[openssl] OpenSSL_1_1_1e create
Matt Caswell
matt at openssl.org
Tue Mar 17 15:00:05 UTC 2020
The annotated tag OpenSSL_1_1_1e has been created
at b1632d3a3eb3a7a70e6cbec3a06bf0d43878d953 (tag)
tagging a61eba4814fb748ad67e90e81c005ffb09b67d3d (commit)
replaces OpenSSL_1_1_1d
tagged by Matt Caswell
on Tue Mar 17 14:31:17 2020 +0000
- Log -----------------------------------------------------------------
OpenSSL 1.1.1e release tag
-----BEGIN PGP SIGNATURE-----
iQFFBAABCAAvFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAl5w3zURHG1hdHRAb3Bl
bnNzbC5vcmcACgkQ2cTSbQ5gRJEvEAf+IJjR6gOC9PNg1fQC8+KGBT8Dh5R0Xja5
Uuo3/qY6XWgjy/E24LtNZuENHRWeq9YpS0zY8alGIlpIjhVrsTvCn4QooWctvgB6
ctaK9nDxCsqmGTGx6fQnyvjOSzV959kEkRonrIhoovhxXcXOWyewOC0c2nUG9fhW
glkxEKjFy191XwpTqzSw4pyt7ri/be8hhB/e1LBmST5uaMOAQzEvebwfZV7CWb0z
PUTruj6OFLE/jsoZuoz42nNwixmH1dAddDqqj0oS87WBW7C7WlBbLo/IuHCpCXfX
mVid93EOOJ0sagDh300KMHpz3E7KlFmPyVL1uD90+kfPUJ2Zk8wuyw==
=8V3x
-----END PGP SIGNATURE-----
Andrew Hoang (1):
Fix incorrect return code on ECDSA key verification
Andy Polyakov (1):
Fix an overflow bug in rsaz_512_sqr
Anthony Hu (1):
Add missing EVP_PKEY_METHOD accessors for digestsign and digestverify
Antoine Salon (1):
Add missing EVP_MD documentation
Artiom Vaskov (1):
ssl/statem/statem_lib.c: make servercontext/clientcontext arrays of chars instead of char pointers to fix EBCDIC builds.
Bastian Germann (2):
apps x509: restrict CAkeyform option to OPT_FMT_PDE
apps x509: passing PKCS#11 URL as -signkey
Ben Kaduk (1):
sslapitest: don't leak the SSL_CTX pair
Benjamin Kaduk (10):
Fix a race condition in SNI handling
Update the krb5 submodule
Update SSL_CTX_sess_set_new_cb(3) docs for refcounts
openssl-config: add example libssl system-defaults
Additional updates to SSL_CTX_sess_set_get_cb.pod
doc: fix spelling of TYPE_get_ex_new_index
Fix whitespace nit in ssl_generate_master_secret()
Don't write to the session when computing TLS 1.3 keys
Code to thread-safety in ChangeCipherState
Add test that changes ciphers on CCS
Bernd Edlinger (32):
Fix potential memory leaks with BN_to_ASN1_INTEGER
Add a minimal windows build config for AppVeyor
Add a minimal linux build target for Travis
Fix building statically without any dso support
Fix iOS simulator build
Fix a -Warray-bounds gcc warning in OPENSSL_DIR_read
Fix sha512_block_data_order_avx2 backtrace info
Improve the overflow handling in rsaz_512_sqr
Add a test case for rsaz_512_sqr overflow handling
Add a CHANGES entry for CVE-2019-1551
Fix unwind info for some trivial functions
Add some missing cfi frame info in camellia-x86_64.pl
Add some missing cfi frame info in x86_64-mont5.pl
Add some missing cfi frame info in rsaz-x86_64
Add some missing cfi frame info in aesni-x86_64.pl
Add some missing cfi frame info in keccak1600-x86_64.pl
Add some missing cfi frame info in aesni-sha and sha-x86_64.pl
Add some missing cfi frame info in ecp_nistz256-x86_64.pl
Fix aesni_cbc_sha256_enc_avx2 backtrace info
Add some missing cfi frame info in x25519-x86_64.pl
Add some missing cfi frame info in aesni-gcm-x86_64.pl
Add some missing cfi frame info in poly1305-x86_64.pl
Add some missing cfi frame info in rc4-md5-x86_64.pl
Fix a race condition in the speed command
Fix side channel in ecp_nistz256-x86.pl
Fix side channel in ecp_nistz256-armv4.pl
Improve side channel fix in ecp_nistz256-x86_64.pl
Fix side channel in the ecp_nistz256.c reference implementation
Fix TLS not using aes_cbc_hmac_sha ciphers
Remove remaining references to crypto/include
Adjust minimal build config in 1.1.1 branch
This works around a gcc-9 crash
Billy Brumley (1):
[crypto/bn] fix a few small timing leaks in BN_lshift1 and BN_rshift1
Cesar Pereida Garcia (6):
[crypto/asn1/x_bignum.c] Explicit test against NULL
Unify BN_rshift design
Constant-time GCD function.
