[openssl-commits] [openssl] OpenSSL_1_1_0i create
Matt Caswell
matt at openssl.org
Tue Aug 14 13:13:19 UTC 2018
The annotated tag OpenSSL_1_1_0i has been created
at 9ab02f49e781c0dc39bf34be721ef2f228ce5a03 (tag)
tagging 97c0959f27b294fe1eb10b547145ebef2524b896 (commit)
replaces OpenSSL_1_1_0h
tagged by Matt Caswell
on Tue Aug 14 13:45:05 2018 +0100
- Log -----------------------------------------------------------------
OpenSSL 1.1.0i release tag
-----BEGIN PGP SIGNATURE-----
iQFFBAABCgAvFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAltyztERHG1hdHRAb3Bl
bnNzbC5vcmcACgkQ2cTSbQ5gRJHduwgAoec+w6LBVsMi0as9ZkrCaP35gM/2frXD
6Nn1XDKVZC7A2AE5slHDi/1tzByCaeyINN22xt7Tg9jASD6APziVxSID4YJdzApP
EZGvAK6vLJ7wAI/9SUjuphQ1pXYYdITVmdyKlw2+p1JxZgl7pOrK3WaafUEcFHGz
hrLfIwpk8s5H+nFI3qLXgJT39uqo5FDPSN1bYxrKE2MvdrLT0sEae5scFGWnUJxR
GFvoNb1Vgnc1r+kjezDDYeqDskMWoBVYlOMwXEay/eKqUVQbKZ9GtCZQ7xKeW6wV
Dn22W6MUfXVTcBBKV+FnOeasgvGQAmb9gtX4rEfCxmIphxwitESFAA==
=ys7L
-----END PGP SIGNATURE-----
Alexandre Perrin (1):
Documentation typo fix in BN_bn2bin.pod
Andy Polyakov (41):
Configurations/10-main.conf: add magic macros to hpux targets.
Configurations/10-main.conf: further HP-UX cleanups/unifications.
bio/b_addr.c: resolve HP-UX compiler warnings.
ARM assembly pack: make it work with older assembler.
bn/asm/*-mont.pl: harmonize with BN_from_montgomery_word.
bn/asm/sparcv9-mont.pl: iron another glitch in squaring code path.
bn/asm/rsaz-avx2.pl: harmonize clang version detection.
sha/asm/sha{1|256}-586.pl: harmonize clang version detection.
{chacha|poly1305}/asm/*-x64.pl: harmonize clang version detection.
ec/asm/ecp_nistz256-avx2.pl: harmonize clang version detection.
ec/ec_mult.c: get BN_CTX_start,end sequence right.
sha/asm/sha{256|512}-armv4.pl: harmonize thumb2 support with the rest.
modes/asm/ghash-armv4.pl: address "infixes are deprecated" warnings.
test/evp_test.c: address sanitizer errors in pderive_test_run.
bn/bn_lib.c: remove bn_check_top from bn_expand2.
bn/bn_mont.c: move boundary condition check closer to caller.
bn/bn_mont.c: improve readability of post-condition code.
bn/bn_lib.c: make BN_bn2binpad computationally constant-time.
rsa/*: switch to BN_bn2binpad.
bn/bn_lib.c address Coverity nit in bn2binpad.
apps/dsaparam.c: fix -C output.
bn/bn_intern.c: const-ify bn_set_{static}_words.
ec/asm/ecp_nistz256-{!x86_64}.pl: fix scatter_w7 function.
ec/ecp_nistz256.c: fix ecp_nistz256_set_from_affine.
apps/dsaparam.c: make dsaparam -C output strict-warnings-friendly.
crypto/cryptlib.c: resolve possible race in OPENSSL_isservice.
bn/bn_lib.c: add BN_FLG_FIXED_TOP flag.
bn/bn_{mont|exp}.c: switch to zero-padded intermediate vectors.
ec/ecdsa_ossl.c: revert blinding in ECDSA signature.
ec/ecdsa_ossl.c: formatting and readability fixes.
ec/ecdsa_ossl.c: switch to fixed-length Montgomery multiplication.
bn/bn_mod.c: harmonize BN_mod_add_quick with original implementation.
