[openssl-commits] [openssl] OpenSSL_1_1_1-pre3 create

Matt Caswell matt at openssl.org
Tue Mar 20 14:00:02 UTC 2018

The annotated tag OpenSSL_1_1_1-pre3 has been created
        at  096f15afa75dec6afbab7673825044e11ea1df4e (tag)
   tagging  be2df12a349eae53805dd3cb19aa18e3d022acd7 (commit)
  replaces  OpenSSL_1_1_1-pre2
 tagged by  Matt Caswell
        on  Tue Mar 20 13:13:56 2018 +0000

- Log -----------------------------------------------------------------
OpenSSL 1.1.1-pre3 release tag


Alex Gaynor (7):
      Fixed a typo in a man page
      Fixed a typo in a man page
      Fix a typo in the s_client man page
      Corrected two typos in a man page
      Fixed several readability issues in DH_generate_parameters.pod
      Fixed a spelling mistake in ASN1_TIME_set.pod
      Fixed a handful of typos

Andy Polyakov (23):
      ec/asm/x25519-x86_64.pl: remove redundant carry chain.
      ec/curve448/curve448.c: fix undefined behaviour sanitizer failure.
      ec/curve448/f_generic.c: fix VC-WIN32 debug build failure.
      mem_sec.c: portability fixup.
      test/ctype_internal_test.c: portability fixup.
      Configurations/10-main.conf: add -fno-common back to darwin-ppc-cc.
      crypto/armcap.c: mask SHA512 hardware detection on iOS.
      Configurations/10-main.conf: amend out-dated comments.
      Configurations/windows-makefile.tmpl: simplify install-path "flavour"-ing.
      Configurations/50-win-onecore.conf: add Windows 10 OneCore targets.
      Configurations/unix-Makefile.tmpl: overhaul assembler make rules.
      Configurations/10-main.conf: VC-<target> cleanups.
      mem_sec.c: portability fixup.
      store/loader_file.c: rename variables causing conflicts with Android NDK.
      ec/curve25519.c: resolve regression with Android NDK's arm64 gcc.
      Configurations/*.conf: overhaul Android targets.
      NOTES.WIN: classify targets to "native" and "hosted" and restructure.
      Configure: pass -no-integrated-as.
      Configurations/15-android.conf: refine clang support.
      MIPS assembly pack: default heuristic detection to little-endian.
      Configurations/15-android.conf: default to RC4_CHAR whenever possible.
      Configurations/15-android.conf: detect clang by PATH, not by CC.

Ben Kaduk (2):
      Fix doc-nits
      Attempt to fix boringssl tests

Benjamin Kaduk (4):
      Do not set a nonzero default max_early_data
      Fix type error in PEM processing
      Reuse extension_is_relevant() in should_add_extension()
      Document more X509_STORE functions

Benjamin Saunders (1):
      Introduce SSL_CTX_set_stateless_cookie_{generate,verify}_cb

Bernd Edlinger (8):
      Fix a possible memory leak in engine_table_register
      Fix a bunch of gcc warnings in packettest.c
      Fix error handling in b2i_dss and b2i_rsa
      Fixed a crash in error handing of rand_drbg_new
      Fix a memory leak in n_ssl3_mac
      Fix a memory leak in tls1_mac
      Fix a crash in SSLfatal due to invalid enc_write_ctx
      Fix bio callback backward compatibility

Brad Spencer (1):
      Test the result of CMS_RecipientInfo_ktri_get0_algs() before using its output in rsa_cms_encrypt().

Bryan Donlan (1):
      Fix issues in ia32 RDRAND asm leading to reduced entropy

David Benjamin (1):
      Always use adr with __thumb2__.

David Makepeace (1):
      Fixed typo in description of EVP_CIPHER_meth_set_iv_length().

Dr. Matthias St. Pierre (7):
      bio_b64.c: prevent base64 filter BIO from decoding out-of-bound data
      BIO_s_mem.pod: fix indirection for out parameter **pp
      RAND_DRBG: add a function for setting the reseeding defaults
      Publish the RAND_DRBG API
      RAND_DRBG: add a function for setting the default DRBG type and flags
      Fix miscellaneous typos in docs and source
      Fix: drbgtest fails when tests are executed in random order

FdaSilvaYY (1):
      Duplicate entries ssl_handshake_tbl trace entries...

