[openssl-commits] [openssl] OpenSSL_1_1_1-pre7 create

Matt Caswell matt at openssl.org
Tue May 29 12:33:38 UTC 2018

The annotated tag OpenSSL_1_1_1-pre7 has been created
        at  adaec2127242c947faae55f4326893bf1e47d9c3 (tag)
   tagging  77cdad318446ca8ea2ba8294d9e70891b59503e2 (commit)
  replaces  OpenSSL_1_1_1-pre6
 tagged by  Matt Caswell
        on  Tue May 29 13:20:01 2018 +0100

- Log -----------------------------------------------------------------
OpenSSL 1.1.1-pre7 release tag


Andy Polyakov (10):
      bn/asm/*-mont.pl: harmonize with BN_from_montgomery_word.
      Configure: move --noexecstack probe to Configure.
      Configure: pass more suitable argument to compiler_predefined().
      .travis.yml: minor facelift
      .travis.yml: temporarily mask gcc-5 ubsan build.
      ec/ec_mult.c: get BN_CTX_start,end sequence right.
      .travis.yml: add pair of linux-ppc64le targets.
      PPC assembly pack: add POWER9 results.
      windows-makefile.tmpl: delete export library prior link.
      apps/s_socket.c: address rare TLSProxy failures on Windows.

Benjamin Kaduk (1):
      Fix regression with session cache use by clients

Bernd Edlinger (4):
      Improve error handling in rand_init function
      Fix --strict-warnings build of ppc-linux target
      Fix array bounds violation in ssl_session_dup
      Try to work around ubuntu gcc-5 ubsan build failure

Billy Brumley (3):
      ECDSA: remove nonce padding (delegated to EC_POINT_mul)
      ECC: unify generic ec2 and ecp scalar multiplication, deprecate ec2_mult.c
      Add blinding in BN_GF2m_mod_inv for binary field inversions

David Benjamin (3):
      Fix explicit EC curve encoding.
      Save and restore the Windows error around TlsGetValue.

Dr. Matthias St. Pierre (12):
      a_strex.c: prevent out of bound read in do_buf()
      v3_purp.c: add locking to x509v3_cache_extensions()
      Fix typos in x509 documentation
      Fix typo: 'is an error occurred' in documentation
      DH: add simple getters for commonly used DH struct members
      DH: add some basic tests (and comments)
      util/libcrypto.num: fix symbol collision between 1.1.0 and master
      DH: fix: add simple getters for commonly used struct members
      DSA: add simple getters for commonly used struct members
      RSA: add simple getters for commonly used struct members
      ECDSA_SIG: add simple getters for commonly used struct members
      ECDSA_SIG: restore doc comments which were deleted accidentally

FdaSilvaYY (5):
      apps/speed.c: merge parameters defining EC curves to test ...
      opensslconf.h inclusion cleanup     No need to buildtest on opensslconf.h
      windows-makefile.tmpl: rearrange cleanup commands to avoid ...
      apps/speed: fix possible OOB access in some EC arrays
      apps/speed: Add brainpool curves support

Gregor Jasny (1):
      NOTES.ANDROID: fix typo in build notes

Kurt Roeckx (4):
      rsaz_avx2_eligible doesn't take parameters
      Use void in all function definitions that do not take any arguments
      Set sess to NULL after freeing it.
      Enable SSL_MODE_AUTO_RETRY by default

Matt Caswell (55):
      Prepare for 1.1.1-pre7-dev
      Fix some errors and missing info in the CMS docs
      Clarify BN_mod_exp docs
      Add getter for X509_VERIFY_PARAM_get_hostflags
      Add a note about Nagle's algorithm on the SSL_connect man page
      Fix SSL_get_shared_ciphers()
      Fix comment in ssl_locl.h
      Add some documentation for SSL_get_shared_ciphers()
      Fix a bug in create_ssl_ctx_pair()
      Add a test for SSL_get_shared_ciphers()
      Make X509_VERIFY_PARAM_get_hostflags() take a const arg
      Return an error from BN_mod_inverse if n is 1 (or -1)
      Fix a mem leak in CMS
      Add a CMS API test
      Don't fail on an out-of-order CCS in DTLS
      Fix s_client and s_server so that they correctly handle the DTLS timer
      Only auto-retry for DTLS if configured to do so
      Keep the DTLS timer running after the end of the handshake if appropriate
      Add a DTLS test for dropped records
      Fix no-tls1_2, no-tls1_2-method, no-chacha and no-poly1305
      Fix no-cms
      Set the ossl_shim to auto retry if not running asynchronously
      Prefer SHA-256 ciphersuites if using old style PSKs
      Provide documentation for the -psk_session option
      Test an old style PSK callback with no cert will prefer SHA-256
      Mark DTLS records as read when we have finished with them
      Don't set TCP_NODELAY on a UDP socket
      Add some more SSL_pending() and SSL_has_pending() tests
      Flush server side unauthenticated writes
      Fix ticket callbacks in TLSv1.3
      Document when a new session ticket gets created on resumption
      Add a test for the ticket callbacks
      Fix mem leak in sslapi test
      Rework the decrypt ticket callback
      Don't memcpy the contents of an empty fragment
      Fix no-psk
      Fix no-tls1_2
      Suport TLSv1.3 draft 28
      Enable the ability to set the number of TLSv1.3 session tickets sent
      Allow configuation of the number of TLSv1.3 session tickets via SSL_CONF
      Change the default number of NewSessionTickets we send to 2
      Add documentation for the ability to control the number of tickets
      Improve testing of tickets with post-handshake auth
      Make BN_GF2m_mod_arr more constant time
      Allow the ca application to use EdDSA
      Fix undefined behaviour in X509_NAME_cmp()
      Don't cache stateless tickets in TLSv1.3
      Fix no-ec in combination with no-dh
      Fix no-ec, no-tls1_3 and no-tls
      Use the client app traffic secret for PHA Finished message
      Improve compatibility of point and curve checks
      Revert "Support EVP_PKEY_sign() and EVP_PKEY_verify() for EdDSA"
      Add a sanity check on the length of pkeyutl inputs
      Update copyright year
      Prepare for 1.1.1-pre7 release

Nick Mathewson (2):
      Update documentation for PEM callback: error is now -1.
      Improve the example getpass() implementation to show an error return

Nicola Tuveri (1):
      Add CHANGES entry for PR#6009

Pavel Kopyl (1):
      Fix memory leaks in CA related functions.

Rich Salz (2):
      Check malloc failure via app_malloc

Richard Levitte (18):
      Change rand_pool_bytes_needed to handle less entropy than 1 per 8 bits
      VMS: modernise rand_pool_acquire_entropy, step 1
      VMS: modernise rand_pool_acquire_entropy, step 2
      docs: Fix typo EVP_PKEY_new_id -> EVP_PKEY_CTX_new_id
      BIO_s_mem() write: Skip early when input length is zero
      VMS rand: assign before check, not the other way around
      In cases where we ask PEM_def_callback for minimum 0 length, accept 0 length
      UI console: Restore tty settings, do not force ECHO after prompt
      Docs: add general document on how pass phrases are handled
      Link in passphrase-encoding(7) in relevant documentation
      CI config: no need to make both install and install_docs
      When producing man-pages, ensure NAME section is one line only
      Add a note on CHANGES and NEWS in CONTRIBUTING
      Restore check of |*xn| against |name| in X509_NAME_set
      Quiet pod2html warnings
      Windows: don't install __DECC_*.H
      Better error code when lacking __SIZEOF_INT128__
      INSTALL: Provide better documentation for enable-ec_nistp_64_gcc_128

Tilman Keskinöz (1):
      ssl/ssl_txt: fix NULL-check

Todd Short (2):
      Configure: fix Mac OS X builds that still require makedepend
      Fix no-srtp build warnings

Viktor Dukhovni (2):
      Limit scope of CN name constraints
      Skip CN DNS name constraint checks when not needed


More information about the openssl-commits mailing list