CHANGES: mention blinding reverting in ECDSA.
crypto/cryptlib.c: make OPENSS_cpuid_setup safe to use as constructor.
crypto/init.c: use destructor_key even as guard in OPENSSL_thread_stop.
asn1/tasn_utl.c: fix logical error in and overhaul asn1_do_lock.
Revert "asn1/tasn_utl.c: fix logical error in and overhaul asn1_do_lock."
asn1/tasn_utl.c: fix logical error in asn1_do_lock.
x509v3/v3_purp.c: resolve Thread Sanitizer nit.
x509v3/v3_purp.c: re-implement lock-free check for extensions cache validity.
crypto/o_fopen.c: alias fopen to fopen64.
Benjamin Kaduk (1):
Fix regression with session cache use by clients
Bernd Edlinger (17):
Fix a crash in the asn1parse command
Improve diagnostics for invalid arguments in asn1parse -strparse
Use strtol instead of atoi in asn1parse
Fix range checks with -offset and -length in asn1parse
Remove an unnecessary cast in the param to BUF_MEM_grow
Change the "offset too large" message to more generic wording
Fix building linux-armv4 with --strict-warnings
Fix a gcc-8 warning -Wcast-function-type
Fix a warning about missing prototype on arm
Ensure the thread keys are always allocated in the same order
Fix memleaks in async api
Fix a possible crash in BN_from_montgomery_word
Try to work around ubuntu gcc-5 ubsan build failure
Backport of commit 6b49b30811f4afa0340342af9400b8d0357b5291
Fix a new gcc-9 warning [-Wstringop-truncation]
Fix minor windows build issues
Fix uninitialized value $s warning in windows static builds
Billy Brumley (6):
RSA key generation: ensure BN_mod_inverse and BN_mod_exp_mont both get called with BN_FLG_CONSTTIME flag set.
Elliptic curve scalar multiplication with timing attack defenses
ladder description: why it works
Remove superfluous NULL checks. Add Andy's BN_FLG comment.
fix: BN_swap mishandles flags (1.1.0)
[crypto/ec] don't assume points are of order group->order
Bryan Donlan (1):
Remove DSA digest length checks when no digest is passed
Daniel Bevenius (2):
Remove import/use of File::Spec::Function
Clarify default section in config.pod
David Benjamin (1):
Save and restore the Windows error around TlsGetValue.
David von Oheimb (1):
add documentation for OCSP_basic_verify()
Dr. Matthias St. Pierre (5):
Revert "Add OPENSSL_VERSION_AT_LEAST"
p5_scrypt.c: fix error check of RAND_bytes() call
a_strex.c: prevent out of bound read in do_buf()
v3_purp.c: add locking to x509v3_cache_extensions()
Fix typo 'is an error occurred' in documentation
Emilia Kasper (2):
X509_cmp_time: only return 1, 0, -1.
X509 time: tighten validation per RFC 5280
FdaSilvaYY (2):
EVP,KDF: Add more error code along some return 0
apps/speed: fix possible OOB access in some EC arrays
Guido Vranken (1):
Reject excessively large primes in DH key generation.
