[openssl-commits] [openssl] OpenSSL_1_1_0-pre6 create
Matt Caswell
matt at openssl.org
Thu Aug 4 14:18:58 UTC 2016
The annotated tag OpenSSL_1_1_0-pre6 has been created
at 04a54629c2bb904e9bd9a1d98381b1259147cc0d (tag)
tagging 2f554efe20d1fe05b242f41f593362965ae89912 (commit)
replaces OpenSSL_1_1_0-pre5
tagged by Matt Caswell
on Thu Aug 4 15:00:44 2016 +0100
- Log -----------------------------------------------------------------
OpenSSL 1.1.0-pre6 release tag
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJXo0qMAAoJENnE0m0OYESRgVAIAK+BAvJKlFEDgmeyXXffcDJT
Gxbf856um65DN5eeKzIj69IqFFC1c+EI9Dy6YACYndiOXrG4O9sfOFYmpnkaUh68
8Wcqmobat3sl29FknMhRoq3KfavyPp4jIDOVV+6j2bspPawP9r6/094/usQFhyKD
w7q6D+l4hkfjGqcQ3R8RNTLh7RxrIcOT1GgiwmOYLh3u6tywEK5NuAx3hg6Q4KZ4
DpmXZC9R/SWkuX1pN+nOpBYMCqilWoaCXFb9OnETjdkxAlbQrn2T1brCVni1sLsB
OrTXpcM79ccxrIt4Q6Ks77jTPDvObuSKZIHTg+KU/hj7tfS0yPBkLR1om0WT82U=
=aQJk
-----END PGP SIGNATURE-----
Alessandro Ghedini (5):
Increment size limit for ClientHello messages
Add SSL_client_version() getter function
Do not access SSL struct directly in TLS1_get_version and TLS1_get_client_version macros
Add SSL_get_tlsext_status_type() method
Fix printing private EC_KEY
Alex Gaynor (1):
Add comment about X509_print
Andrea Grandi (1):
Fix error in the loop of ECDH
Andreas Karlsson (1):
Fix broken loading of client CAs
Andy Polyakov (101):
poly1305/asm/poly1305-x86_64.pl: not all assemblers manage << in constants.
perlasm/x86_64-xlate.pl: make latest ml64 work.
Configuration: add unsupported masm target.
Add AES assembly module for Fujitsu SPARC64 X/X+.
sparcv9cap.c: add Fujitsu SPARC64 X AES capability detection.
evp/aes_aes.c: engage Fujitsu SPARC64 X AES support.
Configurations: fix typo in 50-masm.conf.
chacha/asm/chacha-ppc.pl: get misalignment corner case right on big-endian.
crypto/sparc_arch.h: reserve more SPARCv9 capability bits.
s390x assembly pack: cache capability query results.
crypto/poly1305/asm: chase overflow bit on x86 and ARM platforms.
camellia/build.info: fix typo
SPARCv9 assembly pack: fine-tune run-time switch.
crypto/ppccap.c: permit build with no-chacha and no-poly1305.
crypto/ppccap.c: fix missing declaration warning.
chacha/asm/chacha-x86.pl: make it compile on legacy systems.
Remove obsolete defined(__INTEL__) condition.
Android build fixes.
ssl/record/rec_layer_s3.c: fix typo from previous commit.
Tru64 fixes.
Configurations/unix-Makefile.tmpl: don't count on -E -P.
MIPS assembly pack: fix MIPS64 assembler warnings.
Alpha assembly pack: make it work on Linux.
test/evp_test.c: exercise different combinations of data misalignment.
testlib/OpenSSL/Test.pm: address 5.10 warnings.
poly1305/asm/poly1305-x86_64.pl: make it cross-compile.
poly1305/asm/poly1305-x86_64.pl: contain symbols within shared lib.
README.PERL: clarify "matching" Perl requirement on Windows.
Configurations/windows-makefile.tmpl: expand environments early.
IRIX fixes.
Configure: make it work with Perl 5.10.
Configure: adhere to $(CROSS_COMPILE)ranlib.
util/mkdef.pl: omit ordinals from Windows DLLs.
windows-makefile.tmpl: minor adjustments.
Configure: replace which() with IPC::Cmd::can_run.
MIPS64 assembly pack: add Poly1305 module.
Configurations: engage MIPS64 Poly1305 module.
crypto/des: remove obsolete functions.
ARMv8 assembly pack: add OPENSSL_cleanse.
test/evp_test.c: exercise in-place encryption.
rand/randfile.c: remove _XOPEN_SOURCE definition.
Add assembly CRYPTO_memcmp.
Move Haiku configuration to separate config file to denote the fact that it's community-supported target.
Makefile.shared: revert Haiku support commit.
Configure: pull 'which' back.
bf/build.info: engage assembly module.
bn/bn_exp.c: explain 'volatile' in MOD_EXP_CTIME_COPY_FROM_PREBUF.
crypto/o_str.c: strerror_s is provided by specific compiler run-time, not by OS [as was implied by guarding #if condition].
crypto/o_str.c: add _GNU_SOURCE strerror_r case.
include/openssl/e_os2.h: fix 'noreturn' pre-processor logic.
SPARC assembly pack: add missing .type directives.
poly1305/asm/poly1305-mips.pl: adhere to standard frame layout.
Configure,test/recipes: "pin" glob to File::Glob::glob.
x86_64 assembly pack: tolerate spaces in source directory name.
chacha/chacha_enc.c: harmonize counter width with subroutine name.
s390x assembly pack: improve portability.
hmac/hmac.c: fix sizeof typo in hmac_ctx_cleanup.
doc/crypto/OPENSSL_ia32cap.pod update.
bn/bn_add.c: favour counted loops over ifs and breaks.
perlasm/x86_64-xlate.pl: refactor argument parsing loop.
perlasm/x86_64-xlate.pl: add commentary.
aes/asm/aesp8-ppc.pl: add XTS subroutines.
evp/e_aes.c: wire hardware-assisted XTS subroutines.
test/evptests.txt: add more XTS tests.
aes/asm/aesp8-ppc.pl: implement "tweak chaining".
modes/asm/ghashp8-ppc.pl: improve performance by 2.7x.
perlasm/x86*.pl: add endbranch instruction.
aes/asm/bsaes-armv7.pl: fix XTS decrypt test failure.
aes/asm/bsaes-armv7.pl: omit redundant stores in XTS subroutines.
rand/randfile.c: remove obsolete commentary.
crypto/cryptlib.c: omit OPENSSL_ia32cap_loc().
Move OS-specific fopen quirks to o_fopen.c.
rand/randfile.c: make it non-ASCII-savvy.
./config: detect x32-only environment.
./config: minor cleanup.
perlasm/x86_64-xlate.pl: address errors and warnings in elderly perls.
evp/evp_enc.c: check for partially[!] overlapping buffers in EVP_EncryptUpdate and EVP_DecryptUpdate. It is argued that in general case it's impossible to provide guarantee that partially[!] overlapping buffers can be tolerated.
evp/evp_enc.c: refine partial buffer overlap detection.
