[openssl-commits] [openssl] OpenSSL_1_1_0-pre1 create

Matt Caswell matt at openssl.org
Thu Dec 10 14:42:01 UTC 2015

The annotated tag OpenSSL_1_1_0-pre1 has been created
        at  8593c20d6c85d03850a446e80a8e9b2a9d0bfb4a (tag)
   tagging  22c21b60afb33bf32f91560e7c29c21588429420 (commit)
  replaces  master-post-reformat
 tagged by  Matt Caswell
        on  Thu Dec 10 14:23:10 2015 +0000

- Log -----------------------------------------------------------------
OpenSSL 1.1.0-pre1 release tag

Adam Eijdenberg (9):
      RT3961: Fix switch/case errors in flag parsing
      RT3962: Check accept_count only if not unlimited
      RT3963: Allow OCSP stapling with -rev and -www
      Fix unhandled error condition in sslv2 client hello parsing.
      Change error reason to match previous behaviour.
      Fix clang uninitialized variable warning.
      RT3984: Fix clang compiler warning on Mac OS X where %ld is used for uint64_t.
      Initial commit for Certificate Transparency support
      Clarify return values for EVP_DigestVerifyFinal.

Adam Langley (1):
      Allow a zero length extension block

Alessandro Ghedini (28):
      GH371: Print debug info for ALPN extension
      GH354: Memory leak fixes
      Add initial Travis CI configuration
      Use the shlib wrapper when running nptest
      Fix build on mingw
      Make BUF_strndup() read-safe on arbitrary inputs
      Properly format linux-arm64ilp32 target config
      GH408 follow-on: update buflen
      Print debug info for extended master secret extension
      Validate ClientHello extension field length
      Fix travis builds on master
      GH429: Add clang to travis
      Add Clang 3.6 and additional GCC 5 builds to travis
      Remove bugs/ and crypto/threads/
      Do not treat 0 return value from BIO_get_fd() as error
      Replace malloc+strlcpy with strdup
      Fix memory leaks and other mistakes on errors
      Set salt length after the malloc has succeeded
      Fix typos
      Fix references to various RFCs
      Check memory allocation
      Remove useless code
      Add Travis builds with undefined behavior sanitizer
      Fix (minor) problems found by ubsan
      Add no-asm builds to Travis
      Declare cleanse_ctr variable as extern
      Add initial AppVeyor configuration
      Remove useless locking code

Alok Menghrajani (3):
      RT3802: Fixes typos in doc/crypto/
      Fixes some typos in doc/apps/
      Fixes some typos in doc/ssl/

Andy Polyakov (127):
      sha256-armv4.pl: fix typo.
      Fix macosx-ppc build (and typos in unwind info).
      Add assembly support to ios64-cross.     Fix typos in ios64-cross config line.
      Keep disclaiming 16-bit support.
      des/asm/des_enc.m4: strip #ifdef OPENSSL_SYS_ULTRASPARC as part of     pre-processor controls cleanup. It doesn't mean that it no longer     works on UltraSPARC, only that it doesn't utilize sparcv9-specific     features like branch prediction hints and load in little-endian byte     order anymore. This "costs" ~3% in EDE3 performance regression on     UltraSPARC.
      Configure: addendum to OPENSSL_NO_[RMD160|RIPEMD] harmonization.
      modes/gcm128.c: fix OPENSSL_SMALL_FOOTPRINT compile failure     on affected platforms (PowerPC and AArch64).
      modes/gcm128.c: harmonize ctx->ghash assignment, shortcut *_ctr32     in OPENSSL_SMALL_FOOTPRINT build, remove undesired reformat artefact     and inconsistency in pre-processor logic.
      cms-test.pl: "localize" /dev/null even further [as follow-up to VMS].
      des/asm/des_enc.m4: fix brown-bag typo in last commit.
      Harmonize objects.pl output with new format.
      evp/e_aes.c: fix pair of SPARC T4-specific problems:
      bn/bn_add.c: fix dead code elimination that went bad.
      Bring objects.pl output even closer to new format.
      Add ec/asm/ecp_nistz256-x86.pl module.
      Engage ecp_nistz256-x86 module.
      ec/asm/ecp_nistz256-x86.pl: fix typos (error shows in Windows build).
      Configure: disable warning C4090 in Windows builds.
      ec/ecp_nistz256.c: fix compiler warnings.
      Add more Camellia OIDs.
      Add Camellia CTR mode.
      Add ec/asm/ecp_nistz256-armv4.pl module.
      Engage ecp_nistz256-armv4 module.
      evp/evp.h: add missing camellia-ctr declarations.
      evp/evp_test.c: avoid crashes when referencing uninitialized pointers.
      sha/asm/sha1-586.pl: fix typo.
      perlasm/x86masm.pl: make it work.
      aes/asm/bsaes-armv7: fix kernel-side XTS and harmonize with Linux.
      Fix crash in SPARC T4 XTS.
      ARMv4 assembly pack: add Cortex-A15 performance data.
      ssl/s3_clnt.c: fix intermittent failures.
      Avoid reading an unused byte after the buffer
      Configure: fold related configurations more aggressively and clean-up.
      sha/asm/sha256-armv4.pl: adapt for use in Linux kernel context.
      Configure: remove unused variables.
      Add vpaes-amrv8.pl module.
      Engage vpaes-armv8 module.
      ec/asm/ecp_nistz256-x86_64.pl: update commentary with before-after performance data.
      sha/asm/sha256-armv4.pl: fix compile issue in kernel     and eliminate little-endian dependency.
      sha/asm/sha512-armv4.pl: adapt for use in Linux kernel context.
      Configure: android-arm facelift.
      perlasm/arm-xlate.pl update (fix end-less loop and prepare for 32-bit iOS).
      aes/asm/aesv8-armx.pl: optimize for Cortex-A5x.
      sha/asm/sha*-armv8.pl: add Denver and X-Gene esults.
      modes/asm/ghashv8-armx.pl: up to 90% performance improvement.
      aes/asm/vpaes-armv8.pl: make it compile on iOS.
      Add ARMv8 Montgomery multiplication module.
      Configure: engage ARMv8 Montgomery multiplication module.
      ec/ecp_nistp*.c: fix SEGVs.
      crypto/ec/ecp_nistp[224|521].c: fix formatting.
      Configure: add initial support for 64-bit Android.
      Add ecp_nistz256-armv8 module.
      Configure: Engage ecp_nistz256-armv8 module.
      Add assembly support for 32-bit iOS.
      aes/asm/aesni-x86[_64].pl update.
      aes/asm/aesni-x86.pl: fix typo affecting Windows build.
      modes/asm/ghashv8-armx.pl: additional performance data.
      Add ec/asm/ecp_nistz256-sparcv9.pl.
      Engage ec/asm/ecp_nistz256-sparcv9 module.
      aes/asm/aesni-sha256-x86_64.pl: fix Windows compilation failure with old assembler.
      aes/asm/bsaes-armv7.pl: fix compilation with Xcode 6.3.
      Configurations/10-main.conf: update iOS commentary.
      bn/asm/armv8-mont.pl: boost performance.
      bn/Makefile: give MacOS X hand to compiler armv8-mont module.
      util/incore update.
      bn/asm/vis3-mont.pl: fix intermittent EC failures on SPARC T3.
      bn/bn_gf2m.c: appease STACK, unstable code detector.
      bn/asm/x86_64-mont5.pl: fix valgrind error.
      bn/bn_lcl.h: fix MIPS-specific gcc version check.
      Configure: replace -mv8 with -mcpu=v8 in SPARC config lines.
      gcm.c: address linker warning about OPENSSL_ia32cap_P size mismatch.
      e_aes_cbc_hmac_sha*.c: address linker warning about OPENSSL_ia32cap_P size mismatch.
      bn/bn_gf2m.c: avoid infinite loop wich malformed ECParamters.
      ARMv4 assembly pack: implement support for Thumb2.
      Allow ILP32 compilation in AArch64 assembly pack.
      Configurations: add linux-arm64ilp32 target.
      Skylake performance results.
      Harmonize util/mkrc.pl with header move.
      Update year in Windows builds.
      Rationalize .gitignore and harmonize pair of Makefiles.
      asn1t.h: silence -Wmissing-prototype in Windows builds.
      Fix prototypes in e_ossttest.c.
      Fix pedantic warnings in mingw builds.
      Fix -Wshadow warnings in mingw builds.
      engine/e_capi.c: fix various warnings.
      bn/asm/armv4-mont.pl: boost NEON performance.
      Explicitly cast INVALID_SOCKET to (int) to address warnings on Windows.
      Address Windows warnings in apps/.
      bio/bss_log.c: harmonize format string to silence -Wformat.
      Harmonize pointer printing and size_t-fy casts.
      Address more Windows warnings illuminated by mingw.
      Configurations: move -Wno-pedantic-ms-format to .travis.yml.
      Test suite: minimal required to get mingw 'make test' work under Linux.
      Test suite: chomp->s/\R// to harmonize with mingw 'make test'.
      Harmonize do_rehash_rule with updated test/recipies/25-test_verify.t.
      testlib/OpenSSL/Test.pm: remove redundant 'cmd /c', MSWin32 Perl can take care of itself.
      modes/asm/ghash-armv4.pl: extend Apple fix to all clang cases.     Triggered by RT#3989.
      aesni-sha256-x86_64.pl: fix crash on AMD Jaguar.
      bn/asm/s390x.S: improve performance on z196 and z13 by up to 26%. [even z10 is couple percent faster]. Triggered by RT#4128, but solves the problem by real modulo-scheduling.
      crypto/sec_mem.c: fix anonymous mmap on legacy systems.
      bn/asm/ppc64-mont.pl: adapt for little-endian.
      e_os.h: bump minimal _WIN32_WINNT.
      aes/asm/vpaes-ppc.pl: eliminate overhung stores in misaligned cases.
      Fix STRICT_ALIGNMENT for whrlpool
      e_os.h: __sun done right.
      Makefile.org: add LC_ALL=C to unify error [and other] messages.
      x86_64 assembly pack: tune clang version detection.
      Configuratons: add -DFILIO_H to harmonized Solaris targets.
      modes/ocb128.c: ocb_lookup_l to allow non-contiguous lookup     and CRYPTO_ocb128_encrypt to handle in==out.
      modes/ocb128.c: split fixed block xors to aligned and misaligned.
      crypto/sparcv9cap.c: add SIGILL-free feature detection for Solaris.
      modes/ocb128.c: fix sanitizer warning.
      perlasm/ppc-xlate.pl: comply with ABIs that specify vrsave as reserved.
      bn/asm/x86_64-mont5.pl: fix carry propagating bug (CVE-2015-3193).
      ARMv4 assembly pack: allow Thumb2 even in iOS build,     and engage it in most modules.
      Add reference ChaCha20 and Poly1305 implementations.
      Add ChaCha20-Poly1305 and ChaCha20 NIDs.
      evp/evp_enc.c: allow EVP_CIPHER.ctx_size to be 0.
      crypto/evp: add e_chacha20_poly1305.c.
      test/evp_test.c: allow generic AEAD ciphers to be tested.
      evp/c_allc.c: wire ChaCha20-Poly1305 and add tests.
      Wire ChaCha20-Poly1305 to TLS.
      Configure: make no-chacha and no-poly1305 work.
      make update.
      modes/ocb128.c: fix overstep.
      x86[_64] assembly pack: add optimized AES-NI OCB subroutines.
      evp/e_aes.c: wire hardware-assisted block function to OCB.

