The annotated tag OpenSSL_1_1_0-pre4 has been created
at ad250dc2fb9b3e37700a557b82b0c46f0657352f (tag)
tagging e711d13af3e3bee1c6423c27eeb48ad4921d4fc3 (commit)
replaces OpenSSL_1_1_0-pre3
tagged by Richard Levitte
on Wed Mar 16 18:21:17 2016 +0100
- Log -----------------------------------------------------------------
OpenSSL 1.1.0-pre4 release tag
Adam Eijdenberg (1):
Add more CT utility routines to be used as part of larger patch.
Alessandro Ghedini (19):
Implement new multi-threading API
GH355: Implement HKDF
GH804: Fix unused-result warnings in dasync
Convert CRYPTO_LOCK_GET*BYNAME to new multi-threading API
Convert CRYPTO_LOCK_{DH,DSA,RSA} to new multi-threading API
Convert CRYPTO_LOCK_DSO to new multi-threading API
Convert CRYPTO_LOCK_EX_DATA to new multi-threading API
Convert ERR_STATE to new multi-threading API
Convert ERR_STRING_DATA to new multi-threading API
Convert CRYPTO_LOCK_BIO to new multi-threading API
Convert CRYPTO_LOCK_EVP_PKEY to new multi-threading API
Convert CRYPTO_LOCK_EC_* to new multi-threading API
Convert CRYPTO_LOCK_UI to new multi-threading API
Convert CRYPTO_LOCK_X509_* to new multi-threading API
make update
Convert CRYPTO_LOCK_SSL_* to new multi-threading API
Convert RSA blinding to new multi-threading API
Move variable declaration to the start of the function
Use correct function ID in error path
Andrea Grandi (7):
Add support for async jobs in OpenSSL speed
Fix the error with RSA and the daysnc engine in async mode.
Remove unnecessary memset() to 0 and check for NULL before OPENSSL_free()
Add support to ASYNC_WAIT_CTX to speed
Fix error with wait set of fds for the select()
Add empty line after local variables
Fix names of the #define used for platform specific code
Andy Polyakov (30):
Makefile.shared: limit .dll image base pinning to FIPS builds.
poly1305/asm/poly1305-armv4.pl: replace ambiguous instruction.
test/recipes/80-test_ca.t: remove_tree->rmtree to make it work with Perl
5.10.
ec/asm/ecp_nistz256-x86_64.pl: get corner case logic right.
ec/asm/ecp_nistz256-*.pl: get corner case logic right.
test/ectest.c: add regression test for RT#4284.
chacha/asm/chacha-*.pl: fix typos in tail processing.
modes/asm/ghash-x86_64.pl: refine GNU assembler version detection.
bn/bn_exp.c: constant-time MOD_EXP_CTIME_COPY_FROM_PREBUF.
bn/asm/rsax-x86_64.pl: constant-time gather procedure.
bn/asm/rsaz-avx2.pl: constant-time gather procedure.
crypto/bn/x86_64-mont5.pl: constant-time gather procedure.
bn/asm/x86_64-mont5.pl: unify gather procedure in hardly used path
and reorganize/harmonize post-conditions.
poly1305/asm/poly1305-*.pl: flip horizontal add and reduction.
chacha/asm/chacha-ppc.pl: fix typo.
perlasm/x86_64-xlate.pl: handle binary constants early.
bn/asm/x86[_64]-mont*.pl: complement alloca with page-walking.
Makefile.in: populate [PLIB_]LDFLAG even with $target{} settings.
SPARCv9 assembly pack: unify build rules and argument handling.
ec/asm/ecp_nistz256-sparcv9.pl: get corner logic right.
Configure: remove dependency on 'head'.
Configurations/unix-Makefile.tmpl: don't leave empty .s files behind.
crypto/*/build.info: SPARC-specific fixups.
crypto/*/build.info: make it work on ARM platforms.
engines/Makefile.in: some [older] shell complain about 'for i ;', but
not if there is reference to empty variable.
build.info/Makefile.in: Itanium fixups.
s390x assembly pack: 32-bit fixups.
config: fix HP-UX PA-RISC detection.
Clarify NOTES.WIN.
poly1305/asm/poly1305-x86_64.pl: make it work with linux-x32.
