[openssl-commits] [openssl] OpenSSL_1_1_0-pre4 create

Richard Levitte levitte at openssl.org
Wed Mar 16 17:40:53 UTC 2016

The annotated tag OpenSSL_1_1_0-pre4 has been created
        at  ad250dc2fb9b3e37700a557b82b0c46f0657352f (tag)
   tagging  e711d13af3e3bee1c6423c27eeb48ad4921d4fc3 (commit)
  replaces  OpenSSL_1_1_0-pre3
 tagged by  Richard Levitte
        on  Wed Mar 16 18:21:17 2016 +0100

- Log -----------------------------------------------------------------
OpenSSL 1.1.0-pre4 release tag

Adam Eijdenberg (1):
      Add more CT utility routines to be used as part of larger patch.

Alessandro Ghedini (19):
      Implement new multi-threading API
      GH355: Implement HKDF
      GH804: Fix unused-result warnings in dasync
      Convert CRYPTO_LOCK_GET*BYNAME to new multi-threading API
      Convert CRYPTO_LOCK_{DH,DSA,RSA} to new multi-threading API
      Convert CRYPTO_LOCK_DSO to new multi-threading API
      Convert CRYPTO_LOCK_EX_DATA to new multi-threading API
      Convert ERR_STATE to new multi-threading API
      Convert ERR_STRING_DATA to new multi-threading API
      Convert CRYPTO_LOCK_BIO to new multi-threading API
      Convert CRYPTO_LOCK_EVP_PKEY to new multi-threading API
      Convert CRYPTO_LOCK_EC_* to new multi-threading API
      Convert CRYPTO_LOCK_UI to new multi-threading API
      Convert CRYPTO_LOCK_X509_* to new multi-threading API
      make update
      Convert CRYPTO_LOCK_SSL_* to new multi-threading API
      Convert RSA blinding to new multi-threading API
      Move variable declaration to the start of the function
      Use correct function ID in error path

Andrea Grandi (7):
      Add support for async jobs in OpenSSL speed
      Fix the error with RSA and the daysnc engine in async mode.
      Remove unnecessary memset() to 0 and check for NULL before OPENSSL_free()
      Add support to ASYNC_WAIT_CTX to speed
      Fix error with wait set of fds for the select()
      Add empty line after local variables
      Fix names of the #define used for platform specific code

Andy Polyakov (30):
      Makefile.shared: limit .dll image base pinning to FIPS builds.
      poly1305/asm/poly1305-armv4.pl: replace ambiguous instruction.
      test/recipes/80-test_ca.t: remove_tree->rmtree to make it work with Perl 5.10.
      ec/asm/ecp_nistz256-x86_64.pl: get corner case logic right.
      ec/asm/ecp_nistz256-*.pl: get corner case logic right.
      test/ectest.c: add regression test for RT#4284.
      chacha/asm/chacha-*.pl: fix typos in tail processing.
      modes/asm/ghash-x86_64.pl: refine GNU assembler version detection.
      bn/bn_exp.c: constant-time MOD_EXP_CTIME_COPY_FROM_PREBUF.
      bn/asm/rsax-x86_64.pl: constant-time gather procedure.
      bn/asm/rsaz-avx2.pl: constant-time gather procedure.
      crypto/bn/x86_64-mont5.pl: constant-time gather procedure.
      bn/asm/x86_64-mont5.pl: unify gather procedure in hardly used path     and reorganize/harmonize post-conditions.
      poly1305/asm/poly1305-*.pl: flip horizontal add and reduction.
      chacha/asm/chacha-ppc.pl: fix typo.
      perlasm/x86_64-xlate.pl: handle binary constants early.
      bn/asm/x86[_64]-mont*.pl: complement alloca with page-walking.
      Makefile.in: populate [PLIB_]LDFLAG even with $target{} settings.
      SPARCv9 assembly pack: unify build rules and argument handling.
      ec/asm/ecp_nistz256-sparcv9.pl: get corner logic right.
      Configure: remove dependency on 'head'.
      Configurations/unix-Makefile.tmpl: don't leave empty .s files behind.
      crypto/*/build.info: SPARC-specific fixups.
      crypto/*/build.info: make it work on ARM platforms.
      engines/Makefile.in: some [older] shell complain about 'for i ;',     but not if there is reference to empty variable.
      build.info/Makefile.in: Itanium fixups.
      s390x assembly pack: 32-bit fixups.
      config: fix HP-UX PA-RISC detection.
      Clarify NOTES.WIN.
      poly1305/asm/poly1305-x86_64.pl: make it work with linux-x32.