Annie Yousar (1):
      RT3230: Better test for C identifier

Anton Blanchard (1):
      RT3990: Fix #include path.

Ben Kaduk (1):
      GH367 follow-up, for more clarity

Ben Laurie (19):
      Build correctly for me on FreeBSD 10.
      u_len may be unused.
      Use BN_ULONG format.
      Fix build on MacOS.
      Clean all .o files.
      Only define PAGE_SIZE if not already defined.
      Make BSD make happy with subdirectories.
      Build with --strict-warnings on FreeBSD.
      Add -Wconditional-uninitialized to clang strict warnings.
      Fix refactoring breakage.
      Fix uninitalised warning.
      Find the right indent on *BSD.
      Fix uninit warning. Remove unnecessary casts. Nothing to add is an error.
      Enable -Wmissing-variable-declarations and     -Wincompatible-pointer-types-discards-qualifiers (the latter did not require     any code changes).
      Display brief help if no options for list.
      Fix undeclared variable warnings.
      Improve make depend.
      Probably fix travis (wine build).
      Link library for backtrace() on BSD...

Benjamin Kaduk (1):
      Supply a build rule for the recently added nptest

Billy Brumley (1):
      fix copy paste error in ec_GF2m function prototypes

Bjoern D. Rasmussen (1):
      Fix for memcpy() and strcmp() being undefined.

Carl Jackson (1):
      Fix regression in ASN1_UTCTIME_cmp_time_t

Chris Watts (1):
      Ignore generated *.S ARM assembly files

Clang via Jeffrey Walton (1):
      RT3684: rand_egd needs stddef.h

Corinna Vinschen (1):
      Drop redundant and outdated __CYGWIN32__ tests.     Change OPENSSL_SYSNAME_CYGWIN32 to OPENSSL_SYSNAME_CYGWIN.     Drop outdated Cygwin targets.

David Bar (1):
      RT3674: Make no-cms build work.

David Brodski (1):
      Fixed problem with multiple load-unload of comp zlib

David Woodhouse (11):
      Wrong SSL version in DTLS1_BAD_VER ClientHello
      Add DTLS to SSL_get_version
      Add DTLS support to ssltest
      RT3998: fix X509_check_host.pod release to 1.0.2
      Revert "OPENSSL_NO_xxx cleanup: RFC3779"
      RT3951: Add X509_V_FLAG_NO_CHECK_TIME to suppress time check
      RT3969: Add OPENSSL_SYS_UEFI
      RT3993: Fix error found by VS2008
      RT3992: Make SCT #ifdeffable.
      RT3479: Add UTF8 support to BIO_read_filename()
      Fix no-stdio build

Dirk Wetter (1):
      GH336: Return an exit code if report fails

Dmitry Belyavskiy (3):
      Custom cipher constants
      New cipher and cipher modes standardized in Russia
      Add some new cipher ctrl constants

Dmitry Belyavsky (4):
      Add new GOST OIDs
      Add NumericString support
      Fix error message when loading engines from config
      Patch containing TLS implementation for GOST 2012

Dmitry-Me (1):
      Fix wrong numbers being passed as string lengths

Doug Hogan (1):
      Avoid a double-free in an error path.

