[openssl-commits] [openssl] OpenSSL_1_1_0h create

Matt Caswell matt at openssl.org
Tue Mar 27 14:06:27 UTC 2018

The annotated tag OpenSSL_1_1_0h has been created
        at  09deb2c8c8b843c3a5b28c5c7ee021bb0487c6f9 (tag)
   tagging  d4e4bd2a8163f355fa8a3884077eaec7adc75ff7 (commit)
  replaces  OpenSSL_1_1_0g
 tagged by  Matt Caswell
        on  Tue Mar 27 14:50:36 2018 +0100

- Log -----------------------------------------------------------------
OpenSSL 1.1.0h release tag


Alex Gaynor (1):
      Fixed a typo in a man page

Andy Polyakov (14):
      aes/asm/{aes-armv4|bsaes-armv7}.pl: make it work with binutils-2.29.
      rc4/build.info: fix HP-UX rc4-ia64 rule.
      Configurations/unix-Makefile.tmpl: fix HP-UX build.
      util/copy.pl: work around glob quirk in some of earlier 5.1x Perl versions.
      asn1/a_strex.c: fix flags truncation in do_esc_char.
      bn/bn_add.c: address performance regression.
      bn/asm/rsaz-avx2.pl: fix digit correction bug in rsaz_1024_mul_avx2.
      ec/ecp_nistp*.c: sanitize for undefined/implmentation-specific behaviour.
      test/recipes/80-test_pkcs12.t: handle lack of Win32::API.
      mem_sec.c: relax POSIX requirement.
      mem_sec.c: portability fixup.
      Configurations/10-main.conf: add -fno-common back to darwin-ppc-cc.
      Configurations/unix-Makefile.tmpl: overhaul assembler make rules.
      pariscid.pl: fix nasty typo in CRYPTO_memcmp.

Ben Kaduk (2):
      make update
      Fix more OCSP_resp_get0_signer() nits

Benjamin Kaduk (7):
      Fix typo in comment
      Add an API to get the signer of an OCSP response
      Add OCSP API test executable
      Fix coverity-reported errors in ocspapitest
      Wrap more of ocspapitest.c in OPENSSL_NO_OCSP
      Fix strict-warnings build on FreeBSD
      Do not cache sessions with zero sid_ctx_length when SSL_VERIFY_PEER

Bernd Edlinger (24):
      Remove test-runs dir
      Fix a gcc fallthru warning
      Fix invalid function type casts.     Rename bio_info_cb to BIO_info_cb.
      Stop using unimplemented cipher classes.     Add comments to no longer usable ciphers.
      Catch SIGPIPE in TLSProxy::Proxy::clientstart
      Explicitly shut the socket down in s_client
      Use constant value 1 instead of SHUT_WR in do_server
      Set OPENSSL_ENGINES for Windows
      Add a configure option to opt-out secure memory
      Fix setting of IPV6_V6ONLY on Windows
      Make the s_server command listen on IPv6 only when requested
      Fix some style nits in commit eee8a40
      Swap the check in ssl3_write_pending to avoid using     the possibly indeterminate pointer value in wpend_buf.
      Remove code that prints "<SPACES/NULS>" in hexdumps     when the data block ends with SPACEs or NULs.
      Fix some bugs with the cfb1 bitsize handling
      Fix a possible memory leak in engine_table_register
      Fix error handling in b2i_dss and b2i_rsa
      Fix a memory leak in n_ssl3_mac
      Fix a memory leak in tls1_mac
      Cleanup the s_time command.
      Handle partial messages in TLSProxy
      Fix ecparam -genkey with point compression or DER outform
      Fix dsaparam -genkey with DER outform
      Previously this x509 command line was working, restore that

Brad Spencer (1):
      Test the result of CMS_RecipientInfo_ktri_get0_algs() before using its output in rsa_cms_encrypt().

Christian Heimes (1):
      Fix signature of min/max proto getter

Daniel Bevenius (3):
      Correct minor typo in ssl_locl.h comment
      Make BIO_METHOD struct definitions consistent
      Add comments to NULL func ptrs in bio_method_st

David Benjamin (5):
      Pretty-print large INTEGERs and ENUMERATEDs in hex.
      Make BN_num_bits_word constant-time.
      Don't leak the exponent bit width in BN_mod_exp_mont_consttime.
      Fix timing leak in BN_from_montgomery_word.
      Always use adr with __thumb2__.

