[openssl] OpenSSL_1_1_1d create
Matt Caswell
matt at openssl.org
Tue Sep 10 14:00:08 UTC 2019
The annotated tag OpenSSL_1_1_1d has been created
at 150886311c80c1d06786d152039650ecb6ff6746 (tag)
tagging 894da2fb7ed5d314ee5c2fc9fd2d9b8b74111596 (commit)
replaces OpenSSL_1_1_1c
tagged by Matt Caswell
on Tue Sep 10 14:13:07 2019 +0100
- Log -----------------------------------------------------------------
OpenSSL 1.1.1d release tag
-----BEGIN PGP SIGNATURE-----
iQFFBAABCgAvFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAl13oWMRHG1hdHRAb3Bl
bnNzbC5vcmcACgkQ2cTSbQ5gRJFAnQgAoT80YMDLGdz4xIqoEzbkxiS5HUiI1Urq
gd7yX6IN+K3iB6uNDLToX8GuAI7BT5XYGfx9QhsI2MauRlTPPUBwFvndRl3qzwJj
CE7Qz8LlPw4uz8V/VaihIR3f8TZokq1hIssmoY7eEeVYELyL4nV4Y5Uf0KW/u52v
rTbqn8yMvLNUVCWEhKVnaQKbzjFVEkIocE9pWl5xH7qQQcVg0HnUT8Qp/DexFI/p
VB5V1GjsKMrHUTG9GgErGdzJdqj95RPdYUC6UAall+sNYtdQ8a+RzIdxXoXTDL6E
FEt1+wsxkUD8AKQF3ajwOB8jIO3pzuV9d2h8mxxBP+5iAQpJg+cbDA==
=0Ff9
-----END PGP SIGNATURE-----
Acheev Bhagat (2):
Replace BIO_printf with ASN1_STRING_print in GENERAL_NAME_print
Remove redundant include
Antoine Cœur (2):
Fix Typos
Fix Typos
Benjamin Kaduk (3):
Add regression test for #9099
Revert "Delay setting the sig algs until after the cert_cb has been called"
Move 'shared_sigalgs' from cert_st to ssl_st
Bernd Edlinger (26):
Fix a URL to the NMBRTHRY list archive
Fix error handling at openssl_strerror_r
Handle CTRL-C as non-redoable abort signal
Fix ASN1_TYPE_get/set with type=V_ASN1_BOOLEAN
Check for V_ASN1_BOOLEAN/V_ASN1_NULL in X509_ATTRIBUTE_get0_data
Fix an endless loop in BN_generate_prime_ex
Fix a C++ comment in the refcount.h
Add value_barriers in constant time select functions
Change DH parameters to generate the order q subgroup instead of 2q
Allocate DRBG additional data pool from non-secure memory
Use OPENSSL_strlcpy instead of strncpy in e_afalg.c
Fix error handling in X509_chain_up_ref
Add a fallback definition for __NR_getrandom for ARM linux
Add a fallback definition for __NR_getrandom for x86 linux
Remove ifndef FIPS_MODE from rand_unix.c
Cleanup includes in rand_unix.c
Fix error handling in x509_lu.c
Fix a SCA leak in BN_generate_dsa_nonce
Remove x86/x86_64 BSAES and AES_ASM support
Change DH_generate_parameters back to order 2q subgroup
DH_check_pub_key_ex was accidentally calling DH_check, so results were undefined.
Use BN_clear_free in DH_set0_key
Fix build with VS2008
Fix a strict warnings error in rand_pool_acquire_entropy
Fix a potential crash in rand_unix.c
Fix a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey
Billy Brawner (1):
Suppress 'No server certificate CA names sent' message
Billy Brumley (4):
[crypto/ec] for ECC parameters with NULL or zero cofactor, compute it
[test] computing ECC cofactors: regression test
CHANGES entry: for ECC parameters with NULL or zero cofactor, compute it
[test] ECC: check the bounds for auto computing cofactor
Cesar Pereida Garcia (3):
Fix SCA vulnerability when using PVK and MSBLOB key formats
[crypto/asn1] Fix multiple SCA vulnerabilities during RSA key validation.
[crypto/rsa] Set the constant-time flag in multi-prime RSA too
David Benjamin (2):
Fix various mistakes in ec_GFp_nistp_recode_scalar_bits comment.
