[openssl-commits] [openssl] OpenSSL_1_1_1-pre3 create
Matt Caswell
matt at openssl.org
Tue Mar 20 14:00:02 UTC 2018
The annotated tag OpenSSL_1_1_1-pre3 has been created
at 096f15afa75dec6afbab7673825044e11ea1df4e (tag)
tagging be2df12a349eae53805dd3cb19aa18e3d022acd7 (commit)
replaces OpenSSL_1_1_1-pre2
tagged by Matt Caswell
on Tue Mar 20 13:13:56 2018 +0000
- Log -----------------------------------------------------------------
OpenSSL 1.1.1-pre3 release tag
-----BEGIN PGP SIGNATURE-----
iQEuBAABCAAYBQJasQkUERxtYXR0QG9wZW5zc2wub3JnAAoJENnE0m0OYESRbgsH
/inDuVSpQA+9+jbMpTZ6xAEkdmqNquF2Wv73qS9naLazib8bKSgyBkBULDU4Cif9
JAhMam3NE2U90jFfxad3AYBC1u5xW5CbiHdXjqY3sfVtTyShdniqo/toqtDfmhwO
xZEwmD6CyBWIExQMeQSKiNMwSqLiDoNY4YlyHxtcy91PzjgWcT3kwWQfxeiuk3i3
cbtqDIye09EsT00ocIUfc6Dj/FAIU/HvPUDGIOcrD0JIJ8BJG/iiAm2sLTr1Ajck
oFnVTLDcbb56ouh0JH6Ea9W9rugSSYrFLwcz7I+7hF3vd+54YvQPRzuuHFvEn0Vk
IFg/afObA5m20nOyT6eJef4=
=dYWx
-----END PGP SIGNATURE-----
Alex Gaynor (7):
Fixed a typo in a man page
Fixed a typo in a man page
Fix a typo in the s_client man page
Corrected two typos in a man page
Fixed several readability issues in DH_generate_parameters.pod
Fixed a spelling mistake in ASN1_TIME_set.pod
Fixed a handful of typos
Andy Polyakov (23):
ec/asm/x25519-x86_64.pl: remove redundant carry chain.
ec/curve448/curve448.c: fix undefined behaviour sanitizer failure.
ec/curve448/f_generic.c: fix VC-WIN32 debug build failure.
mem_sec.c: portability fixup.
test/ctype_internal_test.c: portability fixup.
Configurations/10-main.conf: add -fno-common back to darwin-ppc-cc.
crypto/armcap.c: mask SHA512 hardware detection on iOS.
Configurations/10-main.conf: amend out-dated comments.
Configurations/windows-makefile.tmpl: simplify install-path "flavour"-ing.
Configurations/50-win-onecore.conf: add Windows 10 OneCore targets.
Configurations/unix-Makefile.tmpl: overhaul assembler make rules.
Configurations/10-main.conf: VC-<target> cleanups.
mem_sec.c: portability fixup.
store/loader_file.c: rename variables causing conflicts with Android NDK.
ec/curve25519.c: resolve regression with Android NDK's arm64 gcc.
Configurations/*.conf: overhaul Android targets.
NOTES.WIN: classify targets to "native" and "hosted" and restructure.
Configure: pass -no-integrated-as.
Configurations/15-android.conf: refine clang support.
MIPS assembly pack: default heuristic detection to little-endian.
Configurations/15-android.conf: default to RC4_CHAR whenever possible.
Add NOTES.ANDROID.
Configurations/15-android.conf: detect clang by PATH, not by CC.
Ben Kaduk (2):
Fix doc-nits
Attempt to fix boringssl tests
Benjamin Kaduk (4):
Do not set a nonzero default max_early_data
Fix type error in PEM processing
Reuse extension_is_relevant() in should_add_extension()
Document more X509_STORE functions
Benjamin Saunders (1):
Introduce SSL_CTX_set_stateless_cookie_{generate,verify}_cb
Bernd Edlinger (8):
Fix a possible memory leak in engine_table_register
Fix a bunch of gcc warnings in packettest.c
Fix error handling in b2i_dss and b2i_rsa
Fixed a crash in error handing of rand_drbg_new
Fix a memory leak in n_ssl3_mac
Fix a memory leak in tls1_mac
Fix a crash in SSLfatal due to invalid enc_write_ctx
Fix bio callback backward compatibility
Brad Spencer (1):
Test the result of CMS_RecipientInfo_ktri_get0_algs() before using its output in rsa_cms_encrypt().
Bryan Donlan (1):
Fix issues in ia32 RDRAND asm leading to reduced entropy
David Benjamin (1):
Always use adr with __thumb2__.
David Makepeace (1):
Fixed typo in description of EVP_CIPHER_meth_set_iv_length().
