[openssl-commits] [openssl] OpenSSL_1_1_0g create

Matt Caswell matt at openssl.org
Thu Nov 2 14:58:35 UTC 2017


The annotated tag OpenSSL_1_1_0g has been created
        at  3ff855e048b924a2db5133e596da9c25e9aaee27 (tag)
   tagging  b2758a2292aceda93e9f44c219b94fe21bb9a650 (commit)
  replaces  OpenSSL_1_1_0f
 tagged by  Matt Caswell
        on  Thu Nov 2 14:29:01 2017 +0000

- Log -----------------------------------------------------------------
OpenSSL 1.1.0g release tag
-----BEGIN PGP SIGNATURE-----

iQEuBAABCAAYBQJZ+yutERxtYXR0QG9wZW5zc2wub3JnAAoJENnE0m0OYESRjdAI
AIEl/gkSCrYLru12azrdb5kKp4wAHd4CHQGIqk1rfWlxQ5RsTDK7fDsTBacrY4X7
fs/uKACKlY6WrIwETfvwRkRUY32fmLJPOqctCqaiypae3EAvRsU6CFI7tJ6Icem3
KPk2jvCwbXXYgYPnxzXrt8Q0+ZBoeVTT2EHKS2XFXsLkw1+vGwMN8MCIPaB8tzP1
2c7TplFSY8IlOGZzWGoC5fO8dhzXojqq+ch2078J9UH9+UELDHElvxm+Tq8z8e0k
3x7u6+kEcaU/+3DG+qUankrSP4lbhXRDbaHB/Xvd4ou/g5vyABsSyMzjcZ8FzVgD
dWQ87Ut3Bb8YvRmkudpC07Q=
=Wmtx
-----END PGP SIGNATURE-----

Andy Polyakov (12):
      modes/ocb128.c: address undefined behaviour warning.
      ec/asm/ecp_nistz256-x86_64.pl: minor sqr_montx cleanup.
      evp/e_aes_cbc_hmac_sha256.c: give SHAEXT right priority.
      aes/asm/aesni-sha*-x86_64.pl: add SHAEXT performance results.
      x86_64 assembly pack: "optimize" for Knights Landing.
      err/err.c: fix "wraparound" bug in ERR_set_error_data.
      crypto/cryptlib.c: mask more capability bits upon FXSR bit flip.
      Configure: base compiler-specific decisions on pre-defines.
      recipes/25-test_verify.t: reformat.
      crypto/x509v3/v3_utl.c: fix Coverity problems.
      x509v3/v3_utl.c: avoid double-free.
      bn/asm/x86_64-mont5.pl: fix carry bug in bn_sqrx8x_internal.

Balaji Marisetti (1):
      Addressed build failure because of missing #ifdef AF_UNIX guard     CLA: trivial

Baptiste Jonglez (2):
      afalg: Use eventfd2 syscall instead of eventfd
      afalg: Fix kernel version check

Ben Kaduk (1):
      Skip ssl-tests/19-mac-then-encrypt.conf for no-tls1_2

Benjamin Kaduk (7):
      Do not document SSL_CTX_set1_cert_store()
      Remove stale note from s_server.pod
      Add -Wextra to gcc devteam warnings
      Address some -Wold-style-declaration warnings
      Remove duplicates from clang_devteam_warnings
      Error out when forcing an unsupported TLS version
      Reenable s_server -dhparam option

Bernd Edlinger (22):
      Fix memleak in EVP_DigestSignFinal/VerifyFinal.
      Fix a memleak in ec_copy_parameters.
      Fix a possible crash in the error handling.
      Fix possible crash in X931 code.
      Fix another possible crash in rsa_ossl_mod_exp.
      Fix a possible crash in dsa_builtin_paramgen2.
      Fix crash in ecdh_simple_compute_key.
      Remove a pointless "#if 0" block from BN_mul.
      Fix the error handling in ERR_get_state:
      Fix the fall-out in 04-test_bioprint.t
      Add parentheses around macro argument of OSSL_NELEM.
      Fix crash in BUF_MEM_grow_clean.
      Fix gcc-7 warnings about missing fall thru comments.
      Fix bogus use of BIO_sock_should_retry.
      Clean password buffer on stack for PEM_read_bio_PrivateKey     and d2i_PKCS8PrivateKey_bio before it goes out of scope.
      Implement the CRYPTO_secure_clear_free function.     Use OPENSSL_secure_clear_free for secure mem BIOs     and X25519 private keys.
      Add some test coverage for OPENSSL_secure_clear_free
      Fix an information leak in the RSA padding check code.     The memory blocks contain secret data and must be     cleared before returning to the system heap.
      Avoid surpising password dialog in X509 file lookup.
      Clear outputs in PKCS12_parse error handling.
      Clear secret stack values after use in curve25519.c
      Fix the return type of felem_is_zero_int which should be int.     Change argument type of xxxelem_is_zero_int to const void*     to avoid the need of type casts.