Ben Laurie (4):
Missing extension on dependency, .d file is not always made (e.g. when
input is a .s).
Remove OBJ_EXT and friends.
testutil.c includes e_os.h.
FreeBSD, at least, can restrict symbols in a shared library - so use the
Linux target that does that.
Benjamin Kaduk (4):
GH768: Minor grammar nits in CRYPTO_get_ex_new_index.pod
GH815: The ChaCha20/Poly1305 codepoints are official
CT: check some GeneralizedTime return values
Avoid negative array index in BIO_debug_callback()
Bill Cox (1):
Add blake2 support.
Billy Brumley (3):
NIST SP800-56A co-factor ECDH KATs
move ifdef statements
documentation and duplicate goto statements
Christian Heimes (1):
Provide getters for default_passwd_cb and userdata
David Benjamin (1):
Consistently use arm_arch.h constants in armcap assembly code.
David Woodhouse (16):
RT4313: Fix build for !IMPLEMENTED code path in CRYPTO_secure_free()
RT4315: Fix UEFI build in crypto/init.c
RT4318: Fix OSSL_SSIZE_MAX for UEFI build
RT3628: Allow filenames to be eliminated from compiled library
Finish 02f7114a7fbb3f3ac171bae87be8c13bc69e4005
RT4309: Define PRIu64 for UEFI build
RT4334: Check UEFI before __STDC_VERSION__ for <inttypes.h>
RT4339: Fix handling of <internal/bn_conf.h>
RT4335: Fix UEFI build of OBJ_NAME_new_index()
RT4347: Fix GCC unused-value warnings with HOST_c2l()
Elide EVP_read_pw_string() and friends for no-ui
Allow OPENSSL_NO_SOCK in e_os.h even for non-Windows/DOS platforms
Move declaration of X509_aux_print() out of #ifndef OPENSSL_NO_STDIO
Elide DES_read_password() for no-ui build
Elide OPENSSL_INIT_set_config_filename() for no-stdio build
Allow OPENSSL_NO_SOCK in e_os.h even for non-Windows/DOS platforms
Dmitry-Me (6):
Fix mismatched curly brace
GH680: Reuse strnlen() in strndup()
GH762: Reuse strdup()
GH769: Reuse strndup()
GH784: Better variable name
Reuse strndup(), simplify code
Dr. Stephen Henson (65):
Add explanation and warning to TLS id table.
Use nid_list table to lookup curve IDs.
Simplify tls1_set_ec_id.
remove redundant code
typo
Remove broken DSA private key workarounds.
Remove DSA negative integer workaround code.
Remove unused parameter in ssl_set_masks().
Update and clarify EC_POINT documentation.
Reformat and update EC_KEY_new manual page.
Rename OIDs.
EC_METHOD customisation operations.
Extended EC_METHOD customisation support.
Extract compression form in EC_KEY_oct2key().
Add custom_data field for EC_POINT, EC_KEY.
Add group_order_bits to EC_METHOD.
Add new EC_METHOD for X25519.
Add no signing flag.
Add X25519 curve to list
Add X25519 test vectors from RFC7748 6.1 Check sign/verify blocked
with X25519
skip inappropriate X25519 tests
add ecdhx25519 option to speed
TLS support for X25519
Add X25519 code from BoringSSL.
Initial adaptations for Curve25519 code.
Change BORINGSSL defines to OPENSSL
Remove unused code.
make update
Add CHANGES entry for X25519
remove unused variables
Fix -pkeyopt and fix error check.
Replace overrides.
Add default operations to EC_METHOD
make errors
remove old unused oneline name field
Handle KDF internally.
make errors
EVP_PKEY_CTX utility functions.
Use utility functions for HMAC and CMAC.
Add string ctrl operations to TLS1 PRF, update documentation.
Add Ctrl keyword to KDF test in evp_test
Convert PRF tests to use Ctrl
Generalise KDF test in evp_test.c
make update
Add KDF error codes
add kdf.h to mkdef.pl
make update
fix no-ec build
update NEWS
Add KDF support to pkeyutl. Update documentation.
Sanity check PVK file fields.
Add ASN.1 ADB callback.
use saner default parameters for scrypt
Make PKCS8_PRIV_KEY_INFO opaque.
