aboutsummaryrefslogtreecommitdiffstats
path: root/CHANGES
Commit message (Collapse)AuthorAgeFilesLines
* CHANGES: remove empty whitespacesRonald Tse2017-10-261-174/+174
| | | | | | Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4581)
* Rewrite some codeRich Salz2017-10-071-0/+4
| | | | | | | | Rewrite the -req-nodes flag from CA.pl (idea from Andy) Rewrite ERR_string_error_n Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4478)
* Implement Aria GCM/CCM Modes and TLS cipher suitesJon Spillett2017-08-301-0/+3
| | | | | | | | | | | | | | AEAD cipher mode implementation is based on that used for AES: https://tools.ietf.org/html/rfc5116 TLS GCM cipher suites as specified in: https://tools.ietf.org/html/rfc6209 Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4287)
* MSC_VER <= 1200 isn't supported; remove dead codeRich Salz2017-08-271-0/+4
| | | | | | | VisualStudio 6 and earlier aren't supported. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4263)
* Add ERR_clear_last_mark()Richard Levitte2017-08-151-0/+4
| | | | | | | | | This allows callers to set a mark, and then clear it without removing the errors. Useful in case an error is encountered that should be returned up the call stack. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4094)
* Make RAND_DRBG fork-safeRich Salz2017-08-071-0/+5
| | | | | | | | Use atfork to count child forks, and reseed DRBG when the counts don't match. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4101)
* Wire SHA3 EVPs and add tests.Andy Polyakov2017-07-251-0/+3
| | | | | | Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3943)
* Remove the possibility to disable the UI module entirelyRichard Levitte2017-07-031-0/+11
| | | | | | | | | | | | | | | | | Instead, make it possible to disable the console reader that's part of the UI module. This makes it possible to use the UI API and other UI methods in environments where the console reader isn't useful. To disable the console reader, configure with 'no-ui-console' / 'disable-ui-console'. 'no-ui' / 'disable-ui' is now an alias for 'no-ui-console' / 'disable-ui-console'. Fixes #3806 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3820)
* STORE: Add an entry in NEWS and CHANGESRichard Levitte2017-06-291-0/+9
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3542)
* Document the added devcrypto engine in CHANGESRichard Levitte2017-06-281-0/+6
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3744)
* util/mkerr.pl: allow module names prefixed with OSSL_ or OPENSSL_Richard Levitte2017-06-271-0/+11
| | | | | | | | | | | | | | | | | To make sure that our symbols don't clash with other libraries, we claim the namespaces OSSL and OPENSSL. Because C doesn't provide namespaces, the only solution is to have them as prefixes on symbols, thus we allow OSSL_ and OPENSSL_ as prefixes. These namespace prefixes are optional for the foreseeable future, and will only be used for new modules as needed on a case by case basis, until further notice. For extra safety, there's an added requirement that module names - apart from the namespace prefix - be at least 2 characters long. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3781)
* Remove bsd_cryptodev engineRich Salz2017-06-191-0/+3
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3699)
* Add the target 'build_all_generated'Richard Levitte2017-06-161-0/+6
| | | | | | | | | | This new target is used to build all generated files and only that. This can be used to prepare everything that requires things like perl for a system that lacks perl and then move everything to that system and do the rest of the build there. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3695)
* Ignore -named_curve auto value to improve backwards compatibilityTomas Mraz2017-06-081-0/+4
| | | | | | | Fixes #3490 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3518)
* Add text pointing to full change list.Rich Salz2017-06-021-0/+5
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3606)
* Add UI functionality to duplicate the user dataRichard Levitte2017-05-311-0/+5
| | | | | | | | This can be used by engines that need to retain the data for a longer time than just the call where this user data is passed. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3575)
* Updates CHANGES and NEWS for new releaseMatt Caswell2017-05-251-1/+12
| | | | Reviewed-by: Kurt Roeckx <kurt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3546)
* Don't allow fragmented alertsMatt Caswell2017-05-171-0/+10
| | | | | | | | | | | | | | | | | | | An alert message is 2 bytes long. In theory it is permissible in SSLv3 - TLSv1.2 to fragment such alerts across multiple records (some of which could be empty). In practice it make no sense to send an empty alert record, or to fragment one. TLSv1.3 prohibts this altogether and other libraries (BoringSSL, NSS) do not support this at all. Supporting it adds significant complexity to the record layer, and its removal is unlikely to cause inter-operability issues. The DTLS code for this never worked anyway and it is not supported at a protocol level for DTLS. Similarly fragmented DTLS handshake records only work at a protocol level where at least the handshake message header exists within the record. DTLS code existed for trying to handle fragmented handshake records smaller than this size. This code didn't work either so has also been removed. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3476)
* Ensure s_client sends an SNI extension by defaultMatt Caswell2017-04-271-0/+6
| | | | | | | | | Enforcement of an SNI extension in the initial ClientHello is becoming increasingly common (e.g. see GitHub issue #2580). This commit changes s_client so that it adds SNI be default, unless explicitly told not to via the new "-noservername" option. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2614)
* Ignore dups in X509_STORE_add_*Rich Salz2017-04-201-0/+6