Add GCD testing infrastructure.
Update control logic for BN_gcd
Enable runtime testing of no-deprecated builds in Travis
Christian Heimes (2):
doc: EVP_DigestInit clears all flags
Add test cases for min/max protocol API
Daniil Zotkin (1):
Do not print extensions in Certificate message for TLS1.2 and lower
David Benjamin (3):
Document and add macros for additional DSA options
Avoid leaking intermediate states in point doubling special case.
Do not silently truncate files on perlasm errors
David Makepeace (1):
Fix type name typo in d2i/i2d documentation.
Davide Galassi (1):
Prevent compiler warning for unused static function.
Dmitry Belyavskiy (3):
Workaround for Windows-based GOST implementations
Difference between EVP_CipherInit and EVP_CipherInit_ex
Parse large GOST ClientKeyExchange messages
Dr. David von Oheimb (1):
fix a glitch in the documentation of OCSP_sendreq_bio()
Dr. Matthias St. Pierre (16):
crypto/threads_none.c: fix syntax error in openssl_get_fork_id()
crypto/threads_win.c: fix preprocessor indentation
Reorganize private crypto header files
Reorganize local header files
Fix header file include guard names
Add util/fix-includes script
rsa: replace magic number '11' by RSA_PKCS1_PADDING_SIZE
Configure: accept Windows style compiler options
rand_unix.c: correct include guard comments
Move random-related defines from e_os.h to rand_unix.c
util/mkerr.pl: revert accidental change of header guards
rand_lib.c: fix null pointer dereferences after RAND_get_rand_method() failure
Temporarily disable external pyca tests
Revert "Move random-related defines from e_os.h to rand_unix.c"
Fix misspelling errors and typos reported by codespell
doc: document that 'openssl rand' is cryptographically secure
Fangming.Fang (4):
Add arm64 in test matrix on TravisCI.
Fix exit issue in travisci
Enrich arm64 tests in Travis matrix
Fix side channel in ecp_nistz256-armv8.pl
FdaSilvaYY (1):
Appveyor: update to Visual Studio 2017.
H.J. Lu (1):
Fix unwind info in crypto/rc4/asm/rc4-x86_64.pl
Ido Ben-Natan (1):
Fix misspelled resumption_label for CHARSET_EBCDIC
Jakub Jelen (2):
doc: Fix typo in EVP_DigestSignInit manpage
doc: Update the reference from draft to RFC
Jakub Zelenka (1):
Fix SYNOPSIS for ASN1_ENUMERATED_get_int64 and ASN1_ENUMERATED_set_int64
James Peach (1):
docs: fix typo in SSL functions
Jan-Frederik Rieckers (1):
Fix small typo in doc for X509_STORE_CTX_new
Joerg Schmidbauer (1):
chacha_enc.c: fix for EBCDIC platforms
Johannes Bauer (1):
Cleanup hardcoded cipher suite codepoints in s_server
Jon Spillett (1):
apps/pkcs12: print multiple PKCS#12 safeBag attribute values if present
Jussi Keranen (1):
Fix regression on x509 keyform argument
Kurt Roeckx (8):
Use the correct maximum indent
Add defines for __NR_getrandom for all Linux architectures
Replace apps/server.pem with certificate with a sha256 signature.