Update documentation
make update
Remove kinv/r fields from DSA structure.
Make DSA_SIG opaque.
make update
move DSA_SIG definition into C source file
Make X509_SIG opaque.
make update
Add EVP_PKEY documentation.
Document X509_get_serialNumber and X509_set_serialNumber.
Update and clarify ECDSA documentation.
Emilia Kasper (25):
getaddrinfo: zero the hints structure
TLS: reject duplicate extensions
MemorySanitizer: address false positive
CVE-2016-0798: avoid memory leak in SRP
Don't build sanitizer builds with --debug
Place under OpenSSL license.
curve25519: add missing const-qualifier
Refactor ClientHello extension parsing
Clean up curve25519 build
Curve25519: avoid undefined behaviour
Curve25519: fix const-initialization
Trim the Travis config
Trim Travis config part 2
Restore some mingw builds
Rework the default cipherlist.
Trim Travis config part 3
Fix no-comp build
Workaround for false -Warray-bounds in Travis
Fix memory leak in library deinit
Travis: build tests in BUILDONLY mode
Disable afalg when engine is disabled.
Fix CRYPTO_THREAD_run_once return value checks
Explain *cough*-dows
On Windows, page walking is known as __chkstk.
Fix up CHANGES
FdaSilvaYY (7):
GH678: Add a few more zalloc
Add some 'no-engine' builds to travis, for test
fix "no-engine" build of test fixture
GH753: More spelling fix
GH715: Missed some null-check-removals. follow commits 412bafdcf5, and
7c96dbcdab
GH773: Possible leak on CRYPTO_THREAD_lock_new failure
Fix cert leaks in s_server
Flavio Medeiros (1):
GH480: Don't break statements with CPP stuff.
J Mohan Rao Arisankala (9):
GH735: remove unnecessary allocation
GH742: keep gost specific variable under macro
Check method before access and release ctx in error paths
explicit check for NULL
check with NULL
EC_KEY_priv2buf (): check parameter sanity
fix build with no-srtp
using macro inside the case.
GH764: s_server: trace option fall through
Jeffrey Walton (2):
RT4354: Add some cross-refs
RT4351: Update doc for OPENSSL_cleanse
Jim Basney (1):
Avoid double-free in calleres to OCSP_parse_url
Kurt Roeckx (25):
argv was set but unused
Drop support for printing SSLv2 ciphers names.
Make k25519Precomp const
Don't mark the eNULL ciphers as non-default.
Disable SSLv3 by default
AppVeyor: Only use the latest VS version
Constify security callbacks
Make function to convert version to string
Remove unused code
Make SSL_CIPHER_get_version return a const char *
Add ssl_get_client_min_max_version() function
Add support for minimum and maximum protocol version supported by a cipher
IDEA is not supported in TLS 1.2
Document SSL_get1_supported_ciphers
Update ciphers -s documentation
Remove DES cipher alias
Move disabling of RC4 for DTLS to the cipher list.
Fix usage of OPENSSL_NO_*_METHOD
Use minimum and maximum protocol version instead of version fixed methods
Use version flexible method instead of fixed version
Deprecate the use of version-specific methods
Run make update
Review comments
Save leaf_node and node_offset as character array
Use unsigned int instead of just unsigned.
Mat (5):
GH812: Fix for no-ui build on Windows
Fix return type for CRYPTO_THREAD_run_once
Fix no-rmd160 classic Windows build
Fix no-blake2 for Windows classic build
removed extra define
Matt Caswell (82):
Fix memory leaks in tls_decrypt_ticket
Fix windows thread stop code
Partial revert of 1288f26 and fix for no-async
Fix memory issues in BIO_*printf functions
Fix a mkdef.pl warning
Fix master compile error
Remove Ubsec engine
Workaround for VisualStudio 2015 bug
Refactor the async wait fd logic
Clarify ASYNC_WAIT_CTX_clear_fd() docs
Fix use before init warnings in asynctest
Fix BN_hex2bn/BN_dec2bn NULL ptr/heap corruption
Updates to CHANGES and NEWS for 1.0.2 and 1.0.1 release
Convert ASYNC code to use new Thread API
Ensure Async is deinited properly
Don't build RC4 ciphersuites into libssl by default
Misc afalg build fixes
Fix OPENSSL_INIT flags to avoid a clash.