Dr. Matthias St. Pierre (7):
bio_b64.c: prevent base64 filter BIO from decoding out-of-bound data
BIO_s_mem.pod: fix indirection for out parameter **pp
RAND_DRBG: add a function for setting the reseeding defaults
Publish the RAND_DRBG API
RAND_DRBG: add a function for setting the default DRBG type and flags
Fix miscellaneous typos in docs and source
Fix: drbgtest fails when tests are executed in random order
FdaSilvaYY (1):
Duplicate entries ssl_handshake_tbl trace entries...
Ivan Filenko (1):
Fix typo in ASN1_STRING_length doc
Jack Lloyd (3):
Add SM2 signature and ECIES schemes
Support SM2 ECIES scheme via EVP
Handle evp_tests assumption of EVP_PKEY_FLAG_AUTOARGLEN
JeffZhao (1):
engines/asm/e_padlock*: add support for Zhaoxin's x86 platform
Kurt Roeckx (9):
Tell the ciphers which DRBG to use for generating random bytes.
bnrand_range: Always call bnrand() with the correct flag
Check the parent DRBG's strength
Fix propotype to include the const qualifier
Propagate the request for prediction resistance to the get entropy call
Return error when trying to use prediction resistance
Make the public and private DRBG thread local
Don't use a ssl specific DRBG anymore
Add a multithread rand test
Matt Caswell (66):
Prepare for 1.1.1-pre3-dev
Add pkey types for curve448
Integrate X448 and Ed448 into libcrypto
Update some documentation for X448/Ed448
Add test vectors for X448 and Ed448
Update CHANGES for X448 and Ed448
Add X448/Ed448 support to libssl
Update tests for TLS Ed448
Update CHANGES for X448/Ed448 support in libssl
Fix status_request and SCT extensions
Remove OPENSSL_USE_NODELETE guards in shlibloadtest
Tolerate TLSv1.3 PSKs that are a different size to the hash size
Fallback on old style PSK callbacks if the new style ones aren't present
Update documentation for the new PSK behaviour
Test the new PSK behaviour
Give more information in the SSL_stateless return code
Don't negotiate TLSv1.3 with the ossl_shim
Improve error handling in pk7_doit
Fix enable-ssl-trace
Free the correct type in OBJ_add_object()
Use the TLSv1.3 record header as AAD
Only allow supported_versions in a TLSv1.3 ServerHello
Update version numbers for TLSv1.3 draft-26
Split configuration of TLSv1.3 ciphers from older ciphers
Update s_time to be allow configuration of TLSv1.3 ciphersuites
Add documentation for TLSv1.3 ciphersuite configuration
Update CHANGES with details of TLSv1.3 ciphersuite configuration
Fix clienthellotest for new TLSv1.3 ciphersuite configuration
Put the default set of TLSv1.3 ciphersuites in a header file
Fix an error number clash
Fix no-ec
Only update the server session cache when the session is ready
Add functions to create an EVP_PKEY from raw private/public key data
Add support for setting raw private/public 25519/448 keys
Add support for setting raw private HMAC keys
Add support for setting raw private SIPHASH keys
Add support for setting raw private Poly1305 keys
Add the function EVP_PKEY_new_CMAC_key()
Update the tests to use the new EVP_PKEY_new_private_key() function
Add documentation for the newly added EVP_PKEY_new*() functions
Add PrivateKeyRaw and PublicKeyRaw support to evp_test
Add some test vectors for testing raw 448/25519 keys
Expand the 25519/448 overview man pages
Make sure all errors go on the stack in the EVP_PKEY_new*() functions
Add functions for setting the new EVP_PKEY_ASN1_METHOD functions
Rename EVP_PKEY_new_private_key()/EVP_PKEY_new_public_key()
Revert "Don't crash on a missing Subject in index.txt"
Revert "Don't allow an empty Subject when creating a Certificate"
Report a readable error on a duplicate cert in ca app
Allow multiple entries without a Subject even if unique_subject == yes
Fix a memory leak in the ca application
Fix no-chacha and no-poly1305
Always call the new_session_cb when issuing a NewSessionTicket in TLSv1.3
Don't update the session cache when processing a client certificate in TLSv1.3
Add an anti-replay mechanism
Add a test for 0RTT replay protection
Document the replay protection capabilities
Add a CHANGES entry to mention the replay protection capabilities
Fix no-ec
Fix no-cmac
Fix no-psk
Fix no-posix-io compile failure
Fix no-sm2
Fix no-ec
Update copyright year
Prepare for 1.1.1-pre3 release
Michael Richardson (1):
Reduce travis-ci log output
Patrick Steuer (1):
Fix test_out_option
Paul Yang (3):
Check directory is able to create files for various -out option
Add test cases for this -out option check
Fix the type of -out option
Pauli (1):
Missings OIDs for XTS added.