Ben Laurie (4):
      Missing extension on dependency, .d file is not always made (e.g. when input     is a .s).
      Remove OBJ_EXT and friends.
      testutil.c includes e_os.h.
      FreeBSD, at least, can restrict symbols in a shared library - so use the     Linux target that does that.

Benjamin Kaduk (4):
      GH768: Minor grammar nits in CRYPTO_get_ex_new_index.pod
      GH815: The ChaCha20/Poly1305 codepoints are official
      CT: check some GeneralizedTime return values
      Avoid negative array index in BIO_debug_callback()

Bill Cox (1):
      Add blake2 support.

Billy Brumley (3):
      NIST SP800-56A co-factor ECDH KATs
      move ifdef statements
      documentation and duplicate goto statements

Christian Heimes (1):
      Provide getters for default_passwd_cb and userdata

David Benjamin (1):
      Consistently use arm_arch.h constants in armcap assembly code.

David Woodhouse (16):
      RT4313: Fix build for !IMPLEMENTED code path in CRYPTO_secure_free()
      RT4315: Fix UEFI build in crypto/init.c
      RT4318: Fix OSSL_SSIZE_MAX for UEFI build
      RT3628: Allow filenames to be eliminated from compiled library
      Finish 02f7114a7fbb3f3ac171bae87be8c13bc69e4005
      RT4309: Define PRIu64 for UEFI build
      RT4334: Check UEFI before __STDC_VERSION__ for <inttypes.h>
      RT4339: Fix handling of <internal/bn_conf.h>
      RT4335: Fix UEFI build of OBJ_NAME_new_index()
      RT4347: Fix GCC unused-value warnings with HOST_c2l()
      Elide EVP_read_pw_string() and friends for no-ui
      Allow OPENSSL_NO_SOCK in e_os.h even for non-Windows/DOS platforms
      Move declaration of X509_aux_print() out of #ifndef OPENSSL_NO_STDIO
      Elide DES_read_password() for no-ui build
      Elide OPENSSL_INIT_set_config_filename() for no-stdio build
      Allow OPENSSL_NO_SOCK in e_os.h even for non-Windows/DOS platforms

Dmitry-Me (6):
      Fix mismatched curly brace
      GH680: Reuse strnlen() in strndup()
      GH762: Reuse strdup()
      GH769: Reuse strndup()
      GH784: Better variable name
      Reuse strndup(), simplify code

Dr. Stephen Henson (65):
      Add explanation and warning to TLS id table.
      Use nid_list table to lookup curve IDs.
      Simplify tls1_set_ec_id.
      remove redundant code
      Remove broken DSA private key workarounds.
      Remove DSA negative integer workaround code.
      Remove unused parameter in ssl_set_masks().
      Update and clarify EC_POINT documentation.
      Reformat and update EC_KEY_new manual page.
      Rename OIDs.
      EC_METHOD customisation operations.
      Extended EC_METHOD customisation support.
      Extract compression form in EC_KEY_oct2key().
      Add custom_data field for EC_POINT, EC_KEY.
      Add group_order_bits to EC_METHOD.
      Add new EC_METHOD for X25519.
      Add no signing flag.
      Add X25519 curve to list
      Add X25519 test vectors from RFC7748 6.1     Check sign/verify blocked with X25519
      skip inappropriate X25519 tests
      add ecdhx25519 option to speed
      TLS support for X25519
      Add X25519 code from BoringSSL.
      Initial adaptations for Curve25519 code.
      Change BORINGSSL defines to OPENSSL
      Remove unused code.
      make update
      Add CHANGES entry for X25519
      remove unused variables
      Fix -pkeyopt and fix error check.
      Replace overrides.
      Add default operations to EC_METHOD
      make errors
      remove old unused oneline name field
      Handle KDF internally.
      make errors
      EVP_PKEY_CTX utility functions.
      Use utility functions for HMAC and CMAC.
      Add string ctrl operations to TLS1 PRF, update documentation.
      Add Ctrl keyword to KDF test in evp_test
      Convert PRF tests to use Ctrl
      Generalise KDF test in evp_test.c
      make update
      Add KDF error codes
      add kdf.h to mkdef.pl
      make update
      fix no-ec build
      update NEWS
      Add KDF support to pkeyutl. Update documentation.
      Sanity check PVK file fields.
      Add ASN.1 ADB callback.
      use saner default parameters for scrypt
      Make PKCS8_PRIV_KEY_INFO opaque.
      Update documentation
      make update
      Remove kinv/r fields from DSA structure.
      Make DSA_SIG opaque.
      make update
      move DSA_SIG definition into C source file
      Make X509_SIG opaque.
      make update
      Add EVP_PKEY documentation.
      Document X509_get_serialNumber and X509_set_serialNumber.
      Update and clarify ECDSA documentation.

