The annotated tag OpenSSL_1_1_0 has been created at 4d051092ff66736bba2676763a1b49fe8dadc39a (tag) tagging abd30777cc72029e8a44e4b67201cae8ed3d19c1 (commit) replaces OpenSSL_1_1_0-pre6 tagged by Matt Caswell on Thu Aug 25 16:29:18 2016 +0100
- Log ----------------------------------------------------------------- OpenSSL 1.1.0 release tag -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAABAgAGBQJXvw7OAAoJENnE0m0OYESR1p0H/ieB96ulepJC2JBmEeRveCKa Qh541UWamjj3gZEg9KOjb2mj28QfCe4LWwts1Kp13xyguD1AvgAVmor9zdWhlMSu qFMBcZHK5C2HsbZGpYXlgKAzPTgiRO/dT9rQ7+TleAbgUicrZjrV4jx9o1A9vB30 VkEL1HoX5ThXwl+jaMOjRpEZUXyZg5Sc5YGocL+vNEZPvkr3eyAlox2EdVTdlKIn nj48ejSWglcWFVLoTKwr3yHnxq5MTqkYj62e6MX1FuOGoqhgi1/b579I3f1lXFgW Bx7Imkoj6ORrXyXuh4XvvVurJboxQYf3FjxEilSPctOUVjyjLBBEK8vTpBdHeDs= =XrxN -----END PGP SIGNATURE----- Adam Langley (1): Fix test of first of 255 CBC padding bytes. Andy Polyakov (26): sha/asm/sha1-x86_64.pl: fix crash in SHAEXT code on Windows. crypto/sparcv9cap.c: fix overstep in getisax. crypto/ui/ui_openssl.c: let new-line through after query in Windows path. crypto/sparcv9cap.c: add missing declaration. test/ssl_test.tmpl: make it work with elderly perl. Configure: recognize -static as link option and disable incompatible options. ARMv8 assembly pack: add Samsung Mongoose results. ecp_nistz256.c: get is_one on 32-bit platforms right. evp/bio_enc.c: refine non-overlapping logic. Add test/bio_enc_test.c. crypto/pkcs12: add UTF8 support. Add PKCS#12 UTF-8 interoperability test. crypto/pkcs12: default to UTF-8. crypto/pkcs12: facilitate accessing data with non-interoperable password. bn/asm/x86[_64]-mont*.pl: implement slightly alternative page-walking. 80-test_pkcs12.t: skip the test on Windows with non-Greek locale. evp/bio_enc.c: stop using pointer arithmetic for error detection. ec/asm/ecp_nistz256-x86_64.pl: addition to perform stricter reduction. ec/asm/ecp_nistz256-*.pl: addition to perform stricter reduction. ec/ecp_nistz256: harmonize is_infinity with ec_GFp_simple_is_at_infinity. ec/ecp_nistz256: harmonize is_infinity with ec_GFp_simple_is_at_infinity. ec/asm/ecp_nistz256-x86_64.pl: /cmovb/cmovc/ as nasm doesn't recognize cmovb. Configurations/10-main.conf: fix solaris64-*-cc link problems. Don't switch password formats using global state. Windows: UTF-8 opt-in for command-line arguments and console input. CHANGES: mention Windows UTF-8 opt-in option. Benjamin Kaduk (2): Remove some unused options from 10-main.conf Sort %disabled in Configure Cristian Stoica (1): speed.c: use size_t instead of int to match function signatures David Benjamin (1): Fix math in BN_bn2dec comment. David Woodhouse (10): Fix SSL_export_keying_material() for DTLS1_BAD_VER Fix ossl_statem_client_max_message_size() for DTLS1_BAD_VER Fix DTLS_VERSION_xx() comparison macros for DTLS1_BAD_VER Fix cipher support for DTLS1_BAD_VER Make DTLS1_BAD_VER work with DTLS_client_method() Fix ubsan 'left shift of negative value -1' error in satsub64be() Add basic test for Cisco DTLS1_BAD_VER and record replay handling Fix clienthellotest to use PACKET functions Kill PACKET_starts() from bad_dtls_test Fix satsub64be() to unconditionally use 64-bit integers Dr. Stephen Henson (53): Limit status message sisze in ts_get_status_check Free buffer in a2i_ASN1_INTEGER() on error path. Sanity check input length in OPENSSL_uni2asc(). Update documentation for DSA_SIG and ECDSA_SIG. Use OIDs from draft-ietf-curdle-pkix-02 Fix type of ptr field. X25519 public key methods make errors add to build.info Add X25519 methods to internal tables Update X25519 key format in evptests.txt Add point ctrls to X25519 make update Add encoded points to other EC curves too. Modify TLS support for new X25519 API. Remove old EC based X25519 code. Print out names of other temp key algorithms. add documentation update CHANGES Fix no-ec Check for errors in BN_bn2dec() Check for errors in a2d_ASN1_OBJECT() Limit reads in do_b2i_bio() Add ASN1_STRING_get0_data(), deprecate ASN1_STRING_data(). make update Corrupt signature earlier. Constify ASN1_item_unpack(). constify X509_ALGOR_get0() Constify private key decode. Corrupt signature in place. Convert X509* functions to use const getters Constify X509_get0_signature() Constify X509_certificate_type() Constify ssl_cert_type() Constify X509_SIG. make update Constify i2a* constify i2o_ECPublicKey constify X509_REQ_get0_signature() Add X509_get0_serialNumber() and constify OCSP_cert_to_id() make update make update Avoid duplicated code. Set certificate times in one function. Constify certificate and CRL time routines. rename ordinals make update fix