2
0
mirror of https://github.com/openssl/openssl.git synced 2024-12-15 06:01:37 +08:00
Commit Graph

144 Commits

Author SHA1 Message Date
Pauli
ed524da19a add news and changes entries for the internal jitter source in FIPS
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25498)
2024-10-09 13:53:10 +11:00
Tomas Mraz
5c82588173 CHANGES.md, NEWS.md: Add 3.5 sections
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25393)
2024-09-06 16:14:52 +02:00
Tomas Mraz
314c327b14 NEWS.md: Add missing link to 3.4 section
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25393)
2024-09-06 16:14:52 +02:00
Tomas Mraz
5472786907 Prepare for 3.4 beta 1
Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
2024-09-05 09:38:19 +02:00
Tomas Mraz
2648f68f4c Prepare for release of 3.4 alpha 1
Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
2024-09-05 09:37:44 +02:00
Tomas Mraz
03b22b4d73 Add CVE-2024-5535 to CHANGES and NEWS
Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
(cherry picked from commit abcb0f83d060eb816503a6a36959ce8498a24111)
2024-09-03 21:06:19 +02:00
Viktor Dukhovni
ca979e854b Updated CHANGES and NEWS for CVE-2024-6119 fix
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(cherry picked from commit cf384d35aa)
2024-09-03 21:04:03 +02:00
Tomas Mraz
5650289743 Add CHANGES.md and NEWS.md updates for the 3.4 release
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/25339)
2024-09-03 11:20:45 +02:00
Dimitri Papadopoulos
8f250985ad Fix typos found by codespell
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/24691)
2024-06-24 15:09:11 +02:00
Tomas Mraz
ae20c423f9 Update CHANGES.md and NEWS.md for the upcoming release
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/24549)

(cherry picked from commit 6152b08631)
2024-06-04 14:36:37 +02:00
Damian Hobson-Garcia
f892397c52 Add Attribute Certificate suport comments to CHANGES and NEWS
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15857)
2024-04-24 14:08:05 +01:00
Tomas Mraz
eb33768e87 Sync CHANGES.md and NEWS.md with 3.3 branch
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24034)
2024-04-09 13:43:26 +02:00
Matt Caswell
03c4b0eab6 Add a CHANGES.md/NEWS.md entry for the unbounded memory growth bug
Related to CVE-2024-2511

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24042)
2024-04-08 12:06:25 +02:00
Dmitry Belyavskiy
d8d1910761 Amend CHANGES.md/NEWS.md to reflect DN output changes
Fixes 

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23507)
2024-02-09 12:54:20 +01:00
Matt Caswell
afb19f07ae Remove a CVE reference from CHANGES/NEWS
master/3.2 was never vulnerable to CVE-2023-5678 since it was fixed before
it was released.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23432)
2024-02-01 18:30:21 +01:00
Matt Caswell
0873e6f61a Update CHANGES.md and NEWS.md for new release
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
(Merged from https://github.com/openssl/openssl/pull/23421)
2024-01-30 12:49:09 +00:00
Tomas Mraz
38b2508f63 Add CHANGES.md and NEWS.md entries for CVE-2023-6237
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23243)
2024-01-15 10:54:34 +01:00
Tomas Mraz
858c7bc210 Add CHANGES.md and NEWS.md entries for CVE-2023-6129
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23200)
2024-01-09 15:45:44 +01:00
Tomas Mraz
5dc2b72df7 Sync CHANGES.md and NEWS.md with 3.2 branch
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23200)
2024-01-09 15:45:32 +01:00
Hugo Landau
36eb3cfb09 Amend NEWS.md to be more like release notes
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22785)

(cherry picked from commit 5e07ea4f82)
2023-11-23 12:04:41 +01:00
Richard Levitte
10264b534b Document the exporter change in CHANGES.md and NEWS.md
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20878)
2023-11-15 08:22:29 +01:00
Tomas Mraz
4d4657cb6b Add CHANGES.md and NEWS.md entry for CVE-2023-5678
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22647)

(cherry picked from commit 4ee71b4c30)
2023-11-08 17:35:56 +01:00
Tomas Mraz
96ee2c38ad Sync CHANGES.md and NEWS.md with 3.1 branch
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22647)

