[openssl-commits] [openssl] OpenSSL_1_0_2p create

Matt Caswell matt at openssl.org
Tue Aug 14 13:13:19 UTC 2018 

The annotated tag OpenSSL_1_0_2p has been created
        at  4ec29ae59fd474a8f9037e08e8219b99dc608e2d (tag)
   tagging  e71ebf275da66dfd601c92e0e80a35114c32f6f8 (commit)
  replaces  OpenSSL_1_0_2o
 tagged by  Matt Caswell
        on  Tue Aug 14 14:01:02 2018 +0100

- Log -----------------------------------------------------------------
OpenSSL 1.0.2p release tag
-----BEGIN PGP SIGNATURE-----

iQFFBAABCgAvFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAlty0o4RHG1hdHRAb3Bl
bnNzbC5vcmcACgkQ2cTSbQ5gRJHpHQf9H1P6RybUPVfzF+yWxjpVvJVbyd4hfFbh
02x95ORHgS71afQpYfCU/s12SxBmg0ZBGJs3uiNRFO5q/Tn1n/PdcIgQptl64hZu
0l4CM41MPLF+xafOzfv8GTfjfg67kL7338ZOFThy8Tczyaj3uddeEjb/KBPIbQsm
toPgJIad/ZYs9VRfjA9J39qohX0SHMYU3WW/NnYWPg0UtTYKbWRFLyHNfUW3Lt9v
+IWw3DVYNOvVOcXK1rDYnM7pOftF5QaGHLrpNAknLkUBAjkkBlf92vNNa1onIMO+
COmD8SvdYea/dr3moCYmpDcQTYZrbgDLVo9E7WrelTs5kEgMXr0UjA==
=f94J
-----END PGP SIGNATURE-----

Alexandre Perrin (1):
      Documentation typo fix in BN_bn2bin.pod

Andy Polyakov (17):
      bn/asm/*-mont.pl: harmonize with BN_from_montgomery_word.
      util/domd: harmonize with compiler detection in Configure.
      bn/asm/sparcv9-mont.pl: iron another glitch in squaring code path.
      bn/asm/rsaz-avx2.pl: harmonize clang version detection.
      sha/asm/sha{1|256}-586.pl: harmonize clang version detection.
      ec/ecp_nistz256.c: fix ecp_nistz256_set_from_affine.
      bn/bn_lib.c: remove bn_check_top from bn_expand2.
      bn/bn_mont.c: improve readability of post-condition code.
      bn/bn_lib.c: add BN_FLG_FIXED_TOP flag.
      bn/bn_{mont|exp}.c: switch to zero-padded intermediate vectors.
      ecdsa/ecs_ossl.c: revert blinding in ECDSA signature.
      bn/bn_mod.c: harmonize BN_mod_add_quick with original implementation.
      ecdsa/ecs_ossl.c: switch to fixed-length Montgomery multiplication.
      CHANGES: mention blinding reverting in ECDSA.
      bn/bn_lib.c: add computationally constant-time bn_bn2binpad.
      bn/bn_lib.c address Coverity nit in bn2binpad.
      rsa/*: switch to BN_bn2binpad.

Bernd Edlinger (5):
      Fix a crash in the asn1parse command
      Fix range checks with -offset and -length in asn1parse
      Change the "offset too large" message to more generic wording
      Fix a new gcc-9 warning [-Wstringop-truncation]
      Fix some more gcc-9 warnings [-Wstringop-truncation]

Billy Brumley (3):
      RSA key generation: ensure BN_mod_inverse and BN_mod_exp_mont both get called with BN_FLG_CONSTTIME flag set.
      fix: BN_swap mishandles flags (1.0.2)
      Fix BN_gcd errors for some curves

Cristian Stoica (3):
      fix warning unused-but-set-variable 'nostrict' (no-dh and no-ec)
      fix warning unused-but-set-variable 'alg_k' (no-dh and no-ec)
      s_server: fix warnings unused-but-set-variable (no-dh)

Daniel Bevenius (1):
      Clarify default section in config.pod

Dr. Matthias St. Pierre (3):
      a_strex.c: prevent out of bound read in do_buf()
      v3_purp.c: add locking to x509v3_cache_extensions()
      Fix typo 'is an error occurred' in documentation

Emilia Kasper (2):
      X509_cmp_time: only return 1, 0, -1.
      X509 time: tighten validation per RFC 5280

Guido Vranken (1):
      Reject excessively large primes in DH key generation.