Jack Bates (1):
Convert _meth_get_ functions to const getters
Ken Goldman (1):
Document failure return for ECDSA_SIG_new
Kurt Roeckx (4):
Fix prototype of ASN1_INTEGER_get and ASN1_INTEGER_set
Change the number of Miller-Rabin test for DSA generation to 64
Make number of Miller-Rabin tests for a prime tests depend on the security level of the prime
Fix inconsistent use of bit vs bits
Marcus Huewe (1):
Do not free a session before calling the remove_session_cb
Matt Caswell (56):
Prepare for 1.1.0i-dev
Don't write out a bad OID
Tolerate a Certificate using a non-supported group on server side
Fix a text canonicalisation bug in CMS
Fix some errors in the mem leaks docs
Move the loading of the ssl_conf module to libcrypto
Don't crash if an unrecognised digest is used with dsa_paramgen_md
Pick a q size consistent with the digest for DSA param generation
Update the genpkey documentation
Add test/versions to gitignore
Fix an error code to be consistent with master
Ignore the status_request extension in a resumption handshake
Update fingerprints.txt
Fix assertion failure in SSL_set_bio()
Check the return from EVP_PKEY_get0_DH()
Update EVP_DigestSignInit() docs
Fix ocsp app exit code
Don't crash if there are no trusted certs
Add a test for a NULL X509_STORE in X509_STORE_CTX_init
Fix the alert sent if no shared sig algs
Fix SSL_pending() for DTLS
Add a test for SSL_pending()
Improve backwards compat with 1.0.2 for ECDHParameters
Allow intermediate CAs to use RSA PSS in 1.1.0
Document when a session gets removed from cache
In a reneg use the same client_version we used last time
Fix the MAX_CURVELIST definition
Fix documentation for the -showcerts s_client option
Update the *use_certificate* docs
Update version docs
Fix some errors and missing info in the CMS docs
Clarify BN_mod_exp docs
Add getter for X509_VERIFY_PARAM_get_hostflags
Fix SSL_get_shared_ciphers()
Fix comment in ssl_locl.h
Add some documentation for SSL_get_shared_ciphers()
Make X509_VERIFY_PARAM_get_hostflags() take a const arg
Return an error from BN_mod_inverse if n is 1 (or -1)
Fix a mem leak in CMS
Don't fail on an out-of-order CCS in DTLS
Fix s_client and s_server so that they correctly handle the DTLS timer
Only auto-retry for DTLS if configured to do so
Keep the DTLS timer running after the end of the handshake if appropriate
Don't memcpy the contents of an empty fragment
Mark DTLS records as read when we have finished with them
Make BN_GF2m_mod_arr more constant time
Fix undefined behaviour in X509_NAME_cmp()
Improve compatibility of point and curve checks
The result of a ^ 0 mod -1 is 0 not 1
Add blinding to an ECDSA signature
Add blinding to a DSA signature
Fix a NULL ptr deref in error path in tls_process_cke_dhe()
Don't create an invalid CertificateRequest
Updates to CHANGES and NEWS for the new release
Update copyright year
Prepare for 1.1.0i release
Matthias Kraft (1):
Custome built dladdr() for AIX.
Mingtao Yang (2):
Add APIs for custom X509_LOOKUP_METHOD creation
modes/ocb128.c: Reset nonce-dependent variables on setiv
Miroslav Suk (1):
o_time.c: use gmtime_s with MSVC ts/ts_rsp_sign.c: change to OPENSSL_gmtime.
Neel Goyal (1):
Set biom->type in BIO_METH_new
Nick Mathewson (2):
Update documentation for PEM callback: error is now -1.
Improve the example getpass() implementation to show an error return
Nicola Tuveri (4):
Address code style comments
Pass through
Move up check for EC_R_INCOMPATIBLE_OBJECTS and for the point at infinity case
Deprecate DSA_sign_setup() in the documentation
Pauli (4):
Check return from BN_set_word. In ssl/t1_lib.c.
Check conversion return in ASN1_INTEGER_print_bio.
Check return from BN_sub
Avoid errors when loading a cert multiple times. Manual backport of #2830 to 1.1.0
Pavel Kopyl (1):
Fix memory leaks in CA related functions.
Philippe Antoine (1):
Adds multiple checks to avoid buffer over reads
Rahul Chaudhry (1):
poly1305/asm/poly1305-armv4.pl: remove unintentional relocation.
