[openssl-commits] [openssl] OpenSSL_1_0_2b create
Matt Caswell
matt at openssl.org
Thu Jun 11 14:44:40 UTC 2015
The annotated tag OpenSSL_1_0_2b has been created
at ca9e0fecf4f40d9c6933dcb934113aa93843a894 (tag)
tagging 7b560c174dcd569795f5be66e0c091d1be440614 (commit)
replaces OpenSSL_1_0_2a
tagged by Matt Caswell
on Thu Jun 11 14:55:38 2015 +0100
- Log -----------------------------------------------------------------
OpenSSL 1.0.2b release tag
Andy Polyakov (18):
sha/asm/sha256-armv4.pl: adapt for use in Linux kernel context.
ec/asm/ecp_nistz256-x86_64.pl: update commentary with before-after performance data.
aes/asm/aesv8-armx.pl: optimize for Cortex-A5x.
sha/asm/sha*-armv8.pl: add Denver and X-Gene esults.
modes/asm/ghashv8-armx.pl: up to 90% performance improvement.
aes/asm/aesni-x86[_64].pl update.
aes/asm/aesni-x86.pl: fix typo affecting Windows build.
aes/asm/aesni-sha256-x86_64.pl: fix Windows compilation failure with old assembler.
mk1mf.pl: replace chop for windows.
bn/asm/vis3-mont.pl: fix intermittent EC failures on SPARC T3.
bn/bn_gf2m.c: appease STACK, unstable code detector.
bn/asm/x86_64-mont5.pl: fix valgrind error.
bn/bn_lcl.h: fix MIPS-specific gcc version check.
Configure: replace -mv8 with -mcpu=v8 in SPARC config lines.
Housekeeping 'make TABLE' update.
gcm.c: address linker warning about OPENSSL_ia32cap_P size mismatch.
e_aes_cbc_hmac_sha*.c: address linker warning about OPENSSL_ia32cap_P size mismatch.
bn/bn_gf2m.c: avoid infinite loop wich malformed ECParamters.
Annie Yousar (1):
RT3230: Better test for C identifier
Ben Laurie (1):
Use cc instead of gcc so either clang or gcc is used as appropriate. Add clang flags needed to keep it happy.
Billy Brumley (1):
fix copy paste error in ec_GF2m function prototypes
Bjoern D. Rasmussen (1):
Fix for memcpy() and strcmp() being undefined.
David Woodhouse (2):
Add DTLS to SSL_get_version
Add DTLS support to ssltest
Douglas E Engert (1):
Ensure EC private keys retain leading zeros
Dr. Stephen Henson (15):
Make OCSP response verification more flexible.
Configuration file examples.
Fix OCSP tests.
Fix ECDH detection, add ECDH keyid test.
Fix ECDH key identifier support.
Don't set *pval to NULL in ASN1_item_ex_new.
Reject empty generation strings.
Limit depth of nested sequences when generating ASN.1
Fix encoding bug in i2c_ASN1_INTEGER
Fix verify algorithm.
PEM doc fixes
check for error when creating PKCS#8 structure
make update
return correct NID for undefined object
Fix infinite loop in CMS
Emilia Kasper (22):
Harden SSLv2-supporting servers against Bleichenbacher's attack.
Use -Wall -Wextra with clang
Error out immediately on empty ciphers list.
make update
Initialize variable
Repair EAP-FAST session resumption
Correctly set Z_is_one on the return value in the NISTZ256 implementation.
Fix error checking and memory leaks in NISTZ256 precomputation.
Error checking and memory leak fixes in NISTZ256.
NISTZ256: set Z_is_one to boolean 0/1 as is customary.
NISTZ256: don't swallow malloc errors
NISTZ256: use EC_POINT API and check errors.
s_server: Use 2048-bit DH parameters by default.
dhparam: fix documentation
Update documentation with Diffie-Hellman best practices. - Do not advise generation of DH parameters with dsaparam to save computation time. - Promote use of custom parameters more, and explicitly forbid use of built-in parameters weaker than 2048 bits. - Advise the callback to ignore <keylength> - it is currently called with 1024 bits, but this value can and should be safely ignored by servers.
client: reject handshakes with DH parameters < 768 bits.
Only support >= 256-bit elliptic curves with ecdh_auto (server) or by default (client).
Fix ssltest to use 1024-bit DHE parameters
Use CRYPTO_memcmp when comparing authenticators
Use CRYPTO_memcmp in s3_cbc.c
Fix length checks in X509_cmp_time to avoid out-of-bounds reads.
PKCS#7: Fix NULL dereference with missing EncryptedContent.
Gilles Khouzam (1):
RT3820: Don't call GetDesktopWindow()
Hanno Böck (2):
Fix uninitialized variable.
Call of memcmp with null pointers in obj_cmp()
Jeffrey Walton (1):
Explicitly mention PKCS5_PBKDF2_HMAC in EVP doc.
Kurt Cancemi (1):
Add missing NULL check in X509V3_parse_list()
Kurt Roeckx (7):
Don't send a for ServerKeyExchange for kDHr and kDHd
X509_VERIFY_PARAM_free: Check param for NULL
do_dirname: Don't change gen on failures
Correctly check for export size limit
Allow all curves when the client doesn't send an supported elliptic curves extension
Properly check certificate in case of export ciphers.
Only allow a temporary rsa key exchange when they key is larger than 512.
Loganaden Velvindron (1):
Fix CRYPTO_strdup
Lubom (1):
Lost alert in DTLS
Matt Caswell (65):
Prepare for 1.0.2b-dev
Add DTLS tests to make test
Fix no-ec with no-ec2m
Don't check curves that haven't been sent
Ensure last_write_sequence is saved in DTLS1.2
Add ticket length before buffering DTLS message
Fix RAND_(pseudo_)?_bytes returns
Add more HMAC tests
Ensure that both the MD and key have been initialised before attempting to create an HMAC
Add HMAC test for invalid key len
Fix HMAC to pass invalid key len test
Fix bug in s_client. Previously default verify locations would only be loaded if CAfile or CApath were also supplied and successfully loaded first.
Check for ClientHello message overruns
Fix ssl_get_prev_session overrun
In certain situations the server provided certificate chain may no longer be valid. However the issuer of the leaf, or some intermediate cert is in fact in the trust store.
Add flag to inhibit checking for alternate certificate chains. Setting this behaviour will force behaviour as per previous versions of OpenSSL
Add -no_alt_chains option to apps to implement the new X509_V_FLAG_NO_ALT_CHAINS flag. Using this option means that when building certificate chains, the first chain found will be the one used. Without this flag, if the first chain found is not trusted then we will keep looking to see if we can build an alternative chain instead.
Add documentation for the -no_alt_chains option for various apps, as well as the X509_V_FLAG_NO_ALT_CHAINS flag.
Fix misc NULL derefs in sureware engine
Fix return checks in GOST engine
Revert "Fix verify algorithm."
Add length sanity check in SSLv2 n_do_ssl_write()
Sanity check DES_enc_write buffer length
Sanity check EVP_CTRL_AEAD_TLS_AAD
Sanity check EVP_EncodeUpdate buffer len
Clarify logic in BIO_*printf functions
Add sanity check in ssl3_cbc_digest_record
Sanity check the return from final_finish_mac
Add sanity check to ssl_get_prev_session
Add sanity check to print_bin function
Fix buffer overrun in RSA signing
Remove libcrypto to libssl dependency
Add Error state
Add more error state transitions
Add more error state transitions (client)
Add more error state transitions (DTLS)
Check sk_SSL_CIPHER_new_null return value
Don't allow a CCS when expecting a CertificateVerify
Reject negative shifts for BN_rshift and BN_lshift
Fix off-by-one in BN_rand
Remove export static DH ciphersuites
Fix typo setting up certificate masks
Don't send an alert if we've just received one
Handle unsigned struct timeval members
Fix error check in GOST engine
Don't check for a negative SRP extension size
Check the message type requested is the type received in DTLS
Fix race condition in NewSessionTicket
Fix compilation failure for some tool chains
Fix DTLS session resumption
Fix off-by-one error in BN_bn2hex
Clean Kerberos pre-master secret
Clean premaster_secret for GOST
Remove misleading comment
Fix Kerberos issue in ssl_session_dup
Replace memset with OPENSSL_cleanse()
Fix memory leaks in BIO_dup_chain()
Tighten extension handling
EC_POINT_is_on_curve does not return a boolean
Fix leak in HMAC error path
DTLS handshake message fragments musn't span packets
More ssl_session_dup fixes
Update CHANGES and NEWS
make update
Prepare for 1.0.2b release
Mike Frysinger (1):
Fix malloc define typo
Olaf Johansson (1):
GH249: Fix bad regexp in arg parsing.
Per Allansson (1):
Fix IP_MTU_DISCOVER typo
Rich Salz (4):
RT3776: Wrong size for malloc
Fix cut/paste error
Add NULL checks from master
RT1207: document SSL_COMP_free_compression_methods.
Richard Levitte (15):
Appease clang -Wempty-translation-unit
Appease clang -Wgnu-statement-expression
Appease clang -Wshadow
Ignore the non-dll windows specific build directories
Have mkerr.pl treat already existing multiline string defs properly
Initialised 'ok' and redo the logic.
RT2943: Check sizes if -iv and -K arguments
Fix the update target and remove duplicate file updates
Missed a couple of spots in the update change
Fix update and depend in engines/
Add the macro OPENSSL_SYS_WIN64
Add and rearrange building of libraries
When making libcrypto from apps or test, make sure to include engines
Correction of make depend merge error
make update
Robert Swiecki (1):
Don't add write errors into bytecounts
Sergey Agievich (1):
Add funtions to set item_sign and item_verify
StudioEtrange (1):
GitHub284: Fix typo in xx-32.pl scripts.
Viktor Dukhovni (2):
Code style: space after 'if'
Fix typo in valid_star
-----------------------------------------------------------------------
More information about the openssl-commits
mailing list