[openssl] OpenSSL_1_1_1b create
Matt Caswell
matt at openssl.org
Tue Feb 26 14:39:08 UTC 2019
The annotated tag OpenSSL_1_1_1b has been created
at 3be907df5e5619fb10863849d3504bbdc6e8630d (tag)
tagging 50eaac9f3337667259de725451f201e784599687 (commit)
replaces OpenSSL_1_1_1a
tagged by Matt Caswell
on Tue Feb 26 14:15:30 2019 +0000
- Log -----------------------------------------------------------------
OpenSSL 1.1.1b release tag
-----BEGIN PGP SIGNATURE-----
iQFFBAABCgAvFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAlx1SgIRHG1hdHRAb3Bl
bnNzbC5vcmcACgkQ2cTSbQ5gRJFVBgf9EwHN46AWeAHoJXEBL2ikKvbl1OkwEUj0
7M21XMpXaCZcaEy4AvfQ2MivguF13dkze4/8LwUyn5yfObWYG8Xk4t5XSVu3r4kf
q9/yqSjcD9Kp7fxHgn7yblOsRLM4nPbMS5ud4bjCo04Vo8sO/ad50NMi9/4QSdj+
sDYMPNJNN4sAroH44KOIX5BntVdOxFe+t2jA6W4Z/VE63d4tzd7sw26D/X6enAOV
k41XkJ4YAxojGwFu9tBX4Z/XtnTuxd09EwFUAZvyMFRywoF7LSQbr6yMtSDs2JjU
5+iLlHvS5/Y0jFXCjKBazWlM43kRy0pDv5XrM3rE5Y6yhNOq6VRmEw==
=TwQD
-----END PGP SIGNATURE-----
Andy Polyakov (12):
rsa/rsa_ossl.c: cache MONT_CTX for public modulus earlier.
err/err.c: add err_clear_last_constant_time.
rsa/rsa_ossl.c: make RSAerr call in rsa_ossl_private_decrypt unconditional.
rsa/rsa_pk1.c: remove memcpy calls from RSA_padding_check_PKCS1_type_2.
rsa/rsa_oaep.c: remove memcpy calls from RSA_padding_check_PKCS1_OAEP.
rsa/rsa_ssl.c: make RSA_padding_check_SSLv23 constant-time.
Configurations/10-main.conf: remove MIPS bn_div_3_words.
Configure: recognize div3w modules and add -DBN_DIV3W.
bn/bn_div.c: make conditional addition unconditional
bn/bn_{div|shift}.c: introduce fixed-top interfaces.
err/err.c: improve err_clear_last_constant_time's portability.
AArch64 assembly pack: authenticate return addresses.
Behrang (1):
Fixed minor typo in the req.pod docs
Bernd Edlinger (8):
Fix a minor nit in the hkdflabel size
Fix cert with rsa instead of rsaEncryption as public key algorithm
PPC: Try out if mftb works before using it
Make ca command silently use default if .attr file does not exist
Fix a memory leak with di2_X509_CRL reuse
Fixed d2i_X509 in-place not re-hashing the ex_flags
Fix a crash in reuse of i2d_X509_PUBKEY
Add an entry to the CHANGES for the d2i_X509_PUBKEY fix
Billy Brumley (3):
Clean up BN_consttime_swap.
SCA hardening for mod. field inversion in EC_GROUP
[test] unit test for field_inv function pointer in EC_METHOD
Christian Heimes (1):
Fix function names in ct(7) documentation
Corey Minyard (1):
Fix a memory leak in the mem bio
Corinna Vinschen (1):
cygwin: drop explicit O_TEXT
Daniel DeFreez (2):
Fix null pointer dereference in ssl_module_init
Fix null pointer dereference in cms_RecipientInfo_kari_init
David Asraf (1):
crypto/bn: fix return value in BN_generate_prime
David Benjamin (3):
Reduce inputs before the RSAZ code.
Fix some CFI issues in x86_64 assembly
Check for unpaired .cfi_remember_state
David Woodhouse (2):
Stop marking default digest for EC keys as mandatory
Honour mandatory digest on private key in has_usable_cert()
Dmitry Belyavskiy (3):
Remove unused variables from tls1_change_cipher_state
Eliminate unused buffers from ssl3_change_cipher_state
Restore compatibility with GOST2001 implementations.