Emilia Kasper (25):
      getaddrinfo: zero the hints structure
      TLS: reject duplicate extensions
      MemorySanitizer: address false positive
      CVE-2016-0798: avoid memory leak in SRP
      Don't build sanitizer builds with --debug
      Place under OpenSSL license.
      curve25519: add missing const-qualifier
      Refactor ClientHello extension parsing
      Clean up curve25519 build
      Curve25519: avoid undefined behaviour
      Curve25519: fix const-initialization
      Trim the Travis config
      Trim Travis config part 2
      Restore some mingw builds
      Rework the default cipherlist.
      Trim Travis config part 3
      Fix no-comp build
      Workaround for false -Warray-bounds in Travis
      Fix memory leak in library deinit
      Travis: build tests in BUILDONLY mode
      Disable afalg when engine is disabled.
      Fix CRYPTO_THREAD_run_once return value checks
      Explain *cough*-dows
      On Windows, page walking is known as __chkstk.
      Fix up CHANGES

FdaSilvaYY (7):
      GH678: Add a few more zalloc
      Add some 'no-engine' builds to travis, for test
      fix "no-engine" build of test fixture
      GH753: More spelling fix
      GH715: Missed some null-check-removals. follow commits 412bafdcf5, and 7c96dbcdab
      GH773: Possible leak on CRYPTO_THREAD_lock_new failure
      Fix cert leaks in s_server

Flavio Medeiros (1):
      GH480: Don't break statements with CPP stuff.

J Mohan Rao Arisankala (9):
      GH735: remove unnecessary allocation
      GH742: keep gost specific variable under macro
      Check method before access and release ctx in error paths
      explicit check for NULL
      check with NULL
      EC_KEY_priv2buf (): check parameter sanity
      fix build with no-srtp
      using macro inside the case.
      GH764: s_server: trace option fall through

Jeffrey Walton (2):
      RT4354: Add some cross-refs
      RT4351: Update doc for OPENSSL_cleanse

Jim Basney (1):
      Avoid double-free in calleres to OCSP_parse_url

Kurt Roeckx (25):
      argv was set but unused
      Drop support for printing SSLv2 ciphers names.
      Make k25519Precomp const
      Don't mark the eNULL ciphers as non-default.
      Disable SSLv3 by default
      AppVeyor: Only use the latest VS version
      Constify security callbacks
      Make function to convert version to string
      Remove unused code
      Make SSL_CIPHER_get_version return a const char *
      Add ssl_get_client_min_max_version() function
      Add support for minimum and maximum protocol version supported by a cipher
      IDEA is not supported in TLS 1.2
      Document SSL_get1_supported_ciphers
      Update ciphers -s documentation
      Remove DES cipher alias
      Move disabling of RC4 for DTLS to the cipher list.
      Fix usage of OPENSSL_NO_*_METHOD
      Use minimum and maximum protocol version instead of version fixed methods
      Use version flexible method instead of fixed version
      Deprecate the use of version-specific methods
      Run make update
      Review comments
      Save leaf_node and node_offset as character array
      Use unsigned int instead of just unsigned.

Mat (5):
      GH812: Fix for no-ui build on Windows
      Fix return type for CRYPTO_THREAD_run_once
      Fix no-rmd160 classic Windows build
      Fix no-blake2 for Windows classic build
      removed extra define