Douglas E Engert (1):
      Ensure EC private keys retain leading zeros

Dr. Stephen Henson (426):
      Check PKCS#8 pkey field is valid before cleansing.
      Add flags field to SSL_SESSION.
      Utility function to retrieve handshake hashes.
      Rewrite ssl3_send_client_key_exchange to support extms.
      Extended master secret extension support.
      Add extms support to master key generation.
      Ctrl to retrieve extms support.
      Add CHANGES entry.
      Add SSL_get_extms_support documentation.
      Remove unused variables.
      Preliminary ASN1_TIME documentation.
      Make objxref.pl output in correct format
      More unused FIPS module code.
      Updates to reformat script.
      fix windows build
      Remove OPENSSL_NO_HMAC
      Remove obsolete IMPLEMENT_ASN1_SET_OF
      Fix memory leak reporting.
      Support for alternative KDFs.
      Initial version of new evp_test program.
      Add new test file.
      New evp_test updates.
      Return error code is any tests fail.
      New macro to set mac key.
      MAC support for evp_test
      Add HMAC test data.
      Add CMAC test data.
      EVP_PKEY support for evp_test
      Add EVP_PKEY test data.
      Add leak detection, fix leaks.
      size_t for buffer functions.
      remove unused method declaration
      More RSA tests.
      Use named curve parameter encoding by default.
      Add additional EC documentation.
      Don't set no_protocol if -tls1 selected.
      Document -no_explicit
      Add algorithm skip support.
      Make OpenSSL compile with no-rc4
      Skip unsupported ciphers in evp_test.
      add MD4 test data
      Skip unsupported digests in evp_test
      Add OCB support and test vectors for evp_test.
      reformat evp_test.c
      Fix format script.
      Check public key is not NULL.
      add RIPEMD160 whirlpool tests
      Make OCSP structures opaque.
      update ordinals
      Make STACK_OF opaque.
      Additional CMS documentation.
      Cleanse PKCS#8 private key components.
      update ordinals
      additional configuration documentation
      ASN.1 print fix.
      Update mkstack.pl to match safestack.h
      Remove obsolete declarations.
      Allocate string types directly.
      Update ordinals, fix error message.
      Make X509_ATTRIBUTE opaque.
      Free up ADB and CHOICE if already initialised.
      Reject invalid PSS parameters.
      Fix for CVE-2015-0291
      Fix ASN1_TYPE_cmp
      Fix memory leak.
      Add AES unwrap test with invalid key.
      Remove old ASN.1 code.
      Remove {i2d,d2i}_ASN1_BOOLEAN
      Remove deleted functions, update ordinals.
      make X509_EXTENSION opaque
      Fix build.
      Remove old style ASN.1 support.
      Move some ASN.1 internals to asn1_int.h
      Move some EVP internals to evp_int.h
      make depend
      Make OCSP response verification more flexible.
      Configuration file examples.
      make ASN1_OBJECT opaque
      Fix verify algorithm.
      update ordinals
      make X509_NAME opaque
      make depend
      Support key loading from certificate file
      Remove X509_ATTRIBUTE hack.
      Move internal only ASN.1 functions to asn1_locl.h
      make update
      Move more internal only functions to asn1_locl.h
      update ordinals
      ASN1_TYPE documentation.
      Simplify DSA public key handling.
      Remove combine option from ASN.1 code.
      Make asn1_ex_i2c, asn1_ex_c2i static.
      Remove d2i_X509_PKEY and i2d_X509_PKEY
      Add private/public key conversion tests
      Remove unnecessary asn1_mac.h includes.
      Rewrite X509_PKEY_new to avoid old ASN1. macros.
      New ASN1_TYPE SEQUENCE functions.
      Remove duplicate code.
      Remove old ASN.1 code from evp_asn1.c
      Add macro to implement static encode functions.
      Rewrite ssl_asn1.c using new ASN.1 code.
      Remove unnecessary use of ASN1_const_CTX
      Remove old ASN.1 functions.
      remove asn1_mac.h
      make depend
      update ordinals
      Fix ECDH key identifier support.
      Fix ECDH detection, add ECDH keyid test.
      Don't set *pval to NULL in ASN1_item_ex_new.
      Add -Wtype-limits to strict warnings.
      Remove obsolete options for debug-steve*
      Limit depth of nested sequences when generating ASN.1
      Reject empty generation strings.
      Fix encoding bug in i2c_ASN1_INTEGER
      SSL_CIPHER lookup functions.
      make X509_VERIFY_PARAM opaque
      Add OSSL_NELEM macro.
      more OSSL_NELEM cases
      Return an error in ASN1_TYPE_unpack_sequence if argument is NULL
      SSL_CONF table reorganisation.
      Digest cached records if not sending a certificate.
      Add SSL_use_certificate_chain_file function
      Additional X509_ALGOR documentation
      Fix cipherlist order.
      Allow use of standard integer types.
      use unit64_t for CPUID and timestamp code
      Add types to indent.pro
      ASN1 INTEGER refactor.
      CERT tidy
      Move signing digest out of CERT.
      Move certificate validity flags out of CERT.
      move masks out of CERT structure
      Add scrypt support.
      Add scrypt tests.
      make update
      Add functions to convert between uint64_t and ASN1_INTEGER.
      Add scrypt OID from draft-josefsson-scrypt-kdf-03
      Add scrypt PBE algorithm code.
      make update
      Add PBE tests.
      Fix memory leak.
      Error if memory limit exceeded.
      Add function PKCS8_set0_pbe
      scrypt in pkcs8 util
      make update
      check for error when creating PKCS#8 structure
      PEM doc fixes
      fix asn1parse -inform
      fix warning
      make update.
      Check ASN1_INTEGER_get for errors.
      Update trace code.
      return correct NID for undefined object
      Restore GOST mac setup.
      Tidy disabled algorithm handling.
      Encode b == NULL or blen == 0 as zero.
      typo: should be OPENSSL_free
      remove unnecessary NULL checks
      Avoid duplication.
      Revert "Avoid duplication."
      Remove peer temp keys from SESS_CERT
      Remove certificates from sess_cert
      Remove unnuecessary ifdefs.
      Move peer chain to SSL_SESSION structure.
      Remove SESS_CERT entirely.
      Tidy up ssl3_digest_cached_records logic.
      Avoid duplication.
      PSK trace keyex fixes.
      Add PSK GCM ciphersuites from RFC5487
      Fix PSK client handling.
      Add docs for ssl verification parameter functions.
      Don't output bogus errors in PKCS12_parse
      missing break
      Use single master secret generation function.
      make update
      Check for errors with SRP
      Dup peer_chain properly in SSL_SESSION
      Relax CCM tag check.
      document -2 return value
      Sort @sstacklst correctly.
      make stacks
      correct example
      Use uint32_t consistently for flags.
      SSL_CONF additions.
      Update demo.
      free names before context
      Document shared sigalgs functions.
      Allow any order for signature algorithm string.
      Add some OCSP documentation.
      Document signature algorithm setting functions.
      fields for PSK key, new constants
      New PSK keyex text constants
      New PSK aliases.
      new PSK text constants
      Disable unsupported PSK algorithms
      Disable all PSK if no callback.
      Enable PSK if corresponding mask set.
      Check for kECDH with extensions.
      Make auto DH work with DHEPSK
      PSK PRF correction.
      Extended PSK client support.
      Extended PSK server support.
      PSK premaster secret derivation.
      Add full PSK trace support
      Initial new PSK ciphersuite defines
      Add RFC4279, RFC5487 and RFC5489 ciphersuites.
      Add RFC4785 ciphersuites
      Update CHANGES
      Add PSK ciphersuites to docs
      CAMELLIA PSK ciphersuites from RFC6367
      Don't request certificates for any PSK ciphersuite
      Free and cleanse pms on error
      cleanse psk_identity on error
      don't reset return value to 0
      Err isn't always malloc failure.
      Fix memory leak if setup fails.
      Return error for unsupported modes.
      Documentation for SSL_check_chain()
      Update docs.
      CCM support.
      ccm8 support
      Add CCM ciphersuites from RFC6655 and RFC7251
      add CCM docs
      Add DSA digest length checks.
      More test cases.
      Remove asn1-kludge option.
      make X509_CERT_AUX opaque
      make X509_REQ opaque
      Add X509_CRL_up_ref function
      Add X509_up_ref function.
      make update
      use uint32_t for certificate flags
      functions to retrieve certificate flags
      Document extension functions
      make update
      delete unused structure
      Create DSA and ECDSA certificates.
      Update ssltest certificate handling.
      Fix CCM support in DTLS
      Extend ciphersuite test coverage.
      make X509_CRL opaque
      make update
      PBE lookup test
      make update
      Match SUITEB strings at start of cipher list.
      make X509_REVOKED opaque
      Replace X509 macros with functions
      Avoid direct X509 structure access
      make update
      Fix warning about mixed declarations and code.
      EVP_PKEY_METHOD accessor functions.
      Fix "defined but not used" warnings.
      Use default field separator.
      Fix zlib CMS compilation.
      Constify ECDSA_METHOD_new.
      Fix PSK identity hint handling.
      New ASN.1 embed macro.
      Change X509_VAL in X509 structure to embedded.
      X509_CRL_INFO embed
      Embed X509_CINF
      Embed X509_REQ_INFO
      Embed various signature algorithms.
      Return shared OIDs when decoding.
      Print out a list of disabled features.
      Add Utils.pm
      Change test recipes to use disabled()
      Update Simple.pm to use disabled()
      Move EVP_PKEY_METHOD into private headers.
      make no-dh work
      remove unneeded includes
      Make SRP work with -www
      Add accessors for request and CRL signatures
      Add accessors for X509_REVOKED.
      Add comments to x509_int.h
      Additional X509_CRL accessors.
      New accessor X509_REQ_get_X509_PUBKEY()
      Use accessor functions in X509_CRL_print().
      Use accessors in X509_REQ_print().
      Document X509 version functions.
      Document X509 name get and set functions.
      Document X509 public key functions.
      Document X509 sign and verify functions.
      Document X509_REVOKED functions.
      Document i2d_re_X509_REQ_tbs() and i2d_re_X509_CRL_tbs().
      Extension parsing and encoding docs.
      Document signature accessors.
      Update SEE ALSO sections.
      Move functions.
      Move certificate request and CRL routines to x509 dir.
      make depend
      Fix path in comments
      Avoid structure access in crypto/ts
      Make X509 opaque
      New function X509_get0_subject_key_id()
      Document X509_get0_subject_key_id()
      header includes
      make update
      SRP memory leak fix
      Free up ASN.1 structures at top level only.
      Don't try and parse boolean type.
      Make no-psk compile without warnings.
      Skip PSK tests for no-psk
      embed support for CHOICE type
      Embed various OCSP fields.
      embed support for ASN1_STRING
      embed OCSP_CERTID
      RFC5753 compliance.
      Handle embed flag in ASN1_STRING_copy().
      add CHANGES entry for embed
      embed value field of X509_EXTENSION
      embed certificate serial number and signature fields
      embed CRL serial number and signature fields
      Fix self signed handling.
      set string type when embedding
      Fix memory leak with -issuer option.
      Move auto Host adding to query_responder
      Read function names from C source files.
      fix discrepancy
      Rebuild error source files.
      Use uint32_t and int32_t for SSL_CIPHER structure.
      Replace L suffix with U
      absent identity hint should be NULL
      Use SSL_TLSV1 only if at least TLS v1.0 is needed.
      Don't alow TLS v1.0 ciphersuites for SSLv3
      Add "TLSv1.0" cipher alias.
      add -tls1_2,-tls1_1 options to ciphers command
      add -psk option to ciphers command
      Update and clarify ciphers documentation.
      Add new X509 accessors
      Use accessors for X509_print_ex().
      Document new functions
      Make GOST ciphersuites require TLSv1
      Add support for signer_digest option in TS.
      Use better defaults for TSA.
      make update
      add -pthread to debug-steve*
      Limit depth of ASN1 parse printing.
      Fix uninitialised p error.
      Add MD5+SHA1
      Use MD5+SHA1 for default digest if appropriate.
      Remove RSA exception when processing server key exchange.
      Remove RSA exception when generating server key exchange.
      Add ssl3 ctrl to EVP_md5_sha1().
      Add EVP_MD_CTX_ctrl function.
      Use EVP_md5_sha1() to generate client verify
      Use EVP_md5_sha1() to process client verify
      make update
      Add ctrl for SHA1 and SSLv3
      Remove unused cert_verify_mac code
      Remove X509_VERIFY_PARAM_ID
      PRF and handshake hash revision.
      fix function code discrepancy
      Use digest tables for defaults.
      For TLS < 1.2 use default digest for client certificate
      Use digest indices for signature algorithms.
      Remove GOST special case: handled automatically now.
      Remove legacy sign/verify from EVP_MD.
      make update
      Remove RSA_FLAG_SIGN_VER flag.
      Fix and update versions in CHANGES and NEWS
      Extended master secret fixes and checks.
      update errors
      TLSProxy update
      Add extms extension
      Extended master secret test script.
      Update NEWS
      Support for EC_KEY_METHOD.
      make errors
      EC_KEY_METHOD keygen support.
      Move ECDH_KDF_X9_62 to crypto/ec
      move ECDH implementation to crypto/ec
      Adapt ecdh_compute_key
      Add compute key support to EC_KEY_METHOD
      make errors
      remove ECDH_METHOD from ENGINE
      Remove crypto/ecdh update Makefile.org
      remove ECDH error loading
      remove ecdh.h header
      remove ECDH_METHOD typedef
      remove ECDH from mkdef.pl
      ENGINE fixes
      EC_KEY_METHOD init and finish support
      EC_KEY_METHOD copy support
      Add set methods.
      Move ECDSA_SIG ASN.1 to crypto/ec
      Move ECDSA implementation to crypto/ec
      move ECDSA_SIG definition
      adapt ossl_ecdsa.c to crypto/ec
      extend EC_KEY_METHOD for signing support
      make errors
      move ECDSA_SIG prototypes
      Add ECDSA_SIG accessor.
      modify ecdsatest to use accessor
      Move and adapt ECDSA sign and verify functions.
      Remove reference to ECDSA_OpenSSL.
      return errors for unsupported operations
      add sign/verify methods
      remove crypto/ecdsa
      remove errors
      add ECDSA_size to ec_asn1.c
      remove ecdsa.h header
      add missing prototypes
      remove ECDSA_METHOD typedef
      remove ECDSA_METHOD from ENGINE
      remove ecdsa from mkdef.pl
      Engine EC_KEY_METHOD functionality.
      Top level ECDSA sign/verify redirection.
      make errors
      EC_KEY_METHOD accessors.
      remove ecdsa.h header references.
      make update
      set standard EC method in eng_openssl
      add block comment
      Use NULL comparison
      add compatibility headers
      remove ECDSA error line
      add CHANGES and NEWS entry
      remove deleted directories from mkfiles.pl
      make default_ec_key_meth static

