The annotated tag OpenSSL_1_1_0-pre1 has been created
at 8593c20d6c85d03850a446e80a8e9b2a9d0bfb4a (tag)
tagging 22c21b60afb33bf32f91560e7c29c21588429420 (commit)
replaces master-post-reformat
tagged by Matt Caswell
on Thu Dec 10 14:23:10 2015 +0000
- Log -----------------------------------------------------------------
OpenSSL 1.1.0-pre1 release tag
Adam Eijdenberg (9):
RT3961: Fix switch/case errors in flag parsing
RT3962: Check accept_count only if not unlimited
RT3963: Allow OCSP stapling with -rev and -www
Fix unhandled error condition in sslv2 client hello parsing.
Change error reason to match previous behaviour.
Fix clang uninitialized variable warning.
RT3984: Fix clang compiler warning on Mac OS X where %ld is used for
uint64_t.
Initial commit for Certificate Transparency support
Clarify return values for EVP_DigestVerifyFinal.
Adam Langley (1):
Allow a zero length extension block
Alessandro Ghedini (28):
GH371: Print debug info for ALPN extension
GH354: Memory leak fixes
Add initial Travis CI configuration
Use the shlib wrapper when running nptest
Fix build on mingw
Make BUF_strndup() read-safe on arbitrary inputs
Properly format linux-arm64ilp32 target config
GH408 follow-on: update buflen
Print debug info for extended master secret extension
Validate ClientHello extension field length
Fix travis builds on master
GH429: Add clang to travis
Add Clang 3.6 and additional GCC 5 builds to travis
Remove bugs/ and crypto/threads/
Do not treat 0 return value from BIO_get_fd() as error
Replace malloc+strlcpy with strdup
Fix memory leaks and other mistakes on errors
Set salt length after the malloc has succeeded
Fix typos
Fix references to various RFCs
Check memory allocation
Remove useless code
Add Travis builds with undefined behavior sanitizer
Fix (minor) problems found by ubsan
Add no-asm builds to Travis
Declare cleanse_ctr variable as extern
Add initial AppVeyor configuration
Remove useless locking code
Alok Menghrajani (3):
RT3802: Fixes typos in doc/crypto/
Fixes some typos in doc/apps/
Fixes some typos in doc/ssl/
Andy Polyakov (127):
sha256-armv4.pl: fix typo.
Fix macosx-ppc build (and typos in unwind info).
Add assembly support to ios64-cross. Fix typos in ios64-cross config
line.
Keep disclaiming 16-bit support.
des/asm/des_enc.m4: strip #ifdef OPENSSL_SYS_ULTRASPARC as part of
pre-processor controls cleanup. It doesn't mean that it no longer works on
UltraSPARC, only that it doesn't utilize sparcv9-specific features like
branch prediction hints and load in little-endian byte order anymore. This
"costs" ~3% in EDE3 performance regression on UltraSPARC.
Configure: addendum to OPENSSL_NO_[RMD160|RIPEMD] harmonization.
modes/gcm128.c: fix OPENSSL_SMALL_FOOTPRINT compile failure on
affected platforms (PowerPC and AArch64).
modes/gcm128.c: harmonize ctx->ghash assignment, shortcut *_ctr32 in
OPENSSL_SMALL_FOOTPRINT build, remove undesired reformat artefact and
inconsistency in pre-processor logic.
cms-test.pl: "localize" /dev/null even further [as follow-up to VMS].
des/asm/des_enc.m4: fix brown-bag typo in last commit.
Harmonize objects.pl output with new format.
evp/e_aes.c: fix pair of SPARC T4-specific problems:
bn/bn_add.c: fix dead code elimination that went bad.
Bring objects.pl output even closer to new format.
Add ec/asm/ecp_nistz256-x86.pl module.
Engage ecp_nistz256-x86 module.
ec/asm/ecp_nistz256-x86.pl: fix typos (error shows in Windows build).
Configure: disable warning C4090 in Windows builds.
ec/ecp_nistz256.c: fix compiler warnings.
Add more Camellia OIDs.
Add Camellia CTR mode.
Add ec/asm/ecp_nistz256-armv4.pl module.
Engage ecp_nistz256-armv4 module.
evp/evp.h: add missing camellia-ctr declarations.
evp/evp_test.c: avoid crashes when referencing uninitialized pointers.
sha/asm/sha1-586.pl: fix typo.
perlasm/x86masm.pl: make it work.
aes/asm/bsaes-armv7: fix kernel-side XTS and harmonize with Linux.
Fix crash in SPARC T4 XTS.
ARMv4 assembly pack: add Cortex-A15 performance data.
ssl/s3_clnt.c: fix intermittent failures.
Avoid reading an unused byte after the buffer
Configure: fold related configurations more aggressively and clean-up.
sha/asm/sha256-armv4.pl: adapt for use in Linux kernel context.
Configure: remove unused variables.
Add vpaes-amrv8.pl module.
Engage vpaes-armv8 module.
ec/asm/ecp_nistz256-x86_64.pl: update commentary with before-after
performance data.
sha/asm/sha256-armv4.pl: fix compile issue in kernel and eliminate
little-endian dependency.
sha/asm/sha512-armv4.pl: adapt for use in Linux kernel context.
Configure: android-arm facelift.
perlasm/arm-xlate.pl update (fix end-less loop and prepare for 32-bit
iOS).
aes/asm/aesv8-armx.pl: optimize for Cortex-A5x.
sha/asm/sha*-armv8.pl: add Denver and X-Gene esults.
modes/asm/ghashv8-armx.pl: up to 90% performance improvement.
aes/asm/vpaes-armv8.pl: make it compile on iOS.
Add ARMv8 Montgomery multiplication module.
Configure: engage ARMv8 Montgomery multiplication module.
ec/ecp_nistp*.c: fix SEGVs.
crypto/ec/ecp_nistp[224|521].c: fix formatting.
Configure: add initial support for 64-bit Android.
Add ecp_nistz256-armv8 module.
Configure: Engage ecp_nistz256-armv8 module.
Add assembly support for 32-bit iOS.
aes/asm/aesni-x86[_64].pl update.
aes/asm/aesni-x86.pl: fix typo affecting Windows build.
modes/asm/ghashv8-armx.pl: additional performance data.
Add ec/asm/ecp_nistz256-sparcv9.pl.
Engage ec/asm/ecp_nistz256-sparcv9 module.
aes/asm/aesni-sha256-x86_64.pl: fix Windows compilation failure with old
assembler.
aes/asm/bsaes-armv7.pl: fix compilation with Xcode 6.3.
Configurations/10-main.conf: update iOS commentary.
bn/asm/armv8-mont.pl: boost performance.
bn/Makefile: give MacOS X hand to compiler armv8-mont module.
util/incore update.
bn/asm/vis3-mont.pl: fix intermittent EC failures on SPARC T3.
bn/bn_gf2m.c: appease STACK, unstable code detector.
bn/asm/x86_64-mont5.pl: fix valgrind error.
bn/bn_lcl.h: fix MIPS-specific gcc version check.
Configure: replace -mv8 with -mcpu=v8 in SPARC config lines.
gcm.c: address linker warning about OPENSSL_ia32cap_P size mismatch.
e_aes_cbc_hmac_sha*.c: address linker warning about OPENSSL_ia32cap_P
size mismatch.
bn/bn_gf2m.c: avoid infinite loop wich malformed ECParamters.
ARMv4 assembly pack: implement support for Thumb2.
Allow ILP32 compilation in AArch64 assembly pack.
Configurations: add linux-arm64ilp32 target.
Skylake performance results.
Harmonize util/mkrc.pl with header move.
Update year in Windows builds.
Rationalize .gitignore and harmonize pair of Makefiles.
asn1t.h: silence -Wmissing-prototype in Windows builds.
Fix prototypes in e_ossttest.c.
Fix pedantic warnings in mingw builds.
Fix -Wshadow warnings in mingw builds.
engine/e_capi.c: fix various warnings.
bn/asm/armv4-mont.pl: boost NEON performance.
Explicitly cast INVALID_SOCKET to (int) to address warnings on Windows.
Address Windows warnings in apps/.
bio/bss_log.c: harmonize format string to silence -Wformat.
Harmonize pointer printing and size_t-fy casts.
Address more Windows warnings illuminated by mingw.
Configurations: move -Wno-pedantic-ms-format to .travis.yml.
Test suite: minimal required to get mingw 'make test' work under Linux.
Test suite: chomp->s/\R// to harmonize with mingw 'make test'.
Harmonize do_rehash_rule with updated test/recipies/25-test_verify.t.
testlib/OpenSSL/Test.pm: remove redundant 'cmd /c', MSWin32 Perl can take
care of itself.
modes/asm/ghash-armv4.pl: extend Apple fix to all clang cases.
Triggered by RT#3989.
aesni-sha256-x86_64.pl: fix crash on AMD Jaguar.
bn/asm/s390x.S: improve performance on z196 and z13 by up to 26%. [even
z10 is couple percent faster]. Triggered by RT#4128, but solves the problem by
real modulo-scheduling.
crypto/sec_mem.c: fix anonymous mmap on legacy systems.
bn/asm/ppc64-mont.pl: adapt for little-endian.
e_os.h: bump minimal _WIN32_WINNT.
aes/asm/vpaes-ppc.pl: eliminate overhung stores in misaligned cases.
Fix STRICT_ALIGNMENT for whrlpool
e_os.h: __sun done right.
Makefile.org: add LC_ALL=C to unify error [and other] messages.
x86_64 assembly pack: tune clang version detection.
Configuratons: add -DFILIO_H to harmonized Solaris targets.
modes/ocb128.c: ocb_lookup_l to allow non-contiguous lookup and
CRYPTO_ocb128_encrypt to handle in==out.
modes/ocb128.c: split fixed block xors to aligned and misaligned.
crypto/sparcv9cap.c: add SIGILL-free feature detection for Solaris.
modes/ocb128.c: fix sanitizer warning.
perlasm/ppc-xlate.pl: comply with ABIs that specify vrsave as reserved.
bn/asm/x86_64-mont5.pl: fix carry propagating bug (CVE-2015-3193).
