[openssl-commits] [openssl] OpenSSL_1_1_0-pre2 create

Richard Levitte levitte at openssl.org
Thu Jan 14 14:31:01 UTC 2016

The annotated tag OpenSSL_1_1_0-pre2 has been created
        at  4f17c7a4127cf1c0e0942397f82b8b43c7668cfa (tag)
   tagging  bd31d02e412f80f53073a1eb776dffe06ac91746 (commit)
  replaces  OpenSSL_1_1_0-pre1
 tagged by  Richard Levitte
        on  Thu Jan 14 15:26:56 2016 +0100

- Log -----------------------------------------------------------------
OpenSSL 1.1.0-pre2 release tag

Alessandro Ghedini (1):
      GH540: add casts to safestack.h

Andy Polyakov (10):
      Configurations/10-main.conf: fix typos in mingw/cygwin configs.
      evp/e_chacha20_poly1305.c: TLS interop fixes.
      Configure: 'reconf' to respect CROSS_COMPILE and CC.
      Configure: add framework for ChaCha and Poly1305 assembly.
      x86_64 assembly pack: tune clang version detection even further.
      crypto/ppccap.c: add SIGILL-free processor capability detection code.
      crpyto/ppccpuid.pl: add FPU probe and fix OPENSSL_rdtsc.
      sha/asm/sha256-armv4.pl: one of "universal" flags combination didn't compile.     (and unify table address calculation in ARMv8 code path).
      bn/asm/bn-c64xplus.asm: update commentary.
      Configure: refine 'reconf' logic.

Ben Kaduk (1):
      Fix typo

Ben Laurie (8):
      Make no-dh work, plus other no-dh problems found by Richard.
      Support ccache.
      Fix (incorrect) uninitialised variable warning.
      Remove no longer existant structure member and direct references to EVP_MD_CTX internals.
      Don't use EC when no-ec.
      Fix no-dgram.
      Fix no-engine.
      Fix no-dh.

Daniel Kahn Gillmor (1):
      The functions take a SSL *, not a SSL_CTX *

David Benjamin (1):
      Fix memory leak in DSA redo case.

Dr. Stephen Henson (71):
      extension documentation
      add X509_up_ref() documentation
      Add extension utility documentation.
      remove ancient SSLeay bug workaround
      fix warning
      Extend EVP_PKEY_copy_parameters()
      Add EVP_PKEY_get0_* functions.
      New function X509_get0_pubkey
      make update
      Update EVP_PKEY documentation.
      New EC functions.
      Use EC_KEY_key2buf and EC_oct2key in libssl.
      Remove SSL_OP_SINGLE_ECDH_USE code.
      Remove ECDH client auth code.
      Constify EC_KEY in ECDH_compute_key.
      remove unnecessary key copy
      Add ECDH/DH utility functions.
      Use EVP_PKEY for server EC.
      Use EVP_PKEY for client side EC.
      make update
      fix for no-ec
      delete unused context
      Remove fixed DH ciphersuites.
      SSL library configuration module.
      Add ssl_mcnf.c to Makefile
      Load module in SSL_library_init
      Add ssl configuration support to s_server and s_client
      Demo server using SSL_CTX_config
      SSL configuration module docs
      make errors
      unload modules in ssltest
      make update
      remove unused error code
      In mkerr.pl look in directories under ssl/
      add -unref option to mkerr.pl
      Add ossl_inline
      Always generate DH keys for ephemeral DH cipher suites.
      EVP_PKEY DH client support.
      utility function
      Server side EVP_PKEY DH support
      fix no-ec
      Convert RSA encrypt to use EVP_PKEY
      Check for missing DSA parameters.
      Use X509_get0_pubkey where appropriate
      remove invalid free
      Change STACK_OF to use inline functions.
      Fix declarations and constification for inline stack.
      remove unused PREDECLARE
      Only declare stacks in headers
      use more descriptive name DEFINE_STACK_OF_CONST
      Recognise disabled algorithms automatically.
      remove hard coded algorithms
      Correct header defines
      Add DEPRECATEDIN support.
      update ordinals
      fix shadow warning
      Disable some algorithms by default
      Add memory leak return value.
      Update leak test to check return values.
      Fix jpaketest compilation error.
      Inline LHASH_OF
      Add lh_new() inlining
      Add lh_doall inlining
      Add lh_doall_arg inlining
      Remove mkstack.pl: it is no longer needed.
      Use ossl_inline and DEFINE_LHASH_OF
      update ordinals
      fix jpaketest and correct comment
      recognise no-crypto-mdebug
      To avoid possible time_t overflow use X509_time_adj_ex()

Emilia Kasper (1):
      Fix a ** 0 mod 1 = 0 for real this time.

Hongze Zhu (1):
      add malloc fail check & fix memory leak

Kurt Roeckx (7):
      Also change the non-debug versions to use size_t
      Avoid using a dangling pointer when removing the last item
      Add support for minimum and maximum protocol version
      Allow disabling the min and max version
      File is about s_time, not s_client

Mat (4):
      Fix build failure on Windows
      Adds crypto-mdebug as a valid option
      Adds missing type casts
      Fix c++ compilation

Mathias Berchtold (1):
      Fix missing casts for c++

Matt Caswell (21):
      Prepare for 1.1.0-pre2-dev
      Fix OCB link
      Fix compile failure
      Fix compile failure with no-threads
      Fix compile failure with no-srp
      Fix no-psk compile failure
      Fix s_server problem with no-ec
      Don't export internal symbols
      Fix updating via mkdef.pl
      Fix build on Solaris
      Add SSL_CIPHER_description() for Chacha20/Poly1305
      Fix URLs mangled by reformat
      Fix inline build failure
      Add test for missing CertificateStatus message
      Fix error when server does not send CertificateStatus message
      Ensure we don't call the OCSP callback if resuming a session
      Add some documentation for the OCSP callback functions
      Simplify calling of the OCSP callback
      Increase the max size limit for a CertificateRequest message
      Fix NSS format session output
      Fix test_ordinals

Pascal Cuoq (1):
      Function pop_info() returned a dangling pointer

Rich Salz (34):
      Use SHA256 not MD5 as default digest.
      Allow ChaCha20-Poly1305 in DTLS
      Use SHA256 not MD5 as default digest.
      Revert "Allow ChaCha20-Poly1305 in DTLS"
      Remove GMP engine.
      Rename some BUF_xxx to OPENSSL_xxx
      Provide better "make depend" warning.
      Fix typo.
      Rename sec_mem to mem_sec, like other files.
      mem-cleanup, cont'd.
      Remove err and prime demo's
      Remove some L<asdf|asdf> which crept back in.
      Rename *_realloc_clean to *_clear_realloc
      Cleanup CRYPTO_{push,pop}_info
      make a "missed make update" update
      RT4202: Update rt URL's.
      Update to SHA256 for TSA signing digest.
      Remove some unused perl scripts
      Remove more (rest?) of FIPS build stuff.
      mem functions cleanup
      Fix build-break; 'make update'
      Fix another build break for no-mem-debug
      Portability fix for apps/s_client.c
      Another portability fix.
      Fix no CRYPTO_MDEBUG build (windows)
      RT41897: Add an CRYPTO_secure_actual_size
      GH528: "cipher -v" output is confusing.
      Yet another make update.
      RT4227: Range-check in apps.
      Move Makefiles to Makefile.in
      Fix typo in error message
      Add missing #ifdef's to fix build break
      Call single parent free_comp routine.

