[openssl-commits] [openssl] OpenSSL_1_1_0-pre6 create

Matt Caswell matt at openssl.org
Thu Aug 4 14:18:58 UTC 2016

The annotated tag OpenSSL_1_1_0-pre6 has been created
        at  04a54629c2bb904e9bd9a1d98381b1259147cc0d (tag)
   tagging  2f554efe20d1fe05b242f41f593362965ae89912 (commit)
  replaces  OpenSSL_1_1_0-pre5
 tagged by  Matt Caswell
        on  Thu Aug 4 15:00:44 2016 +0100

- Log -----------------------------------------------------------------
OpenSSL 1.1.0-pre6 release tag
Version: GnuPG v1


Alessandro Ghedini (5):
      Increment size limit for ClientHello messages
      Add SSL_client_version() getter function
      Do not access SSL struct directly in TLS1_get_version and TLS1_get_client_version macros
      Add SSL_get_tlsext_status_type() method
      Fix printing private EC_KEY

Alex Gaynor (1):
      Add comment about X509_print

Andrea Grandi (1):
      Fix error in the loop of ECDH

Andreas Karlsson (1):
      Fix broken loading of client CAs

Andy Polyakov (101):
      poly1305/asm/poly1305-x86_64.pl: not all assemblers manage << in constants.
      perlasm/x86_64-xlate.pl: make latest ml64 work.
      Configuration: add unsupported masm target.
      Add AES assembly module for Fujitsu SPARC64 X/X+.
      sparcv9cap.c: add Fujitsu SPARC64 X AES capability detection.
      evp/aes_aes.c: engage Fujitsu SPARC64 X AES support.
      Configurations: fix typo in 50-masm.conf.
      chacha/asm/chacha-ppc.pl: get misalignment corner case right on big-endian.
      crypto/sparc_arch.h: reserve more SPARCv9 capability bits.
      s390x assembly pack: cache capability query results.
      crypto/poly1305/asm: chase overflow bit on x86 and ARM platforms.
      camellia/build.info: fix typo
      SPARCv9 assembly pack: fine-tune run-time switch.
      crypto/ppccap.c: permit build with no-chacha and no-poly1305.
      crypto/ppccap.c: fix missing declaration warning.
      chacha/asm/chacha-x86.pl: make it compile on legacy systems.
      Remove obsolete defined(__INTEL__) condition.
      Android build fixes.
      ssl/record/rec_layer_s3.c: fix typo from previous commit.
      Tru64 fixes.
      Configurations/unix-Makefile.tmpl: don't count on -E -P.
      MIPS assembly pack: fix MIPS64 assembler warnings.
      Alpha assembly pack: make it work on Linux.
      test/evp_test.c: exercise different combinations of data misalignment.
      testlib/OpenSSL/Test.pm: address 5.10 warnings.
      poly1305/asm/poly1305-x86_64.pl: make it cross-compile.
      poly1305/asm/poly1305-x86_64.pl: contain symbols within shared lib.
      README.PERL: clarify "matching" Perl requirement on Windows.
      Configurations/windows-makefile.tmpl: expand environments early.
      IRIX fixes.
      Configure: make it work with Perl 5.10.
      Configure: adhere to $(CROSS_COMPILE)ranlib.
      util/mkdef.pl: omit ordinals from Windows DLLs.
      windows-makefile.tmpl: minor adjustments.
      Configure: replace which() with IPC::Cmd::can_run.
      MIPS64 assembly pack: add Poly1305 module.
      Configurations: engage MIPS64 Poly1305 module.
      crypto/des: remove obsolete functions.
      ARMv8 assembly pack: add OPENSSL_cleanse.
      test/evp_test.c: exercise in-place encryption.
      rand/randfile.c: remove _XOPEN_SOURCE definition.
      Add assembly CRYPTO_memcmp.
      Move Haiku configuration to separate config file to denote     the fact that it's community-supported target.
      Makefile.shared: revert Haiku support commit.
      Configure: pull 'which' back.
      bf/build.info: engage assembly module.
      bn/bn_exp.c: explain 'volatile' in MOD_EXP_CTIME_COPY_FROM_PREBUF.
      crypto/o_str.c: strerror_s is provided by specific compiler run-time,     not by OS [as was implied by guarding #if condition].
      crypto/o_str.c: add _GNU_SOURCE strerror_r case.
      include/openssl/e_os2.h: fix 'noreturn' pre-processor logic.
      SPARC assembly pack: add missing .type directives.
      poly1305/asm/poly1305-mips.pl: adhere to standard frame layout.
      Configure,test/recipes: "pin" glob to File::Glob::glob.
      x86_64 assembly pack: tolerate spaces in source directory name.
      chacha/chacha_enc.c: harmonize counter width with subroutine name.
      s390x assembly pack: improve portability.
      hmac/hmac.c: fix sizeof typo in hmac_ctx_cleanup.
      doc/crypto/OPENSSL_ia32cap.pod update.
      bn/bn_add.c: favour counted loops over ifs and breaks.
      perlasm/x86_64-xlate.pl: refactor argument parsing loop.
      perlasm/x86_64-xlate.pl: add commentary.
      aes/asm/aesp8-ppc.pl: add XTS subroutines.
      evp/e_aes.c: wire hardware-assisted XTS subroutines.
      test/evptests.txt: add more XTS tests.
      aes/asm/aesp8-ppc.pl: implement "tweak chaining".
      modes/asm/ghashp8-ppc.pl: improve performance by 2.7x.
      perlasm/x86*.pl: add endbranch instruction.
      aes/asm/bsaes-armv7.pl: fix XTS decrypt test failure.
      aes/asm/bsaes-armv7.pl: omit redundant stores in XTS subroutines.
      rand/randfile.c: remove obsolete commentary.
      crypto/cryptlib.c: omit OPENSSL_ia32cap_loc().
      Move OS-specific fopen quirks to o_fopen.c.
      rand/randfile.c: make it non-ASCII-savvy.
      ./config: detect x32-only environment.
      ./config: minor cleanup.
      perlasm/x86_64-xlate.pl: address errors and warnings in elderly perls.
      evp/evp_enc.c: check for partially[!] overlapping buffers     in EVP_EncryptUpdate and EVP_DecryptUpdate. It is argued that in     general case it's impossible to provide guarantee that partially[!]     overlapping buffers can be tolerated.
      evp/evp_enc.c: refine partial buffer overlap detection.
      Configurations/10-main.conf: fix PA-RISC commentary.
      windows-makefile.tmpl: don't use $? in library targets.
      unix-Makefile.tmpl: omit lib<rary>.a updates from directory targets.
      rsa/rsa_lib.c: const-ify RSA_get0_engine().
      engines/e_capi.c: accommodate recent DSA_SIG_[get|set]0 changes.
      SPARC assembly pack: enforce V8+ ABI constraints.
      SPARC assembly pack: enforce V8+ ABI constraints.
      include/openssl: don't include <windows.h> in public headers.
      crypto/x86[_64]cpuid.pl: add OPENSSL_ia32_rd[rand|seed]_bytes.
      crypto/LPdir_win.c: harmonize with o_fopen.c.
      crypto/LPdir_win.c: rationalize temporary allocations.
      INSTALL: clarify --cross-compile-prefix.
      aes/asm/aesfx-sparcv9.pl: add "teaser" CBC and CTR subroutines.
      evp/e_aes.c: wire new CBC and CTR subroutines from aesfx-sparcv9.
      SPARC assembly pack: enforce V8+ ABI constraints.
      aes/asm/aesfx-sparcv9.pl: switch to fshiftorx to improve single-block     and short-input performance.
      evp/evp_enc.c: make assert error message more readable     and add EVPerr(PARTIALLY_OVERLAPPED)
      test/smcont.txt: trigger assertion in bio_enc.c.
      evp/bio_enc.c: perform enc_read operation without using overlapping buffers.
      Configurations/unix-Makefile.tmpl: add LC_ALL=C to unify messages.
      Configurations/00-base-templates.conf: harmonize BASE_Windows.
      apps/openssl.c: UTF-y Windows argv.
      crypto/ui/ui_openssl.c: UTF-y Windows code path.