Edgar Pek (1):
      Fix null-pointer dereference

Emilia Kasper (68):
      Fix hostname validation in the command-line tool to honour negative return values.
      Harmonize return values in dtls1_buffer_record
      Fix undefined behaviour in shifts.
      PKCS#7: avoid NULL pointer dereferences with missing content
      make update
      Initialize variable
      Remove code for deleted function from ssl.h
      Use -Wall -Wextra with clang
      Error out immediately on empty ciphers list.
      Repair EAP-FAST session resumption
      Correctly set Z_is_one on the return value in the NISTZ256 implementation.
      Fix error checking and memory leaks in NISTZ256 precomputation.
      Fix Wmaybe-uninitialized: initialize variable
      Error checking and memory leak fixes in NISTZ256.
      NISTZ256: set Z_is_one to boolean 0/1 as is customary.
      NISTZ256: don't swallow malloc errors
      NISTZ256: use EC_POINT API and check errors.
      NISTZ256: owur'ize.
      dhparam: fix documentation
      Update documentation with Diffie-Hellman best practices.     - Do not advise generation of DH parameters with dsaparam to save     computation time.     - Promote use of custom parameters more, and explicitly forbid use of     built-in parameters weaker than 2048 bits.     - Advise the callback to ignore <keylength> - it is currently called     with 1024 bits, but this value can and should be safely ignored by     servers.
      Remove dh512.pem
      Only support >= 256-bit elliptic curves with ecdh_auto (server) or by default (client).
      Fix ssltest to use 1024-bit DHE parameters
      Enable DH tests
      Use CRYPTO_memcmp when comparing authenticators
      Use CRYPTO_memcmp in ssl3_record.c
      Fix length checks in X509_cmp_time to avoid out-of-bounds reads.
      PKCS#7: Fix NULL dereference with missing EncryptedContent.
      rsaz_exp.h: align license with the rest of the contribution
      PACKET: constify where possible
      Fix SSLv2-compatible ClientHello processing.
      PACKET: add methods for reading length-prefixed TLS vectors.
      Fix spurious bntest failures.
      BN_mod_exp_mont_consttime: check for zero modulus.
      RT 3493: fix RSA test
      RT4002: check for NULL cipher in p12_crpt.c
      apps/speed.c: fix memory leak
      PACKET: add PACKET_memdup and PACKET_strndup
      Restore SSLerr on PACKET_strndup failure.
      RT3754: check for NULL pointer
      Disentangle RSA premaster secret parsing
      Remove PACKET_(get|goto)_bookmark
      RT3757: base64 encoding bugs
      base64 decode: check for high bit
      Remove PACKET_back
      BUF_strndup: tidy
      BUF_strdup and friends: update docs
      Document BUF_strnlen
      Remove ssl_put_cipher_by_char
      PACKET: simplify
      Silence Wconditional-uninitialized
      RT2772: accept empty SessionTicket
      Empty session ticket: add a test
      Empty NewSessionTicket: test session resumption
      PACKET: simplify ServerHello parsing
      ssl3_get_client_hello: rearrange logic
      PACKETize and clean up ssl_bytes_to_cipher_list.
      ssl_sess.c: grab a copy of the session ID
      Add PACKET_copy_all
      SSLv2 compat ciphers: clarify comment
      PACKET: simplify ServerKeyExchange parsing
      DTLS: remove unused cookie field
      make depend: prefer clang over makedepend
      ct_locl.h: fix some comments
      Remove EVP_CHECK_DES_KEY
      Appease gcc's Wmaybe-uninitialized
      PACKET: fix __owur

Eric Dequin (1):
      Missing OPENSSL_free on error path.

Ernie Hershey (1):
      GH322: Fix typo in generated comment.

Filipe DA SILVA (1):
      RT4047: Set reference count earlier

Finn Hakansson (2):
      Minor correction to comment.
      Fix typo: _REENTERANT -> _REENTRANT

Gilles Khouzam (1):
      RT3820: Don't call GetDesktopWindow()

GitHub User (1):
      Missing perldoc markup around < literal

Github User (1):
      GH293: Typo in CHANGES file.

Graeme Perrow (2):
      RT3670: Check return from BUF_MEM_grow_clean
      RT32671: wrong multiple errs TS_check_status_info

Gunnar Kudrjavets (4):
      Initialize potentially uninitialized local variables
      Fix the heap corruption in libeay32!OBJ_add_object.
      RT3848: Call SSL_COMP_free_compression_methods
      RT3823: Improve the robustness of event logging

Guy Leaver (guleaver) (1):
      Fix seg fault with 0 p val in SKE

Hanno Böck (3):
      Fix uninitialized variable.
      Call of memcmp with null pointers in obj_cmp()
      RT3861: Mem/bio leak in req command

Hiroyuki YAMAMORI (1):
      Fix DTLS1.2 buffers

Hubert Kario (1):
      GH350: -help text few s_client and s_server flags

Ismo Puustinen (2):
      GH364: Free memory on an error path
      GH367: Fix dsa keygen for too-short seed

Jack Danger Canty (1):
      Fixing typo in PROBLEMS

Jacob Bandes-Storch (1):
      Add perl modeline to Configure scripts

Jeffrey Walton (2):
      RT3472: Doc pkcs8 -iter flag is in OpenSSL 1.1
      Explicitly mention PKCS5_PBKDF2_HMAC in EVP doc.

Kai Engert (1):
      RT3742: Add xmpp_server to s_client.

Kurt Cancemi (4):
      Use constants not numbers
      The wrong ifdef is used to guard usage of PSK code
      Add missing terminating NULL to speed_options table.
      Add missing NULL check in X509V3_parse_list()

Kurt Roeckx (24):
      Fix segfault with empty fields as last in the config.
      Fix memory leak
      Remove ssl_cert_inst()
      Make sure that cert is never NULL
      Don't send a for ServerKeyExchange for kDHr and kDHd
      return unexpected message when receiving kx with kDHr or kDHd
      X509_VERIFY_PARAM_free: Check param for NULL
      do_dirname: Don't change gen on failures
      Correctly check for export size limit
      Allow all curves when the client doesn't send an supported elliptic curves extension
      Properly check certificate in case of export ciphers.
      Only allow a temporary rsa key exchange when they key is larger than 512.
      Check BIO_dgram_sctp_wait_for_dry() return value for error
      Check dgram_sctp_write() return value.
      d2i: don't update input pointer on failure
      Fix return values when adding serverinfo fails.
      Fix more d2i cases to properly update the input pointer
      BN_sub: document that r might be the same as a or b
      Update dasync to use size_t for the sha1 update
      Use defined(__sun) instead of defined(sun)
      Remove support for SSL_{CTX_}set_tmp_ecdh_callback().
      Make SSL_{CTX}_set_tmp_ecdh() call SSL_{CTX_}set1_curves()
      Remove SSL_{CTX_}set_ecdh_auto() and always enable ECDH
      Remove support for all 40 and 56 bit ciphers.

Loganaden Velvindron (2):
      Fix CRYPTO_strdup
      Clear BN-mont values when free'ing it.

Long, Qin (1):
      Add UEFI flag for rand build

Lubom (1):
      Lost alert in DTLS

Manish Goregaokar (1):
      Move contributing info to CONTRIBUTING

Marcus Meissner (1):
      mark openssl configuration as loaded at end of OPENSSL_config

