[openssl] OpenSSL_1_1_1h create

Matt Caswell matt at openssl.org
Tue Sep 22 13:16:48 UTC 2020


The annotated tag OpenSSL_1_1_1h has been created
        at  2cc678ce157832a21d2716c7f1774371b811cc15 (tag)
   tagging  f123043faa15965c34947670ff3d3a7005d6bdb4 (commit)
  replaces  OpenSSL_1_1_1g
 tagged by  Matt Caswell
        on  Tue Sep 22 13:55:07 2020 +0100

- Log -----------------------------------------------------------------
OpenSSL 1.1.1h release tag
-----BEGIN PGP SIGNATURE-----

iQFFBAABCAAvFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAl9p9CsRHG1hdHRAb3Bl
bnNzbC5vcmcACgkQ2cTSbQ5gRJE4pgf+LraDk/D4QHxLzVEo7ZrSIUR1u75tHTlz
YnlbquplRRu7eg9V6IuBN3WZofmOfiN+VjpZUe59sI+hjPq6iVohVKkRqEVAPEMT
2h1H+pXhe/OM4rBiaA/W08kwb1kRI4dS9hdX2DRMjNW+oIYLslBXPjjMtnU0/L0A
qX12jsFhTt5gx1wNiLIe9h6U/YVg3ZCjgMBem4koPsVfXO00p3WxfVKgpHs2/yxJ
KT7qhaEievULOxROWzzGl2wlVUgzGq62fSfkPicGD7pee7kw0wi/Meos6l4Vyexo
dzG7bFIUMI57dkFOWEqX4tKwCyO2MxmO1Xc4aw3fvcEyOu74BFXXJA==
=Ezks
-----END PGP SIGNATURE-----

Arne Schwabe (1):
      Fix type cast in SSL_CTX_set1_groups macro

Attila Szakacs (1):
      Configuration: do not overwrite BASE_unix ex_libs in AIX

Benjamin Kaduk (2):
      sslapitest: only compile test when it will be used
      Fix a typo in SSL_CTX_set_session_ticket_cb.pod

Benny Baumann (1):
      Force ssl/tls protocol flags to use stream sockets

Bernd Edlinger (9):
      Remove AES bitsliced S-box implementation from Boyar and Peralta
      Fix rsa8192.pem
      Fix some places where X509_up_ref is used without error handling.
      Fix egd and devrandom source configs
      Avoid undefined behavior with unaligned accesses
      bio printf: Avoid using rounding errors in range check
      Revert the check for NaN in %f format
      Prevent extended tests run unexpectedly in appveyor
      Fix a buffer overflow in drbg_ctr_generate

Billy Brumley (1):
      [test] ectest: check custom generators

Christian Hohnstaedt (1):
      i2b_PVK_bio: don't set PEM_R_BIO_WRITE_FAILURE in case of success

Dimitri John Ledkov (1):
      man3: Drop warning about using security levels higher than 1.

Dirk-Willem van Gulik (1):
      Add setter equivalents to X509_REQ_get0_signature

Dr. David von Oheimb (9):
      Allow NULL arg to OSSL_STORE_close()
      Fix B<..> vs. I<..> and add two remarks in OSSL_STORE_open.pod
      Make BIO_do_connect() and friends handle multiple IP addresses
      Replace BUF_strdup() call by OPENSSL_strdup() adding failure check in bss_acpt.c
      Fix err checking and mem leaks of BIO_set_conn_port and BIO_set_conn_address
      Silence gcc false positive warning on refdatalen in test/tls13encryptiontest.c
      Silence gcc false positive warning on alpn_protos_len in test/handshake_helper.c
      Fix issue 1418 by moving check of KU_KEY_CERT_SIGN and weakening check_issued()
      x509_vfy.c: Improve key usage checks in internal_verify() of cert chains

Dr. Matthias St. Pierre (3):
      Fix use-after-free in BIO_C_SET_SSL callback
      Fix the DRBG seed propagation
      Revert two renamings backported from master

Glenn Strauss (1):
      improve SSL_CTX_set_tlsext_ticket_key_cb ref impl

Gustaf Neumann (1):
      Fix typos and repeated words

Henry N (1):
      Fix: ecp_nistz256-armv4.S bad arguments

Hubert Kario (1):
      use safe primes in ssl_get_auto_dh()

Jack O'Connor (1):
      fix a docs typo

Jung-uk Kim (1):
      Ignore vendor name in Clang version number.

Kurt Roeckx (1):
      Improve SSL_shutdown documentation.