Ben Laurie (20):
      Fix no-engine no-ui.
      Fix enable-ssl-trace no-nextprotoneg.
      Fix no-gost no-srp no-ec no-dh.
      Add fuzzing!
      memset() doesn't take NULL.
      ok was uninitialised on failure.
      Fuzz everything with every input.
      Linkify libfuzzer.
      Add ct fuzzer.
      Add fuzz corpora.
      Make corpora binary.
      Omit corpora from tarball.
      Deal with API changes.
      Some interfaces may have IPv6 addresses even if an IPv6 address is not     "configured on the local system". Whatever that means. Example that is biting     me is loopback has ::1 as an address, but the network interface is v4 only.
      Run the fuzzing corpora as tests.
      Ensure that global dependencies are built first, even for parallell builds
      Fix various no-*s.
      peer_tmp doesn't exist if no-ec no-dh.
      Include what we use.

Benjamin Kaduk (3):
      Remove some OPENSSL_NO_SHA that snuck in
      Remove the never-functional no-sct
      Remove dead-code infinite loop

Brian Smith (1):
      Clarify use of |$end0| in stitched x86-64 AES-GCM code.

Cesar Pereida (3):
      Fix DSA, preserve BN_FLG_CONSTTIME
      Remove kq and set BN_FLG_CONSTTIME in k for BN_mod_inverse
      Set flag BN_FLG_CONSTTIME earlier

Christian Bundy (1):
      Update Diffie-Hellman parameters to IANA standards

Christian Heimes (1):
      Add getters for X509_STORE and X509_OBJECT members

Coty Sutherland (1):
      Resolve over command syntax error which causes 'make install' to fail

Cristian Stoica (2):
      do not remove links found in .git directory
      speed.c: fix segfault with unrecognized algorithms

Cynh (1):
      Fix SRP client key computation

David Benjamin (12):
      Avoid overflow issues in X509_cmp.
      Don't send signature algorithms when client_version is below TLS 1.2.
      Fix V2ClientHello handling.
      The NewSessionTicket message is not optional.
      Tighten up logic around ChangeCipherSpec.
      Make x86_64-xlate.pl 'use strict' clean.
      Make arm-xlate.pl set use strict.
      Make RSA key exchange code actually constant-time.
      Fix BN_is_prime* calls.
      Handle BN_mod_word failures.
      Fix DH error-handling in tls_process_key_exchange.
      Use sk_CONF_VALUE_pop_free in do_ext_nconf error path.

Davide Galassi (1):
      BIO socket connect failure was not handled correctly.     The state was always set to BIO_CONN_S_OK.

Dmitry Belyavsky (1):
      Don't use GOST ciphersuites with DTLS.

Dmitry-Me (2):
      Improve comment
      Properly own the duplicated string

Dr. Matthias St. Pierre (1):
      RT3925: Remove trailing semi from macro

Dr. Stephen Henson (94):
      Fix CRYPTO_clear_realloc() bug.
      Extensions to d2i_test.
      Harden ASN.1 BIO handling of large amounts of data.
      In d2i_test return error for malloc failure.
      add test for CVE-2016-2109
      *.der files are binary.
      Reject inappropriate private key encryption ciphers.
      Add size limit to X509_NAME structure.
      Sanity check buffer length.
      Add checks to X509_NAME_oneline()
      Fix i2d_X509_AUX: pp can be NULL.
      Fix ASN1_INTEGER handling.
      Add test for CVE-2016-2018
      add ASN1_INTEGER type to d2i_test
      Add ASN.1 INTEGER tests.
      Fix double free in d2i_PrivateKey().
      add documentation
      Fix Blake block length
      reject zero block length in PKCS12 keygen
      Fix name length limit check.
      support embed in ASN.1 print
      Always try to set ASN.1 parameters for CMS.
      Use default ASN.1 for SEED.
      Only set CMS parameter when encrypting
      Tidy up PKCS12_newpass() fix memory leaks.
      Constify PKCS12_newpass()
      Recognise VERBOSE and V as well as HARNESS_VERBOSE
      Add -srp option to ciphers command.
      Add a couple of checks to prime app.
      Add -signcert to CA.pl usage message.
      Update pkcs8 defaults.
      Don't leak memory if realloc fails.
      Restore support for ENGINE format keys in apps.
      Correctly check for trailing digest options.
      Fix signer option and support format SMIME.
      Correct documentation on digest used.
      Fix stack constification definitions.
      Don't load same config file twice.
      OID code tidy up.
      Use correct EOL in headers.
      Constify stack and lhash macros.
      Support for traditional format private keys.
      make update
      remove encrypt then mac ifdefs
      Support -no-CAfile -no-CApath in ctx2
      Add rfc822Mailbox to string table.
      return error in ct_move_scts()
      Parameter copy sanity checks.
      Tidy up OCSP print handling.
      Check for overflows in EOC.
      Don't skip leading zeroes in PSK keys.
      Fix omitted selector handling.
      Fix generation of expired CA certificate.
      fix 'set but not used' warning
      Reorganise asn1.h and add comments.
      Don't indicate errors during initial adb decode.
      Support PKCS v2.0 print in pkcs12 utility.
      Add nameConstraints commonName checking.
      make update
      Extend mkcert.sh to support nameConstraints generation and more complex     subject alternate names.
      Add OCSP accessors.
      make update
      check return values for EVP_Digest*() APIs
      Fix print of ASN.1 BIGNUM type.
      Check and print out boolean type properly.
      Send alert on CKE error.
      Sanity check in ssl_get_algorithm2().
      fix crypto-mdebug build
      Don't allocate r/s in DSA_SIG and ECDSA_SIG
      use correct name for duplicate
      Check suffixes properly.
      Add mask for newly created symlink.
      Clarify digest change in HMAC_Init_ex()
      Fix OOB read in TS_OBJ_print_bio().
      Send alert for bad DH CKE
      Use newest CRL.
      Remove current_method from X509_STORE_CTX
      Move X509_LU_RETRY, X509_LU_FAIL
      Use X509_LOOKUP_TYPE for lookup type consistently.
      Deprecate X509_LU_FAIL, X509_LU_RETRY
      Set error if EVP_CipherUpdate fails.
      Note cipher BIO write errors too.
      Fix CRL time comparison.
      print out MAC algorithm
      Add DSA_bits() function.
      make update
      Constify some X509_CRL functions.
      Constify some X509_CRL, X509_REQ functions.
      Document certificate and CRL time functions.
      Check for overflows in ASN1_object_size().
      Check for overlows and error return from ASN1_object_size()

