[openssl-commits] [openssl] OpenSSL_1_1_0f create

Matt Caswell matt at openssl.org
Thu May 25 13:11:47 UTC 2017

The annotated tag OpenSSL_1_1_0f has been created
        at  0db96ec48099127b33f7cc7a7e93a54cbddacbef (tag)
   tagging  577d7010c6ffa98e8dc61d8826693db9d8f57bd5 (commit)
  replaces  OpenSSL_1_1_0e
 tagged by  Matt Caswell
        on  Thu May 25 13:46:16 2017 +0100

- Log -----------------------------------------------------------------
OpenSSL 1.1.0f release tag


Adrian Vollmer (1):
      Adjust the default value of the private key size

Alex Gaynor (2):
      Annotate ASN.1 attributes of the jurisdictionCountryName NID
      [1.1.0 backport] set entry type on SCTs from X.509 and OCSP extensions

Andy Polyakov (33):
      .travis.yml: remove osx from build matrix.
      .travis.yml: make package pulls conditional.
      .travis.yml: limit mingw tests' resource consumption.
      bio/b_addr.c: omit private hstrerror.
      Configurations/10-main.conf: omit redundant -lresolv from Solaris configs.
      crypto/x86_64cpuid.pl: move extended feature detection upwards.
      crypto/x86*cpuid.pl: move extended feature detection.
      poly1305/asm/poly1305-armv8.pl: ilp32-specific poly1305_init fix.
      NOTES.WIN: mention Strawberry Perl as option.
      aes/asm/aesni-sha*-x86_64.pl: fix IV handling in SHAEXT paths.
      modes/ocb128.c: fix misaligned access in ILP32 builds on 64-bit processors.
      bn/asm/sparcv9-mont.pl: fix squaring code path.
      aes/asm/bsaes-armv7.pl: relax stack alignment requirement.
      engines/e_capi.c: formatting and styling fixes.
      engine/e_capi.c: more formatting and styling fixes.
      engines/e_capi.c: adhere to CryptAcquireContextW unconditionally.
      engines/e_capi.c: slip in PROV_RSA_AES for interchangable CSP only.
      e_afalg.[ch]: fix --strict-warnings with gcc 4.x and 32-bit build.
      Configure: use 5.10.0, don't require...
      crypto/ppccap.c: SIGILL-free processor capabilities detection on MacOS X.
      Configurations/README: reword bn_ops description.
      bio/b_print.c: drop dependency on BN config.
      e_os.h: omit PRIu64.
      asn1/x_long.c: remove conditions in inner loops and dependency on BN.
      rand/rand_lib.c: keep fixing no-engine configuration.
      asn1/a_int.c: remove code duplicate and optimize branches,
      asn1/a_int.c: simplify asn1_put_uint64.
      asn1/a_int.c: don't write result if returning error.
      asn1/a_int.c: clean up asn1_get_int64.
      asn1/a_int.c: fix "next negative minimum" corner case in c2i_ibuf.
      perlasm/x86_64-xlate.pl: work around problem with hex constants in masm.
      sha/sha512.c: fix formatting.
      test/run_tests.pl: don't mask test failures.

Benjamin Kaduk (7):
      Use _WIN32 over WIN32 for preprocessor conditional
      Add test corpus for PEM reading
      Add AGL's "beer mug" PEM file as another test input
      Don't free in cleanup routine
      Fix some -Wshadow warnings
      Fix a -Wsign-compare warning
      Allow an ALPN callback to pretend to not exist

Bernard Spil (1):
      openssl enc: Don't unbuffer stdin

Bernd Edlinger (14):
      Fix a slightly confusing if condition in a2i_ASN1_INTEGER.
      Fix a few memleaks in TXT_DB.
      Fix some more memory leaks with TXT_DB_insert.
      Fix i2d_SSL_SESSION pp output parameter should point to end of asn1 data.
      Add some more consistency checks in tls_decrypt_ticket.
      Check that async_jobs is not negative and not too high.
      Reset executable bits on files where not needed.
      Avoid questionable use of the value of a pointer that refers to space     deallocated by a call to the free function in tls_decrypt_ticket.
      Fix a crash or unbounded allocation in RSA_padding_add_PKCS1_PSS_mgf1     and RSA_verify_PKCS1_PSS_mgf1 with 512-bit RSA vs. sha-512.
      Added a test case for RSA_padding_add_PKCS1_PSS_mgf1.
      Fixed a crash in print_notice.
      Fix the error handling in CRYPTO_dup_ex_data.     Fix a strict aliasing issue in ui_dup_method_data.     Add test coverage for CRYPTO_dup_ex_data, use OPENSSL_assert.
      Don't access memory before checking the correct length in aesni_cbc_hmac_sha256_ctrl in case EVP_CTRL_AEAD_TLS1_AAD.
      Remove unnecessary loop in pkey_rsa_decrypt.

Camille Guérin (1):
      Fixed typo in X509_STORE_CTX_new description

David Benjamin (2):
      Remove duplicate X509_OBJECT free function.
      Numbers greater than 1 are usually non-negative.

