[openssl-commits] [openssl] OpenSSL_1_1_0f create
Matt Caswell
matt at openssl.org
Thu May 25 13:11:47 UTC 2017
The annotated tag OpenSSL_1_1_0f has been created
at 0db96ec48099127b33f7cc7a7e93a54cbddacbef (tag)
tagging 577d7010c6ffa98e8dc61d8826693db9d8f57bd5 (commit)
replaces OpenSSL_1_1_0e
tagged by Matt Caswell
on Thu May 25 13:46:16 2017 +0100
- Log -----------------------------------------------------------------
OpenSSL 1.1.0f release tag
-----BEGIN PGP SIGNATURE-----
iQEuBAABCAAYBQJZJtIYERxtYXR0QG9wZW5zc2wub3JnAAoJENnE0m0OYESRWgsI
AIkbU+Yd87SAZQ61Px3tCZJBt+9Ff/E2Pe4q1yYVEzmjyVwXkAuWR3hquh7Sksef
JhnJ/U3MBIt4HeHnNefvwsPtOyC16kCR0UolWHSZ7oAbIrSiXQP7WaOL8AzbEHSK
wbm2ugPM/R3vEfBAi+lyKC3d7SkyBDXd55W9HaGOoamGD7ikfNaYlVv54bL6z8Eu
hImUPkRPEaT6n88+thDpuCIPuh0UduDn926gOOAbpB+0v6X8IoRmNBt6ndZs3JQX
UykkZ2jW58HlYvq2f1SMbQH3f0yP58HK6IZCI5q3LpaIznrwHcoXeYWZCioISRhc
2AtMH8jJI+h3Xkd8f8UxwD8=
=Pt0o
-----END PGP SIGNATURE-----
Adrian Vollmer (1):
Adjust the default value of the private key size
Alex Gaynor (2):
Annotate ASN.1 attributes of the jurisdictionCountryName NID
[1.1.0 backport] set entry type on SCTs from X.509 and OCSP extensions
Andy Polyakov (33):
.travis.yml: remove osx from build matrix.
.travis.yml: make package pulls conditional.
.travis.yml: limit mingw tests' resource consumption.
bio/b_addr.c: omit private hstrerror.
Configurations/10-main.conf: omit redundant -lresolv from Solaris configs.
crypto/x86_64cpuid.pl: move extended feature detection upwards.
crypto/x86*cpuid.pl: move extended feature detection.
poly1305/asm/poly1305-armv8.pl: ilp32-specific poly1305_init fix.
NOTES.WIN: mention Strawberry Perl as option.
aes/asm/aesni-sha*-x86_64.pl: fix IV handling in SHAEXT paths.
modes/ocb128.c: fix misaligned access in ILP32 builds on 64-bit processors.
bn/asm/sparcv9-mont.pl: fix squaring code path.
aes/asm/bsaes-armv7.pl: relax stack alignment requirement.
engines/e_capi.c: formatting and styling fixes.
engine/e_capi.c: more formatting and styling fixes.
engines/e_capi.c: adhere to CryptAcquireContextW unconditionally.
engines/e_capi.c: slip in PROV_RSA_AES for interchangable CSP only.
e_afalg.[ch]: fix --strict-warnings with gcc 4.x and 32-bit build.
Configure: use 5.10.0, don't require...
crypto/ppccap.c: SIGILL-free processor capabilities detection on MacOS X.
Configurations/README: reword bn_ops description.
bio/b_print.c: drop dependency on BN config.
e_os.h: omit PRIu64.
asn1/x_long.c: remove conditions in inner loops and dependency on BN.
rand/rand_lib.c: keep fixing no-engine configuration.
asn1/a_int.c: remove code duplicate and optimize branches,
asn1/a_int.c: simplify asn1_put_uint64.
asn1/a_int.c: don't write result if returning error.
asn1/a_int.c: clean up asn1_get_int64.
asn1/a_int.c: fix "next negative minimum" corner case in c2i_ibuf.
perlasm/x86_64-xlate.pl: work around problem with hex constants in masm.
sha/sha512.c: fix formatting.
test/run_tests.pl: don't mask test failures.