Rich Salz (10):
Fix typo in OPENSSL_LH_new compat API
Updated to CONTRIBUTING to reflect GitHub, etc.
Fix bugs in X509_NAME_ENTRY_set
Make OS/X more explicit, to avoid questions
Improve wording
Zero-fill IV by default.
Check for failures, to avoid memory leak
Use auto-null-initializer
Fix setting of ssl_strings_inited.
Increase CT_NUMBER values
Richard Levitte (53):
Revert "util/dofile.pl: only quote stuff that actually needs quoting"
Faster fuzz test: teach the fuzz test programs to handle directories
.travis.yml: with fast fuzz testing, there is no point avoiding it
Refuse to run test_cipherlist unless shared library matches build
VMS: Copy DECC inclusion epi- and prologues to internals
Don't use CPP in Configurations/unix-Makefile.tmpl
openssl rehash: document -compat
openssl rehash: use libcrypto variables for default dir
Docs for OpenSSL_init_crypto: there is no way to specify another file
test/recipes/test_genrsa.t : don't fail because of size limit changes
Don't distribute team internal config targets
Fix late opening of output file
Fix openssl ca, to correctly make output file binary when using -spkac
ms/uplink-x86.pl: close the file handle that was opened
openssl rehash: exit 0 on warnings, same as c_rehash
PEM_def_callback(): don't loop because of too short password given
PEM_def_callback(): use same parameter names as for pem_password_cb
Use get_last_sys_error() instead of get_last_rtl_error()
Fix no-ui
apps/s_server.c: Avoid unused variable due to 'no-dtls'
docs: Fix typo EVP_PKEY_new_id -> EVP_PKEY_CTX_new_id
BIO_s_mem() write: Skip early when input length is zero
In cases where we ask PEM_def_callback for minimum 0 length, accept 0 length
UI console: Restore tty settings, do not force ECHO after prompt
CI config: no need to make both install and install_docs
When producing man-pages, ensure NAME section is one line only
Add a note on CHANGES and NEWS in CONTRIBUTING
Restore check of |*xn| against |name| in X509_NAME_set
Quiet pod2html warnings
Windows: don't install __DECC_*.H
apps: when the 'compat' nameopt has been set, leave it be
ENGINE_pkey_asn1_find_str(): don't assume an engine implements ASN1 method
VMS: have mkdef.pl parse lettered versions properly
openssl ca: open the output file as late as possible
OpenSSL-II style for emacs: don't indent because of extern block
OpenSSL_add_ssl_algorithm-is-deprecated() is deprecated, make it so
Move documentation to its correct location for this branch
Document more EVP_MD_CTX functions
Make 'with_fallback' use 'use' instead of 'require'
Existing transfer modules must have a package and a $VERSION
util/dofile.pl: require Text::Template 1.46 or newer
Windows: fix echo for nmake
Windows: avoid using 'rem' in the nmake makefile
Avoid __GNUC__ warnings when defining DECLARE_DEPRECATED
PKCS12: change safeContentsBag from a SET OF to a SEQUENCE OF
Configure: Display error/warning on deprecated/unsupported options after loop
Configure: print generic advice when dying
Configure death handler: bail out early when run in eval block
Configure death handler: remember to call original death handler
Configure death handler: instead of printing directly, amend the message
Make EVP_PKEY_asn1_new() stricter with its input
Check early that the config target exists and isn't a template
i2d_ASN1_OBJECT(): allocate memory if the user didn't provide a buffer
Tilman Keskinöz (1):
ssl/ssl_txt: fix NULL-check
Todd Short (1):
Configure: fix Mac OS X builds that still require makedepend
Viktor Dukhovni (2):
Limit scope of CN name constraints
Skip CN DNS name constraint checks when not needed
cedral (1):
fix build error in 32 bit debug build
-----------------------------------------------------------------------
More information about the openssl-commits
mailing list