Fix minor errors in the afalg test
Fix some clang warnings
Swap the init code to use CRYPTO_ONCE
Swap the init code to use the new Thread API thread locals
Remove use of CRYPTO_LOCK_INIT in init code
Add a function to detect if we have async or not
make update
Add defines for pipeline capable ciphers
Update the dasync engine to add a pipeline cipher
Implement write pipeline support in libssl
Add pipeline support to s_server and s_client
Add dummy pipeline support for aes128_cbc_hmac_sha1
Implement read pipeline support in libssl
Lazily initialise the compression buffer
Add an ability to set the SSL read buffer size
Add an SSL_has_pending() function
Ensure s_client and s_server work when read_ahead is set
Fix erroneous fall thgrough in switch statement
Add pipelining documentation
Add documentation for SSL_has_pending()
Add documentation for new s_server/s_client options
Update a comment
Remove the wrec record layer field
Add documentation for the EVP_CIPHER_CTX_cipher_data functions
Fix s_server/s_client handling of the split_send_frag argument
Rename EVP_CIPHER_CTX_cipher_data to EVP_CIPHER_CTX_get_cipher_data
Fix typo in SSL_pending docs
Move the _hidden_* static variables in dasync to be constructed in bind
Refactor dasync cipher implementations to improve code reuse
Rename a function
Rename the numpipes argument to ssl3_enc/tls1_enc
Fix building without multiblock support
Add an ability to set the SSL read buffer size
Add an SSL_has_pending() function
Convert mem_dbg and mem_sec to the new Thread API
Fix error in ssltest
Convert rand code to new threading API
Fix memory leak in ssltest
Ensure CRYPTO_mem_leaks is the last thing we do
Move engine library over to using the new thread API
Move chil engine to the new thread api
Always call ENGINE_cleanup() in de-init
Remove another lock from e_chil
Remove use of the old CRYPTO_LOCK_X5O9_STORE
Remove the old threading API
Update CHANGES for the new threading API
Add an entry in NEWS about the new threading API
Fix classic build
Update CHANGES and NEWS
No need to call EVP_CIPHER_CTX_init after EVP_CIPHER_CTX_new
Mark SRP_VBASE_get_by_user() as deprecated
Remove a missed item from the old thread API
Fix a memory leak in the afalg engine
More tweaks to the installation instructions
Call CONF_modules_free() before ENGINE_cleanup() in auto-deinit
Suppress CT warnings in test_ssl
Don't clobber the last error
Remove some dead code from 1999
Add some missing cleanup calls to de-init
Fix the init cleanup order
Fix a TLSProxy race condition
Disable AFALG when cross-compiling
We should use $SRCDIR in Makefiles
Some platforms provide getcontext() but it does not work
Neel Goyal (1):
Fix typo in SSL_CTX_set_msg_callback docs
Rich Salz (39):
Remove JPAKE
RT4310: Fix varous no-XXX builds
Remove "experimental" in code and comments, too.
GH681: More command help cleanup
Remove outdated DEBUG flags.
Fix {TLS,CIPHER}_DEBUG compiles.
Missed an experimental.
GH721: Duplicated flags in doc
RT4320/GH705: Fix PEM parsing bug.
Remove unused parameters from internal functions
Add PKCS7_NO_DUAL_CONTENT flag
Fix typo, reformat comment.
GH235: Set error status on malloc failure
RT4116: Change cleanse to just memset
Build fix: remove cleanse_ctr
Fix indents
GH463: Fix OPENSSL_NO_OCSP build
Fix unified build after CT reorg
GH715: ENGINE_finish can take NULL
Update test build/run for unified
Revert "EC_KEY_priv2buf (): check parameter sanity"
Remove some old files.
RT2275: use BIO_sock_nbio()
GH715: Missed some null-check-removals.
Fix mk1mf build
Changes to DEFAULT curves
GH616: Remove dead code
ISSUE 43: Add BIO_sock_shutdown
Remove really old demo's
Fix pkeyutl to KDF lnks.