David von Oheimb (1):
      Various small build improvements on mkdef.pl, progs.pl

Dr. Matthias St. Pierre (3):
      bio_b64.c: prevent base64 filter BIO from decoding out-of-bound data
      d2i_X509.pod: clarify usage of the 'pp' function parameter
      BIO_s_mem.pod: fix indirection for out parameter **pp

FdaSilvaYY (5):
      Spelling doc #3580     Duplicated tests descriptions
      Fix possible leaks on sk_X509_EXTENSION_push() failure ...
      Fix docs for EVP_EncryptUpdate and EVP_DecryptUpdate
      Fix an incoherent test.
      Useless conf != NULL test

Ivan Filenko (1):
      Fix typo in ASN1_STRING_length doc

Johannes Bauer (1):
      Make pkeyutl a bit more user-friendly

Konstantin Shemyak (1):
      Corrected 'cms' exit status when key or certificate cannot be opened

Kurt Roeckx (1):
      Fix propotype to include the const qualifier

Long Qin (1):
      lhash.c: Replace Unicode EN DASH with the ASCII char '-'.

Markus Sauermann (1):
      Adjusted Argument Indices     CLA: trivial

Massimiliano Pala (1):
      Add X509_get0_authority_key_id() function

Matt Caswell (37):
      Prepare for 1.1.0h-dev
      Remove 4 broken macros from ocsp.h
      Fix race condition in TLSProxy
      Mark a zero length record as read
      Add a test for CVE-2017-3737
      Update CHANGES and NEWS for the new release
      Fix the buffer sizing in the fatalerrtest
      Fix a switch statement fallthrough
      Tolerate DTLS alerts with an incorrect version number
      Revert BN_copy() flag copy semantics change
      Extend timeout for TLSProxy
      Don't allow an empty Subject when creating a Certificate
      Don't crash on a missing Subject in index.txt
      Don't attempt to use X25519 for ECDSA in speed
      Make sure we check an incoming reneg ClientHello in DTLS
      Add the SSL_OP_NO_RENEGOTIATION option to 1.1.0
      Update CHANGES with info about SSL_OP_NO_RENGOTIATION
      Don't calculate the Finished MAC twice
      Copy dlls into fuzz directory
      The function X509_gmtime_adj() can fail
      Check the return code from ASN1_TIME_diff()
      Sanity check the ticket length before using key name/IV
      Improve error handling in pk7_doit
      Free the correct type in OBJ_add_object()
      Revert "Don't crash on a missing Subject in index.txt"
      Revert "Don't allow an empty Subject when creating a Certificate"
      Report a readable error on a duplicate cert in ca app
      Allow multiple entries without a Subject even if unique_subject == yes
      Fix a memory leak in the ca application
      Check for alerts while waiting for a dry event
      Don't wait for dry at the end of a handshake
      The default conv_form is uncompressed
      Limit ASN.1 constructed types recursive definition depth
      Add fuzz corpora file that found the ASN.1 stack depth issue
      Update CHANGES and NEWS for the new release
      Update copyright year
      Prepare for 1.1.0h release

MerQGh (1):
      Update eng_fat.c

Michael Richardson (1):

Patrick Schlangen (1):
      Make data argument const in SSL_dane_tlsa_add

Patrick Steuer (2):
      crypto/bio/bss_dgram.c: annotate fallthrough (-Wimplicit-fallthrough)
      Document OPENSSL_ENGINES environment variable

Pauli (1):
      Remove mentioned link between message digests and public key algorithms.

Pavel Kopyl (4):
      Check return value of OBJ_nid2obj in dsa_pub_encode.
      Add error handling in dsa_main and ASN1_i2d_bio.
      X509V3_EXT_add_nconf_sk, X509v3_add_ext: fix errors handling
      do_body: fix heap-use-after-free.

Per Sandström (1):
      Update EC_POINT_new.pod

Rich Salz (10):
      Check for malloc failure
      Standardize syntax of sizeof(foo)
      Fix typo that cause find-doc-nits failure
      Remove old config that used non-exist util script
      Add fingerprint text, remove MD5
      Fix BN doc
      Check # of arguments for remaining commands.
      Remove unused file
      Copy name string in BIO_meth_new
      Fix credit for SRP code

