[openssl-commits] [openssl] OpenSSL_1_1_0g create
Matt Caswell
matt at openssl.org
Thu Nov 2 14:58:35 UTC 2017
The annotated tag OpenSSL_1_1_0g has been created
at 3ff855e048b924a2db5133e596da9c25e9aaee27 (tag)
tagging b2758a2292aceda93e9f44c219b94fe21bb9a650 (commit)
replaces OpenSSL_1_1_0f
tagged by Matt Caswell
on Thu Nov 2 14:29:01 2017 +0000
- Log -----------------------------------------------------------------
OpenSSL 1.1.0g release tag
-----BEGIN PGP SIGNATURE-----
iQEuBAABCAAYBQJZ+yutERxtYXR0QG9wZW5zc2wub3JnAAoJENnE0m0OYESRjdAI
AIEl/gkSCrYLru12azrdb5kKp4wAHd4CHQGIqk1rfWlxQ5RsTDK7fDsTBacrY4X7
fs/uKACKlY6WrIwETfvwRkRUY32fmLJPOqctCqaiypae3EAvRsU6CFI7tJ6Icem3
KPk2jvCwbXXYgYPnxzXrt8Q0+ZBoeVTT2EHKS2XFXsLkw1+vGwMN8MCIPaB8tzP1
2c7TplFSY8IlOGZzWGoC5fO8dhzXojqq+ch2078J9UH9+UELDHElvxm+Tq8z8e0k
3x7u6+kEcaU/+3DG+qUankrSP4lbhXRDbaHB/Xvd4ou/g5vyABsSyMzjcZ8FzVgD
dWQ87Ut3Bb8YvRmkudpC07Q=
=Wmtx
-----END PGP SIGNATURE-----
Andy Polyakov (12):
modes/ocb128.c: address undefined behaviour warning.
ec/asm/ecp_nistz256-x86_64.pl: minor sqr_montx cleanup.
evp/e_aes_cbc_hmac_sha256.c: give SHAEXT right priority.
aes/asm/aesni-sha*-x86_64.pl: add SHAEXT performance results.
x86_64 assembly pack: "optimize" for Knights Landing.
err/err.c: fix "wraparound" bug in ERR_set_error_data.
crypto/cryptlib.c: mask more capability bits upon FXSR bit flip.
Configure: base compiler-specific decisions on pre-defines.
recipes/25-test_verify.t: reformat.
crypto/x509v3/v3_utl.c: fix Coverity problems.
x509v3/v3_utl.c: avoid double-free.
bn/asm/x86_64-mont5.pl: fix carry bug in bn_sqrx8x_internal.
Balaji Marisetti (1):
Addressed build failure because of missing #ifdef AF_UNIX guard CLA: trivial
Baptiste Jonglez (2):
afalg: Use eventfd2 syscall instead of eventfd
afalg: Fix kernel version check
Ben Kaduk (1):
Skip ssl-tests/19-mac-then-encrypt.conf for no-tls1_2
Benjamin Kaduk (7):
Do not document SSL_CTX_set1_cert_store()
Remove stale note from s_server.pod
Add -Wextra to gcc devteam warnings
Address some -Wold-style-declaration warnings
Remove duplicates from clang_devteam_warnings
Error out when forcing an unsupported TLS version
Reenable s_server -dhparam option
Bernd Edlinger (22):
Fix memleak in EVP_DigestSignFinal/VerifyFinal.
Fix a memleak in ec_copy_parameters.
Fix a possible crash in the error handling.
Fix possible crash in X931 code.
Fix another possible crash in rsa_ossl_mod_exp.
Fix a possible crash in dsa_builtin_paramgen2.
Fix crash in ecdh_simple_compute_key.
Remove a pointless "#if 0" block from BN_mul.
Fix the error handling in ERR_get_state:
Fix the fall-out in 04-test_bioprint.t
Add parentheses around macro argument of OSSL_NELEM.
Fix crash in BUF_MEM_grow_clean.
Fix gcc-7 warnings about missing fall thru comments.
Fix bogus use of BIO_sock_should_retry.
Clean password buffer on stack for PEM_read_bio_PrivateKey and d2i_PKCS8PrivateKey_bio before it goes out of scope.
Implement the CRYPTO_secure_clear_free function. Use OPENSSL_secure_clear_free for secure mem BIOs and X25519 private keys.
Add some test coverage for OPENSSL_secure_clear_free
Fix an information leak in the RSA padding check code. The memory blocks contain secret data and must be cleared before returning to the system heap.
Avoid surpising password dialog in X509 file lookup.
Clear outputs in PKCS12_parse error handling.