ARMv4 assembly pack: allow Thumb2 even in iOS build, and engage it in
most modules.
Add reference ChaCha20 and Poly1305 implementations.
Add ChaCha20-Poly1305 and ChaCha20 NIDs.
evp/evp_enc.c: allow EVP_CIPHER.ctx_size to be 0.
crypto/evp: add e_chacha20_poly1305.c.
test/evp_test.c: allow generic AEAD ciphers to be tested.
evp/c_allc.c: wire ChaCha20-Poly1305 and add tests.
Wire ChaCha20-Poly1305 to TLS.
Configure: make no-chacha and no-poly1305 work.
make update.
modes/ocb128.c: fix overstep.
x86[_64] assembly pack: add optimized AES-NI OCB subroutines.
evp/e_aes.c: wire hardware-assisted block function to OCB.
Annie Yousar (1):
RT3230: Better test for C identifier
Anton Blanchard (1):
RT3990: Fix #include path.
Ben Kaduk (1):
GH367 follow-up, for more clarity
Ben Laurie (19):
Build correctly for me on FreeBSD 10.
u_len may be unused.
Use BN_ULONG format.
Fix build on MacOS.
Clean all .o files.
Only define PAGE_SIZE if not already defined.
Make BSD make happy with subdirectories.
Build with --strict-warnings on FreeBSD.
Add -Wconditional-uninitialized to clang strict warnings.
Fix refactoring breakage.
Fix uninitalised warning.
Find the right indent on *BSD.
Fix uninit warning. Remove unnecessary casts. Nothing to add is an error.
Enable -Wmissing-variable-declarations and
-Wincompatible-pointer-types-discards-qualifiers (the latter did not require
any code changes).
Display brief help if no options for list.
Fix undeclared variable warnings.
Improve make depend.
Probably fix travis (wine build).
Link library for backtrace() on BSD...
Benjamin Kaduk (1):
Supply a build rule for the recently added nptest
Billy Brumley (1):
fix copy paste error in ec_GF2m function prototypes
Bjoern D. Rasmussen (1):
Fix for memcpy() and strcmp() being undefined.
Carl Jackson (1):
Fix regression in ASN1_UTCTIME_cmp_time_t
Chris Watts (1):
Ignore generated *.S ARM assembly files
Clang via Jeffrey Walton (1):
RT3684: rand_egd needs stddef.h
Corinna Vinschen (1):
Drop redundant and outdated __CYGWIN32__ tests. Change
OPENSSL_SYSNAME_CYGWIN32 to OPENSSL_SYSNAME_CYGWIN. Drop outdated Cygwin
targets.
David Bar (1):
RT3674: Make no-cms build work.
David Brodski (1):
Fixed problem with multiple load-unload of comp zlib
David Woodhouse (11):
Wrong SSL version in DTLS1_BAD_VER ClientHello
Add DTLS to SSL_get_version
Add DTLS support to ssltest
RT3998: fix X509_check_host.pod release to 1.0.2
Revert "OPENSSL_NO_xxx cleanup: RFC3779"
RT3951: Add X509_V_FLAG_NO_CHECK_TIME to suppress time check
RT3969: Add OPENSSL_SYS_UEFI
RT3993: Fix error found by VS2008
RT3992: Make SCT #ifdeffable.
RT3479: Add UTF8 support to BIO_read_filename()
Fix no-stdio build
Dirk Wetter (1):
GH336: Return an exit code if report fails
Dmitry Belyavskiy (3):
Custom cipher constants
New cipher and cipher modes standardized in Russia
Add some new cipher ctrl constants
Dmitry Belyavsky (4):
Add new GOST OIDs
Add NumericString support
Fix error message when loading engines from config
Patch containing TLS implementation for GOST 2012
Dmitry-Me (1):
Fix wrong numbers being passed as string lengths
Doug Hogan (1):
Avoid a double-free in an error path.
Douglas E Engert (1):
Ensure EC private keys retain leading zeros
Dr. Stephen Henson (426):
Check PKCS#8 pkey field is valid before cleansing.
Add flags field to SSL_SESSION.
Utility function to retrieve handshake hashes.
Rewrite ssl3_send_client_key_exchange to support extms.
Extended master secret extension support.
Add extms support to master key generation.
Ctrl to retrieve extms support.
Add CHANGES entry.
Add SSL_get_extms_support documentation.
Remove unused variables.
Preliminary ASN1_TIME documentation.
Make objxref.pl output in correct format
More unused FIPS module code.
Updates to reformat script.
fix windows build
Remove OPENSSL_NO_HMAC
Remove obsolete IMPLEMENT_ASN1_SET_OF
Fix memory leak reporting.
Support for alternative KDFs.
Initial version of new evp_test program.
Add new test file.
New evp_test updates.
Return error code is any tests fail.
New macro to set mac key.
MAC support for evp_test
Add HMAC test data.
Add CMAC test data.
EVP_PKEY support for evp_test
Add EVP_PKEY test data.
Add leak detection, fix leaks.
size_t for buffer functions.
remove unused method declaration
More RSA tests.
Use named curve parameter encoding by default.
Add additional EC documentation.
typo
Don't set no_protocol if -tls1 selected.
Document -no_explicit
Add algorithm skip support.
Make OpenSSL compile with no-rc4
Skip unsupported ciphers in evp_test.
add MD4 test data
Skip unsupported digests in evp_test
Add OCB support and test vectors for evp_test.
reformat evp_test.c
Fix format script.
Check public key is not NULL.
add RIPEMD160 whirlpool tests
Make OCSP structures opaque.
update ordinals
Make STACK_OF opaque.
Additional CMS documentation.
Cleanse PKCS#8 private key components.
update ordinals
additional configuration documentation
ASN.1 print fix.
Update mkstack.pl to match safestack.h
Remove obsolete declarations.
Allocate string types directly.
Update ordinals, fix error message.
Make X509_ATTRIBUTE opaque.
Free up ADB and CHOICE if already initialised.
Reject invalid PSS parameters.
Fix for CVE-2015-0291
Fix ASN1_TYPE_cmp
Fix memory leak.
Add AES unwrap test with invalid key.
Remove old ASN.1 code.
Remove {i2d,d2i}_ASN1_BOOLEAN
Remove deleted functions, update ordinals.
make X509_EXTENSION opaque
Fix build.
Remove old style ASN.1 support.
Move some ASN.1 internals to asn1_int.h
Move some EVP internals to evp_int.h
make depend
Make OCSP response verification more flexible.
Configuration file examples.
make ASN1_OBJECT opaque
Fix verify algorithm.
update ordinals
make X509_NAME opaque
make depend
Support key loading from certificate file
Remove X509_ATTRIBUTE hack.
Move internal only ASN.1 functions to asn1_locl.h
make update
Move more internal only functions to asn1_locl.h
update ordinals
ASN1_TYPE documentation.
Simplify DSA public key handling.
Remove combine option from ASN.1 code.
Make asn1_ex_i2c, asn1_ex_c2i static.
Remove d2i_X509_PKEY and i2d_X509_PKEY
Add private/public key conversion tests
Remove unnecessary asn1_mac.h includes.
Rewrite X509_PKEY_new to avoid old ASN1. macros.
New ASN1_TYPE SEQUENCE functions.
Remove duplicate code.
Remove old ASN.1 code from evp_asn1.c
Add macro to implement static encode functions.
Rewrite ssl_asn1.c using new ASN.1 code.
Remove unnecessary use of ASN1_const_CTX
Remove old ASN.1 functions.
remove asn1_mac.h
make depend
update ordinals
Fix ECDH key identifier support.
Fix ECDH detection, add ECDH keyid test.
Don't set *pval to NULL in ASN1_item_ex_new.
Add -Wtype-limits to strict warnings.
Remove obsolete options for debug-steve*
Limit depth of nested sequences when generating ASN.1
Reject empty generation strings.
Fix encoding bug in i2c_ASN1_INTEGER
SSL_CIPHER lookup functions.
make X509_VERIFY_PARAM opaque
Add OSSL_NELEM macro.
more OSSL_NELEM cases
Return an error in ASN1_TYPE_unpack_sequence if argument is NULL
SSL_CONF table reorganisation.
Digest cached records if not sending a certificate.
Add SSL_use_certificate_chain_file function
Additional X509_ALGOR documentation
Fix cipherlist order.
Allow use of standard integer types.
use unit64_t for CPUID and timestamp code
Add types to indent.pro
ASN1 INTEGER refactor.
CERT tidy
Move signing digest out of CERT.
Move certificate validity flags out of CERT.
move masks out of CERT structure
Add scrypt support.
Add scrypt tests.
make update
Add functions to convert between uint64_t and ASN1_INTEGER.
Add scrypt OID from draft-josefsson-scrypt-kdf-03
Add scrypt PBE algorithm code.
correction
make update
Add PBE tests.
Fix memory leak.
Error if memory limit exceeded.
Add function PKCS8_set0_pbe
scrypt in pkcs8 util
make update
check for error when creating PKCS#8 structure
PEM doc fixes
fix asn1parse -inform
fix warning
make update.
Check ASN1_INTEGER_get for errors.
Update trace code.
return correct NID for undefined object
Restore GOST mac setup.
Tidy disabled algorithm handling.
Encode b == NULL or blen == 0 as zero.
typo: should be OPENSSL_free
remove unnecessary NULL checks
Avoid duplication.
Revert "Avoid duplication."
Remove peer temp keys from SESS_CERT
Remove certificates from sess_cert
Remove unnuecessary ifdefs.
Move peer chain to SSL_SESSION structure.
Remove SESS_CERT entirely.
Tidy up ssl3_digest_cached_records logic.
Avoid duplication.
PSK trace keyex fixes.
Add PSK GCM ciphersuites from RFC5487
Fix PSK client handling.
Add docs for ssl verification parameter functions.