Christian Heimes (1):
      Provide getters for min/max proto version

David Benjamin (5):
      Fix the names of ChaCha20-Poly1305 cipher suites in t1_trce.c.
      Fix comment typo.
      Fix overflow in c2i_ASN1_BIT_STRING.
      Allow DH_set0_key with only private key.
      Guard against DoS in name constraints handling.

David Woodhouse (1):
      Add SSL_OP_NO_ENCRYPT_THEN_MAC

David von Oheimb (1):
      Fix OCSP_basic_verify() cert chain construction in case bs->certs is NULL

Diego Santa Cruz (2):
      Make SRP_CTX.info ownership and lifetime be the same as SRP_CTX.login.
      Use memset to clear SRP_CTX instead of NULL and zero assignments

Dr. Stephen Henson (12):
      Add test for ECDH CMS key only
      Support CMS decrypt without a certificate for all key types
      Add alternative CMS P-256 cert
      no-ec2m fixes
      Correct GCM docs.
      Remove dhparam from SSL_CONF list.
      Don't ignore passed ENGINE.
      Fix memory leak on lookup failure
      Add EVP_PKEY_set1_engine() function.
      make update
      Document EVP_PKEY_set1_engine()
      Backport key redirection test from master branch

Emeric Brun (1):
      Fix async engine pause dead lock in error case.

Emilia Kasper (3):
      RSA_padding_check_PKCS1_type_2 is not constant time.
      Remove resolved TODO
      Test mac-then-encrypt

Hubert Kario (1):
      doc: note that the BN_new() initialises the BIGNUM

Jakub Jelen (1):
      ECDSA_* is deprecated. EC_KEY_* is used instead

Johannes Bauer (1):
      Fix const correctness of EC_KEY_METHOD_get_*

Jonathan Protzenko (1):
      Fix speed command for alternation of ciphers and digests.

Ken Goldman (1):
      RSA_get0_ functions permit NULL parameters

Kurt Roeckx (2):
      Add missing commas in pod files
      Only reset the ctx when a cipher is given

Lingmo Zhu (2):
      Remove the obsolete misleading comment and code related to it.
      remove horrible pragma macro and remove __owur from SSL_CTX_add_session() declaration

Matt Caswell (22):
      Prepare for 1.1.0g-dev
      Document that HMAC() with a NULL md is not thread safe
      Fix a Proxy race condition
      Wait longer for the server in TLSProxy to start
      Don't fail the connection in SSLv3 if server selects ECDHE
      Fix DTLS failure when used in a build which has SCTP enabled
      Add documentation for the SSL_export_keying_material() function
      Fix OBJ_create() to tolerate a NULL sn and ln
      Fix travis clang-3.9 builds
      Fix undefined behaviour in e_aes_cbc_hmac_sha256.c and e_aes_cbc_hmac_sha1.c
      Remove some dead code
      Add documentation for SRTP functions
      Clarify the meaning of no-stdio in INSTALL
      Fix description of how to report a bug in INSTALL
      Allow an endpoint to read the alert data before closing the socket
      Remove an incorrect comment
      Ensure we test all parameters for BN_FLG_CONSTTIME
      Correct value for BN_security_bits()
      Don't make any changes to the lhash structure if we are going to fail
      Don't use strcasecmp and strncasecmp for IA5 strings
      Update CHANGES and NEWS for new release
      Prepare for 1.1.0g release

Mouse (1):
      Fix parameter name, for common aesthetics and to silence IDE warnings.

Nicola Tuveri (2):
      evp_test.c: Add PrivPubKeyPair test
      evp_test.c: Add PrivPubKeyPair negative tests

Patrick Steuer (3):
      crypto/aes/asm/aes-s390x.pl: fix $softonly=1 code path.
      s390x assembly pack: remove capability double-checking.
      s390x assembly pack: define OPENSSL_s390xcap_P in s390xcap.c

Paul Yang (7):
      Fix coding style in apps/passwd file
      Fix possible usage of NULL pointers in apps/spkac.c
      Remove non-accurate description in Configure script
      Fix a reference nit in doc
      Fix rsa -check option
      Add EC key generation paragraph in doc/HOWTO/keys.txt
      Fix doc-nits in doc/man3/DEFINE_STACK_OF.pod

Pauli (5):
      Fix potential use-after-free and memory leak
      Fix ctype arguments.
      Null pointer used.     Address coverity report of null pointer being dereferenced.
      Address a timing side channel whereby it is possible to determine some
      Address a timing side channel whereby it is possible to determine some

Pichulin Dmitrii (1):
      Fix 'key' option in s_server can be in ENGINE keyform

Rainer Jung (1):
      Fix use of "can_load()" in run_tests.pl.

