[openssl-commits] [openssl] OpenSSL_1_1_1 create
Matt Caswell
matt at openssl.org
Tue Sep 11 13:30:06 UTC 2018
The annotated tag OpenSSL_1_1_1 has been created
at 777eda03d14b6ffa3cca89e0201ac3ac315d451f (tag)
tagging 1708e3e85b4a86bae26860aa5d2913fc8eff6086 (commit)
replaces OpenSSL_1_1_1-pre9
tagged by Matt Caswell
on Tue Sep 11 13:48:18 2018 +0100
- Log -----------------------------------------------------------------
OpenSSL 1.1.1 release tag
-----BEGIN PGP SIGNATURE-----
iQFFBAABCgAvFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAluXuZIRHG1hdHRAb3Bl
bnNzbC5vcmcACgkQ2cTSbQ5gRJGZ+gf+OO0a5aOkbN6xz5XoRYllKxMhFCboho7w
0X5dz89642cbNNw0NIuD/qJnwPGwJj81ZLTRcM/Ba9xQgRWmhVOCMgli/nRArabr
PqWtCInu03szbh9lRPyQ/3oZN28v8RfOJA+svf9wWlNTEUW0cwQxydjYaXleMcGb
WBZqgS+bM10E6Qbf+9wgdsVHVAgMqWWzXeRGux5baKKdDdpdXZCERwDhQrWVsAFJ
3IWZchXuM8uFnblu+vKc0zbt1ExHArV6sYSSwVnnn9jAXhJV7JXHLeMPYHO9yib8
E0hogjLdXIhaspQJimPHMqwQltvtE00dUEkeoaU6ddKhIdl7A1H1Og==
=CZMJ
-----END PGP SIGNATURE-----
Alex Gaynor (1):
Fixed a comment that referenced the wrong method
Andy Polyakov (11):
asn1/asn_moid.c: overhaul do_create.
man3/OBJ_nid2obj.pod: mention failure code for OBJ_create.
crypto/init.c: improve destructor_key's portability.
crypto/bn: add more fixed-top routines.
rsa/rsa_ossl.c: implement variant of "Smooth CRT-RSA."
bn/bn_blind.c: use Montgomery multiplication when possible.
bn/bn_lib.c: conceal even memmory access pattern in bn2binpad.
Configurations/unix-Makefile.tmpl: address find portability issue.
internal/tsan_assist.h: add tsan_ld_acq and tsan_st_rel.
x509v3/v3_purp.c: refine lock-free check in x509v3_cache_extensions.
Revert ".travis.yml: omit linux-ppc64le target."
Ben Kaduk (2):
Restore historical SSL_get_servername() behavior
Simplify SSL_get_servername() to avoid session references
Billy Brumley (2):
[test] ECC: make sure negative tests pass for the right reasons
[test] throw error from wrapper function instead of an EC_METHOD specific one
Dmitry Belyavskiy (1):
Do not ignore EVP_PKEY_print_public/EVP_PKEY_print_private return values
Dr. Matthias St. Pierre (4):
rand_lib.c: Don't open random devices while cleaning up.