Matt Caswell (15):
      Prepare for 1.1.1h-dev
      Correct alignment calculation in ssl3_setup_write
      Ensure we never use a partially initialised CMAC_CTX
      Correctly handle the return value from EVP_Cipher() in the CMAC code
      Add a CMAC test
      Make it clear that you can't use all ciphers for CMAC
      Ensure that SSL_dup copies the min/max protocol version
      Update the SSL_dup documentation to match reality
      Don't attempt to duplicate the BIO state in SSL_dup
      Add an SSL_dup test
      Fix a typo on the SSL_dup page
      Fix a test_verify failure
      Updates CHANGES and NEWS for the new release
      Update copyright year
      Prepare for 1.1.1h release

Maxim Zakharov (1):
      TTY_get() in crypto/ui/ui_openssl.c open_console() can also return errno 1 (EPERM, Linux)

Maximilian Blenk (1):
      Fix PEM certificate loading that sometimes fails

Miłosz Kaniewski (1):
      Free pre_proc_exts in SSL_free()

Nicola Tuveri (13):
      [EC] Constify internal EC_KEY pointer usage
      [EC] harden EC_KEY against leaks from memory accesses
      [BN] harden `BN_copy()` against leaks from memory accesses
      Fix typo from #10631
      More testing for sign/verify through `dgst`
      More testing for CLI usage of Ed25519 and Ed448 keys
      [crypto/ec] Remove unreachable AVX2 code in NISTZ256 implementation
      Test genpkey app for EC keygen with various args
      Refactor BN_R_NO_INVERSE logic in internal functions
      [EC][ASN1] Detect missing OID when serializing EC parameters and keys
      [apps/genpkey] exit status should not be 0 on output errors
      [test][15-test_genec] Improve EC tests with genpkey
      [1.1.1][test] Avoid missing EC_GROUP wrappers

Nicolas Vigier (1):
      If SOURCE_DATE_EPOCH is defined, use it for copyright year

Nihal Jere (1):
      fixed swapped parameters descriptions for x509

Norman Ashley (1):
      Support keys with RSA_METHOD_FLAG_NO_CHECK with OCSP sign

Orgad Shaneh (1):
      Configure: Avoid SIXTY_FOUR_BIT for linux-mips64

Patrick Steuer (2):
      AES CTR-DRGB: performance improvement
      EVP_EncryptInit.pod: fix example

Pauli (3):
      Coverity 1463830: Resource leaks (RESOURCE_LEAK)
      doc: remove reference to the predecessor of SHA-1.
      doc: Fix documentation of EVP_EncryptUpdate().

Rajat Dipta Biswas (1):
      Update dgst.pod

Read Hughes (1):
      Update EVP_EncodeInit.pod

Richard Levitte (6):
      fuzz/asn1.c: Add missing #include
      Fix d2i_PrivateKey() to work as documented
      STORE: Make try_decode_PrivateKey() ENGINE aware
      EVP: allow empty strings to EVP_Decode* functions
      Configure: Check source and build dir equality a little more thoroughly
      Fix PEM_write_bio_PrivateKey_traditional() to not output PKCS#8

Sebastian Andrzej Siewior (1):
      doc: Random spellchecking

Shane Lontis (1):
      Coverity Fixes

Tomas Mraz (10):
      Replace misleading error message when loading PEM
      Cast the unsigned char to unsigned int before shifting left
      Avoid potential overflow to the sign bit when shifting left 24 places
      t1_trce: Fix remaining places where the 24 bit shift overflow happens
      Prevent use after free of global_engine_lock
      Do not allow dropping Extended Master Secret extension on renegotiaton
      Avoid segfault in SSL_export_keying_material if there is no session
      sslapitest: Add test for premature call of SSL_export_keying_material
      EC_KEY: add EC_KEY_decoded_from_explicit_params()
      Disallow certs with explicit curve in verification chain

Tristan Bauer (1):
      Fix wrong return value check of mmap function

Viktor Dukhovni (1):
      Avoid errors with a priori inapplicable protocol bounds

Vitezslav Cizek (1):
      test/drbgtest.c: Fix error check test

Vladimir Kotal (1):
      enable DECLARE_DEPRECATED macro for Oracle Developer Studio compiler

aSoujyuTanaka (4):
      Changed uintptr_t to size_t. WinCE6 doesn't seem it have the definition.
      Disable optimiization of BN_num_bits_word() for VS2005 ARM compiler due to its miscompilation of the function. https://mta.openssl.org/pipermail/openssl-users/2018-August/008465.html
      To generate makefile with correct parameters for WinCE.
      Enable WinCE build without deceiving _MSC_VER.

luxinyou (1):
      Fix memory leaks in conf_def.c

mettacrawler (1):
      There is no -signreq option in CA.pl

nia (3):
      rand_unix.c: Include correct headers for sysctl() on NetBSD
      rand_unix.c: Only enable hack for old FreeBSD versions on FreeBSD
      rand_unix.c: Ensure requests to KERN_ARND don't exceed 256 bytes.

olszomal (2):
      CMS_get0_signers() description
      Add const to 'ppin' function parameter

pedro martelletto (1):
      doc/man3: fix types taken by HMAC(), HMAC_Update()

raja-ashok (4):
      Fix crash in early data send with out-of-band PSK using AES CCM
      Test TLSv1.3 out-of-band PSK with all 5 ciphersuites
      Update limitation of psk_client_cb and psk_server_cb in usage with TLSv1.3
      Update early data exchange scenarios in doc

-----------------------------------------------------------------------


More information about the openssl-commits mailing list