Skip to content
  1. Feb 12, 2016
    • Richard Levitte's avatar
      Rename INSTALL_PREFIX to DESTDIR, remove option --install_prefix · 3c65577f
      Richard Levitte authored
      
      
      INSTALL_PREFIX is a confusing name, as there's also --prefix.
      Instead, tag along with the rest of the open source world and adopt
      the Makefile variable DESTDIR to designate the desired staging
      directory.
      
      The Configure option --install_prefix is removed, the only way to
      designate a staging directory is with the Makefile variable (this is
      also implemented for VMS' descrip.mms et al).
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      3c65577f
  2. Feb 11, 2016
  3. Feb 10, 2016
  4. Feb 09, 2016
  5. Feb 05, 2016
  6. Feb 03, 2016
    • Richard Levitte's avatar
      0f45c26f
    • Emilia Kasper's avatar
      RT4148 · ba2de73b
      Emilia Kasper authored
      
      
      Accept leading 0-byte in PKCS1 type 1 padding. Internally, the byte is
      stripped by BN_bn2bin but external callers may have other expectations.
      
      Reviewed-by: default avatarKurt <Roeckx&lt;kurt@openssl.org>
      ba2de73b
    • Emilia Kasper's avatar
      RT3234: disable compression · dc5744cb
      Emilia Kasper authored
      
      
      CRIME protection: disable compression by default, even if OpenSSL is
      compiled with zlib enabled. Applications can still enable compression by
      calling SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION), or by using
      the SSL_CONF library to configure compression. SSL_CONF continues to
      work as before:
      
      SSL_CONF_cmd(ctx, "Options", "Compression") enables compression.
      
      SSL_CONF_cmd(ctx, "Options", "-Compression") disables compression (now
      no-op by default).
      
      The command-line switch has changed from -no_comp to -comp.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      dc5744cb
  7. Feb 01, 2016
  8. Jan 30, 2016
  9. Jan 29, 2016
  10. Jan 28, 2016
    • Matt Caswell's avatar
      CHANGES and NEWS updates for release · 502bed22
      Matt Caswell authored
      
      
      Add details about the latest issues fixed in the forthcoming release.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      502bed22
    • Rich Salz's avatar
      Remove outdated legacy crypto options · 3e9e810f
      Rich Salz authored
      
      
      Many options for supporting optimizations for legacy crypto on legacy
      platforms have been removed.  This simplifies the source code and
      does not really penalize anyone.
              DES_PTR (always on)
              DES_RISC1, DES_RISC2 (always off)
              DES_INT (always 'unsigned int')
              DES_UNROLL (always on)
              BF_PTR (always on) BF_PTR2 (removed)
              MD2_CHAR, MD2_LONG (always 'unsigned char')
              IDEA_SHORT, IDEA_LONG (always 'unsigned int')
              RC2_SHORT, RC2_LONG (always 'unsigned int')
              RC4_LONG (only int and char (for assembler) are supported)
              RC4_CHUNK (always long), RC_CHUNK_LL (removed)
              RC4_INDEX (always on)
      And also make D_ENCRYPT macro more clear (@appro)
      
      This is done in consultation with Andy.
      
      Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
      3e9e810f
  11. Jan 25, 2016
  12. Jan 21, 2016
    • Richard Levitte's avatar
      Refresh the thinking of --prefix and --openssldir · d74dfafd
      Richard Levitte authored
      
      
      --prefix is now exclusively used for software and manual installation.
      --openssldir is not exclusively used as a default location for certs,
      keys and the default openssl.cnf.
      
      This change is made to bring clarity, to have the two less
      intertwined, and to be more compatible with the usual ways of software
      installation.
      
      Please change your habits and scripts to use --prefix rather than
      --openssldir for installation location now.
      
      Reviewed-by: default avatarViktor Dukhovni <viktor@openssl.org>
      d74dfafd
  13. Jan 19, 2016
  14. Jan 15, 2016
  15. Jan 14, 2016
  16. Jan 12, 2016
  17. Jan 11, 2016
  18. Jan 08, 2016
  19. Jan 07, 2016
    • Rich Salz's avatar
      mem functions cleanup · bbd86bf5
      Rich Salz authored
      
      
      Only two macros CRYPTO_MDEBUG and CRYPTO_MDEBUG_ABORT to control this.
      If CRYPTO_MDEBUG is not set, #ifdef out the whole debug machinery.
              (Thanks to Jakob Bohm for the suggestion!)
      Make the "change wrapper functions" be the only paradigm.
      Wrote documentation!
      Format the 'set func' functions so their paramlists are legible.
      Format some multi-line comments.
      Remove ability to get/set the "memory debug" functions at runtme.
      Remove MemCheck_* and CRYPTO_malloc_debug_init macros.
      Add CRYPTO_mem_debug(int flag) function.
      Add test/memleaktest.
      Rename CRYPTO_malloc_init to OPENSSL_malloc_init; remove needless calls.
      
      Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
      bbd86bf5
  20. Jan 02, 2016
    • Viktor Dukhovni's avatar
      Protocol version selection and negotiation rewrite · 4fa52141
      Viktor Dukhovni authored
      
      
      The protocol selection code is now consolidated in a few consecutive
      short functions in a single file and is table driven.  Protocol-specific
      constraints that influence negotiation are moved into the flags
      field of the method structure.  The same protocol version constraints
      are now applied in all code paths.  It is now much easier to add
      new protocol versions without reworking the protocol selection
      logic.
      
      In the presence of "holes" in the list of enabled client protocols
      we no longer select client protocols below the hole based on a
      subset of the constraints and then fail shortly after when it is
      found that these don't meet the remaining constraints (suiteb, FIPS,
      security level, ...).  Ideally, with the new min/max controls users
      will be less likely to create "holes" in the first place.
      
      Reviewed-by: default avatarKurt Roeckx <kurt@openssl.org>
      4fa52141
    • Kurt Roeckx's avatar
  21. Dec 15, 2015
  22. Dec 13, 2015
  23. Dec 11, 2015
  24. Dec 10, 2015
  25. Dec 09, 2015
  26. Dec 07, 2015
  27. Dec 05, 2015
  28. Dec 04, 2015