Markus Rinne (1):
      RT4019: Duplicate -hmac flag in dgst.pod

Martin Vejnar (1):
      RT3774: double-free in DSA

Matt Caswell (451):
      Fix formatting error in pem.h
      Fix post-reformat errors preventing windows compilation
      Make DTLS always act as if read_ahead is set. The actual value of read_ahead     is ignored for DTLS.
      Remove explicit setting of read_ahead for DTLS. It never makes sense not to     use read_ahead with DTLS because it doesn't work. Therefore read_ahead needs     to be the default.
      Provide documentation for all SSL(_CTX)?_(get|set)(_default)?_read_ahead     functions.
      Replace EVP_CTRL_OCB_SET_TAGLEN with EVP_CTRL_SET_TAG for consistency with     CCM
      Rationalise testing of AEAD modes
      Fix no-ocb for Windows
      Fix warning on some compilers where variable index shadows a global     declaration
      Fix various windows compilation issues
      Make libssl opaque. Move all structures that were previously protected by     OPENSSL_NO_SSL_INTERN into internal header files.
      Remove OPENSSL_NO_SSL_INTERN as it is now redundant - all internals     previously protected by this have been moved into non-public headers
      Add changes entry for opaquifying of libssl structures
      Fix error handling in ssltest
      Remove support for SSL_OP_NETSCAPE_CA_DN_BUG.
      Apache Traffic Server has a need to set the rbio without touching the wbio.     There is no mechanism to do that at the moment - SSL_set_bio makes changes     to the wbio even if you pass in SSL_get_wbio().
      Remove stray "=back". This was causing newer versions of pod2man to choke.
      Remove -DOPENSSL_NO_DEPRECATED from --strict-warnings flags.
      HMAC_cleanup, and HMAC_Init are stated as deprecated in the docs and source.     Mark them as such with OPENSSL_USE_DEPRECATED
      Remove some functions that are no longer used and break the build with:     ./config --strict-warnings enable-deprecated
      Make tlsext_tick_lifetime_hint an unsigned long (from signed long).
      Provide the API functions SSL_SESSION_has_ticket and     SSL_SESSION_get_ticket_lifetime_hint. The latter has been reported as     required to fix Qt for OpenSSL 1.1.0. I have also added the former in order     to determine whether a ticket is present or not - otherwise it is difficult     to know whether a zero lifetime hint is because the server set it to 0, or     because there is no ticket.
      Correct reading back of tlsext_tick_lifetime_hint from ASN1.
      Add SSL_SESSION_get0_ticket API function.
      In certain situations the server provided certificate chain may no longer be     valid. However the issuer of the leaf, or some intermediate cert is in fact     in the trust store.
      Add flag to inhibit checking for alternate certificate chains. Setting this     behaviour will force behaviour as per previous versions of OpenSSL
      Add -no_alt_chains option to apps to implement the new     X509_V_FLAG_NO_ALT_CHAINS flag. Using this option means that when building     certificate chains, the first chain found will be the one used. Without this     flag, if the first chain found is not trusted then we will keep looking to     see if we can build an alternative chain instead.
      Add documentation for the -no_alt_chains option for various apps, as well as     the X509_V_FLAG_NO_ALT_CHAINS flag.
      Import evp_test.c from BoringSSL. Unfortunately we already have a file     called evp_test.c, so I have called this one evp_extra_test.c
      Fix a failure to NULL a pointer freed on error.
      Provide documentation for i2d_ECPrivateKey and d2i_ECPrivateKey
      Add dire warnings about the "reuse" capability of the d2i_* functions.
      Remove pointless free, and use preferred way of calling d2i_* functions
      Fix some minor documentation issues
      Update the SHA* documentation     Updates to include SHA224, SHA256, SHA384 and SHA512. In particular note     the restriction on setting md to NULL with regards to thread safety.
      Removed support for SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG. Also removed     the "-hack" option from s_server that set this option.
      Remove NETSCAPE_HANG_BUG     NETSCAPE_HANG_BUG is a workaround for a browser bug from many years ago     (2000).     It predates DTLS, so certainly has no place in d1_srvr.c.     In s3_srvr.c it forces the ServerDone to appear in the same record as the     CertificateRequest when doing client auth.
      Fix evp_extra_test.c with no-ec     When OpenSSL is configured with no-ec, then the new evp_extra_test fails to     pass. This change adds appropriate OPENSSL_NO_EC guards around the code.
      Fix missing return value checks.
      Fixed missing return value checks.
      Fix d2i_SSL_SESSION for DTLS1_BAD_VER
      Unchecked malloc fixes
      Update mkerr.pl for new format
      make errors
      Fix DTLS1_BAD_VER regression
      Prevent handshake with unseeded PRNG
      Cleanse buffers
      Fix seg fault in ASN1_generate_v3/ASN1_generate_nconf
      Fix error handling in bn_exp
      Fix EVP_DigestInit_ex with NULL digest
      ASN1_primitive_new NULL param handling
      Fix asn1_item_print_ctx
      Fix dh_pub_encode
      Fix dsa_pub_encode
      Fix missing return checks in v3_cpols.c
      SSL_check_chain fix
      Fix RSA_X931_derive_ex
      Add malloc failure checks
      Move malloc fail checks closer to malloc
      Fix memset call in stack.c
      Add sanity check to PRF
      Fix seg fault in s_time
      Fix unintended sign extension
      Fix probable_prime over large shift
      Remove dead code from crypto
      Dead code removal from apps
      Multiblock corrupted pointer fix
      Fix Seg fault in DTLSv1_listen
      Fix DHE Null CKE vulnerability
      Update CHANGES
      Update NEWS
      Fix a failure to NULL a pointer freed on error.
      Add DTLS tests to make test
      Don't check curves that haven't been sent
      Add -DDEBUG_UNUSED to --strict-warnings
      Check libssl function returns
      Fix missing return value checks
      apps return value checks
      ssl3_set_handshake_header returns
      Fix SSL_clear unused return
      Ensure last_write_sequence is saved in DTLS1.2
      Add ticket length before buffering DTLS message
      Fix misc NULL derefs in sureware engine
      Fix return checks in GOST engine
      RAND_bytes updates
      Deprecate RAND_pseudo_bytes
      SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG was disabled in 0.9.8q and 1.0.0c.     This commit sets the value of SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG to     zero.
      Add more HMAC tests
      Ensure that both the MD and key have been initialised before attempting to     create an HMAC
      Add HMAC test for invalid key len
      Fix HMAC to pass invalid key len test
      Fix bug in s_client. Previously default verify locations would only be loaded     if CAfile or CApath were also supplied and successfully loaded first.
      Resolve swallowed returns codes
      Create a RECORD_LAYER structure and move read_ahead into it.
      Encapsulate SSL3_BUFFER and all access to s->s3->rbuf.
      Move s->s3->rrec into s->rlayer
      Encapsulate access to s->s3->wbuf
      Move s->s3->wbuf to s->rlayer->wbuf
      Encapsulate s->s3->rrec
      Move s->s3->rrec to s->rlayer->rrec
      Encapsulate s->s3->wrec
      Move s->s3->wrec to s>rlayer>wrec
      Move SSL3_BUFFER set up and release code into ssl3_buffer.c
      Move SSL3_RECORD oriented functions into ssl3_record.c
      Move more SSL3_RECORD oriented functions into ssl3_record.c
      Split out non record layer functions out of s3_pkt.c and d1_pkt.c into     the new files s3_msg.c and s1_msg.c respectively.
      Moved s3_pkt.c, s23_pkt.c and d1_pkt.c into the record layer.
      Tidy up rec_layer.h. Add some comments regarding which functions should be     being used for what purpose.
      Create RECORD_LAYER_clear function.
      Introduce the functions RECORD_LAYER_release, RECORD_LAYER_read_pending, and     RECORD_LAYER_write_pending.
      Provide RECORD_LAYER_set_data function
      Remove RECORD_LAYER_set_ssl and introduce RECORD_LAYER_init
      Move ssl3_pending into the record layer
      Fix bug where rrec was being released...should have been removed by one of     the earlier record layer commits
      Introduce macro RECORD_LAYER_setup_comp_buffer
      Removed dependency on rrec from heartbeat processing
      Make rrec, wrec, rbuf and wbuf fully private to the record layer. Also, clean     up some access to them. Now that various functions have been moved into the     record layer they no longer need to use the accessor macros.
      Remove unneccessary use of accessor function now code is moved into record     layer
      Move s->packet and s->packet_length into s->rlayer
      Move s->rstate to s->rlayer.rstate
      Move s->s3->wnum to s->rlayer.wnum
      Move handshake_fragment, handshake_fragment_len, alert_fragment and     alert_fragment_len from s->s3 into s->rlayer
      Move s->s3->wpend_* to s->rlayer
      Move read_sequence and write_sequence from s->s3 to s->rlayer
      Move DTLS1_RECORD_DATA into rec_layer.h
      Introduce a DTLS_RECORD_LAYER type for DTLS record layer state
      Move r_epoch and w_epoch from s->d1 to s->rlayer.d
      Move bitmap and next_bitmap from s->d1 to s->rlayer.d.     Create dtls_bitmap.h and dtls_bitmap.c
      Moved processed_rcds and unprocessed_rcds from s->d1 to s->rlayer.d
      Fix seg fault in dtls1_new
      Move handshake_fragment, handshake_fragment_len, alert_fragment and     alert_fragment_len from s->d1 to s->rlayer.d
      Move buffered_app_data from s->d1 to s->rlayer.d
      Move ssl3_record_sequence_update into record layer
      Move last_write_sequence from s->d1 to s->rlayer.d.     Also push some usage of last_write_sequence out of dtls1_retransmit_message     and into the record layer.
      Remove last trace of non-record layer code reading and writing sequence     numbers directly
      Reorganise header files
      Renamed record layer header files
      Remove some unneccessary macros
      Rename record layer source files
      Fix compilation on windows for record layer
      Define SEQ_NUM_SIZE
      Fix record.h formatting
      Fix formatting oddities
      Add Record Layer documentation
      Fix record layer "make clean"
      Clean up record layer
      Fix read_ahead issue
      Check for ClientHello message overruns
      Fix ssl_get_prev_session overrun
      Remove redundant includes from dtls1.h
      Fix windows build
      make update
      Sanity check DES_enc_write buffer length
      Sanity check EVP_CTRL_AEAD_TLS_AAD
      Sanity check EVP_EncodeUpdate buffer len
      Clarify logic in BIO_*printf functions
      Add sanity check in ssl3_cbc_digest_record
      Sanity check the return from final_finish_mac
      Add sanity check to ssl_get_prev_session
      Add sanity check to print_bin function
      Fix buffer overrun in RSA signing
      Remove libcrypto to libssl dependency
      make update
      Add Error state
      Add more error state transitions
      Add more error state transitions (client)
      Add more error state transitions (DTLS)
      Fix windows build
      Fix s_server version specific methods
      Check sk_SSL_CIPHER_new_null return value
      Don't allow a CCS when expecting a CertificateVerify
      Remove Kerberos support from apps
      Remove Kerberos support from libssl
      Remove Kerberos support from libcrypto
      Remove remaining Kerberos references
      Add CHANGES entry for Kerberos removal
      Server side version negotiation rewrite
      Client side version negotiation rewrite
      Version negotiation rewrite cleanup
      Version negotiation rewrite doc updates
      Updates following review comments
      Move SSLv3_*method() functions
      Further version negotiation updates
      Fix a memory leak in compression
      Fix various OPENSSL_NO_* options
      Ignore files from other branches
      Remove support for OPENSSL_NO_TLSEXT
      Add CHANGES entry for OPENSSL_NO_TLSEXT removal
      Reject negative shifts for BN_rshift and BN_lshift
      Fix off-by-one in BN_rand
      Remove export static DH ciphersuites
      Fix typo setting up certificate masks
      Set first_packet for TLS clients
      Don't send an alert if we've just received one
      Handle unsigned struct timeval members
      Fix error check in GOST engine
      Don't check for a negative SRP extension size
      Change the new functions to use size_t
      Change return type of the new accessors
      Remove struct ccs_header_st
      Check the message type requested is the type received in DTLS
      Fix race condition in NewSessionTicket
      Fix compilation failure for some tool chains
      Fix DTLS session resumption
      Fix off-by-one error in BN_bn2hex
      Clean premaster_secret for GOST
      Remove misleading comment
      Replace memset with OPENSSL_clear_free()
      Fix memory leaks in BIO_dup_chain()
      Tighten extension handling
      Change BIO_number_read and BIO_number_written() to be 64 bit
      EC_POINT_is_on_curve does not return a boolean
      Fix leak in HMAC error path
      Correct type of RECORD_LAYER_get_rrec_length()
      DTLS handshake message fragments musn't span packets
      More ssl_session_dup fixes
      Update CHANGES and NEWS
      Fix ABI break with HMAC
      Fix alternate chains certificate forgery issue
      Add test for CVE-2015-1793
      Reject calls to X509_verify_cert that have not been reinitialised
      Add documentation for some missing verify options
      Add help text for some verify options
      Extend -show_chain option to verify to show more info
      Update CHANGES and NEWS for the new release
      Apply some missing updates from previous commits
      Remove support for SSL3_FLAGS_DELAY_CLIENT_FINISHED
      Add test for SSL_set_session_ticket_ext
      Fix write failure handling in DTLS1.2
      Remove erroneous server_random filling
      Add initial packet parsing code
      PACKET unit tests
      PACKETise ClientHello processing
      Move TLS CCS processing into the state machine
      Move DTLS CCS processing into the state machine
      Fix ssl3_read_bytes handshake fragment bug
      Fix make errors for the CCS changes
      Fix warning when compiling with no-ec2m
      Fix a bug in the new PACKET implementation
      PACKETise ClientCertificate processing
      PACKETise CertificateVerify processing
      PACKETise NextProto
      Fix SRTP s_client/s_server options
      Revert "Fix uninitalised warning."
      Normalise make errors output
      Check for 0 modulus in BN_MONT_CTX_set
      Add OSSLTest Engine
      Add a libssl test harness
      Add some libssl tests
      Extend TLSProxy capabilities
      Add a test for 0 p value in anon DH SKE
      make update
      Fix missing return value checks in SCTP
      Fix "make test" seg fault with SCTP enabled
      PACKETise Server Certificate processing
      Add missing return check for PACKET_buf_init
      Enhance PACKET readability
      PACKETise Certificate Status message
      Fix session tickets
      PACKETise NewSessionTicket
      PACKETise ClientKeyExchange processing
      PACKETise CertificateRequest
      Fix DTLS session ticket renewal
      Fix TLSProxy end of test detection
      Add NewSessionTicket test suite
      Clean up reset of read/write sequences
      Fix build break due to rehash command
      Updates for NumericString support
      PACKETise ServerHello processing
      PACKETise ServerKeyExchange
      make update
      Make sure OPENSSL_cleanse checks for NULL
      Fix some test failures when Configured with zlib
      Fix -srpvfile option in srp command line
      Fix SRP memory leaks
      Add GOST extensions to PKCS#5
      GOST PKCS12 support
      Fix the rehash test on Windows
      DTLSv1_listen rewrite
      Remove remaining old listen code
      Add support for DTLSv1_listen in s_server
      Add -listen documentation
      Add DTLSv1_listen documentation
      Fix s_server DTLSv1_listen issues
      Clarify DTLSv1_listen documentation
      Sanity check cookie_len
      Add ability to set default CA path and file locations individually
      Document the default CA path functions
      Add support for -no-CApath and -no-CAfile options
      Document -no-CApath and -no-CAfile
      Fix the OCSP test on Windows
      Change ossltest engine to manually allocate cipher_data
      Add GOST12 cms/smime capabilities
      Add a test for duplicated ordinals
      Fix libeay.num
      Change the DEFAULT ciphersuites to exclude DES, RC4 and RC2
      Revert "Custom cipher constants"
      Don't advance PACKET in ssl_check_for_safari
      Don't treat a bare OCTETSTRING as DigestInfo in int_rsa_verify
      Fix no-ripemd on Windows
      Fix Windows build
      Fix option name discrepancy
      Centralise loading default apps config file
      Rename -set-serial command to req
      Remove Obsolete engines
      Avoid undefined behaviour in PACKET_buf_init
      Don't use SSLv23_server_method in an example
      Split ssl3_get_message
      Add initial state machine rewrite code
      Split client message reading and writing functions
      Implement Client TLS state machine
      Client TLS state machine rewrite cleanup
      dtls_get_message changes for state machine move
      Implement DTLS client move to new state machine
      Delete unused functions
      Split TLS server functions
      Move server side TLS to new state machine
      Move server side DTLS to new state machine
      Remove redundant code
      Redefine old state values
      Convert DTLSv1_listen to use new state machine code
      Remove the type variable
      Remove the SSL state variable
      Move PACKET creation into the state machine
      Remove ssl_get_message from ssl_method_st
      Reorganise state machine files
      More state machine reorg
      make update
      Add a state machine README
      Remove some unused variables
      Fix a comment
      Remove a call to SSL_set_state from s_server
      Update CHANGES
      Minor documentation tweak
      Fix some client side transition logic
      Don't depend on SSL structure internals
      Change statem prefix to ossl_statem
      Remove extraneous parens
      Move |no_cert_verify| into state machine
      Remove SSL_state and SSL_set_state
      Rename STATEM to OSSL_STATEM
      Change SUB_STATE_RETURN into a typedef
      Remove the old state defines
      Add a function to get the info_callback
      Fix DTLSv1_listen following state machine changes
      Fix unitialised variable problem
      Move in_handshake into STATEM
      Fix various error codes
      make update
      Fix uninitialised variable
      Fix empty NewSessionTicket processing
      Fix a bogus clang warning
      Make dtls1_link_min_mtu static
      Convert enums to typedefs
      Add ossl_statem prefix to various functions
      Change snprintf to memcpy
      Change SSL_state_string return strings to start with a T
      Remove superfluous check
      Remove the inline keyword
      Add SRP and PSK to disallowed CertificateRequest ciphersuites
      Remove some SSLv2 references
      Remove a trivially true OPENSSL_assert
      Remove an OPENSSL_assert which could fail
      Remove a reachable assert from ssl3_write_bytes
      Clarify the preferred way of creating patch files
      Minor EVP_SignInit_ex doc fix
      Ensure the dtls1_get_*_methods work with DTLS_ANY_VERSION
      Don't finish the handshake twice
      Remove some redundant assignments
      Fix compilation problems with SCTP
      Remove redundant check from SSL_shutdown
      Standardise our style for checking malloc failures
      Continue standardising malloc style for libcrypto
      Continue standardisation of malloc handling in apps
      Continue malloc standardisation in engines
      Remove redundant check from tls1_get_curvelist
      Fix SSL_use_certificate_chain_file
      Remove an NULL ptr deref in an error path
      Add comment explaining why we don't check a return value
      Check error return from sysconf in secure memory code
      Ensure all EVP calls have their returns checked where appropriate
      Fix uninitialised variable
      Add pthread support
      Add async sub-library to libcrypto
      Add the Dummy Async engine (dasync)
      Make libssl async aware
      Add s_server and s_client async support
      Various windows build fixes to prepare for windows port
      Async port to windows
      Add null async implementation
      Increase stack size
      Async clean ups
      Fix s_server -WWW with -async
      Use longjmp at setjmp where possible
      Add ASYNC_JOB pools
      Initial Async notify code changes
      Implement local thread pools
      Fix s_server bug
      Fix pools for s_client
      Implement windows async pool and notify support
      make update
      Document async capabilities
      Remove ASYNC_in_job()
      Add ASYNC tests
      Fix ASYNC null implementation
      Optimise ASYNC_CTX handling
      Fix windows compilation warnings
      Normalise ASYNC naming
      More async documentation
      Fix the error code for SSL_get_async_wait_fd()
      Add s_client support for waiting for async
      Update CHANGES
      Add ASYNC error codes
      make update
      Clean up libssl async calls
      Tweak async documentation based on feedback
      Fix Linux crash
      Swap to using _longjmp/_setjmp instead of longjmp/setjmp
      Fix clang errors
      Fix compilation error on OS-X
      Add clarification to docs on ASYNC_free_pool()
      Rename some daysnc functions for consistency
      Rename start_async_job to ssl_start_async_job
      Fix bug in async_fibre_makecontext for POSIX
      Further OS-X deprecated warnings tweak
      Remove ASYNC NOEXIST functions from libeay.num
      Add ASYNC_block_pause and ASYNC_unblock_pause
      Fix async deadlock problem
      Fix some style issues
      Swap to using proper windows pipes
      Simplify async pool handling
      Convert __thread to pthreads for Thread Local Storage
      Implement windows async thread local variable support
      Fix a rebase error
      Tighten up BN_with_flags usage and avoid a reachable assert
      Add documentation for BN_with_flags
      Fix a NULL deref in an error path
      Updates to GOST2012
      Fix EAP FAST in the new state machine
      Fix merge error
      Add a return value check
      Fix mkfiles for new directories
      Fix DTLS handshake fragment retries
      Ensure |rwstate| is set correctly on BIO_flush
      Update CHANGES and NEWS for alpha release
      make update
      OpenSSL 1.1.0 is now in pre release
      Prepare for 1.1.0-pre1 release

