[openssl-commits] [openssl] OpenSSL_1_1_1a create

Matt Caswell matt at openssl.org
Tue Nov 20 14:12:34 UTC 2018

The annotated tag OpenSSL_1_1_1a has been created
        at  55225b873d0cad98a12e539c269c70740e90a793 (tag)
   tagging  d1c28d791a7391a8dc101713cd8646df96491d03 (commit)
  replaces  OpenSSL_1_1_1
 tagged by  Matt Caswell
        on  Tue Nov 20 13:35:35 2018 +0000

- Log -----------------------------------------------------------------
OpenSSL 1.1.1a release tag


Andy Polyakov (9):
      sha/asm/keccak1600-s390x.pl: resolve -march=z900 portability issue.
      ssl/s3_enc.c: fix logical errors in ssl3_final_finish_mac.
      rsa/rsa_ossl.c: fix and extend commentary [skip ci].
      arch/async_posix.h: improve portability.
      Configurations/15-android.conf: add support for "standalone toolchain".
      Configurations/15-android.conf: fix implicit __ANDROID_API__ handling.
      Configurations/15-android.conf: detect NDK llvm-ar.
      sha/asm/sha512p8-ppc.pl: fix typo in prologue.
      sha/asm/sha512p8-ppc.pl: optimize epilogue.

Antoine Salon (3):
      Update enc(1) examples to more recent ciphers and key derivation algorithms
      Add missing cipher aliases to openssl(1)
      EVP module documentation pass

Benjamin Kaduk (4):
      Reset TLS 1.3 ciphers in SSL_CTX_set_ssl_version()
      apps: allow empty attribute values with -subj
      Add tsan_decr() API, counterpart of tsan_counter()
      Restore sensible "sess_accept" counter tracking

Bernd Edlinger (16):
      Fix a possible recursion in SSLfatal handling
      Create the .rnd file it it does not exist
      Reduce stack usage in tls13_hkdf_expand
      Fix a possible crash in rand_drbg_get_entropy
      Fix data race in RAND_DRBG_generate
      Rework and simplify resource flow in drbg_add
      Fix a race condition in drbg_add
      Fix error handling in RAND_DRBG_set
      Fix error handling in rand_drbg_new
      Fix error handling in drbgtest.c
      Fix error handling in RAND_DRBG_uninstantiate
      Avoid two memory allocations in each RAND_DRBG_bytes
      Fix a race condition in drbgtest.c
      Initialize reseed_gen_counter to 1, like it is done in master
      Rename the rand_drbg_st data member "pool" to "seed_pool"
      Fix issues with do_rand_init/rand_cleanup_int

Billy Brumley (1):
      [crypto/bn] swap BN_FLG_FIXED_TOP too

Brian 'geeknik' Carpenter (1):
      Update README.md

Chocobo1 (1):
      Fix MSVC warning C4819

Daniel Bevenius (1):
      Document OPENSSL_VERSION_TEXT macro

David Makepeace (1):
      Fixed typos in hkdf documentation.

Dr. Matthias St. Pierre (19):
      Replace the public RAND_DRBG_USED_FLAGS #define by an internal constant
      ssl/ssl_ciph.c: make set_ciphersuites static
      test/secmemtest: test secure memory only if it is implemented
      rand_unix.c: fix --with-rand-seed=none build
      DRBG: fix reseeding via RAND_add()/RAND_seed() with large input
      Fix: 'openssl ca' command crashes when used with 'rand_serial' option
      RAND_add(): fix heap corruption in error path
      RAND_load_file(): return error if reseeding failed
      RAND_load_file(): avoid adding small chunks to RAND_add()
      Configure: Reword the summary output
      Backport some DRBG renamings and typo fixes
      RAND_add()/RAND_seed(): fix failure on short input or low entropy
      Configure: Improve warning if no random seed source was configured
      drbg_lib: avoid NULL pointer dereference in drbg_add
      randfile.c: fix a Coverity warning
      rand_drbg.h: include <openssl/obj_mac.h>
      Test: link drbgtest statically against libcrypto
      Test: enable internal tests for shared Windows builds
      rand_unix.c: open random devices on first use only

FdaSilvaYY (1):
      crypto/rand: fix some style nit's

James Callahan (1):
      doc/man3/SSL_set_bio.pod: Fix wrong function name in return values section

Kurt Roeckx (1):
      Improve SSL_shutdown() documentation

Mansour Ahmadi (2):
      Add a missing check on s->s3->tmp.pkey
      Check return value of EVP_PKEY_new