Emilia Kasper (20):
      Document inversion ladder in curve25519
      Replace cipherlist test
      Appease ubsan
      Remove proxy tests. Add verify callback tests.
      Travis: update sanitizer configs
      Update client authentication tests
      RT 4242: reject invalid EC point coordinates
      Clean up following new SNI tests
      Port DTLS version negotiation tests
      SSL test: only write out server2 when testing SNI
      Make DSA_SIG and ECDSA_SIG getters const.
      base64 macro: parenthesize for clarity
      SSL test framework: port SNI tests
      SSL test framework: port NPN and ALPN tests
      Fix two bugs in clienthello processing
      SSL test framework: port resumption tests
      Test client-side resumption
      Make boolean SSL test conf values case-insensitive
      SSL tests: compress generated output a little
      Add memory sanitizer config, and run on travis.

FdaSilvaYY (97):
      various spelling fixes
      Fix an error code spelling.
      Add checks on CRYPTO_new_ex_data return value
      Add checks on CRYPTO_new_ex_data return value...     with some adaptation to new multi-threading API.
      BIO_free should call method->destroy before free'ing member fields
      Fix spelling in pod files
      GH932: Add more help messages to some apps options.
      Fix spelling
      fix tab-space mixed indentation
      Fix various methods declaration in pod file
      Fix some missing OBJ_dup failure checks.
      Unify <TYPE>_up_ref methods signature and behaviour.
      Few cleanups in s_client, s_server apps.
      Locally declare some variables
      Fix ts app help message
      Indent and dead code cleanup
      Remove useless NULL checks
      Fix and simplify error handling in (RSA/EC_kmeth)_new_method()
      Fix some malloc failure crashes on X509_STORE_CTX_set_ex_data
      Add checks on CRYPTO_set_ex_data return value     Fix possible leak in danetest.c
      Fix some missing inits
      Add more zalloc
      Raise an Err when CRYPTO_THREAD_lock_new fails
      Constify X509_OBJECT_get_type & X509_OBJECT_get0_X509
      Constify s2i_ASN1_INTEGER
      Constify s2i_ASN1_IA5STRING
      Constify ASN1_generate_v3
      Constify ASN1_generate_nconf
      Constify X509V3_EXT_*_conf*
      Fix some typos in pod files
      Constify some conf_mod.c internal methods
      Constify PKCS12_create, PKCS12_add_key, PKCS12_add_safe.
      Constify UI
      Constify CMS_get0_type input
      Constify some input buffers in asn1
      Constify asn1/asn_mime.c
      Constify X509_TRUST_add method.
      Constify input buffers of some X509V3 and X509_PURPOSE -related methods
      Spelling fixes
      Fix an MSVC warning.
      Missing NULL check on OBJ_dup result in x509_name_canon
      Useless includes
      Useless header include of openssl/rand.h
      Add a comment after some #endif at end of apps source code.
      Spelling... and more spelling
      Rework error handling from asn1_do_lock method.
      Add checks on sk_TYPE_push() returned result
      Whitespace cleanup in docs
      Whitespace cleanup in crypto
      Whitespace cleanup in ssl folder
      Whitespace cleanup in apps
      Use directly zalloc in OPENSSL_sk_dup and OPENSSL_sk_deep_copy
      Constify a bit more OPENSSL_sk_ API
      Add checks on sk_TYPE_push() returned value
      Fix some memory error handling in CT
      Improve some error management code in CT
      Fix mem error handling in PKCS7_simple_smimecap
      Use more X509_REQ_get0_pubkey & X509_get0_pubkey
      Simplify code related to tmp_email_dn.
      Fix double calls to strlen
      Code factorisation and simplification
      Simplify buffer limit checking, and reuse BIO_snprintf returned value.
      Fix a few if(, for(, while( inside code.
      Fix if/for/while( in docs
      Constify engine/eng_cnf.c internal method.
      Constify CMS_decrypt_set1_key input buffer
      Constify EC_KEY_*_oct2priv() input buffer
      Constify SXNET_add_id_*
      Constify ASN1_TYPE_get, ASN1_STRING_type, ASN1_STRING_to_UTF8, ASN1_TYPE_get_octetstring & co...
      Constify ASN1_buf_print
      Constify i2t_ASN1_OBJECT, i2d_ASN1_OBJECT, i2a_ASN1_OBJECT.
      Enforce and explicit some const casting
      Constify input parameters of methods :
      Constify i2s_ASN1_INTEGER, X509V3_get_d2i
      Constify (X509|X509V3|X509_CRL|X509_REVOKED)_get_ext_d2i ...
      Constify ...
      Constify ... X509|X509_CRL|X509_REVOKED|_get_ext*()
      Constify X509|X509_CRL|X509_REVOKED_get_ext
      Discard some unused typedefs
      Discard a dead option
      Unused variable cleanup
      Unused variable, and cleanups
      Typo and comment fix
      explicit init
      Discard BIO_set(BIO* bio) method
      Fix three missing global declarations.
      ECDH test is only one operation to run
      Fix sharing of two static variables
      Cast to right type, simplify array args
      Simplify default inits, add const qualifiers     Simplify some loops to reuse k variable
      Merge some conditional blocks of code.
      Fix some awkward tests
      Add missing help string
      Fix some style issues
      Useless allocation
      Fix some style issues...

Hannes Magnusson (1):
      Remove reduntant X509_STORE_CTX_set_verify_cb declaration

Hansruedi Patzen (1):
      Fix: failed to open config file if not specified when using CA commands

Insu Yun (1):
      Fix OpenSSL_memdup error handling

J Mohan Rao Arisankala (4):
      remove unused macros in list -disabled
      few missing allocation failure checks and releases on error paths
      fix check
      #4342: few missing malloc return checks and free in error paths

Jakub Zelenka (2):
      Add missing X509_set_proxy_flag num
      Add EVP_ENCODE_CTX_copy

Jeffrey Walton (2):
      Add documentation of PKCS12_newpass()
      Fixes to get -ansi working

Jiri Horky (1):
      RT3136: Remove space after issuer/subject

Joey Yandle (15):
      - remove insane heap walk and kernel loading code; clean up style and calling conventions
      remove all WINCE ifdefs
      fix endif comment
      OR flags with CRYPT_SILENT to really make sure no UI pops up
      cherry pick pr-512 changes
      remove RAND_screen and friends
      get rid of unnecessary include
      cherry pick pr-512 changes
      remove winrand.c entirely, nothing seems to reference it
      get rid of now empty #if
      add removed functions back as deprecated
      fix return value in docs
      update docs with descriptions and deprecation
      fix deprecation version number in docs
      set RAND_event and RAND_screen to deprecated in 1.1.0 in librypto.num

John Denker (1):
      RT2759: Don't read TTY when already at EOF.

