9 Pull requests opened by 7 people

• Augment RETRY validation token

  #26048 opened Nov 25, 2024

• let Configure fail when --libdir specifies absolute path

  #26050 opened Nov 25, 2024

• ML-KEM refactor to support all three variants and some code cleanup

  #26054 opened Nov 25, 2024

• dh_cms_set_peerkey() -- allow only absent parameters in RFC

  #26058 opened Nov 25, 2024

• fips: in RSA KEM always call rsa key check with protect 1

  #26061 opened Nov 25, 2024

• Avoid NULL dereference with PKCS7_OP_SET_DETACHED_SIGNATURE

  #26078 opened Nov 28, 2024

• fips-label.yml: Fix ABI change label removal

  #26080 opened Nov 28, 2024

• openssl genpkey leaves empty file if encryption passphrase does not match

  #26081 opened Nov 28, 2024

• 04-test_encoder_decoder.t: Add } omitted in a backport

  #26085 opened Nov 29, 2024

9 Issues closed by 4 people

• There is a memory leak defect at line 634 in the file /openssl/providers/implementations/keymgmt/dsa_kmgmt.c.

  #25905 closed Nov 29, 2024

• doc/build.info.in is a horrible name

  #26076 closed Nov 29, 2024

• Deprecate BIO_meth_get_*

  #26047 closed Nov 28, 2024

• Unable to build openssl 3.4.0 on Windows Server 2016

  #26057 closed Nov 27, 2024

• could not connect to specific host from Linux server

  #26071 closed Nov 27, 2024

• OpenSSL does not function properly after upgrade to Rocky 9.5

  #26051 closed Nov 25, 2024

• 'openssl speed' should print the hardcoded algorithm names as part of the usage

  #19053 closed Nov 25, 2024

• Three-item-per-row list output | 'openssl enc -ciphers'

  #14427 closed Nov 25, 2024

• Fill in public key info from private key info?

  #16267 closed Nov 24, 2024

8 Issues opened by 8 people

• CMS_get1_{certs,crls}() behavior change and inconsistency with CMS_get0_signers() in OpenSSL 3.4

  #26079 opened Nov 28, 2024

• RFC 5297: Support for AES-SIV-384 and AES-SIV-512

  #26077 opened Nov 27, 2024

• Documentation says BIO_s_dgram_pair is thread-safe, but BIO relies on single-threaded patterns

  #26059 opened Nov 25, 2024

• DTLS performance degradation in v3.2.0 (and later)

  #26055 opened Nov 25, 2024

• X509 chain validation: non-standard handling of EKU extensions in CA certs

  #26046 opened Nov 24, 2024

• The result of the openssl pkcs8 command execution was not as expected

  #26045 opened Nov 24, 2024

• Basic Constraint Extension Parsing

  #26044 opened Nov 24, 2024

• .include directive with relative path should print a warning when OPENSSL_CONF_INCLUDE env. var. is not defined

  #26041 opened Nov 23, 2024

43 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• ECH client side

  #26011 commented on Nov 28, 2024 • 69 new comments

• ML-KEM-768 documentation

  #26037 commented on Nov 29, 2024 • 38 new comments

• DTLSv1.3 ack records

  #25119 commented on Nov 29, 2024 • 33 new comments

• Hybrid key management and KEM algorithm support

  #25990 commented on Nov 29, 2024 • 16 new comments

• QUIC interop server

  #26000 commented on Nov 29, 2024 • 13 new comments

• Feature/quic server arrange the demo server to test with chrome

  #25859 commented on Nov 28, 2024 • 12 new comments

• fips-jitter: Force use jitter entropy in the FIPS 3.0.9 provider callback

  #25930 commented on Nov 29, 2024 • 5 new comments

• Calculate correct DTLSv1.3 transcript hash

  #26035 commented on Nov 29, 2024 • 4 new comments

• EVP SKEY implementation

  #25908 commented on Nov 29, 2024 • 4 new comments

• x509: allow SAN URIs to contain userinfo

  #25861 commented on Nov 27, 2024 • 1 new comment

• Restricted include of poll.h to UNIX but not NonStop (not supported).