Benjamin Kaduk (7):
Use _WIN32 over WIN32 for preprocessor conditional
Add test corpus for PEM reading
Add AGL's "beer mug" PEM file as another test input
Don't free in cleanup routine
Fix some -Wshadow warnings
Fix a -Wsign-compare warning
Allow an ALPN callback to pretend to not exist
Bernard Spil (1):
openssl enc: Don't unbuffer stdin
Bernd Edlinger (14):
Fix a slightly confusing if condition in a2i_ASN1_INTEGER.
Fix a few memleaks in TXT_DB.
Fix some more memory leaks with TXT_DB_insert.
Fix i2d_SSL_SESSION pp output parameter should point to end of asn1 data.
Add some more consistency checks in tls_decrypt_ticket.
Check that async_jobs is not negative and not too high.
Reset executable bits on files where not needed.
Avoid questionable use of the value of a pointer that refers to space deallocated by a call to the free function in tls_decrypt_ticket.
Fix a crash or unbounded allocation in RSA_padding_add_PKCS1_PSS_mgf1 and RSA_verify_PKCS1_PSS_mgf1 with 512-bit RSA vs. sha-512.
Added a test case for RSA_padding_add_PKCS1_PSS_mgf1.
Fixed a crash in print_notice.
Fix the error handling in CRYPTO_dup_ex_data. Fix a strict aliasing issue in ui_dup_method_data. Add test coverage for CRYPTO_dup_ex_data, use OPENSSL_assert.
Don't access memory before checking the correct length in aesni_cbc_hmac_sha256_ctrl in case EVP_CTRL_AEAD_TLS1_AAD.
Remove unnecessary loop in pkey_rsa_decrypt.
Camille Guérin (1):
Fixed typo in X509_STORE_CTX_new description
David Benjamin (2):
Remove duplicate X509_OBJECT free function.
Numbers greater than 1 are usually non-negative.
David Woodhouse (1):
Document that PKCS#12 functions assume UTF-8 for passwords
Diego Santa Cruz (2):
Fix endless loop on srp app when listing users
Fix srp app missing NULL termination with password callback
Dmitry Belyavskiy (1):
Fix memory leak in pkcs12 -export
Dr. Stephen Henson (1):
Add and use function test_pem to work out test filenames.
Emilia Kasper (1):
asynctest: don't depend on apps
FdaSilvaYY (6):
Simplify code around next_proto.len by changing 'len' data type.
Spelling fixes
Fix a few more typos
Refomat a few comments on 80 cols
Fix 0 -> NULL, indentation
More typo fixes
Frank Morgner (1):
Added error checking for OBJ_create
Hannes Magnusson (1):
Remove redundant decl of 509_STORE_set_flags
Hikar (1):
Removed ugly size_t less than zero check.