Jon Loeliger (1):
      RT4639: Typo when -DSSL_DEBUG

Jonas Maebe (1):
      cryptodev_asym, zapparams: use OPENSSL_* allocation routines, handle errors

Kazuki Yamaguchi (5):
      Fix EC_KEY_set_private_key() to call key->group->meth->set_private()
      Add ex_data functions for X509_STORE
      GH975 Add ex_data functions for X509_STORE
      Fix NPN protocol name list validation
      Fix a NULL dereference in chacha20_poly1305_init_key()

Kirill Marinushkin (3):
      Fixed scripts order for generate_crypto_objects target
      Add aliases for des-ede-ecb and des-ede3-ecb ciphers.
      Fix engine cryptodev: pointer to IV

Kurt Cancemi (6):
      Fix typos in apps/enc.c     Reviewed-by: Richard Levitte <levitte at openssl.org>     Reviewed-by: Matt Caswell <matt at openssl.org>
      crypto/x509/x509_vpm.c: Simplify int_x509_param_set1()
      crypto/evp/e_aes_cbc_hmac_sha256.c: Remove spurious memset
      Remove pointless free loop in X509_PURPOSE_cleanup()
      Remove pointless free loop in X509_TRUST_cleanup()
      Fix hmac test case 6

Kurt Roeckx (34):
      Check that we have enough padding characters.
      session tickets: use more sizeof
      Avoid creating an illegal pointer
      Avoid creating an illegal pointer
      Avoid creating an illegal pointer
      Avoid creating an illegal pointer
      Avoid calling memcpy with lenght of 0
      Add support for fuzzing with AFL
      Specifiy size of arrays
      Avoid creating an illegal pointer
      Avoid creating an illegal pointer.
      Specify array sizes
      Don't compare a just free()d pointer
      include stdlib for malloc() and free()
      Avoid creating illegal pointers
      Initialize the session_id
      Update fuzz corpora
      buf2hexstr: properly deal with empty string
      Avoid creating an illegal pointer.
      Update fuzz corpora
      Avoid signed overflow
      Add X509 and CRL fuzzer
      Add x509 and crl corpora
      Make CRYPTO_num_locks() return 1
      Add old locking constants back
      Re-add x509 and crl fuzzer
      Return error when trying to print invalid ASN1 integer
      fuzzers: print and convert it back
      Check for errors allocating the error strings.
      Cast to an unsigned type before negating
      Add all publicly avaiable asn1 types to the asn1 fuzzer.
      Add Hurd shared extension
      Skip non-existing files.
      Fix typo of BN_zero()

Laszlo Kovacs (1):
      RT3720 Increment session miss counter properly

Marek Klein (1):
      DEFINE_STACK_OF(ASN1_UTF8STRING) moved from ts_lcl.h to asn1.h

Mat (8):
      Fixes non __GNUC__ compilation
      Fix strdup macro redefinition
      Fix: PEM_read_bio_PrivateKey with no-ui / no-stdio
      Updates from review     Reviewed-by: Matt Caswell <matt at openssl.org>     Reviewed-by: Rich Salz <rsalz at openssl.org>
      Use BCryptGenRandom on Windows 7 or higher
      Define USE_BCRYPT
      Adds casts for 64-bit
      Added define for STATUS_SUCCESS