Michael Trapp (1):
      RT266: Add HTTP proxy/CONNECT to s_client

Michal Bozon (2):
      RT4053: Typo in error message
      Fix "primarility" typo

Mike Frysinger (1):
      Fix malloc define typo

Nathan Phillip Brink (1):
      RT2667: Add IRC support to -starttls

Nicholas Cooper (2):
      RT3959: Fix misleading comment
      RT3948: Some structs have confusing names.

Nick Mathewson (4):
      Add SSL_get_client_ciphers() to return ciphers from ClientHello
      Add a documentation clarification suggested by Matt Caswell
      Add new functions to extract {client,server}_random, master_key
      Clarify that SSL3_RANDOM_SIZE is a constant, for now.

Olaf Johansson (1):
      GH249: Fix bad regexp in arg parsing.

Pascal Cuoq (8):
      Set flags to 0 before calling BN_with_flags()
      Properly check return type of DH_compute_key()
      Move BN_CTX_start() call so the error case can always call BN_CTX_end().
      Move BN_CTX_start() call so the error case can always call BN_CTX_end().
      Don't check pointer we just freed, always set it to NULL.
      BN_GF2m_mod_inv(): check bn_wexpand return value
      BN_usub: Don't copy when r and a the same
      ssl3_free(): Return if it wasn't created

Per Allansson (1):
      Fix IP_MTU_DISCOVER typo

Peter Dettman (1):
      Fix build errors with enable-ec_nistp_64_gcc_128

Peter Mosmans (1):
      GH337: Need backslash before leading #

Peter Waltenberg (1):
      Exit on error in ecparam

Petr Spacek (1):
      Fix key wrapping mode with padding to conform to RFC 5649.

Quanah Gibson-Mount (1):
      Fix grammar errors

Rainer Jung (1):
      Fix NAME section of d2i_ECPKParameters to prevent broken symlinks when using     the extract-names.pl script.