Revert "Allow OPENSSL_NO_SOCK in e_os.h even for non-Windows/DOS
platforms"
Fix build; ssltest
Remove some old ms/* files
OpenSSLDie --> OPENSSL_die
RT3676: Expose ECgroup i2d functions
RT3676 add: Export ASN.1 DHparams
Make update to catch function renames.
Fix build break; add function declaration
Add doc on when to use SCT callback.
Richard Levitte (229):
Prepare for 1.1.0-pre4-dev
Fix use of add() and add_before() in Configurations/*.conf
Fix Solaris link_a and link_o
Lowercase configuration arguments on VMS
Don't check for gcc or clang on VMS
Check for OPENSSL_USE_APPLINK in $config{cflags} as well
On solaris, the variable name sun clashes, use s_un instead
Implement the use of heap manipulator implementions
Update the documentation on heap allocators / deallocators
Fixup secmemtest for the change of CRYPTO_free() and friends
Fix check of -DOPENSSL_USE_APPLINK in $config{cflags}
When someone configures an out-of-source build, switch to unified
Be more verbose when debugging is on
Get conditional priorities right
Add -lresolv to the Solaris ex_libs
Fix spelling
Fix spelling
In the unified scheme, there is no $(TOP), use $(SRCDIR) instead
Fix the makedepend constructor in unix-Makefile.tmpl
Don't treat .d (depend) files separately from object files
Remove all special make depend flags, as well as OPENSSL_DOING_MAKEDEPEND
Set EXE_EXT environment variable when testing
Fix uninstall_sw for the unixmake scheme
Automatic 'make depend' for the unified build scheme
Don't use config.timestamp, we already have configdata.pm
Fix casing on VMS
VMS: produce dependency files just like you produce object files
VMS: rather use a quick file comparison than DIFF
Rethink the uplink / applink story
Unified - do a better job when uninstalling
Unified - don't install the ossltest engine
VMS fixed in unified build
Let Configure figure out the diverse shared library and DSO extensions
Centralise the shared library / dso name info in unix-Makefile.tmpl
Big rename fest in makefile.shared: link_a / link_o -> link_shlib /
link_dso
Simplify the generation of ld scripts for Linux and Solaris
Big rename fest of engine DSO names, from libFOO.so to FOO.so
Remake the installation of shared libraries in unix-Makefile.tmpl
Small rename fest in unified, obj2dynlib -> obj2dso
Try removing installation directories after having uninstalled files
Misc small fixes.
Big rename fest of MingW shared libraries
Make sure the linked programs have the correct extension
Fix Configurations/unix-Makefile.tmpl
Unified 'make depend' has to cleanup after itself
VMS static libraries have the extension .OLB, not .LIB
apps_extra_src changed name to apps_aux_src, rename everywhere
Make crypto/buildinf.h depend on configdata.pm rather than Makefile
Always build library object files with shared library cflags
Build dynamic engines even if configured "no-shared"
Run the TLSProxy based tests as long as dynamic engines are built.
Unified on VMS - install dynamic engines if there are any
Avoid GNU make re-exec when adding dependencies to Makefile
Document the last configuration changes
Check that any dependency file is newer than Makefile before concatenating
Don't use 'parent' in util/dofile.pl
Fix incorrect SO name on GNU platforms
Use $disabled{"dynamic-engine"} internally
Introduce the "pic" / "no-pic" config option
Rewrite CHANGES to add some commentary about the "pic" option
Add a "no-pic" build for Travis
Get back "ssl2" as a deprecated disablable option
Don't include all symbols from static libraries when building a DSO
Fix a few typos
Fix DSO name on HP/UX
Expose %disables to the perl fragments in build.info files.