Matt Caswell (82):
      Fix memory leaks in tls_decrypt_ticket
      Fix windows thread stop code
      Partial revert of 1288f26 and fix for no-async
      Fix memory issues in BIO_*printf functions
      Fix a mkdef.pl warning
      Fix master compile error
      Remove Ubsec engine
      Workaround for VisualStudio 2015 bug
      Refactor the async wait fd logic
      Clarify ASYNC_WAIT_CTX_clear_fd() docs
      Fix use before init warnings in asynctest
      Fix BN_hex2bn/BN_dec2bn NULL ptr/heap corruption
      Updates to CHANGES and NEWS for 1.0.2 and 1.0.1 release
      Convert ASYNC code to use new Thread API
      Ensure Async is deinited properly
      Don't build RC4 ciphersuites into libssl by default
      Misc afalg build fixes
      Fix OPENSSL_INIT flags to avoid a clash.
      Fix minor errors in the afalg test
      Fix some clang warnings
      Swap the init code to use CRYPTO_ONCE
      Swap the init code to use the new Thread API thread locals
      Remove use of CRYPTO_LOCK_INIT in init code
      Add a function to detect if we have async or not
      make update
      Add defines for pipeline capable ciphers
      Update the dasync engine to add a pipeline cipher
      Implement write pipeline support in libssl
      Add pipeline support to s_server and s_client
      Add dummy pipeline support for aes128_cbc_hmac_sha1
      Implement read pipeline support in libssl
      Lazily initialise the compression buffer
      Add an ability to set the SSL read buffer size
      Add an SSL_has_pending() function
      Ensure s_client and s_server work when read_ahead is set
      Fix erroneous fall thgrough in switch statement
      Add pipelining documentation
      Add documentation for SSL_has_pending()
      Add documentation for new s_server/s_client options
      Update a comment
      Remove the wrec record layer field
      Add documentation for the EVP_CIPHER_CTX_cipher_data functions
      Fix s_server/s_client handling of the split_send_frag argument
      Rename EVP_CIPHER_CTX_cipher_data to EVP_CIPHER_CTX_get_cipher_data
      Fix typo in SSL_pending docs
      Move the _hidden_* static variables in dasync to be constructed in bind
      Refactor dasync cipher implementations to improve code reuse
      Rename a function
      Rename the numpipes argument to ssl3_enc/tls1_enc
      Fix building without multiblock support
      Add an ability to set the SSL read buffer size
      Add an SSL_has_pending() function
      Convert mem_dbg and mem_sec to the new Thread API
      Fix error in ssltest
      Convert rand code to new threading API
      Fix memory leak in ssltest
      Ensure CRYPTO_mem_leaks is the last thing we do
      Move engine library over to using the new thread API
      Move chil engine to the new thread api
      Always call ENGINE_cleanup() in de-init
      Remove another lock from e_chil
      Remove use of the old CRYPTO_LOCK_X5O9_STORE
      Remove the old threading API
      Update CHANGES for the new threading API
      Add an entry in NEWS about the new threading API
      Fix classic build
      Update CHANGES and NEWS
      No need to call EVP_CIPHER_CTX_init after EVP_CIPHER_CTX_new
      Mark SRP_VBASE_get_by_user() as deprecated
      Remove a missed item from the old thread API
      Fix a memory leak in the afalg engine
      More tweaks to the installation instructions
      Call CONF_modules_free() before ENGINE_cleanup() in auto-deinit
      Suppress CT warnings in test_ssl
      Don't clobber the last error
      Remove some dead code from 1999
      Add some missing cleanup calls to de-init
      Fix the init cleanup order
      Fix a TLSProxy race condition
      Disable AFALG when cross-compiling
      We should use $SRCDIR in Makefiles
      Some platforms provide getcontext() but it does not work

Neel Goyal (1):
      Fix typo in SSL_CTX_set_msg_callback docs

Rich Salz (39):
      Remove JPAKE
      RT4310: Fix varous no-XXX builds
      Remove "experimental" in code and comments, too.
      GH681: More command help cleanup
      Remove outdated DEBUG flags.
      Fix {TLS,CIPHER}_DEBUG compiles.
      Missed an experimental.
      GH721: Duplicated flags in doc
      RT4320/GH705: Fix PEM parsing bug.
      Remove unused parameters from internal functions
      Add PKCS7_NO_DUAL_CONTENT flag
      Fix typo, reformat comment.
      GH235: Set error status on malloc failure
      RT4116: Change cleanse to just memset
      Build fix: remove cleanse_ctr
      Fix indents
      GH463: Fix OPENSSL_NO_OCSP build
      Fix unified build after CT reorg
      GH715: ENGINE_finish can take NULL
      Update test build/run for unified
      Revert "EC_KEY_priv2buf (): check parameter sanity"
      Remove some old files.
      RT2275: use BIO_sock_nbio()
      GH715: Missed some null-check-removals.
      Fix mk1mf build
      Changes to DEFAULT curves
      GH616: Remove dead code
      ISSUE 43: Add BIO_sock_shutdown
      Remove really old demo's
      Fix pkeyutl to KDF lnks.
      Revert "Allow OPENSSL_NO_SOCK in e_os.h even for non-Windows/DOS platforms"
      Fix build; ssltest
      Remove some old ms/* files
      OpenSSLDie --> OPENSSL_die
      RT3676: Expose ECgroup i2d functions
      RT3676 add: Export ASN.1 DHparams
      Make update to catch function renames.
      Fix build break; add function declaration
      Add doc on when to use SCT callback.

