Commit Graph

95 Commits

Author SHA1 Message Date
Matt Caswell
a86add03ab Prepare for 3.0 alpha 11
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
2021-01-07 13:48:32 +00:00
Matt Caswell
cae118f938 Prepare for release of 3.0 alpha 10
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
2021-01-07 13:48:10 +00:00
Pauli
ea7808143d dsa: add additional deprecated functions to CHANGES entry.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13638)
2020-12-17 21:09:54 +01:00
Matt Caswell
1e13198fa7 Update CHANGES and NEWS for new release
Reviewed-by: Richard Levitte <levitte@openssl.org>
2020-12-08 11:45:55 +00:00
Richard Levitte
af2f14ace5 ERR: Drop or deprecate dangerous or overly confusing functions
ERR_get_error_line() is deprecated, and ERR_get_error_func() and
ERR_get_error_data() are removed in favor of ERR_get_error_all(),
since they pop the error record, leaving the caller with only partial
error record data and no way to get the rest if the wish.

If it's desirable to retrieve data piecemeal, the caller should
consider using the diverse ERR_peek functions and finish off with
ERR_get_error().

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13466)
2020-11-28 15:28:46 +10:00
Matt Caswell
e3197e5ab2 Prepare for 3.0 alpha 10
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
2020-11-26 14:53:26 +00:00
Matt Caswell
68ec3d4730 Prepare for release of 3.0 alpha 9
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
2020-11-26 14:53:04 +00:00
Richard Levitte
f5a46ed7fe Modify the ERR init functions to use the internal ERR string loaders
This deprecates all the ERR_load_ functions, and moves their definition to
separate C source files that can easily be removed when those functions are
finally removed.

This also reduces include/openssl/kdferr.h to include cryptoerr_legacy.h,
moves the declaration of ERR_load_ERR_strings() from include/openssl/err.h
to include/openssl/cryptoerr_legacy.h, and finally removes the declaration
of ERR_load_DSO_strings(), which was entirely internal anyway.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13390)
2020-11-24 15:21:44 +01:00
Matt Caswell
ecabd00644 Prepare for 3.0 alpha 9
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
2020-11-05 14:04:11 +00:00
Matt Caswell
20d7295cb0 Prepare for release of 3.0 alpha 8
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
2020-11-05 14:03:50 +00:00
Matt Caswell
e8dca211b4 Prepare for 3.0 alpha 8
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
2020-10-15 14:16:19 +01:00
Matt Caswell
f9a5682e5c Prepare for release of 3.0 alpha 7
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
2020-10-15 14:15:55 +01:00
Dr. Matthias St. Pierre
b425001010 Rename OPENSSL_CTX prefix to OSSL_LIB_CTX
Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix,
e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER.

The OPENSSL_CTX type stands out a little by using a different prefix.
For consistency reasons, this type is renamed to OSSL_LIB_CTX.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12621)
2020-10-15 11:59:53 +01:00
Dr. Matthias St. Pierre
d8dc853825 Change CVE link style in CHANGES and NEWS
Replace [collapsed reference links][] for the CVEs by
[shortcut reference links], in order to to improve the
readability of the raw markdown text.

Consistently add parentheses around the CVE links at the
end of the CVE descriptions. (The NEWS file already had
the parentheses, in the CHANGES file they where missing.)

[collapsed reference links]:
  https://github.github.com/gfm/#collapsed-reference-link

[shortcut reference links]:
  https://github.github.com/gfm/#shortcut-reference-link

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12967)
2020-10-06 19:35:46 +02:00
Dr. Matthias St. Pierre
6ffc312776 Update CHANGES and NEWS for 1.1.1h release
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12967)
2020-10-06 19:35:46 +02:00
Richard Levitte
ece9304c96 Rename OSSL_SERIALIZER / OSSL_DESERIALIZER to OSSL_ENCODE / OSSL_DECODE
Fixes #12455

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12660)
2020-08-21 09:23:58 +02:00
Pauli
7d615e2178 rand_drbg: remove RAND_DRBG.
The RAND_DRBG API did not fit well into the new provider concept as
implemented by EVP_RAND and EVP_RAND_CTX. The main reason is that the
RAND_DRBG API is a mixture of 'front end' and 'back end' API calls
and some of its API calls are rather low-level. This holds in particular
for the callback mechanism (RAND_DRBG_set_callbacks()) and the RAND_DRBG
type changing mechanism (RAND_DRBG_set()).

