The annotated tag OpenSSL_1_1_0-pre2 has been created at 4f17c7a4127cf1c0e0942397f82b8b43c7668cfa (tag) tagging bd31d02e412f80f53073a1eb776dffe06ac91746 (commit) replaces OpenSSL_1_1_0-pre1 tagged by Richard Levitte on Thu Jan 14 15:26:56 2016 +0100
- Log ----------------------------------------------------------------- OpenSSL 1.1.0-pre2 release tag Alessandro Ghedini (1): GH540: add casts to safestack.h Andy Polyakov (10): Configurations/10-main.conf: fix typos in mingw/cygwin configs. evp/e_chacha20_poly1305.c: TLS interop fixes. Configure: 'reconf' to respect CROSS_COMPILE and CC. Configure: add framework for ChaCha and Poly1305 assembly. x86_64 assembly pack: tune clang version detection even further. crypto/ppccap.c: add SIGILL-free processor capability detection code. crpyto/ppccpuid.pl: add FPU probe and fix OPENSSL_rdtsc. sha/asm/sha256-armv4.pl: one of "universal" flags combination didn't compile. (and unify table address calculation in ARMv8 code path). bn/asm/bn-c64xplus.asm: update commentary. Configure: refine 'reconf' logic. Ben Kaduk (1): Fix typo Ben Laurie (8): Make no-dh work, plus other no-dh problems found by Richard. Support ccache. Fix (incorrect) uninitialised variable warning. Remove no longer existant structure member and direct references to EVP_MD_CTX internals. Don't use EC when no-ec. Fix no-dgram. Fix no-engine. Fix no-dh. Daniel Kahn Gillmor (1): The functions take a SSL *, not a SSL_CTX * David Benjamin (1): Fix memory leak in DSA redo case. Dr. Stephen Henson (71): extension documentation add X509_up_ref() documentation Add extension utility documentation. remove ancient SSLeay bug workaround fix warning Extend EVP_PKEY_copy_parameters() Add EVP_PKEY_get0_* functions. New function X509_get0_pubkey make update Update EVP_PKEY documentation. New EC functions. Use EC_KEY_key2buf and EC_oct2key in libssl. Remove SSL_OP_SINGLE_ECDH_USE code. Remove ECDH client auth code. Constify EC_KEY in ECDH_compute_key. remove unnecessary key copy Add ECDH/DH utility functions. Use EVP_PKEY for server EC. Use EVP_PKEY for client side EC. make update fix for no-ec delete unused context Remove fixed DH ciphersuites. SSL library configuration module. Add ssl_mcnf.c to Makefile Load module in SSL_library_init Add ssl configuration support to s_server and s_client Demo server using SSL_CTX_config SSL configuration module docs make errors unload modules in ssltest make update remove unused error code In mkerr.pl look in directories under ssl/ add -unref option to mkerr.pl Add ossl_inline Always generate DH keys for ephemeral DH cipher suites. EVP_PKEY DH client support. utility function Server side EVP_PKEY DH support fix no-ec Convert RSA encrypt to use EVP_PKEY Check for missing DSA parameters. Use X509_get0_pubkey where appropriate remove invalid free Change STACK_OF to use inline functions. Fix declarations and constification for inline stack. remove unused PREDECLARE Rename DECLARE*STACK_OF to DEFINE*STACK_OF Only declare stacks in headers use more descriptive name DEFINE_STACK_OF_CONST Recognise disabled algorithms automatically. remove hard coded algorithms Correct header defines Add DEPRECATEDIN support. update ordinals fix shadow warning Disable some algorithms by default Add memory leak return value. Update leak test to check return values. Fix jpaketest compilation error. Inline LHASH_OF Add lh_new() inlining Add lh_doall inlining Add lh_doall_arg inlining Remove mkstack.pl: it is no longer needed. Use ossl_inline and DEFINE_LHASH_OF update ordinals fix jpaketest and correct comment recognise no-crypto-mdebug To avoid possible time_t overflow use X509_time_adj_ex() Emilia Kasper (1): Fix a ** 0 mod 1 = 0 for real this time. Hongze Zhu (1): add malloc fail check & fix memory leak Kurt Roeckx (7): Use OPENSSL_NO_DTLS instead of OPENSSL_NO_DTLS1 Also change the