[openssl-commits] [openssl] OpenSSL_1_1_1 create

Matt Caswell matt at openssl.org
Tue Sep 11 13:30:06 UTC 2018 

The annotated tag OpenSSL_1_1_1 has been created
        at  777eda03d14b6ffa3cca89e0201ac3ac315d451f (tag)
   tagging  1708e3e85b4a86bae26860aa5d2913fc8eff6086 (commit)
  replaces  OpenSSL_1_1_1-pre9
 tagged by  Matt Caswell
        on  Tue Sep 11 13:48:18 2018 +0100

- Log -----------------------------------------------------------------
OpenSSL 1.1.1 release tag
-----BEGIN PGP SIGNATURE-----

iQFFBAABCgAvFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAluXuZIRHG1hdHRAb3Bl
bnNzbC5vcmcACgkQ2cTSbQ5gRJGZ+gf+OO0a5aOkbN6xz5XoRYllKxMhFCboho7w
0X5dz89642cbNNw0NIuD/qJnwPGwJj81ZLTRcM/Ba9xQgRWmhVOCMgli/nRArabr
PqWtCInu03szbh9lRPyQ/3oZN28v8RfOJA+svf9wWlNTEUW0cwQxydjYaXleMcGb
WBZqgS+bM10E6Qbf+9wgdsVHVAgMqWWzXeRGux5baKKdDdpdXZCERwDhQrWVsAFJ
3IWZchXuM8uFnblu+vKc0zbt1ExHArV6sYSSwVnnn9jAXhJV7JXHLeMPYHO9yib8
E0hogjLdXIhaspQJimPHMqwQltvtE00dUEkeoaU6ddKhIdl7A1H1Og==
=CZMJ
-----END PGP SIGNATURE-----

Alex Gaynor (1):
      Fixed a comment that referenced the wrong method

Andy Polyakov (11):
      asn1/asn_moid.c: overhaul do_create.
      man3/OBJ_nid2obj.pod: mention failure code for OBJ_create.
      crypto/init.c: improve destructor_key's portability.
      crypto/bn: add more fixed-top routines.
      rsa/rsa_ossl.c: implement variant of "Smooth CRT-RSA."
      bn/bn_blind.c: use Montgomery multiplication when possible.
      bn/bn_lib.c: conceal even memmory access pattern in bn2binpad.
      Configurations/unix-Makefile.tmpl: address find portability issue.
      internal/tsan_assist.h: add tsan_ld_acq and tsan_st_rel.
      x509v3/v3_purp.c: refine lock-free check in x509v3_cache_extensions.
      Revert ".travis.yml: omit linux-ppc64le target."

Ben Kaduk (2):
      Restore historical SSL_get_servername() behavior
      Simplify SSL_get_servername() to avoid session references

Billy Brumley (2):
      [test] ECC: make sure negative tests pass for the right reasons
      [test] throw error from wrapper function instead of an EC_METHOD specific one

Dmitry Belyavskiy (1):
      Do not ignore EVP_PKEY_print_public/EVP_PKEY_print_private return values

Dr. Matthias St. Pierre (4):
      rand_lib.c: Don't open random devices while cleaning up.
      test/dhtest.c: fix resource leak
      crypto/rsa/rsa_pss.c: silence coverity warning
      test/evp_extra_test.c: fix null pointer dereference

Eric Brown (1):
      Remove redundant ASN1_INTEGER_set call

Eric Curtin (1):
      New openssl subject parser hard to debug

Erik Forsberg (1):
      Fix ssl/t1_trce.c to parse certificate chains

Hubert Kario (1):
      TLSv1.3 related changes to man pages

Jack Lloyd (1):
      Add test case for SM2 evp verification

Jakub Wilk (2):
      Fix typos in documentation
      Fix example in crl(1) man page

Kurt Roeckx (2):
      Update fuzz corpora
      Test that we can process a KeyUpdate received after we sent close_notify

