aboutsummaryrefslogtreecommitdiffstats
path: root/NEWS.md
Commit message (Collapse)AuthorAgeFilesLines
* Update CHANGES.md and NEWS.md for the upcoming 3.2 releaseTomas Mraz2023-08-231-3/+18
| | | | | | Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21802)
* Add CHANGES.md and NEWS.md entries for CVE-2023-3817Tomas Mraz2023-07-271-0/+2
| | | | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/21550)
* Update CHANGES/NEWS for CVE-2023-3446Matt Caswell2023-07-191-0/+2
| | | | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21451)
* Add CHANGES.md and NEWS.md entries for CVE-2023-2975Tomas Mraz2023-07-141-4/+6
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21384)
* Add a NEWS entry covering the FIPS related changes.Pauli2023-07-141-1/+8
| | | | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/21386) (cherry picked from commit dfc4b6c93b99f6666cd958c5643a24bb6edff7b7)
* Enable QUIC by defaultMatt Caswell2023-07-061-0/+1
| | | | | | | | | | | | | | | Ensure builds enable QUIC without explicitly having to ask for it. To disable QUIC pass "no-quic" to Configure. As a result we can remove all use of "enable-quic" from the various CI runs. We also add a CHANGES and NEWS entry for QUIC support. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21332)
* Fix typos found by codespellDimitri Papadopoulos2023-06-151-1/+1
| | | | | | | | Typos in doc/man* will be fixed in a different commit. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20910)
* Restrict the size of OBJECT IDENTIFIERs that OBJ_obj2txt will translateRichard Levitte2023-06-061-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | OBJ_obj2txt() would translate any size OBJECT IDENTIFIER to canonical numeric text form. For gigantic sub-identifiers, this would take a very long time, the time complexity being O(n^2) where n is the size of that sub-identifier. To mitigate this, a restriction on the size that OBJ_obj2txt() will translate to canonical numeric text form is added, based on RFC 2578 (STD 58), which says this: > 3.5. OBJECT IDENTIFIER values > > An OBJECT IDENTIFIER value is an ordered list of non-negative numbers. > For the SMIv2, each number in the list is referred to as a sub-identifier, > there are at most 128 sub-identifiers in a value, and each sub-identifier > has a maximum value of 2^32-1 (4294967295 decimal). Fixes otc/security#96 Fixes CVE-2023-2650 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
* aesv8-armx.pl: Avoid buffer overrread in AES-XTS decryptionTomas Mraz2023-04-201-0/+3
| | | | | | | | | | | | Original author: Nevine Ebeid (Amazon) Fixes: CVE-2023-1255 The buffer overread happens on decrypts of 4 mod 5 sizes. Unless the memory just after the buffer is unmapped this is harmless. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/20759)
* RFC7250 (RPK) supportTodd Short2023-03-281-0/+1
| | | | | | | | | | | | | | Add support for the RFC7250 certificate-type extensions. Alows the use of only private keys for connection (i.e. certs not needed). Add APIs Add unit tests Add documentation Add s_client/s_server support Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18185)
* Fix documentation of X509_VERIFY_PARAM_add0_policy()Tomas Mraz2023-03-281-0/+2
| | | | | | | | | | The function was incorrectly documented as enabling policy checking. Fixes: CVE-2023-0466 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20561)
* Updated CHANGES.md and NEWS.md for CVE-2023-0465Matt Caswell2023-03-281-1/+9
| | | | | | | | | | Also updated the entries for CVE-2023-0464 Related-to: CVE-2023-0465 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20585)
* first cut at sigalg loadingMichael Baentsch2023-02-241-0/+3
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19312)
* Correct a copy&paste error in a link URLTomas Mraz2023-02-111-1/+1
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20228)
* Sync CHANGES.md and NEWS.md with 3.0.8 releaseTomas Mraz2023-02-111-4/+26
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20228)
* Sync CHANGES.md and NEWS.md with 3.1 releaseTomas Mraz2022-12-051-1/+12
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19808)
* Update CHANGES.md and NEWS.md from 3.0.7Tomas Mraz2022-11-221-0/+7
| | | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19565)
* Add support for compressed certificates (RFC8879)Todd Short2022-10-181-0/+2
| | | | | | | | | | * Compressed Certificate extension (server/client) * Server certificates (send/receive) * Client certificate (send/receive) Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18186)
* Update CHANGES.md and NEWS.md for new releaseMatt Caswell2022-10-121-0/+12
| | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19379)
* Fix various typos, repeated words, align some spelling to LDP.FdaSilvaYY2022-10-121-2/+2
| | | | | | | | | | | | Partially revamped from #16712 - fall thru -> fall through - time stamp -> timestamp - host name -> hostname - ipv6 -> IPv6 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19059)
* Change all references to OpenSSL 3.1 to OpenSSL 3.2 in the master branchRichard Levitte2022-10-071-3/+3
| | | | | | | | | | 3.1 has been decided to be a FIPS 140-3 release, springing from the branch openssl-3.0, and the master branch to continue with the development of OpenSSL 3.2. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19350)
* Update CHANGES.md and NEWS.md for new releaseMatt Caswell2022-06-211-1/+7
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Release: yes
