aboutsummaryrefslogtreecommitdiffstats
path: root/CHANGES
Commit message (Collapse)AuthorAgeFilesLines
* Remove note from CHANGES about EC DRBGMatt Caswell2016-08-251-4/+0
| | | | | | | | EC DRBG support was added in 7fdcb457 in 2011 and then later removed. However the CHANGES entry for its original addition was left behind. This just removes the spurious CHANGES entry. Reviewed-by: Stephen Henson <steve@openssl.org>
* Update CHANGES, NEWS, README and opensslv.h on masterRichard Levitte2016-08-251-1/+5
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* CHANGES: mention Windows UTF-8 opt-in option.Andy Polyakov2016-08-251-0/+8
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Put DES into "not default" category.Rich Salz2016-08-241-2/+3
| | | | | | Add CVE to CHANGES Reviewed-by: Emilia Käsper <emilia@openssl.org>
* To avoid SWEET32 attack, move 3DES to weakRich Salz2016-08-241-0/+4
| | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* update CHANGESDr. Stephen Henson2016-08-131-12/+6
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* fixing too optimistic typo-fixklemens2016-08-051-1/+1
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1413)
* spelling fixes, just comments and readme.klemens2016-08-051-20/+20
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1413)
* Fix date in CHANGESMatt Caswell2016-08-041-1/+1
| | | | | | | The release scripts expect to see the date "xx XXX xxxx" in CHANGES. At some point the year got changed from xxxx to 2016. This changes it back. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Change default directory for the .rnd file on Windows and VMSRichard Levitte2016-06-201-2/+2
| | | | | | | | | | The previous change for Windows wasn't quite right. Corrected to use %HOME%, %USERPROFILE% and %SYSTEMPROFILE%, in that order. Also adding the default home for VMS, SYS$LOGIN: Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org>
* Change default directory for storing the .rnd file on WindowsMatt Caswell2016-06-171-0/+6
| | | | | | | | | | | | Previously we would try %RANDFILE%, then %HOME% and finally "C:". Unfortunately this often ends up being "C:" which the user may not have write permission for. Now we try %RANDFILE% first, and then the same set of environment vars as GetTempFile() uses, i.e. %TMP%, then %TEMP%, %USERPROFILE% and %SYSTEMROOT%. If all else fails we fall back to %HOME% and only then "C:". Reviewed-by: Rich Salz <rsalz@openssl.org>
* Change the return type of EVP_EncodeUpdateMatt Caswell2016-06-161-0/+5
| | | | | | | | Previously EVP_EncodeUpdate returned a void. However there are a couple of error conditions that can occur. Therefore the return type has been changed to an int, with 0 indicating error and 1 indicating success. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Deprecate the flags that switch off constant timeMatt Caswell2016-06-061-0/+6
| | | | | | | | | The flags RSA_FLAG_NO_CONSTTIME, DSA_FLAG_NO_EXP_CONSTTIME and DH_FLAG_NO_EXP_CONSTTIME which previously provided the ability to switch off the constant time implementation for RSA, DSA and DH have been made no-ops and deprecated. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Fix some RAND bugsRich Salz2016-06-011-0/+5
| | | | | | | | RT2630 -- segfault for int overlow RT2877 -- check return values in apps/rand Update CHANGES file for previous "windows rand" changes. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Rename lh_xxx,sk_xxx tp OPENSSL_{LH,SK}_xxxRich Salz2016-05-201-0/+5
| | | | | | | | | | | | Rename sk_xxx to OPENSSL_sk_xxx and _STACK to OPENSSL_STACK Rename lh_xxx API to OPENSSL_LH_xxx and LHASH_NODE to OPENSSL_LH_NODE Make lhash stuff opaque. Use typedefs for function pointers; makes the code simpler. Remove CHECKED_xxx macros. Add documentation; remove old X509-oriented doc. Add API-compat names for entire old API Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
* Unify <TYPE>_up_ref methods signature and behaviour.FdaSilvaYY2016-05-161-1/+9
| | | | | | | | | Add a status return value instead of void. Add some sanity checks on reference counter value. Update the docs. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Windows: When installing libraries and executables, install .pdb files as wellRichard Levitte2016-05-121-0/+6
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Remove openssl.specRichard Levitte2016-05-121-0/+3
| | | | | | | | While it seemed like a good idea to have this file once upon a time, this kind of file belongs with the package maintainer rather than in our source. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Add a case for 64-bit OS X in configRichard Levitte2016-05-121-0/+9
| | | | | | | | | This makes it possible to just run ./config on a x86_64 machine with no extra fuss. RT#4356 Reviewed-by: Tim Hudson <tjh@openssl.org>
* Update pkcs8 defaults.Dr. Stephen Henson2016-05-111-0/+4
| | | | | | | | Update pkcs8 utility to use 256 bit AES using SHA256 by default. Update documentation. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* IRIX fixes.Andy Polyakov2016-05-101-0/+3
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Missing credit in CHANGESRich Salz2016-05-091-0/+1
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Move 3DES from HIGH to MEDIUMRich Salz2016-05-051-0/+2
| | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* Fix spellingFdaSilvaYY2016-05-051-7/+7
| | | | | | | Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matt Caswell <matt@openssl.org> GH: #1021
