[openssl-commits] [openssl] OpenSSL_1_1_0 create

Matt Caswell matt at openssl.org
Thu Aug 25 15:42:36 UTC 2016

The annotated tag OpenSSL_1_1_0 has been created
        at  4d051092ff66736bba2676763a1b49fe8dadc39a (tag)
   tagging  abd30777cc72029e8a44e4b67201cae8ed3d19c1 (commit)
  replaces  OpenSSL_1_1_0-pre6
 tagged by  Matt Caswell
        on  Thu Aug 25 16:29:18 2016 +0100

- Log -----------------------------------------------------------------
OpenSSL 1.1.0 release tag
Version: GnuPG v1


Adam Langley (1):
      Fix test of first of 255 CBC padding bytes.

Andy Polyakov (26):
      sha/asm/sha1-x86_64.pl: fix crash in SHAEXT code on Windows.
      crypto/sparcv9cap.c: fix overstep in getisax.
      crypto/ui/ui_openssl.c: let new-line through after query in Windows path.
      crypto/sparcv9cap.c: add missing declaration.
      test/ssl_test.tmpl: make it work with elderly perl.
      Configure: recognize -static as link option and disable incompatible options.
      ARMv8 assembly pack: add Samsung Mongoose results.
      ecp_nistz256.c: get is_one on 32-bit platforms right.
      evp/bio_enc.c: refine non-overlapping logic.
      Add test/bio_enc_test.c.
      crypto/pkcs12: add UTF8 support.
      Add PKCS#12 UTF-8 interoperability test.
      crypto/pkcs12: default to UTF-8.
      crypto/pkcs12: facilitate accessing data with non-interoperable password.
      bn/asm/x86[_64]-mont*.pl: implement slightly alternative page-walking.
      80-test_pkcs12.t: skip the test on Windows with non-Greek locale.
      evp/bio_enc.c: stop using pointer arithmetic for error detection.
      ec/asm/ecp_nistz256-x86_64.pl: addition to perform stricter reduction.
      ec/asm/ecp_nistz256-*.pl: addition to perform stricter reduction.
      ec/ecp_nistz256: harmonize is_infinity with ec_GFp_simple_is_at_infinity.
      ec/ecp_nistz256: harmonize is_infinity with ec_GFp_simple_is_at_infinity.
      ec/asm/ecp_nistz256-x86_64.pl: /cmovb/cmovc/ as nasm doesn't recognize cmovb.
      Configurations/10-main.conf: fix solaris64-*-cc link problems.
      Don't switch password formats using global state.
      Windows: UTF-8 opt-in for command-line arguments and console input.
      CHANGES: mention Windows UTF-8 opt-in option.

Benjamin Kaduk (2):
      Remove some unused options from 10-main.conf
      Sort %disabled in Configure

Cristian Stoica (1):
      speed.c: use size_t instead of int to match function signatures

David Benjamin (1):
      Fix math in BN_bn2dec comment.

David Woodhouse (10):
      Fix SSL_export_keying_material() for DTLS1_BAD_VER
      Fix ossl_statem_client_max_message_size() for DTLS1_BAD_VER
      Fix DTLS_VERSION_xx() comparison macros for DTLS1_BAD_VER
      Fix cipher support for DTLS1_BAD_VER
      Make DTLS1_BAD_VER work with DTLS_client_method()
      Fix ubsan 'left shift of negative value -1' error in satsub64be()
      Add basic test for Cisco DTLS1_BAD_VER and record replay handling
      Fix clienthellotest to use PACKET functions
      Kill PACKET_starts() from bad_dtls_test
      Fix satsub64be() to unconditionally use 64-bit integers