Matt Caswell (258):
      Prepare for 1.1.0-pre6-dev
      Fix no-dgram on Windows
      Cascade no-dgram from no-sock in Configure not e_os.h
      Don't use select on Windows
      Include winsock2.h even if compiling no-sock
      Fix no-sock on Windows
      Fix no-ui on Windows
      Fix some code maintenance issues
      Remove some dead code
      Fix missing break in option parsing
      Add missing return value checks
      Add missing return value check in pkcs8 app
      Fix a missing return value check in v3_addr
      Remove some unused argc assignments
      Remove some unneccessary assignments to argc
      Fix no-ocsp on Windows (and probably VMS)
      Fix no-cmac on Windows/VMS
      Fix the indentation of OPENSSL_NO_STDIO in pem.h
      Fix no-dsa on Windows/VMS
      Fix capi engine for no-dsa
      Don't set peer_tmp until we have finished constructing it
      Ensure we check i2d_X509 return val
      Fix passwd seg fault
      Fix BIO_CTRL_DUP for an SSL BIO
      split_send_fragment should always be less than or equal to max_send_fragment
      Close the accept socket on error
      Don't leak memory on failure to create a mem BIO
      Free a BIGNUM on error in BN_mpi2bn
      Don't leak memory on error in BN_generate_prime_ex
      Don't leak memory on error in cms_RecipientInfo_pwri_crypt
      Don't leak EVP_MD_CTX on error path
      Check that we were actually allocated BIGNUMs in dsa_builtin_paramgen2
      Don't leak resource on error in OCSP_url_svcloc_new
      Don't leak memory on error in b2i_rsa
      Don't leak memory on error in i2b_PVK
      Don't leak memory on error in PKCS12_key_gen_uni
      Free memory on error in PKCS7_dataFinal()
      Don't leak an ASN1_OCTET_STRING on error in rsa_cms_encrypt
      Free an ASN1_OBJECT in an error path
      Don't leak memory on error path in dane_ctx_enable()
      Fix a leak in i2b_PVK
      Don't free the BIGNUM passed to BN_mpi2bn
      Client side CKE processing can double free on error
      A call to RSA_set0_key had the arguments in the wrong order
      Remove some dead code
      Fix building with -DCHARSET_EBCDIC
      Add the ability to test EBCDIC builds
      Fix a build error with strict-warnings and CHARSET_EBCDIC
      Fix the tests to work with EBCDIC
      Fix EBCDIC problem in conf_def.h
      Misc tweaks for EBCDIC based on feedback received
      The x509_name_canon function doesn't check for an error return
      Check for failed malloc in BIO_ADDR_new
      Check for a NULL return value from a call to X509_STORE_CTX_new()
      Avoid a NULL ptr deref if group is not set
      Don't use an uninitialised variable in srp application
      Remove some dead code from EC_GROUP_check()
      Fix some X509_STORE macros
      Fix encrypt overflow
      Prevent EBCDIC overread for very long strings
      Avoid overflow in EVP_EncodeUpdate
      Ensure EVP_EncodeUpdate handles an output length that is too long
      Add documentation for EVP_EncodeInit() and similar functions
      Update CHANGES and NEWS for the new release
      Remove stale errors from early connection attempts in a client
      Fix the no-tls option
      Handle malloc failures in BIO_accept
      Improve heartbeats coding style
      Handle no async jobs in libssl
      Free any existing SRTP connection profile
      Fix BIO_eof() for BIO pairs
      Make null_compression const
      Add some additional NewSessionTicket tests
      Add some documentation of SSL_CTX_set_tlsext_status_type()
      Workaround an IO::Socket::IP bug
      Remove an unneccessary check of cipher
      Correct documentation error
      Remove repeated condition from if in X509_NAME_oneline
      Fix some out of date comments
      There is only one read buffer
      Use the current record offset in ssl3_get_record
      Fix RSA dasync engine bug
      Add a comment to explain the use of |num_recs|
      Add some check for malloc failure in the CAPI engine
      Fix some malloc failures in b_addr.c
      Better checks for malloc failure in various METHOD functions
      Add some error messages for malloc fails
      Check that the obtained public key is valid
      Simplify SSL BIO buffering logic
      Ensure async IO works with new state machine
      Add an async io test
      Fix Windows 64 bit crashes
      Use strerror_r()/strerror_s() instead of strerror() where possible
      Add error return for OPENSSL_INIT_set_config_filename()
      Fix error return value in SRP functions
      Fix a mem leak on an error path in OBJ_NAME_add()
      The ssl3_digest_cached_records() function does not handle errors properly
      Fix some suspect warnings on Windows
      Fix some issues in b_print.c code
      Fix implementation of "e" and "g" formats for printing floating points
      Prevent an overflow when trying to print excessively big floats
      Add a test for printing floating point format specifiers
      Silence some "may be uninitialized when used" warning
      Fix some s_server issues on Windows
      Fix s_client/s_server waiting for stdin on Windows
      Fix intermittent windows failures in TLSProxy tests
      Avoid msys name mangling
      make update
      OpenBSD doesn't have ucontext.h so don't try and include it
      req command incorrectly displays the bits for an EC key
      Add dhparam sanity check and update DH_check documentation
      Fix printing of DH Parameters
      Don't leak X509_OBJECT in an error path
      Free an X509_CRL in an error path
      Ensure BIGNUM is freed in an error path
      Free a BIO_ADDR if DTLSv1_listen return <=0
      Free allocated password strings on exit
      Ensure an ASN1_OBJECT is freed in error paths
      Free tempory data on error in ec_wNAF_mul()
      Free memory on error in cms app
      Free buffer on error in a2i_ASN1_INTEGER()
      Free a temporary buffer used by dsaparam application
      Fix memory leak in crl2pkcs7 app
      Don't leak memory in v2i_AUTHORITY_KEYID
      Don't leak memory from notice_section function on error path
      Don't leak memory in v2i_POLICY_MAPPINGS() on error path
      Don't leak memory on ASN1_GENERALIZEDTIME_adj() error path
      Don't leak memory on ASN1_item_pack() error path
      Don't leak memory on X509_TRUST_add() error path
      Don't leak memory on int X509_PURPOSE_add() error path
      Don't leak memory on set_reasons() error path
      Fix test failures when using enable-ubsan
      Bring the README file up to date
      Update NOTES.WIN
      Tweaks to NOTES.PERL
      Further update CONTRIBUTING
      Add a paragraph on documentation to CONTRIBUTING
      Update INSTALL instructions
      Handle a memory allocation failure in ssl3_init_finished_mac()
      BIO_printf() can fail to print the last character
      Fix documentation error in x509 app certopt flag
      Simplify dsa_ossl.c
      Deprecate the flags that switch off constant time
      Document the issue with threads and dlopen()
      Return the value of tlsext_status_type in the return not arg
      Add SSL_CTX_get_tlsext_status_type()
      Add documentation for the newly added SSL_get_tlsext_status_type()
      Add an SSL get/set test
      Fix BN_mod_word bug
      Add a BN_mod_word test()
      Fix pipelining bug
      Reject out of context empty records
      Add empty record tests
      Expand SSL_CTX_set_default_verify_paths() documentation
      Fix no-dtls* builds
      Fix seg fault in TS_RESP_verify_response()
      Fix an error path leak in do_ext_nconf()
      Fix an error path leak in int X509_ATTRIBUTE_set1_data()
      Handle inability to create AFALG socket
      Ensure SSL_set_session clears the old session from cache if it is bad
      Add some session API tests
      Update the SSL_set_session() documentation
      Update sslapitest to use the test framework
      Add some missing return value checks
      make update
      Fix comment
      Add missing break statement
      Avoid a double-free in crl2pl7
      Free memory on an error path
      Remove an unused variable assignment
      Change the return type of EVP_EncodeUpdate
      Fix the build and tests following constification of DH, DSA, RSA
      Skip the TLSProxy tests if environmental problems are an issue
      Revert "RT4526: Call TerminateProcess, not ExitProcess"
      no-ripemd is an alias for no-rmd160
      Change default directory for storing the .rnd file on Windows
      Avoid type punning warnings in b_addr.c
      constify SRP
      Improve const correctness for stacks of EVP_MD
      Replace 4 casts with 1
      OpenBSD has intypes.h
      Use a STACK_OF(OPENSSL_CSTRING) for const char * stacks
      Fix ASN1_STRING_to_UTF8 could not convert NumericString
      Add a getter to obtain the HMAC_CTX md
      Add some documentation for missing HMAC functions
      Ensure HMAC key gets cleansed after use
      Fix some OPENSSL_API_COMPAT values
      Fix one more instance of incorrect OPENSSL_API_COMPAT value
      Ensure read records are marked as read
      Add a test for fragmented alerts
      Add some compat macros for removed tmp RSA functions/macros
      Cleanup documentation for removed functionality
      Convert memset calls to OPENSSL_cleanse
      Avoid an overflow in constructing the ServerKeyExchange message
      Use the SSL_METHODs passed to create_ssl_ctx_pair()
      Disallow multiple protocol flags to s_server and s_client
      Fix strict-warnings build
      Fix mingw build
      Prepare the client certificate earlier
      Fix Client Auth tests
      Fix SSLv3 ClientAuth alert checking
      Fix SSLv3 alert if no Client Ceritifcate sent after a request for one
      Make sure we call ssl3_digest_cached_records() when necessary
      Fix client auth test_ssl_new failures when enabling/disabling protocols
      Simplify key_exchange_expected() logic
      Try and make the transition tests for CKE message clearer
      Ensure Travis tests SSLv3
      Fix formatting in statem_srvr.c based on review feedback
      Reduce the scope of some variables in tls_process_client_key_exchange()
      Split out PSK preamble and RSA from process CKE code
      Split out DHE from process CKE code
      Split out ECDHE from process CKE code
      Split out GOST from process CKE code
      Remove the f_err lable from tls_process_client_key_exchange()
      Errors fix up following break up of CKE processing
      Fix bug with s2n et al macros
      Narrow the scope of local variables in tls_construct_client_key_exchange()
      Split out CKE construction PSK pre-amble and RSA into a separate function
      Split out DHE CKE construction into a separate function
      Split out DHE CKE construction into a separate function
      Split out GOST CKE construction into a separate function
      Split out SRP CKE construction into a separate function
      Some tidy ups after the CKE construction refactor
      Fix up error codes after splitting up tls_construct_key_exchange()
      Refactor Identity Hint handling
      Remove sessions from external cache, even if internal cache not used.
      Add more session tests
      Narrow scope of locals vars in tls_process_key_exchange()
      Move the PSK preamble for tls_process_key_exchange()
      Split out the PSK preamble from tls_process_key_exchange()
      Split out SRP from tls_process_key_exchange()
      Split out DHE from tls_process_key_exchange()
      Split out ECDHE from tls_process_key_exchange()
      Tidy up tls_process_key_exchange()
      Update error codes following tls_process_key_exchange() refactor
      Fix building with no-cms
      Never expose ssl->bbio in the public API.
      Fix no-ct
      Fix no-dtls*
      Fix no-tls1_2
      Make the checks for an SSLv2 style record stricter
      Add a test for SSL_set_bio()
      Don't double free the write bio
      Fix BIO_push ref counting for SSL BIO
      Fix BIO_pop for SSL BIOs
      Add some SSL BIO tests
      Simplify and rename SSL_set_rbio() and SSL_set_wbio()
      Update the SSL_set_bio()/SSL_set0_rbio()/SSL_set0_wbio() docs
      Fix bogus warnings
      Fix crash as a result of MULTIBLOCK
      Fix param order in RSA_get0_key
      Fix bad result in i2b_PVK()
      Some minor tweaks to the fuzzing docs
      Fix tests for no-nextprotoneg
      Fix date in CHANGES
      make update
      Prepare for 1.1.0-pre6 release