warning about trailing comma Add X509_getm_notBefore, X509_getm_notAfter update ordinals Sanity check ticket length. Avoid overflow in MDC2_Update() Support broken PKCS#12 key generation. Dániel Bakai (1): Added appropriate OPENSSL_NO_STDIO to PKCS12 header Emilia Kasper (16): Add a coverage target Add --gcov-options '\-lp' to coverage Reorganize SSL test structures Fix ALPN tests when NPN is off NPN and ALPN: test resumption SSL test ctx: fix tests CT: fix documentation SSL tests: port CT tests, add a few more Add TEST_check Gracefully free a NULL HANDSHAKE_RESULT Don't attempt to load the CT log list with no-ec SSL tests: send some application data Port multi-buffer tests Test that the peers send at most one fatal alert Indent ssl/ Add more details on how to add a new SSL test FdaSilvaYY (22): Constify ASN1_INTEGER_get, ASN1_ENUMERATED_get Constify two internal methods - append_ia5 - old_entry_print Constify input buffer Constify inputs of two X509_LOOKUP_METHOD methods Constify some ASN1_OBJECT *obj input parameters Pack globals variables used to control apps/verify_callback() Fix doc and help about ca -valid option two typo fixes Relocalise some globals variables Improve error message Simplify and add help about OPT_PVK* options Constify char* input parameters in apps code Small nits and cleanups Allow to run all speed test when async_jobs active Duplicate includes Fix loopargs_t object duplication into ASYNC context Closing output file from inside the loop who open it Constify ASN1_PCTX_* Constify some inputs buffers Constify some input parameters. Constify some X509_NAME, ASN1 printing code Constify a bit X509_NAME_get_entry Gergely Nagy (1): Fix compilation when using MASM on x86 Jakub Zelenka (1): Never return -1 from BN_exp JimC (3): Ignore windows generated manifests Fix CIPHER_DEBUG Documented BIO_set_accept_port()/BIO_get_accept_port() Kazuki Yamaguchi (3): Fix overflow check in BN_bn2dec() Expose alloc functions for EC{PK,}PARAMETERS Fix a memory leak in EC_GROUP_get_ecparameters() Kurt Roeckx (4): Fix spelling of error code Fix off by 1 in ASN1_STRING_set() Test the support curves in tls Update fuzz corpora Matt Caswell (51): Prepare for 1.1.0-pre7-dev Address feedback on SSLv2 ClientHello processing Send an alert if we get a non-initial record with the wrong version Add some SSLv2 ClientHello tests Address feedback on SSLv2 ClientHello processing Remove a stray unneeded line in 70-test_sslrecords.t Ensure we unpad in constant time for read pipelining Provide compat macros for SSL_CTX_set_ecdh_auto() and SSL_set_ecdh_auto() Convert TS_STATUS_INFO* functions to use const getters Convert PKCS8* functions to use const getters Convert SSL_SESSION* functions to use const getters Convert OCSP* functions to use const getters Make X509_NAME_get0_der() conform to OpenSSL style Convert X509_CRL* functions to use const getters Convert X509_REVOKED* functions to use const getters Add a (D)TLS dumper BIO Add a DTLS packet mem BIO Split create_ssl_connection() Add a DTLS unprocesed records test Fix DTLS unprocessed records bug Add DTLS replay protection test Fix DTLS replay protection Fix some clang warnings Update function error code Convert PKCS12* functions to use const getters Fix enable-zlib Fix DTLS buffered message DoS attack Prevent DTLS Finished message injection Choose a ciphersuite for testing that won't be affected by "no-*" options Fix no-des Fix leak on error in tls_construct_cke_gost Ensure CT_POLICY_EVAL_CTX_free behaves properly with a NULL arg Ensure the mime_hdr_free function can handle NULLs Fix mem leak on error path Fix mem leak on error path Fix mem leak on error path Check for malloc error in bn_x931p.c Check for error return from ASN1_object_size Sanity check an ASN1_object_size result Remove some dead code Add some sanity checks when checking CRL scores Fix bio_enc_test Fix no-sock Fix some resource leaks in the apps Remove useless assignment Remove some dead code from rec_layer_s3.c Fix no-ec2m Clarify the error messages in 08f6ae5b28 Fix an uninitialised read on an error path Fix uninit read in sslapitest Prepare for 1.1.0 release Remi Gacogne (1): Add missing session id and tlsext_status accessors Rich Salz (17): Remove "lockit" from internal error-hash function Remove get_hash completely Fix output text to avoid gratuitious git diff Make update, etc. GH1383: Add casts to ERR_PACK Add some const casts Add #defines for magic numbers in API. Change callers to use the new constants. Check for bad filename in evp_test GH1446: Add SSL_SESSION_get0_cipher Fix some doc nits. RT3940: For now, just