Richard Levitte (68):
      Make EVP_ENCODE_CTX opaque
      Adapt BIO_f_base64 to the opaque EVP_ENCODE_CTX
      Adapt PEM routines to the opaque EVP_ENCODE_CTX
      Adapt EVP tests to the opaque EVP_ENCODE_CTX
      make update
      make update, missed file
      Better splitting regexp for test_ordinals
      Modify the lower level memory allocation routines to take size_t
      Remove the "eay" c-file-style indicators
      Fix the etags action line, as etags doesn't take -R
      Refactor DTLS cookie generation and verification
      Prefer ReuseAddr over Reuse, with IO::Socket::INET
      Fix some missing or faulty header file inclusions
      SIZE_MAX doesn't exist everywhere, supply an alternative
      Correct missing prototype
      Remove the #ifndef OPENSSL_SYS_VMS around SSL_add_dir_cert_subjects_to_stack
      Fix faulty check in the VMS version of opt_progname
      Fix a possible memleak
      Instead of a local hack, implement SIZE_MAX in numbers.h if it's missing
      Remove crypto/pem/pem_seal.c
      Enhance util/mkdef.pl to provide a VMS linker option file for shlibs
      Remove the old VMS linker option file creator for shlibs
      Remove all remaining traces if PEM_Seal
      Adjust $default_depflags to changes in Configure
      Only run DANE tests when EC is supported
      Have mkdef.pl use case sensitive symbols for shareable symbol vector
      VMS INDENTIFICATION should only have the version number
      The limit per SYMBOL_VECTOR isn't the amount of symbols, it's the line length
      Use SPARE instead of PRIVATE_PROCEDURE to reserve unused SYMBOL_VECTOR slots
      Make sure to have both upper and mixed case symbols in SYMBOL_VECTOR
      Make EVP_CIPHER_CTX opaque and renew the creator / destructor functions
      Add accessors and writers for EVP_CIPHER_CTX
      Adapt the internal EVP routines to opaque EVP_CIPHER_CTX
      Adapt cipher implementations to opaque EVP_CIPHER_CTX
      Adapt all EVP_CIPHER_CTX users for it becoming opaque
      Remove EVP_CIPHER_CTX_flags, it's only confusing
      Make EVP_CIPHER opaque and add creator/destructor/accessor/writer functions
      Adapt the internal EVP routines to opaque EVP_CIPHER
      Adapt builtin cipher implementations to opaque EVP_CIPHER
      Adapt all engines that need it to opaque EVP_CIPHER
      EVP_CIPHER_CTX_new_cipher_data was a temporary measure, not needed any more
      Adapt all EVP_CIPHER users for it becoming opaque
      Add back deprecated functions in macro form
      Document the new EVP_CIPHER and EVP_CIPHER_CTX functionality
      make update
      Remove unused internal macros
      Add notes in CHANGES and NEWS
      Correct a small typo in CHANGES
      VMS will downcase all command parameters unless they're quoted
      Fix test/recipes/80-test_ca.t to work on VMS
      Pipes on VMS do not work well with binary data, use an intermediary file
      After EVP_CIPHER turned opaque, e_rc5.c needs to include evp_int.h
      Have the VMS exit code follow POSIX conventions
      Don't return from main(), use EXIT() instead
      VMS perl doesn't implement fork(), so don't run the TLSProxy tests there
      Simplify the EXIT macrot for VMS
      Remove test_probable_prime_coprime from test/bntest.c
      VMS C doesn't provide intmax_t/uinmax_t, use our own
      Quick fix of debugging option for mk1mf.pl.
      Remove spurious ;
      Reorder the ordinals in libeay.num
      Add a directry spec for mcr if there is none
      Fall back to c_rehash if 'openssl rehash' fails
      Do not use redirection on binary files
      Rename binmode into textmode and use it correctly
      VMS open() doesn't take O_BINARY, but takes a context description
      Change the last copyright year to 2016 in README
      Prepare for 1.1.0-pre2 release

Rob Stradling (1):
      Support the TLS Feature (aka Must Staple) X.509v3 extension (RFC7633).

Roumen Petrov (3):
      remove duplicates in util/libeay.num
      __STDC_VERSION__ is not defined for c89 compilers
      redundant redeclaration of 'OPENSSL_strlcpy'

Todd Short (1):
      Memory leak in state machine in error path

Viktor Dukhovni (34):
      Restore full support for EVP_CTX_create() etc.
      Avoid erroneous "assert(private)" failures.
      Fix option value parsing in crl2pkcs7 -certfile
      Fix erroneous SO suffix in darwin64-debug-test-64-clang target
      Refine and re-wrap Min/Max protocol docs
      Protocol version selection and negotiation rewrite
      Cleanup of verify(1) failure output
      X509_verify_cert() cleanup
      Drop incorrect id == -1 case from X509_check_trust
      Fix X509_STORE_CTX_cleanup()
      DANE support structures, constructructors and accessors
      DANE documentation typos
      DANE make update
      DANE support for X509_verify_cert()
      Minor test update
      DANE s_client support
      Backwards-compatibility subject to OPENSSL_API_COMPAT
      Fix some typos in comments
      Simplify deprecated declaration exception
      Update comment as bn_dup_expand is gone
      Fixup actually update danetest.c
      Future-proof deprecated declartion parsing
      Regenerate SSL record/statem error strings
      Enable/disable crypto-mdebug just like other features
      Make SSL{_CTX,}_{get,set,clear}_options functions
      STACK_OF(SSL_COMP) is a public type
      Maximize time_t when intmax_t is available
      For stroimax need C99 inttypes.h
      Fix DES_LONG breakage
      For stro[ui]max require both C99 and UINTMAX_MAX/INTMAX_MAX
      Fix nistp512 typos, should be nistp521
      Fix verify(1) to report failure when verification fails
      Fix double-free bugs in EC group precomputation state

tjmao (1):
      Allow ChaCha20-Poly1305 in DTLS


More information about the openssl-commits mailing list