[openssl-commits] [openssl] OpenSSL_1_1_0d create

Thu Jan 26 13:48:30 UTC 2017

The annotated tag OpenSSL_1_1_0d has been created
        at  518c111dd059d4eefbbc4f9cbc4ea669c0063447 (tag)
   tagging  8a4d96ac8227f39043735faa9e9a30e22818f5e8 (commit)
  replaces  OpenSSL_1_1_0c
 tagged by  Matt Caswell
        on  Thu Jan 26 13:10:20 2017 +0000

- Log -----------------------------------------------------------------
OpenSSL 1.1.0d release tag
-----BEGIN PGP SIGNATURE-----

iQEuBAABCAAYBQJYifU8ERxtYXR0QG9wZW5zc2wub3JnAAoJENnE0m0OYESRz7AH
/AhO//7koMSCCJ2Zj6eYhDlnIiuM1mMgoxUxKWMnEZpctydqcwWtBw6WZr/y/cfb
7U4cmbZeD/p7qOJkIuJm70RaApcnj6mXI1oxAygQhu2xbNbSVLyRLbRpHmk2ThF1
dGK7SrCc7muoblhuuQVOshTl6/tDETDXq+/OqdOJzcIoAJAUtS7PF8a4iewQNsht
+QGooTQIrak4zPNAVmUKN6fH9d5Ztdg56rbeoxqFKzaOmCanfUJ8WK3MimYVWdMp
HdeaA6KM5ZFO7yrWxXjNd6CQ0CbntQkqytW89eXDTYtoV1N3ba1gSdliLCql2ug2
CtV++IPoyXVOtyF80X25kLQ=
=EkVg
-----END PGP SIGNATURE-----

Andy Polyakov (11):
      PPC assembler pack: add some PPC970/G5 performance data.
      chacha/asm/chacha-x86.pl: improve [backward] portability.
      Configurations/10-main.conf: document GCC for Solaris config constraint.
      test/evptests.txt: add regression test for false carry in ctr128.c.
      modes/ctr128.c: fix false carry in counter increment procedure.
      INSTALL: clarify 386 and no-sse2 options.
      perlasm/x86_64-xlate.pl: refine sign extension in ea package.
      Replace div-spoiler hack with simpler code, GH#1027,2253.
      crypto/evp: harden RC4_MD5 cipher.
      crypto/evp: harden AEAD ciphers.
      bn/asm/x86_64-mont5.pl: fix carry bug in bn_sqr8x_internal.

Azat Khuzhin (1):
      Remove ENGINE_load_dasync() (no OPENSSL_INIT_ENGINE_DASYNC already)

Beat Bolli (1):
      Use consistent variable names

Benjamin Kaduk (2):
      Restore the ERR_FATAL_ERROR() macro
      Do not overallocate for tmp.ciphers_raw

Bernd Edlinger (5):
      Fix a memory leak in RSA_padding_add_PKCS1_OAEP_mgf1
      Check the exit code from the server process
      fix a memory leak in ssl3_generate_key_block fix the error handling in ssl3_change_cipher_state
      Fix a ssl session leak due to OOM in lh_SSL_SESSION_insert
      Fix error handling in compute_key, BN_CTX_get can return NULL

DK (1):
      Fixed deadlock in CRYPTO_THREAD_run_once for Windows

Davide Galassi (1):
      Avoid the call to OPENSSL_malloc with a negative value (then casted to unsigned)

Dmitry Belyavskiy (1):
      Typo fixed

Dr. Stephen Henson (15):
      Add conversion test for MSBLOB format.
      Make MSBLOB format work with dsa utility.
      Fix MSBLOB format with RSA.
      Support MSBLOB format if RC4 is disabled
      add CMS SHA1 signing test
      Fix ctrl operation for SHA1/MD5SHA1.
      Add RSA PSS tests
      Check input length to pkey_rsa_verify()
      Additional error tests in evp_test.c
      Add function and reason checking to evp_test
      Add RSA decrypt and OAEP tests.
      evptests.txt is not a shell script
      Remove BIO_seek/BIO_tell from evp_test.c
      Add server temp key type checks
      Add new ssl_test option.

EasySec (3):
      Replace the 'SSL' broken link with SSL_CTX_set_security_level which seems not being referenced from elsewhere
      Update s_client and s_server documentation about some missing arguments
      Fix list -disabled for blake2 alg

FdaSilvaYY (5):
      Missing free item on push failure
      Raise an error on memory alloc failure.
      Clean one unused variable, plus an useless one.
      Clean dead macros and defines
      Fix use before assignment

Finn Hakansson (1):
      Fix typo.

Kazuki Yamaguchi (1):
      Add missing flags for EVP_chacha20()

Kurt Roeckx (11):
      Cast to an unsigned type before negating
      Make async_read and async_write return -1 on failure.
      Make SSL_read and SSL_write return the old behaviour and document it.
      Add missing -zdelete for some linux arches
      Only call memcpy when the length is larger than 0.
      Don't call memcpy with NULL as source
      Print the X509 version signed, and convert to unsigned for the hex version.
      Fix undefined behaviour when printing the X509 serial
      Fix VC warnings about unary minus to an unsigned type.
      Fix undefined behaviour when printing the X509 and CRL version
      Add missing braces.