Don't output bogus errors in PKCS12_parse
missing break
Use single master secret generation function.
make update
Check for errors with SRP
Dup peer_chain properly in SSL_SESSION
Relax CCM tag check.
document -2 return value
Sort @sstacklst correctly.
make stacks
correct example
Use uint32_t consistently for flags.
SSL_CONF additions.
Update demo.
typo
free names before context
Document shared sigalgs functions.
Allow any order for signature algorithm string.
Add some OCSP documentation.
Document signature algorithm setting functions.
fields for PSK key, new constants
New PSK keyex text constants
New PSK aliases.
new PSK text constants
Disable unsupported PSK algorithms
Disable all PSK if no callback.
Enable PSK if corresponding mask set.
Check for kECDH with extensions.
Make auto DH work with DHEPSK
PSK PRF correction.
Extended PSK client support.
Extended PSK server support.
PSK premaster secret derivation.
Add full PSK trace support
Initial new PSK ciphersuite defines
Add RFC4279, RFC5487 and RFC5489 ciphersuites.
Add RFC4785 ciphersuites
Update CHANGES
Add PSK ciphersuites to docs
CAMELLIA PSK ciphersuites from RFC6367
Don't request certificates for any PSK ciphersuite
Free and cleanse pms on error
cleanse psk_identity on error
don't reset return value to 0
Err isn't always malloc failure.
Fix memory leak if setup fails.
Return error for unsupported modes.
Documentation for SSL_check_chain()
Update docs.
CCM support.
ccm8 support
Add CCM ciphersuites from RFC6655 and RFC7251
add CCM docs
Add DSA digest length checks.
More test cases.
Remove asn1-kludge option.
make X509_CERT_AUX opaque
make X509_REQ opaque
Add X509_CRL_up_ref function
Add X509_up_ref function.
make update
use uint32_t for certificate flags
functions to retrieve certificate flags
Document extension functions
make update
delete unused structure
Create DSA and ECDSA certificates.
Update ssltest certificate handling.
Fix CCM support in DTLS
Extend ciphersuite test coverage.
make X509_CRL opaque
make update
PBE lookup test
make update
Match SUITEB strings at start of cipher list.
make X509_REVOKED opaque
Replace X509 macros with functions
Avoid direct X509 structure access
make update
Fix warning about mixed declarations and code.
EVP_PKEY_METHOD accessor functions.
Fix "defined but not used" warnings.
Use default field separator.
Fix zlib CMS compilation.
Constify ECDSA_METHOD_new.
Fix PSK identity hint handling.
New ASN.1 embed macro.
Change X509_VAL in X509 structure to embedded.
X509_CRL_INFO embed
Embed X509_CINF
Embed X509_REQ_INFO
Embed various signature algorithms.
Return shared OIDs when decoding.
Print out a list of disabled features.
Add Utils.pm
Change test recipes to use disabled()
Update Simple.pm to use disabled()
typo
Move EVP_PKEY_METHOD into private headers.
make no-dh work
remove unneeded includes
Handle SSL_ERROR_WANT_X509_LOOKUP
Make SRP work with -www
Add accessors for request and CRL signatures
Add accessors for X509_REVOKED.
Add comments to x509_int.h
typo
Additional X509_CRL accessors.
New accessor X509_REQ_get_X509_PUBKEY()
Use accessor functions in X509_CRL_print().
Use accessors in X509_REQ_print().
Document X509 version functions.
Document X509 name get and set functions.
Document X509 public key functions.
Document X509 sign and verify functions.
Document X509_REVOKED functions.
Document i2d_re_X509_REQ_tbs() and i2d_re_X509_CRL_tbs().
Extension parsing and encoding docs.
Document signature accessors.
Update SEE ALSO sections.
Move functions.
Move certificate request and CRL routines to x509 dir.
make depend
Fix path in comments
Avoid structure access in crypto/ts
Make X509 opaque
New function X509_get0_subject_key_id()
Document X509_get0_subject_key_id()
header includes
make update
SRP memory leak fix
Free up ASN.1 structures at top level only.
Don't try and parse boolean type.
Typo.
Make no-psk compile without warnings.
Skip PSK tests for no-psk
embed support for CHOICE type
Embed various OCSP fields.
embed support for ASN1_STRING
embed OCSP_CERTID
RFC5753 compliance.
Handle embed flag in ASN1_STRING_copy().
add CHANGES entry for embed
embed value field of X509_EXTENSION
embed certificate serial number and signature fields
embed CRL serial number and signature fields
Fix self signed handling.
set string type when embedding
Fix memory leak with -issuer option.
Move auto Host adding to query_responder
Read function names from C source files.
fix discrepancy
Rebuild error source files.
Use uint32_t and int32_t for SSL_CIPHER structure.
Replace L suffix with U
absent identity hint should be NULL
Use SSL_TLSV1 only if at least TLS v1.0 is needed.
Don't alow TLS v1.0 ciphersuites for SSLv3
Add "TLSv1.0" cipher alias.
add -tls1_2,-tls1_1 options to ciphers command
add -psk option to ciphers command
Update and clarify ciphers documentation.
Add new X509 accessors
Use accessors for X509_print_ex().
Document new functions
Make GOST ciphersuites require TLSv1
Add support for signer_digest option in TS.
Use better defaults for TSA.
make update
add -pthread to debug-steve*
Limit depth of ASN1 parse printing.
Fix uninitialised p error.
Add MD5+SHA1
Use MD5+SHA1 for default digest if appropriate.
Remove RSA exception when processing server key exchange.
Remove RSA exception when generating server key exchange.
Add ssl3 ctrl to EVP_md5_sha1().
Add EVP_MD_CTX_ctrl function.
Use EVP_md5_sha1() to generate client verify
Use EVP_md5_sha1() to process client verify
make update
Add ctrl for SHA1 and SSLv3
Remove unused cert_verify_mac code
Remove X509_VERIFY_PARAM_ID
PRF and handshake hash revision.
fix function code discrepancy
Use digest tables for defaults.
For TLS < 1.2 use default digest for client certificate
Use digest indices for signature algorithms.
Remove GOST special case: handled automatically now.
Remove legacy sign/verify from EVP_MD.
make update
Remove RSA_FLAG_SIGN_VER flag.
Fix and update versions in CHANGES and NEWS
Extended master secret fixes and checks.
update errors
TLSProxy update
Add extms extension
Extended master secret test script.
Update NEWS
Support for EC_KEY_METHOD.
make errors
EC_KEY_METHOD keygen support.
Move ECDH_KDF_X9_62 to crypto/ec
move ECDH implementation to crypto/ec
Adapt ecdh_compute_key
Add compute key support to EC_KEY_METHOD
make errors
remove ECDH_METHOD from ENGINE
Remove crypto/ecdh update Makefile.org
remove ECDH error loading
remove ecdh.h header
remove ECDH_METHOD typedef
remove ECDH from mkdef.pl
ENGINE fixes
EC_KEY_METHOD init and finish support
EC_KEY_METHOD copy support
Add set methods.
Move ECDSA_SIG ASN.1 to crypto/ec
Move ECDSA implementation to crypto/ec
move ECDSA_SIG definition
adapt ossl_ecdsa.c to crypto/ec
extend EC_KEY_METHOD for signing support
make errors
move ECDSA_SIG prototypes
Add ECDSA_SIG accessor.
modify ecdsatest to use accessor
Move and adapt ECDSA sign and verify functions.
Remove reference to ECDSA_OpenSSL.
return errors for unsupported operations
add sign/verify methods
remove crypto/ecdsa
remove errors
add ECDSA_size to ec_asn1.c
remove ecdsa.h header
add missing prototypes
remove ECDSA_METHOD typedef
remove ECDSA_METHOD from ENGINE
remove ecdsa from mkdef.pl
Engine EC_KEY_METHOD functionality.
Top level ECDSA sign/verify redirection.
make errors
EC_KEY_METHOD accessors.
remove ecdsa.h header references.
make update
set standard EC method in eng_openssl
add block comment
Use NULL comparison
add compatibility headers
remove ECDSA error line
add CHANGES and NEWS entry
remove deleted directories from mkfiles.pl
make default_ec_key_meth static
Edgar Pek (1):
Fix null-pointer dereference
Emilia Kasper (68):
Fix hostname validation in the command-line tool to honour negative
return values.
Harmonize return values in dtls1_buffer_record
Fix undefined behaviour in shifts.
PKCS#7: avoid NULL pointer dereferences with missing content
make update
Initialize variable
Remove code for deleted function from ssl.h
Use -Wall -Wextra with clang
Error out immediately on empty ciphers list.
Repair EAP-FAST session resumption
Correctly set Z_is_one on the return value in the NISTZ256 implementation.
Fix error checking and memory leaks in NISTZ256 precomputation.
Fix Wmaybe-uninitialized: initialize variable
Error checking and memory leak fixes in NISTZ256.
NISTZ256: set Z_is_one to boolean 0/1 as is customary.
NISTZ256: don't swallow malloc errors
NISTZ256: use EC_POINT API and check errors.
NISTZ256: owur'ize.
dhparam: fix documentation
Update documentation with Diffie-Hellman best practices. - Do not
advise generation of DH parameters with dsaparam to save computation time.
- Promote use of custom parameters more, and explicitly forbid use of
built-in parameters weaker than 2048 bits. - Advise the callback to ignore
<keylength> - it is currently called with 1024 bits, but this value can and
should be safely ignored by servers.
Remove dh512.pem
Only support >= 256-bit elliptic curves with ecdh_auto (server) or by
default (client).
Fix ssltest to use 1024-bit DHE parameters
Enable DH tests
Use CRYPTO_memcmp when comparing authenticators
Use CRYPTO_memcmp in ssl3_record.c
Remove SSL_OP_TLS_BLOCK_PADDING_BUG
Fix length checks in X509_cmp_time to avoid out-of-bounds reads.
PKCS#7: Fix NULL dereference with missing EncryptedContent.
rsaz_exp.h: align license with the rest of the contribution
PACKET: constify where possible
Fix SSLv2-compatible ClientHello processing.
PACKET: add methods for reading length-prefixed TLS vectors.