Clear secret stack values after use in curve25519.c
Fix the return type of felem_is_zero_int which should be int. Change argument type of xxxelem_is_zero_int to const void* to avoid the need of type casts.
Christian Heimes (1):
Provide getters for min/max proto version
David Benjamin (5):
Fix the names of ChaCha20-Poly1305 cipher suites in t1_trce.c.
Fix comment typo.
Fix overflow in c2i_ASN1_BIT_STRING.
Allow DH_set0_key with only private key.
Guard against DoS in name constraints handling.
David Woodhouse (1):
Add SSL_OP_NO_ENCRYPT_THEN_MAC
David von Oheimb (1):
Fix OCSP_basic_verify() cert chain construction in case bs->certs is NULL
Diego Santa Cruz (2):
Make SRP_CTX.info ownership and lifetime be the same as SRP_CTX.login.
Use memset to clear SRP_CTX instead of NULL and zero assignments
Dr. Stephen Henson (12):
Add test for ECDH CMS key only
Support CMS decrypt without a certificate for all key types
Add alternative CMS P-256 cert
no-ec2m fixes
Correct GCM docs.
Remove dhparam from SSL_CONF list.
Don't ignore passed ENGINE.
Fix memory leak on lookup failure
Add EVP_PKEY_set1_engine() function.
make update
Document EVP_PKEY_set1_engine()
Backport key redirection test from master branch
Emeric Brun (1):
Fix async engine pause dead lock in error case.
Emilia Kasper (3):
RSA_padding_check_PKCS1_type_2 is not constant time.
Remove resolved TODO
Test mac-then-encrypt
Hubert Kario (1):
doc: note that the BN_new() initialises the BIGNUM
Jakub Jelen (1):
ECDSA_* is deprecated. EC_KEY_* is used instead
Johannes Bauer (1):
Fix const correctness of EC_KEY_METHOD_get_*
Jonathan Protzenko (1):
Fix speed command for alternation of ciphers and digests.
Ken Goldman (1):
RSA_get0_ functions permit NULL parameters
Kurt Roeckx (2):
Add missing commas in pod files
Only reset the ctx when a cipher is given
Lingmo Zhu (2):
Remove the obsolete misleading comment and code related to it.
remove horrible pragma macro and remove __owur from SSL_CTX_add_session() declaration
Matt Caswell (22):
Prepare for 1.1.0g-dev
Document that HMAC() with a NULL md is not thread safe
Fix a Proxy race condition
Wait longer for the server in TLSProxy to start
Don't fail the connection in SSLv3 if server selects ECDHE
Fix DTLS failure when used in a build which has SCTP enabled
Add documentation for the SSL_export_keying_material() function
Fix OBJ_create() to tolerate a NULL sn and ln
Fix travis clang-3.9 builds
Fix undefined behaviour in e_aes_cbc_hmac_sha256.c and e_aes_cbc_hmac_sha1.c
Remove some dead code
Add documentation for SRTP functions
Clarify the meaning of no-stdio in INSTALL
Fix description of how to report a bug in INSTALL
Allow an endpoint to read the alert data before closing the socket
Remove an incorrect comment
Ensure we test all parameters for BN_FLG_CONSTTIME
Correct value for BN_security_bits()
Don't make any changes to the lhash structure if we are going to fail
Don't use strcasecmp and strncasecmp for IA5 strings
Update CHANGES and NEWS for new release
Prepare for 1.1.0g release
Mouse (1):
Fix parameter name, for common aesthetics and to silence IDE warnings.
Nicola Tuveri (2):
evp_test.c: Add PrivPubKeyPair test
evp_test.c: Add PrivPubKeyPair negative tests
Patrick Steuer (3):
crypto/aes/asm/aes-s390x.pl: fix $softonly=1 code path.
s390x assembly pack: remove capability double-checking.
s390x assembly pack: define OPENSSL_s390xcap_P in s390xcap.c
Paul Yang (7):
Fix coding style in apps/passwd file
Fix possible usage of NULL pointers in apps/spkac.c
Remove non-accurate description in Configure script
Fix a reference nit in doc
Fix rsa -check option
Add EC key generation paragraph in doc/HOWTO/keys.txt
Fix doc-nits in doc/man3/DEFINE_STACK_OF.pod
Pauli (5):
Fix potential use-after-free and memory leak
Fix ctype arguments.
Null pointer used. Address coverity report of null pointer being dereferenced.
Address a timing side channel whereby it is possible to determine some
Address a timing side channel whereby it is possible to determine some
Pichulin Dmitrii (1):
Fix 'key' option in s_server can be in ENGINE keyform
Rainer Jung (1):
Fix use of "can_load()" in run_tests.pl.