| | | | | | | | | | | | | | | | | | | | | | X509_STORE_add_cert and X509_STORE_add_crl are changed to return success if the object to be added was already found in the store, rather than returning an error. Raise errors if empty or malformed files are read when loading certificates and CRLs. Remove NULL checks and allow a segv to occur. Add error handing for all calls to X509_STORE_add_c{ert|tl} Refactor these two routines into one. Bring the unit test for duplicate certificates up to date using the test framework. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2830)
* Add a note in CHANGESRichard Levitte2017-04-101-0/+6
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3126)
* Make default_method mostly compile-timeRich Salz2017-04-071-0/+4
| | | | | | | | Document thread-safety issues Have RSA_null return NULL (always fails) Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2244)
* bio/b_print.c: recognize even 'j' format modifier.Andy Polyakov2017-03-301-3/+3
| | | | | | | | | | 'j' is specified as modifier for "greatest-width integer type", which in practice means 64 bits on both 32- and 64-bit platforms. Since we rely on __attribute__((__format__(__printf__,...))) to sanitize BIO_print format, we can use it to denote [u]int64_t-s in platform-neutral manner. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3083)
* Add z modifier parsing to the BIO_printf et all format stringRichard Levitte2017-03-291-0/+4
| | | | Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3064)
* More typo fixesFdaSilvaYY2017-03-291-1/+1
| | | | | | | | Fix some comments too [skip ci] Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3069)
* Spelling fixesFdaSilvaYY2017-03-281-2/+2
| | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3066)
* Add EC_KEY_get0_engine()Richard Levitte2017-03-151-0/+4
| | | | | | | Just as for DH, DSA and RSA, this gives the engine associated with the key. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2960)
* Add the presence of ARIA to the change log.Pauli2017-03-141-0/+3
| | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2926)
* Document in CHANGES that config now recognises 64-bit mingwRichard Levitte2017-03-131-0/+4
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2917)
* CHANGES: mention CFI annotations.Andy Polyakov2017-03-021-0/+4
| | | | | | | [skip ci] Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
* Code health: Quick note in changes and the OPENSSL_GLOBAL et al changesRichard Levitte2017-02-281-0/+4
| | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2785)
* Code cleanup: remove the VMS specific reimplementation of gmtimeRichard Levitte2017-02-281-0/+5
| | | | | | | | This reimplementation was necessary before VMS C V7.1. Since that's the minimum version we support in this OpenSSL version, the reimplementation is no longer needed. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2762)
* X509 time: tighten validation per RFC 5280Emilia Kasper2017-02-241-0/+5
| | | | | | | | | | | | - Reject fractional seconds - Reject offsets - Check that the date/time digits are in valid range. - Add documentation for X509_cmp_time GH issue 2620 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
* Update CHANGES and NEWS for new releaseMatt Caswell2017-02-161-1/+14
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Add support for parameterized SipHashTodd Short2017-02-011-0/+3
| | | | | | | | | | | The core SipHash supports either 8 or 16-byte output and a configurable number of rounds. The default behavior, as added to EVP, is to use 16-byte output and 2,4 rounds, which matches the behavior of most implementations. There is an EVP_PKEY_CTRL that can control the output size. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2216)
* Update CHANGES and NEWS for new releaseMatt Caswell2017-01-261-1/+44
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Test mac-then-encryptEmilia Kasper2016-11-281-0/+3
| | | | | | | | | | | Verify that the encrypt-then-mac negotiation is handled correctly. Additionally, when compiled with no-asm, this test ensures coverage for the constant-time MAC copying code in ssl3_cbc_copy_mac. The proxy-based CBC padding test covers that as well but it's nevertheless better to have an explicit handshake test for mac-then-encrypt. Reviewed-by: Andy Polyakov <appro@openssl.org>
* Remove heartbeat supportRichard Levitte2016-11-131-0/+3
| | | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1669)
* Update CHANGES and NEWSMatt Caswell2016-11-101-0/+46
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Add a CHANGES entry for the unrecognised record type changeMatt Caswell2016-11-021-1/+5
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Revert "Disable MDC2 by default."Rich Salz2016-11-011-2/+1
| | | | | | | This reverts commit ca1574cec20589885000d039eed3a9375fb29a0d. Not suitabled for a minor release as it breaks the ABI. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Disable MDC2 by default.Rich Salz2016-10-311-1/+2
| | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Backdated note in CHANGES about shared library namesRichard Levitte2016-10-251-0/+6
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1767)
* Remove automatic RPATH - Add a CHANGES entryRichard Levitte2016-10-131-0/+6
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Updates CHANGES and NEWS for new releaseMatt Caswell2016-09-261-0/+17
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Updates CHANGES and NEWS for new releaseMatt Caswell2016-09-221-1/+76
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Document the new SHA256 and SHA512 password generation optionsRichard Levitte2016-09-141-0/+5
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Remove note from CHANGES about EC DRBGMatt Caswell2016-08-251-4/+0
| | | | | | | | EC DRBG support was added in 7fdcb457 in 2011 and then later removed. However the CHANGES entry for its original addition was left behind. This just removes the spurious CHANGES entry. Reviewed-by: Stephen Henson <steve@openssl.org>
* Update CHANGES, NEWS, README and opensslv.h on masterRichard Levitte2016-08-251-1/+5
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* CHANGES: mention Windows UTF-8 opt-in option.Andy Polyakov2016-08-251-0/+8
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-01 20:26:08 +0000