* Update CHANGES and NEWS for the new releaseMatt Caswell2016-05-031-0/+97
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Document the addition of OPENSSL_LOCAL_CONFIG_DIRRichard Levitte2016-05-021-0/+7
| | | | Reviewed-by: Stephen Henson <steve@openssl.org>
* Make many X509_xxx types opaque.Rich Salz2016-04-151-0/+5
| | | | | | | | | Make X509_OBJECT, X509_STORE_CTX, X509_STORE, X509_LOOKUP, and X509_LOOKUP_METHOD opaque. Remove unused X509_CERT_FILE_CTX Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
* Make "shared" builds the defaultMatt Caswell2016-04-141-0/+4
| | | | | | | In most cases we expect that people will be using shared libraries not static ones, therefore we make that the default. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Add a CHANGES entry for removal of Configure optionsMatt Caswell2016-04-131-1/+6
| | | | | | Document removal of no-aes, no-hmac, no-rsa, no-sha and no-md5. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Add a CHANGES entry for the deprecated cleanup functionsMatt Caswell2016-04-131-0/+11
| | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Adjust --strict-warnings builds in TravisEmilia Kasper2016-04-101-0/+5
| | | | | | | | In Travis, do --strict-warnings on BUILDONLY configurations. This ensures that the tests run even if --strict-warnings fail, and avoids hiding unrelated test failures. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Add CHANGES entry for DH and DH_METHOD opacityMatt Caswell2016-04-091-0/+5
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Update CHANGES with the new about RSA and RSA_METHODRichard Levitte2016-04-061-0/+5
| | | | Reviewed-by: Matt Caswell <matt@openssl.org>
* Added DSA opacity to CHANGESMatt Caswell2016-04-031-0/+5
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
* Add a CHANGES entry for opaque BIOsMatt Caswell2016-03-291-1/+6
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Remove the no-rijndael optionMatt Caswell2016-03-211-0/+3
| | | | | | | Rijndael is an old name for AES. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* Remove the remainder of util/mk1mf.pl and companion scriptsRichard Levitte2016-03-211-0/+3
| | | | | | | This removes all scripts that deal with MINFO as well, since that's only used by mk1mf. Reviewed-by: Andy Polyakov <appro@openssl.org>
* Remove #error from include files.Rich Salz2016-03-201-0/+4
| | | | | | | | Don't have #error statements in header files, but instead wrap the contents of that file in #ifndef OPENSSL_NO_xxx This means it is now always safe to include the header file. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Remove Netware and OS/2Rich Salz2016-03-171-1/+1
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Remove ultrix/mips support.Rich Salz2016-03-171-0/+3
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Remove support for Borland C++Richard Levitte2016-03-171-0/+3
| | | | | | | Borland C++ 4.5 is very old and our "support" for it is already non-existent, we might as well remove it. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Fix up CHANGESEmilia Kasper2016-03-161-3/+3
| | | | | | | | | | - Remove duplicate entry - Add author for SSL_CIPHER query functions - Note HKDF support in CHANGES and NEWS [ci skip] Reviewed-by: Richard Levitte <levitte@openssl.org>
* Review commentsKurt Roeckx2016-03-111-0/+3
| | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
* Update CHANGES and NEWSMatt Caswell2016-03-091-0/+14
| | | | | | | Update the CHANGES and NEWS files with information about the recently added AFALG engine and pipelining. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Update CHANGES for the new threading APIMatt Caswell2016-03-091-0/+8
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* GH787: Fix ALPNTodd Short2016-03-081-0/+3
| | | | | | | | | | | | | * Perform ALPN after the SNI callback; the SSL_CTX may change due to that processing * Add flags to indicate that we actually sent ALPN, to properly error out if unexpectedly received. * clean up ssl3_free() no need to explicitly clear when doing memset * document ALPN functions Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
* Add cipher query functionsTodd Short2016-03-081-0/+3
| | | | | | | Add functions to determine authentication, key-exchange, FIPS and AEAD. Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
* GH787: Fix ALPNTodd Short2016-03-081-0/+4
| | | | | | | | | | | | * Perform ALPN after the SNI callback; the SSL_CTX may change due to that processing * Add flags to indicate that we actually sent ALPN, to properly error out if unexpectedly received. * clean up ssl3_free() no need to explicitly clear when doing memset * document ALPN functions Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org>
* Rework the default cipherlist.Emilia Kasper2016-03-071-0/+9
| | | | | | | | | | | | - Always prefer forward-secure handshakes. - Consistently order ECDSA above RSA. - Next, always prefer AEADs to non-AEADs, irrespective of strength. - Within AEADs, prefer GCM > CHACHA > CCM for a given strength. - Prefer TLS v1.2 ciphers to legacy ciphers. - Remove rarely used DSS, IDEA, SEED, CAMELLIA, CCM from the default list to reduce ClientHello bloat. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Documentation for new CT s_client flagsRob Percival2016-03-041-0/+5
| | | | | Reviewed-by: Ben Laurie <ben@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-05 04:59:35 +0000