Clean away $config{no_shared} since we have $disabled{shared}
Clean away $no_threads since we have $disabled{threads}
Clean away $zlib since with have $disabled{zlib}
Clean away $no_rfc3779 since we don't appear to use it at all
Clean away $no_asm since with have $disabled{asm}
Clean away $no_dso since with have $disabled{dso}
The build files use %disabled, make sure to pass it to them
Use $disabled{shared} in a safer manner
Add OPENSSL_PIC back
Remove all -march= from configs
Make it possible to build even if dependency files can't be generated
Solaris DSOs were still named libFOO.so, fixed
Configure - neater looking add() and add_before()
Normalise the include directives in ct_test.c
Unified on VMS - add %disabled in vmsconfig.pm (util/dofile.pl demands it)
Forgotten change of add() call in Configure
Make the table entry printer in Configure aware of ARRAYs
Remove comments saying you must do 'make -f Makefile.in TABLE'
Apply default after having checked the given config target is valid
Keep a cache of files that already have a recipe, in common.tmpl
Remove last remains of old config strings
ct_test.c doesn't need to include from source top, only testutil.c does
Make generation of dependency files more efficient when possible
VMS - don't exit out of a MMS recipe
Add forgotten change of check of disabled-dynamic-engine
Unified - have configdata.pm depend on a few more things
Make uplink auxiliary source separate from cpuid source
Configure - make the use of environment variables for overrides consistent
Add a shared_target to the VC-common config
Configure - Allow CODErefs and ARRAYrefs in configuration setting arrays
Configure - Rename BASE to DEFAULTS and add a few inheritable BASEs
Configure - move the addition of the zlib / libz lib to configs
Minimize copied config settings
Configure - get rid of the special debug_ and release_ settings
Configure - Get rid of the special thread_cflag, replace with
thread_scheme
Don't copy from %target to %config so much, see %config as a complement
Document the changes in config settings
Remove overzealous echoing
Restore the zlib / zlib-dynamic logic
Correction, $disabled{shared} rather than $config{no_shared}
Remove the old ordinals
Change names of ordinals and libs, libeay => libcrypto and ssleay =>
libssl
New ordinal files, recreated from scratch
No -fno-common for Darwin
Unified - Add the build.info command GENERATE, to generate source files
Unified - Adapt the Unix and VMS templates to support GENERATE
Unified - Add the build.info command OVERRIDE, to avoid build file clashes
Unified - adapt the generation of bignum assembler to use GENERATE
Unified - adapt the generation of padlock assembler to use GENERATE
Make OpenSSL::Test::setup() a bit more forgiving
Fix the build tree include directory for afalg engine
Revert "unified build scheme: Try to nudge users to try the "unified"
build"
Add the Configure option --classic, to fall back on classic build schemes
Make unified builds the default on Unix
Change the INSTALL documentation for unified builds
Fix engine/asm/e_padlock-x86.pl for newer semantics
We've switch to unified build scheme by default, reflect it in travis
Fix configurations such as 'dist' and tar building
Make mk1mf recognise the --classic flag
Tweak some more information in INSTALL
For unified builds, make a separate build directory and build there
Use ccache for the unified builds
Only enable ccache if it's available
Fix travis builds
Include e_os.h from ec_lcl.h
Remove the -n tar flag from osx dist creation
Adapt e_capi to the DSA_SIG_get0() API
Redo the Unix source code generator
Engine API repair - memory management hooks
Remove the transfer of lock hooks from bind_engine
Fix a typo in dynamic_load()
Add the configure option 'no-makedepend'
Adapt descrip.mms.tmpl to 'no-makedepend'
Adapt unix Makefile template to 'no-makedepend'
Counter mixed signedness with a cast
Add missing semi
err_lcl.h is gone, don't pretend it's there
Convert the dynlocks in e_chil to the new Thread API locks
Unified - adapt the generation of blowfish assembler to use GENERATE
Unified - adapt the generation of aes assembler to use GENERATE
Unified - adapt the generation of cpuid, uplink and buildinf to use
GENERATE
Because crypto/build.info demands CFLAGS_Q, descrip.mms.tmpl must deliver
Unified - adapt the generation of chacha assembler to use GENERATE