Fix spurious bntest failures.
BN_mod_exp_mont_consttime: check for zero modulus.
RT 3493: fix RSA test
RT4002: check for NULL cipher in p12_crpt.c
apps/speed.c: fix memory leak
PACKET: add PACKET_memdup and PACKET_strndup
Restore SSLerr on PACKET_strndup failure.
RT3754: check for NULL pointer
Disentangle RSA premaster secret parsing
Remove PACKET_(get|goto)_bookmark
RT3757: base64 encoding bugs
base64 decode: check for high bit
Remove PACKET_back
BUF_strndup: tidy
BUF_strdup and friends: update docs
Document BUF_strnlen
Remove ssl_put_cipher_by_char
PACKET: simplify
Silence Wconditional-uninitialized
RT2772: accept empty SessionTicket
Empty session ticket: add a test
Empty NewSessionTicket: test session resumption
PACKET: simplify ServerHello parsing
ssl3_get_client_hello: rearrange logic
PACKETize and clean up ssl_bytes_to_cipher_list.
ssl_sess.c: grab a copy of the session ID
Add PACKET_copy_all
SSLv2 compat ciphers: clarify comment
PACKET: simplify ServerKeyExchange parsing
DTLS: remove unused cookie field
make depend: prefer clang over makedepend
ct_locl.h: fix some comments
Remove EVP_CHECK_DES_KEY
Appease gcc's Wmaybe-uninitialized
PACKET: fix __owur
Eric Dequin (1):
Missing OPENSSL_free on error path.
Ernie Hershey (1):
GH322: Fix typo in generated comment.
Filipe DA SILVA (1):
RT4047: Set reference count earlier
Finn Hakansson (2):
Minor correction to comment.
Fix typo: _REENTERANT -> _REENTRANT
Gilles Khouzam (1):
RT3820: Don't call GetDesktopWindow()
GitHub User (1):
Missing perldoc markup around < literal
Github User (1):
GH293: Typo in CHANGES file.
Graeme Perrow (2):
RT3670: Check return from BUF_MEM_grow_clean
RT32671: wrong multiple errs TS_check_status_info
Gunnar Kudrjavets (4):
Initialize potentially uninitialized local variables
Fix the heap corruption in libeay32!OBJ_add_object.
RT3848: Call SSL_COMP_free_compression_methods
RT3823: Improve the robustness of event logging
Guy Leaver (guleaver) (1):
Fix seg fault with 0 p val in SKE
Hanno Böck (3):
Fix uninitialized variable.
Call of memcmp with null pointers in obj_cmp()
RT3861: Mem/bio leak in req command
Hiroyuki YAMAMORI (1):
Fix DTLS1.2 buffers
Hubert Kario (1):
GH350: -help text few s_client and s_server flags
Ismo Puustinen (2):
GH364: Free memory on an error path
GH367: Fix dsa keygen for too-short seed
Jack Danger Canty (1):
Fixing typo in PROBLEMS
Jacob Bandes-Storch (1):
Add perl modeline to Configure scripts
Jeffrey Walton (2):
RT3472: Doc pkcs8 -iter flag is in OpenSSL 1.1
Explicitly mention PKCS5_PBKDF2_HMAC in EVP doc.
Kai Engert (1):
RT3742: Add xmpp_server to s_client.
Kurt Cancemi (4):
Use constants not numbers
The wrong ifdef is used to guard usage of PSK code
Add missing terminating NULL to speed_options table.
Add missing NULL check in X509V3_parse_list()
Kurt Roeckx (24):
Fix segfault with empty fields as last in the config.
Fix memory leak
Remove ssl_cert_inst()
Make sure that cert is never NULL
Don't send a for ServerKeyExchange for kDHr and kDHd
return unexpected message when receiving kx with kDHr or kDHd
X509_VERIFY_PARAM_free: Check param for NULL
do_dirname: Don't change gen on failures
Correctly check for export size limit
Allow all curves when the client doesn't send an supported elliptic
curves extension
Properly check certificate in case of export ciphers.
Only allow a temporary rsa key exchange when they key is larger than 512.
Check BIO_dgram_sctp_wait_for_dry() return value for error
Check dgram_sctp_write() return value.
d2i: don't update input pointer on failure
Fix return values when adding serverinfo fails.
Fix more d2i cases to properly update the input pointer
BN_sub: document that r might be the same as a or b
Update dasync to use size_t for the sha1 update
Use defined(__sun) instead of defined(sun)
Remove support for SSL_{CTX_}set_tmp_ecdh_callback().
Make SSL_{CTX}_set_tmp_ecdh() call SSL_{CTX_}set1_curves()
Remove SSL_{CTX_}set_ecdh_auto() and always enable ECDH
Remove support for all 40 and 56 bit ciphers.
Loganaden Velvindron (2):
Fix CRYPTO_strdup
Clear BN-mont values when free'ing it.
Long, Qin (1):
Add UEFI flag for rand build
Lubom (1):
Lost alert in DTLS
Manish Goregaokar (1):
Move contributing info to CONTRIBUTING
Marcus Meissner (1):
mark openssl configuration as loaded at end of OPENSSL_config
Markus Rinne (1):
RT4019: Duplicate -hmac flag in dgst.pod
Martin Vejnar (1):
RT3774: double-free in DSA
Matt Caswell (451):
Fix formatting error in pem.h
Fix post-reformat errors preventing windows compilation
Make DTLS always act as if read_ahead is set. The actual value of
read_ahead is ignored for DTLS.
Remove explicit setting of read_ahead for DTLS. It never makes sense not
to use read_ahead with DTLS because it doesn't work. Therefore read_ahead
needs to be the default.
Provide documentation for all SSL(_CTX)?_(get|set)(_default)?_read_ahead
functions.
Replace EVP_CTRL_OCB_SET_TAGLEN with EVP_CTRL_SET_TAG for consistency
with CCM
Harmonise use of EVP_CTRL_GET_TAG/EVP_CTRL_SET_TAG/EVP_CTRL_SET_IVLEN
Rationalise testing of AEAD modes
Fix no-ocb for Windows
Fix warning on some compilers where variable index shadows a global
declaration
Fix various windows compilation issues
Make libssl opaque. Move all structures that were previously protected by
OPENSSL_NO_SSL_INTERN into internal header files.
Remove OPENSSL_NO_SSL_INTERN as it is now redundant - all internals
previously protected by this have been moved into non-public headers
Add changes entry for opaquifying of libssl structures
Fix error handling in ssltest
Remove support for SSL_OP_NETSCAPE_CA_DN_BUG.
Apache Traffic Server has a need to set the rbio without touching the
wbio. There is no mechanism to do that at the moment - SSL_set_bio makes
changes to the wbio even if you pass in SSL_get_wbio().
Remove stray "=back". This was causing newer versions of pod2man to choke.
Remove -DOPENSSL_NO_DEPRECATED from --strict-warnings flags.
HMAC_cleanup, and HMAC_Init are stated as deprecated in the docs and
source. Mark them as such with OPENSSL_USE_DEPRECATED
Remove some functions that are no longer used and break the build with:
./config --strict-warnings enable-deprecated
Make tlsext_tick_lifetime_hint an unsigned long (from signed long).
Provide the API functions SSL_SESSION_has_ticket and
SSL_SESSION_get_ticket_lifetime_hint. The latter has been reported as
required to fix Qt for OpenSSL 1.1.0. I have also added the former in order
to determine whether a ticket is present or not - otherwise it is difficult
to know whether a zero lifetime hint is because the server set it to 0, or
because there is no ticket.
Correct reading back of tlsext_tick_lifetime_hint from ASN1.
Add SSL_SESSION_get0_ticket API function.
In certain situations the server provided certificate chain may no longer
be valid. However the issuer of the leaf, or some intermediate cert is in
fact in the trust store.
Add flag to inhibit checking for alternate certificate chains. Setting
this behaviour will force behaviour as per previous versions of OpenSSL
Add -no_alt_chains option to apps to implement the new
X509_V_FLAG_NO_ALT_CHAINS flag. Using this option means that when building
certificate chains, the first chain found will be the one used. Without this
flag, if the first chain found is not trusted then we will keep looking to
see if we can build an alternative chain instead.
Add documentation for the -no_alt_chains option for various apps, as well
as the X509_V_FLAG_NO_ALT_CHAINS flag.
Import evp_test.c from BoringSSL. Unfortunately we already have a file
called evp_test.c, so I have called this one evp_extra_test.c
Fix a failure to NULL a pointer freed on error.
Provide documentation for i2d_ECPrivateKey and d2i_ECPrivateKey
Add dire warnings about the "reuse" capability of the d2i_* functions.
Remove pointless free, and use preferred way of calling d2i_* functions
Fix some minor documentation issues
Update the SHA* documentation Updates to include SHA224, SHA256,
SHA384 and SHA512. In particular note the restriction on setting md to NULL
with regards to thread safety.
Removed support for SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG. Also removed
the "-hack" option from s_server that set this option.
Remove NETSCAPE_HANG_BUG NETSCAPE_HANG_BUG is a workaround for a
browser bug from many years ago (2000). It predates DTLS, so certainly
has no place in d1_srvr.c. In s3_srvr.c it forces the ServerDone to appear
in the same record as the CertificateRequest when doing client auth.
Fix evp_extra_test.c with no-ec When OpenSSL is configured with
no-ec, then the new evp_extra_test fails to pass. This change adds
appropriate OPENSSL_NO_EC guards around the code.
Fix missing return value checks.
Fixed missing return value checks.