Configurations/10-main.conf: fix PA-RISC commentary.
windows-makefile.tmpl: don't use $? in library targets.
unix-Makefile.tmpl: omit lib<rary>.a updates from directory targets.
rsa/rsa_lib.c: const-ify RSA_get0_engine().
engines/e_capi.c: accommodate recent DSA_SIG_[get|set]0 changes.
SPARC assembly pack: enforce V8+ ABI constraints.
SPARC assembly pack: enforce V8+ ABI constraints.
include/openssl: don't include <windows.h> in public headers.
crypto/x86[_64]cpuid.pl: add OPENSSL_ia32_rd[rand|seed]_bytes.
crypto/LPdir_win.c: harmonize with o_fopen.c.
crypto/LPdir_win.c: rationalize temporary allocations.
INSTALL: clarify --cross-compile-prefix.
aes/asm/aesfx-sparcv9.pl: add "teaser" CBC and CTR subroutines.
evp/e_aes.c: wire new CBC and CTR subroutines from aesfx-sparcv9.
SPARC assembly pack: enforce V8+ ABI constraints.
aes/asm/aesfx-sparcv9.pl: switch to fshiftorx to improve single-block and short-input performance.
evp/evp_enc.c: make assert error message more readable and add EVPerr(PARTIALLY_OVERLAPPED)
test/smcont.txt: trigger assertion in bio_enc.c.
evp/bio_enc.c: perform enc_read operation without using overlapping buffers.
Configurations/unix-Makefile.tmpl: add LC_ALL=C to unify messages.
Configurations/00-base-templates.conf: harmonize BASE_Windows.
apps/openssl.c: UTF-y Windows argv.
crypto/ui/ui_openssl.c: UTF-y Windows code path.
Ben Laurie (20):
Fix no-engine no-ui.
Fix enable-ssl-trace no-nextprotoneg.
Fix no-gost no-srp no-ec no-dh.
Add fuzzing!
memset() doesn't take NULL.
ok was uninitialised on failure.
Sort.
Fuzz everything with every input.
Linkify libfuzzer.
Add ct fuzzer.
Add fuzz corpora.
Make corpora binary.
Omit corpora from tarball.
Deal with API changes.
Some interfaces may have IPv6 addresses even if an IPv6 address is not "configured on the local system". Whatever that means. Example that is biting me is loopback has ::1 as an address, but the network interface is v4 only.
Run the fuzzing corpora as tests.
Ensure that global dependencies are built first, even for parallell builds
Fix various no-*s.
peer_tmp doesn't exist if no-ec no-dh.
Include what we use.
Benjamin Kaduk (3):
Remove some OPENSSL_NO_SHA that snuck in
Remove the never-functional no-sct
Remove dead-code infinite loop
Brian Smith (1):
Clarify use of |$end0| in stitched x86-64 AES-GCM code.
Cesar Pereida (3):
Fix DSA, preserve BN_FLG_CONSTTIME
Remove kq and set BN_FLG_CONSTTIME in k for BN_mod_inverse
Set flag BN_FLG_CONSTTIME earlier
Christian Bundy (1):
Update Diffie-Hellman parameters to IANA standards
Christian Heimes (1):
Add getters for X509_STORE and X509_OBJECT members
Coty Sutherland (1):
Resolve over command syntax error which causes 'make install' to fail
Cristian Stoica (2):
do not remove links found in .git directory
speed.c: fix segfault with unrecognized algorithms
Cynh (1):
Fix SRP client key computation
David Benjamin (12):
Avoid overflow issues in X509_cmp.
Don't send signature algorithms when client_version is below TLS 1.2.
Fix V2ClientHello handling.
The NewSessionTicket message is not optional.
Tighten up logic around ChangeCipherSpec.
Make x86_64-xlate.pl 'use strict' clean.
Make arm-xlate.pl set use strict.
Make RSA key exchange code actually constant-time.
Fix BN_is_prime* calls.
Handle BN_mod_word failures.
Fix DH error-handling in tls_process_key_exchange.
Use sk_CONF_VALUE_pop_free in do_ext_nconf error path.
Davide Galassi (1):
BIO socket connect failure was not handled correctly. The state was always set to BIO_CONN_S_OK.
Dmitry Belyavsky (1):
Don't use GOST ciphersuites with DTLS.
Dmitry-Me (2):
Improve comment
Properly own the duplicated string
Dr. Matthias St. Pierre (1):
RT3925: Remove trailing semi from macro
Dr. Stephen Henson (94):
Fix CRYPTO_clear_realloc() bug.
Extensions to d2i_test.
Harden ASN.1 BIO handling of large amounts of data.
In d2i_test return error for malloc failure.
add test for CVE-2016-2109
*.der files are binary.
Reject inappropriate private key encryption ciphers.
Add size limit to X509_NAME structure.
Sanity check buffer length.
Add checks to X509_NAME_oneline()
Fix i2d_X509_AUX: pp can be NULL.
Fix ASN1_INTEGER handling.
Add test for CVE-2016-2018
add ASN1_INTEGER type to d2i_test
Add ASN.1 INTEGER tests.
Fix double free in d2i_PrivateKey().
add documentation
Fix Blake block length
reject zero block length in PKCS12 keygen
Fix name length limit check.
support embed in ASN.1 print
Always try to set ASN.1 parameters for CMS.
typo
Use default ASN.1 for SEED.
Only set CMS parameter when encrypting
Tidy up PKCS12_newpass() fix memory leaks.
Constify PKCS12_newpass()
Recognise VERBOSE and V as well as HARNESS_VERBOSE
Typo.
Add -srp option to ciphers command.
Add a couple of checks to prime app.
Add -signcert to CA.pl usage message.
Update pkcs8 defaults.
typo
Don't leak memory if realloc fails.
Restore support for ENGINE format keys in apps.
Correctly check for trailing digest options.
Fix signer option and support format SMIME.
Correct documentation on digest used.
Fix stack constification definitions.
Don't load same config file twice.
OID code tidy up.
Use correct EOL in headers.
Constify stack and lhash macros.
Support for traditional format private keys.
make update
remove encrypt then mac ifdefs
Support -no-CAfile -no-CApath in ctx2
Add rfc822Mailbox to string table.
return error in ct_move_scts()
Parameter copy sanity checks.
Tidy up OCSP print handling.
Check for overflows in EOC.
Don't skip leading zeroes in PSK keys.
Fix omitted selector handling.
Fix generation of expired CA certificate.
fix 'set but not used' warning
Reorganise asn1.h and add comments.
Don't indicate errors during initial adb decode.
Support PKCS v2.0 print in pkcs12 utility.
Add nameConstraints commonName checking.
make update
Extend mkcert.sh to support nameConstraints generation and more complex subject alternate names.
Add OCSP accessors.
make update
check return values for EVP_Digest*() APIs
Fix print of ASN.1 BIGNUM type.