Markus Triska (4):
      Fix reference to SSL_set_max_proto_version.
      replace "will lookup up" by "will look up"
      Correct reference to SSL_get_peer_cert_chain().
      correct 3 mistakes

Matt Caswell (26):
      Prepare for 1.1.0d-dev
      Revert "Fixed deadlock in CRYPTO_THREAD_run_once for Windows"
      Remove a hack from ssl_test_old
      Fix missing NULL checks in CKE processing
      Fix a missing function prototype in AFALG engine
      Ensure we are in accept state in DTLSv1_listen
      Fix a leak in SSL_clear()
      Fix the SSL_set1_sigalgs() macro
      Provide some tests for the sig algs API
      Mark a HelloRequest record as read if we ignore it
      Fix a bug in TLSProxy where zero length messages were not being recorded
      Support renegotiation in TLSProxy
      Add a test to check messsages sent are the ones we expect
      Fix SSL_VERIFY_CLIENT_ONCE
      Stop client from sending Certificate message when not requested
      Stop server from expecting Certificate message when not requested
      Extend the test_ssl_new renegotiation tests to include client auth
      Fix SSL_get0_raw_cipherlist()
      Don't use magic numbers in aes_ocb_cipher()
      Properly handle a partial block in OCB mode
      Update evp_test to make sure passing partial block to "Update" is ok
      Fix the overlapping check for fragmented "Update" operations
      Adjust in and in_len instead of donelen
      Remove assert from is_partially_overlapping()
      Update CHANGES and NEWS for new release
      Prepare for 1.1.0d release

Matthias Kraft (1):
      Solution proposal for issue #1647.

Paul Hovey (2):
      fix undoes errors introduced by https://github.com/openssl/openssl/commit/fc6076ca272f74eb1364c29e6974ad5da5ef9777?diff=split#diff-1014acebaa2c13d44ca196b9a433ef2eR184
      updated macro spacing for styling purposes

Rich Salz (12):
      Cherry-pick doc updates from PR 1554
      Check return value of some BN functions.
      Fix various doc nits.
      Add X509_VERIFY_PARAM inheritance flag set/get
      CRL critical extension bugfix
      Doc nits: callback function typedefs
      Rename "verify_cb" to SSL_verify_cb
      Fix typo in Blake2 function names
      GH2176: Add X509_VERIFY_PARAM_get_time
      Make X509_Digest,others public
      If client doesn't send curves list, don't assume all.
      Skip ECDH tests for SSLv3

Richard Levitte (29):
      Small fixup of util/process_docs.pl
      Fix the effect of no-dso in crypto/init.c
      Stop init loops
      Add a warning stipulating how things should be coded in ossl_init_base
      Only build the body of e_padlock when there are lower level routines
      Add a modern linux-x86 config target
      On x86 machines where the compiler supports -m32, use 'linux-x86'
      Clarify what X509_NAME_online does with the given buffer and size
      UI_process() didn't generate errors
      Add a test for the UI API
      Make sure that password_callback exercises UI
      In UI_OpenSSL's open(), generate an error on unknown errno
      UI_OpenSSL()'s session opener fails on MacOS X
      UI code style cleanup
      Remove extra bang
      VMS UI_OpenSSL: if the TT device isn't a tty, flag instead of error
      VMS UI_OpenSSL: generate OpenSSL errors when things go wrong.
      HP-UX doesn't have hstrerror(), so make our own for that platform
      evp_test: when function and reason strings aren't available, just skip
      e_afalg: Don't warn about kernel version when pedantic
      test/ssl_test: give up if both client and server wait on read
      M_check_autoarg: sanity check the key
      Reformat M_check_autoarg to match our coding style
      Fix no-ocsp
      Clarify what RUN_ONCE returns
      Fix DSA parameter generation control error
      s_client: Better response success check for CONNECT
      Better check of DH parameters in TLS data
      Document DH_check_params()

Rob Percival (15):
      Check that SCT timestamps are not in the future
      Remove obsolete error constant CT_F_CTLOG_NEW_NULL
      Reword documentation for {SCT_CTX/CT_POLICY_EVAL_CTX}_set_time
      Default CT_POLICY_EVAL_CTX.epoch_time_in_ms to time()
      Don't check for time() failing in CT_POLICY_EVAL_CTX_new
      By default, allow SCT timestamps to be up to 5 minutes in the future
      Cast time_t to uint64_t before converting to milliseconds in ct_policy.c
      Convert C++ comments to C-style comments
      Add test for CT_POLICY_EVAL_CTX default time
      Construct SCT from base64 in ct_test
      Subtract padding from outlen in ct_base64_decode
      Pass a temporary pointer to o2i_SCT_signature from SCT_new_from_base64
      Use valid signature in test_decode_tls_sct()
      Make sure things get deleted when test setup fails in ct_test.c
      Move SCT_LIST_free definition into a more logical place

Sebastian Andrzej Siewior (1):
      dsa/dsa_gen: add error message for seed_len < 0

Todd Short (3):
      Skipping tests in evp_test leaks memory
      Fix EVP_MD_meth_get_flags
      Cleanup EVP_CIPH/EP_CTRL duplicate defines

Viktor Dukhovni (1):
      Restore last-resort expired untrusted intermediate issuers

enkore (1):
      EVP docs: chacha20, chacha20-poly1305

ganesh (3):
      Fixed the return code of RAND_query_egd_bytes when connect fails.
      Fixed the return code for RAND_egd_bytes.
      RAND_egd_bytes: No need to check RAND_status on connection error.

xemdetia (1):
      Fix man3 reference to CRYPTO_secure_used

-----------------------------------------------------------------------