document the issue. Add BIO_get_new_index() Move BIO index lock creation RT2676: Reject RSA eponent if even or 1 To avoid SWEET32 attack, move 3DES to weak Put DES into "not default" category. Richard Levitte (36): Travis: When testing installation, build in separate dir, otherwise in checkout VSI submisson: make better use of item lists in o_time.c VSI submission: make the VMS version of RAND_poll() faster and more secure Have 'openssl engine' exit with non-zero when some engine fails to load VMS: have the IVP verify that a well known engine loads properly When tr gets bracketed arguments, they need to be quoted VMS: Fix building of bad_dtls_test openssl-format-source: no dash marker on *INDENT-(ON|OFF)* comments indent: add a couple of types we use in apps Move the building of test/buildtest_*. to be done unconditionally Travis: add a build with no-stdio util/mkdef.pl: mark certain PEM function declarations with STDIO make update Remove OPENSSL_NO_STDIO guards around certain SSL cert/key functions The capi engine uses stdio, so don't build it when configuring 'no-stdio' openssl-format-source: A few more (DECLARE|IMPLEMENT) variants to care for Add a note about a perl issue on VMS and how to work around it Skip the SRP tests in 80-test_ssl_old.t if no TLS versions is enabled Make "make" less verbose in Travis, except for the build only case Add a "config" for verbosity and use it with Travis Remove duplicate ordinals VMS: no ENDIF on one line IF statements, in config.com dasync is an internal testing engine, so don't install it Don't try to init dasync internally Simplify indentation of DECLARE_ and IMPLEMENT_ lines MEMPACKET is typedef'd in ssltestlib.h, don't do so again in ssltestlib.c VMS: Use strict refdef extern model when building library object files ssltestlib: Tell compiler we don't care about the value when we don't Make 'openssl req -x509' more equivalent to 'openssl req -new' Avoid more compiler warnings for use of uninitialised variables Configure: Properly cache the configured compiler command Trust RSA_check_key() to return correct values Check for __GNUC__ to use GNU C atomic buildins CRYPTO_atomic_add(): use acquire release memory order rather than relaxed CRYPTO_atomic_add(): check that the object is lock free NEWS: add a number of the types that were made opaque Rob Percival (35): Removes CTLOG_new_null from the CT public API Mkae CT_log_new_from_base64 always return 0 on failure Improves CTLOG_STORE setters Make CT_POLICY_EVAL_CTX_set1_{cert,issuer} into boolean functions Replaces CT_POLICY_EVAL_CTX_set0 entries with new setters in libcrypto.num Internalizes SCT_verify and removes SCT_verify_v1 Prevent double-free of CTLOG public key Removes {i2o,o2i}_SCT_signature from the CT public API Document that o2i_SCT_signature can leave the SCT in an inconsistent state SCT_set_source resets validation_status First draft of CT documentation Fix comment about return value of ct_extract_tls_extension_scts Add SSL_get0_peer_scts to ssl.pod Fix comment about what SCT_LIST_validate does. Add comment about calling CT_POLICY_EVAL_CTX_free Remove unnecessary bold tags in CT pods Add enum definitions to CT pods Adds missing function names to NAME section of PODs Adds newline after =cut in PODs Adds copyright section to ct.pod Renames CT_POLICY_EVAL_CTX.pod to CT_POLICY_EVAL_CTX_new.pod Fixes final issue in CT PODs highlighted by util/find-doc-nits.pl Adds history section to CT PODs Refer to OPENSSLDIR rather than "the OpenSSL install directory" Clarifies the format of a log's public key in the CONF file Document that SCT_set_source returns 0 on failure. Removes d2i_SCT_LIST.pod Document the i2o and o2i SCT functions Documents the CTLOG functions Removes {o2i,i2o}_SCT_signature from PODs Documents the SCT validation functions Removes the SCT_verify* POD Correct documentation about SCT setters resetting validation status Updates the CT_POLICY_EVAL_CTX POD Typo fixes Tomas Mraz (4): Fix irregularities in GENERAL_NAME_print(). Fix af_alg engine failure on 32 bit architectures. Add a comment for the added cast with explanation. Avoid truncating the pointer on x32 platform. Viktor Dukhovni (3): Fix missing dane_tlsa_rrdata option error message Add -dane_ee_no_namechecks s_client(1) option Un-delete still documented X509_STORE_CTX_set_verify jamercee (2): Adapt BIO_new_accept() to call BIO_set_accept_name() Fixed typo klemens (2): spelling fixes, just comments and readme. fixing too optimistic typo-fix ----------------------------------------------------------------------- _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits