[openssl-commits] [openssl] OpenSSL_1_0_2o create

Matt Caswell matt at openssl.org
Tue Mar 27 14:06:27 UTC 2018

The annotated tag OpenSSL_1_0_2o has been created
        at  d891c9c53470048f5a4ff334bcd2036f9070d3aa (tag)
   tagging  3ce7bc40a3c48da1c96c2d04c10045bd797c6aa3 (commit)
  replaces  OpenSSL_1_0_2n
 tagged by  Matt Caswell
        on  Tue Mar 27 14:55:22 2018 +0100

- Log -----------------------------------------------------------------
OpenSSL 1.0.2o release tag


Andy Polyakov (2):
      ec/ecp_nistp*.c: sanitize for undefined/implmentation-specific behaviour.
      Fix timing leak in BN_from_montgomery_word.

Bernd Edlinger (7):
      Swap the check in ssl3_write_pending to avoid using     the possibly indeterminate pointer value in wpend_buf.
      Remove code that prints "<SPACES/NULS>" in hexdumps     when the data block ends with SPACEs or NULs.
      Fix a possible memory leak in engine_table_register
      Minor style fixup on recent commit     99bb59d at ssl_scan_clienthello_tlsext
      Fix some bugs with the cfb1 bitsize handling
      Fix ecparam -genkey with point compression or DER outform
      Fix dsaparam -genkey with DER outform

Cristian Stoica (2):
      merge two mutual exclusive #ifdefs to improve clarity
      fix several typos in README.gost

David Benjamin (2):
      Make BN_num_bits_word constant-time.
      Don't leak the exponent bit width in BN_mod_exp_mont_consttime.

Dr. Matthias St. Pierre (3):
      Add missing prototype for FIPS callback
      bio_b64.c: prevent base64 filter BIO from decoding out-of-bound data
      BIO_s_mem.pod: fix indirection for out parameter **pp

FdaSilvaYY (1):
      Fix an incoherent test.

Ivan Filenko (1):
      Fix typo in ASN1_STRING_length doc

J Mohan Rao Arisankala (1):
      Cleanup ctxs if callback fail to retrieve session ticket

Jonathan Scalise (1):
      Changed OPENSSL_gmtime so macOS uses threadsafe gmtime_r instead of gmtime.

Konstantin Shemyak (1):
      Corrected 'cms' exit status when key or certificate cannot be opened

Kurt Roeckx (1):
      Fix propotype to include the const qualifier

Matt Caswell (23):
      Prepare for 1.0.2o-dev
      Fix initialisation in fatalerrtest
      Fix the buffer sizing in the fatalerrtest
      Fix a switch statement fallthrough
      Tolerate DTLS alerts with an incorrect version number
      Revert BN_copy() flag copy semantics change
      Don't allow an empty Subject when creating a Certificate
      Don't crash on a missing Subject in index.txt
      Make sure we check an incoming reneg ClientHello in DTLS
      Sanity check the ticket length before using key name/IV
      Improve error handling in pk7_doit
      Free the correct type in OBJ_add_object()
      Revert "Don't allow an empty Subject when creating a Certificate"
      Revert "Don't crash on a missing Subject in index.txt"
      Report a readable error on a duplicate cert in ca app
      Allow multiple entries without a Subject even if unique_subject == yes
      Fix a memory leak in the ca application
      The default conv_form is uncompressed
      Limit ASN.1 constructed types recursive definition depth
      Update CHANGES and NEWS for the new release
      Update copyright year
      make update
      Prepare for 1.0.2o release

Pavel Kopyl (2):
      X509V3_EXT_add_nconf_sk, X509v3_add_ext: fix errors handling
      do_body: fix heap-use-after-free.

Philippe Antoine (1):
      Checks ec_points_format extension size

Rich Salz (5):
      Standardize syntax around sizeof(foo)
      Add fingerprint text, remove MD5
      Fix BN doc
      Add warnings to thread doc.
      Fix credit for SRP code

Richard Levitte (8):
      Remove unicode characters from source
      Remove three test programs that snuck in
      Configure: use a better method to identify gcc and derivates
      Add missing tests to the VMS test scripts
      test/maketests.com: remove irrelevant comment
      Update the license end year
      Remove useless -D_ENDIAN from MPE/iX-gcc config
      crypto/engine/eng_cryptodev.c: don't treat a void* like an array

Samuel Weiser (3):
      Replaced variable-time GCD with consttime inversion to avoid side-channel attacks on RSA key generation
      used ERR set/pop mark
      consttime flag changed

Todd Short (1):
      Fix error-path memory leak in asn_mime.c

Viktor Dukhovni (3):
      Document the X509_V_FLAG_PARTIAL_CHAIN flag
      Add missing comma between references
      Fix wrong case in documentation of -CRLfile option

White_Rabbit (1):
      Update s_client doc adding xmpp as value for -starttls


More information about the openssl-commits mailing list