Rich Salz (19):
Make default_method mostly compile-time
Add stricter checking in NAME section
Add text pointing to full change list.
Only release thread-local key if we created it.
Document default client -psk_identity
Add a lock around the OBJ_NAME table
Fix a read off the end of the input buffer
fix broken implementations of GOST ciphersuites
Remove needless type casting.
Add echo for end of each build phase
Tweak wording to be more clear.
Remove NO_DIRENT; it isn't used anywhere
Avoid out-of-bounds read
Add checks for alloc failing.
Fix error handling/cleanup
Fix doc for i2d/d2i private/public key
Update RAND_load_file return value.
Additional name for all commands
Add missing paren.
Richard Levitte (46):
Windows: rearrange programs cleanup
.travis.yml: Detect if 'make update' updated something
Build apps/progs.h dynamically
tsget.in: remove call of WWW::Curl::Easy::global_cleanup
util/mkdef.pl: Add UNIX as a platform
util/mkdef.pl: Make symbol version processing Linux only
When apps_startup() fails, exit with a failure code and a message
Correct documentation for UI_get0_result_string
Avoid possible memleak in X509_policy_check()
Fix small UI issues
VMS: When running a sub-MMS, make sure to give it the main MMS' qualifiers
test/recipes/90-test_shlibload.t: Make sure to handle library renames
test/run_tests.pl: Make sure to exit with a code that's understood universally
Fix cipher_compare
Simplify Makefile.shared
test/recipes/80-test_tsa.t: Don't trust 'OPENSSL_CONF'
Perl: Use File::Glob::bsd_glob rather than File::Glob::glob
Revert "Perl: Use File::Glob::bsd_glob rather than File::Glob::glob"
Turn on error sensitivity in the "tar" target
Prepare tarball in dist directory
Add a comment on expectations in the "tar" target
NO_SYS_TYPES_H isn't defined anywhere, stop using it as a guard
util/mkdef.pl: handle line terminators correctly
Fix OpenSSL::Test::Utils::config to actualy load the config data
Disable the EGD seeding meachanism when stdio is disabled
Make sure that a cert with extensions gets version number 2 (v3)
Configurations/windows-makefile.tmpl: canonicalise configured paths
doc/apps/openssl.pod: Add missing commands and links
Correct some typedef documentation
Fix util/find-doc-nits to correctly parse function signature typedefs
Fix util/perl/OpenSSL/Test.pm input variable overwrite
Use the possibility to have test results in a different directory
Reduce the things we ignore in test/
asn1_item_embed_new(): don't free an embedded item
asn1_item_embed_new(): don't free an embedded item
asn1_item_embed_new(): if locking failed, don't call asn1_item_embed_free()
doc/man3/d2i_X509.pod: add {d2i,i2d}_DSA_PUBKEY in NAME section
Document EVP_PKEY_ASN1_METHOD and associated functions
EVP_PKEY_asn1_add0(): Check that this method isn't already registered
Fix EVP_PKEY_ASN1_METHOD manual
Adapt util/find-doc-nits back to 1.1.0
docs: fixup OpenSSL version style
doc/crypto/OPENSSL_secure_malloc: add missing names
docs: assign section 7 where appropriate
Travis: Add a docs checking job
Fix small but important regression
Roelof duToit (2):
Retry SSL_read on ERROR_WANT_READ. This resolves the retry issue in general, but also the specific case where a TLS 1.3 server sends a post-handshake NewSessionTicket message prior to appdata.
Update PR#3925
Samuel Weiser (3):
Fixed error in propagating BN_FLG_CONSTTIME flag through BN_MONT_CTX_set, which could lead to information disclosure on RSA primes p and q.
BN_copy now propagates BN_FLG_CONSTTIME
Added const-time flag to DSA key decoding to avoid potential leak of privkey
Todd Short (4):
Fix inconsistent check of UNSAFE_LEGACY_RENEGOTIATION
Fix ex_data and session_dup issues
Add apps/progs.h to gitignore
Reorder extensions to put SigAlgs last
Tomas Mraz (1):
Ignore -named_curve auto value to improve backwards compatibility
Xiangyu Bu (1):
Fix memory leak in GENERAL_NAME_set0_othername.
Xiaoyin Liu (5):
schlock global variable needs to be volatile
app_isdir() cleanup
Fix errors in SSL_state_string_long
Fix typo in files in crypto folder
Add missing HTML tag in www_body in s_server.c
Zhu Qun-Ying (1):
Fixed address family test error for AF_UNIX in BIO_ADDR_make
lolyonok (1):
Fix nid assignment in ASN1_STRING_TABLE_add
multics (1):
Update rsautl.pod for typo
-----------------------------------------------------------------------
More information about the openssl-commits
mailing list