Fix d2i_SSL_SESSION for DTLS1_BAD_VER
Unchecked malloc fixes
Update mkerr.pl for new format
make errors
Fix DTLS1_BAD_VER regression
Prevent handshake with unseeded PRNG
Cleanse buffers
Fix seg fault in ASN1_generate_v3/ASN1_generate_nconf
Fix error handling in bn_exp
Fix EVP_DigestInit_ex with NULL digest
ASN1_primitive_new NULL param handling
Fix asn1_item_print_ctx
Fix dh_pub_encode
Fix dsa_pub_encode
Fix missing return checks in v3_cpols.c
SSL_check_chain fix
Fix RSA_X931_derive_ex
Add malloc failure checks
Move malloc fail checks closer to malloc
Fix memset call in stack.c
Add sanity check to PRF
Fix seg fault in s_time
Fix unintended sign extension
Fix probable_prime over large shift
Remove dead code from crypto
Dead code removal from apps
Multiblock corrupted pointer fix
Fix Seg fault in DTLSv1_listen
Fix DHE Null CKE vulnerability
Update CHANGES
Update NEWS
Fix a failure to NULL a pointer freed on error.
Add DTLS tests to make test
Don't check curves that haven't been sent
Add -DDEBUG_UNUSED to --strict-warnings
Check libssl function returns
Fix missing return value checks
apps return value checks
ssl3_set_handshake_header returns
Fix SSL_clear unused return
Ensure last_write_sequence is saved in DTLS1.2
Add ticket length before buffering DTLS message
Fix misc NULL derefs in sureware engine
Fix return checks in GOST engine
RAND_bytes updates
Deprecate RAND_pseudo_bytes
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG was disabled in 0.9.8q and
1.0.0c. This commit sets the value of
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG to zero.
Add more HMAC tests
Ensure that both the MD and key have been initialised before attempting
to create an HMAC
Add HMAC test for invalid key len
Fix HMAC to pass invalid key len test
Fix bug in s_client. Previously default verify locations would only be
loaded if CAfile or CApath were also supplied and successfully loaded first.
Resolve swallowed returns codes
Create a RECORD_LAYER structure and move read_ahead into it.
Encapsulate SSL3_BUFFER and all access to s->s3->rbuf.
Move s->s3->rrec into s->rlayer
Encapsulate access to s->s3->wbuf
Move s->s3->wbuf to s->rlayer->wbuf
Encapsulate s->s3->rrec
Move s->s3->rrec to s->rlayer->rrec
Encapsulate s->s3->wrec
Move s->s3->wrec to s>rlayer>wrec
Move SSL3_BUFFER set up and release code into ssl3_buffer.c
Move SSL3_RECORD oriented functions into ssl3_record.c
Move more SSL3_RECORD oriented functions into ssl3_record.c
Split out non record layer functions out of s3_pkt.c and d1_pkt.c into
the new files s3_msg.c and s1_msg.c respectively.
Moved s3_pkt.c, s23_pkt.c and d1_pkt.c into the record layer.
Tidy up rec_layer.h. Add some comments regarding which functions should
be being used for what purpose.
Create RECORD_LAYER_clear function.
Introduce the functions RECORD_LAYER_release, RECORD_LAYER_read_pending,
and RECORD_LAYER_write_pending.
Provide RECORD_LAYER_set_data function
Remove RECORD_LAYER_set_ssl and introduce RECORD_LAYER_init
Move ssl3_pending into the record layer
Fix bug where rrec was being released...should have been removed by one
of the earlier record layer commits
Introduce macro RECORD_LAYER_setup_comp_buffer
Removed dependency on rrec from heartbeat processing
Make rrec, wrec, rbuf and wbuf fully private to the record layer. Also,
clean up some access to them. Now that various functions have been moved
into the record layer they no longer need to use the accessor macros.
Remove unneccessary use of accessor function now code is moved into
record layer
Move s->packet and s->packet_length into s->rlayer
Move s->rstate to s->rlayer.rstate
Move s->s3->wnum to s->rlayer.wnum
Move handshake_fragment, handshake_fragment_len, alert_fragment and
alert_fragment_len from s->s3 into s->rlayer
Move s->s3->wpend_* to s->rlayer
Move read_sequence and write_sequence from s->s3 to s->rlayer
Move DTLS1_RECORD_DATA into rec_layer.h
Introduce a DTLS_RECORD_LAYER type for DTLS record layer state
Move r_epoch and w_epoch from s->d1 to s->rlayer.d
Move bitmap and next_bitmap from s->d1 to s->rlayer.d. Create
dtls_bitmap.h and dtls_bitmap.c
Moved processed_rcds and unprocessed_rcds from s->d1 to s->rlayer.d
Fix seg fault in dtls1_new
Move handshake_fragment, handshake_fragment_len, alert_fragment and
alert_fragment_len from s->d1 to s->rlayer.d
Move buffered_app_data from s->d1 to s->rlayer.d
Move ssl3_record_sequence_update into record layer
Move last_write_sequence from s->d1 to s->rlayer.d. Also push some
usage of last_write_sequence out of dtls1_retransmit_message and into the
record layer.
Remove last trace of non-record layer code reading and writing sequence
numbers directly
Reorganise header files
Renamed record layer header files
Remove some unneccessary macros
Rename record layer source files
Fix compilation on windows for record layer
Define SEQ_NUM_SIZE
Fix record.h formatting
Fix formatting oddities
Add Record Layer documentation
Fix record layer "make clean"
Clean up record layer
Fix read_ahead issue
Check for ClientHello message overruns
Fix ssl_get_prev_session overrun
Remove redundant includes from dtls1.h
Fix windows build
make update
Sanity check DES_enc_write buffer length
Sanity check EVP_CTRL_AEAD_TLS_AAD
Sanity check EVP_EncodeUpdate buffer len
Clarify logic in BIO_*printf functions
Add sanity check in ssl3_cbc_digest_record
Sanity check the return from final_finish_mac
Add sanity check to ssl_get_prev_session
Add sanity check to print_bin function
Fix buffer overrun in RSA signing
Remove libcrypto to libssl dependency
make update
Add Error state
Add more error state transitions
Add more error state transitions (client)
Add more error state transitions (DTLS)
Fix windows build
Fix s_server version specific methods
Check sk_SSL_CIPHER_new_null return value
Don't allow a CCS when expecting a CertificateVerify
Remove Kerberos support from apps
Remove Kerberos support from libssl
Remove Kerberos support from libcrypto
Remove remaining Kerberos references
Add CHANGES entry for Kerberos removal
Server side version negotiation rewrite
Client side version negotiation rewrite
Version negotiation rewrite cleanup
Version negotiation rewrite doc updates
Updates following review comments
Move SSLv3_*method() functions
Further version negotiation updates
Fix a memory leak in compression
Fix various OPENSSL_NO_* options
Ignore files from other branches
Remove support for OPENSSL_NO_TLSEXT
Add CHANGES entry for OPENSSL_NO_TLSEXT removal
Reject negative shifts for BN_rshift and BN_lshift
Fix off-by-one in BN_rand
Remove export static DH ciphersuites
Fix typo setting up certificate masks
Set first_packet for TLS clients
Don't send an alert if we've just received one
Handle unsigned struct timeval members
Fix error check in GOST engine
Don't check for a negative SRP extension size
Change the new functions to use size_t
Change return type of the new accessors
Remove struct ccs_header_st
Check the message type requested is the type received in DTLS
Fix race condition in NewSessionTicket
Fix compilation failure for some tool chains
Fix DTLS session resumption
Fix off-by-one error in BN_bn2hex
Clean premaster_secret for GOST
Remove misleading comment
Replace memset with OPENSSL_clear_free()
Fix memory leaks in BIO_dup_chain()
Tighten extension handling
Change BIO_number_read and BIO_number_written() to be 64 bit
EC_POINT_is_on_curve does not return a boolean
Fix leak in HMAC error path
Correct type of RECORD_LAYER_get_rrec_length()
DTLS handshake message fragments musn't span packets
More ssl_session_dup fixes
Update CHANGES and NEWS
Fix ABI break with HMAC
Fix alternate chains certificate forgery issue
Add test for CVE-2015-1793
Reject calls to X509_verify_cert that have not been reinitialised
Add documentation for some missing verify options
Add help text for some verify options
Extend -show_chain option to verify to show more info
Update CHANGES and NEWS for the new release
Apply some missing updates from previous commits
Remove support for SSL3_FLAGS_DELAY_CLIENT_FINISHED
Add test for SSL_set_session_ticket_ext
Fix write failure handling in DTLS1.2
Remove erroneous server_random filling
Add initial packet parsing code
PACKET unit tests
PACKETise ClientHello processing
Move TLS CCS processing into the state machine
Move DTLS CCS processing into the state machine
Fix ssl3_read_bytes handshake fragment bug
Fix make errors for the CCS changes
Fix warning when compiling with no-ec2m
Fix a bug in the new PACKET implementation
PACKETise ClientCertificate processing
PACKETise CertificateVerify processing
PACKETise NextProto
Fix SRTP s_client/s_server options
Revert "Fix uninitalised warning."