non-debug versions to use size_t Avoid using a dangling pointer when removing the last item Remove SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER and SSL_OP_TLS_D5_BUG support. Add support for minimum and maximum protocol version Allow disabling the min and max version File is about s_time, not s_client Mat (4): Fix build failure on Windows Adds crypto-mdebug as a valid option Adds missing type casts Fix c++ compilation Mathias Berchtold (1): Fix missing casts for c++ Matt Caswell (21): Prepare for 1.1.0-pre2-dev Fix OCB link Fix compile failure Fix compile failure with no-threads Fix compile failure with no-srp Fix no-psk compile failure Fix s_server problem with no-ec Don't export internal symbols Fix updating via mkdef.pl Fix build on Solaris Add SSL_CIPHER_description() for Chacha20/Poly1305 Fix URLs mangled by reformat Fix inline build failure Add test for missing CertificateStatus message Fix error when server does not send CertificateStatus message Ensure we don't call the OCSP callback if resuming a session Add some documentation for the OCSP callback functions Simplify calling of the OCSP callback Increase the max size limit for a CertificateRequest message Fix NSS format session output Fix test_ordinals Pascal Cuoq (1): Function pop_info() returned a dangling pointer Rich Salz (34): Use SHA256 not MD5 as default digest. Allow ChaCha20-Poly1305 in DTLS Use SHA256 not MD5 as default digest. Revert "Allow ChaCha20-Poly1305 in DTLS" Remove GMP engine. Rename some BUF_xxx to OPENSSL_xxx Provide better "make depend" warning. Fix typo. Rename sec_mem to mem_sec, like other files. mem-cleanup, cont'd. Remove err and prime demo's Remove some L<asdf|asdf> which crept back in. Rename *_realloc_clean to *_clear_realloc Cleanup CRYPTO_{push,pop}_info make a "missed make update" update RT4202: Update rt URL's. Update to SHA256 for TSA signing digest. Remove some unused perl scripts Remove more (rest?) of FIPS build stuff. mem functions cleanup Fix build-break; 'make update' Fix another build break for no-mem-debug Portability fix for apps/s_client.c Another portability fix. Fix no CRYPTO_MDEBUG build (windows) RT41897: Add an CRYPTO_secure_actual_size GH528: "cipher -v" output is confusing. Yet another make update. RT4227: Range-check in apps. Move Makefiles to Makefile.in Fix typo in error message Add CRYPTO_EX_DATA; remove EC_EXTRA_DATA Add missing #ifdef's to fix build break Call single parent free_comp routine. Richard Levitte (68): Make EVP_ENCODE_CTX opaque Adapt BIO_f_base64 to the opaque EVP_ENCODE_CTX Adapt PEM routines to the opaque EVP_ENCODE_CTX Adapt EVP tests to the opaque EVP_ENCODE_CTX make update make update, missed file Better splitting regexp for test_ordinals Modify the lower level memory allocation routines to take size_t Remove the "eay" c-file-style indicators Fix the etags action line, as etags doesn't take -R Refactor DTLS cookie generation and verification Prefer ReuseAddr over Reuse, with IO::Socket::INET Fix some missing or faulty header file inclusions SIZE_MAX doesn't exist everywhere, supply an alternative Correct missing prototype Remove the #ifndef OPENSSL_SYS_VMS around SSL_add_dir_cert_subjects_to_stack Fix faulty check in the VMS version of opt_progname Fix a possible memleak Instead of a local hack, implement SIZE_MAX in numbers.h if it's missing Remove crypto/pem/pem_seal.c Enhance util/mkdef.pl to provide a VMS linker option file for shlibs Remove the old VMS linker option file creator for shlibs Remove all remaining traces if PEM_Seal Adjust $default_depflags to changes in Configure Only run DANE tests when EC is supported Have mkdef.pl use case sensitive symbols for shareable symbol vector VMS INDENTIFICATION should only have the version number The limit per SYMBOL_VECTOR isn't the amount of symbols, it's the line length Use SPARE instead of