Don't generate an unnecessary Diffie-Hellman key in TLS 1.3 clients.
David Makepeace (1):
Fixed typo in code comment. [skip ci]
David Woodhouse (1):
Fix bogus check for EVP_PKEY mandatory digest in check_cert_usable()
David von Oheimb (1):
make RSA and DSA operations throw MISSING_PRIVATE_KEY if needed, adapt ECDSA
Denis Ovsienko (1):
Remove some duplicate words from the documentation
Dmitry Belyavskiy (1):
Avoid NULL pointer dereference. Fixes #9043.
Dr. Matthias St. Pierre (20):
crypto/conf: openssl_config_int() returns unitialized value
Remove last references to DEBUG_SAFESTACK
Document deprecation of version-specific SSL/TLS methods
Fix typo in macro argument of SSL_set1_client_sigalgs_list()
Revert the DEVRANDOM_WAIT feature
Add CHANGES entries for the DEVRANDOM_WAIT feature and its removal
man: fix documentation for RSA_generate_key()
man: clarify the 'random number generator must be seeded' requirement
Add regenerated header files
man: fix typo in OPENSSL_fork_prepare.pod
Remove external HEADER_SYMHACKS_H include guard
Remove HEADER_BSS_FILE_C module include guard
Remove OPENSSL_X509V3_H include detector from openssl/cms.h
Remove HEADER_X509_H include detector from apps
Add missing accessors for X509 AuthorityKeyIdentifier
INSTALL: clarify documentation of the --api=x.y.z deprecation option
Configure: clang: move -Wno-unknown-warning-option to the front
drbg: ensure fork-safety without using a pthread_atfork handler
drbg: add fork id to additional data on UNIX systems
drbg: fix issue where DRBG_CTR fails if NO_DF is used (2nd attempt)
Iuri Rezende Souza (1):
Typo BIO_SOCK_REUSADDR => BIO_SOCK_REUSEADDR
Johannes (1):
Correct documented return value for BIO_get_mem_data()
John Schember (1):
iOS build: Replace %20 with space in config script
Krists Krilovs (1):
Fix wrong lock claimed in x509 dir lookup.
Lei Maohui (1):
Fix build error for aarch64 big endian.
Martin Peylo (1):
Adding Test.pm with workaround for Perl abs2rel bug
Martin Ukrop (1):
Fix reversed meaning of error codes
Matt Caswell (24):
Defer sending a KeyUpdate until after pending writes are complete
Write a test for receiving a KeyUpdate (update requested) while writing
Move a fall through comment
Update the d2i docs to reflect reality
Fix a race condition in supported groups handling
Fix a race condition in ciphers handling
Following the previous 2 commits also move ecpointformats out of session
Ensure that rc5 doesn't try to use a key longer than 2040 bits
Fix the return value for SSL_get0_chain_certs()
Fix SSL_MODE_RELEASE_BUFFERS functionality
Correct the Extended Master Secret string for EBCDIC
Fix ECDSA_SIG docs
Clarify the INSTALL instructions
Ensure RSA PSS correctly returns the right default digest
Add Restricted PSS certificate and key
Add TLS tests for RSA-PSS Restricted certificates
Fix SSL_check_chain()
Extend tests of SSL_check_chain()
Don't send a status_request extension in a CertificateRequest message
Teach TLSProxy how to parse CertificateRequest messages
Update CHANGES and NEWS for the new release
Remove duplicate CHANGES entry
Update copyright year
Prepare for 1.1.1d release
Miquel Ruiz (1):
Add SSL_shutdown to SSL_get_error's documentation
Mykola Baibuz (1):
doc: fix link in BN_new.pod
Nicola Tuveri (8):
Fix a SCA leak using BN_bn2bin()
Make BN_num_bits() consttime upon BN_FLG_CONSTTIME
Uniform BN_bn2binpad() and BN_bn2lebinpad() implementations
[ec/ecp_nistp*.c] remove flip_endian()
[ec/ecp_nistp*.c] restyle: use {} around `else` too
Append CVE-2019-1547 to related CHANGES entry
[ec] Match built-in curves on EC_GROUP_new_from_ecparameters
Fix spacing nit in test/ectest.c
Omid Najafi (1):
Fix syntax error for the armv4 assembler
Patrick Steuer (3):
s390x assembly pack: fix restoring of SIGILL action
Directly return from final sha3/keccak_final if no bytes are requested
Test for out-of-bounds write when requesting zero bytes from shake
Paul Yang (2):
Add documentation for X509_cmp and related APIs
Add description in X509_STORE manipulation
Pauli (14):
Fix broken change from b3d113e.