Normalise make errors output
Check for 0 modulus in BN_MONT_CTX_set
Add OSSLTest Engine
Add a libssl test harness
Add some libssl tests
Extend TLSProxy capabilities
Add a test for 0 p value in anon DH SKE
make update
Fix missing return value checks in SCTP
Fix "make test" seg fault with SCTP enabled
PACKETise Server Certificate processing
Add missing return check for PACKET_buf_init
Enhance PACKET readability
PACKETise Certificate Status message
Fix session tickets
PACKETise NewSessionTicket
PACKETise ClientKeyExchange processing
PACKETise CertificateRequest
Fix DTLS session ticket renewal
Fix TLSProxy end of test detection
Add NewSessionTicket test suite
Clean up reset of read/write sequences
Fix build break due to rehash command
Updates for NumericString support
PACKETise ServerHello processing
PACKETise ServerKeyExchange
make update
Make sure OPENSSL_cleanse checks for NULL
Fix some test failures when Configured with zlib
Fix -srpvfile option in srp command line
Fix SRP memory leaks
Add GOST extensions to PKCS#5
GOST PKCS12 support
Fix the rehash test on Windows
Add BIO_CTRL_DGRAM_SET_PEEK_MODE
DTLSv1_listen rewrite
Remove remaining old listen code
Add support for DTLSv1_listen in s_server
Add -listen documentation
Add DTLSv1_listen documentation
Fix s_server DTLSv1_listen issues
Clarify DTLSv1_listen documentation
Sanity check cookie_len
Add ability to set default CA path and file locations individually
Document the default CA path functions
Add support for -no-CApath and -no-CAfile options
Document -no-CApath and -no-CAfile
Fix the OCSP test on Windows
Change ossltest engine to manually allocate cipher_data
Add GOST12 cms/smime capabilities
Add a test for duplicated ordinals
Fix libeay.num
Change the DEFAULT ciphersuites to exclude DES, RC4 and RC2
Revert "Custom cipher constants"
Don't advance PACKET in ssl_check_for_safari
Don't treat a bare OCTETSTRING as DigestInfo in int_rsa_verify
Fix no-ripemd on Windows
Fix Windows build
Fix option name discrepancy
Centralise loading default apps config file
Rename -set-serial command to req
Remove Obsolete engines
Avoid undefined behaviour in PACKET_buf_init
Don't use SSLv23_server_method in an example
Split ssl3_get_message
Add initial state machine rewrite code
Split client message reading and writing functions
Implement Client TLS state machine
Client TLS state machine rewrite cleanup
dtls_get_message changes for state machine move
Implement DTLS client move to new state machine
Delete unused functions
Split TLS server functions
Move server side TLS to new state machine
Move server side DTLS to new state machine
Remove redundant code
Redefine old state values
Convert DTLSv1_listen to use new state machine code
Remove the type variable
Remove the SSL state variable
Move PACKET creation into the state machine
Remove ssl_get_message from ssl_method_st
Reorganise state machine files
More state machine reorg
make update
Add a state machine README
Remove some unused variables
Fix a comment
Remove a call to SSL_set_state from s_server
Update CHANGES
Minor documentation tweak
Fix some client side transition logic
Change HANDSHAKE_STATE to OSSL_HANDSHAKE_STATE
Don't depend on SSL structure internals
Change statem prefix to ossl_statem
Remove extraneous parens
Move |no_cert_verify| into state machine
Remove SSL_state and SSL_set_state
Rename STATEM to OSSL_STATEM
Change SUB_STATE_RETURN into a typedef
Remove the old state defines
Add a function to get the info_callback
Fix DTLSv1_listen following state machine changes
Fix unitialised variable problem
Move in_handshake into STATEM
Fix various error codes
make update
Fix uninitialised variable
Fix empty NewSessionTicket processing
Fix a bogus clang warning
Make dtls1_link_min_mtu static
Convert enums to typedefs
Add ossl_statem prefix to various functions
Change snprintf to memcpy
Change SSL_state_string return strings to start with a T
Remove superfluous check
Remove the inline keyword
Add SRP and PSK to disallowed CertificateRequest ciphersuites
Remove some SSLv2 references
Remove a trivially true OPENSSL_assert
Remove an OPENSSL_assert which could fail
Remove a reachable assert from ssl3_write_bytes
Clarify the preferred way of creating patch files
Minor EVP_SignInit_ex doc fix
Ensure the dtls1_get_*_methods work with DTLS_ANY_VERSION
Don't finish the handshake twice
Remove some redundant assignments
Fix compilation problems with SCTP
Remove redundant check from SSL_shutdown
Standardise our style for checking malloc failures
Continue standardising malloc style for libcrypto
Continue standardisation of malloc handling in apps
Continue malloc standardisation in engines
Remove redundant check from tls1_get_curvelist
Fix SSL_use_certificate_chain_file
Remove an NULL ptr deref in an error path
Add comment explaining why we don't check a return value
Check error return from sysconf in secure memory code
Ensure all EVP calls have their returns checked where appropriate
Fix uninitialised variable
Add pthread support
Add async sub-library to libcrypto
Add the Dummy Async engine (dasync)
Make libssl async aware
Add s_server and s_client async support
Various windows build fixes to prepare for windows port
Async port to windows
Add null async implementation
Increase stack size
Async clean ups
Fix s_server -WWW with -async
Use longjmp at setjmp where possible
Add ASYNC_JOB pools
Initial Async notify code changes
Implement local thread pools
Fix s_server bug
Fix pools for s_client
Implement windows async pool and notify support
make update
Document async capabilities
Remove ASYNC_in_job()
Add ASYNC tests
Fix ASYNC null implementation
Optimise ASYNC_CTX handling
Fix windows compilation warnings
Normalise ASYNC naming
More async documentation
Fix the error code for SSL_get_async_wait_fd()
Add s_client support for waiting for async
Update CHANGES
Add ASYNC error codes
make update
Clean up libssl async calls
Tweak async documentation based on feedback
Fix Linux crash
Swap to using _longjmp/_setjmp instead of longjmp/setjmp
Fix clang errors
Fix compilation error on OS-X
Add clarification to docs on ASYNC_free_pool()
Rename some daysnc functions for consistency
Rename start_async_job to ssl_start_async_job
Fix bug in async_fibre_makecontext for POSIX
Further OS-X deprecated warnings tweak
Remove ASYNC NOEXIST functions from libeay.num
Add ASYNC_block_pause and ASYNC_unblock_pause
Fix async deadlock problem
Fix some style issues
Swap to using proper windows pipes
Simplify async pool handling
Convert __thread to pthreads for Thread Local Storage
Implement windows async thread local variable support
Fix a rebase error
Tighten up BN_with_flags usage and avoid a reachable assert
Add documentation for BN_with_flags
Fix a NULL deref in an error path
Updates to GOST2012
Fix EAP FAST in the new state machine
Fix merge error
Add a return value check
Fix mkfiles for new directories
Fix DTLS handshake fragment retries
Ensure |rwstate| is set correctly on BIO_flush
Update CHANGES and NEWS for alpha release
make update
OpenSSL 1.1.0 is now in pre release
Prepare for 1.1.0-pre1 release
Michael Trapp (1):
RT266: Add HTTP proxy/CONNECT to s_client
Michal Bozon (2):
RT4053: Typo in error message
Fix "primarility" typo
Mike Frysinger (1):
Fix malloc define typo
Nathan Phillip Brink (1):
RT2667: Add IRC support to -starttls
Nicholas Cooper (2):
RT3959: Fix misleading comment
RT3948: Some structs have confusing names.
Nick Mathewson (4):
Add SSL_get_client_ciphers() to return ciphers from ClientHello
Add a documentation clarification suggested by Matt Caswell
Add new functions to extract {client,server}_random, master_key
Clarify that SSL3_RANDOM_SIZE is a constant, for now.
Olaf Johansson (1):
GH249: Fix bad regexp in arg parsing.
Pascal Cuoq (8):
Set flags to 0 before calling BN_with_flags()
Properly check return type of DH_compute_key()
Move BN_CTX_start() call so the error case can always call BN_CTX_end().
Move BN_CTX_start() call so the error case can always call BN_CTX_end().
Don't check pointer we just freed, always set it to NULL.
BN_GF2m_mod_inv(): check bn_wexpand return value
BN_usub: Don't copy when r and a the same
ssl3_free(): Return if it wasn't created
Per Allansson (1):
Fix IP_MTU_DISCOVER typo
Peter Dettman (1):
Fix build errors with enable-ec_nistp_64_gcc_128
Peter Mosmans (1):
GH337: Need backslash before leading #
Peter Waltenberg (1):
Exit on error in ecparam
Petr Spacek (1):
Fix key wrapping mode with padding to conform to RFC 5649.
Quanah Gibson-Mount (1):
Fix grammar errors
Rainer Jung (1):
Fix NAME section of d2i_ECPKParameters to prevent broken symlinks when
using the extract-names.pl script.
Rich Salz (227):
Cleanup old doc/*; remove CHANGES.SSLeay
Remove obsolete uncomiled dsagen semi-test
ifdef cleanup, 2 remove OPENSSL_NO_SETVBUF_IONBF
ifdef cleanup part 3: OPENSSL_SYSNAME
ifdef cleanup, part 4a: '#ifdef undef'
Remove unused eng_rsax and related asm file
undef cleanup: use memmove
Make OPENSSL_config truly ignore errors.
Remove obsolete support for old code.
OPENSSL_NO_xxx cleanup: DEC-CBCM removed
OPENSSL_NO_xxx cleanup: many removals
OPENSSL_NO_xxx cleanup: RFC3779
OPENSSL_NO_xxx cleanup: SHA
OPENSSL_NO_XXX cleanup: NO_TLS, NO_TLS1
OPENSSL_NO_XXX cleanup: OPENSSL_NO_BUF_FREELISTS
"#if 0" removal: header files
Dead code removal: Fortezza identifiers
Finish removal of DSS
Rename index to idx to avoid symbol conflicts.
Add missing declaration for lh_node_usage_stats
Remove support for opaque-prf
Fix int/unsigned compiler complaint
Make output consistency: remove blank line
Dead code removal: #if 0 bio, comp, rand
Dead code removal: #if 0 conf, dso, pqueue, threads
Dead code removal #if 0 engines
Dead code clean: #if 0 removal in apps
Dead code removal: #if 0 asn1, pkcs7
Dead code cleanup: crypto/*.c, x509v3, demos
Dead code cleanup: #if 0 dropped from tests
Dead code cleanup; remove #if 0 from crypto/engine
Dead code cleanup: crypto/ec,ecdh,ecdsa
Dead code removal; #if 0 from crypto/des
Dead code: if 0 removal from crypto/evp and an unused file.
Remove old DES API
old_des fix windows build, remove docs
Dead code: crypto/dh,modes,pkcs12,ripemd,rsa,srp
Fix various build breaks
Fixed bad formatting in crypto/des/spr.h
Live code cleanup; #if 1 removal
Use memset in bn_mont
Have mkdef.pl ignore APPLINK settings.
util/mkstack.pl now generates entire safestack.h
dead code cleanup: #if 0 in ssl
Live code cleanup: remove #if 1 stuff
Remove X509_PAIR
Remove ui_compat
ui_compat cleanup; makefiles and vms
Final (for me, for now) dead code cleanup
RT937: Enable pilotAttributeType uniqueIdentifier
Move build config table to separate files.