John Eichenberger (1):
      Correct the check of RSA_FLAG_SIGN_VER

Ken Goldman (1):
      Document failure return of ECDSA_SIG_new

Kurt Roeckx (3):
      Change the number of Miller-Rabin test for DSA generation to 64
      Make number of Miller-Rabin tests for a prime tests depend on the security level of the prime
      Fix inconsistent use of bit vs bits

Matt Caswell (33):
      Prepare for 1.0.2p-dev
      Don't write out a bad OID
      Don't crash if an unrecognised digest is used with dsa_paramgen_md
      Pick a q size consistent with the digest for DSA param generation
      Update the genpkey documentation
      Ignore the status_request extension in a resumption handshake
      Update fingerprints.txt
      Fix ocsp app exit code
      Return 0 on a non-matching kdf_type
      Don't crash if there are no trusted certs
      Fix the alert sent if no shared sig algs
      Document when a session gets removed from cache
      Fix documentation for the -showcerts s_client option
      Update the *use_certificate* docs
      Update version docs
      Fix some errors and missing info in the CMS docs
      Clarify BN_mod_exp docs
      Fix SSL_get_shared_ciphers()
      Fix comment in ssl.h
      Add some documentation for SSL_get_shared_ciphers()
      Don't memcpy the contents of an empty fragment
      Make BN_GF2m_mod_arr more constant time
      Fix undefined behaviour in X509_NAME_cmp()
      Fix a bogus warning about an uninitialised var
      The result of a ^ 0 mod -1 is 0 not 1
      Add blinding to an ECDSA signature
      Fix no-ssl3-method in 1.0.2
      Add blinding to a DSA signature
      Don't create an invalid CertificateRequest
      Updates to CHANGES and NEWS for the new release
      Update copyright year
      make update
      Prepare for 1.0.2p release

Miroslav Suk (1):
      o_time.c: use gmtime_s with MSVC

Nick Mathewson (2):
      Update documentation for PEM callback: error is now -1.
      Improve the example getpass() implementation to show an error return

Nicola Tuveri (1):
      Warn against nonce reuse in DSA_sign_setup() doc

Pavel Kopyl (1):
      Fix memory leaks in CA related functions.

Philippe Antoine (1):
      Adds multiple checks to avoid buffer over reads

Rich Salz (3):
      Updated to CONTRIBUTING to reflect GitHub, etc.
      Zero-fill IV by default.
      Check for failures, to avoid memory leak

Richard Levitte (16):
      apps/s_socket.c: Fix do_accept
      PEM_def_callback(): don't loop because of too short password given
      PEM_def_callback(): use same parameter names as for pem_password_cb
      Skip the CMS test if configured 'no-cms'
      BIO_s_mem() write: Skip early when input length is zero
      In cases where we ask PEM_def_callback for minimum 0 length, accept 0 length
      UI console: Restore tty settings, do not force ECHO after prompt
      When configuring 'no-comp', zlib support should be disabled too
      apps: when the 'compat' nameopt has been set, leave it be
      ENGINE_pkey_asn1_find_str(): don't assume an engine implements ASN1 method
      doc/crypto/pem.pod: modernise the example code
      PKCS12: change safeContentsBag from a SET OF to a SEQUENCE OF
      Make EVP_PKEY_asn1_new() stricter with its input
      i2d_ASN1_OBJECT(): allocate memory if the user didn't provide a buffer
      i2d_ASN1_BOOLEAN(): allocate memory if the user didn't provide a buffer
      i2d_ASN1_BOOLEAN(): correct error module

Todd Short (1):
      Configure: fix Mac OS X builds that still require makedepend

-----------------------------------------------------------------------

More information about the openssl-commits mailing list