Richard Levitte (229):
      Prepare for 1.1.0-pre4-dev
      Fix use of add() and add_before() in Configurations/*.conf
      Fix Solaris link_a and link_o
      Lowercase configuration arguments on VMS
      Don't check for gcc or clang on VMS
      Check for OPENSSL_USE_APPLINK in $config{cflags} as well
      On solaris, the variable name sun clashes, use s_un instead
      Implement the use of heap manipulator implementions
      Update the documentation on heap allocators /  deallocators
      Fixup secmemtest for the change of CRYPTO_free() and friends
      Fix check of -DOPENSSL_USE_APPLINK in $config{cflags}
      When someone configures an out-of-source build, switch to unified
      Be more verbose when debugging is on
      Get conditional priorities right
      Add -lresolv to the Solaris ex_libs
      Fix spelling
      Fix spelling
      In the unified scheme, there is no $(TOP), use $(SRCDIR) instead
      Fix the makedepend constructor in unix-Makefile.tmpl
      Don't treat .d (depend) files separately from object files
      Remove all special make depend flags, as well as OPENSSL_DOING_MAKEDEPEND
      Set EXE_EXT environment variable when testing
      Fix uninstall_sw for the unixmake scheme
      Automatic 'make depend' for the unified build scheme
      Don't use config.timestamp, we already have configdata.pm
      Fix casing on VMS
      VMS: produce dependency files just like you produce object files
      VMS: rather use a quick file comparison than DIFF
      Rethink the uplink / applink story
      Unified - do a better job when uninstalling
      Unified - don't install the ossltest engine
      VMS fixed in unified build
      Let Configure figure out the diverse shared library and DSO extensions
      Centralise the shared library / dso name info in unix-Makefile.tmpl
      Big rename fest in makefile.shared: link_a / link_o -> link_shlib / link_dso
      Simplify the generation of ld scripts for Linux and Solaris
      Big rename fest of engine DSO names, from libFOO.so to FOO.so
      Remake the installation of shared libraries in unix-Makefile.tmpl
      Small rename fest in unified, obj2dynlib -> obj2dso
      Try removing installation directories after having uninstalled files
      Misc small fixes.
      Big rename fest of MingW shared libraries
      Make sure the linked programs have the correct extension
      Fix Configurations/unix-Makefile.tmpl
      Unified 'make depend' has to cleanup after itself
      VMS static libraries have the extension .OLB, not .LIB
      apps_extra_src changed name to apps_aux_src, rename everywhere
      Make crypto/buildinf.h depend on configdata.pm rather than Makefile
      Always build library object files with shared library cflags
      Build dynamic engines even if configured "no-shared"
      Run the TLSProxy based tests as long as dynamic engines are built.
      Unified on VMS - install dynamic engines if there are any
      Avoid GNU make re-exec when adding dependencies to Makefile
      Document the last configuration changes
      Check that any dependency file is newer than Makefile before concatenating
      Don't use 'parent' in util/dofile.pl
      Fix incorrect SO name on GNU platforms
      Use $disabled{"dynamic-engine"} internally
      Introduce the "pic" / "no-pic" config option
      Rewrite CHANGES to add some commentary about the "pic" option
      Add a "no-pic" build for Travis
      Get back "ssl2" as a deprecated disablable option
      Don't include all symbols from static libraries when building a DSO
      Fix a few typos
      Fix DSO name on HP/UX
      Expose %disables to the perl fragments in build.info files.
      Clean away $config{no_shared} since we have $disabled{shared}
      Clean away $no_threads since we have $disabled{threads}
      Clean away $zlib since with have $disabled{zlib}
      Clean away $no_rfc3779 since we don't appear to use it at all
      Clean away $no_asm since with have $disabled{asm}
      Clean away $no_dso since with have $disabled{dso}
      The build files use %disabled, make sure to pass it to them
      Use $disabled{shared} in a safer manner
      Add OPENSSL_PIC back
      Remove all -march= from configs
      Make it possible to build even if dependency files can't be generated
      Solaris DSOs were still named libFOO.so, fixed
      Configure - neater looking add() and add_before()
      Normalise the include directives in ct_test.c
      Unified on VMS - add %disabled in vmsconfig.pm (util/dofile.pl demands it)
      Forgotten change of add() call in Configure
      Make the table entry printer in Configure aware of ARRAYs
      Remove comments saying you must do 'make -f Makefile.in TABLE'
      Apply default after having checked the given config target is valid
      Keep a cache of files that already have a recipe, in common.tmpl
      Remove last remains of old config strings
      ct_test.c doesn't need to include from source top, only testutil.c does
      Make generation of dependency files more efficient when possible
      VMS - don't exit out of a MMS recipe
      Add forgotten change of check of disabled-dynamic-engine
      Unified - have configdata.pm depend on a few more things
      Make uplink auxiliary source separate from cpuid source
      Configure - make the use of environment variables for overrides consistent
      Add a shared_target to the VC-common config
      Configure - Allow CODErefs and ARRAYrefs in configuration setting arrays
      Configure - Rename BASE to DEFAULTS and add a few inheritable BASEs
      Configure - move the addition of the zlib / libz lib to configs
      Minimize copied config settings
      Configure - get rid of the special debug_ and release_ settings
      Configure - Get rid of the special thread_cflag, replace with thread_scheme
      Don't copy from %target to %config so much, see %config as a complement
      Document the changes in config settings
      Remove overzealous echoing
      Restore the zlib / zlib-dynamic logic
      Correction, $disabled{shared} rather than $config{no_shared}
      Remove the old ordinals
      Change names of ordinals and libs, libeay => libcrypto and ssleay => libssl
      New ordinal files, recreated from scratch
      No -fno-common for Darwin
      Unified - Add the build.info command GENERATE, to generate source files
      Unified - Adapt the Unix and VMS templates to support GENERATE
      Unified - Add the build.info command OVERRIDE, to avoid build file clashes
      Unified - adapt the generation of bignum assembler to use GENERATE
      Unified - adapt the generation of padlock assembler to use GENERATE
      Make OpenSSL::Test::setup() a bit more forgiving
      Fix the build tree include directory for afalg engine