PRIVATE_PROCEDURE to reserve unused SYMBOL_VECTOR slots Make sure to have both upper and mixed case symbols in SYMBOL_VECTOR Make EVP_CIPHER_CTX opaque and renew the creator / destructor functions Add accessors and writers for EVP_CIPHER_CTX Adapt the internal EVP routines to opaque EVP_CIPHER_CTX Adapt cipher implementations to opaque EVP_CIPHER_CTX Adapt all EVP_CIPHER_CTX users for it becoming opaque Remove EVP_CIPHER_CTX_flags, it's only confusing Make EVP_CIPHER opaque and add creator/destructor/accessor/writer functions Adapt the internal EVP routines to opaque EVP_CIPHER Adapt builtin cipher implementations to opaque EVP_CIPHER Adapt all engines that need it to opaque EVP_CIPHER EVP_CIPHER_CTX_new_cipher_data was a temporary measure, not needed any more Adapt all EVP_CIPHER users for it becoming opaque Add back deprecated functions in macro form Document the new EVP_CIPHER and EVP_CIPHER_CTX functionality make update Remove unused internal macros Add notes in CHANGES and NEWS Correct a small typo in CHANGES VMS will downcase all command parameters unless they're quoted Fix test/recipes/80-test_ca.t to work on VMS Pipes on VMS do not work well with binary data, use an intermediary file After EVP_CIPHER turned opaque, e_rc5.c needs to include evp_int.h Have the VMS exit code follow POSIX conventions Don't return from main(), use EXIT() instead VMS perl doesn't implement fork(), so don't run the TLSProxy tests there Simplify the EXIT macrot for VMS Remove test_probable_prime_coprime from test/bntest.c VMS C doesn't provide intmax_t/uinmax_t, use our own Quick fix of debugging option for mk1mf.pl. Remove spurious ; Reorder the ordinals in libeay.num Add a directry spec for mcr if there is none Fall back to c_rehash if 'openssl rehash' fails Do not use redirection on binary files Rename binmode into textmode and use it correctly VMS open() doesn't take O_BINARY, but takes a context description Change the last copyright year to 2016 in README Prepare for 1.1.0-pre2 release Rob Stradling (1): Support the TLS Feature (aka Must Staple) X.509v3 extension (RFC7633). Roumen Petrov (3): remove duplicates in util/libeay.num __STDC_VERSION__ is not defined for c89 compilers redundant redeclaration of 'OPENSSL_strlcpy' Todd Short (1): Memory leak in state machine in error path Viktor Dukhovni (34): Restore full support for EVP_CTX_create() etc. Avoid erroneous "assert(private)" failures. Fix option value parsing in crl2pkcs7 -certfile Fix erroneous SO suffix in darwin64-debug-test-64-clang target Refine and re-wrap Min/Max protocol docs Protocol version selection and negotiation rewrite Cleanup of verify(1) failure output X509_verify_cert() cleanup Drop incorrect id == -1 case from X509_check_trust Fix X509_STORE_CTX_cleanup() DANE support structures, constructructors and accessors DANE documentation typos DANE make update DANE support for X509_verify_cert() Minor test update DANE s_client support Backwards-compatibility subject to OPENSSL_API_COMPAT Fix some typos in comments DANE CHANGES Simplify deprecated declaration exception Update comment as bn_dup_expand is gone Fixup actually update danetest.c Future-proof deprecated declartion parsing Regenerate SSL record/statem error strings Enable/disable crypto-mdebug just like other features Make SSL{_CTX,}_{get,set,clear}_options functions STACK_OF(SSL_COMP) is a public type Maximize time_t when intmax_t is available For stroimax need C99 inttypes.h Fix DES_LONG breakage For stro[ui]max require both C99 and UINTMAX_MAX/INTMAX_MAX Fix nistp512 typos, should be nistp521 Fix verify(1) to report failure when verification fails Fix double-free bugs in EC group precomputation state tjmao (1): Allow ChaCha20-Poly1305 in DTLS ----------------------------------------------------------------------- _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits