[openssl] OpenSSL_1_1_1h create
Matt Caswell
matt at openssl.org
Tue Sep 22 13:16:48 UTC 2020
The annotated tag OpenSSL_1_1_1h has been created
at 2cc678ce157832a21d2716c7f1774371b811cc15 (tag)
tagging f123043faa15965c34947670ff3d3a7005d6bdb4 (commit)
replaces OpenSSL_1_1_1g
tagged by Matt Caswell
on Tue Sep 22 13:55:07 2020 +0100
- Log -----------------------------------------------------------------
OpenSSL 1.1.1h release tag
-----BEGIN PGP SIGNATURE-----
iQFFBAABCAAvFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAl9p9CsRHG1hdHRAb3Bl
bnNzbC5vcmcACgkQ2cTSbQ5gRJE4pgf+LraDk/D4QHxLzVEo7ZrSIUR1u75tHTlz
YnlbquplRRu7eg9V6IuBN3WZofmOfiN+VjpZUe59sI+hjPq6iVohVKkRqEVAPEMT
2h1H+pXhe/OM4rBiaA/W08kwb1kRI4dS9hdX2DRMjNW+oIYLslBXPjjMtnU0/L0A
qX12jsFhTt5gx1wNiLIe9h6U/YVg3ZCjgMBem4koPsVfXO00p3WxfVKgpHs2/yxJ
KT7qhaEievULOxROWzzGl2wlVUgzGq62fSfkPicGD7pee7kw0wi/Meos6l4Vyexo
dzG7bFIUMI57dkFOWEqX4tKwCyO2MxmO1Xc4aw3fvcEyOu74BFXXJA==
=Ezks
-----END PGP SIGNATURE-----
Arne Schwabe (1):
Fix type cast in SSL_CTX_set1_groups macro
Attila Szakacs (1):
Configuration: do not overwrite BASE_unix ex_libs in AIX
Benjamin Kaduk (2):
sslapitest: only compile test when it will be used
Fix a typo in SSL_CTX_set_session_ticket_cb.pod
Benny Baumann (1):
Force ssl/tls protocol flags to use stream sockets
Bernd Edlinger (9):
Remove AES bitsliced S-box implementation from Boyar and Peralta
Fix rsa8192.pem
Fix some places where X509_up_ref is used without error handling.
Fix egd and devrandom source configs
Avoid undefined behavior with unaligned accesses
bio printf: Avoid using rounding errors in range check
Revert the check for NaN in %f format
Prevent extended tests run unexpectedly in appveyor
Fix a buffer overflow in drbg_ctr_generate
Billy Brumley (1):
[test] ectest: check custom generators
Christian Hohnstaedt (1):
i2b_PVK_bio: don't set PEM_R_BIO_WRITE_FAILURE in case of success
Dimitri John Ledkov (1):
man3: Drop warning about using security levels higher than 1.
Dirk-Willem van Gulik (1):
Add setter equivalents to X509_REQ_get0_signature
Dr. David von Oheimb (9):
Allow NULL arg to OSSL_STORE_close()
Fix B<..> vs. I<..> and add two remarks in OSSL_STORE_open.pod
Make BIO_do_connect() and friends handle multiple IP addresses
Replace BUF_strdup() call by OPENSSL_strdup() adding failure check in bss_acpt.c
Fix err checking and mem leaks of BIO_set_conn_port and BIO_set_conn_address
Silence gcc false positive warning on refdatalen in test/tls13encryptiontest.c
Silence gcc false positive warning on alpn_protos_len in test/handshake_helper.c
Fix issue 1418 by moving check of KU_KEY_CERT_SIGN and weakening check_issued()
x509_vfy.c: Improve key usage checks in internal_verify() of cert chains
Dr. Matthias St. Pierre (3):
Fix use-after-free in BIO_C_SET_SSL callback
Fix the DRBG seed propagation
Revert two renamings backported from master
Glenn Strauss (1):
improve SSL_CTX_set_tlsext_ticket_key_cb ref impl
Gustaf Neumann (1):
Fix typos and repeated words
Henry N (1):
Fix: ecp_nistz256-armv4.S bad arguments
Hubert Kario (1):
use safe primes in ssl_get_auto_dh()
Jack O'Connor (1):
fix a docs typo
Jung-uk Kim (1):
Ignore vendor name in Clang version number.
Kurt Roeckx (1):
Improve SSL_shutdown documentation.