Check and print out boolean type properly.
Send alert on CKE error.
Sanity check in ssl_get_algorithm2().
fix crypto-mdebug build
Don't allocate r/s in DSA_SIG and ECDSA_SIG
use correct name for duplicate
Check suffixes properly.
Add mask for newly created symlink.
Clarify digest change in HMAC_Init_ex()
Fix OOB read in TS_OBJ_print_bio().
Send alert for bad DH CKE
Use newest CRL.
Remove current_method from X509_STORE_CTX
Move X509_LU_RETRY, X509_LU_FAIL
Use X509_LOOKUP_TYPE for lookup type consistently.
Deprecate X509_LU_FAIL, X509_LU_RETRY
Set error if EVP_CipherUpdate fails.
Note cipher BIO write errors too.
Fix CRL time comparison.
print out MAC algorithm
Add DSA_bits() function.
make update
Constify some X509_CRL functions.
Constify some X509_CRL, X509_REQ functions.
Document certificate and CRL time functions.
Check for overflows in ASN1_object_size().
Check for overlows and error return from ASN1_object_size()
Emilia Kasper (20):
Document inversion ladder in curve25519
Replace cipherlist test
Appease ubsan
Remove proxy tests. Add verify callback tests.
Travis: update sanitizer configs
Update client authentication tests
RT 4242: reject invalid EC point coordinates
Clean up following new SNI tests
Port DTLS version negotiation tests
SSL test: only write out server2 when testing SNI
Make DSA_SIG and ECDSA_SIG getters const.
base64 macro: parenthesize for clarity
SSL test framework: port SNI tests
SSL test framework: port NPN and ALPN tests
Fix two bugs in clienthello processing
SSL test framework: port resumption tests
Test client-side resumption
Make boolean SSL test conf values case-insensitive
SSL tests: compress generated output a little
Add memory sanitizer config, and run on travis.
FdaSilvaYY (97):
various spelling fixes
Fix an error code spelling.
Add checks on CRYPTO_new_ex_data return value
Add checks on CRYPTO_new_ex_data return value... with some adaptation to new multi-threading API.
BIO_free should call method->destroy before free'ing member fields
Fix spelling in pod files
GH932: Add more help messages to some apps options.
Fix spelling
fix tab-space mixed indentation
Fix various methods declaration in pod file
Fix some missing OBJ_dup failure checks.
Unify <TYPE>_up_ref methods signature and behaviour.
Few cleanups in s_client, s_server apps.
Locally declare some variables
Fix ts app help message
Indent and dead code cleanup
Remove useless NULL checks
Fix and simplify error handling in (RSA/EC_kmeth)_new_method()
Fix some malloc failure crashes on X509_STORE_CTX_set_ex_data
Add checks on CRYPTO_set_ex_data return value Fix possible leak in danetest.c
Fix some missing inits
Add more zalloc
Raise an Err when CRYPTO_THREAD_lock_new fails
Constify X509_OBJECT_get_type & X509_OBJECT_get0_X509
Constify s2i_ASN1_INTEGER
Constify s2i_ASN1_IA5STRING
Constify ASN1_generate_v3
Constify ASN1_generate_nconf
Constify X509V3_EXT_*_conf*
Fix some typos in pod files
Constify some conf_mod.c internal methods
Constify PKCS12_create, PKCS12_add_key, PKCS12_add_safe.
Constify UI
Constify CMS_get0_type input
Constify some input buffers in asn1
Constify asn1/asn_mime.c
Constify X509_TRUST_add method.
Constify input buffers of some X509V3 and X509_PURPOSE -related methods
Spelling fixes
Fix an MSVC warning.
Missing NULL check on OBJ_dup result in x509_name_canon
Useless includes
Useless header include of openssl/rand.h
Add a comment after some #endif at end of apps source code.
Spelling... and more spelling
Rework error handling from asn1_do_lock method.
Add checks on sk_TYPE_push() returned result
Spelling
Whitespace cleanup in docs
Whitespace cleanup in crypto
Whitespace cleanup in ssl folder
Whitespace cleanup in apps
Use directly zalloc in OPENSSL_sk_dup and OPENSSL_sk_deep_copy
Constify a bit more OPENSSL_sk_ API
Add checks on sk_TYPE_push() returned value
Fix some memory error handling in CT
Improve some error management code in CT
Fix mem error handling in PKCS7_simple_smimecap
Use more X509_REQ_get0_pubkey & X509_get0_pubkey
Simplify code related to tmp_email_dn.
Fix double calls to strlen
Code factorisation and simplification
Simplify buffer limit checking, and reuse BIO_snprintf returned value.
Fix a few if(, for(, while( inside code.
Fix if/for/while( in docs
Constify engine/eng_cnf.c internal method.
Constify CMS_decrypt_set1_key input buffer
Constify EC_KEY_*_oct2priv() input buffer
Constify SXNET_add_id_*
Constify ASN1_TYPE_get, ASN1_STRING_type, ASN1_STRING_to_UTF8, ASN1_TYPE_get_octetstring & co...
Constify ASN1_buf_print
Constify i2t_ASN1_OBJECT, i2d_ASN1_OBJECT, i2a_ASN1_OBJECT.
Enforce and explicit some const casting
Constify input parameters of methods :
Constify i2s_ASN1_INTEGER, X509V3_get_d2i
Constify (X509|X509V3|X509_CRL|X509_REVOKED)_get_ext_d2i ...
Constify ...
Constify ... X509|X509_CRL|X509_REVOKED|_get_ext*()
Constify X509|X509_CRL|X509_REVOKED_get_ext
Discard some unused typedefs
Discard a dead option
Unused variable cleanup
Unused variable, and cleanups
Typo and comment fix
explicit init
Discard BIO_set(BIO* bio) method
Fix three missing global declarations.
ECDH test is only one operation to run
Fix sharing of two static variables
Cast to right type, simplify array args
Simplify default inits, add const qualifiers Simplify some loops to reuse k variable
Merge some conditional blocks of code.
Fix some awkward tests
Add missing help string
Fix some style issues
Useless allocation
Fix some style issues...
Hannes Magnusson (1):
Remove reduntant X509_STORE_CTX_set_verify_cb declaration
Hansruedi Patzen (1):
Fix: failed to open config file if not specified when using CA commands
Insu Yun (1):
Fix OpenSSL_memdup error handling
J Mohan Rao Arisankala (4):
remove unused macros in list -disabled
few missing allocation failure checks and releases on error paths
fix check
#4342: few missing malloc return checks and free in error paths
Jakub Zelenka (2):
Add missing X509_set_proxy_flag num
Add EVP_ENCODE_CTX_copy
Jeffrey Walton (2):
Add documentation of PKCS12_newpass()
Fixes to get -ansi working
Jiri Horky (1):
RT3136: Remove space after issuer/subject
Joey Yandle (15):
- remove insane heap walk and kernel loading code; clean up style and calling conventions
remove all WINCE ifdefs
fix endif comment
OR flags with CRYPT_SILENT to really make sure no UI pops up
cherry pick pr-512 changes
remove RAND_screen and friends
get rid of unnecessary include
cherry pick pr-512 changes
remove winrand.c entirely, nothing seems to reference it
get rid of now empty #if
add removed functions back as deprecated
fix return value in docs
update docs with descriptions and deprecation
fix deprecation version number in docs
set RAND_event and RAND_screen to deprecated in 1.1.0 in librypto.num
John Denker (1):
RT2759: Don't read TTY when already at EOF.
