed Sep 18, 2018
    Fixes #7252
    
    Reviewed-by: Tim Hudson <tjh@openssl.org>
    Reviewed-by: Paul Dale <paul.dale@oracle.com>
    (Merged from #7253)
  2. Trivial test improvements

    tniessen authored and mspncp committed Sep 14, 2018
    This commit reuses a variable instead of reevaluating the expression
    and updates an outdated comment in the EVP test.
    
    Reviewed-by: Richard Levitte <levitte@openssl.org>
    Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
    (Merged from #7242)
Commits on Sep 17, 2018
  1. Fixed typos in hkdf documentation.

    davidmakepeace committed Sep 17, 2018
    Reviewed-by: Tim Hudson <tjh@openssl.org>
    Reviewed-by: Paul Dale <paul.dale@oracle.com>
    (Merged from #7236)
  2. Add missing include file.

    paulidale committed Sep 17, 2018
    Specifically, include e_os.h to pick up alloca definition for WIN32.
    
    Reviewed-by: Tim Hudson <tjh@openssl.org>
    (Merged from #7234)
Commits on Sep 16, 2018
  1. Add a compile time test to verify that openssl/rsa.h and complex.h can

    paulidale committed Sep 16, 2018
    coexist.
    
    Reviewed-by: Tim Hudson <tjh@openssl.org>
    Reviewed-by: Richard Levitte <levitte@openssl.org>
    (Merged from #7233)
  2. Use 'i' as parameter name not 'I'.

    paulidale committed Sep 16, 2018
    The latter causes problems when complex.h is #included.
    
    Reviewed-by: Tim Hudson <tjh@openssl.org>
    Reviewed-by: Richard Levitte <levitte@openssl.org>
    (Merged from #7233)
  3. Update RAND_DRBG.pod

    agnosticdev authored and romen committed Sep 14, 2018
    Fixed a minor typo while reading the documentation.
    I agree that this contribution is trivial can be freely used.
    
    CLA: trivial
    
    Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
    Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
    (Merged from #7221)
  4. Improve SSL_shutdown() documentation

    kroeckx committed Sep 11, 2018
    Reviewed-by: Ben Kaduk <kaduk@mit.edu>
    GH: #7188
Commits on Sep 15, 2018
  1. VMS: only use the high precision on VMS v8.4 and up

    levitte committed Sep 15, 2018
    It simply isn't available on older versions.
    
    Issue submitted by Mark Daniels
    
    Fixes #7229
    
    Reviewed-by: Tim Hudson <tjh@openssl.org>
    Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
    (Merged from #7230)
    
    (cherry picked from commit d6d6aa3)
Commits on Sep 14, 2018
  1. VMS libtestutil: look for lower case "main"

    levitte committed Sep 13, 2018
    Reviewed-by: Tim Hudson <tjh@openssl.org>
    (Merged from #7208)
  2. VMS: turn on name mangling for all our programs

    levitte committed Sep 13, 2018
    With the change to have separate object files by intent, VMS name
    mangling gets done differently.  While we previously had that for
    libraries only, we must now turn that on generally for our programs,
    because some of them depend in internal libraries where mangled names
    are all that there is.
    
    Dynamic modules are still built with non-mangled names, which is good
    enough to show that it's possible to build with our public libraries
    using our public headers.
    
    Reviewed-by: Tim Hudson <tjh@openssl.org>
    (Merged from #7208)
  3. VMS build: fix a misspelled 'bin_cflags' and a wrongly coded 'NO_INST_'

    levitte committed Sep 13, 2018
    Reviewed-by: Tim Hudson <tjh@openssl.org>
    (Merged from #7208)
Commits on Sep 13, 2018
  1. Make some return checks consistent with others

    InfoHunter committed Sep 13, 2018
    Reviewed-by: Richard Levitte <levitte@openssl.org>
    Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
    (Merged from #7209)
  2. Don't allow -early_data with other options where it doesn't work

    mattcaswell committed Sep 12, 2018
    -early_data is not compatible with -www, -WWW, -HTTP or -rev.
    
    Fixes #7200
    
    Reviewed-by: Tim Hudson <tjh@openssl.org>
    (Merged from #7206)
  3. Add an explicit cast to time_t

    mattcaswell committed Sep 12, 2018
    Caused a compilation failure in some environments
    
    Fixes #7204
    
    Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
    (Merged from #7205)