Rich Salz (227):
      Cleanup old doc/*; remove CHANGES.SSLeay
      Remove obsolete uncomiled dsagen semi-test
      ifdef cleanup, 2 remove OPENSSL_NO_SETVBUF_IONBF
      ifdef cleanup part 3: OPENSSL_SYSNAME
      ifdef cleanup, part 4a: '#ifdef undef'
      Remove unused eng_rsax and related asm file
      undef cleanup: use memmove
      Make OPENSSL_config truly ignore errors.
      Remove obsolete support for old code.
      OPENSSL_NO_xxx cleanup:  DEC-CBCM removed
      OPENSSL_NO_xxx cleanup: many removals
      OPENSSL_NO_xxx cleanup: RFC3779
      OPENSSL_NO_xxx cleanup: SHA
      OPENSSL_NO_XXX cleanup: NO_TLS, NO_TLS1
      "#if 0" removal: header files
      Dead code removal: Fortezza identifiers
      Finish removal of DSS
      Rename index to idx to avoid symbol conflicts.
      Add missing declaration for lh_node_usage_stats
      Remove support for opaque-prf
      Fix int/unsigned compiler complaint
      Make output consistency: remove blank line
      Dead code removal: #if 0 bio, comp, rand
      Dead code removal: #if 0 conf, dso, pqueue, threads
      Dead code removal #if 0 engines
      Dead code clean: #if 0 removal in apps
      Dead code removal: #if 0 asn1, pkcs7
      Dead code cleanup: crypto/*.c, x509v3, demos
      Dead code cleanup: #if 0 dropped from tests
      Dead code cleanup; remove #if 0 from crypto/engine
      Dead code cleanup: crypto/ec,ecdh,ecdsa
      Dead code removal; #if 0 from crypto/des
      Dead code: if 0 removal from crypto/evp and an unused file.
      Remove old DES API
      old_des fix windows build, remove docs
      Dead code: crypto/dh,modes,pkcs12,ripemd,rsa,srp
      Fix various build breaks
      Fixed bad formatting in crypto/des/spr.h
      Live code cleanup; #if 1 removal
      Use memset in bn_mont
      Have mkdef.pl ignore APPLINK settings.
      util/mkstack.pl now generates entire safestack.h
      dead code cleanup: #if 0 in ssl
      Live code cleanup: remove #if 1 stuff
      Remove X509_PAIR
      Remove ui_compat
      ui_compat cleanup; makefiles and vms
      Final (for me, for now) dead code cleanup
      RT937: Enable pilotAttributeType uniqueIdentifier
      Move build config table to separate files.
      Remove CVS filtering from find targets
      Remove experimental 56bit export ciphers
      Cleanup some doc files
      OPENSSL_NO_EC* merge; missed one file
      free NULL cleanup
      free NULL cleanup
      free NULL cleanup
      free NULL cleanup.
      free NULL cleanup
      Fewer newlines in comp method output
      consistent test-start logging
      Drop CA.sh for CA.pl
      test script cleanup
      fix to "test script cleanup"
      free NULL cleanup 10
      Fix memory leak
      free NULL cleanup 9
      Use 2K RSA and SHA256 in tests
      Remove SET oid config file and SET certs
      ssltest output cleanup
      Avoid "no config file" warning message
      Big apps cleanup (option-parsing, etc)
      Add missing BIO_flush() calls
      fewer NO_ENGINE #ifdef's
      Add -nocommands to s_client.
      RT2451: Add telnet to s_client -starttls
      Remove EFENCE support.
      RT2206: Add -issuer flag to ocsp command
      Quote HTML entities in s_server output
      apps-cleanup: the doc fixes
      Free malloc data on encoding errors.
      RT2962: add -keytab and -krb5svc flags.
      Remove the special list-xxxx commands
      Fix main build breakage.
      Fix error message
      Fix typo in help & comment formatting
      Simplify parse_yesno; remove local variable
      Add readline (etc) support
      CRYPTO_mem_leaks should ignore it's BIO argument.
      ERR_ cleanup
      remove malloc casts
      realloc of NULL is like malloc
      Make "make rehash" quiet
      Remove needless bio_err argument
      use isxdigit and apps_tohex
      Rewrite parse_name
      Add HTTP GET support to OCSP server
      Fix bug, "what mode" test was wrong.
      free NULL cleanup 8
      free NULL cleanup 5a
      In apps, malloc or die
      free cleanup almost the finale
      free cleanup 12
      free NULL cleanup 7
      Rewrite CA.pl.in
      Fix some typo's, silence warnings.
      free null cleanup finale
      free NULL cleanup 11
      Remove goto inside an if(0) block
      free NULL cleanup -- coda
      Remove outdated RC4 files
      RT3776: Wrong size for malloc
      fix various typo's
      RT1369: don't do "helpful" access check.
      Fix cut/paste error
      Use safer sizeof variant in malloc
      GH271: Warning on </dev/null to CA.pl
      Remove the fake RLE compression method.
      Remove apps cache for gethostbyname
      Update multi-thread FAQ
      memset, memcpy, sizeof consistency fixes
      Make sig_app, sigx_app static
      Use "==0" instead of "!strcmp" etc
      Use p==NULL not !p (in if statements, mainly)
      Make COMP_CTX and COMP_METHOD opaque
      Remove some outdated #defines.
      RT1207: document SSL_COMP_free_compression_methods.
      RT3841: memset() cipher_data when allocated
      Fix ocsp bugs
      Add missing ctype.h
      Update mkdef for moved header file.
      Make up for a missed 'make update' update.
      Use #error in openssl/srp.h
      Remove unused #ifdef's from header files
      Replace switch/assignments with table lookup
      fix s_client crash
      Fix segfault in ec command
      Use enum for X509_LOOKUP_TYPE
      RT3876: Only load config when needed
      clear/cleanse cleanup
      Silence Clang warning about unit'd variable
      RT832: Use REUSEADDR in ocsp responder
      Standardize handling of #ifdef'd options.
      Rename all static TS_xxx to ts_xxx
      Set error code, no fprintf stderr, on errors.
      No fprintf in the txt_db component
      Use bio_err not stderr in apps.
      Fix -DZLIB build for opaque COMP types
      Refactor into clear_ciphers; RT3588
      RT2547: Tighten perms on generated privkey files
      RT3917: add cleanup on an error path
      RT3907: avoid "local" in testssl script
      RT3682: Avoid double-free on OCSP parse error
      Add $! to errors, use script basename.
      More secure storage of key material.
      Fix windows build
      Can't use -trusted with -CA{path,file}
      Revert "Missing perldoc markup around < literal"
      Remove obsolete key formats.
      Rewrite crypto/ex_data
      Some cleanups for crypto/bn
      Tweak README about rt and bug reporting.
      RT3639: Add -no_comp description to online help
      Various doc fixes from GH pull requests
      Fix build break.
      RT3999: Remove sub-component version strings
      GH365: Missing #ifdef rename.
      Remove Gost94 signature algorithm.
      Fix FAQ formatting for new website.
      Move FAQ to the web.
      GH345: Remove stderr output
      Fix L<> content in manpages
      Small cleanup of crypto.pod
      GH372: Remove duplicate flags
      BN_bin2bn handle leading zero's
      Remove _locked memory functions.
      Various doc fixes.
      Fix memory over-read
      Fix 4c42ebd; forgot to inutil util/libeay.num
      Remove the "times" directory.
      RT3767: openssl_button.gif should be PNG
      Move OPENSSL_ITEM to store.h
      Add and use OPENSSL_zalloc
      Check OPENSSL_gmtime_diff
      remove 0 assignments.
      More zalloc nits
      RT3998: Allow scrypt to be disabled
      Test for NULL ptr == 0
      RT3955: Reduce some stack usage
      Make TS structures opaque.
      Cleanup testtsa script
      Fix typo, that broke build on non-unix
      fix build breakage on windows
      GH391: Apple port
      add support for apple os/x
      Fix rehash/c_rehash doc and behavior.
      Unwriteable directories are errors
      RT4033: Use OPENSSL_SYS_UNIX not "unix"
      Remove "noise" comments from TS files.
      GH398: Add mingw cross-compile, etc.
      Restore the old interactive prompt.
      Remove obsolete OCSP demo
      Change --debug to -d for compat with old releases.
      Fix typo in previous commit.
      Remove obsolete b64 demo's
      Make update / libeay.num fix
      Remove BIO_s_file_internal macro.
      Run tests on Travis for mingw builds as well
      Move crypto/threads to demo/threads
      Remove HAMC_cleanup
      Remove SSLeay history, etc., from docs
      Replace "SSLeay" in API with OpenSSL
      Remove des_ver.h; broke build.
      Various README updates
      PR1279: Clean up CONTRIBUTING
      Rename RSA_eay_xxx to rsa_ossl_xxx
      Turn B<...()> into ...()
      Fix a few missed "if (!ptr)" cleanups
      "make update" after async merge.
      Remove BN_init
      ex_data part 2: doc fixes and CRYPTO_free_ex_index.
      typo fix on function
      Run test_ordinals after update
      Refer to website for acknowledgements.

Richard Godbee (3):
      BIO_debug_callback: Fix output on 64-bit machines
      wrap128.c: Fix Doxygen comments
      CRYPTO_128_unwrap(): Fix refactoring damage