      Revert "unified build scheme: Try to nudge users to try the "unified" build"
      Add the Configure option --classic, to fall back on classic build schemes
      Make unified builds the default on Unix
      Change the INSTALL documentation for unified builds
      Fix engine/asm/e_padlock-x86.pl for newer semantics
      We've switch to unified build scheme by default, reflect it in travis
      Fix configurations such as 'dist' and tar building
      Make mk1mf recognise the --classic flag
      Tweak some more information in INSTALL
      For unified builds, make a separate build directory and build there
      Use ccache for the unified builds
      Only enable ccache if it's available
      Fix travis builds
      Include e_os.h from ec_lcl.h
      Remove the -n tar flag from osx dist creation
      Adapt e_capi to the DSA_SIG_get0() API
      Redo the Unix source code generator
      Engine API repair - memory management hooks
      Remove the transfer of lock hooks from bind_engine
      Fix a typo in dynamic_load()
      Add the configure option 'no-makedepend'
      Adapt descrip.mms.tmpl to 'no-makedepend'
      Adapt unix Makefile template to 'no-makedepend'
      Counter mixed signedness with a cast
      Add missing semi
      err_lcl.h is gone, don't pretend it's there
      Convert the dynlocks in e_chil to the new Thread API locks
      Unified - adapt the generation of blowfish assembler to use GENERATE
      Unified - adapt the generation of aes assembler to use GENERATE
      Unified - adapt the generation of cpuid, uplink and buildinf to use GENERATE
      Because crypto/build.info demands CFLAGS_Q, descrip.mms.tmpl must deliver
      Unified - adapt the generation of chacha assembler to use GENERATE
      Unified - adapt the generation of cast assembler to use GENERATE
      Unified - adapt the generation of camellia assembler to use GENERATE
      Unified - adapt the generation of ec assembler to use GENERATE
      Unified - adapt the generation of des assembler to use GENERATE
      Unified - adapt the generation of poly1305 assembler to use GENERATE
      Unified - adapt the generation of modes assembler to use GENERATE
      Unified - adapt the generation of md5 assembler to use GENERATE
      Unified - adapt the generation of ripemd assembler to use GENERATE
      Unified - adapt the generation of rc5 assembler to use GENERATE
      Unified - adapt the generation of rc4 assembler to use GENERATE
      Unified - adapt the generation of sha assembler to use GENERATE
      Unified - adapt the generation of whirlpool assembler to use GENERATE
      Adapt mk1mf.pl and companions to changed perlasm script semantics
      Unified - a native Windows makefile template
      Unified - extract settings from util/pl/VC-32.pl and make the config settings
      Unified - name native Windows shared libraries like MingW builds do
      Don't run the TLSProxy based tests in native Windows
      Adapt the Windows makefile template to source generation
      Adapt appveyor.yml for the new unified build
      Adapt INSTALL and related notes for Windows
      Add extra include directory for includers of ppc_arch.h
      Check gcc version to see if it supports -MM and friends
      Recognise 32-bit Solaris in util/shlib_wrap.sh
      Touch the correct variables for the system; shlib_wrap.sh on Solaris
      Make sure the effect of "pic" / "no-pic" is used with assembler compilations
      Have Configure display the value of SHARED_CFLAG
      Don't check the conditions to build e_afalg if configured "no-engine"
      Don't add afalg engine if configured "no-engine"
      Don't add engines if configured "no-engine"
      Don't call ENGINE_cleanup when configured "no-engine"
      In build.info, an IF within a clause that's skipped over shouldn't apply
      Fix ct_test to not assume it's in the source directory
      CT test can't run without EC, so skip it on that algo as well
      Restore building out of source with the unified build scheme
      Fix ct_test to not assume it's in the source directory
      Make ct_dir and certs_dir static in test/ct_test.c
      Comment away the extra checks in Configure
      When grepping something starting with a dash, remember to use -e
      Correct slight logic error in processing IF in build.info
      Travis - the source directory is _srcdist, not _srcdir
      Remove duplicate typedef of ECPKPARAMETERS in ec.h
      Make util/mk1mf.pl recognise no-weak-ssl-ciphers
      When configured "shared", don't build static libraries on Windows
      Travis - don't use ccache with cross compiles
      Travis - add missing semi-colon
      Pass down inclusion directories to source file generators
      The typedef ECPARAMETERS is already defined, don't define it anew
      Add cleaning targets to Configurations/windows-makefile.tmpl
      Harmonize the option processing in 'config' and 'config.com'
      Configure - don't trust $1 to stick around, save its value away
      In the recipe using "makedepend", make sure the object file extension is there
      Add include directory options for assembler files that include from crypto/
      Add include directory options for assembler files that include from crypto/
      Fix some assembler generating scripts for better unification
      Harmonise the two methods to generate dependency files
      Don't build dynamic engines unless configured "shared"
      Avoid getting unresolved referense to bn_expand2 in test/bntest.c
      Some sed implementations are not greedy enough, use perl instead
      Because bn_expand2 is declared non-static, it must not be static
      Avoid sed for dependency post-processing
      When creating directory specs, use srctop_dir rather than srctop_file.
      Harmonize Unix Makefile template with Windows dito
      Use single quotes rather than double quotes when needed
      Add $(LIB_CFLAGS) for any build.info generator that uses $(CFLAGS)
      Collect the names of generated files and clean them away at target clean:
      Complete incomplete makefile variable referenses
      Change an function macro for ERR match the function it's used in.
      Fix a few Configure errors
      Enforce the demand for Perl 5.10.0 as a minimum.
      Fix freeze in config's interrupt trap with some shells
      Fix typo in manual, missing ending '>'
      static-engine is no longer an internal keyword, remove it from %disabled
      Small typo
      Cygwin configs were missing thread_scheme settings, add them
      Not all shells understand !
      Make the perl dependency post-processor into just one line
      Appveyor - make sure to actually build "shared" in the shared configuration
      DLL object files should not be built with /Zl"
      When building DLLs, hack the library name in the .def file
      Prepare for 1.1.0-pre4 release