Michel (1):
      Fix missing IDEA renames (windows build)

Miroslav Franc (1):
      fix memory leaks

Nathaniel McCallum (2):
      Add EVP_PKEY_get0_hmac() function
      Teach EVP_PKEY_HMAC keys how to EVP_PKEY_cmp()

Paul Kehrer (1):
      Make header signature of CRYPTO_mem_leaks BIO instead of struct bio_st

Pauli (1):
      Fix threading issue that at best will leak memory

Peter Mosmans (1):
      RT3454: Re-enable nistp-64_gcc_128 on windows

Petr Vaněk (1):
      Fix typo

Phillip Hellewell (1):
      RT3053: Check for NULL before dereferencing

Rainer Jung (1):
      Fix warnings installing pod files

Rich Salz (93):
      Copyright consolidation: perl files
      Update copyright; generated files.
      Copyright consolidation; .pm and Configure
      Copyright consolidation script
      Unified copyright for test recipes
      Fix NULL deref in apps/pkcs7
      Add asn1_mac
      Handle multi-line "written by/for" comments.
      GH875: Document -no_check_time     Date:   Tue Mar 15 15:19:44 2016 +0100
      Tweak generated warning lines.
      Script changed; update the generated file.
      Move 3DES from HIGH to MEDIUM
      Missing credit in CHANGES
      Recommend GH over RT, per team vote.
      Fix uninitialized variable
      Use app_malloc; two missing cases.
      Use OPENSSL_hexchar2int
      Copyright consolidation 01/10
      Copyright consolidation 02/10
      Copyright consolidation 03/10
      Copyright consolidation 04/10
      Copyright consolidation 06/10
      Copyright consolidation 07/10
      Copyright consolidation 08/10
      Copyright consolidation 09/10
      Copyright consolidation 05/10
      X509_STORE_CTX accessors.
      Manual fixes after copyright consolidation
      Consolidate copyright for demos
      Ensure =cut is last line in every file.
      Remove needless license terms (for docs)
      Add copyright to manpages
      Add copyright
      Fix nits in pod files.
      Rename lh_xxx,sk_xxx tp OPENSSL_{LH,SK}_xxx
      Doc nits cleanup, round 2
      Add OpenSSL copyright to .pl files
      Remove INSTALL.WCE and refs to it.
      Remove unused error/function codes.
      GH919: Fix wrappers for two headers
      RT4539: Add section for renamed ciphers.
      RT4337: Crash in DES
      Fix some RAND bugs
      Add final(?) set of copyrights.
      Remove/rename some old files.
      Fix various doc nits.
      Fix nits in crypto.pod,ssl.pod
      Remove NOEXIST entries
      GH1123: sort dir before rehash
      More utils cleanup.
      RT3895: Remove fprintf's from SSL library.
      Ignore buildtest artifacts.
      Fix re-used function code
      Remove extra include's in synopsis.
      More doc nits
      Add script to find undocumented API
      Fix some GitHub issues.
      Nit about pod filenames
      Unify d2i/i2d documentation.
      Add some accessor API's
      Write X509_dup, PEM_read, etc.
      Clean up "generic" intro pod files.
      More API docs; small changes.
      Make a2i_ipadd an internal function
      GH1183: Fix -unix and -connect, etc., override
      Avoid memory leaks if options repeated.
      RT3809: basicConstraints is critical
      Missed some copyright merge
      GH1141: Different fix, preferred by Richard.
      RT4562: Fix misleading doc on OPENSSL_config
      (Temporarily) don't download clang package
      RT4526: Call TerminateProcess, not ExitProcess
      Fix build break.
      Fix GCC build; make update; fix number re-use
      Avoid using latest clang since repo not available
      More doc cleanup
      RT2867: des_ede3_cfb1 ignored "size in bits" flag
      Add -ciphers flag to enc command
      RT2964: Fix it via doc
      Revert "RT2964: Fix it via doc"
      RT2964: Fix it via doc
      RT2680: Public EC key is shown as private
      RT4586: Remove RSA_memory_lock; unused, not needed
      Restore clang builds in travis.yml
      Cleanup obj_dat.h, obj_dat.pl
      Update fuzz/README.md
      Add OPENSSL_NO_EC wrapper
      Replace all #define's in pod pages.
      GH1278: Removed error code for alerts
      Platform sanity test
      Update ordinals
      RT4593: Add space after comma (doc nits)
      Various doc fixes.

Richard J. Moore (5):
      Make some more X509 functions const.
      Ignore the serial number for now and just do the rest.
      Fix the docs too
      Const EC_KEY_dup
      Const the ex data stuff too to fix warnings