Richard Levitte (257):
      clang on Linux x86_64 complains about unreachable code.
      dso_vms needs to add the .EXE extension if there is none already
      VMS adjustments:
      VMS adjustments:
      VMS build changes
      VMS adjustments:
      VMS adjustments:
      VMS exit codes weren't handled well enough and were unclear
      Update on the use of logical names for OpenSSL configuration
      Since SHA0 was completely removed, also remove the related test
      Make the libssl opaque changes compile on VMS
      Transfer a fix from 1.0.1
      Assume TERMIOS is default, remove TERMIO on all Linux.
      Restore -DTERMIO/-DTERMIOS on Windows platforms.
      Catch up the VMS build.
      Cleanup spaces
      update TABLE
      Move Configurations* out of the way and rename them.
      Rewrite Configure to handle the target values as hash tables.
      Add template reference processing.
      Add base template processing.
      Provide a few examples by converting my own strings to hash table configurations
      Rethink templates.
      Change all the main configurations to the new format.
      Find debug- targets that can be combined with their non-debug counterparts and do so
      Updated TABLE
      Configuration cleanup: personal configs
      Do not keep TABLE in version control.
      Correct the request of debug builds
      If the target is an old style debug- target, it will not have debugging [cl]flags
      Refer to $table{$target} rather than $table{$t}.
      Actually remove TABLE from version control
      Remove PREFIX, as it's not used any more.
      JPAKE Makefile missing 'files' target
      Adjust include path
      Fix eng_cryptodev to not depend on BN internals.
      Use OPENSSL_malloc rather than malloc/calloc
      Teach mkdef.pl to handle multiline declarations.
      Update ordinals
      Have a shared library version thats reasonable with our version scheme
      Initialised 'ok' and redo the logic.
      Fix some faults in util/mk1mf.pl
      Stop symlinking, move files to intended directory
      Remove EXHEADER, TEST, APPS, links:, install: and uninstall: where relevant
      Remove remaining variables for symlinked/copied headers and tests
      Now that we've removed the need for symlinks, we can safely remove util/mklinks.pl
      Remove SSL_TASK, the DECnet Based SSL Engine
      Remove SSL_TASK, the DECnet Based SSL Engine - addendum
      Appease clang -Wempty-translation-unit
      Appease clang -Wgnu-statement-expression
      Appease clang -Wshadow
      Ignore the non-dll windows specific build directories
      Have mkerr.pl treat already existing multiline string defs properly
      test/Makefile dclean cleans out a few files too many.
      Small fixes after the Big apps cleanup
      Fix the check of test apps in util/mk1mf.pl
      Allow for types with leading underscore when checking error macros.
      Remove shlib/
      Remove obsolete make variables
      Have -K actually take an argument, and correct help text
      RT2943: Check sizes if -iv and -K arguments
      Remove the last traces of the fake RLE compression
      make update
      ZLIB compression deserves a better comment
      Add a -CAserial argument for signing the user cert request
      Make -CAserial a type 's' option
      Move definition of INTxx_MIN et al to internal header
      Identify and move OpenSSL internal header files
      make depend
      Adjust unixly mk1mf after introduction of tkey
      Identify and move common internal libcrypto header files
      Add -Iinclude to crypto/ compiles
      make depend
      Fix the update target and remove duplicate file updates
      Missed a couple of spots in the update change
      Fix update and depend in engines/
      Fix double BIO_free in req
      Restore module loading
      Remove OPENSSL_CONF=/dev/null from tests
      Add the macro OPENSSL_SYS_WIN64
      Add and rearrange building of libraries
      When making libcrypto from apps or test, make sure to include engines
      Make sure test/gost2814789test.c can see configuration macros
      Remove one extraneous parenthesis
      Make preprocessor error into real preprocessor error
      Cleanup mttest.c : remove MS_CALLBACK
      Cleanup mttest.c : modernise the threads setup
      Cleanup mttest.c : modernise output
      Cleanup mttest.c : make ssl_method a pointer to const
      Cleanup mttest.c : better error reporting when certs are miggins
      Cleanup mttest.c : do not try to output reference counts when threads are done
      Cleanup mttest.c : use BIO_free only, no preceding hacks
      Add -ldl to the build of mttest.c
      Cleanup mttest.c : because we no longer use stdio here, don't include it
      Rearrange rsaz
      make update
      Make "oneline" the default for nameopt
      Document the nameopt change
      Stop using tardy
      Set numeric IDs for tar as well
      Remove extra '; \' in apps/Makefile
      Small script to re-encode files that need it to UTF-8
      Conversion to UTF-8 where needed
      Use dynamic engine for libssl test harness
      Use -I to add to @INC, and use -w to produce warnings
      Fixups in libssl test harness
      for test_sslvertol, add a value to display SSL version < 3 in debug
      Add new types to indent.pro
      Add emacs CC mode style for OpenSSL
      Add an example .dir-locals.el
      Remove auto-fill-mode
      Ignore .dir-locals.el
      Two changes at ones lead to a confused libeay.num.  Fix
      Win32 build fix: include internal/numbers.h to get UIN32_MAX
      Make the verify_extra test location agnostic
      Make the handling of output and input formats consistent
      Change the way apps open their input and output files
      Have the test executables output in text mode
      Have binary mode when the format is binary, not the other way around
      Remove warning about use of uninitialised variable
      dup_bio_* and bio_open_* are utility functions and belong in apps.c
      Change the treatment of stdin and stdout to allow binary data
      Fixup merge conflicts in util/libeay.num
      Fix enc so it properly treats BASE64 as text
      Small fix: make istext static
      Groundwork for a perl based testing framework
      Add math tests recipes
      Add recipes for individual block ciphers, stream ciphers and digests
      Add the encryption test recipe
      Add a helper script for key file format conversion tests
      Add asymetric cipher test recipes
      Add recipes for tests related to certificates
      Add engine and evp test recipes.
      Add recipes for the larger protocols
      Add recipes for misc other things we want to test
      Ignore the log files
      Remove test targets from Makefile, have it use run_tests.pl
      Simplify very simple test recipes further.
      Adapt mk1mf.pl and helpers to the new testing framework.
      Remove old testing scripts out of the way.
      Tone down the requirements of a test that will go away.
      Have 'make clean' clean away the log files.
      Add version numbers on some modules we use.
      New feature: STOPTEST
      Change OpenSSL::Test to be an extension of Test::More
      Document OpenSSL::Test and OpenSSL::Test::Simple
      Rework 00-test_checkexes.t for VMS
      Push the line buffer filter on the out BIO on VMS
      Add a few missing tests
      Remove special x509 test conversions
      Better method of skipping all the tests in 00-check_testexes.t
      Check the validity of MINFO
      Adapt the libssl test harness testing scripts to new testing framework
      Remake test/sslsessionticktest.pl into a recipe
      Correct test name
      Add a recipe for the new gmdiff test
      Add documentation for the new testing framework
      Incorporate recent changes that were originally made in test/testssl
      Small fix in OpenSSL::Test
      Remake the testsslproxy tests
      Add a recipe for the new pbelu test
      Change the 80-test_tsa recipe as per changes in testtsa
      Add a recipe for the new null pointer test
      Make sure that 80-test_ca.t finds all the config files
      Adjust the verify_extra test recipe to its executable
      Adjust the general fill-column in doc/dir-locals.example.el
      Fix a few tests that depended on the wrong algorithm check
      Make sure the temporary error log resides in a well defined location
      Add a simple test for the new rehash command
      Add a few notes on perl
      Add a method to list available tests
      Extend the notes on how to do testing
      Check if test_rehash is run as root
      Make sure to actually use @smime_cms_comp_test when testing it...
      Small typo
      Sort the disabled features alphabetically
      Add more features that may be disabled
      Add more features that may be disabled
      Add more features that may be disabled
      Add more features that may be disabled
      Finally, remove a possibly disabled feature
      Correct whirlpool test
      Correct sha tests
      Correct jpake test
      Correct srp test
      Simplify Simple.pm further, and make it more verbose
      Remove the hard coded -DOPENSSL_NO_DEPRECATED from DEPFLAG
      Fix make depend for things being built in subdirectories
      make depend
      When ENGINE_add finds that id or name is missing, actually return
      Because ct_locl.h is used between modules, move it to internal headers
      Add crypto/include/internal to the directories to scan for stack declarations
      make update
      ct_locl.h moved, reflect it in crypto/ct/Makefile
      Handle CT error macros separately
      Don't forget to load the CT error strings
      make update
      Add an explicit list of options that can be disabled, enabled, ...
      Make Configure die when unsupported options are given
      Only include SRP headers when OPENSSL_NO_SRP is undefined
      Have BIO_get_conn_int_port use BIO_ctrl instead BIO_int_ctrl
      Document how BIO_get_conn_ip and BIO_get_conn_int_port actually work
      Remove dummy argument from BIO_get_bind_mode
      Remove PROXY controls that aren't used anywhere
      Correct or add comments indicating what controls belong to what
      BIO_s_datagram() ctrl doesn't support SEEK/TELL, so don't pretend it does
      Remove the state parameter from BIO_ctrl_set_connected
      Fix usage of BIO_ctrl_set_connected
      Make the match for previous cflags a bit more strict
      make update
      Drop the old perl start magic and replace it with a normal shebang
      Add backtrace to memory leak output
      _BSD_SOURCE is deprecated, use _DEFAULT_SOURCE instead
      Move the backtrace memleak options to a separate variable
      Fix ./Configure reconf
      Run test/run_tests.pl directly in the test_ordinals target
      Small changes to creating dists
      In travis, build from a "source release" rather than from the build tree
      Do not add symlinks in the source release
      Make the definition of EVP_MD_CTX opaque
      Have other crypto/evp files include evp_locl.h
      Adapt HMAC to the EVP_MD_CTX changes
      Document the changed HMAC API.
      Adjust all accesses to EVP_MD_CTX to use accessor functions.
      Make the definition of EVP_MD opaque
      Have the few apps that accessed EVP_MD directly use accessors instead
      Adapt all engines that add new EVP_MDs
      Add inclusion of internal/evp_int.h to all crypto/ files that need it
      Make the definition of HMAC_CTX opaque
      Adapt the rest of the source to the opaque HMAC_CTX
      Remove EVP_MD_CTX_cleanup and put its functionality into EVP_MD_CTX_init
      Remove HMAC_CTX_cleanup and combine its functionality into EVP_MD_CTX_init
      Adapt the rest of the source to the removal of (EVP_MD_CTX|HMAC_CTX)_cleanup
      Cleanup: Remove M_EVP_MD_* macros
      Cleanup: rename EVP_MD_CTX_(create|init|destroy) to EVP_MD_CTX_(new|reset|free)
      Cleanup: fix all sources that used EVP_MD_CTX_(create|init|destroy)
      Cleanup: support EVP_MD_CTX_(create|init|destroy) for deprecated use
      Cleanup: rename HMAC_CTX_init to HMAC_CTX_reset
      Cleanup: fix all sources that used HMAC_CTX_init
      make update
      Document the EVP_MD_CTX changes
      Document the HMAC changes
      Document EVP_MD constructors, destructors and manipulators
      Add an entry in CHANGES
      Change tar owner and group to just 0
      Fix clang complaints about uninitialised variables.
      Remove typedef of HMAC_CTX from crypto/hmac/hmac_lcl.h
      Remove double semi (;)
      Cleanup the EVP_MD_CTX before exit rather than after
      Make it possible to affect the way dists are made
      Adapt the OS X build to use the OS X tar
      Not all 'find's know -xtype, use -type instead
      Additional NEWS
      NEWS: Add a bit of precision regarding removal of cipher suites
      Move the definitions of EC_KEY and EC_KEY_METHOD to ossl_typ.h
      Fix warnings about unused variables when EC is disabled.
      Don't run rehash as part of building the openssl app

Rob Stradling (1):
      Use inner algorithm when printing certificate.

Robert Swiecki (1):
      Don't add write errors into bytecounts

Rodger Combs (1):
      Increase buffer size for passwords in pkcs12 CLI

Russell Webb (1):
      RT3856: Fix memory leaks in test code

Sergey Agievich (1):
      Add funtions to set item_sign and item_verify

Soheil Rashidi (1):
      Fixed typo in rsautl.pod

StudioEtrange (1):
      GitHub284: Fix typo in xx-32.pl scripts.

Tim Hudson (4):
      Fix argument processing error from the option parsing change over.
      Fix argument processing error from the option parsing change over.
      restore usage of -elapsed that was disabled in the ifdef reorg
      Restore previous behaviour of only running one algorithm when -evp alg is used.

Tim Zhang (1):

Timo Teras (1):
      Add rehash command to openssl

Viktor Dkhovni (1):
      Replace exit() with error return.

Viktor Dukhovni (16):
      Polish shell script to avoid needless complexity.
      Code style: space after 'if'
      SunOS non-posix shells do not grok export name=value
      Fix typo in valid_star
      Maintain backwards-compatible SSLv23_method macros
      GH correct organizationalUnitName
      Better handling of verify param id peername field
      Cleaner handling of "cnid" in do_x509_check
      Fix indentation
      Explicit OpenSSL_version_num() implementation prototype
      Good hygiene with size_t output argument.
      Async error handling and MacOS/X fixes
      Correct aes-128-cbc cipher name
      Revert unnecessary SSL_CIPHER_get_bits API change
      Really disable 56-bit (single-DES) ciphers
      Fix typo and improve a bit of text

Viktor Szakats (1):
      GitHub 237:  Use https for IETF links

Vitezslav Cizek (1):
      GH297: Fix NAME section of SSL_CTX_use_serverinfo.pod

Vladimir Kotal (1):
      fix compilation on Solaris

bluelineXY (1):
      GH357: Update ocsp.c

janpopan (1):
      RT4015: Add missing date to CHANGES

mancha (1):
      Fix author credit for e5c0bc6

mancha security (3):
      ssl/s3_srvr.c: Fix typo introduced via 69f682374868b.
      ssl/ssl_asn1.c: Fix typo introduced via cc5b6a03a320f1
      ssl/kssl.c: include missing header to complete SSL structure's defn.

mrpre (2):
      check bn_new return value
      In X509_STORE_CTX_init, cleanup on failure


More information about the openssl-commits mailing list