Matt Caswell (37):
      Prepare for 1.1.1a-dev
      Add an explicit cast to time_t
      Don't allow -early_data with other options where it doesn't work
      Delay setting the sig algs until after the cert_cb has been called
      Add a test for the certificate callback
      Fix the max psk len for TLSv1.3
      Fix a mem leak in the ocsp app
      Fix some Coverity warnings
      Fix the BIO callback return code handling
      Extend the BIO callback tests to check the return value semantics
      Fix a typo in a macro
      Fix no-tls1_2
      Fix no-psk
      Fix no-engine
      Fix a DTLS memory leak
      Test DTLS cookie generation and verification
      Use the read and write buffers in DTLSv1_listen()
      Buffer a ClientHello with a cookie received via DTLSv1_listen
      Don't complain and fail about unknown TLSv1.3 PSK identities in s_server
      Properly handle duplicated messages from the next epoch
      Add a test for duplicated DTLS records
      Reset the HKDF state between operations
      Add a test where we reuse the EVP_PKEY_CTX for two HKDF test runs
      Don't call the client_cert_cb immediately in TLSv1.3
      Add a client_cert_cb test
      Ignore disabled ciphers when deciding if we are using ECC
      Give a better error if an attempt is made to set a zero length groups list
      Don't negotiate TLSv1.3 if our EC cert isn't TLSv1.3 capable
      Add some test brainpool certificates
      Test use of a brainpool ECDSA certificate
      Separate ca_names handling for client and server
      Add a test for SSL_CTX_set0_CA_list()/SSL_CTX_set_client_CA_list()
      Merge the CA list documentation for clarity
      Fix no-ec and no-tls1_2
      Update CHANGES and NEWS for new release
      Update copyright year
      Prepare for 1.1.1a release

Matt Eaton (1):
      Update RAND_DRBG.pod

Mykola Baibuz (2):
      Safer memory cleanup in (crypto/rsa/rsa_lib.c)
      Remove useless check.     Hash can be longer than EC group degree and it will be truncated.

Paul Yang (5):
      Make some return checks consistent with others
      Add some missing ciphers in 'enc' document
      Fix a nit of copyright date range
      Fix compiling warnings in example code
      Fix a doc-nit in EVP_PKEY_CTX_ctrl.pod

Pauli (12):
      Add a compile time test to verify that openssl/rsa.h and complex.h can     coexist.
      Use 'i' as parameter name not 'I'.
      Add missing include file.     Specifically, include e_os.h to pick up alloca definition for WIN32.
      Use secure_getenv(3) when available.
      Indentation fixes.
      DSA mod inverse fix
      Timing vulnerability in DSA signature generation (CVE-2018-0734).
      Timing vulnerability in ECDSA signature generation (CVE-2018-0735)
      Add a constant time flag to one of the bignums to avoid a timing leak.
      Cleanse the key log buffer.
      Fix return formatting.
      Add missing RAND initialisation call.

Richard Levitte (38):
      crypto/sm2/sm2_sign.c: ensure UINT16_MAX is properly defined
      VMS: only use the high precision on VMS v8.4 and up
      crypto/ui/ui_openssl.c: make sure to recognise ENXIO and EIO too
      util/mkdef.pl, util/add-depends.pl: don't lowercase file names
      /dev/crypto engine: add missing RC4 parameter
      crypto/bn/asm/x86_64-gcc.c: remove unnecessary redefinition of BN_ULONG
      Small cleanup (util/mkdef.pl, crypto/bio/bss_log.c, include/openssl/ocsp.h)
      Clean out aliases in include/openssl/symhacks.h
      /dev/crypto engine: give CIOCFSESSION the actual sess-id
      Build file templates: look at *all* defines
      build file templates: have targets for all shared library names
      RAND: ensure INT32_MAX is defined
      Windows: Produce a static version of the public libraries, always
      iOS config targets: disable "async" by default
      apps/rehash.c: Convert ISO-8859-1 to UTF-8
      VMS & cryptoerr.h: include symhacks.h
      ssl/statem: Don't compare size_t with less than zero
      Windows build: build foo.d after foo.obj
      test/evp_test.c: don't misuse pkey_test_ctrl() in mac_test_run()
      Configuration: when building the dirinfo structure, include shared_sources
      apps: Stop pretending to care about Netscape keys
      crypto/engine/eng_devcrypto.c: add digest copy
      crypto/engine/eng_devcrypto.c: new compilers are strict on prototypes
      crypto/engine/eng_devcrypto.c: open /dev/crypto only once
      crypto/engine/eng_devcrypto.c: ensure we don't leak resources
      util/add-depends.pl: go through shared_sources too
      Allow parallel install
      Have install targets depend on more precise build targets
      VMS build: colon after target must be separated with a space
      Fix SipHash init order.
      Configure: ensure empty arrays aren't created inadvertently
      Configuration: make sure the shared_sources table doesn't contain empty elements
      Fix rpath-related Linux "test_shlibload" failure.
      test/recipes/90-test_shlibload.t needs $target{shared_extension}
      Fix typo in util/perl/OpenSSL/Test.pm
      test/siphash_internal_test.c: ensure the SIPHASH structure is zeroed
      Unix build: for mingw and cygwin, create the right location for DLLs
      Configuration: only include shared_sources in dirinfo in shared config

Tobias Nießen (1):
      Trivial test improvements

Tomas Mraz (2):
      Fix copy&paste error found in Coverity scan
      Unbreak SECLEVEL 3 regression causing it to not accept any ciphers.

Viktor Dukhovni (3):
      Only CA certificates can be self-issued
      Apply self-imposed path length also to root CAs
      Added missing signature algorithm reflection functions

Viktor Szakats (1):
      minor fixes for Windows

Vitezslav Cizek (1):
      DSA: Check for sanity of input parameters

agnosticdev (1):
      typo-fixes: miscellaneous typo fixes

armfazh (1):
      Fix tls_cbc_digest_record is slow using SHA-384 and short messages

cclauss (1):
      print() is a function in Python 3

Ԝеѕ (1):
      Cleanup typos and grammar in DES_random_key.pod


More information about the openssl-commits mailing list