Rich Salz (19):
      Make default_method mostly compile-time
      Add stricter checking in NAME section
      Add text pointing to full change list.
      Only release thread-local key if we created it.
      Document default client -psk_identity
      Add a lock around the OBJ_NAME table
      Fix a read off the end of the input buffer
      fix broken implementations of GOST ciphersuites
      Remove needless type casting.
      Add echo for end of each build phase
      Tweak wording to be more clear.
      Remove NO_DIRENT; it isn't used anywhere
      Avoid out-of-bounds read
      Add checks for alloc failing.
      Fix error handling/cleanup
      Fix doc for i2d/d2i private/public key
      Update RAND_load_file return value.
      Additional name for all commands
      Add missing paren.

Richard Levitte (46):
      Windows: rearrange programs cleanup
      .travis.yml: Detect if 'make update' updated something
      Build apps/progs.h dynamically
      tsget.in: remove call of WWW::Curl::Easy::global_cleanup
      util/mkdef.pl: Add UNIX as a platform
      util/mkdef.pl: Make symbol version processing Linux only
      When apps_startup() fails, exit with a failure code and a message
      Correct documentation for UI_get0_result_string
      Avoid possible memleak in X509_policy_check()
      Fix small UI issues
      VMS: When running a sub-MMS, make sure to give it the main MMS' qualifiers
      test/recipes/90-test_shlibload.t: Make sure to handle library renames
      test/run_tests.pl: Make sure to exit with a code that's understood universally
      Fix cipher_compare
      Simplify Makefile.shared
      test/recipes/80-test_tsa.t: Don't trust 'OPENSSL_CONF'
      Perl: Use File::Glob::bsd_glob rather than File::Glob::glob
      Revert "Perl: Use File::Glob::bsd_glob rather than File::Glob::glob"
      Turn on error sensitivity in the "tar" target
      Prepare tarball in dist directory
      Add a comment on expectations in the "tar" target
      NO_SYS_TYPES_H isn't defined anywhere, stop using it as a guard
      util/mkdef.pl: handle line terminators correctly
      Fix OpenSSL::Test::Utils::config to actualy load the config data
      Disable the EGD seeding meachanism when stdio is disabled
      Make sure that a cert with extensions gets version number 2 (v3)
      Configurations/windows-makefile.tmpl: canonicalise configured paths
      doc/apps/openssl.pod: Add missing commands and links
      Correct some typedef documentation
      Fix util/find-doc-nits to correctly parse function signature typedefs
      Fix util/perl/OpenSSL/Test.pm input variable overwrite
      Use the possibility to have test results in a different directory
      Reduce the things we ignore in test/
      asn1_item_embed_new(): don't free an embedded item
      asn1_item_embed_new(): don't free an embedded item
      asn1_item_embed_new(): if locking failed, don't call asn1_item_embed_free()
      doc/man3/d2i_X509.pod: add {d2i,i2d}_DSA_PUBKEY in NAME section
      Document EVP_PKEY_ASN1_METHOD and associated functions
      EVP_PKEY_asn1_add0(): Check that this method isn't already registered
      Fix EVP_PKEY_ASN1_METHOD manual
      Adapt util/find-doc-nits back to 1.1.0
      docs: fixup OpenSSL version style
      doc/crypto/OPENSSL_secure_malloc: add missing names
      docs: assign section 7 where appropriate
      Travis: Add a docs checking job
      Fix small but important regression

Roelof duToit (2):
      Retry SSL_read on ERROR_WANT_READ.     This resolves the retry issue in general, but also the specific case where a TLS 1.3 server sends a post-handshake NewSessionTicket message prior to appdata.
      Update PR#3925

Samuel Weiser (3):
      Fixed error in propagating BN_FLG_CONSTTIME flag through BN_MONT_CTX_set, which could lead to information disclosure on RSA primes p and q.
      BN_copy now propagates BN_FLG_CONSTTIME
      Added const-time flag to DSA key decoding to avoid potential leak of privkey

Todd Short (4):
      Fix inconsistent check of UNSAFE_LEGACY_RENEGOTIATION
      Fix ex_data and session_dup issues
      Add apps/progs.h to gitignore
      Reorder extensions to put SigAlgs last

Tomas Mraz (1):
      Ignore -named_curve auto value to improve backwards compatibility

Xiangyu Bu (1):
      Fix memory leak in GENERAL_NAME_set0_othername.

Xiaoyin Liu (5):
      schlock global variable needs to be volatile
      app_isdir() cleanup
      Fix errors in SSL_state_string_long
      Fix typo in files in crypto folder
      Add missing HTML tag in www_body in s_server.c

Zhu Qun-Ying (1):
      Fixed address family test error for AF_UNIX in BIO_ADDR_make

lolyonok (1):
      Fix nid assignment in ASN1_STRING_TABLE_add

multics (1):
      Update rsautl.pod for typo

-----------------------------------------------------------------------


More information about the openssl-commits mailing list