[openssl-commits] [openssl] OpenSSL_1_1_1-pre7 create
Matt Caswell
matt at openssl.org
Tue May 29 12:33:38 UTC 2018
The annotated tag OpenSSL_1_1_1-pre7 has been created
at adaec2127242c947faae55f4326893bf1e47d9c3 (tag)
tagging 77cdad318446ca8ea2ba8294d9e70891b59503e2 (commit)
replaces OpenSSL_1_1_1-pre6
tagged by Matt Caswell
on Tue May 29 13:20:01 2018 +0100
- Log -----------------------------------------------------------------
OpenSSL 1.1.1-pre7 release tag
-----BEGIN PGP SIGNATURE-----
iQFFBAABCgAvFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAlsNRXERHG1hdHRAb3Bl
bnNzbC5vcmcACgkQ2cTSbQ5gRJHk5gf+Im90MzzBEZbwCk55RR9X47fO9zP0tHtE
1GW/8U/7W4RJAK8jc8uKhZs0NxoRHlZo9pKVE3ZQCy6AErwjro6BBv/+5qXyOjJA
OKFu9RlUMNdMx9SpDpR61BxZpgUWibY/LPLfbCRneaWej+lnV41GQfYAL9PgDYjG
V8ZlVp0uC8SndulKnU/bnID2U3uK4nhU6a/PY/NshnVL1TyPkOTQmRo5U0aHPUec
gWYunSc3tS6Ydg889B8fRuM1FZ5srD/+KH5JxSLbgm/DIzIfttzbxRHbjCHNv09/
MRJ9lAoDUkwjv3lQqguIEdC1K9m7LKDH4ja9oQ5i1YiJiTyD77d5BQ==
=EsTs
-----END PGP SIGNATURE-----
Andy Polyakov (10):
bn/asm/*-mont.pl: harmonize with BN_from_montgomery_word.
Configure: move --noexecstack probe to Configure.
Configure: pass more suitable argument to compiler_predefined().
.travis.yml: minor facelift
.travis.yml: temporarily mask gcc-5 ubsan build.
ec/ec_mult.c: get BN_CTX_start,end sequence right.
.travis.yml: add pair of linux-ppc64le targets.
PPC assembly pack: add POWER9 results.
windows-makefile.tmpl: delete export library prior link.
apps/s_socket.c: address rare TLSProxy failures on Windows.
Benjamin Kaduk (1):
Fix regression with session cache use by clients
Bernd Edlinger (4):
Improve error handling in rand_init function
Fix --strict-warnings build of ppc-linux target
Fix array bounds violation in ssl_session_dup
Try to work around ubuntu gcc-5 ubsan build failure
Billy Brumley (3):
ECDSA: remove nonce padding (delegated to EC_POINT_mul)
ECC: unify generic ec2 and ecp scalar multiplication, deprecate ec2_mult.c
Add blinding in BN_GF2m_mod_inv for binary field inversions
David Benjamin (3):
Fix explicit EC curve encoding.
Use OPENSSL_EC_EXPLICIT_CURVE constant.
Save and restore the Windows error around TlsGetValue.
Dr. Matthias St. Pierre (12):
a_strex.c: prevent out of bound read in do_buf()
v3_purp.c: add locking to x509v3_cache_extensions()
Fix typos in x509 documentation
Fix typo: 'is an error occurred' in documentation
DH: add simple getters for commonly used DH struct members
DH: add some basic tests (and comments)
util/libcrypto.num: fix symbol collision between 1.1.0 and master
DH: fix: add simple getters for commonly used struct members
DSA: add simple getters for commonly used struct members
RSA: add simple getters for commonly used struct members
ECDSA_SIG: add simple getters for commonly used struct members
ECDSA_SIG: restore doc comments which were deleted accidentally
FdaSilvaYY (5):
apps/speed.c: merge parameters defining EC curves to test ...
opensslconf.h inclusion cleanup No need to buildtest on opensslconf.h
windows-makefile.tmpl: rearrange cleanup commands to avoid ...
apps/speed: fix possible OOB access in some EC arrays
apps/speed: Add brainpool curves support
Gregor Jasny (1):
NOTES.ANDROID: fix typo in build notes
Kurt Roeckx (4):
rsaz_avx2_eligible doesn't take parameters
Use void in all function definitions that do not take any arguments
Set sess to NULL after freeing it.