* tls: ban SSL3, TLS1, TLS1.1 and DTLS1.0 at security level one and abovePauli2022-05-081-0/+1
| | | | | | | | | | This is in line with the NEWS entry (erroneously) announcing such for 3.0. Fixes #18194 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/18236)
* Correct NEWS entry about required security level for old versions of TLS, ↵Pauli2022-05-061-1/+2
| | | | | | | | | | | | | | | | DTLS and SSL The entry was incorrect because suites using RSA key exchange without SHA1 were permitted at security level 1. Partial fix for #18194 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/18234) (cherry picked from commit 3226a37a4875567f2bf49aa44a727bcb67bb7dcd)
* Update CHANGES and NEWS for new releaseMatt Caswell2022-05-031-0/+11
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
* Update CHANGES/NEWS for new releaseMatt Caswell2022-03-151-0/+5
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Add TFO support to socket BIO and s_client/s_serverTodd Short2022-03-101-0/+2
| | | | | | | | | | | Supports Linux, MacOS and FreeBSD Disabled by default, enabled via `enabled-tfo` Some tests Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8692)
* NEWS.md: Add missing empty lineTomas Mraz2021-12-141-0/+1
| | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17274)
* Update CHANGES and NEWS for new releaseMatt Caswell2021-12-141-3/+9
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* NEWS and CHANGES are updated about switching to utf8Dmitry Belyavskiy2021-09-211-2/+3
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16583)
* Last minute NEWS and CHANGES entries for the 3.0 releaseTomas Mraz2021-09-071-3/+5
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16533)
* Mention the concept of providers in NEWS.md and CHANGES.mdRichard Levitte2021-09-071-0/+2
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16528) (cherry picked from commit 4c4ab4d7efdf8c9b49c9838742a0fcd7321d88ff)
* Added a NEWS entry about the enhanced 'openssl list'Richard Levitte2021-09-071-0/+1
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16522) (cherry picked from commit f43c1241c28526588f59e56c7f56422e0d23f411)
* Add missing OSSL_DECODER entry in NEWS.md and CHANGES.mdRichard Levitte2021-09-071-0/+1
| | | | | | | | | The text in CHANGES.md got fleshed out a bit more as well. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16522) (cherry picked from commit d1a786e99b162793a8f4a70fe12d2c4e6f5ee608)
* Prepare for 3.1Richard Levitte2021-09-031-0/+8
| | | | | | | | | Because we now have an openssl-3.0 branch, master is moved to be the next potential minor version. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16484)
* news/changes: fix formatting nitsPauli2021-08-251-0/+1
| | | | | | | | The news/changes files are being nitted causing CI failure. This addresses the issues. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16413)
* Updates CHANGES.md and NEWS.md for new 1.1.1 releaseMatt Caswell2021-08-241-1/+5
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Prepare for 3.0 beta 3Matt Caswell2021-07-291-1/+1
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Prepare for release of 3.0 beta 2openssl-3.0.0-beta2Matt Caswell2021-07-291-1/+1
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Prepare for 3.0 beta 2Matt Caswell2021-06-171-1/+1
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Prepare for release of 3.0 beta 1openssl-3.0.0-beta1Matt Caswell2021-06-171-1/+1
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* new: update NEWS.md so it is correct.Pauli2021-06-161-1/+1
| | | | | | | | | | | | | - Removing the deprecation note for public key commands. - Fixing the note about ECX and SHAKE in the FIPS provider. - Noting which KDFs are included. - Noting which MACs are included. Fixes #15743 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15746)
* new: update NEWS.md so it is correct.Pauli2021-06-161-9/+7
| | | | | | | | | | | | | - Removing the deprecation note for public key commands. - Fixing the note about ECX and SHAKE in the FIPS provider. - Noting which KDFs are included. - Noting which MACs are included. Fixes #15743 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15746)
* Prepare for 3.0 beta 1Matt Caswell2021-05-201-1/+1
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Prepare for release of 3.0 alpha 17openssl-3.0.0-alpha17Matt Caswell2021-05-201-1/+1
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Add migration guide for 3.0Shane Lontis2021-05-201-0/+1
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14710)
* Add a CHANGES entry for fully pluggable groupsMatt Caswell2021-05-171-0/+1
| | | | | | | | | Fixes #12283 Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/15282)
* HTTP client API: Generalize to arbitrary request and response contentsDr. David von Oheimb2021-05-141-2/+4
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15053)
* Add convenience functions and macros for asymmetric key generationDr. David von Oheimb2021-05-111-0/+1
| | | | | | | | | Add EVP_PKEY_gen(), EVP_PKEY_Q_gen(), EVP_RSA_gen(), and EVP_EC_gen(). Also export auxiliary function OSSL_EC_curve_nid2name() and improve deprecation info on RSA and EC key generation/management functions. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14695)
* Prepare for 3.0 alpha 17Matt Caswell2021-05-061-1/+1
| | | | Reviewed-by: Tomas Mraz <tomas@openssl.org>
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-19 01:37:25 +0000