David Woodhouse (1):
      Document that PKCS#12 functions assume UTF-8 for passwords

Diego Santa Cruz (2):
      Fix endless loop on srp app when listing users
      Fix srp app missing NULL termination with password callback

Dmitry Belyavskiy (1):
      Fix memory leak in pkcs12 -export

Dr. Stephen Henson (1):
      Add and use function test_pem to work out test filenames.

Emilia Kasper (1):
      asynctest: don't depend on apps

FdaSilvaYY (6):
      Simplify code around next_proto.len by changing 'len' data type.
      Spelling fixes
      Fix a few more typos
      Refomat a few comments on 80 cols
      Fix 0 -> NULL, indentation
      More typo fixes

Frank Morgner (1):
      Added error checking for OBJ_create

Hannes Magnusson (1):
      Remove redundant decl of 509_STORE_set_flags

Hikar (1):
      Removed ugly size_t less than zero check.

Ian Spence (1):
      Fix function documentation

Jon Spillett (5):
      Check for zero records and return immediately
      Exit the loop on failure
      Add documentation for SSL_*_ex_data() functions
      Add documentation for SNI APIs
      Fix for #2730. Add CRLDP extension to list of supported extensions

Matt Caswell (25):
      Prepare for 1.1.0f-dev
      Fix a mem leak in ssl_test_ctx.c
      Fix test_ssl_new when compiled with no-tls1_2 or no-dtls1_2
      Provide a function to test whether we have unread records pending
      Fix some RSA documentation
      Fix out-of-memory condition in conf
      Fix no-dtls builds
      Provide documentation for missing SSL_SESSION_* functions
      Add missing macros for DHxparams
      Ensure dhparams can handle X9.42 params in DER
      Fix a possible integer overflow in long_c2i
      Reject decoding of an INT64 with a value >INT64_MAX
      Remove special case code for SCTP reneg handling
      Don't attempt to send fragments > max_send_fragment in DTLS
      Fix problem with SCTP close_notify alerts
      Fix some variable references in init_client
      Fix some error path logic in i2v_AUTHORITY_INFO_ACCESS and i2v_GENERAL_NAME
      Don't leave stale errors on queue if DSO_dsobyaddr() fails
      Remove support for OPENSSL_SSL_TRACE_CRYPTO
      Copy custom extension flags in a call to SSL_set_SSL_CTX()
      Add a test for SNI in conjunction with custom extensions
      Make SSL_is_server() accept a const SSL
      Fix ASN1_TIME_to_generalizedtime to take a const ASN1_TIME
      Update CHANGES and NEWS for new release
      Prepare for 1.1.0f release

Meena Vyas (1):
      Added a new Makefile in demos/evp directory     Fixed compilation warning in file aesgcm.c

Nicola Tuveri (7):
      ecdhtest.c: move NAMED CURVES TESTS to evptests.txt
      Remove stale code in ecdhtest.c
      ecdhtest.c: move KATs to evptests.txt
      Remove more stale code in ecdhtest.c
      ecdhtest.c: move co-factor ECDH KATs to evptests
      Remove ecdhtest.c
      Reformat evptests.txt

Patrick Steuer (1):
      Fix strict-warnings build

Paul Yang (2):
      Fix typo in ASYNC_WAIT_CTX_new.pod doc
      Fix typo in doc/man3/EVP_EncrypInit.pod

Pauli (10):
      Ensure minsize >= sizeof(SH_LIST)
      Increase the size of the stack buffer to prevent an overflow.
      Update the cipher(1) documentation to
      Increase the password buffer size to APP_PASS_LEN.
      Remove doc reference to non-existing GCM example
      Limit the output of the enc -ciphers command
      Make the output of enc -ciphers identical
      Use the callbacks from the SSL object instead of the SSL_CTX object
      Update doc for sk_TYPE_find() and sk_TYPE_find_ex()
      Remove dead code.

Péter Budai (1):
      Fixed PKCS5_PBKDF2_HMAC() to adhere to the documentation.

Qin Long (1):
      e_os2.h: Refine OSSL_SSIZE definition under UEFI environment

Rich Salz (32):
      Don't call memcpy if len is zero.
      Prevent OOB in SRP base64 code.
      Iterate over EC_GROUP's poly array in a safe way
      Add -Wundef to strict-warnings
      Update year, wording tweak
      Exdata test was never enabled.
      Remove ref to err(7), update copyright.
      Fix cherry-pick and put files in right place
      Fix an endless loop in rsa_builtin_keygen.
      Remove some duplicate manpage entries
      Get pointer type right in BIO_ssl_shutdown()
      Fix many doc L<> errors
      Handle find-doc-nits script rename
      Fix some doc nits
      Document BIO_printf family
      Look for comma before - in POD pages
      Move PRIu64 to e_os.h
      Remove duplicate doc
      Use 'over 2' for bullet lists.
      Standardize on =over 4 and check for it.
      Additional check to handle BAD SSL_write retry
      Catch EC_R_UNKNOWN_GROUP in check_unsupported()
      Document Next Protocol Negotiation APIs
      check length sanity before correcting in EVP_CTRL_AEAD_TLS1_AAD
      Remove (broken) diagnostic print
      Ensure blank lines between tests.
      Check fflush on BIO_ctrl call
      Fix URL links in comment
      Convert uses of snprintf to BIO_snprintf
      Fix pathname errors in errcode file
      Ignore MSVC warnings (via Gisle Vanem)
      -inkey can be an identifier, not just a file