Remove CVS filtering from find targets
Remove experimental 56bit export ciphers
Cleanup some doc files
Merge OPENSSL_NO_EC{DH,DSA} into OPENSSL_NO_EC
OPENSSL_NO_EC* merge; missed one file
free NULL cleanup
free NULL cleanup
free NULL cleanup
free NULL cleanup.
free NULL cleanup
Fewer newlines in comp method output
consistent test-start logging
Drop CA.sh for CA.pl
test script cleanup
fix to "test script cleanup"
free NULL cleanup 10
Fix memory leak
free NULL cleanup 9
Use 2K RSA and SHA256 in tests
Remove SET oid config file and SET certs
ssltest output cleanup
Avoid "no config file" warning message
Big apps cleanup (option-parsing, etc)
Add missing BIO_flush() calls
fewer NO_ENGINE #ifdef's
Add -nocommands to s_client.
RT2451: Add telnet to s_client -starttls
Remove EFENCE support.
RT2206: Add -issuer flag to ocsp command
Quote HTML entities in s_server output
apps-cleanup: the doc fixes
Free malloc data on encoding errors.
RT2962: add -keytab and -krb5svc flags.
Remove the special list-xxxx commands
Fix main build breakage.
Fix error message
Fix typo in help & comment formatting
Simplify parse_yesno; remove local variable
Add readline (etc) support
CRYPTO_mem_leaks should ignore it's BIO argument.
ERR_ cleanup
remove malloc casts
realloc of NULL is like malloc
Make "make rehash" quiet
Remove needless bio_err argument
use isxdigit and apps_tohex
Rewrite parse_name
Add HTTP GET support to OCSP server
Fix bug, "what mode" test was wrong.
free NULL cleanup 8
free NULL cleanup 5a
In apps, malloc or die
free cleanup almost the finale
free cleanup 12
free NULL cleanup 7
Rewrite CA.pl.in
Fix some typo's, silence warnings.
free null cleanup finale
free NULL cleanup 11
Remove goto inside an if(0) block
free NULL cleanup -- coda
Remove outdated RC4 files
RT3776: Wrong size for malloc
fix various typo's
RT1369: don't do "helpful" access check.
Fix cut/paste error
Use safer sizeof variant in malloc
GH271: Warning on </dev/null to CA.pl
Remove the fake RLE compression method.
Remove apps cache for gethostbyname
Update multi-thread FAQ
memset, memcpy, sizeof consistency fixes
Make sig_app, sigx_app static
Use "==0" instead of "!strcmp" etc
Use p==NULL not !p (in if statements, mainly)
Make COMP_CTX and COMP_METHOD opaque
Remove some outdated #defines.
RT1207: document SSL_COMP_free_compression_methods.
RT3841: memset() cipher_data when allocated
Fix ocsp bugs
Add missing ctype.h
Update mkdef for moved header file.
Make up for a missed 'make update' update.
Use #error in openssl/srp.h
Remove unused #ifdef's from header files
Replace switch/assignments with table lookup
fix s_client crash
Fix segfault in ec command
Use enum for X509_LOOKUP_TYPE
RT3876: Only load config when needed
clear/cleanse cleanup
Silence Clang warning about unit'd variable
RT832: Use REUSEADDR in ocsp responder
Standardize handling of #ifdef'd options.
Rename all static TS_xxx to ts_xxx
Set error code, no fprintf stderr, on errors.
No fprintf in the txt_db component
Use bio_err not stderr in apps.
Fix -DZLIB build for opaque COMP types
Refactor into clear_ciphers; RT3588
RT2547: Tighten perms on generated privkey files
RT3917: add cleanup on an error path
RT3907: avoid "local" in testssl script
RT3907-fix
RT3682: Avoid double-free on OCSP parse error
Add $! to errors, use script basename.
More secure storage of key material.
Fix windows build
Can't use -trusted with -CA{path,file}
Revert "Missing perldoc markup around < literal"
Remove obsolete key formats.
Rewrite crypto/ex_data
Some cleanups for crypto/bn
Tweak README about rt and bug reporting.
RT3639: Add -no_comp description to online help
Various doc fixes from GH pull requests
Fix build break.
RT3999: Remove sub-component version strings
GH365: Missing #ifdef rename.
Remove Gost94 signature algorithm.
Fix FAQ formatting for new website.
Move FAQ to the web.
GH345: Remove stderr output
Fix L<> content in manpages
Small cleanup of crypto.pod
GH372: Remove duplicate flags
BN_bin2bn handle leading zero's
Remove _locked memory functions.
Various doc fixes.
Fix memory over-read
Fix 4c42ebd; forgot to inutil util/libeay.num
Remove the "times" directory.
RT3767: openssl_button.gif should be PNG
Move OPENSSL_ITEM to store.h
Add and use OPENSSL_zalloc
Check OPENSSL_gmtime_diff
remove 0 assignments.
More zalloc nits
RT3998: Allow scrypt to be disabled
Test for NULL ptr == 0
RT3955: Reduce some stack usage
Make TS structures opaque.
Cleanup testtsa script
Fix typo, that broke build on non-unix
fix build breakage on windows
GH391: Apple port
add support for apple os/x
Fix rehash/c_rehash doc and behavior.
Unwriteable directories are errors
RT4033: Use OPENSSL_SYS_UNIX not "unix"
Remove "noise" comments from TS files.
GH398: Add mingw cross-compile, etc.
Restore the old interactive prompt.
Remove obsolete OCSP demo
Change --debug to -d for compat with old releases.
Fix typo in previous commit.
Remove obsolete b64 demo's
Make update / libeay.num fix
Remove BIO_s_file_internal macro.
Run tests on Travis for mingw builds as well
Move crypto/threads to demo/threads
Remove HAMC_cleanup
Remove SSLeay history, etc., from docs
Replace "SSLeay" in API with OpenSSL
Remove des_ver.h; broke build.
Various README updates
PR1279: Clean up CONTRIBUTING
Rename RSA_eay_xxx to rsa_ossl_xxx
Turn B<...()> into ...()
Fix a few missed "if (!ptr)" cleanups
"make update" after async merge.
Remove BN_init
ex_data part 2: doc fixes and CRYPTO_free_ex_index.
typo fix on function
Run test_ordinals after update
Refer to website for acknowledgements.
Richard Godbee (3):
BIO_debug_callback: Fix output on 64-bit machines
wrap128.c: Fix Doxygen comments
CRYPTO_128_unwrap(): Fix refactoring damage
Richard Levitte (257):
clang on Linux x86_64 complains about unreachable code.
dso_vms needs to add the .EXE extension if there is none already
VMS adjustments:
VMS adjustments:
VMS build changes
VMS adjustments:
VMS adjustments:
VMS exit codes weren't handled well enough and were unclear
Update on the use of logical names for OpenSSL configuration
Since SHA0 was completely removed, also remove the related test
Make the libssl opaque changes compile on VMS
Transfer a fix from 1.0.1
Assume TERMIOS is default, remove TERMIO on all Linux.
Restore -DTERMIO/-DTERMIOS on Windows platforms.
Catch up the VMS build.
Cleanup spaces
update TABLE
Move Configurations* out of the way and rename them.
Rewrite Configure to handle the target values as hash tables.
Add template reference processing.
Add base template processing.
Provide a few examples by converting my own strings to hash table
configurations
Rethink templates.
Change all the main configurations to the new format.
Find debug- targets that can be combined with their non-debug
counterparts and do so
Updated TABLE
Configuration cleanup: personal configs
Do not keep TABLE in version control.
Correct the request of debug builds
If the target is an old style debug- target, it will not have debugging
[cl]flags
Refer to $table{$target} rather than $table{$t}.
Actually remove TABLE from version control
Remove PREFIX, as it's not used any more.
JPAKE Makefile missing 'files' target
Adjust include path
Fix eng_cryptodev to not depend on BN internals.
Use OPENSSL_malloc rather than malloc/calloc
Teach mkdef.pl to handle multiline declarations.
Update ordinals
Have a shared library version thats reasonable with our version scheme
Initialised 'ok' and redo the logic.
Fix some faults in util/mk1mf.pl
Stop symlinking, move files to intended directory
Remove EXHEADER, TEST, APPS, links:, install: and uninstall: where
relevant
Remove remaining variables for symlinked/copied headers and tests
Now that we've removed the need for symlinks, we can safely remove
util/mklinks.pl
Remove SSL_TASK, the DECnet Based SSL Engine
Remove SSL_TASK, the DECnet Based SSL Engine - addendum
Appease clang -Wempty-translation-unit
Appease clang -Wgnu-statement-expression
Appease clang -Wshadow
Ignore the non-dll windows specific build directories
Have mkerr.pl treat already existing multiline string defs properly
test/Makefile dclean cleans out a few files too many.
Small fixes after the Big apps cleanup
Fix the check of test apps in util/mk1mf.pl
Allow for types with leading underscore when checking error macros.