Richard Levitte (227):
      Build: Make 'test' depend on 'tests'
      Only allow Microsoft assembler with no-asm on Windows
      Typo, asoutflag -> perlasm_scheme
      Remove --classic build entirely
      Travis: _srcdist, not _srcdir
      Update the Configurations READMEs
      Add a best effort test to check shared library consistency
      Warn when doing an out-of-source build and finding in-source build artifacts
      Build system: add include directories and dependencies for generators
      Document the enhancements for DEPEND and INCLUDE and use a better example
      RSA, DSA, DH: Allow some given input to be NULL on already initialised keys
      Documentation the changed {RSA,DSA,DH}_set0_* functionality change
      Make BIO_sock_error return a proper error code when getsockopt fails
      Fix BIO_set_nbio_accept()
      apps/progs.pl: don't make digests disablable by default
      make update
      VMS: It seems DEC C doesn't handle certain header files quite right
      VMS: only explicitely translate names in library C files.
      Change 'struct bio_st' in all public header where applicable
      Remove BIO_dummy, it's old cruft
      Skip blank lines if old copyright comment was removed, and only then
      Adjust a last few generators to new license boilerplate and C code style
      Add the adjusted perl scripts to the set of "update" scripts
      make update
      Remove personal configs from version control
      Add the possibility to have an extra local OpenSSL configs directory
      Add the possibility for local build file templates
      Document the addition of OPENSSL_LOCAL_CONFIG_DIR
      Try 'make install' with one of the Travis configurations
      Allow spaces in filenames when using perl's glob
      Check return of PEM_write_* functions and report possible errors
      Complete the list of names in doc/ssl/SSL_CTX_load_verify_locations.pod
      VMS: support VERBOSE and V in descrip.mms
      Add NULL check in i2d_PrivateKey()
      Fix VMS/openssl_{startup,shutddown}.com.in
      Have [.VMS]openssl_{startup,shutdown}.com depend on respective *.in
      Restore the ERR_remove_thread_state() API and make it a no-op
      Fix the docs for ERR_remove_thread_state and ERR_remove_state
      make update
      Add a case for 64-bit OS X in config
      Remove openssl.spec
      Move the DJGPP target to its own config.
      DJGPP adjustments
      Windows: When installing libraries and executables, install .pdb files as well
      VMS perl: Fix glob output
      openssl_{startup,shutdown}.com.in are in the source directory
      Small MSVC build fixes.
      Windows: Add CRYPT32.LIB to the libraries to link you app with
      Add missing initialiser in e_chil.c
      Add support for RC / WINDRES env variables
      Don't require any length of password when decrypting
      Documentation: Clarify sizes for UI_add_input_string()
      Make it possible to have RFC2254 escapes with ASN1_STRING_print_ex()
      make update
      Document the esc_2254 command line name option
      Fix util/mkerr.pl
      Cleanup openssl.ec
      Small typo, a tab where there should have been a space
      Documentation processor in perl, for platforms that don't have sh
      Use the process_docs script to install docs on Windows and VMS
      Fixup READLINE case
      VMS: setbuf() only takes 32-bit pointers
      Clean up the VMS hacks in crypto/rand/randfile.c
      Have doc-nit-check look for mandatory manual sections
      Add the missing NAME header in the OCSP docs
      Add a missing comma in OPENSSL_malloc.pod
      process_docs.pl: When starting to read a new head1 section, remove previous text
      HTML docs on Unix: Add a HTML title
      Improve the checking of pod sections
      util/process_docs.pl: Add more debugging output
      Complete the rename of LHASH functions and types
      Windows: shut DEL up
      Slight cleanup of the collection of READMEs, INSTALLs and NOTES
      VMS: remove last VAX vestiges
      Make sure to initialize all CA.pl variables properly
      Make sure tsget and c_rehash are named with .pl suffix on Windows and VMS
      Make sure tsget.pl and c_rehash.pl get installed on VMS and Windows.
      Install the scripts the same way on Windows and VMS as on Unix
      VMS: show the ossl_dataroot logical as well when doing "mms debug_logicals"
      Windows notes: add a few lines on gaining admin privs for installing
      Communicate Configure generated header files to build files
      Complete the list of files to clean up on Windows
      Configure: To allow file names with spaces, tokenize with respect for quotes
      build.info files: add quotes around any spec that may contain spaces
      Make sure crypto-mdebug-backtrace must be enabled explicitely
      Don't clean away headers generated by Configure
      Handle Visual C warning about non-standard function names.
      Allow space in PERL spec (unix only)
      Configure: handle spaces in source directory spec
      Windows makefile: handle the case with space in source directory
      perl glob: make sure to put quotes around the pattern, in case of spaces
      make sure to put quotes around -config argument, in case of spaces
      Fix fmtstr for BIO_printf() et al
      Remove internal functions OPENSSL_strcasecmp and OPENSSL_strncasecmp
      make update
      Change a call of OPENSSL_strcasecmp to strcasecmp
      Make sure max in fmtstr() doesn't overflow into negativity
      perl: use the 'if' module to conditionally load File::Glob
      Testing symbol presence: also take note of small objects
      Add a warning about using enable-crypto-mdebug-backtrace
      perl: refactor .pod name section extractor into its own module
      Build the 'openssl rehash' command on VMS version 8.3 and up
      tests: clean up temporary SSL session files.
      Generate simple build test files
      Add inclusion of openssl/x509.h in include/openssl/tls1.h
      Add inclusion of stdlib.h in include/openssl/mdc2.h
      Change inclusion of sys/types.h to stdlib.h in include/openssl/ebcdic.h
      Windows build: Remove .manifest files in test/ as well
      Have some more test recipes clean up after themselves
      Make 25-test_gen.t and 25-test_req.t into one
      Add developer targets for each subdirectory we have something to build in
      Clean away the last unixmake vestiges
      Configure: complete the changed fuzz option checks
      tests: Shut the shell up unless verbose
      Fix the directory target generation
      tests: fix the shutting up of the shell
      Ignore tsget.pl and c_rehash.pl, as well as other compiler generated files
      Docs: install generic manpages to man section 7
      Shorten some symbol names
      Configure: Make it possible to generate mandatory header files
      Move the Configure generated header files to the top build.info
      Build file templates: make sure to depend on generated header files
      Add a developer target 'build_generated' to rebuild mandatory headers
      VMS: use BLDDIR rather than BUILDDIR in descrip.mms.tmpl
      Always check that the value returned by asn1_do_adb() is non-NULL
      Change (!seqtt) to (seqtt == NULL)
      Constify the parameter getters for RSA, DSA and DH
      Deal with the consequences of constifying getters
      Harmonise the different build files
      Change default directory for the .rnd file on Windows and VMS
      Change the RAND_file_name documentation accordingly
      apps/req.c: Increment the right variable when parsing '+'
      Check that the subject name in a proxy cert complies to RFC 3820
      Fix proxy certificate pathlength verification
      Allow proxy certs to be present when verifying a chain
      make update
      Make it possible to generate proxy certs with test/certs/mkcert.sh
      Create some proxy certificates
      Add verification of proxy certs to 25-test_verify.t
      OpenSSL::Test: Fix directory calculations in __cwd()
      Travis: When testing install, install docs as well
      Appveyor: test install as well, via a fake deploy_script
      OpenSSL::Test: Fix directory calculations in __cwd()
      Build files: don't generate empty action lines in generatedir()
      Windows: Make DESTDIR work
      Remove the envvar hack to enable proxy cert processing
      Windows: Recreate the $prefix variable
      Make build.info INCLUDE stmts be both source and build tree relative
      Simplify INCLUDE statements in build.info files
      Deal with pod2html issues, in this case the lack of .html suffix in links
      Add the missing pointer_size information on VMS configs
      Pass down correct information to the VMS startup script templates
      Have the VMS shared library file names contain the shared version
      Install the openssl app with version number on VMS
      Fix some VMS inconsistencies
      VMS: Add installation verification procedure
      perl: Separate compile-time environment from runtime environment
      Stop using and deprecate ENGINE_setup_bsd_cryptodev
      make update
      VMS: arch in config.com was mistakenly made process global
      VMS: make sure there's a file extension when creating files
      Make 'build_libs' build shared libraries as well
      Versioning engines default location: the Windows case
      Versioning engines default location: the Unix case
      Versioning engines default location: the VMS case
      VMS: defined the logical name OPENSSL at all times
      Windows: make some vars in windows-makefile.tmpl reachable again
      VMS: correct post-install instructions
      Reorganize .gitignore to make better use of its features
      Unix: Set the execute permission on installed shared libraries
      VMS: openssl_ivp must call versioned openssl_startup and openssl_utils
      VMS: Simplify the spec of the default certs & keys area.
      VMS: Present OPENSSLDIR according to the VMS setup.
      VMS: Document the changed logical names in VMS/openssl_staryup.com.in
      VMS: OSSL$EXE: needs to reflect that programs are installed in two places
      VMS: Small cleanups
      VMS: Adjust the engines directory by adding the pointer size to its name
      Windows: take care of manifest files
      Install applink.c with the public header files.
      Small fixes in unix-Makefile.tmpl
      Windows: allow input and output flags to end with a space, or not
      Fix ASN.1 private encode of EC_KEY to not change the input key
      Fix: dummy definition of rand_hw_seed() should also return int
      Add back lost copyright and license text in LPdir_win.c
      Remove the silly CVS markers from LPdir_*.c
      Make fuzzer and fuzz tester builds less magic
      build.info: implement PROGRAM_NO_INST, and dito for ENGINES, SCRIPTS, LIBS
      Document the _NO_INST variants
      Adapt the build files to the new "install" hash table
      Use _NO_INST in some build.info files
      Don't make a difference between building test programs and other programs
      Fixup collision between SSL_F_TLS_PROCESS_SKE and SSL_F_TLS_PROCESS_CKE macros
      Fixup a few SSLerr calls in ssl/statem/
      make update
      Have the Travis builds do a "make update"
      Convert the last uses of sockaddr in apps/* to use BIO_ADDR instead
      Fix forgotten goto
      Define a few internal macros for easy use of run_once functions
      Change all our uses of CRYPTO_THREAD_run_once to use RUN_ONCE instead
      make update
      Document the slight change in ERR_get_next_error_library()
      Document the slight change in CRYPTO_mem_ctrl()
      VMS: fix typo, shared libraries have the extension .EXE, not .OLB
      Install shared libraries in runtime install
      VMS: Rearrange installation targets for shared libraries
      Have load_buildtin_compression in ssl/ssl_ciph.c return RUN_ONCE result
      Correct misspelt OPENSSL_NO_SRP
      Make it possible for external code to flag a certificate as a proxy one.
      Properly initialise the internal proxy certificate path length cache
      Add getters / setters for the X509_STORE_CTX and X509_STORE functions
      Add setter and getter for X509_STORE's check_policy
      Document the X509_STORE and X509_STORE_CTX setters and getters
      make update
      Add X509_STORE lock and unlock functions
      Make it possible for external code to set the certiciate proxy path length
      Update the example in proxy_certificates.txt
      Fix return values of do_passwd() in apps/passwd.c
      Forgotten make update
      All of ssldirs installation should be done by the install_ssldirs target
      Don't overwrite existing installed openssl.cnf
      In 80-test_ssl_new, more "plan tests" to a more useful position
      80-test_ssl_new.t: only skip on $no_tls if no other skip conditions defined
      VMS: If configured no-shared, don't provide shareable image logical names
      VMS: make sure to provide an absolute source directory for pod2html
      INSTALL: Add missing details on VMS installation results
      INSTALL: Make the use of [, ], { and } consistent and explain it
      Don't check any revocation info on proxy certificates