Matt Caswell (30):
      Prepare for 1.1.1-pre10-dev
      Use the same min-max version range on the client consistently
      Test that a client protocol "hole" doesn't get detected as a downgrade
      Don't detect a downgrade where the server has a protocol version hole
      Fix BoringSSL external test failures
      Improve the usability of the ca app using EdDSA
      Ignore the digest in req app if using EdDSA
      Fix a mem leak on error in the PSK code
      Free SSL object on an error path
      Add a note in the docs about sharing PSKs between TLSv1.2 and TLSv1.3
      Ignore EPIPE when sending NewSessionTickets in TLSv1.3
      Clarify the EVP_DigestSignInit docs
      Send a NewSessionTicket after using an external PSK
      Test creation of tickets when using a TLSv1.3 PSK
      Don't use an RSA-PSS cert for RSA key exchange
      Add a test for RSA key exchange with both RSA and RSA-PSS certs
      Clarify the return value of SSL_client_version()
      Process KeyUpdate and NewSessionTicket messages after a close_notify
      Test that we can handle a PHA CertificateRequest after we sent close_notify
      Remove a reference to SSL_force_post_handshake_auth()
      Ensure certificate callbacks work correctly in TLSv1.3
      Do not reset SNI data in SSL_do_handshake()
      Update the pyca-cryptography submodule
      Updates NEWS for the 1.1.1 release
      More updates to CHANGES and NEWS for the 1.1.1 release
      Don't cast an int * to a size_t *
      Validate the SM2 digest len before use
      Check the return value from ASN1_INTEGER_set
      Update copyright year
      Prepare for 1.1.1 release

Matthias Kraft (1):
      Extend dladdr() for AIX, consequence from changes for openssl#6368.

Nicola Tuveri (2):
      Fix segfault in RSA_free() (and DSA/DH/EC_KEY)
      Harmonize the error handling codepath

Patrick Steuer (1):
      fuzz/driver.c: appease -Wmissing-prototypes

Paul Kehrer (2):
      add getter for tbsResponseData and signatureAlgorithm on OCSP_BASICRESP
      add docs for OCSP_resp_get0_signature

Paul Yang (12):
      Add semicolon at the end of the function prototypes
      Support EdDSA in apps/speed
      Remove unnecessary sm2_za.c
      Introduce EVP_MD_CTX_set_pkey_ctx
      Support pmeth->digest_custom
      Make SM2 ID stick to specification
      Support setting SM2 ID
      Update document for SM2 stuffs
      Add a SM2(7) man page
      Allow EVP_MD_CTX_set_pkey_ctx to accept NULL pctx
      Add missing SM2err and fix doc nits
      Add a sentence in CHANGES to note SM2 support

Pauli (6):
      Zero memory in CRYPTO_secure_malloc.
      Check for a failure return from EVP_MD_CTX_new() in OCSP_basic_sign().
      Check the return from BN_sub() in BN_X931_generate_Xpq().
      Make OBJ_NAME case insensitive.
      Fix HMAC SHA3-224 and HMAC SHA3-256.
      Avoid SEGV when giving X509_sign a NULL private key.

Paulo Flabiano Smorigo (1):
      demos/evp: add make clean

Richard Levitte (9):
      Rename SSL[_CTX]_add1_CA_list -> SSL[_CTX]_add1_to_CA_list
      openssl req: don't try to report bits
      test/evp_test.c: make it possible to use controls with MAC tests
      SipHash: make it possible to control the hash size through string controls
      TESTS: add SipHash tests with digestsize controls
      SipHash: add separate setter for the hash size
      TESTS: add test of decoding of invalid zero length ASN.1 INTEGER zero
      ASN.1 DER: Make INT32 / INT64 types read badly encoded LONG zeroes
      CAPI engine: add support for RSA_NO_PADDING

Shane Lontis (7):
      hmac_init cleanup and fix key zeroization issue
      key zeroization fix for a branch path of tls13_final_finish_mac
      key zeroisation for pvkfmt now done on all branch paths
      key zeroisation fix for p12
      hkdf zeroization fix
      Key zeroization fix for EVP_SealInit + added simple test
      RSA padding Zeroization fixes

Tomas Mraz (1):
      Allow TLS-1.3 ciphersuites in @SECLEVEL=3 and above

parasssh (1):
      Fix typos in documentation.

wzhang (1):
      Fix the comment of PEM_read_bio_ex

ymlbright (1):
      fix out-of-bounds write in sm2_crypt.c

-----------------------------------------------------------------------

More information about the openssl-commits mailing list