Jon Loeliger (1):
RT4639: Typo when -DSSL_DEBUG
Jonas Maebe (1):
cryptodev_asym, zapparams: use OPENSSL_* allocation routines, handle errors
Kazuki Yamaguchi (5):
Fix EC_KEY_set_private_key() to call key->group->meth->set_private()
Add ex_data functions for X509_STORE
GH975 Add ex_data functions for X509_STORE
Fix NPN protocol name list validation
Fix a NULL dereference in chacha20_poly1305_init_key()
Kirill Marinushkin (3):
Fixed scripts order for generate_crypto_objects target
Add aliases for des-ede-ecb and des-ede3-ecb ciphers.
Fix engine cryptodev: pointer to IV
Kurt Cancemi (6):
Fix typos in apps/enc.c Reviewed-by: Richard Levitte <levitte at openssl.org> Reviewed-by: Matt Caswell <matt at openssl.org>
crypto/x509/x509_vpm.c: Simplify int_x509_param_set1()
crypto/evp/e_aes_cbc_hmac_sha256.c: Remove spurious memset
Remove pointless free loop in X509_PURPOSE_cleanup()
Remove pointless free loop in X509_TRUST_cleanup()
Fix hmac test case 6
Kurt Roeckx (34):
Check that we have enough padding characters.
session tickets: use more sizeof
Avoid creating an illegal pointer
Avoid creating an illegal pointer
Avoid creating an illegal pointer
Avoid creating an illegal pointer
Avoid calling memcpy with lenght of 0
Add support for fuzzing with AFL
Specifiy size of arrays
Avoid creating an illegal pointer
Avoid creating an illegal pointer.
Specify array sizes
Don't compare a just free()d pointer
include stdlib for malloc() and free()
Avoid creating illegal pointers
Initialize the session_id
Update fuzz corpora
buf2hexstr: properly deal with empty string
Avoid creating an illegal pointer.
Update fuzz corpora
Avoid signed overflow
Add X509 and CRL fuzzer
Add x509 and crl corpora
Make CRYPTO_num_locks() return 1
Add old locking constants back
Re-add x509 and crl fuzzer
Return error when trying to print invalid ASN1 integer
fuzzers: print and convert it back
Check for errors allocating the error strings.
Cast to an unsigned type before negating
Add all publicly avaiable asn1 types to the asn1 fuzzer.
Add Hurd shared extension
Skip non-existing files.
Fix typo of BN_zero()
Laszlo Kovacs (1):
RT3720 Increment session miss counter properly
Marek Klein (1):
DEFINE_STACK_OF(ASN1_UTF8STRING) moved from ts_lcl.h to asn1.h
Mat (8):
Fixes non __GNUC__ compilation
Fix strdup macro redefinition
Fix: PEM_read_bio_PrivateKey with no-ui / no-stdio
Updates from review Reviewed-by: Matt Caswell <matt at openssl.org> Reviewed-by: Rich Salz <rsalz at openssl.org>
Use BCryptGenRandom on Windows 7 or higher
Define USE_BCRYPT
Adds casts for 64-bit
Added define for STATUS_SUCCESS
Matt Caswell (258):
Prepare for 1.1.0-pre6-dev
Fix no-dgram on Windows
Cascade no-dgram from no-sock in Configure not e_os.h
Don't use select on Windows
Include winsock2.h even if compiling no-sock
Fix no-sock on Windows
Fix no-ui on Windows
Fix some code maintenance issues
Remove some dead code
Fix missing break in option parsing
Add missing return value checks
Add missing return value check in pkcs8 app
Fix a missing return value check in v3_addr
Remove some unused argc assignments
Remove some unneccessary assignments to argc
Fix no-ocsp on Windows (and probably VMS)
Fix no-cmac on Windows/VMS
Fix the indentation of OPENSSL_NO_STDIO in pem.h
Fix no-dsa on Windows/VMS
Fix capi engine for no-dsa
Don't set peer_tmp until we have finished constructing it
Ensure we check i2d_X509 return val
Fix passwd seg fault
Fix BIO_CTRL_DUP for an SSL BIO
split_send_fragment should always be less than or equal to max_send_fragment
Close the accept socket on error
Don't leak memory on failure to create a mem BIO
Free a BIGNUM on error in BN_mpi2bn
Don't leak memory on error in BN_generate_prime_ex
Don't leak memory on error in cms_RecipientInfo_pwri_crypt
Don't leak EVP_MD_CTX on error path
Check that we were actually allocated BIGNUMs in dsa_builtin_paramgen2
Don't leak resource on error in OCSP_url_svcloc_new
Don't leak memory on error in b2i_rsa
Don't leak memory on error in i2b_PVK
Don't leak memory on error in PKCS12_key_gen_uni
Free memory on error in PKCS7_dataFinal()
Don't leak an ASN1_OCTET_STRING on error in rsa_cms_encrypt
Free an ASN1_OBJECT in an error path
Don't leak memory on error path in dane_ctx_enable()
Fix a leak in i2b_PVK
Don't free the BIGNUM passed to BN_mpi2bn
Client side CKE processing can double free on error
A call to RSA_set0_key had the arguments in the wrong order
Remove some dead code
Fix building with -DCHARSET_EBCDIC
Add the ability to test EBCDIC builds
Fix a build error with strict-warnings and CHARSET_EBCDIC
Fix the tests to work with EBCDIC
Fix EBCDIC problem in conf_def.h
Misc tweaks for EBCDIC based on feedback received
The x509_name_canon function doesn't check for an error return
Check for failed malloc in BIO_ADDR_new
Check for a NULL return value from a call to X509_STORE_CTX_new()
Avoid a NULL ptr deref if group is not set
Don't use an uninitialised variable in srp application
Remove some dead code from EC_GROUP_check()
Fix some X509_STORE macros
Fix encrypt overflow
Prevent EBCDIC overread for very long strings
Avoid overflow in EVP_EncodeUpdate
Ensure EVP_EncodeUpdate handles an output length that is too long
Add documentation for EVP_EncodeInit() and similar functions
Update CHANGES and NEWS for the new release
Remove stale errors from early connection attempts in a client
Fix the no-tls option
Handle malloc failures in BIO_accept
Improve heartbeats coding style
Handle no async jobs in libssl
Free any existing SRTP connection profile
Fix BIO_eof() for BIO pairs
Make null_compression const
Add some additional NewSessionTicket tests
Add some documentation of SSL_CTX_set_tlsext_status_type()
Workaround an IO::Socket::IP bug
Remove an unneccessary check of cipher
Correct documentation error
Remove repeated condition from if in X509_NAME_oneline
Fix some out of date comments
There is only one read buffer
Use the current record offset in ssl3_get_record
Fix RSA dasync engine bug
Add a comment to explain the use of |num_recs|
Add some check for malloc failure in the CAPI engine
Fix some malloc failures in b_addr.c
Better checks for malloc failure in various METHOD functions
Add some error messages for malloc fails