Ian Spence (1):
Fix function documentation
Jon Spillett (5):
Check for zero records and return immediately
Exit the loop on failure
Add documentation for SSL_*_ex_data() functions
Add documentation for SNI APIs
Fix for #2730. Add CRLDP extension to list of supported extensions
Matt Caswell (25):
Prepare for 1.1.0f-dev
Fix a mem leak in ssl_test_ctx.c
Fix test_ssl_new when compiled with no-tls1_2 or no-dtls1_2
Provide a function to test whether we have unread records pending
Fix some RSA documentation
Fix out-of-memory condition in conf
Fix no-dtls builds
Provide documentation for missing SSL_SESSION_* functions
Add missing macros for DHxparams
Ensure dhparams can handle X9.42 params in DER
Fix a possible integer overflow in long_c2i
Reject decoding of an INT64 with a value >INT64_MAX
Remove special case code for SCTP reneg handling
Don't attempt to send fragments > max_send_fragment in DTLS
Fix problem with SCTP close_notify alerts
Fix some variable references in init_client
Fix some error path logic in i2v_AUTHORITY_INFO_ACCESS and i2v_GENERAL_NAME
Don't leave stale errors on queue if DSO_dsobyaddr() fails
Remove support for OPENSSL_SSL_TRACE_CRYPTO
Copy custom extension flags in a call to SSL_set_SSL_CTX()
Add a test for SNI in conjunction with custom extensions
Make SSL_is_server() accept a const SSL
Fix ASN1_TIME_to_generalizedtime to take a const ASN1_TIME
Update CHANGES and NEWS for new release
Prepare for 1.1.0f release
Meena Vyas (1):
Added a new Makefile in demos/evp directory Fixed compilation warning in file aesgcm.c
Nicola Tuveri (7):
ecdhtest.c: move NAMED CURVES TESTS to evptests.txt
Remove stale code in ecdhtest.c
ecdhtest.c: move KATs to evptests.txt
Remove more stale code in ecdhtest.c
ecdhtest.c: move co-factor ECDH KATs to evptests
Remove ecdhtest.c
Reformat evptests.txt
Patrick Steuer (1):
Fix strict-warnings build
Paul Yang (2):
Fix typo in ASYNC_WAIT_CTX_new.pod doc
Fix typo in doc/man3/EVP_EncrypInit.pod
Pauli (10):
Ensure minsize >= sizeof(SH_LIST)
Increase the size of the stack buffer to prevent an overflow.
Update the cipher(1) documentation to
Increase the password buffer size to APP_PASS_LEN.
Remove doc reference to non-existing GCM example
Limit the output of the enc -ciphers command
Make the output of enc -ciphers identical
Use the callbacks from the SSL object instead of the SSL_CTX object
Update doc for sk_TYPE_find() and sk_TYPE_find_ex()
Remove dead code.
Péter Budai (1):
Fixed PKCS5_PBKDF2_HMAC() to adhere to the documentation.
Qin Long (1):
e_os2.h: Refine OSSL_SSIZE definition under UEFI environment
Rich Salz (32):
Don't call memcpy if len is zero.
Prevent OOB in SRP base64 code.
Iterate over EC_GROUP's poly array in a safe way
Add -Wundef to strict-warnings
Update year, wording tweak
Exdata test was never enabled.
Remove ref to err(7), update copyright.
Fix cherry-pick and put files in right place
Fix an endless loop in rsa_builtin_keygen.
Remove some duplicate manpage entries
Get pointer type right in BIO_ssl_shutdown()
Fix many doc L<> errors
Handle find-doc-nits script rename
Fix some doc nits
Document BIO_printf family
Look for comma before - in POD pages
Move PRIu64 to e_os.h
Remove duplicate doc
Use 'over 2' for bullet lists.
Standardize on =over 4 and check for it.
Additional check to handle BAD SSL_write retry
Catch EC_R_UNKNOWN_GROUP in check_unsupported()
Document Next Protocol Negotiation APIs
check length sanity before correcting in EVP_CTRL_AEAD_TLS1_AAD
Remove (broken) diagnostic print
Ensure blank lines between tests.
Check fflush on BIO_ctrl call
Fix URL links in comment
Convert uses of snprintf to BIO_snprintf
Fix pathname errors in errcode file
Ignore MSVC warnings (via Gisle Vanem)
-inkey can be an identifier, not just a file
Richard Levitte (63):
Don't run MSBLOB conversion tests when RSA or DSA are disabled
test/README: clarify test number groups
Add a test of the X509_STORE / X509_LOOKUP API
Fix test_x509_store
If all versions of a proto are disabled, disabled the proto as well
VMS fix of test/recipes/80-test_ssl_new.t
Have the directory reader use the Unix API on VMS
Make "openssl rehash" work on VMS 8.3 and up
Fix typo, missing ||
Fix typo, should be && rather than &
Let the output from 'openssl enc -ciphers' go to stdout
On VMS, massage the fetch file names to remove the generation number
In apps/rehash.c, decorate the inclusion of internal/o_dir.h for VMS
Check for the presence of _WIN32 rather than its value.