Enable SSL_MODE_AUTO_RETRY by default
Matt Caswell (55):
Prepare for 1.1.1-pre7-dev
Fix some errors and missing info in the CMS docs
Clarify BN_mod_exp docs
Add getter for X509_VERIFY_PARAM_get_hostflags
Add a note about Nagle's algorithm on the SSL_connect man page
Fix SSL_get_shared_ciphers()
Fix comment in ssl_locl.h
Add some documentation for SSL_get_shared_ciphers()
Fix a bug in create_ssl_ctx_pair()
Add a test for SSL_get_shared_ciphers()
Make X509_VERIFY_PARAM_get_hostflags() take a const arg
Return an error from BN_mod_inverse if n is 1 (or -1)
Fix a mem leak in CMS
Add a CMS API test
Don't fail on an out-of-order CCS in DTLS
Fix s_client and s_server so that they correctly handle the DTLS timer
Only auto-retry for DTLS if configured to do so
Keep the DTLS timer running after the end of the handshake if appropriate
Add a DTLS test for dropped records
Fix no-tls1_2, no-tls1_2-method, no-chacha and no-poly1305
Fix no-cms
Set the ossl_shim to auto retry if not running asynchronously
Prefer SHA-256 ciphersuites if using old style PSKs
Provide documentation for the -psk_session option
Test an old style PSK callback with no cert will prefer SHA-256
Mark DTLS records as read when we have finished with them
Don't set TCP_NODELAY on a UDP socket
Add some more SSL_pending() and SSL_has_pending() tests
Flush server side unauthenticated writes
Fix ticket callbacks in TLSv1.3
Document when a new session ticket gets created on resumption
Add a test for the ticket callbacks
Fix mem leak in sslapi test
Rework the decrypt ticket callback
Don't memcpy the contents of an empty fragment
Fix no-psk
Fix no-tls1_2
Suport TLSv1.3 draft 28
Enable the ability to set the number of TLSv1.3 session tickets sent
Allow configuation of the number of TLSv1.3 session tickets via SSL_CONF
Change the default number of NewSessionTickets we send to 2
Add documentation for the ability to control the number of tickets
Improve testing of tickets with post-handshake auth
Make BN_GF2m_mod_arr more constant time
Allow the ca application to use EdDSA
Fix undefined behaviour in X509_NAME_cmp()
Don't cache stateless tickets in TLSv1.3
Fix no-ec in combination with no-dh
Fix no-ec, no-tls1_3 and no-tls
Use the client app traffic secret for PHA Finished message
Improve compatibility of point and curve checks
Revert "Support EVP_PKEY_sign() and EVP_PKEY_verify() for EdDSA"
Add a sanity check on the length of pkeyutl inputs
Update copyright year
Prepare for 1.1.1-pre7 release
Nick Mathewson (2):
Update documentation for PEM callback: error is now -1.
Improve the example getpass() implementation to show an error return
Nicola Tuveri (1):
Add CHANGES entry for PR#6009
Pavel Kopyl (1):
Fix memory leaks in CA related functions.
Rich Salz (2):
Cleanup
Check malloc failure via app_malloc
Richard Levitte (18):
Change rand_pool_bytes_needed to handle less entropy than 1 per 8 bits
VMS: modernise rand_pool_acquire_entropy, step 1
VMS: modernise rand_pool_acquire_entropy, step 2
docs: Fix typo EVP_PKEY_new_id -> EVP_PKEY_CTX_new_id
BIO_s_mem() write: Skip early when input length is zero
VMS rand: assign before check, not the other way around
In cases where we ask PEM_def_callback for minimum 0 length, accept 0 length
UI console: Restore tty settings, do not force ECHO after prompt
Docs: add general document on how pass phrases are handled
Link in passphrase-encoding(7) in relevant documentation
CI config: no need to make both install and install_docs
When producing man-pages, ensure NAME section is one line only
Add a note on CHANGES and NEWS in CONTRIBUTING
Restore check of |*xn| against |name| in X509_NAME_set
Quiet pod2html warnings
Windows: don't install __DECC_*.H
Better error code when lacking __SIZEOF_INT128__
INSTALL: Provide better documentation for enable-ec_nistp_64_gcc_128
Tilman Keskinöz (1):
ssl/ssl_txt: fix NULL-check
Todd Short (2):
Configure: fix Mac OS X builds that still require makedepend
Fix no-srtp build warnings
Viktor Dukhovni (2):
Limit scope of CN name constraints
Skip CN DNS name constraint checks when not needed
-----------------------------------------------------------------------
More information about the openssl-commits
mailing list