Check that the obtained public key is valid
Simplify SSL BIO buffering logic
Ensure async IO works with new state machine
Add an async io test
Fix Windows 64 bit crashes
Use strerror_r()/strerror_s() instead of strerror() where possible
Add error return for OPENSSL_INIT_set_config_filename()
Fix error return value in SRP functions
Fix a mem leak on an error path in OBJ_NAME_add()
The ssl3_digest_cached_records() function does not handle errors properly
Fix some suspect warnings on Windows
Fix some issues in b_print.c code
Fix implementation of "e" and "g" formats for printing floating points
Prevent an overflow when trying to print excessively big floats
Add a test for printing floating point format specifiers
Silence some "may be uninitialized when used" warning
Fix some s_server issues on Windows
Fix s_client/s_server waiting for stdin on Windows
Fix intermittent windows failures in TLSProxy tests
Avoid msys name mangling
make update
OpenBSD doesn't have ucontext.h so don't try and include it
req command incorrectly displays the bits for an EC key
Add dhparam sanity check and update DH_check documentation
Fix printing of DH Parameters
Don't leak X509_OBJECT in an error path
Free an X509_CRL in an error path
Ensure BIGNUM is freed in an error path
Free a BIO_ADDR if DTLSv1_listen return <=0
Free allocated password strings on exit
Ensure an ASN1_OBJECT is freed in error paths
Free tempory data on error in ec_wNAF_mul()
Free memory on error in cms app
Free buffer on error in a2i_ASN1_INTEGER()
Free a temporary buffer used by dsaparam application
Fix memory leak in crl2pkcs7 app
Don't leak memory in v2i_AUTHORITY_KEYID
Don't leak memory from notice_section function on error path
Don't leak memory in v2i_POLICY_MAPPINGS() on error path
Don't leak memory on ASN1_GENERALIZEDTIME_adj() error path
Don't leak memory on ASN1_item_pack() error path
Don't leak memory on X509_TRUST_add() error path
Don't leak memory on int X509_PURPOSE_add() error path
Don't leak memory on set_reasons() error path
Fix test failures when using enable-ubsan
Bring the README file up to date
Update CONTRIBUTING
Update NOTES.WIN
Tweaks to NOTES.PERL
Further update CONTRIBUTING
Add a paragraph on documentation to CONTRIBUTING
Update INSTALL instructions
Handle a memory allocation failure in ssl3_init_finished_mac()
BIO_printf() can fail to print the last character
Fix documentation error in x509 app certopt flag
Simplify dsa_ossl.c
Deprecate the flags that switch off constant time
Document the issue with threads and dlopen()
Return the value of tlsext_status_type in the return not arg
Add SSL_CTX_get_tlsext_status_type()
Add documentation for the newly added SSL_get_tlsext_status_type()
Add an SSL get/set test
Fix BN_mod_word bug
Add a BN_mod_word test()
Fix pipelining bug
Reject out of context empty records
Add empty record tests
Expand SSL_CTX_set_default_verify_paths() documentation
Fix no-dtls* builds
Fix seg fault in TS_RESP_verify_response()
Fix an error path leak in do_ext_nconf()
Fix an error path leak in int X509_ATTRIBUTE_set1_data()
Handle inability to create AFALG socket
Ensure SSL_set_session clears the old session from cache if it is bad
Add some session API tests
Update the SSL_set_session() documentation
Update sslapitest to use the test framework
Add some missing return value checks
make update
Fix comment
Add missing break statement
Avoid a double-free in crl2pl7
Free memory on an error path
Remove an unused variable assignment
Change the return type of EVP_EncodeUpdate
Fix the build and tests following constification of DH, DSA, RSA
Skip the TLSProxy tests if environmental problems are an issue
Revert "RT4526: Call TerminateProcess, not ExitProcess"
no-ripemd is an alias for no-rmd160
Change default directory for storing the .rnd file on Windows
Avoid type punning warnings in b_addr.c
constify SRP
Improve const correctness for stacks of EVP_MD
Replace 4 casts with 1
OpenBSD has intypes.h
Use a STACK_OF(OPENSSL_CSTRING) for const char * stacks
Fix ASN1_STRING_to_UTF8 could not convert NumericString
Add a getter to obtain the HMAC_CTX md
Add some documentation for missing HMAC functions
Ensure HMAC key gets cleansed after use
Fix some OPENSSL_API_COMPAT values
Fix one more instance of incorrect OPENSSL_API_COMPAT value
Ensure read records are marked as read
Add a test for fragmented alerts
Add some compat macros for removed tmp RSA functions/macros
Cleanup documentation for removed functionality
Convert memset calls to OPENSSL_cleanse
Avoid an overflow in constructing the ServerKeyExchange message
Use the SSL_METHODs passed to create_ssl_ctx_pair()
Disallow multiple protocol flags to s_server and s_client
Fix strict-warnings build
Fix mingw build
Prepare the client certificate earlier
Fix Client Auth tests
Fix SSLv3 ClientAuth alert checking
Fix SSLv3 alert if no Client Ceritifcate sent after a request for one
Make sure we call ssl3_digest_cached_records() when necessary
Fix client auth test_ssl_new failures when enabling/disabling protocols
Simplify key_exchange_expected() logic
Try and make the transition tests for CKE message clearer
Ensure Travis tests SSLv3
Fix formatting in statem_srvr.c based on review feedback
Reduce the scope of some variables in tls_process_client_key_exchange()
Split out PSK preamble and RSA from process CKE code
Split out DHE from process CKE code
Split out ECDHE from process CKE code
Split out GOST from process CKE code
Remove the f_err lable from tls_process_client_key_exchange()
Errors fix up following break up of CKE processing
Fix bug with s2n et al macros
Narrow the scope of local variables in tls_construct_client_key_exchange()
Split out CKE construction PSK pre-amble and RSA into a separate function
Split out DHE CKE construction into a separate function
Split out DHE CKE construction into a separate function
Split out GOST CKE construction into a separate function
Split out SRP CKE construction into a separate function
Some tidy ups after the CKE construction refactor
Fix up error codes after splitting up tls_construct_key_exchange()
Refactor Identity Hint handling
Remove sessions from external cache, even if internal cache not used.