Dr. Stephen Henson (53):
      Limit status message sisze in ts_get_status_check
      Free buffer in a2i_ASN1_INTEGER() on error path.
      Sanity check input length in OPENSSL_uni2asc().
      Update documentation for DSA_SIG and ECDSA_SIG.
      Use OIDs from draft-ietf-curdle-pkix-02
      Fix type of ptr field.
      X25519 public key methods
      make errors
      add to build.info
      Add X25519 methods to internal tables
      Update X25519 key format in evptests.txt
      Add point ctrls to X25519
      make update
      Add encoded points to other EC curves too.
      Modify TLS support for new X25519 API.
      Remove old EC based X25519 code.
      Print out names of other temp key algorithms.
      add documentation
      update CHANGES
      Fix no-ec
      Check for errors in BN_bn2dec()
      Check for errors in a2d_ASN1_OBJECT()
      Limit reads in do_b2i_bio()
      Add ASN1_STRING_get0_data(), deprecate ASN1_STRING_data().
      make update
      Corrupt signature earlier.
      Constify ASN1_item_unpack().
      constify X509_ALGOR_get0()
      Constify private key decode.
      Corrupt signature in place.
      Convert X509* functions to use const getters
      Constify X509_get0_signature()
      Constify X509_certificate_type()
      Constify ssl_cert_type()
      Constify X509_SIG.
      make update
      Constify i2a*
      constify i2o_ECPublicKey
      constify X509_REQ_get0_signature()
      Add X509_get0_serialNumber() and constify OCSP_cert_to_id()
      make update
      make update
      Avoid duplicated code.
      Set certificate times in one function.
      Constify certificate and CRL time routines.
      rename ordinals
      make update
      fix warning about trailing comma
      Add X509_getm_notBefore, X509_getm_notAfter
      update ordinals
      Sanity check ticket length.
      Avoid overflow in MDC2_Update()
      Support broken PKCS#12 key generation.

Dániel Bakai (1):
      Added appropriate OPENSSL_NO_STDIO to PKCS12 header

Emilia Kasper (16):
      Add a coverage target
      Add --gcov-options '\-lp' to coverage
      Reorganize SSL test structures
      Fix ALPN tests when NPN is off
      NPN and ALPN: test resumption
      SSL test ctx: fix tests
      CT: fix documentation
      SSL tests: port CT tests, add a few more
      Add TEST_check
      Gracefully free a NULL HANDSHAKE_RESULT
      Don't attempt to load the CT log list with no-ec
      SSL tests: send some application data
      Port multi-buffer tests
      Test that the peers send at most one fatal alert
      Indent ssl/
      Add more details on how to add a new SSL test

FdaSilvaYY (22):
      Constify ASN1_INTEGER_get, ASN1_ENUMERATED_get
      Constify two internal methods     - append_ia5     - old_entry_print
      Constify input buffer
      Constify inputs of two X509_LOOKUP_METHOD methods
      Constify some ASN1_OBJECT *obj input parameters
      Pack globals variables used to control apps/verify_callback()
      Fix doc and help about ca -valid option
      two typo fixes
      Relocalise some globals variables
      Improve error message
      Simplify and add help about OPT_PVK* options
      Constify char* input parameters in apps code
      Small nits and cleanups
      Allow to run all speed test when async_jobs active
      Duplicate includes
      Fix loopargs_t object duplication into ASYNC context
      Closing output file from inside the loop who open it
      Constify ASN1_PCTX_*
      Constify some inputs buffers
      Constify some input parameters.
      Constify some X509_NAME, ASN1 printing code
      Constify a bit X509_NAME_get_entry

Gergely Nagy (1):
      Fix compilation when using MASM on x86

Jakub Zelenka (1):
      Never return -1 from BN_exp

JimC (3):
      Ignore windows generated manifests
      Documented BIO_set_accept_port()/BIO_get_accept_port()

Kazuki Yamaguchi (3):
      Fix overflow check in BN_bn2dec()
      Expose alloc functions for EC{PK,}PARAMETERS
      Fix a memory leak in EC_GROUP_get_ecparameters()

Kurt Roeckx (4):
      Fix spelling of error code
      Fix off by 1 in ASN1_STRING_set()
      Test the support curves in tls
      Update fuzz corpora