Ivan Filenko (1):
      Fix typo in ASN1_STRING_length doc

Jack Lloyd (3):
      Add SM2 signature and ECIES schemes
      Support SM2 ECIES scheme via EVP
      Handle evp_tests assumption of EVP_PKEY_FLAG_AUTOARGLEN

JeffZhao (1):
      engines/asm/e_padlock*: add support for Zhaoxin's x86 platform

Kurt Roeckx (9):
      Tell the ciphers which DRBG to use for generating random bytes.
      bnrand_range: Always call bnrand() with the correct flag
      Check the parent DRBG's strength
      Fix propotype to include the const qualifier
      Propagate the request for prediction resistance to the get entropy call
      Return error when trying to use prediction resistance
      Make the public and private DRBG thread local
      Don't use a ssl specific DRBG anymore
      Add a multithread rand test

Matt Caswell (66):
      Prepare for 1.1.1-pre3-dev
      Add pkey types for curve448
      Integrate X448 and Ed448 into libcrypto
      Update some documentation for X448/Ed448
      Add test vectors for X448 and Ed448
      Update CHANGES for X448 and Ed448
      Add X448/Ed448 support to libssl
      Update tests for TLS Ed448
      Update CHANGES for X448/Ed448 support in libssl
      Fix status_request and SCT extensions
      Remove OPENSSL_USE_NODELETE guards in shlibloadtest
      Tolerate TLSv1.3 PSKs that are a different size to the hash size
      Fallback on old style PSK callbacks if the new style ones aren't present
      Update documentation for the new PSK behaviour
      Test the new PSK behaviour
      Give more information in the SSL_stateless return code
      Don't negotiate TLSv1.3 with the ossl_shim
      Improve error handling in pk7_doit
      Fix enable-ssl-trace
      Free the correct type in OBJ_add_object()
      Use the TLSv1.3 record header as AAD
      Only allow supported_versions in a TLSv1.3 ServerHello
      Update version numbers for TLSv1.3 draft-26
      Split configuration of TLSv1.3 ciphers from older ciphers
      Update s_time to be allow configuration of TLSv1.3 ciphersuites
      Add documentation for TLSv1.3 ciphersuite configuration
      Update CHANGES with details of TLSv1.3 ciphersuite configuration
      Fix clienthellotest for new TLSv1.3 ciphersuite configuration
      Put the default set of TLSv1.3 ciphersuites in a header file
      Fix an error number clash
      Fix no-ec
      Only update the server session cache when the session is ready
      Add functions to create an EVP_PKEY from raw private/public key data
      Add support for setting raw private/public 25519/448 keys
      Add support for setting raw private HMAC keys
      Add support for setting raw private SIPHASH keys
      Add support for setting raw private Poly1305 keys
      Add the function EVP_PKEY_new_CMAC_key()
      Update the tests to use the new EVP_PKEY_new_private_key() function
      Add documentation for the newly added EVP_PKEY_new*() functions
      Add PrivateKeyRaw and PublicKeyRaw support to evp_test
      Add some test vectors for testing raw 448/25519 keys
      Expand the 25519/448 overview man pages
      Make sure all errors go on the stack in the EVP_PKEY_new*() functions
      Add functions for setting the new EVP_PKEY_ASN1_METHOD functions
      Rename EVP_PKEY_new_private_key()/EVP_PKEY_new_public_key()
      Revert "Don't crash on a missing Subject in index.txt"
      Revert "Don't allow an empty Subject when creating a Certificate"
      Report a readable error on a duplicate cert in ca app
      Allow multiple entries without a Subject even if unique_subject == yes
      Fix a memory leak in the ca application
      Fix no-chacha and no-poly1305
      Always call the new_session_cb when issuing a NewSessionTicket in TLSv1.3
      Don't update the session cache when processing a client certificate in TLSv1.3
      Add an anti-replay mechanism
      Add a test for 0RTT replay protection
      Document the replay protection capabilities
      Add a CHANGES entry to mention the replay protection capabilities
      Fix no-ec
      Fix no-cmac
      Fix no-psk
      Fix no-posix-io compile failure
      Fix no-sm2
      Fix no-ec
      Update copyright year
      Prepare for 1.1.1-pre3 release

Michael Richardson (1):
      Reduce travis-ci log output

Patrick Steuer (1):
      Fix test_out_option

Paul Yang (3):
      Check directory is able to create files for various -out option
      Add test cases for this -out option check
      Fix the type of -out option

Pauli (1):
      Missings OIDs for XTS added.