Add more session tests
Narrow scope of locals vars in tls_process_key_exchange()
Move the PSK preamble for tls_process_key_exchange()
Split out the PSK preamble from tls_process_key_exchange()
Split out SRP from tls_process_key_exchange()
Split out DHE from tls_process_key_exchange()
Split out ECDHE from tls_process_key_exchange()
Tidy up tls_process_key_exchange()
Update error codes following tls_process_key_exchange() refactor
Fix building with no-cms
Never expose ssl->bbio in the public API.
Fix no-ct
Fix no-dtls*
Fix no-tls1_2
Make the checks for an SSLv2 style record stricter
Add a test for SSL_set_bio()
Don't double free the write bio
Fix BIO_push ref counting for SSL BIO
Fix BIO_pop for SSL BIOs
Add some SSL BIO tests
Simplify and rename SSL_set_rbio() and SSL_set_wbio()
Update the SSL_set_bio()/SSL_set0_rbio()/SSL_set0_wbio() docs
Fix bogus warnings
Fix crash as a result of MULTIBLOCK
Fix param order in RSA_get0_key
Fix bad result in i2b_PVK()
Some minor tweaks to the fuzzing docs
Fix tests for no-nextprotoneg
Fix date in CHANGES
make update
Prepare for 1.1.0-pre6 release
Michel (1):
Fix missing IDEA renames (windows build)
Miroslav Franc (1):
fix memory leaks
Nathaniel McCallum (2):
Add EVP_PKEY_get0_hmac() function
Teach EVP_PKEY_HMAC keys how to EVP_PKEY_cmp()
Paul Kehrer (1):
Make header signature of CRYPTO_mem_leaks BIO instead of struct bio_st
Pauli (1):
Fix threading issue that at best will leak memory
Peter Mosmans (1):
RT3454: Re-enable nistp-64_gcc_128 on windows
Petr Vaněk (1):
Fix typo
Phillip Hellewell (1):
RT3053: Check for NULL before dereferencing
Rainer Jung (1):
Fix warnings installing pod files
Rich Salz (93):
Copyright consolidation: perl files
Update copyright; generated files.
Copyright consolidation; .pm and Configure
Copyright consolidation script
Unified copyright for test recipes
Fix NULL deref in apps/pkcs7
Add asn1_mac
Handle multi-line "written by/for" comments.
GH875: Document -no_check_time Date: Tue Mar 15 15:19:44 2016 +0100
Tweak generated warning lines.
Script changed; update the generated file.
Move 3DES from HIGH to MEDIUM
Missing credit in CHANGES
Recommend GH over RT, per team vote.
Fix uninitialized variable
Use app_malloc; two missing cases.
Use OPENSSL_hexchar2int
Copyright consolidation 01/10
Copyright consolidation 02/10
Copyright consolidation 03/10
Copyright consolidation 04/10
Copyright consolidation 06/10
Copyright consolidation 07/10
Copyright consolidation 08/10
Copyright consolidation 09/10
Copyright consolidation 05/10
X509_STORE_CTX accessors.
Manual fixes after copyright consolidation
Consolidate copyright for demos
Ensure =cut is last line in every file.
Remove needless license terms (for docs)
Add copyright to manpages
Add copyright
Fix nits in pod files.
Rename lh_xxx,sk_xxx tp OPENSSL_{LH,SK}_xxx
Doc nits cleanup, round 2
Add OpenSSL copyright to .pl files
Remove INSTALL.WCE and refs to it.
Remove unused error/function codes.
GH919: Fix wrappers for two headers
RT4539: Add section for renamed ciphers.
RT4337: Crash in DES
Fix some RAND bugs
Add final(?) set of copyrights.
Remove/rename some old files.
Fix various doc nits.
Fix nits in crypto.pod,ssl.pod
Remove NOEXIST entries
GH1123: sort dir before rehash
More utils cleanup.
RT3895: Remove fprintf's from SSL library.
Ignore buildtest artifacts.
Fix re-used function code
Remove extra include's in synopsis.
More doc nits
Add script to find undocumented API
Fix some GitHub issues.
Nit about pod filenames
Unify d2i/i2d documentation.
Add some accessor API's
Write X509_dup, PEM_read, etc.
Clean up "generic" intro pod files.
More API docs; small changes.
Make a2i_ipadd an internal function
GH1183: Fix -unix and -connect, etc., override
Avoid memory leaks if options repeated.
RT3809: basicConstraints is critical
Missed some copyright merge
GH1141: Different fix, preferred by Richard.
RT4562: Fix misleading doc on OPENSSL_config
(Temporarily) don't download clang package
RT4526: Call TerminateProcess, not ExitProcess
Fix build break.
Fix GCC build; make update; fix number re-use
Avoid using latest clang since repo not available
More doc cleanup
RT2867: des_ede3_cfb1 ignored "size in bits" flag
Add -ciphers flag to enc command
RT2964: Fix it via doc
Revert "RT2964: Fix it via doc"
RT2964: Fix it via doc
RT2680: Public EC key is shown as private
RT4586: Remove RSA_memory_lock; unused, not needed
Restore clang builds in travis.yml
Cleanup obj_dat.h, obj_dat.pl
Update fuzz/README.md
Add OPENSSL_NO_EC wrapper
Replace all #define's in pod pages.
GH1278: Removed error code for alerts
Platform sanity test
Update ordinals
RT4593: Add space after comma (doc nits)
Various doc fixes.
Richard J. Moore (5):
Make some more X509 functions const.
Ignore the serial number for now and just do the rest.
Fix the docs too
Const EC_KEY_dup
Const the ex data stuff too to fix warnings
Richard Levitte (227):
Build: Make 'test' depend on 'tests'
Only allow Microsoft assembler with no-asm on Windows
Typo, asoutflag -> perlasm_scheme
Remove --classic build entirely
Travis: _srcdist, not _srcdir
Update the Configurations READMEs
Add a best effort test to check shared library consistency
Warn when doing an out-of-source build and finding in-source build artifacts
Build system: add include directories and dependencies for generators
Document the enhancements for DEPEND and INCLUDE and use a better example
RSA, DSA, DH: Allow some given input to be NULL on already initialised keys
Documentation the changed {RSA,DSA,DH}_set0_* functionality change
Make BIO_sock_error return a proper error code when getsockopt fails
Fix BIO_set_nbio_accept()
apps/progs.pl: don't make digests disablable by default
make update
VMS: It seems DEC C doesn't handle certain header files quite right
VMS: only explicitely translate names in library C files.
Change 'struct bio_st' in all public header where applicable
Remove BIO_dummy, it's old cruft
Skip blank lines if old copyright comment was removed, and only then
Adjust a last few generators to new license boilerplate and C code style
Add the adjusted perl scripts to the set of "update" scripts
make update
Remove personal configs from version control
Add the possibility to have an extra local OpenSSL configs directory
Add the possibility for local build file templates
Document the addition of OPENSSL_LOCAL_CONFIG_DIR
Try 'make install' with one of the Travis configurations
Allow spaces in filenames when using perl's glob
Check return of PEM_write_* functions and report possible errors
Complete the list of names in doc/ssl/SSL_CTX_load_verify_locations.pod
VMS: support VERBOSE and V in descrip.mms
Add NULL check in i2d_PrivateKey()
Fix VMS/openssl_{startup,shutddown}.com.in
Have [.VMS]openssl_{startup,shutdown}.com depend on respective *.in
Restore the ERR_remove_thread_state() API and make it a no-op
Fix the docs for ERR_remove_thread_state and ERR_remove_state
make update
Add a case for 64-bit OS X in config
Remove openssl.spec
Move the DJGPP target to its own config.