Rob Percival (50):
      Tests for parsing and printing certificates containing SCTs
      GH752 ct_test uses testutil, so include that
      Public API for Certificate Transparency
      Fix for potential deferencing of null pointer in o2i_SCT_signature
      Moves SCT struct typedef into ossl_typ.h
      Verify SCT signatures
      Fixes potential double free and memory leak in ct_b64.c
      Addresses review comments from richsalz
      Move macros for reading/writing integers into ct_locl.h
      CT policy validation
      Adds CT validation to SSL connections
      Change default CT log list filename to "ct_log_list.cnf"
      Extends s_client to allow a basic CT policy to be enabled
      If a CT log entry in CTLOG_FILE is invalid, skip it and continue loading
      Handle missing "enabled_logs" line in CT log file
      Handle empty log name in "enable_logs" line of the CT log file
      Documentation for new SSL functions
      Documentation for new CT s_client flags
      Remove redundant semi-colons from apps/Makefile.in
      Make formatting consistent in apps/Makefile.in
      Fixes memory leaks in CT code
      CT code now calls X509_free() after calling SSL_get_peer_certificate()
      Lowercase name of SSL_validate_ct as it is an internal function
      Use s->session->peer instead of calling SSL_get_peer_certificate(s)
      Remove OPENSSL_NO_UNIT_TEST guard from ct_test.c
      Minor update to includes and documentation for ct_test.c
      Makes SCT_LIST_set_source return the number of successes
      Extensive application of __owur to CT functions that return a boolean
      Make parameters of CTLOG_get* const
      Treat boolean functions as booleans
      Fixes "usuable" typo in ct_locl.h
      Use SCT_VERSION_V1 in place of literal 0 in ct_test.c
      Reset SCT validation_status if the SCT is modified
      Remove unnecessary call to SCT_set1_extensions(sct, "", 0) in ct_test.c
      Updates ct_err.c
      Improved documentation of SCT_CTX_* functions
      Makes CTLOG_STORE_get0_log_by_id return const CTLOG*
      Makes SCT_get0_log return const CTLOG*
      Removes SCT_LIST_set_source and SCT_LIST_set0_logs
      Makes STACK_OF(SCT)* parameter of i2d_SCT_LIST const
      Make SCT literals into const variables in ct_test.c
      Document importance of CTLOG_STORE outliving SCT if SCT_set0_log is used
      Do not display a CT log error message if CT validation is disabled
      Minor improvement to formatting of SCT output in s_client
      Documentation for ctx_set_ctlog_list_file()
      check reviewer --reviewer=emilia     Remove 'log' field from SCT and related accessors
      check reviewer --reviewer=emilia     Pass entire CTLOG_STORE to SCT_print, rather than just the SCT's CTLOG
      check reviewer --reviewer=emilia     Use SSL_get_SSL_CTX instead of passing SSL_CTX to s_client.c:print_stuff
      Surround ctx_set_ctlog_list_file() with #ifndef OPENSSL_NO_CT
      constify CT_POLICY_EVAL_CTX getters