Rich Salz (4):
      Make some perl scripts output to stdout
      Fix credit for SRP code
      Add code to run test, get malloc counts
      Revise and cleanup; use strict,warnings

Richard Levitte (61):
      configdata.pm: ensure $prefix is defined
      crypto/ec/asm/x25519-x86_64.pl: close STDOUT, not $STDOUT
      storeutl: make sure s2i_ASN1_INTEGER is correctly declared
      Add VMS version of app_dirname()
      Check on VMS as well
      Enable the -out option test on VMS as well
      Adapt 15-test_out_option.t for more than just Unix
      Windows makefile: Don't quote generator arguments
      Configure: fix small spelling error
      opensslconf.h.in: Use all the "openssl_api_defines"
      util/dofile.pl: only quote stuff that actually needs quoting
      Configurations/unix-Makefile.tmpl: remove assignment of AS and ASFLAGS
      Configure et al: rename all dso_* to module_* in shared-info.pl
      Make "make variables" config attributes for overridable flags
      Add space to asoutflag value where appropriate
      Configurations/10-main.conf: Duplicate cflags to cxxflags
      config: Pass diverse flags to Configure via the environment
      Configure et al: get rid of last traces of plib_lflags / PLIB_LDFLAGS
      Configurations/README: update documentation on flags
      Configure: disallow the mixture of compiling flags and env / make variables
      Make a few more asm modules conform: last argument is output file
      Configure: correct the check of env vars vs command line flags
      Remove useless -D_ENDIAN from MPE/iX-gcc config
      Configure et al: Move the definition of library only flags
      Display the library building flags
      Restore the display of options with 'openssl version -a'
      Configure: don't mangle the directory again when checking DEPEND inclusion
      Configure: catch the build tree configdata.pm
      Configurations/descrip.mms.tmpl: Fix small errors
      CONF: On VMS, treat VMS syntax inclusion paths correctly
      CONF inclusion test: Add VMS specific tests
      Adjust LPdir_unix.c on VMS for OpenSSL expectations
      openssl rehash: no more need to massage the files on VMS
      Refactor the 'depend' target
      Remove debugging prints from util/add-depends.pl
      Remove the temporary file in case it wasn't renamed
      Windows build file: make sure to quote
      Remove '-Wextra' as default user flags for the Linux clang targets
      util/add-depends.pl: sort the dependency files
      Streamline dependency generation
      util/postprocess-makedepend.pl: For VC, don't include system headers
      util/postprocess-makedepend.pl: make an effort to collect dependencies
      Windows makefile: don't use different looking variants of same cmd
      VMS: add alias macros to avoid 31 character symbol name limit warning
      Move all dependency post-processing to util/add-depends.pl
      util/add-depends.pl: add the possibility for debug printouts
      Visual C: reduce the dependency paths to be relative
      VMS C: reduce the dependency paths to be relative
      Configure: Don't fail if there were "make variables" set in env
      Configure: maintain compability with pre-"make variables" Configure
      INSTALL: Add a note about backward compatibility and "make variables"
      ts_RESP_sign: Don't try to use v2 signing when ESS digest isn't set
      Add a simple method to run regression tests
      Stop test/shlibloadtest.c from failing in a regression test
      Clarify a couple of details around "make variables"
      Support "-min_protocol" and "-max_protocol" in s_server and s_client
      In TLSProxy::Proxy, specify TLSv1.3 as maximum allowable protocol
      Enhance ssltestlib's create_ssl_ctx_pair to take min and max proto version
      Don't generate buildtest_*err.c
      s_client, s_server: do generic SSL configuration first, specialization after
      crypto/rand/rand_vms.c: include "internal/rand_int.h"

Sebastian Andrzej Siewior (1):
      Configure: allow to enable afalgeng if target does not start with Linux

Sergey Zhuravlev (1):
      Add GOST OIDs for Edwards parameter sets

Steven Noonan (1):
      speed: add ecdhx448 to ecdh choices

Tim Hudson (1):
      update SRP copyright notice

Todd Short (6):
      If not sending key_share (no TLSv1.3), return appropriately.
      Add SSL/SSL_CTX_use_cert_and_key()
      Session Ticket app data
      Place ticket keys into secure memory
      Fix no-sm3 (and no-sm2)
      Fix no-sm3/no-sm2 (with strict-warnings)

Tomas Mraz (2):
      Add support for .include directive in config files
      Apply system_default configuration on SSL_CTX_new().

Viktor Dukhovni (3):
      Prepare to detect index changes in OCSP responder.
      Implement multi-process OCSP responder.
      Make OCSP "multi" compatible with "no-sock" builds.

gmile (1):
      Add OIDs for DSTU-4145

knekritz (1):
      Avoid unconditional store in CRYPTO_malloc.

xemdetia (1):
      Fix documentation link to reference man3


More information about the openssl-commits mailing list