Check that the default signature type is allowed
Create a new embeddedSCTs1 that's signed using SHA256
Stop accepting certificates signed using SHA1 at security level 1
Generate new Ed488 certificates
Check that ed25519 and ed448 are allowed by the security level
ManishPatidar1 (1):
clearing the ecx private key memory
Matt Caswell (33):
Prepare for 1.1.1e-dev
Correct the function names in SSL_CTX_set_stateless_cookie_generate_cb.pod
Send bad_record_mac instead of decryption_failed
i2d_PublicKey was listed in 2 different man pages
Fix an incorrect macro
Fix a copy&paste error in the TLSv1.3 server side PSK documentation
Fix an s_server arbitrary file read issue on Windows
Don't leak memory in the event of a failure in i2v_GENERAL_NAMES
EVP_*Update: ensure that input NULL with length 0 isn't passed
Add a test for NULL chunks in encrypt/decrypt
Ensure EVP_PKEY_set1_DH detects X9.42 keys
Test that EVP_PKEY_set1_DH() correctly identifies the DH type
Backport the RSA_get0_pss_params() function from master
Update the HISTORY entry for RSA_get0_pss_params()
Fix evp_extra_test with no-dh
Run make update
Don't store an HMAC key for longer than we need
Fix pkeyutl -verifyrecover
Fix SSL_get_servername() and SNI behaviour
Test that SSL_get_servername returns what we expect
Provide better documentation for SSL_get_servername()
Don't acknowledge a servername following warning alert in servername cb
Fix no-tls1_3
Add *.d.tmp files to .gitignore
Detect EOF while reading in libssl
Teach more BIOs how to handle BIO_CTRL_EOF
Clarify the usage of EVP_PKEY_get_raw_[private|public]_key()
Revert "Stop accepting certificates signed using SHA1 at security level 1"
Revert "Create a new embeddedSCTs1 that's signed using SHA256"
Update NEWS for the new release
Update CHANGES for the new release
Update copyright year
Prepare for 1.1.1e release
Matt Turner (1):
config: Drop linux-alpha-gcc+bwx
Michael Osipov (1):
Fix long name of some Microsoft objects
NaveenShivanna86 (1):
'init_buf' memory can be freed when DTLS is used over SCTP (not over UDP).
Nicola Tuveri (8):
[ec_asn1.c] Avoid injecting seed when built-in matches
Improve formatting for man3/EC_GROUP_new.pod
Fix doc for EC_GROUP_set_curve()
Add more tests for apps/req
Fix EC_POINT_bn2point() for BN_zero()
Add self-test for EC_POINT_hex2point
Extend docs for EC_POINT conversion functions
Fix potential SCA vulnerability in some EC_METHODs
Nikolay Morozov (1):
Forgotten GOST2012 support in non-vital places
Patrick Steuer (9):
md4/md5: macros should not include the line following them
s390x assembly pack: enable clang build
Fix --strict-warnings build
testutil/init.c rename to testutil/testutil_init.c
travis.yml: add arch s390x target
s390x assembly pack: fix bn_mul_comba4
Allow specifying the tag after AAD in CCM mode (2)
aes-s390x.pl: fix stg offset caused by typo in perlasm
crypto/ec/curve448/eddsa.c: fix EBCDIC platforms
Paul Yang (3):
Fix a return value bug in apps/speed.c
Fix a bundle of mischecks of return values
Suppress an error when doing SM2 sign/verify ops
Pauli (9):
Fix typo in comment
Add documentation for the -sigopt option.
issue-8493: Fix for filenames with newlines using openssl dgst
ECDSA: don't clear free memory after verify.
Engine: Add NULL check.