Matt Caswell (15):
Prepare for 1.1.1h-dev
Correct alignment calculation in ssl3_setup_write
Ensure we never use a partially initialised CMAC_CTX
Correctly handle the return value from EVP_Cipher() in the CMAC code
Add a CMAC test
Make it clear that you can't use all ciphers for CMAC
Ensure that SSL_dup copies the min/max protocol version
Update the SSL_dup documentation to match reality
Don't attempt to duplicate the BIO state in SSL_dup
Add an SSL_dup test
Fix a typo on the SSL_dup page
Fix a test_verify failure
Updates CHANGES and NEWS for the new release
Update copyright year
Prepare for 1.1.1h release
Maxim Zakharov (1):
TTY_get() in crypto/ui/ui_openssl.c open_console() can also return errno 1 (EPERM, Linux)
Maximilian Blenk (1):
Fix PEM certificate loading that sometimes fails
Miłosz Kaniewski (1):
Free pre_proc_exts in SSL_free()
Nicola Tuveri (13):
[EC] Constify internal EC_KEY pointer usage
[EC] harden EC_KEY against leaks from memory accesses
[BN] harden `BN_copy()` against leaks from memory accesses
Fix typo from #10631
More testing for sign/verify through `dgst`
More testing for CLI usage of Ed25519 and Ed448 keys
[crypto/ec] Remove unreachable AVX2 code in NISTZ256 implementation
Test genpkey app for EC keygen with various args
Refactor BN_R_NO_INVERSE logic in internal functions
[EC][ASN1] Detect missing OID when serializing EC parameters and keys
[apps/genpkey] exit status should not be 0 on output errors
[test][15-test_genec] Improve EC tests with genpkey
[1.1.1][test] Avoid missing EC_GROUP wrappers
Nicolas Vigier (1):
If SOURCE_DATE_EPOCH is defined, use it for copyright year
Nihal Jere (1):
fixed swapped parameters descriptions for x509
Norman Ashley (1):
Support keys with RSA_METHOD_FLAG_NO_CHECK with OCSP sign
Orgad Shaneh (1):
Configure: Avoid SIXTY_FOUR_BIT for linux-mips64
Patrick Steuer (2):
AES CTR-DRGB: performance improvement
EVP_EncryptInit.pod: fix example
Pauli (3):
Coverity 1463830: Resource leaks (RESOURCE_LEAK)
doc: remove reference to the predecessor of SHA-1.
doc: Fix documentation of EVP_EncryptUpdate().
Rajat Dipta Biswas (1):
Update dgst.pod
Read Hughes (1):
Update EVP_EncodeInit.pod
Richard Levitte (6):
fuzz/asn1.c: Add missing #include
Fix d2i_PrivateKey() to work as documented
STORE: Make try_decode_PrivateKey() ENGINE aware
EVP: allow empty strings to EVP_Decode* functions
Configure: Check source and build dir equality a little more thoroughly
Fix PEM_write_bio_PrivateKey_traditional() to not output PKCS#8
Sebastian Andrzej Siewior (1):
doc: Random spellchecking
Shane Lontis (1):
Coverity Fixes
Tomas Mraz (10):
Replace misleading error message when loading PEM
Cast the unsigned char to unsigned int before shifting left
Avoid potential overflow to the sign bit when shifting left 24 places
t1_trce: Fix remaining places where the 24 bit shift overflow happens
Prevent use after free of global_engine_lock
Do not allow dropping Extended Master Secret extension on renegotiaton
Avoid segfault in SSL_export_keying_material if there is no session
sslapitest: Add test for premature call of SSL_export_keying_material
EC_KEY: add EC_KEY_decoded_from_explicit_params()
Disallow certs with explicit curve in verification chain
Tristan Bauer (1):
Fix wrong return value check of mmap function
Viktor Dukhovni (1):
Avoid errors with a priori inapplicable protocol bounds
Vitezslav Cizek (1):
test/drbgtest.c: Fix error check test
Vladimir Kotal (1):
enable DECLARE_DEPRECATED macro for Oracle Developer Studio compiler
aSoujyuTanaka (4):
Changed uintptr_t to size_t. WinCE6 doesn't seem it have the definition.
Disable optimiization of BN_num_bits_word() for VS2005 ARM compiler due to its miscompilation of the function. https://mta.openssl.org/pipermail/openssl-users/2018-August/008465.html
To generate makefile with correct parameters for WinCE.
Enable WinCE build without deceiving _MSC_VER.
luxinyou (1):
Fix memory leaks in conf_def.c
mettacrawler (1):
There is no -signreq option in CA.pl
nia (3):
rand_unix.c: Include correct headers for sysctl() on NetBSD
rand_unix.c: Only enable hack for old FreeBSD versions on FreeBSD
rand_unix.c: Ensure requests to KERN_ARND don't exceed 256 bytes.
olszomal (2):
CMS_get0_signers() description
Add const to 'ppin' function parameter
pedro martelletto (1):
doc/man3: fix types taken by HMAC(), HMAC_Update()
raja-ashok (4):
Fix crash in early data send with out-of-band PSK using AES CCM
Test TLSv1.3 out-of-band PSK with all 5 ciphersuites
Update limitation of psk_client_cb and psk_server_cb in usage with TLSv1.3
Update early data exchange scenarios in doc
-----------------------------------------------------------------------
More information about the openssl-commits
mailing list