Richard Levitte (65):
      Travis: if "make update" created a diff, please show it
      Perl: Use our own globbing wrapper rather than File::Glob::glob
      Consolidate the locations where we have our internal perl modules
      Configure: cleanup @disable_cascade
      Avoid unnecessary MSYS2 conversion of some arguments
      Correct EVP_CIPHER_meth_new.pod and EVP_MD_meth_new.pod
      Fix EVP_MD_meth_new.pod
      Remove unicode characters from source
      In OPENSSL_init_ssl(), run the base ssl init before OPENSSL_init_crypto()
      In apps_startup(), call OPENSSL_init_ssl() rather than OPENSSL_init_crypto()
      Fix leak in ERR_get_state() when OPENSSL_init_crypto() isn't called yet
      CHANGES: Document the removal of OS390-Unix
      Clean up uClinux targets
      Update copyright years on all files merged since Jan 1st 2018
      Configure: try to make sure every config target name is unique
      Fix intermittent Cygwin failures in s_client
      Fix intermittent Windows and Cygwin failures in s_server
      TLSProxy::Proxy:  If we don't support IPv6, force IPv4
      TLSProxy::Proxy: don't waste time redirecting STDOUT and STDERR
      TLSProxy::Proxy: Don't use ReuseAddr on Windows
      Cygwin is POSIX, don't say it isn't
      Simplify Cygwin checks, part 1
      The Cygwin gcc doesn't define _WIN32, don't pretend it does
      Only implement secure malloc if _POSIX_VERSION allows
      Create one permanent proxy socket per TLSProxy::Proxy instance
      Enable TLSProxy tests on Windows
      Update the license end year
      Add anything specifying a threads library to ex_libs
      Don't add $(EX_LIBS) to libssl.pc's Libs.private
      Revert "EVP_PKEY_asn1_add0(): Check that this method isn't already registered"
      Have EVP_PKEY_asn1_find_str() work more like EVP_PKEY_asn1_find()
      Configure: let INCLUDEs set on binaries "trickle down" to the objects
      Configure: ensure that a DEPEND generates the correct inclusion directory
      VMS config.com: better handling of arguments
      Don't break testing when runnins as root
      Remove $no_sse2, as it's just a 'copy' of $disabled{sse2}
      Don't define OPENSSL_NO_ERR for the command line
      BIO: at the end of BIO_new, declare the BIO inited if no create method present
      Remove "dummy" BIO create and destroy functions
      Make all private functions in e_afalg.c static
      util/mkdef.pl: Trust configdata.pm
      util/mkdef.pl: use better array in search of 'DEPRECATEDIN_'
      util/mkdef.pl: Fix incomplete cherry-pick
      Add the target 'build_all_generated'
      Fix bug in BIO_f_linebuffer()
      Configure: if a file is generated, never assume it's in the source dir
      OpenSSL::Test::quotify: put quotes around empty arguments
      test_ssl_old: avoid empty strings for flags
      Windows makefile: Don't quote generator arguments
      opensslconf.h.in: Use all the "openssl_api_defines"
      util/dofile.pl: only quote stuff that actually needs quoting
      Configurations/unix-Makefile.tmpl: remove assignment of AS and ASFLAGS
      Make a few more asm modules conform: last argument is output file
      Remove useless -D_ENDIAN from MPE/iX-gcc config
      Restore the display of options with 'openssl version -a'
      Configure: don't mangle the directory again when checking DEPEND inclusion
      Configure: catch the build tree configdata.pm
      Windows makefile: don't use different looking variants of same cmd
      Add a simple method to run regression tests
      Stop test/shlibloadtest.c from failing in a regression test
      Support "-min_protocol" and "-max_protocol" in s_server and s_client
      In TLSProxy::Proxy, specify TLSv1.2 as maximum allowable protocol
      Enhance ssltestlib's create_ssl_ctx_pair to take min and max proto version
      s_client, s_server: do generic SSL configuration first, specialization after
      Copy the produced .dll files to fuzz/ as well (Cygwin & mingw)

Samuel Weiser (3):
      Replaced variable-time GCD with consttime inversion to avoid side-channel attacks on RSA key generation
      used ERR set/pop mark
      consttime flag changed

Steffan Karger (1):
      Fix SSL_CTX_get_{min,max}_proto_version integer conversion warning

Todd Short (1):
      Fix error-path memory leak in asn_mime.c

Viktor Dukhovni (5):
      Make possible variant SONAMEs and symbol versions
      Document the X509_V_FLAG_PARTIAL_CHAIN flag
      Add x509(1) reference
      Avoid leaking peername data via accept BIOs
      Avoid fragile aliasing of SHA224/384 update/final

knekritz (1):
      Avoid unconditional store in CRYPTO_malloc.

pass86 (1):
      Fix spelling: adroideabi -> androideabi


More information about the openssl-commits mailing list