EVP p_lib: Add NULL check to EVP_PKEY_missing_parameters.
main: avoid a NULL dereference on initialisation.
Remove spurious space from file.
Coverity CID 1444960: Error handling issues
Pavel Karagodin (1):
apps/dgst.c: allocate a new signature buffer
Rich Salz (3):
Fix reference to PEM docs
Ignore duplicated undocumented things
Fix docs for CRYPTO_secure_allocated
Richard Levitte (27):
Do no mention private headers in public headers
DOC: fix documentation of som EVP_MD_CTX functions
Define AESNI_ASM if AESNI assembler is included, and use it
Add documentation for PEM_{read,write}_bio_Parameters()
VMS: Added new method to gather entropy on VMS, based on SYS$GET_ENTROPY.
BIO_s_connect: add an error state and use it
Configure: Make --strict-warnings meaningful with MSVC cl
SSL: Document SSL_add_{file,dir}_cert_subjects_to_stack()
UI_UTIL_wrap_read_pem_callback(): when |cb| is NULL, use PEM_def_callback
doc/man7/proxy-certificates.pod: New guide for proxy certificates
i2b_PVK(): Use Encrypt, not Decrypt
apps/ocsp.c: sock_timeout -> socket_timeout
Disable devcryptoeng on newer OpenBSD versions
Configuration: compute openssl_other_defines and related info later
Configure: use $list_separator_re only for defines and includes
Fix documentation of return value for EVP_Digest{Sign,Verify}Init()
For all assembler scripts where it matters, recognise clang > 9.x
OpenSSL::Test: bring back the relative paths
config: ensure the perl Configure run is the last statement
VMS: Adapt descrip.mms template to the changed inclustion dirs
VMS: Correct error reporting in crypto/rand/rand_vms.c
DOC: document in more detail what a BIO_read_ex() via BIO_f_buffer() does
VMS: mitigate for the C++ compiler that doesn't understand certain pragmas
DOC: Add documentation related to X509_LOOKUPs
DOC: Fixups of X509_LOOKUP.pod
DOC: New file for EVP_PKEY_size(), EVP_PKEY_bits() and EVP_PKEY_security_bits()
DOC: Make EVP_SignInit.pod conform with man-pages(7)
Saritha (1):
apps/speed.c: Fix eddsa sign and verify output with -multi option
Scott Arciszewski (1):
Fix comment placement in ecp_nistp256.ci
Scott Wilson (1):
Fix potential memory leak in dh_ameth.c
Simon Cornish (1):
Handle max_fragment_length overflow for DTLS
Tanzinul Islam (1):
Fix find/rm command in Unix clean recipe
Tobias Nießen (1):
Allow EVP_PKEY_get0_RSA for RSA-PSS keys
Tomas Mraz (1):
BIO_f_zlib: Properly handle BIO_CTRL_PENDING and BIO_CTRL_WPENDING calls.
Veres Lajos (1):
Fix some typos
Viktor Dukhovni (1):
Ignore empty ALPN elements in CLI args
Viktor Szakats (1):
Fix unused goto label gcc warning
agnosticdev (1):
Update dgst.c to show a list of message digests
dcruette (1):
Update tls13_enc.c
fangming.fang (1):
Fix disabled ecdsa in apps/speed
jayaram (1):
fixed the RETURN VALUES section in the EC_GROUP documentation for the following functions.
kinichiro (4):
Check return value after loading config file
Return 1 when openssl req -addext kv is duplicated
Avoid leak in error path of asn1_parse2
Avoid leak in error path of PKCS5_PBE_keyivgen
moehuster (1):
Fix L<EVP_MD_CTX_set_pkey_ctx> links
raniervf (1):
conf_def.c: Avoid calling strlen() in a loop
thekuwayama (1):
Fix small misspelling in doc for OCSP_response_status
zero (1):
Update NOTES.ANDROID for newer NDK versions + small fixes.
-----------------------------------------------------------------------
More information about the openssl-commits
mailing list