Dr. Matthias St. Pierre (7):
curve25519.c: reformat code to follow coding guidelines
curve25519.c: improve formula alignment
doc/man3: remove copy&paste leftover
man: harmonize the various formulations in the HISTORY sections
doc/man1/x509.pod: fix typo
X509_STORE: fix two misspelled compatibility macros
engines/dasync: add explaining comments about AES-128-CBC-HMAC-SHA1
Eneas U de Queiroz (10):
INSTALL: add note about devcrypto engine
eng_devcrypto: don't leak methods tables
eng_devcrypto: expand digest failure cases
eng_devcrypto: fix copy of unitilialized digest
eng_devcrypto: close session on cleanup, not final
eng_devcrypto: add cipher CTX copy function
eng_devcrypto: fix ctr mode
eng_devcrypto: make sure digest can do copy
eng_devcrypto: close open session on init
e_devcrypto: set digest input_blocksize
FdaSilvaYY (4):
Doc: fix reference to deprecated methods.
Coverity fix in apps/oscp
Coverity fix in some crypto/asn1 code
Fix CID 1434549: Unchecked return value in test/evp_test.c
Hubert Kario (1):
SSL_CONF_cmd: fix doc for NoRenegotiation
Ionut Mihalcea (1):
Don't set SNI by default if hostname is not dNS name
Jakub Jelen (1):
Use the correct function name
Jan Macku (1):
Fixed typo
Jung-uk Kim (1):
Do not complain when /dev/crypto does not exist.
Ken Goldman (1):
Admit unknown pkey types at security level 0
Klotz, Tobias (1):
Cleanup vxworks support to be able to compile for VxWorks 7
Mansour Ahmadi (3):
fix inconsistent flen check in rsa_pk1 and rsa_oaep
add missing check for BN_mod_inverse
Add missing OPENSSL_clear_free before using ec->key
Matt Caswell (44):
Prepare for 1.1.1b-dev
Disallow Ed25519 signature maleability
Add an Ed25519 signature maleability test
Revert "Reduce stack usage in tls13_hkdf_expand"
Fix some SSL_export_keying_material() issues
Make sure build_SYS_str_reasons() preserves errno
Preserve errno on dlopen
Document the num_tickets s_server option
Disallow Ed448 signature malleability
Add an Ed448 malleability test
make update
Fix shlibloadtest to properly execute the dso_ref test
Fix a RUN_ONCE bug
Implement OPENSSL_INIT_NO_ATEXIT
Don't link shlibloadtest against libcrypto
Test atexit handlers
Introduce a no-pinshared option
Support _onexit() in preference to atexit() on Windows
Fix no-cmac
Don't complain if we receive the cryptopro extension in the ClientHello
Add a test for correct handling of the cryptopro bug extension
Don't artificially limit the size of the ClientHello
Check a return value in the SRP code
Check more return values in the SRP code
Add missing entries in ssl_mac_pkey_id
Don't get the mac type in TLSv1.3
Make sure we trigger retransmits in DTLS testing
Revert "Keep the DTLS timer running after the end of the handshake if appropriate"
Don't leak memory from ERR_add_error_vdata()
Fix no-dso builds
Complain if -twopass is used incorrectly
Make OPENSSL_malloc_init() a no-op
Don't signal SSL_CB_HANDSHAKE_START for TLSv1.3 post-handshake messages
Fix -verify_return_error in s_client
Use order not degree to calculate a buffer size in ecdsatest
Don't interleave handshake and other record types in TLSv1.3
Add a test for interleaving app data with handshake data in TLSv1.3
Fix dasync engine
Don't restrict the number of KeyUpdate messages we can process
Ensure bn_cmp_words can handle the case where n == 0
Update NEWS for new release
Update copyright year
Clarify that SSL_shutdown() must not be called after a fatal error
Prepare for 1.1.1b release
Matt Eaton (1):
Update NOTES.ANDROID
Matthew Hodgson (1):
openssl s_server: don't use sendto() with connected UDP socket
Matthias Kraft (3):
Add "weak" declarations of symbols used in safestack.h and lhash.h
Fix Invalid Argument return code from IP_Factory in connect_to_server().
