[openssl-commits] [openssl] OpenSSL_1_1_1-pre6 create

Matt Caswell matt at openssl.org
Tue May 1 13:04:00 UTC 2018

The annotated tag OpenSSL_1_1_1-pre6 has been created
        at  8405ab9edd7fec6449888a80b8b9a96aabc04521 (tag)
   tagging  a910a9e98f08c48c4ea24651a29872e71748f969 (commit)
  replaces  OpenSSL_1_1_1-pre5
 tagged by  Matt Caswell
        on  Tue May 1 13:46:05 2018 +0100

- Log -----------------------------------------------------------------
OpenSSL 1.1.1-pre6 release tag


A. Schulze (1):
      correct spelling errors detected by Debian lintian

Alois Mahdal (1):
      Reflect special `DEFAULT` behavior in ciphers(1)

Andy Polyakov (20):
      apps/s_socket.c: print only dynamically allocated port in do_server.
      TLSProxy/Message.pm: refine end-of-conversation detection logic.
      TLSProxy/Proxy.pm: refine NewSessionTicket detection.
      TLSProxy/Record.pm: add is_fatal_alert method.
      recipes/70-test_ssl{cbcpadding,extension,records}: make it work w/fragmentation.
      TLSProxy/Proxy.pm: preclude output intermix.
      apps/s_socket.c: fix memory sanitizer problem in ACCEPT printout.
      .travis.yml: switch to newer osx image.
      sha/asm/keccak1600-armv8.pl: halve the size of hw-assisted subroutine.
      Configure: add $target{keccak1600_asm_src}.
      sha/asm/keccak1600-x86_64.pl: make it work on Windows.
      00-base-templates.conf: wire keccak1600-x86_64 module.
      00-base-templates.conf: wire keccak1600-armv8 module.
      00-base-templates.conf: wire keccak1600-s390x module.
      00-base-templates.conf: wire keccak1600-ppc64 module.
      sha/asm/keccak1600-armv4.pl: adapt for multi-platform.
      00-base-templates.conf: wire keccak1600-armv4 module.
      ARM assembly pack: make it work with older assembler.
      Configurations/10-main.conf: force no-engine on ios targets.
      Configurations/unix-Makefile.tmpl: harmonize with no-engine.

Beat Bolli (1):
      Clarify the configuration module in config.pod

Bernd Edlinger (8):
      Add a config option to disable automatic config loading
      Clear buffer in PEM_write_bio
      Ensure the thread keys are always allocated in the same order
      Fix building linux-armv4 with --strict-warnings
      Wait max. 60 seconds for s_client to connect
      Fix memleaks in async api
      Fix drbg thread cleanup and error handling
      Don't cleanup uninitialized thread local slots

Billy Brumley (4):
      Elliptic curve scalar multiplication with timing attack defenses
      ladder description: why it works
      Remove superfluous NULL checks. Add Andy's BN_FLG comment.
      fix: BN_swap mishandles flags

Davide Galassi (1):
      BIGNUM signed add/sub routines refactory

Dr. Matthias St. Pierre (8):
      DRBG: fix coverity issues
      p5_scrypt.c: fix error check of RAND_bytes() call
      SSL_CTX_set_tlsext_ticket_key_cb.pod: fix error check of RAND_bytes() call
      openssl/ssl.h: restore some renamed public SSL_CTRL defines
      openssl/err.h: remove duplicate OSSL_STOREerr()
      a_strex.c: improve documentation of 'tag2nbyte' lookup table
      x509/by_dir.c: Remove dead code
      Fix mixed indentation (and other whitespace issues)

FdaSilvaYY (3):
      Style: ssl.h
      X509: add more error codes on malloc or sk_TYP_push failure
      Add missing error code when alloc-return-null

Kurt Roeckx (4):
      Document supported digest functions
      Add support for getrandom() or equivalent system calls and use them by default
      Fix usage of ossl_assert()
      Use the config file from the source not the host for the tests

Matt Caswell (34):
      Ignore the status_request extension in a resumption handshake
      Call the info callback on all handshake done events
      Make sure info callback knows about all handshake start events
      Add a test for the info callback
      Update the info callback documentation for TLSv1.3
      Update fingerprints.txt
      Fix assertion failure in SSL_set_bio()
      Extend the SSL_set_bio() tests
      Check the return from EVP_PKEY_get0_DH()
      Fix a memory leak in an error path
      Update EVP_DigestSignInit() docs
      Correct an ommission in the EVP_DigestSignInit docs
      Fix no-ec
      Fix ocsp app exit code
      Don't crash if there are no trusted certs
      Add a test for a NULL X509_STORE in X509_STORE_CTX_init
      Make sure SSL_in_init() returns 0 at SSL_CB_HANDSHAKE_DONE
      Test the state of SSL_in_init() from the info_callback
      Fix SSL_pending() for DTLS
      Add a test for SSL_pending()
      Improve backwards compat with 1.0.2 for ECDHParameters
      Remove some logically dead code
      Document when a session gets removed from cache
      Allow TLSv1.3 EC certs to use compressed points
      Don't build AFALG on android
      In a reneg use the same client_version we used last time
      Add a test to verify the ClientHello version is the same in a reneg
      Fix the MAX_CURVELIST definition
      Fix documentation for the -showcerts s_client option
      Fix typo in the definition of tls13_ciphers
      Update the *use_certificate* docs
      Update version docs
      Update copyright year
      Prepare for 1.1.1-pre6 release

Nicola Tuveri (5):
      Address code style comments
      Pass through
      Move up check for EC_R_INCOMPATIBLE_OBJECTS and for the point at infinity case
      [SM2_sign] fix double free and return value
      [SM2_sign] add minimal EVP_PKEY functionality testing

Peter Wu (4):
      Add support for logging TLS 1.3 exporter secret
      Add test for CLIENT_EARLY_TRAFFIC_SECRET key logging
      Add support for logging early exporter secret
      test: Remove redundant SSL_CTX_set_max_early_data

Rahul Chaudhry (1):
      poly1305/asm/poly1305-armv4.pl: remove unintentional relocation.

Rich Salz (2):
      Add missing malloc-return-null instance
      Fix last(?) batch of malloc-NULL places

Richard Levitte (18):
      Prepare for 1.1.1-pre6-dev
      Don't distribute team internal config targets
      Enable all implemented digests
      Fix late opening of output file
      Fix openssl ca, to correctly make output file binary when using -spkac
      test/recipes/15-test_out_option.t: refine tests
      Revert "Check on VMS as well"
      Revert "Add VMS version of app_dirname()"
      Revert "Check directory is able to create files for various -out option"
      Better check of return values from app_isdir and app_access
      apps/opt.c: Remove the access checks of input and output files
      ms/uplink-x86.pl: close the file handle that was opened
      openssl rehash: exit 0 on warnings, same as c_rehash
      PEM_def_callback(): don't loop because of too short password given
      PEM_def_callback(): use same parameter names as for pem_password_cb
      Use  get_last_sys_error() instead of get_last_rtl_error()
      15-test_out_option: Refactor and don't test directory write on VMS
      apps/s_server.c: Avoid unused variable due to 'no-dtls'

Viktor Dukhovni (1):
      Add missing index_index() when reloading OCSP responder


More information about the openssl-commits mailing list