DJGPP adjustments
Windows: When installing libraries and executables, install .pdb files as well
VMS perl: Fix glob output
openssl_{startup,shutdown}.com.in are in the source directory
Small MSVC build fixes.
Windows: Add CRYPT32.LIB to the libraries to link you app with
Add missing initialiser in e_chil.c
Add support for RC / WINDRES env variables
Don't require any length of password when decrypting
Documentation: Clarify sizes for UI_add_input_string()
Make it possible to have RFC2254 escapes with ASN1_STRING_print_ex()
make update
Document the esc_2254 command line name option
Fix util/mkerr.pl
Cleanup openssl.ec
Small typo, a tab where there should have been a space
Documentation processor in perl, for platforms that don't have sh
Use the process_docs script to install docs on Windows and VMS
Fixup READLINE case
VMS: setbuf() only takes 32-bit pointers
Clean up the VMS hacks in crypto/rand/randfile.c
Have doc-nit-check look for mandatory manual sections
Add the missing NAME header in the OCSP docs
Add a missing comma in OPENSSL_malloc.pod
process_docs.pl: When starting to read a new head1 section, remove previous text
HTML docs on Unix: Add a HTML title
Improve the checking of pod sections
util/process_docs.pl: Add more debugging output
Complete the rename of LHASH functions and types
Windows: shut DEL up
Slight cleanup of the collection of READMEs, INSTALLs and NOTES
VMS: remove last VAX vestiges
Make sure to initialize all CA.pl variables properly
Make sure tsget and c_rehash are named with .pl suffix on Windows and VMS
Make sure tsget.pl and c_rehash.pl get installed on VMS and Windows.
Install the scripts the same way on Windows and VMS as on Unix
VMS: show the ossl_dataroot logical as well when doing "mms debug_logicals"
Windows notes: add a few lines on gaining admin privs for installing
Communicate Configure generated header files to build files
Complete the list of files to clean up on Windows
Configure: To allow file names with spaces, tokenize with respect for quotes
build.info files: add quotes around any spec that may contain spaces
Make sure crypto-mdebug-backtrace must be enabled explicitely
Don't clean away headers generated by Configure
Handle Visual C warning about non-standard function names.
Allow space in PERL spec (unix only)
Configure: handle spaces in source directory spec
Windows makefile: handle the case with space in source directory
perl glob: make sure to put quotes around the pattern, in case of spaces
make sure to put quotes around -config argument, in case of spaces
Fix fmtstr for BIO_printf() et al
Remove internal functions OPENSSL_strcasecmp and OPENSSL_strncasecmp
make update
Change a call of OPENSSL_strcasecmp to strcasecmp
Make sure max in fmtstr() doesn't overflow into negativity
perl: use the 'if' module to conditionally load File::Glob
Testing symbol presence: also take note of small objects
Add a warning about using enable-crypto-mdebug-backtrace
perl: refactor .pod name section extractor into its own module
Build the 'openssl rehash' command on VMS version 8.3 and up
tests: clean up temporary SSL session files.
Generate simple build test files
Add inclusion of openssl/x509.h in include/openssl/tls1.h
Add inclusion of stdlib.h in include/openssl/mdc2.h
Change inclusion of sys/types.h to stdlib.h in include/openssl/ebcdic.h
Windows build: Remove .manifest files in test/ as well
Have some more test recipes clean up after themselves
Make 25-test_gen.t and 25-test_req.t into one
Add developer targets for each subdirectory we have something to build in
Clean away the last unixmake vestiges
Configure: complete the changed fuzz option checks
tests: Shut the shell up unless verbose
Fix the directory target generation
tests: fix the shutting up of the shell
Ignore tsget.pl and c_rehash.pl, as well as other compiler generated files
Docs: install generic manpages to man section 7
Shorten some symbol names
Configure: Make it possible to generate mandatory header files
Move the Configure generated header files to the top build.info
Build file templates: make sure to depend on generated header files
Add a developer target 'build_generated' to rebuild mandatory headers
VMS: use BLDDIR rather than BUILDDIR in descrip.mms.tmpl
Always check that the value returned by asn1_do_adb() is non-NULL
Change (!seqtt) to (seqtt == NULL)
Constify the parameter getters for RSA, DSA and DH
Deal with the consequences of constifying getters
Harmonise the different build files
Change default directory for the .rnd file on Windows and VMS
Change the RAND_file_name documentation accordingly
apps/req.c: Increment the right variable when parsing '+'
Check that the subject name in a proxy cert complies to RFC 3820
Fix proxy certificate pathlength verification
Allow proxy certs to be present when verifying a chain
make update
Make it possible to generate proxy certs with test/certs/mkcert.sh
Create some proxy certificates
Add verification of proxy certs to 25-test_verify.t
OpenSSL::Test: Fix directory calculations in __cwd()
Travis: When testing install, install docs as well
Appveyor: test install as well, via a fake deploy_script
OpenSSL::Test: Fix directory calculations in __cwd()
Build files: don't generate empty action lines in generatedir()
Windows: Make DESTDIR work
Remove the envvar hack to enable proxy cert processing
Windows: Recreate the $prefix variable
Make build.info INCLUDE stmts be both source and build tree relative
Simplify INCLUDE statements in build.info files
Deal with pod2html issues, in this case the lack of .html suffix in links
Add the missing pointer_size information on VMS configs
Pass down correct information to the VMS startup script templates
Have the VMS shared library file names contain the shared version
Install the openssl app with version number on VMS
Fix some VMS inconsistencies
VMS: Add installation verification procedure
perl: Separate compile-time environment from runtime environment
Stop using and deprecate ENGINE_setup_bsd_cryptodev
make update
VMS: arch in config.com was mistakenly made process global
VMS: make sure there's a file extension when creating files
Make 'build_libs' build shared libraries as well
Versioning engines default location: the Windows case
Versioning engines default location: the Unix case
Versioning engines default location: the VMS case
VMS: defined the logical name OPENSSL at all times
Windows: make some vars in windows-makefile.tmpl reachable again
VMS: correct post-install instructions
Reorganize .gitignore to make better use of its features
Unix: Set the execute permission on installed shared libraries
VMS: openssl_ivp must call versioned openssl_startup and openssl_utils
VMS: Simplify the spec of the default certs & keys area.
VMS: Present OPENSSLDIR according to the VMS setup.