Fix reference to symbol 'main'.
Michael Haubenwallner (1):
Windows/Cygwin dlls need the executable bit set
Michael Richardson (2):
fixed grammar typo
clarify which functions are the CMS functions which must have CMS_PARTIAL set
Michael Tuexen (1):
Fix end-point shared secret for DTLS/SCTP
Nicola Tuveri (2):
Test for constant-time flag leakage in BN_CTX
Clear BN_FLG_CONSTTIME on BN_CTX_get()
Paul Yang (3):
Fix wrong return value in ssl3_ctx_ctrl
Fix access zero memory if SSL_DEBUG is enabled
Fix a grammar nit in CRYPTO_get_ex_new_index.pod
Pauli (1):
Address a bug in the DRBG tests where the reseeding wasn't properly reinstantiating the DRBG.
Petr Vorel (1):
Reuse already defined macros
Richard Levitte (37):
Smarter build of system error text database
Add an error message test recipes for system error messages
Change tarball making procedure
Remove all 'make dist' artifacts
VMS: fix collected error strings
VMS config: Typo fix, as -> AS
Document the removed 'dist' target
Don't export util/mktar.sh
Don't export the submodules 'boringssl', 'krb5' and 'pyca-cryptography'
Make sure to run util/mktar.sh from the source directory
Have util/mktar.sh display the absolute path to the tarball
Avoid test_errstr in a cross compiled configuration
VMS build: in descrip.mms.tmpl's src2obj, do .S -> .asm too
VMS build: don't forget the generation marker when removing files
Don't test the collected system errors when configured to not have them
Docs fixup: some man3 pages had unindented code in SYNOPSIS
Make EVP_PKEY_asn1_add0() stricter about its input
Prevent calling decryption in an encryption context and vice versa
make update
Fix error in processing $target{enable}
VMS build: better treatment of .S -> .obj compilation
ERR: preserve system error number in a few more places
crypto/uid.c: use own macro as guard rather than AT_SECURE
crypto/armcap.c, crypto/ppccap.c: stricter use of getauxval()
apps/verify.c: Change an old comment to clarify what the callback does
Android build: use ANDROID_NDK_HOME rather than ANDROID_NDK
VMS: force 'pinshared'
Better phrasing around 1.1.0
test/drbgtest.c: call OPENSSL_thread_stop() explicitly
test/recipes/02-err_errstr: skip errors that may not be loaded on Windows
apps/ocsp.c Use the same HAVE_FORK / NO_FORK as in speed.c
Configure: stop forcing use of DEFINE macros in headers
Mark generated functions unused (applies to safestack, lhash, sparse_array)
Windows: Call TerminateProcess, not ExitProcess
Rearrange the inclusion of curve448/curve448_lcl.h
VMS: disable the shlibload test for now
Disable 02-test_errstr.t on msys/mingw as well as MSWin32
Sam Roberts (3):
Make some simple getters take const SSL/SSL_CTX
Remove unnecessary trailing whitespace
Ignore cipher suites when setting cipher list
Shigeki Ohtsu (1):
s_client: fix not to send a command letter of R
Shreya Bhandare (1):
EVP_PKEY_size declared to take a const parameter
Tobias Stoeckmann (1):
Fixed typo (vi leftover).
Todd Short (2):
Fix d2i_PublicKey() for EC keys
Update d2i_PrivateKey documentation
Tomas Mraz (2):
Remove stray -modulus option from the ec manual page.
Allow the syntax of the .include directive to optionally have '='
Vedran Miletić (1):
Add missing dots in dgst man page
Viktor Dukhovni (2):
Update generator copyright year.
More configurable crypto and ssl library initialization
batist73 (1):
Android build: fix usage of NDK home variable ($ndk_var)
cclauss (1):
Travis CI: Use flake8 to find Python syntax errors or undefined names
weinholtendian (1):
Fix error message for s_server -psk option
-----------------------------------------------------------------------
More information about the openssl-commits
mailing list