[openssl-commits] [openssl] OpenSSL_1_1_0 create
Matt Caswell
matt at openssl.org
Thu Aug 25 15:42:36 UTC 2016
The annotated tag OpenSSL_1_1_0 has been created
at 4d051092ff66736bba2676763a1b49fe8dadc39a (tag)
tagging abd30777cc72029e8a44e4b67201cae8ed3d19c1 (commit)
replaces OpenSSL_1_1_0-pre6
tagged by Matt Caswell
on Thu Aug 25 16:29:18 2016 +0100
- Log -----------------------------------------------------------------
OpenSSL 1.1.0 release tag
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJXvw7OAAoJENnE0m0OYESR1p0H/ieB96ulepJC2JBmEeRveCKa
Qh541UWamjj3gZEg9KOjb2mj28QfCe4LWwts1Kp13xyguD1AvgAVmor9zdWhlMSu
qFMBcZHK5C2HsbZGpYXlgKAzPTgiRO/dT9rQ7+TleAbgUicrZjrV4jx9o1A9vB30
VkEL1HoX5ThXwl+jaMOjRpEZUXyZg5Sc5YGocL+vNEZPvkr3eyAlox2EdVTdlKIn
nj48ejSWglcWFVLoTKwr3yHnxq5MTqkYj62e6MX1FuOGoqhgi1/b579I3f1lXFgW
Bx7Imkoj6ORrXyXuh4XvvVurJboxQYf3FjxEilSPctOUVjyjLBBEK8vTpBdHeDs=
=XrxN
-----END PGP SIGNATURE-----
Adam Langley (1):
Fix test of first of 255 CBC padding bytes.
Andy Polyakov (26):
sha/asm/sha1-x86_64.pl: fix crash in SHAEXT code on Windows.
crypto/sparcv9cap.c: fix overstep in getisax.
crypto/ui/ui_openssl.c: let new-line through after query in Windows path.
crypto/sparcv9cap.c: add missing declaration.
test/ssl_test.tmpl: make it work with elderly perl.
Configure: recognize -static as link option and disable incompatible options.
ARMv8 assembly pack: add Samsung Mongoose results.
ecp_nistz256.c: get is_one on 32-bit platforms right.
evp/bio_enc.c: refine non-overlapping logic.
Add test/bio_enc_test.c.
crypto/pkcs12: add UTF8 support.
Add PKCS#12 UTF-8 interoperability test.
crypto/pkcs12: default to UTF-8.
crypto/pkcs12: facilitate accessing data with non-interoperable password.
bn/asm/x86[_64]-mont*.pl: implement slightly alternative page-walking.
80-test_pkcs12.t: skip the test on Windows with non-Greek locale.
evp/bio_enc.c: stop using pointer arithmetic for error detection.
ec/asm/ecp_nistz256-x86_64.pl: addition to perform stricter reduction.
ec/asm/ecp_nistz256-*.pl: addition to perform stricter reduction.
ec/ecp_nistz256: harmonize is_infinity with ec_GFp_simple_is_at_infinity.
ec/ecp_nistz256: harmonize is_infinity with ec_GFp_simple_is_at_infinity.
ec/asm/ecp_nistz256-x86_64.pl: /cmovb/cmovc/ as nasm doesn't recognize cmovb.
Configurations/10-main.conf: fix solaris64-*-cc link problems.
Don't switch password formats using global state.
Windows: UTF-8 opt-in for command-line arguments and console input.
CHANGES: mention Windows UTF-8 opt-in option.
Benjamin Kaduk (2):
Remove some unused options from 10-main.conf
Sort %disabled in Configure
Cristian Stoica (1):
speed.c: use size_t instead of int to match function signatures
David Benjamin (1):
Fix math in BN_bn2dec comment.
David Woodhouse (10):
Fix SSL_export_keying_material() for DTLS1_BAD_VER
Fix ossl_statem_client_max_message_size() for DTLS1_BAD_VER
Fix DTLS_VERSION_xx() comparison macros for DTLS1_BAD_VER
Fix cipher support for DTLS1_BAD_VER
Make DTLS1_BAD_VER work with DTLS_client_method()
Fix ubsan 'left shift of negative value -1' error in satsub64be()
Add basic test for Cisco DTLS1_BAD_VER and record replay handling
Fix clienthellotest to use PACKET functions
Kill PACKET_starts() from bad_dtls_test
Fix satsub64be() to unconditionally use 64-bit integers
Dr. Stephen Henson (53):
Limit status message sisze in ts_get_status_check
Free buffer in a2i_ASN1_INTEGER() on error path.
Sanity check input length in OPENSSL_uni2asc().
Update documentation for DSA_SIG and ECDSA_SIG.
Use OIDs from draft-ietf-curdle-pkix-02
Fix type of ptr field.
X25519 public key methods
make errors
add to build.info
Add X25519 methods to internal tables
Update X25519 key format in evptests.txt
Add point ctrls to X25519
make update
Add encoded points to other EC curves too.
Modify TLS support for new X25519 API.
Remove old EC based X25519 code.
Print out names of other temp key algorithms.
add documentation
update CHANGES
Fix no-ec
Check for errors in BN_bn2dec()
Check for errors in a2d_ASN1_OBJECT()
Limit reads in do_b2i_bio()
Add ASN1_STRING_get0_data(), deprecate ASN1_STRING_data().
make update
Corrupt signature earlier.
Constify ASN1_item_unpack().
constify X509_ALGOR_get0()
Constify private key decode.
Corrupt signature in place.
Convert X509* functions to use const getters
Constify X509_get0_signature()
Constify X509_certificate_type()
Constify ssl_cert_type()
Constify X509_SIG.
make update
Constify i2a*
constify i2o_ECPublicKey
constify X509_REQ_get0_signature()
Add X509_get0_serialNumber() and constify OCSP_cert_to_id()
make update
make update
Avoid duplicated code.
Set certificate times in one function.
Constify certificate and CRL time routines.
rename ordinals
make update
fix warning about trailing comma
Add X509_getm_notBefore, X509_getm_notAfter
update ordinals
Sanity check ticket length.
Avoid overflow in MDC2_Update()
Support broken PKCS#12 key generation.
Dániel Bakai (1):
Added appropriate OPENSSL_NO_STDIO to PKCS12 header
Emilia Kasper (16):
Add a coverage target
Add --gcov-options '\-lp' to coverage
Reorganize SSL test structures
Fix ALPN tests when NPN is off
NPN and ALPN: test resumption
SSL test ctx: fix tests
CT: fix documentation
SSL tests: port CT tests, add a few more
Add TEST_check
Gracefully free a NULL HANDSHAKE_RESULT
Don't attempt to load the CT log list with no-ec
SSL tests: send some application data
Port multi-buffer tests
Test that the peers send at most one fatal alert
Indent ssl/
Add more details on how to add a new SSL test
FdaSilvaYY (22):
Constify ASN1_INTEGER_get, ASN1_ENUMERATED_get
Constify two internal methods - append_ia5 - old_entry_print
Constify input buffer
Constify inputs of two X509_LOOKUP_METHOD methods
Constify some ASN1_OBJECT *obj input parameters
Pack globals variables used to control apps/verify_callback()
Fix doc and help about ca -valid option
two typo fixes
Relocalise some globals variables
Improve error message
Simplify and add help about OPT_PVK* options
Constify char* input parameters in apps code
Small nits and cleanups
Allow to run all speed test when async_jobs active
Duplicate includes
Fix loopargs_t object duplication into ASYNC context
Closing output file from inside the loop who open it
Constify ASN1_PCTX_*
Constify some inputs buffers
Constify some input parameters.
Constify some X509_NAME, ASN1 printing code
Constify a bit X509_NAME_get_entry
Gergely Nagy (1):
Fix compilation when using MASM on x86
Jakub Zelenka (1):
Never return -1 from BN_exp
JimC (3):
Ignore windows generated manifests
Fix CIPHER_DEBUG
Documented BIO_set_accept_port()/BIO_get_accept_port()
Kazuki Yamaguchi (3):
Fix overflow check in BN_bn2dec()
Expose alloc functions for EC{PK,}PARAMETERS
Fix a memory leak in EC_GROUP_get_ecparameters()
Kurt Roeckx (4):
Fix spelling of error code
Fix off by 1 in ASN1_STRING_set()
Test the support curves in tls
Update fuzz corpora
Matt Caswell (51):
Prepare for 1.1.0-pre7-dev
Address feedback on SSLv2 ClientHello processing
Send an alert if we get a non-initial record with the wrong version
Add some SSLv2 ClientHello tests
Address feedback on SSLv2 ClientHello processing
Remove a stray unneeded line in 70-test_sslrecords.t
Ensure we unpad in constant time for read pipelining
Provide compat macros for SSL_CTX_set_ecdh_auto() and SSL_set_ecdh_auto()
Convert TS_STATUS_INFO* functions to use const getters
Convert PKCS8* functions to use const getters
Convert SSL_SESSION* functions to use const getters
Convert OCSP* functions to use const getters
Make X509_NAME_get0_der() conform to OpenSSL style
Convert X509_CRL* functions to use const getters
Convert X509_REVOKED* functions to use const getters
Add a (D)TLS dumper BIO
Add a DTLS packet mem BIO
Split create_ssl_connection()
Add a DTLS unprocesed records test
Fix DTLS unprocessed records bug
Add DTLS replay protection test
Fix DTLS replay protection
Fix some clang warnings
Update function error code
Convert PKCS12* functions to use const getters
Fix enable-zlib
Fix DTLS buffered message DoS attack
Prevent DTLS Finished message injection
Choose a ciphersuite for testing that won't be affected by "no-*" options
Fix no-des
Fix leak on error in tls_construct_cke_gost
Ensure CT_POLICY_EVAL_CTX_free behaves properly with a NULL arg
Ensure the mime_hdr_free function can handle NULLs
Fix mem leak on error path
Fix mem leak on error path
Fix mem leak on error path
Check for malloc error in bn_x931p.c
Check for error return from ASN1_object_size
Sanity check an ASN1_object_size result
Remove some dead code
Add some sanity checks when checking CRL scores
Fix bio_enc_test
Fix no-sock
Fix some resource leaks in the apps
Remove useless assignment
Remove some dead code from rec_layer_s3.c
Fix no-ec2m
Clarify the error messages in 08f6ae5b28
Fix an uninitialised read on an error path
Fix uninit read in sslapitest
Prepare for 1.1.0 release
Remi Gacogne (1):
Add missing session id and tlsext_status accessors
Rich Salz (17):
Remove "lockit" from internal error-hash function
Remove get_hash completely
Fix output text to avoid gratuitious git diff
Make update, etc.
GH1383: Add casts to ERR_PACK
Add some const casts
Add #defines for magic numbers in API.
Change callers to use the new constants.
Check for bad filename in evp_test
GH1446: Add SSL_SESSION_get0_cipher
Fix some doc nits.
RT3940: For now, just document the issue.
Add BIO_get_new_index()
Move BIO index lock creation
RT2676: Reject RSA eponent if even or 1
To avoid SWEET32 attack, move 3DES to weak
Put DES into "not default" category.
Richard Levitte (36):
Travis: When testing installation, build in separate dir, otherwise in checkout
VSI submisson: make better use of item lists in o_time.c
VSI submission: make the VMS version of RAND_poll() faster and more secure
Have 'openssl engine' exit with non-zero when some engine fails to load
VMS: have the IVP verify that a well known engine loads properly
When tr gets bracketed arguments, they need to be quoted
VMS: Fix building of bad_dtls_test
openssl-format-source: no dash marker on *INDENT-(ON|OFF)* comments
indent: add a couple of types we use in apps
Move the building of test/buildtest_*. to be done unconditionally
Travis: add a build with no-stdio
util/mkdef.pl: mark certain PEM function declarations with STDIO
make update
Remove OPENSSL_NO_STDIO guards around certain SSL cert/key functions
The capi engine uses stdio, so don't build it when configuring 'no-stdio'
openssl-format-source: A few more (DECLARE|IMPLEMENT) variants to care for
Add a note about a perl issue on VMS and how to work around it
Skip the SRP tests in 80-test_ssl_old.t if no TLS versions is enabled
Make "make" less verbose in Travis, except for the build only case
Add a "config" for verbosity and use it with Travis
Remove duplicate ordinals
VMS: no ENDIF on one line IF statements, in config.com
dasync is an internal testing engine, so don't install it
Don't try to init dasync internally
Simplify indentation of DECLARE_ and IMPLEMENT_ lines
MEMPACKET is typedef'd in ssltestlib.h, don't do so again in ssltestlib.c
VMS: Use strict refdef extern model when building library object files
ssltestlib: Tell compiler we don't care about the value when we don't
Make 'openssl req -x509' more equivalent to 'openssl req -new'
Avoid more compiler warnings for use of uninitialised variables
Configure: Properly cache the configured compiler command
Trust RSA_check_key() to return correct values
Check for __GNUC__ to use GNU C atomic buildins
CRYPTO_atomic_add(): use acquire release memory order rather than relaxed
CRYPTO_atomic_add(): check that the object is lock free
NEWS: add a number of the types that were made opaque
Rob Percival (35):
Removes CTLOG_new_null from the CT public API
Mkae CT_log_new_from_base64 always return 0 on failure
Improves CTLOG_STORE setters
Make CT_POLICY_EVAL_CTX_set1_{cert,issuer} into boolean functions
Replaces CT_POLICY_EVAL_CTX_set0 entries with new setters in libcrypto.num
Internalizes SCT_verify and removes SCT_verify_v1
Prevent double-free of CTLOG public key
Removes {i2o,o2i}_SCT_signature from the CT public API
Document that o2i_SCT_signature can leave the SCT in an inconsistent state
SCT_set_source resets validation_status
First draft of CT documentation
Fix comment about return value of ct_extract_tls_extension_scts
Add SSL_get0_peer_scts to ssl.pod
Fix comment about what SCT_LIST_validate does.
Add comment about calling CT_POLICY_EVAL_CTX_free
Remove unnecessary bold tags in CT pods
Add enum definitions to CT pods
Adds missing function names to NAME section of PODs
Adds newline after =cut in PODs
Adds copyright section to ct.pod
Renames CT_POLICY_EVAL_CTX.pod to CT_POLICY_EVAL_CTX_new.pod
Fixes final issue in CT PODs highlighted by util/find-doc-nits.pl
Adds history section to CT PODs
Refer to OPENSSLDIR rather than "the OpenSSL install directory"
Clarifies the format of a log's public key in the CONF file
Document that SCT_set_source returns 0 on failure.
Removes d2i_SCT_LIST.pod
Document the i2o and o2i SCT functions
Documents the CTLOG functions
Removes {o2i,i2o}_SCT_signature from PODs
Documents the SCT validation functions
Removes the SCT_verify* POD
Correct documentation about SCT setters resetting validation status
Updates the CT_POLICY_EVAL_CTX POD
Typo fixes
Tomas Mraz (4):
Fix irregularities in GENERAL_NAME_print().
Fix af_alg engine failure on 32 bit architectures.
Add a comment for the added cast with explanation.
Avoid truncating the pointer on x32 platform.
Viktor Dukhovni (3):
Fix missing dane_tlsa_rrdata option error message
Add -dane_ee_no_namechecks s_client(1) option
Un-delete still documented X509_STORE_CTX_set_verify
jamercee (2):
Adapt BIO_new_accept() to call BIO_set_accept_name()
Fixed typo
klemens (2):
spelling fixes, just comments and readme.
fixing too optimistic typo-fix
-----------------------------------------------------------------------
More information about the openssl-commits
mailing list