Roumen Petrov (4):
      Fix OPENSSL_config with NULL parameter
      remove redundant opt* declarations
      documentation: RSA_new_method argument
      correct name of GNU shared libraries

Todd Short (6):
      GH787: Fix ALPN
      Add cipher query functions
      GH787: Fix ALPN
      Fix SSL_CIPHER_get_auth_nid return
      Fix locking in ssl_cert_dup()
      Update .gitignore to ignore all cscope files

Viktor Dukhovni (5):
      Work-around for proxy->s_server retry logic
      Update documentation of SSL METHODs and ciphers
      Improved HKDF and TLS1-PRF documentation
      Don't free NCONF obtained values

Viktor Szakats (6):
      OPENSSL_init_ssl.pod: fix minor typo     Reviewed-by: Matt Caswell <matt at openssl.org>     Reviewed-by: Richard Levitte <levitte at openssl.org>
      md_rand: FAQ URL to use https and follow a redirect
      GH712:  Missed some no-filenames cases
      GH758: e_dasync_err.h: honor no-filenames option
      GH781: openssl.spec: use secure urls
      remove ms/.rnd and add it to .gitignore

Zhao Junwang (1):
      GH706: Use NULL for pointer compare.

clucey (3):
      ALG: Add AFALG engine
      Rework based on feedback:     1. Cleaned up eventfd handling     2. Reworked socket setup code to allow other algorithms to be added in        future     3. Fixed compile errors for static build     4. Added error to error stack in all cases of ALG_PERR/ALG_ERR     5. Called afalg_aes_128_cbc() from bind() to avoid race conditions     6. Used MAX_INFLIGHT define in io_getevents system call     7. Coding style fixes
      Adding afalg test

fbroda (1):
      General verify options to openssl ts


More information about the openssl-commits mailing list