Unified - adapt the generation of cast assembler to use GENERATE
Unified - adapt the generation of camellia assembler to use GENERATE
Unified - adapt the generation of ec assembler to use GENERATE
Unified - adapt the generation of des assembler to use GENERATE
Unified - adapt the generation of poly1305 assembler to use GENERATE
Unified - adapt the generation of modes assembler to use GENERATE
Unified - adapt the generation of md5 assembler to use GENERATE
Unified - adapt the generation of ripemd assembler to use GENERATE
Unified - adapt the generation of rc5 assembler to use GENERATE
Unified - adapt the generation of rc4 assembler to use GENERATE
Unified - adapt the generation of sha assembler to use GENERATE
Unified - adapt the generation of whirlpool assembler to use GENERATE
Adapt mk1mf.pl and companions to changed perlasm script semantics
Unified - a native Windows makefile template
Unified - extract settings from util/pl/VC-32.pl and make the config
settings
Unified - name native Windows shared libraries like MingW builds do
Don't run the TLSProxy based tests in native Windows
Adapt the Windows makefile template to source generation
Adapt appveyor.yml for the new unified build
Adapt INSTALL and related notes for Windows
Add extra include directory for includers of ppc_arch.h
Check gcc version to see if it supports -MM and friends
Recognise 32-bit Solaris in util/shlib_wrap.sh
Touch the correct variables for the system; shlib_wrap.sh on Solaris
Make sure the effect of "pic" / "no-pic" is used with assembler
compilations
Have Configure display the value of SHARED_CFLAG
Don't check the conditions to build e_afalg if configured "no-engine"
Don't add afalg engine if configured "no-engine"
Don't add engines if configured "no-engine"
Don't call ENGINE_cleanup when configured "no-engine"
In build.info, an IF within a clause that's skipped over shouldn't apply
Fix ct_test to not assume it's in the source directory
CT test can't run without EC, so skip it on that algo as well
Restore building out of source with the unified build scheme
Fix ct_test to not assume it's in the source directory
Make ct_dir and certs_dir static in test/ct_test.c
Comment away the extra checks in Configure
When grepping something starting with a dash, remember to use -e
Correct slight logic error in processing IF in build.info
Travis - the source directory is _srcdist, not _srcdir
Remove duplicate typedef of ECPKPARAMETERS in ec.h
Make util/mk1mf.pl recognise no-weak-ssl-ciphers
When configured "shared", don't build static libraries on Windows
Travis - don't use ccache with cross compiles
Travis - add missing semi-colon
Pass down inclusion directories to source file generators
The typedef ECPARAMETERS is already defined, don't define it anew
Add cleaning targets to Configurations/windows-makefile.tmpl
Harmonize the option processing in 'config' and 'config.com'
Configure - don't trust $1 to stick around, save its value away
In the recipe using "makedepend", make sure the object file extension is
there
Add include directory options for assembler files that include from
crypto/
Add include directory options for assembler files that include from
crypto/
Fix some assembler generating scripts for better unification
Harmonise the two methods to generate dependency files
Don't build dynamic engines unless configured "shared"
Avoid getting unresolved referense to bn_expand2 in test/bntest.c
Some sed implementations are not greedy enough, use perl instead
Because bn_expand2 is declared non-static, it must not be static
Avoid sed for dependency post-processing
When creating directory specs, use srctop_dir rather than srctop_file.
Harmonize Unix Makefile template with Windows dito
Use single quotes rather than double quotes when needed
Add $(LIB_CFLAGS) for any build.info generator that uses $(CFLAGS)
Collect the names of generated files and clean them away at target clean:
Complete incomplete makefile variable referenses
Change an function macro for ERR match the function it's used in.
Fix a few Configure errors
Enforce the demand for Perl 5.10.0 as a minimum.
Fix freeze in config's interrupt trap with some shells
Fix typo in manual, missing ending '>'
static-engine is no longer an internal keyword, remove it from %disabled
Small typo
Cygwin configs were missing thread_scheme settings, add them
Not all shells understand !