(cherry picked from commit 2d0d3edb04)
2023-11-08 17:35:55 +01:00
Richard Levitte
186b3f6a01 Prepare for 3.3
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22525)
2023-10-27 17:01:44 +01:00
Pauli
1e6e682ac2 changes and news entries for CVE-2023-5363
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2023-10-24 14:32:24 +01:00
Matt Caswell
219bd6ac70 Prepare for 3.2 alpha 3
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
2023-09-28 14:24:47 +01:00
Matt Caswell
1e6b4baf54 Prepare for release of 3.2 alpha 2
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
2023-09-28 14:24:32 +01:00
Dimitri Papadopoulos
10fe5e29ca Fix new typos found by codespell
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22098)
2023-09-18 09:04:22 +10:00
Tomas Mraz
0be7510f49 Add CVE-2023-4807 fix to CHANGES.md and NEWS.md
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22033)
2023-09-11 10:55:51 +02:00
Tomas Mraz
02f84b02e8 Sync changes between 3.2 and 3.1 branches
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22033)
2023-09-11 10:55:51 +02:00
Matt Caswell
75708029ad Prepare for 3.2 alpha 2
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
2023-09-07 10:00:46 +01:00
Matt Caswell
6262ff748f Prepare for release of 3.2 alpha 1
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
2023-09-07 10:00:22 +01:00
Tomas Mraz
7542bdbff7 Update CHANGES.md and NEWS.md for the upcoming 3.2 release
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21802)
2023-08-23 17:42:12 +02:00
Tomas Mraz
4b29762802 Add CHANGES.md and NEWS.md entries for CVE-2023-3817
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/21550)
2023-07-27 09:48:22 -04:00
Matt Caswell
4ec53ad6e1 Update CHANGES/NEWS for CVE-2023-3446
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21451)
2023-07-19 11:20:05 +02:00
Tomas Mraz
1e398bec53 Add CHANGES.md and NEWS.md entries for CVE-2023-2975
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21384)
2023-07-14 13:01:05 +02:00
Pauli
7a3d32ae46 Add a NEWS entry covering the FIPS related changes.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/21386)

(cherry picked from commit dfc4b6c93b)
2023-07-14 09:53:42 +10:00
Matt Caswell
8a76420238 Enable QUIC by default
Ensure builds enable QUIC without explicitly having to ask for it. To
disable QUIC pass "no-quic" to Configure.

As a result we can remove all use of "enable-quic" from the various CI
runs.

We also add a CHANGES and NEWS entry for QUIC support.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21332)
2023-07-06 12:55:21 +10:00
Dimitri Papadopoulos
eb4129e12c Fix typos found by codespell
Typos in doc/man* will be fixed in a different commit.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20910)
2023-06-15 10:11:46 +10:00
Richard Levitte
d63b3e7959 Restrict the size of OBJECT IDENTIFIERs that OBJ_obj2txt will translate
OBJ_obj2txt() would translate any size OBJECT IDENTIFIER to canonical
numeric text form.  For gigantic sub-identifiers, this would take a very
long time, the time complexity being O(n^2) where n is the size of that
sub-identifier.

To mitigate this, a restriction on the size that OBJ_obj2txt() will
translate to canonical numeric text form is added, based on RFC 2578
(STD 58), which says this:

> 3.5. OBJECT IDENTIFIER values
>
> An OBJECT IDENTIFIER value is an ordered list of non-negative numbers.
> For the SMIv2, each number in the list is referred to as a sub-identifier,
> there are at most 128 sub-identifiers in a value, and each sub-identifier
> has a maximum value of 2^32-1 (4294967295 decimal).

Fixes 
Fixes CVE-2023-2650

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
2023-06-06 10:48:50 +02:00
Tomas Mraz
72dfe46550 aesv8-armx.pl: Avoid buffer overrread in AES-XTS decryption
Original author: Nevine Ebeid (Amazon)
Fixes: CVE-2023-1255

The buffer overread happens on decrypts of 4 mod 5 sizes.
Unless the memory just after the buffer is unmapped this is harmless.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/20759)
2023-04-20 17:48:16 +02:00
Todd Short
3c95ef22df RFC7250 (RPK) support
Add support for the RFC7250 certificate-type extensions.
Alows the use of only private keys for connection (i.e. certs not needed).

Add APIs
Add unit tests
Add documentation
Add s_client/s_server support

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18185)
2023-03-28 13:49:54 -04:00
Tomas Mraz
5ab3f71a33 Fix documentation of X509_VERIFY_PARAM_add0_policy()
The function was incorrectly documented as enabling policy checking.

Fixes: CVE-2023-0466

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20561)
2023-03-28 13:43:04 +02:00
Matt Caswell
986f9a674d Updated CHANGES.md and NEWS.md for CVE-2023-0465
Also updated the entries for CVE-2023-0464

Related-to: CVE-2023-0465

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20585)
2023-03-28 13:31:38 +02:00
Michael Baentsch
ee58915cfd first cut at sigalg loading
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19312)
2023-02-24 11:02:48 +11:00
Tomas Mraz
1472127d9d Correct a copy&paste error in a link URL
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20228)
2023-02-11 15:01:20 +01:00
Tomas Mraz
5f14b5bc25 Sync CHANGES.md and NEWS.md with 3.0.8 release
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20228)
2023-02-11 15:01:20 +01:00
Tomas Mraz
3c53032a13 Sync CHANGES.md and NEWS.md with 3.1 release
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19808)
2022-12-05 11:39:24 +01:00
Tomas Mraz
e0fbaf2a4a Update CHANGES.md and NEWS.md from 3.0.7
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19565)
2022-11-22 18:16:06 +01:00
Todd Short
b67cb09f8d Add support for compressed certificates (RFC8879)
* Compressed Certificate extension (server/client)
* Server certificates (send/receive)
* Client certificate (send/receive)

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18186)
2022-10-18 09:30:22 -04:00