ARIA documentation titled itself AES
Add documentation for CRYPTO_memcmp.
Allow AES XTS decryption using duplicate keys.
Excise AES-XTS FIPS check.
Remove DRBG from SSL structure.
Avoid double clearing some BIGNUMs
Make rand_pool buffers more dynamic in their sizing.
Add weak platform independent PRNG to test framework.
Start up DEVRANDOM entropy improvement for older Linux devices.
Avoid overflowing FDSET when using select(2).
Fix NITs in comments and CHANGES for DEVRANDOM seeded check.
Don't include the DEVRANDOM being seeded logic on Android.
Remove duplicate CHANGES text.
Rebecca Cran (2):
Swap #if blocks in uid.c so target platform gets checked before host
Fix UEFI build on FreeBSD by not including system headers
Retropotenza (1):
Fix CHECK_BSD_STYLE_MACROS for OpenBSD and cryptodev-linux
Rich Salz (3):
util/mkerr.pl: Add an inclusion of symhacks.h in all error files
.travis.yml: Use travis_terminate on failure
Fix some pod-page ordering nits
Richard Levitte (12):
Prepare for 1.1.1d-dev
Configure: link AIX modules correctly
Configurations/unix-Makefile.tmpl: not -v for rm
apps/ca.c: only output DER with SPKAC input and when -out is chosen
test/enginetest.c: Make sure no config file is loaded
Cygwin: enable the use of Dl_info and dladdr()
Fix default installation paths on mingw
engines/build.info: if the padlock engine is disabled, don't build it!
Configurations/unit-Makefile.tmpl: Don't clean away dotted files
crypto/engine/eng_openssl.c: define TEST_ENG_OPENSSL_RC4_P_INIT conditionally
openssl dgst, openssl enc: check for end of input
test/evp_test.c: distinguish parsing errors from processing errors
Sambit Kumar Dash (2):
Update EVP_VerifyInit.pod
Update X509_STORE_new.pod
Shane Lontis (3):
Add the content type attribute to additional CMS signerinfo.
Cleanup use of X509 STORE locks
Change EVP_CIPHER_CTX_iv_length() to return current ivlen for some modes
Shigeki Ohtsu (1):
Fix doc to remove const arg in GEN_SESSION_CB
Todd Short (1):
Fix SSL_CTX_set_session_id_context() docs
Tomas Mraz (6):
The SHA256 is not a mandatory digest for DSA.
BIO_lookup_ex: Retry with AI_ADDRCONFIG cleared if getaddrinfo fails
Fix and document BIO_FLAGS_NONCLEAR_RST behavior on memory BIO
Clarify documentation of SSL_CTX_set_verify client side behavior
BIO_lookup_ex: Always retry the lookup on failure with AI_NUMERICHOST set
BIO_lookup_ex: Do not retry on EAI_MEMORY
Viktor Dukhovni (1):
Actually silently ignore GET / OCSP requests
Vitezslav Cizek (1):
build_SYS_str_reasons: Fix a crash caused by overlong locales
Vladimir Kotal (2):
make ecp_nistz256_point_add_vis3() local
mention what happens if OPENSSL_NO_RC2 is defined
agnosticdev (2):
issue-8998: Ensure that the alert is generated and reaches the remote
issue-9316: Update return documentation for RAND_set_rand_engine
joe2018Outlookcom (1):
Fix warning C4164 in MSVC.
opensslonzos-github (1):
Add missing EBCDIC strings
raja-ashok (4):
Fix typo mistake on calls to SSL_ctrl in ssl.h
Use allow_early_data_cb from SSL instead of SSL_CTX
Fix SSL_set_ciphersuites to set even if no call to SSL_set_cipher_list
Test SSL_set_ciphersuites
-----------------------------------------------------------------------
More information about the openssl-commits
mailing list