VMS: Document the changed logical names in VMS/openssl_staryup.com.in
VMS: OSSL$EXE: needs to reflect that programs are installed in two places
VMS: Small cleanups
VMS: Adjust the engines directory by adding the pointer size to its name
Windows: take care of manifest files
Install applink.c with the public header files.
Small fixes in unix-Makefile.tmpl
Windows: allow input and output flags to end with a space, or not
Fix ASN.1 private encode of EC_KEY to not change the input key
Fix: dummy definition of rand_hw_seed() should also return int
Add back lost copyright and license text in LPdir_win.c
Remove the silly CVS markers from LPdir_*.c
Make fuzzer and fuzz tester builds less magic
build.info: implement PROGRAM_NO_INST, and dito for ENGINES, SCRIPTS, LIBS
Document the _NO_INST variants
Adapt the build files to the new "install" hash table
Use _NO_INST in some build.info files
Don't make a difference between building test programs and other programs
Fixup collision between SSL_F_TLS_PROCESS_SKE and SSL_F_TLS_PROCESS_CKE macros
Fixup a few SSLerr calls in ssl/statem/
make update
Have the Travis builds do a "make update"
Convert the last uses of sockaddr in apps/* to use BIO_ADDR instead
Fix forgotten goto
Define a few internal macros for easy use of run_once functions
Change all our uses of CRYPTO_THREAD_run_once to use RUN_ONCE instead
make update
Document the slight change in ERR_get_next_error_library()
Document the slight change in CRYPTO_mem_ctrl()
VMS: fix typo, shared libraries have the extension .EXE, not .OLB
Install shared libraries in runtime install
VMS: Rearrange installation targets for shared libraries
Have load_buildtin_compression in ssl/ssl_ciph.c return RUN_ONCE result
Correct misspelt OPENSSL_NO_SRP
Make it possible for external code to flag a certificate as a proxy one.
Properly initialise the internal proxy certificate path length cache
Add getters / setters for the X509_STORE_CTX and X509_STORE functions
Add setter and getter for X509_STORE's check_policy
Document the X509_STORE and X509_STORE_CTX setters and getters
make update
Add X509_STORE lock and unlock functions
Make it possible for external code to set the certiciate proxy path length
Update the example in proxy_certificates.txt
Fix return values of do_passwd() in apps/passwd.c
Forgotten make update
All of ssldirs installation should be done by the install_ssldirs target
Don't overwrite existing installed openssl.cnf
In 80-test_ssl_new, more "plan tests" to a more useful position
80-test_ssl_new.t: only skip on $no_tls if no other skip conditions defined
VMS: If configured no-shared, don't provide shareable image logical names
VMS: make sure to provide an absolute source directory for pod2html
INSTALL: Add missing details on VMS installation results
INSTALL: Make the use of [, ], { and } consistent and explain it
Don't check any revocation info on proxy certificates
Rob Percival (3):
Fix potential access of null pointer (pp)
Test SCT lists
Tests should check validation status directly
Roumen Petrov (1):
Use include paths to our source before any other cflags
Sebastian Andrzej Siewior (1):
utils/mkdir-p: check if dir exists also after mkdir failed
Sergio Garcia Murillo (1):
GH356: Change assert to normal error
Steffan Karger (1):
const correctness: make HMAC_size() take a const *
Steffen Nurpmeso (1):
RT4627: Doc patch: fix constant names
Steven Valdez (1):
Adding missing BN_CTX_(start/end) in crypto/ec/ec_key.c
TJ Saunders (12):
Issue #719:
Remove confusing comment.
session tickets: Use sizeof() for the various fields
Use AES256 for the default encryption algoritm for TLS session tickets
Add an SSL_SESSION accessor for obtaining the protocol version number, with accompanying documentation.
Add requested HISTORY section, remove copy/pastos, per review feedback.
Remove null check, per review feedback. Note this in the docs.
Ensure that the EVP_MD_meth_new docs properly match the declared functions; it looks like these names have shifted a little over time.
Implement DSA_SIG_set0() and ECDSA_SIG_set0(), for setting signature values.
Reorder the setter arguments to more consistently match that of other APIs, per review comments.
Forgot to update the setter argument ordering in the public headers.
Ensure that NULL r and s parameters cannot be set on DSA_SIG/ECDSA_SIGs.
Todd Short (9):
Secure memory fixes
Add text/x509aux to gitignore
Add buf-freelists to deprecated options
Clean up RAND_bytes() calls
Fix braces in e_aes.c: aes_init_key
Fix ssl_cert_set0_chain invalid pointer
Always use session_ctx when removing a session
Fix session ticket and SNI
OCSP_request_add0_id() inconsistent error return
Viktor Dukhovni (23):
Enabled DANE only when at least one TLSA RR was added
make update
API compat macros for renamed X509_STORE_CTX functions
Added missing X509_STORE_CTX_set_error_depth() accessor
make update
Future proof build_chain() in x509_vfy.c
Fix set0 reuse test
Implement X509_STORE_CTX_set_current_cert() accessor
make update
Drop duplicate ctx->verify_cb assignment
Fix i2d_X509_AUX, update docs and add tests
Fix TLSProxy race by adding missing eval
Fold threads.h into crypto.h making API public
Clarify negative return from X509_verify_cert()
Ensure verify error is set when X509_verify_cert() fails
Improve and document low-level PEM read routines
make update
When strict SCT fails record verification failure
Silence misleading test_abort stderr output
Drop extraneous printf argument in mkcert.sh
Don't rely on implicit rsa.h inclusion
Perform DANE-EE(3) name checks by default
Make update
Viktor Szakats (3):
NOTES.WIN: use secure urls Reviewed-by: Matt Caswell <matt at openssl.org> Reviewed-by: Rich Salz <rsalz at openssl.org> (Merged from https://github.com/openssl/openssl/pull/1175)
ssl.h: spelling in comment Reviewed-by: Matt Caswell <matt at openssl.org> Reviewed-by: Rich Salz <rsalz at openssl.org> (Merged from https://github.com/openssl/openssl/pull/1275)
rsa.c: fix incorrect guard for pvk-* options
Wim Lewis (1):
Additional CMS content types from RFC 4073, RFC 5083, and RFC 5084.
hesiod (1):
Make OPENSSL_die as noreturn
huangqinjin (5):
fix BN_hex2bn()/BN_dec2bn() memory leak
Update the documentation of BN_hex2bn()
doc and comment fixes
Make ossl_ecdh_compute_key() return a boolean
Make x25519_compute_key() return a boolean
isnotnick (1):
RT3513: req doesn't display attributes using utf8string
jfigus (1):
Propagate tlsext_status_type from SSL_CTX to SSL
mmiyashita (1):
segmentation fault with 'openssl s_client -prexit -keymatexport'
mrpre (3):
add return value for expand
fix code formatting
Cleanup after sk_push fail
russor (1):
zero pad DHE public key in ServerKeyExchange message for interop
-----------------------------------------------------------------------
More information about the openssl-commits
mailing list