Adding a compatibility layer to continue supporting the RAND_DRBG API as
a legacy API for a regular deprecation period turned out to come at the
price of complicating the new provider API unnecessarily. Since the
RAND_DRBG API exists only since version 1.1.1, it was decided by the OMC
to drop it entirely.

Other related changes:

Use RNG instead of DRBG in EVP_RAND documentation.  The documentation was
using DRBG in places where it should have been RNG or CSRNG.

Move the RAND_DRBG(7) documentation to EVP_RAND(7).

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12509)
2020-08-07 14:16:47 +10:00
Matt Caswell
1b2873e4a1 Prepare for 3.0 alpha 7
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
2020-08-06 14:02:31 +01:00
Matt Caswell
e3ec8020b4 Prepare for release of 3.0 alpha 6
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
2020-08-06 14:00:13 +01:00
Dr. David von Oheimb
16c6534b96 check-format.pl: Add an entry about it to NEWS.md and to CHANGES.md
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12270)
2020-07-20 11:17:34 +02:00
Richard Levitte
318565b733 Prepare for 3.0 alpha 6
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
2020-07-16 15:23:08 +02:00
Richard Levitte
e70a2d9f13 Prepare for release of 3.0 alpha 5
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
2020-07-16 15:22:29 +02:00
Richard Levitte
8dab4de538 Add latest changes and news in CHANGES.md and NEWS.md
- Reworked test perl framwork for parallel tests
- Reworked ERR codes to make better space for system errors
- Deprecation of the ENGINE API

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12461)
2020-07-16 12:45:02 +02:00
Dr. David von Oheimb
036cbb6bbf Rename NOTES*, README*, VERSION, HACKING, LICENSE to .md or .txt
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12109)
2020-07-05 11:29:43 +02:00
Gustaf Neumann
8c1cbc7210 Fix typos and repeated words
CLA: trivial

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12320)
2020-07-05 01:49:20 +02:00
Richard Levitte
3bd65f9b5b Update NEWS and CHANGES
NEWS and CHANGES hasn't mentioned OPENSSL_CTX before, so adding entries now.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12228)
2020-06-28 10:55:51 +02:00
Kurt Roeckx
aba03ae571 Reduce the security bits for MD5 and SHA1 based signatures in TLS
This has as effect that SHA1 and MD5+SHA1 are no longer supported at
security level 1, and that TLS < 1.2 is no longer supported at the
default security level of 1, and that you need to set the security
level to 0 to use TLS < 1.2.

Reviewed-by: Tim Hudson <tjh@openssl.org>
GH: #10787
2020-06-27 08:41:40 +02:00
Matt Caswell
0d96afd28c Prepare for 3.0 alpha 5
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
2020-06-25 15:00:39 +01:00
Matt Caswell
38778b78e0 Prepare for release of 3.0 alpha 4
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
2020-06-25 14:58:16 +01:00
Richard Levitte
eca4713913 APPS: Drop interactive mode in the 'openssl' program
This mode is severely untested and unmaintained, is seems not to be
used very much.

