[openssl-commits] [openssl] OpenSSL_1_1_1a create
Matt Caswell
matt at openssl.org
Tue Nov 20 14:12:34 UTC 2018
The annotated tag OpenSSL_1_1_1a has been created
at 55225b873d0cad98a12e539c269c70740e90a793 (tag)
tagging d1c28d791a7391a8dc101713cd8646df96491d03 (commit)
replaces OpenSSL_1_1_1
tagged by Matt Caswell
on Tue Nov 20 13:35:35 2018 +0000
- Log -----------------------------------------------------------------
OpenSSL 1.1.1a release tag
-----BEGIN PGP SIGNATURE-----
iQFFBAABCgAvFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAlv0DacRHG1hdHRAb3Bl
bnNzbC5vcmcACgkQ2cTSbQ5gRJE/+Qf9FTyqV3xNKquHdIFZa5p0RlrvWbsDsscJ
hHvBYV8tZmmhnZw7uBxgZtOai8pumaB02FMppUyRJSIwzXLpApuzi72xDbKzcmaZ
QissgXjuqxO+59LgeIZSpdkDcKmGjIWi0nmwfUiqxQW3NUu+/DMOzWbEMy9qdb3Q
eAuR0esrVHvV9d+Bj0iXW9jFIHY/Fh7HIf87H+wY/+LjaKsguPRlqgYvJM4J6ZT+
Zg9/UEGwikIm/VxmxxRIZ+XxlnJU2b8ZUNMlUnnuilM2cy4VAEWAyzFXxcSQn4mq
cD87wcmYA2dyKvZkXNCVEFLEm+YUqsP2DGkO/oor6CL0jPXTv8qqGQ==
=ACcb
-----END PGP SIGNATURE-----
Andy Polyakov (9):
sha/asm/keccak1600-s390x.pl: resolve -march=z900 portability issue.
ssl/s3_enc.c: fix logical errors in ssl3_final_finish_mac.
rsa/rsa_ossl.c: fix and extend commentary [skip ci].
arch/async_posix.h: improve portability.
Configurations/15-android.conf: add support for "standalone toolchain".
Configurations/15-android.conf: fix implicit __ANDROID_API__ handling.
Configurations/15-android.conf: detect NDK llvm-ar.
sha/asm/sha512p8-ppc.pl: fix typo in prologue.
sha/asm/sha512p8-ppc.pl: optimize epilogue.
Antoine Salon (3):
Update enc(1) examples to more recent ciphers and key derivation algorithms
Add missing cipher aliases to openssl(1)
EVP module documentation pass
Benjamin Kaduk (4):
Reset TLS 1.3 ciphers in SSL_CTX_set_ssl_version()
apps: allow empty attribute values with -subj
Add tsan_decr() API, counterpart of tsan_counter()
Restore sensible "sess_accept" counter tracking
Bernd Edlinger (16):
Fix a possible recursion in SSLfatal handling
Create the .rnd file it it does not exist
Reduce stack usage in tls13_hkdf_expand
Fix a possible crash in rand_drbg_get_entropy
Fix data race in RAND_DRBG_generate
Rework and simplify resource flow in drbg_add
Fix a race condition in drbg_add
Fix error handling in RAND_DRBG_set
Fix error handling in rand_drbg_new
Fix error handling in drbgtest.c
Fix error handling in RAND_DRBG_uninstantiate
Avoid two memory allocations in each RAND_DRBG_bytes
Fix a race condition in drbgtest.c
Initialize reseed_gen_counter to 1, like it is done in master
Rename the rand_drbg_st data member "pool" to "seed_pool"
Fix issues with do_rand_init/rand_cleanup_int
Billy Brumley (1):
[crypto/bn] swap BN_FLG_FIXED_TOP too
Brian 'geeknik' Carpenter (1):
Update README.md
Chocobo1 (1):
Fix MSVC warning C4819
Daniel Bevenius (1):
Document OPENSSL_VERSION_TEXT macro
David Makepeace (1):
Fixed typos in hkdf documentation.
Dr. Matthias St. Pierre (19):
Replace the public RAND_DRBG_USED_FLAGS #define by an internal constant
ssl/ssl_ciph.c: make set_ciphersuites static
test/secmemtest: test secure memory only if it is implemented
rand_unix.c: fix --with-rand-seed=none build
DRBG: fix reseeding via RAND_add()/RAND_seed() with large input
Fix: 'openssl ca' command crashes when used with 'rand_serial' option
RAND_add(): fix heap corruption in error path
RAND_load_file(): return error if reseeding failed
RAND_load_file(): avoid adding small chunks to RAND_add()
Configure: Reword the summary output
Backport some DRBG renamings and typo fixes
RAND_add()/RAND_seed(): fix failure on short input or low entropy
Configure: Improve warning if no random seed source was configured
drbg_lib: avoid NULL pointer dereference in drbg_add
randfile.c: fix a Coverity warning
rand_drbg.h: include <openssl/obj_mac.h>
Test: link drbgtest statically against libcrypto
Test: enable internal tests for shared Windows builds
rand_unix.c: open random devices on first use only
FdaSilvaYY (1):
crypto/rand: fix some style nit's
James Callahan (1):
doc/man3/SSL_set_bio.pod: Fix wrong function name in return values section
Kurt Roeckx (1):
Improve SSL_shutdown() documentation
Mansour Ahmadi (2):
Add a missing check on s->s3->tmp.pkey
Check return value of EVP_PKEY_new
Matt Caswell (37):
Prepare for 1.1.1a-dev
Add an explicit cast to time_t
Don't allow -early_data with other options where it doesn't work
Delay setting the sig algs until after the cert_cb has been called
Add a test for the certificate callback
Fix the max psk len for TLSv1.3
Fix a mem leak in the ocsp app
Fix some Coverity warnings
Fix the BIO callback return code handling
Extend the BIO callback tests to check the return value semantics
Fix a typo in a macro
Fix no-tls1_2
Fix no-psk
Fix no-engine
Fix a DTLS memory leak
Test DTLS cookie generation and verification
Use the read and write buffers in DTLSv1_listen()
Buffer a ClientHello with a cookie received via DTLSv1_listen
Don't complain and fail about unknown TLSv1.3 PSK identities in s_server
Properly handle duplicated messages from the next epoch
Add a test for duplicated DTLS records
Reset the HKDF state between operations
Add a test where we reuse the EVP_PKEY_CTX for two HKDF test runs
Don't call the client_cert_cb immediately in TLSv1.3
Add a client_cert_cb test
Ignore disabled ciphers when deciding if we are using ECC
Give a better error if an attempt is made to set a zero length groups list
Don't negotiate TLSv1.3 if our EC cert isn't TLSv1.3 capable
Add some test brainpool certificates
Test use of a brainpool ECDSA certificate
Separate ca_names handling for client and server
Add a test for SSL_CTX_set0_CA_list()/SSL_CTX_set_client_CA_list()
Merge the CA list documentation for clarity
Fix no-ec and no-tls1_2
Update CHANGES and NEWS for new release
Update copyright year
Prepare for 1.1.1a release
Matt Eaton (1):
Update RAND_DRBG.pod
Mykola Baibuz (2):
Safer memory cleanup in (crypto/rsa/rsa_lib.c)
Remove useless check. Hash can be longer than EC group degree and it will be truncated.
Paul Yang (5):
Make some return checks consistent with others
Add some missing ciphers in 'enc' document
Fix a nit of copyright date range
Fix compiling warnings in example code
Fix a doc-nit in EVP_PKEY_CTX_ctrl.pod
Pauli (12):
Add a compile time test to verify that openssl/rsa.h and complex.h can coexist.
Use 'i' as parameter name not 'I'.
Add missing include file. Specifically, include e_os.h to pick up alloca definition for WIN32.
Use secure_getenv(3) when available.
Indentation fixes.
DSA mod inverse fix
Timing vulnerability in DSA signature generation (CVE-2018-0734).
Timing vulnerability in ECDSA signature generation (CVE-2018-0735)
Add a constant time flag to one of the bignums to avoid a timing leak.
Cleanse the key log buffer.
Fix return formatting.
Add missing RAND initialisation call.
Richard Levitte (38):
crypto/sm2/sm2_sign.c: ensure UINT16_MAX is properly defined
VMS: only use the high precision on VMS v8.4 and up
crypto/ui/ui_openssl.c: make sure to recognise ENXIO and EIO too
util/mkdef.pl, util/add-depends.pl: don't lowercase file names
/dev/crypto engine: add missing RC4 parameter
crypto/bn/asm/x86_64-gcc.c: remove unnecessary redefinition of BN_ULONG
Small cleanup (util/mkdef.pl, crypto/bio/bss_log.c, include/openssl/ocsp.h)
Clean out aliases in include/openssl/symhacks.h
/dev/crypto engine: give CIOCFSESSION the actual sess-id
Build file templates: look at *all* defines
build file templates: have targets for all shared library names
RAND: ensure INT32_MAX is defined
Windows: Produce a static version of the public libraries, always
iOS config targets: disable "async" by default
apps/rehash.c: Convert ISO-8859-1 to UTF-8
VMS & cryptoerr.h: include symhacks.h
ssl/statem: Don't compare size_t with less than zero
Windows build: build foo.d after foo.obj
test/evp_test.c: don't misuse pkey_test_ctrl() in mac_test_run()
Configuration: when building the dirinfo structure, include shared_sources
apps: Stop pretending to care about Netscape keys
crypto/engine/eng_devcrypto.c: add digest copy
crypto/engine/eng_devcrypto.c: new compilers are strict on prototypes
crypto/engine/eng_devcrypto.c: open /dev/crypto only once
crypto/engine/eng_devcrypto.c: ensure we don't leak resources
util/add-depends.pl: go through shared_sources too
Allow parallel install
Have install targets depend on more precise build targets
VMS build: colon after target must be separated with a space
Fix SipHash init order.
Configure: ensure empty arrays aren't created inadvertently
Configuration: make sure the shared_sources table doesn't contain empty elements
Fix rpath-related Linux "test_shlibload" failure.
test/recipes/90-test_shlibload.t needs $target{shared_extension}
Fix typo in util/perl/OpenSSL/Test.pm
test/siphash_internal_test.c: ensure the SIPHASH structure is zeroed
Unix build: for mingw and cygwin, create the right location for DLLs
Configuration: only include shared_sources in dirinfo in shared config
Tobias Nießen (1):
Trivial test improvements
Tomas Mraz (2):
Fix copy&paste error found in Coverity scan
Unbreak SECLEVEL 3 regression causing it to not accept any ciphers.
Viktor Dukhovni (3):
Only CA certificates can be self-issued
Apply self-imposed path length also to root CAs
Added missing signature algorithm reflection functions
Viktor Szakats (1):
minor fixes for Windows
Vitezslav Cizek (1):
DSA: Check for sanity of input parameters
agnosticdev (1):
typo-fixes: miscellaneous typo fixes
armfazh (1):
Fix tls_cbc_digest_record is slow using SHA-384 and short messages
cclauss (1):
print() is a function in Python 3
Ԝеѕ (1):
Cleanup typos and grammar in DES_random_key.pod
-----------------------------------------------------------------------
More information about the openssl-commits
mailing list