Rob Percival (3):
      Fix potential access of null pointer (pp)
      Test SCT lists
      Tests should check validation status directly

Roumen Petrov (1):
      Use include paths to our source before any other cflags

Sebastian Andrzej Siewior (1):
      utils/mkdir-p: check if dir exists also after mkdir failed

Sergio Garcia Murillo (1):
      GH356: Change assert to normal error

Steffan Karger (1):
      const correctness: make HMAC_size() take a const *

Steffen Nurpmeso (1):
      RT4627: Doc patch: fix constant names

Steven Valdez (1):
      Adding missing BN_CTX_(start/end) in crypto/ec/ec_key.c

TJ Saunders (12):
      Issue #719:
      Remove confusing comment.
      session tickets: Use sizeof() for the various fields
      Use AES256 for the default encryption algoritm for TLS session tickets
      Add an SSL_SESSION accessor for obtaining the protocol version number, with     accompanying documentation.
      Add requested HISTORY section, remove copy/pastos, per review feedback.
      Remove null check, per review feedback.  Note this in the docs.
      Ensure that the EVP_MD_meth_new docs properly match the declared functions;     it looks like these names have shifted a little over time.
      Implement DSA_SIG_set0() and ECDSA_SIG_set0(), for setting signature values.
      Reorder the setter arguments to more consistently match that of other APIs,     per review comments.
      Forgot to update the setter argument ordering in the public headers.
      Ensure that NULL r and s parameters cannot be set on DSA_SIG/ECDSA_SIGs.

Todd Short (9):
      Secure memory fixes
      Add text/x509aux to gitignore
      Add buf-freelists to deprecated options
      Clean up RAND_bytes() calls
      Fix braces in e_aes.c: aes_init_key
      Fix ssl_cert_set0_chain invalid pointer
      Always use session_ctx when removing a session
      Fix session ticket and SNI
      OCSP_request_add0_id() inconsistent error return

Viktor Dukhovni (23):
      Enabled DANE only when at least one TLSA RR was added
      make update
      API compat macros for renamed X509_STORE_CTX functions
      Added missing X509_STORE_CTX_set_error_depth() accessor
      make update
      Future proof build_chain() in x509_vfy.c
      Fix set0 reuse test
      Implement X509_STORE_CTX_set_current_cert() accessor
      make update
      Drop duplicate  ctx->verify_cb assignment
      Fix i2d_X509_AUX, update docs and add tests
      Fix TLSProxy race by adding missing eval
      Fold threads.h into crypto.h making API public
      Clarify negative return from X509_verify_cert()
      Ensure verify error is set when X509_verify_cert() fails
      Improve and document low-level PEM read routines
      make update
      When strict SCT fails record verification failure
      Silence misleading test_abort stderr output
      Drop extraneous printf argument in mkcert.sh
      Don't rely on implicit rsa.h inclusion
      Perform DANE-EE(3) name checks by default
      Make update

Viktor Szakats (3):
      NOTES.WIN: use secure urls     Reviewed-by: Matt Caswell <matt at openssl.org>     Reviewed-by: Rich Salz <rsalz at openssl.org>     (Merged from https://github.com/openssl/openssl/pull/1175)
      ssl.h: spelling in comment     Reviewed-by: Matt Caswell <matt at openssl.org>     Reviewed-by: Rich Salz <rsalz at openssl.org>     (Merged from https://github.com/openssl/openssl/pull/1275)
      rsa.c: fix incorrect guard for pvk-* options

Wim Lewis (1):
      Additional CMS content types from RFC 4073, RFC 5083, and RFC 5084.

hesiod (1):
      Make OPENSSL_die as noreturn

huangqinjin (5):
      fix BN_hex2bn()/BN_dec2bn() memory leak
      Update the documentation of BN_hex2bn()
      doc and comment fixes
      Make ossl_ecdh_compute_key() return a boolean
      Make x25519_compute_key() return a boolean

isnotnick (1):
      RT3513: req doesn't display attributes using utf8string

jfigus (1):
      Propagate tlsext_status_type from SSL_CTX to SSL

mmiyashita (1):
      segmentation fault with 'openssl s_client -prexit -keymatexport'

mrpre (3):
      add return value for expand
      fix code formatting
      Cleanup after sk_push fail

russor (1):
      zero pad DHE public key in ServerKeyExchange message for interop


More information about the openssl-commits mailing list