Code cleanup: remove the VMS specific reimplementation of gmtime
Code health: Remove unused VAX transfer vector for engines
Code health: Remove VAX exceptions in util/mkdef.pl
Code health: make update
Test framework: Add the possibility to have a test specific data dir
VMS: compensate for gmtime_r() parameter pointer size
Add NOTES.UNIX, with a description on how to deal with runpaths
Don't use deprecated EVP_CIPHER_CTX_cleanup() internally
Add a platform specific configuration checker
Add documentation on platform specific checks
util/process_docs.pl: make it possible to add a suffix to man docs
Unix Makefile: Have manual generation use the same perl script as Windows and VMS
Document UI_METHOD and UI_STRING, both useful for UI_METHOD creators
Fix UI_get0_action_string()
UI docs: Rephrase the UI method function return value description
Recognise mingw64 in config script
Document in CHANGES that config now recognises 64-bit mingw
Better way to recognise mingw64 in config script
VMS: throw away [.util]shareable_image_wrap.c.in and add replacement scripts
Rather use -out parameter than redirect stdout
Fix docs for X509_CRL_get0_by_serial() and X509_CRL_get0_by_cert()
Fix decoding of ASN.1 LONG and ZLONG items
Rework how protocol specific ciphers in 80-test_ssl_old.t are picked out
Fix test/recipes/80-test_ssl_old.t
Fix find-doc-nits: { is significant in regexps
In err_cleanup(), cleanup the thread local storage too
Implement internal ASN.1 types INT32, UINT32, INT64, UINT64
make update
Convert SSL_SESSION_ASN1 to use size specific integers
Fix faulty check of padding in x_long.c
In rand_cleanup_int(), don't go creating a default method
Make getting and setting the RAND default method thread safe
Don't try to clean up RAND from ENGINE
Fix rand_lib.c for no-engine configuration
Fix x_int64.c
ASN.1: extend the possibilities to embed data instead of pointers
ASN.1: change INTxx, UINTxx and Z variants to be embedable
ASN.1: adapt SSL_SESSION_ASN1 by explicitely embedding INTxx et al
Port Ben's parallell Makefile hack to Windows
Port Ben's parallell Makefile hack to VMS
Typo fix in Configurations/descrip.mms.tmpl
TLSProxy: When in debug mode, show the exact subprocess commands
Prefer TAP::Harness over Test::Harness
Cleanup - use e_os2.h rather than stdint.h
Clean away needless VMS check
INSTALL: clarify a bit more how Configure treats "unknown" options
INSTALL: Remind people to read more if they added configuration options
Remove notification settings from appveyor.yml
Clarify what character encoding is used in the returned UI strings
Rob Percival (2):
Add SSL tests for certificates with embedded SCTs
CT_POLICY_EVAL_CTX_set_time expects milliseconds, but given seconds
Roberto Guimaraes (1):
prevent undefined behavior when src and dst are equal
Sebastian Andrzej Siewior (1):
Don't mention TLS 1.3 in the man page
Steven Collison (2):
doc: Add missing options in s_{server,client}
doc: Add stitched ciphers to EVP_EncryptInit.pod
Thiago Arrais (1):
update docs because depth refers only to intermediate certs
Todd Short (5):
Fix potential memory leak in ASN1_TIME_to_generalizedtime()
Remove ECDH(E) ciphers from SSLv3
Fix time offset calculation.
Clean up SSL_OP_* a bit
Fix infinite loops in secure memory allocation.
Tomas Mraz (1):
Fix regression in openssl req -x509 behaviour.
Zack Williams (1):
"any" instead of "and"
lrns (1):
Change req_check_len error message
-----------------------------------------------------------------------
More information about the openssl-commits
mailing list