Richard Levitte (63):
      Don't run MSBLOB conversion tests when RSA or DSA are disabled
      test/README: clarify test number groups
      Add a test of the X509_STORE / X509_LOOKUP API
      Fix test_x509_store
      If all versions of a proto are disabled, disabled the proto as well
      VMS fix of test/recipes/80-test_ssl_new.t
      Have the directory reader use the Unix API on VMS
      Make "openssl rehash" work on VMS 8.3 and up
      Fix typo, missing ||
      Fix typo, should be && rather than &
      Let the output from 'openssl enc -ciphers' go to stdout
      On VMS, massage the fetch file names to remove the generation number
      In apps/rehash.c, decorate the inclusion of internal/o_dir.h for VMS
      Check for the presence of _WIN32 rather than its value.
      Code cleanup: remove the VMS specific reimplementation of gmtime
      Code health: Remove unused VAX transfer vector for engines
      Code health: Remove VAX exceptions in util/mkdef.pl
      Code health: make update
      Test framework: Add the possibility to have a test specific data dir
      VMS: compensate for gmtime_r() parameter pointer size
      Add NOTES.UNIX, with a description on how to deal with runpaths
      Don't use deprecated EVP_CIPHER_CTX_cleanup() internally
      Add a platform specific configuration checker
      Add documentation on platform specific checks
      util/process_docs.pl: make it possible to add a suffix to man docs
      Unix Makefile: Have manual generation use the same perl script as Windows and VMS
      Document UI_METHOD and UI_STRING, both useful for UI_METHOD creators
      Fix UI_get0_action_string()
      UI docs: Rephrase the UI method function return value description
      Recognise mingw64 in config script
      Document in CHANGES that config now recognises 64-bit mingw
      Better way to recognise mingw64 in config script
      VMS: throw away [.util]shareable_image_wrap.c.in and add replacement scripts
      Rather use -out parameter than redirect stdout
      Fix docs for X509_CRL_get0_by_serial() and X509_CRL_get0_by_cert()
      Fix decoding of ASN.1 LONG and ZLONG items
      Rework how protocol specific ciphers in 80-test_ssl_old.t are picked out
      Fix test/recipes/80-test_ssl_old.t
      Fix find-doc-nits: { is significant in regexps
      In err_cleanup(), cleanup the thread local storage too
      Implement internal ASN.1 types INT32, UINT32, INT64, UINT64
      make update
      Convert SSL_SESSION_ASN1 to use size specific integers
      Fix faulty check of padding in x_long.c
      In rand_cleanup_int(), don't go creating a default method
      Make getting and setting the RAND default method thread safe
      Don't try to clean up RAND from ENGINE
      Fix rand_lib.c for no-engine configuration
      Fix x_int64.c
      ASN.1: extend the possibilities to embed data instead of pointers
      ASN.1: change INTxx, UINTxx and Z variants to be embedable
      ASN.1: adapt SSL_SESSION_ASN1 by explicitely embedding INTxx et al
      Port Ben's parallell Makefile hack to Windows
      Port Ben's parallell Makefile hack to VMS
      Typo fix in Configurations/descrip.mms.tmpl
      TLSProxy: When in debug mode, show the exact subprocess commands
      Prefer TAP::Harness over Test::Harness
      Cleanup - use e_os2.h rather than stdint.h
      Clean away needless VMS check
      INSTALL: clarify a bit more how Configure treats "unknown" options
      INSTALL: Remind people to read more if they added configuration options
      Remove notification settings from appveyor.yml
      Clarify what character encoding is used in the returned UI strings

Rob Percival (2):
      Add SSL tests for certificates with embedded SCTs
      CT_POLICY_EVAL_CTX_set_time expects milliseconds, but given seconds

Roberto Guimaraes (1):
      prevent undefined behavior when src and dst are equal

Sebastian Andrzej Siewior (1):
      Don't mention TLS 1.3 in the man page

Steven Collison (2):
      doc: Add missing options in s_{server,client}
      doc: Add stitched ciphers to EVP_EncryptInit.pod

Thiago Arrais (1):
      update docs because depth refers only to intermediate certs

Todd Short (5):
      Fix potential memory leak in ASN1_TIME_to_generalizedtime()
      Remove ECDH(E) ciphers from SSLv3
      Fix time offset calculation.
      Clean up SSL_OP_* a bit
      Fix infinite loops in secure memory allocation.

Tomas Mraz (1):
      Fix regression in openssl req -x509 behaviour.

Zack Williams (1):
      "any" instead of "and"

lrns (1):
      Change req_check_len error message


More information about the openssl-commits mailing list