Closes #4679
Closes #6292

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12023)
2020-06-05 10:01:33 +02:00
Matt Caswell
c2db6839e4 Prepare for 3.0 alpha 4
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
2020-06-04 14:58:20 +01:00
Matt Caswell
3952c5a312 Prepare for release of 3.0 alpha 3
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
2020-06-04 14:56:40 +01:00
Matt Caswell
5d979e0484 Prepare for 3.0 alpha 3
Reviewed-by: Richard Levitte <levitte@openssl.org>
2020-05-15 14:35:04 +01:00
Matt Caswell
9e8604b891 Prepare for release of 3.0 alpha 2
Reviewed-by: Richard Levitte <levitte@openssl.org>
2020-05-15 14:33:29 +01:00
Dr. David von Oheimb
8d9a4d833f Chunk 11 of CMP contribution to OpenSSL: CMP command-line interface
Certificate Management Protocol (CMP, RFC 4210) extension to OpenSSL
Also includes CRMF (RFC 4211) and HTTP transfer (RFC 6712).
Adds the CMP and CRMF API to libcrypto and the "cmp" app to the CLI.
Adds extensive documentation and tests.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11470)
2020-05-13 19:42:00 +02:00
Rich Salz
257e9d03b0 Fix issues reported by markdownlint
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11739)
2020-05-08 16:22:02 +02:00
Matt Caswell
d38997af16 Prepare for 3.0 alpha 2
Reviewed-by: Richard Levitte <levitte@openssl.org>
2020-04-23 14:10:38 +01:00
Matt Caswell
05feb0a0f1 Prepare for release of 3.0 alpha 1
Reviewed-by: Richard Levitte <levitte@openssl.org>
2020-04-23 14:08:36 +01:00
Dr. David von Oheimb
e7774c287c Add info on the CMP implementation and HTTP client to NEWS.md and CHANGES.md
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11608)
2020-04-23 13:15:16 +01:00
Pauli
19985ac42c news: note the addition of ECX and SHAKE256 to the FIPS provider as non-approved algorithms
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11371)
2020-04-17 19:51:37 +10:00
Pauli
be19d3caf0 NEWS: note OSSL_PARAM_BLD API as public.
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11390)
2020-03-28 12:27:22 +10:00
Dr. Matthias St. Pierre
8658feddea Update CHANGES and NEWS for 1.1.1e release
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11346)
2020-03-19 01:05:38 +01:00
Dr. Matthias St. Pierre
4477beacc4 doc: add missing NEWS entries for all versions >= 1.0.0
Up to now, NEWS entries for older releases where only added to the
corresponding stable branches, so they were missing in the master
branch. This commit adds the missing entries, taking them from the
respective stable branches.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10545)
2020-02-26 21:06:17 +01:00
Dr. Matthias St. Pierre
5f8e6c50bd doc: introduce some minimalistic markdown without essential changes
The goal is to transform the standard documents

    README, INSTALL, SUPPORT, CONTRIBUTING, ...

from a pure text format into markdown format, but in such a way
that the documentation remains nicely formatted an easy readable
when viewed with an normal text editor.

To achieve this goal, we use a special form of 'minimalistic' markdown
which interferes as little as possible with the reading flow.

 * avoid [ATX headings][] and use [setext headings][] instead
   (works for `<h1>` and `<h2>` headings only).
 * avoid [inline links][] and use [reference links][] instead.
 * avoid [fenced code blocks][], use [indented-code-blocks][] instead.

The transformation will take place in several steps. This commit
introduces mostly changes the formatting and does not chang the
content significantly.

[ATX headings]:         https://github.github.com/gfm/#atx-headings
[setext headings]:      https://github.github.com/gfm/#setext-headings
[inline links]:         https://github.github.com/gfm/#inline-link
[reference links]:      https://github.github.com/gfm/#reference-link
[fenced code blocks]:   https://github.github.com/gfm/#fenced-code-blocks
[indented code blocks]: https://github.github.com/gfm/#indented-code-blocks

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10545)
2020-02-26 21:04:38 +01:00
Dr. Matthias St. Pierre
2e07506a12 doc: convert standard project docs to markdown
In the first step, we just add the .md extension and move some
files around, without changing any content. These changes will
occur in the following commits.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10545)
2020-02-26 21:04:38 +01:00