Matt Caswell (51):
      Prepare for 1.1.0-pre7-dev
      Address feedback on SSLv2 ClientHello processing
      Send an alert if we get a non-initial record with the wrong version
      Add some SSLv2 ClientHello tests
      Address feedback on SSLv2 ClientHello processing
      Remove a stray unneeded line in 70-test_sslrecords.t
      Ensure we unpad in constant time for read pipelining
      Provide compat macros for SSL_CTX_set_ecdh_auto() and SSL_set_ecdh_auto()
      Convert TS_STATUS_INFO* functions to use const getters
      Convert PKCS8* functions to use const getters
      Convert SSL_SESSION* functions to use const getters
      Convert OCSP* functions to use const getters
      Make X509_NAME_get0_der() conform to OpenSSL style
      Convert X509_CRL* functions to use const getters
      Convert X509_REVOKED* functions to use const getters
      Add a (D)TLS dumper BIO
      Add a DTLS packet mem BIO
      Split create_ssl_connection()
      Add a DTLS unprocesed records test
      Fix DTLS unprocessed records bug
      Add DTLS replay protection test
      Fix DTLS replay protection
      Fix some clang warnings
      Update function error code
      Convert PKCS12* functions to use const getters
      Fix enable-zlib
      Fix DTLS buffered message DoS attack
      Prevent DTLS Finished message injection
      Choose a ciphersuite for testing that won't be affected by "no-*" options
      Fix no-des
      Fix leak on error in tls_construct_cke_gost
      Ensure CT_POLICY_EVAL_CTX_free behaves properly with a NULL arg
      Ensure the mime_hdr_free function can handle NULLs
      Fix mem leak on error path
      Fix mem leak on error path
      Fix mem leak on error path
      Check for malloc error in bn_x931p.c
      Check for error return from ASN1_object_size
      Sanity check an ASN1_object_size result
      Remove some dead code
      Add some sanity checks when checking CRL scores
      Fix bio_enc_test
      Fix no-sock
      Fix some resource leaks in the apps
      Remove useless assignment
      Remove some dead code from rec_layer_s3.c
      Fix no-ec2m
      Clarify the error messages in 08f6ae5b28
      Fix an uninitialised read on an error path
      Fix uninit read in sslapitest
      Prepare for 1.1.0 release

Remi Gacogne (1):
      Add missing session id and tlsext_status accessors

Rich Salz (17):
      Remove "lockit" from internal error-hash function
      Remove get_hash completely
      Fix output text to avoid gratuitious git diff
      Make update, etc.
      GH1383: Add casts to ERR_PACK
      Add some const casts
      Add #defines for magic numbers in API.
      Change callers to use the new constants.
      Check for bad filename in evp_test
      GH1446: Add SSL_SESSION_get0_cipher
      Fix some doc nits.
      RT3940: For now, just document the issue.
      Add BIO_get_new_index()
      Move BIO index lock creation
      RT2676: Reject RSA eponent if even or 1
      To avoid SWEET32 attack, move 3DES to weak
      Put DES into "not default" category.