  #25916 commented on Nov 28, 2024 • 1 new comment

• Reject invalid FFDHE and ECDHE key shares with SSL_AD_ILLEGAL_PARAMETER alert (RFC 8446)

  #25547 commented on Nov 27, 2024 • 0 new comments

• Extension of `OPENSSL_ia32cap` to accommodate additional `CPUID` feature/capability bits

  #25709 commented on Nov 29, 2024 • 0 new comments

• Don't send or accept any Sig Algs not compatible with the protocol version

  #25724 commented on Nov 26, 2024 • 0 new comments

• fips: zeroization of ECX public keys

  #25807 commented on Nov 30, 2024 • 0 new comments

• fips: stronger rsa (future)

  #25943 commented on Nov 25, 2024 • 0 new comments

• Fixes #25917

  #25966 commented on Nov 29, 2024 • 0 new comments

• feat: Attribute Certificates API (Headers only)

  #25981 commented on Nov 26, 2024 • 0 new comments

• preserve data constness when getting issuer name's and subject's hash

  #25991 commented on Nov 23, 2024 • 0 new comments

• clang/gcc: add clang 18 and gcc 14

  #26002 commented on Nov 29, 2024 • 0 new comments

• openindiana complains on duplicate symbol OPENSSL_ia32cap_P

  #26003 commented on Nov 28, 2024 • 0 new comments

• Add a SBOM template in CycloneDX format

  #26020 commented on Nov 29, 2024 • 0 new comments

• Lack of KEM algorithm testing

  #26032 commented on Nov 25, 2024 • 0 new comments

• Absolute path for `libdir`

  #26031 commented on Nov 25, 2024 • 0 new comments

• SPAKE key/derivation API

  #7264 commented on Nov 25, 2024 • 0 new comments

• Cannot convert EC key to PEM when in FIPS mode

  #26012 commented on Nov 25, 2024 • 0 new comments

• Broken providers no_cache support

  #26038 commented on Nov 26, 2024 • 0 new comments

• Creating OpenSSL binaries with Control flow guard enabled fails with multiple test failure

  #22554 commented on Nov 27, 2024 • 0 new comments

• SSL_new_from_listener always returns NULL

  #25851 commented on Nov 27, 2024 • 0 new comments

• Enable ML-KEM in FIPS provider

  #26036 commented on Nov 29, 2024 • 0 new comments

• Support ML-KEM-1024 and ML-KEM-512

  #26006 commented on Nov 29, 2024 • 0 new comments

• key_share / supported_group selection algorithm needs changes for post-quantum

  #22203 commented on Nov 29, 2024 • 0 new comments

• Implement ML-DSA

  #25961 commented on Nov 29, 2024 • 0 new comments

• X509: Add support for directly checking leaf cert EKU

  #14218 commented on Nov 28, 2024 • 0 new comments

• add support for TLS 1.3 OCSP multi-stapling for server certs

  #20945 commented on Nov 25, 2024 • 0 new comments

• [design] Functions for explicitly fetched signature algorithms

  #22672 commented on Nov 24, 2024 • 0 new comments

• Add the SSL option of disabling DTLS record replay check

  #22980 commented on Nov 24, 2024 • 0 new comments

• fix error: relocation truncated to fit: R_RISCV_JAL against symbol `AES_set_encrypt_key'.

  #23617 commented on Nov 29, 2024 • 0 new comments

• get_cert_by_subject : backward compatibility

  #24002 commented on Nov 25, 2024 • 0 new comments

• Fix for Issue #23499 Updated CRYPTOGAMS License Repository Link + Included License in Relevant Files

  #24231 commented on Nov 30, 2024 • 0 new comments

• feat: support the timeSpecification X.509v3 extension

  #25476 commented on Nov 25, 2024 • 0 new comments

• Cleanup: Remove CB_FAIL_IF

  #25504 commented on Nov 24, 2024 • 0 new comments

• Add threading support to the FIPS provider.

  #25537 commented on Nov 26, 2024 • 0 new comments