Rich Salz (4):
Make some perl scripts output to stdout
Fix credit for SRP code
Add code to run test, get malloc counts
Revise and cleanup; use strict,warnings
Richard Levitte (61):
configdata.pm: ensure $prefix is defined
crypto/ec/asm/x25519-x86_64.pl: close STDOUT, not $STDOUT
storeutl: make sure s2i_ASN1_INTEGER is correctly declared
Add VMS version of app_dirname()
Check on VMS as well
Enable the -out option test on VMS as well
Adapt 15-test_out_option.t for more than just Unix
Windows makefile: Don't quote generator arguments
Configure: fix small spelling error
opensslconf.h.in: Use all the "openssl_api_defines"
util/dofile.pl: only quote stuff that actually needs quoting
Configurations/unix-Makefile.tmpl: remove assignment of AS and ASFLAGS
Configure et al: rename all dso_* to module_* in shared-info.pl
Make "make variables" config attributes for overridable flags
Add space to asoutflag value where appropriate
Configurations/10-main.conf: Duplicate cflags to cxxflags
config: Pass diverse flags to Configure via the environment
Configure et al: get rid of last traces of plib_lflags / PLIB_LDFLAGS
Configurations/README: update documentation on flags
Configure: disallow the mixture of compiling flags and env / make variables
Make a few more asm modules conform: last argument is output file
Configure: correct the check of env vars vs command line flags
Remove useless -D_ENDIAN from MPE/iX-gcc config
Configure et al: Move the definition of library only flags
Display the library building flags
Restore the display of options with 'openssl version -a'
Configure: don't mangle the directory again when checking DEPEND inclusion
Configure: catch the build tree configdata.pm
Configurations/descrip.mms.tmpl: Fix small errors
CONF: On VMS, treat VMS syntax inclusion paths correctly
CONF inclusion test: Add VMS specific tests
Adjust LPdir_unix.c on VMS for OpenSSL expectations
openssl rehash: no more need to massage the files on VMS
Refactor the 'depend' target
Remove debugging prints from util/add-depends.pl
Remove the temporary file in case it wasn't renamed
Windows build file: make sure to quote
Remove '-Wextra' as default user flags for the Linux clang targets
util/add-depends.pl: sort the dependency files
Streamline dependency generation
util/postprocess-makedepend.pl: For VC, don't include system headers
util/postprocess-makedepend.pl: make an effort to collect dependencies
Windows makefile: don't use different looking variants of same cmd
VMS: add alias macros to avoid 31 character symbol name limit warning
Move all dependency post-processing to util/add-depends.pl
util/add-depends.pl: add the possibility for debug printouts
Visual C: reduce the dependency paths to be relative
VMS C: reduce the dependency paths to be relative
Configure: Don't fail if there were "make variables" set in env
Configure: maintain compability with pre-"make variables" Configure
INSTALL: Add a note about backward compatibility and "make variables"
ts_RESP_sign: Don't try to use v2 signing when ESS digest isn't set
Add a simple method to run regression tests
Stop test/shlibloadtest.c from failing in a regression test
Clarify a couple of details around "make variables"
Support "-min_protocol" and "-max_protocol" in s_server and s_client
In TLSProxy::Proxy, specify TLSv1.3 as maximum allowable protocol
Enhance ssltestlib's create_ssl_ctx_pair to take min and max proto version
Don't generate buildtest_*err.c
s_client, s_server: do generic SSL configuration first, specialization after
crypto/rand/rand_vms.c: include "internal/rand_int.h"
Sebastian Andrzej Siewior (1):
Configure: allow to enable afalgeng if target does not start with Linux
Sergey Zhuravlev (1):
Add GOST OIDs for Edwards parameter sets
Steven Noonan (1):
speed: add ecdhx448 to ecdh choices
Tim Hudson (1):
update SRP copyright notice
Todd Short (6):
If not sending key_share (no TLSv1.3), return appropriately.
Add SSL/SSL_CTX_use_cert_and_key()
Session Ticket app data
Place ticket keys into secure memory
Fix no-sm3 (and no-sm2)
Fix no-sm3/no-sm2 (with strict-warnings)
Tomas Mraz (2):
Add support for .include directive in config files
Apply system_default configuration on SSL_CTX_new().
Viktor Dukhovni (3):
Prepare to detect index changes in OCSP responder.
Implement multi-process OCSP responder.
Make OCSP "multi" compatible with "no-sock" builds.
gmile (1):
Add OIDs for DSTU-4145
knekritz (1):
Avoid unconditional store in CRYPTO_malloc.
xemdetia (1):
Fix documentation link to reference man3
-----------------------------------------------------------------------
More information about the openssl-commits
mailing list