Richard Levitte (36):
      Travis: When testing installation, build in separate dir, otherwise in checkout
      VSI submisson: make better use of item lists in o_time.c
      VSI submission: make the VMS version of RAND_poll() faster and more secure
      Have 'openssl engine' exit with non-zero when some engine fails to load
      VMS: have the IVP verify that a well known engine loads properly
      When tr gets bracketed arguments, they need to be quoted
      VMS: Fix building of bad_dtls_test
      openssl-format-source: no dash marker on *INDENT-(ON|OFF)* comments
      indent: add a couple of types we use in apps
      Move the building of test/buildtest_*. to be done unconditionally
      Travis: add a build with no-stdio
      util/mkdef.pl: mark certain PEM function declarations with STDIO
      make update
      Remove OPENSSL_NO_STDIO guards around certain SSL cert/key functions
      The capi engine uses stdio, so don't build it when configuring 'no-stdio'
      openssl-format-source: A few more (DECLARE|IMPLEMENT) variants to care for
      Add a note about a perl issue on VMS and how to work around it
      Skip the SRP tests in 80-test_ssl_old.t if no TLS versions is enabled
      Make "make" less verbose in Travis, except for the build only case
      Add a "config" for verbosity and use it with Travis
      Remove duplicate ordinals
      VMS: no ENDIF on one line IF statements, in config.com
      dasync is an internal testing engine, so don't install it
      Don't try to init dasync internally
      Simplify indentation of DECLARE_ and IMPLEMENT_ lines
      MEMPACKET is typedef'd in ssltestlib.h, don't do so again in ssltestlib.c
      VMS: Use strict refdef extern model when building library object files
      ssltestlib: Tell compiler we don't care about the value when we don't
      Make 'openssl req -x509' more equivalent to 'openssl req -new'
      Avoid more compiler warnings for use of uninitialised variables
      Configure: Properly cache the configured compiler command
      Trust RSA_check_key() to return correct values
      Check for __GNUC__ to use GNU C atomic buildins
      CRYPTO_atomic_add(): use acquire release memory order rather than relaxed
      CRYPTO_atomic_add(): check that the object is lock free
      NEWS: add a number of the types that were made opaque

Rob Percival (35):
      Removes CTLOG_new_null from the CT public API
      Mkae CT_log_new_from_base64 always return 0 on failure
      Improves CTLOG_STORE setters
      Make CT_POLICY_EVAL_CTX_set1_{cert,issuer} into boolean functions
      Replaces CT_POLICY_EVAL_CTX_set0 entries with new setters in libcrypto.num
      Internalizes SCT_verify and removes SCT_verify_v1
      Prevent double-free of CTLOG public key
      Removes {i2o,o2i}_SCT_signature from the CT public API
      Document that o2i_SCT_signature can leave the SCT in an inconsistent state
      SCT_set_source resets validation_status
      First draft of CT documentation
      Fix comment about return value of ct_extract_tls_extension_scts
      Add SSL_get0_peer_scts to ssl.pod
      Fix comment about what SCT_LIST_validate does.
      Add comment about calling CT_POLICY_EVAL_CTX_free
      Remove unnecessary bold tags in CT pods
      Add enum definitions to CT pods
      Adds missing function names to NAME section of PODs
      Adds newline after =cut in PODs
      Adds copyright section to ct.pod
      Renames CT_POLICY_EVAL_CTX.pod to CT_POLICY_EVAL_CTX_new.pod
      Fixes final issue in CT PODs highlighted by util/find-doc-nits.pl
      Adds history section to CT PODs
      Refer to OPENSSLDIR rather than "the OpenSSL install directory"
      Clarifies the format of a log's public key in the CONF file
      Document that SCT_set_source returns 0 on failure.
      Removes d2i_SCT_LIST.pod
      Document the i2o and o2i SCT functions
      Documents the CTLOG functions
      Removes {o2i,i2o}_SCT_signature from PODs
      Documents the SCT validation functions
      Removes the SCT_verify* POD
      Correct documentation about SCT setters resetting validation status
      Updates the CT_POLICY_EVAL_CTX POD
      Typo fixes

Tomas Mraz (4):
      Fix irregularities in GENERAL_NAME_print().
      Fix af_alg engine failure on 32 bit architectures.
      Add a comment for the added cast with explanation.
      Avoid truncating the pointer on x32 platform.

Viktor Dukhovni (3):
      Fix missing dane_tlsa_rrdata option error message
      Add -dane_ee_no_namechecks s_client(1) option
      Un-delete still documented X509_STORE_CTX_set_verify

jamercee (2):
      Adapt BIO_new_accept() to call BIO_set_accept_name()
      Fixed typo

klemens (2):
      spelling fixes, just comments and readme.
      fixing too optimistic typo-fix


More information about the openssl-commits mailing list