Make the perl dependency post-processor into just one line
Appveyor - make sure to actually build "shared" in the shared
configuration
DLL object files should not be built with /Zl"
When building DLLs, hack the library name in the .def file
Prepare for 1.1.0-pre4 release
Rob Percival (50):
Tests for parsing and printing certificates containing SCTs
GH752 ct_test uses testutil, so include that
Public API for Certificate Transparency
Fix for potential deferencing of null pointer in o2i_SCT_signature
Moves SCT struct typedef into ossl_typ.h
Verify SCT signatures
Fixes potential double free and memory leak in ct_b64.c
Addresses review comments from richsalz
Move macros for reading/writing integers into ct_locl.h
CT policy validation
Adds CT validation to SSL connections
Change default CT log list filename to "ct_log_list.cnf"
Extends s_client to allow a basic CT policy to be enabled
If a CT log entry in CTLOG_FILE is invalid, skip it and continue loading
Handle missing "enabled_logs" line in CT log file
Handle empty log name in "enable_logs" line of the CT log file
Documentation for new SSL functions
Documentation for new CT s_client flags
Remove redundant semi-colons from apps/Makefile.in
Make formatting consistent in apps/Makefile.in
Fixes memory leaks in CT code
CT code now calls X509_free() after calling SSL_get_peer_certificate()
Lowercase name of SSL_validate_ct as it is an internal function
Use s->session->peer instead of calling SSL_get_peer_certificate(s)
Remove OPENSSL_NO_UNIT_TEST guard from ct_test.c
Minor update to includes and documentation for ct_test.c
Makes SCT_LIST_set_source return the number of successes
Extensive application of __owur to CT functions that return a boolean
Make parameters of CTLOG_get* const
Treat boolean functions as booleans
Fixes "usuable" typo in ct_locl.h
Use SCT_VERSION_V1 in place of literal 0 in ct_test.c
Reset SCT validation_status if the SCT is modified
Remove unnecessary call to SCT_set1_extensions(sct, "", 0) in ct_test.c
Updates ct_err.c
Improved documentation of SCT_CTX_* functions
Makes CTLOG_STORE_get0_log_by_id return const CTLOG*
Makes SCT_get0_log return const CTLOG*
Removes SCT_LIST_set_source and SCT_LIST_set0_logs
Makes STACK_OF(SCT)* parameter of i2d_SCT_LIST const
Make SCT literals into const variables in ct_test.c
Document importance of CTLOG_STORE outliving SCT if SCT_set0_log is used
Do not display a CT log error message if CT validation is disabled
Minor improvement to formatting of SCT output in s_client
Documentation for ctx_set_ctlog_list_file()
check reviewer --reviewer=emilia Remove 'log' field from SCT and
related accessors
check reviewer --reviewer=emilia Pass entire CTLOG_STORE to
SCT_print, rather than just the SCT's CTLOG
check reviewer --reviewer=emilia Use SSL_get_SSL_CTX instead of
passing SSL_CTX to s_client.c:print_stuff
Surround ctx_set_ctlog_list_file() with #ifndef OPENSSL_NO_CT
constify CT_POLICY_EVAL_CTX getters
Roumen Petrov (4):
Fix OPENSSL_config with NULL parameter
remove redundant opt* declarations
documentation: RSA_new_method argument
correct name of GNU shared libraries
Todd Short (6):
GH787: Fix ALPN
Add cipher query functions
GH787: Fix ALPN
Fix SSL_CIPHER_get_auth_nid return
Fix locking in ssl_cert_dup()
Update .gitignore to ignore all cscope files
Viktor Dukhovni (5):
Work-around for proxy->s_server retry logic
Update documentation of SSL METHODs and ciphers
Improved HKDF and TLS1-PRF documentation
Don't free NCONF obtained values
Add X509_CHECK_FLAG_NEVER_CHECK_SUBJECT flag
Viktor Szakats (6):
OPENSSL_init_ssl.pod: fix minor typo Reviewed-by: Matt Caswell
<m...@openssl.org> Reviewed-by: Richard Levitte <levi...@openssl.org>
md_rand: FAQ URL to use https and follow a redirect
GH712: Missed some no-filenames cases
GH758: e_dasync_err.h: honor no-filenames option
GH781: openssl.spec: use secure urls
remove ms/.rnd and add it to .gitignore
Zhao Junwang (1):
GH706: Use NULL for pointer compare.
clucey (3):
ALG: Add AFALG engine
Rework based on feedback: 1. Cleaned up eventfd handling 2.
Reworked socket setup code to allow other algorithms to be added in
future 3. Fixed compile errors for static build 4. Added error to error
stack in all cases of ALG_PERR/ALG_ERR 5. Called afalg_aes_128_cbc() from
bind() to avoid race conditions 6. Used MAX_INFLIGHT define in io_getevents
system call 7. Coding style fixes
Adding afalg test
fbroda (1):
General verify options to openssl ts
-----------------------------------------------------------------------
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