Remove shlib/
Remove obsolete make variables
Have -K actually take an argument, and correct help text
RT2943: Check sizes if -iv and -K arguments
Remove the last traces of the fake RLE compression
make update
ZLIB compression deserves a better comment
Add a -CAserial argument for signing the user cert request
Make -CAserial a type 's' option
Move definition of INTxx_MIN et al to internal header
Identify and move OpenSSL internal header files
make depend
Adjust unixly mk1mf after introduction of tkey
Identify and move common internal libcrypto header files
Add -Iinclude to crypto/ compiles
make depend
Fix the update target and remove duplicate file updates
Missed a couple of spots in the update change
Fix update and depend in engines/
Fix double BIO_free in req
Restore module loading
Remove OPENSSL_CONF=/dev/null from tests
Add the macro OPENSSL_SYS_WIN64
Add and rearrange building of libraries
When making libcrypto from apps or test, make sure to include engines
Make sure test/gost2814789test.c can see configuration macros
Remove one extraneous parenthesis
Make preprocessor error into real preprocessor error
Cleanup mttest.c : remove MS_CALLBACK
Cleanup mttest.c : modernise the threads setup
Cleanup mttest.c : modernise output
Cleanup mttest.c : make ssl_method a pointer to const
Cleanup mttest.c : better error reporting when certs are miggins
Cleanup mttest.c : do not try to output reference counts when threads are
done
Cleanup mttest.c : use BIO_free only, no preceding hacks
Add -ldl to the build of mttest.c
Cleanup mttest.c : because we no longer use stdio here, don't include it
Rearrange rsaz
make update
Make "oneline" the default for nameopt
Document the nameopt change
Stop using tardy
Set numeric IDs for tar as well
Remove extra '; \' in apps/Makefile
Small script to re-encode files that need it to UTF-8
Conversion to UTF-8 where needed
Use dynamic engine for libssl test harness
Use -I to add to @INC, and use -w to produce warnings
Fixups in libssl test harness
for test_sslvertol, add a value to display SSL version < 3 in debug
Add new types to indent.pro
Add emacs CC mode style for OpenSSL
Add an example .dir-locals.el
Remove auto-fill-mode
Ignore .dir-locals.el
Two changes at ones lead to a confused libeay.num. Fix
Win32 build fix: include internal/numbers.h to get UIN32_MAX
Make the verify_extra test location agnostic
Make the handling of output and input formats consistent
Change the way apps open their input and output files
Have the test executables output in text mode
Have binary mode when the format is binary, not the other way around
Remove warning about use of uninitialised variable
dup_bio_* and bio_open_* are utility functions and belong in apps.c
Change the treatment of stdin and stdout to allow binary data
Fixup merge conflicts in util/libeay.num
Fix enc so it properly treats BASE64 as text
Small fix: make istext static
Groundwork for a perl based testing framework
Add math tests recipes
Add recipes for individual block ciphers, stream ciphers and digests
Add the encryption test recipe
Add a helper script for key file format conversion tests
Add asymetric cipher test recipes
Add recipes for tests related to certificates
Add engine and evp test recipes.
Add recipes for the larger protocols
Add recipes for misc other things we want to test
Ignore the log files
Remove test targets from Makefile, have it use run_tests.pl
Simplify very simple test recipes further.
Adapt mk1mf.pl and helpers to the new testing framework.
Remove old testing scripts out of the way.
Tone down the requirements of a test that will go away.
Have 'make clean' clean away the log files.
Add version numbers on some modules we use.
New feature: STOPTEST
Change OpenSSL::Test to be an extension of Test::More
Document OpenSSL::Test and OpenSSL::Test::Simple
Rework 00-test_checkexes.t for VMS
Push the line buffer filter on the out BIO on VMS
Add a few missing tests
Remove special x509 test conversions
Better method of skipping all the tests in 00-check_testexes.t
Check the validity of MINFO
Adapt the libssl test harness testing scripts to new testing framework
Remake test/sslsessionticktest.pl into a recipe
Correct test name
Add a recipe for the new gmdiff test
Add documentation for the new testing framework
Incorporate recent changes that were originally made in test/testssl
Small fix in OpenSSL::Test
Remake the testsslproxy tests
Add a recipe for the new pbelu test
Change the 80-test_tsa recipe as per changes in testtsa
Add a recipe for the new null pointer test
Make sure that 80-test_ca.t finds all the config files
Adjust the verify_extra test recipe to its executable
Adjust the general fill-column in doc/dir-locals.example.el
Fix a few tests that depended on the wrong algorithm check
Make sure the temporary error log resides in a well defined location
Add a simple test for the new rehash command
Add a few notes on perl
Add a method to list available tests
Extend the notes on how to do testing
Check if test_rehash is run as root
Make sure to actually use @smime_cms_comp_test when testing it...
Small typo
Sort the disabled features alphabetically
Add more features that may be disabled
Add more features that may be disabled
Add more features that may be disabled
Add more features that may be disabled
Finally, remove a possibly disabled feature
Correct whirlpool test
Correct sha tests
Correct jpake test
Correct srp test
Simplify Simple.pm further, and make it more verbose
Remove the hard coded -DOPENSSL_NO_DEPRECATED from DEPFLAG
Fix make depend for things being built in subdirectories
make depend
When ENGINE_add finds that id or name is missing, actually return
Because ct_locl.h is used between modules, move it to internal headers
Add crypto/include/internal to the directories to scan for stack
declarations
make update
ct_locl.h moved, reflect it in crypto/ct/Makefile
Handle CT error macros separately
Don't forget to load the CT error strings
make update
Add an explicit list of options that can be disabled, enabled, ...
Make Configure die when unsupported options are given
Only include SRP headers when OPENSSL_NO_SRP is undefined
Have BIO_get_conn_int_port use BIO_ctrl instead BIO_int_ctrl
Document how BIO_get_conn_ip and BIO_get_conn_int_port actually work
Remove dummy argument from BIO_get_bind_mode
Remove PROXY controls that aren't used anywhere
Correct or add comments indicating what controls belong to what
BIO_s_datagram() ctrl doesn't support SEEK/TELL, so don't pretend it does
Remove the state parameter from BIO_ctrl_set_connected
Fix usage of BIO_ctrl_set_connected
Make the match for previous cflags a bit more strict
make update
Drop the old perl start magic and replace it with a normal shebang
Add backtrace to memory leak output
_BSD_SOURCE is deprecated, use _DEFAULT_SOURCE instead
Move the backtrace memleak options to a separate variable
Fix ./Configure reconf
Run test/run_tests.pl directly in the test_ordinals target
Small changes to creating dists
In travis, build from a "source release" rather than from the build tree
Do not add symlinks in the source release
Make the definition of EVP_MD_CTX opaque
Have other crypto/evp files include evp_locl.h
Adapt HMAC to the EVP_MD_CTX changes
Document the changed HMAC API.
Adjust all accesses to EVP_MD_CTX to use accessor functions.
Make the definition of EVP_MD opaque
Have the few apps that accessed EVP_MD directly use accessors instead
Adapt all engines that add new EVP_MDs
Add inclusion of internal/evp_int.h to all crypto/ files that need it
Make the definition of HMAC_CTX opaque
Adapt the rest of the source to the opaque HMAC_CTX
Remove EVP_MD_CTX_cleanup and put its functionality into EVP_MD_CTX_init
Remove HMAC_CTX_cleanup and combine its functionality into EVP_MD_CTX_init
Adapt the rest of the source to the removal of
(EVP_MD_CTX|HMAC_CTX)_cleanup
Cleanup: Remove M_EVP_MD_* macros
Cleanup: rename EVP_MD_CTX_(create|init|destroy) to
EVP_MD_CTX_(new|reset|free)
Cleanup: fix all sources that used EVP_MD_CTX_(create|init|destroy)
Cleanup: support EVP_MD_CTX_(create|init|destroy) for deprecated use
Cleanup: rename HMAC_CTX_init to HMAC_CTX_reset
Cleanup: fix all sources that used HMAC_CTX_init
make update
Document the EVP_MD_CTX changes
Document the HMAC changes
Document EVP_MD constructors, destructors and manipulators
Add an entry in CHANGES
Change tar owner and group to just 0
Fix clang complaints about uninitialised variables.
Remove typedef of HMAC_CTX from crypto/hmac/hmac_lcl.h
Remove double semi (;)
Cleanup the EVP_MD_CTX before exit rather than after
Make it possible to affect the way dists are made
Adapt the OS X build to use the OS X tar
Not all 'find's know -xtype, use -type instead
Additional NEWS
NEWS: Add a bit of precision regarding removal of cipher suites
Move the definitions of EC_KEY and EC_KEY_METHOD to ossl_typ.h
Fix warnings about unused variables when EC is disabled.
Don't run rehash as part of building the openssl app
Rob Stradling (1):
Use inner algorithm when printing certificate.
Robert Swiecki (1):
Don't add write errors into bytecounts
Rodger Combs (1):
Increase buffer size for passwords in pkcs12 CLI
Russell Webb (1):
RT3856: Fix memory leaks in test code
Sergey Agievich (1):
Add funtions to set item_sign and item_verify
Soheil Rashidi (1):
Fixed typo in rsautl.pod
StudioEtrange (1):
GitHub284: Fix typo in xx-32.pl scripts.
Tim Hudson (4):
Fix argument processing error from the option parsing change over.
Fix argument processing error from the option parsing change over.
restore usage of -elapsed that was disabled in the ifdef reorg
Restore previous behaviour of only running one algorithm when -evp alg is
used.
Tim Zhang (1):
Fix the comment for POINT_CONVERSION_UNCOMPRESSED
Timo Teras (1):
Add rehash command to openssl
Viktor Dkhovni (1):
Replace exit() with error return.
Viktor Dukhovni (16):
Polish shell script to avoid needless complexity.
Code style: space after 'if'
SunOS non-posix shells do not grok export name=value
Fix typo in valid_star
Maintain backwards-compatible SSLv23_method macros
GH correct organizationalUnitName
Better handling of verify param id peername field
Cleaner handling of "cnid" in do_x509_check
Fix indentation
Explicit OpenSSL_version_num() implementation prototype
Good hygiene with size_t output argument.
Async error handling and MacOS/X fixes
Correct aes-128-cbc cipher name
Revert unnecessary SSL_CIPHER_get_bits API change
Really disable 56-bit (single-DES) ciphers
Fix typo and improve a bit of text
Viktor Szakats (1):
GitHub 237: Use https for IETF links
Vitezslav Cizek (1):
GH297: Fix NAME section of SSL_CTX_use_serverinfo.pod
Vladimir Kotal (1):
fix compilation on Solaris
bluelineXY (1):
GH357: Update ocsp.c
janpopan (1):
RT4015: Add missing date to CHANGES
mancha (1):
Fix author credit for e5c0bc6
mancha security (3):
ssl/s3_srvr.c: Fix typo introduced via 69f682374868b.
ssl/ssl_asn1.c: Fix typo introduced via cc5b6a03a320f1
ssl/kssl.c: include missing header to complete SSL structure's defn.
mrpre (2):
check bn_new return value
In X509_STORE_CTX_init, cleanup on failure
-----------------------------------------------------------------------
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