test/dhtest.c: fix resource leak
crypto/rsa/rsa_pss.c: silence coverity warning
test/evp_extra_test.c: fix null pointer dereference
Eric Brown (1):
Remove redundant ASN1_INTEGER_set call
Eric Curtin (1):
New openssl subject parser hard to debug
Erik Forsberg (1):
Fix ssl/t1_trce.c to parse certificate chains
Hubert Kario (1):
TLSv1.3 related changes to man pages
Jack Lloyd (1):
Add test case for SM2 evp verification
Jakub Wilk (2):
Fix typos in documentation
Fix example in crl(1) man page
Kurt Roeckx (2):
Update fuzz corpora
Test that we can process a KeyUpdate received after we sent close_notify
Matt Caswell (30):
Prepare for 1.1.1-pre10-dev
Use the same min-max version range on the client consistently
Test that a client protocol "hole" doesn't get detected as a downgrade
Don't detect a downgrade where the server has a protocol version hole
Fix BoringSSL external test failures
Improve the usability of the ca app using EdDSA
Ignore the digest in req app if using EdDSA
Fix a mem leak on error in the PSK code
Free SSL object on an error path
Add a note in the docs about sharing PSKs between TLSv1.2 and TLSv1.3
Ignore EPIPE when sending NewSessionTickets in TLSv1.3
Clarify the EVP_DigestSignInit docs
Send a NewSessionTicket after using an external PSK
Test creation of tickets when using a TLSv1.3 PSK
Don't use an RSA-PSS cert for RSA key exchange
Add a test for RSA key exchange with both RSA and RSA-PSS certs
Clarify the return value of SSL_client_version()
Process KeyUpdate and NewSessionTicket messages after a close_notify
Test that we can handle a PHA CertificateRequest after we sent close_notify
Remove a reference to SSL_force_post_handshake_auth()
Ensure certificate callbacks work correctly in TLSv1.3
Do not reset SNI data in SSL_do_handshake()
Update the pyca-cryptography submodule
Updates NEWS for the 1.1.1 release
More updates to CHANGES and NEWS for the 1.1.1 release
Don't cast an int * to a size_t *
Validate the SM2 digest len before use
Check the return value from ASN1_INTEGER_set
Update copyright year
Prepare for 1.1.1 release
Matthias Kraft (1):
Extend dladdr() for AIX, consequence from changes for openssl#6368.
Nicola Tuveri (2):
Fix segfault in RSA_free() (and DSA/DH/EC_KEY)
Harmonize the error handling codepath
Patrick Steuer (1):
fuzz/driver.c: appease -Wmissing-prototypes
Paul Kehrer (2):
add getter for tbsResponseData and signatureAlgorithm on OCSP_BASICRESP
add docs for OCSP_resp_get0_signature
Paul Yang (12):
Add semicolon at the end of the function prototypes
Support EdDSA in apps/speed
Remove unnecessary sm2_za.c
Introduce EVP_MD_CTX_set_pkey_ctx
Support pmeth->digest_custom
Make SM2 ID stick to specification
Support setting SM2 ID
Update document for SM2 stuffs
Add a SM2(7) man page
Allow EVP_MD_CTX_set_pkey_ctx to accept NULL pctx
Add missing SM2err and fix doc nits
Add a sentence in CHANGES to note SM2 support
Pauli (6):
Zero memory in CRYPTO_secure_malloc.
Check for a failure return from EVP_MD_CTX_new() in OCSP_basic_sign().
Check the return from BN_sub() in BN_X931_generate_Xpq().
Make OBJ_NAME case insensitive.
Fix HMAC SHA3-224 and HMAC SHA3-256.
Avoid SEGV when giving X509_sign a NULL private key.
Paulo Flabiano Smorigo (1):
demos/evp: add make clean
Richard Levitte (9):
Rename SSL[_CTX]_add1_CA_list -> SSL[_CTX]_add1_to_CA_list
openssl req: don't try to report bits
test/evp_test.c: make it possible to use controls with MAC tests
SipHash: make it possible to control the hash size through string controls
TESTS: add SipHash tests with digestsize controls
SipHash: add separate setter for the hash size
TESTS: add test of decoding of invalid zero length ASN.1 INTEGER zero
ASN.1 DER: Make INT32 / INT64 types read badly encoded LONG zeroes
CAPI engine: add support for RSA_NO_PADDING
Shane Lontis (7):
hmac_init cleanup and fix key zeroization issue
key zeroization fix for a branch path of tls13_final_finish_mac
key zeroisation for pvkfmt now done on all branch paths
key zeroisation fix for p12
hkdf zeroization fix
Key zeroization fix for EVP_SealInit + added simple test
RSA padding Zeroization fixes
Tomas Mraz (1):
Allow TLS-1.3 ciphersuites in @SECLEVEL=3 and above
parasssh (1):
Fix typos in documentation.
wzhang (1):
Fix the comment of PEM_read_bio_ex
ymlbright (1):
fix out-of-bounds write in sm2_crypt.c
-----------------------------------------------------------------------
More information about the openssl-commits
mailing list