The annotated tag OpenSSL_1_1_1e has been created at b1632d3a3eb3a7a70e6cbec3a06bf0d43878d953 (tag) tagging a61eba4814fb748ad67e90e81c005ffb09b67d3d (commit) replaces OpenSSL_1_1_1d tagged by Matt Caswell on Tue Mar 17 14:31:17 2020 +0000
- Log ----------------------------------------------------------------- OpenSSL 1.1.1e release tag -----BEGIN PGP SIGNATURE----- iQFFBAABCAAvFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAl5w3zURHG1hdHRAb3Bl bnNzbC5vcmcACgkQ2cTSbQ5gRJEvEAf+IJjR6gOC9PNg1fQC8+KGBT8Dh5R0Xja5 Uuo3/qY6XWgjy/E24LtNZuENHRWeq9YpS0zY8alGIlpIjhVrsTvCn4QooWctvgB6 ctaK9nDxCsqmGTGx6fQnyvjOSzV959kEkRonrIhoovhxXcXOWyewOC0c2nUG9fhW glkxEKjFy191XwpTqzSw4pyt7ri/be8hhB/e1LBmST5uaMOAQzEvebwfZV7CWb0z PUTruj6OFLE/jsoZuoz42nNwixmH1dAddDqqj0oS87WBW7C7WlBbLo/IuHCpCXfX mVid93EOOJ0sagDh300KMHpz3E7KlFmPyVL1uD90+kfPUJ2Zk8wuyw== =8V3x -----END PGP SIGNATURE----- Andrew Hoang (1): Fix incorrect return code on ECDSA key verification Andy Polyakov (1): Fix an overflow bug in rsaz_512_sqr Anthony Hu (1): Add missing EVP_PKEY_METHOD accessors for digestsign and digestverify Antoine Salon (1): Add missing EVP_MD documentation Artiom Vaskov (1): ssl/statem/statem_lib.c: make servercontext/clientcontext arrays of chars instead of char pointers to fix EBCDIC builds. Bastian Germann (2): apps x509: restrict CAkeyform option to OPT_FMT_PDE apps x509: passing PKCS#11 URL as -signkey Ben Kaduk (1): sslapitest: don't leak the SSL_CTX pair Benjamin Kaduk (10): Fix a race condition in SNI handling Update the krb5 submodule Update SSL_CTX_sess_set_new_cb(3) docs for refcounts openssl-config: add example libssl system-defaults Additional updates to SSL_CTX_sess_set_get_cb.pod doc: fix spelling of TYPE_get_ex_new_index Fix whitespace nit in ssl_generate_master_secret() Don't write to the session when computing TLS 1.3 keys Code to thread-safety in ChangeCipherState Add test that changes ciphers on CCS Bernd Edlinger (32): Fix potential memory leaks with BN_to_ASN1_INTEGER Add a minimal windows build config for AppVeyor Add a minimal linux build target for Travis Fix building statically without any dso support Fix iOS simulator build Fix a -Warray-bounds gcc warning in OPENSSL_DIR_read Fix sha512_block_data_order_avx2 backtrace info Improve the overflow handling in rsaz_512_sqr Add a test case for rsaz_512_sqr overflow handling Add a CHANGES entry for CVE-2019-1551 Fix unwind info for some trivial functions Add some missing cfi frame info in camellia-x86_64.pl Add some missing cfi frame info in x86_64-mont5.pl Add some missing cfi frame info in rsaz-x86_64 Add some missing cfi frame info in aesni-x86_64.pl Add some missing cfi frame info in keccak1600-x86_64.pl Add some missing cfi frame info in aesni-sha and sha-x86_64.pl Add some missing cfi frame info in ecp_nistz256-x86_64.pl Fix aesni_cbc_sha256_enc_avx2 backtrace info Add some missing cfi frame info in x25519-x86_64.pl Add some missing cfi frame info in aesni-gcm-x86_64.pl Add some missing cfi frame info in poly1305-x86_64.pl Add some missing cfi frame info in rc4-md5-x86_64.pl Fix a race condition in the speed command Fix side channel in ecp_nistz256-x86.pl Fix side channel in ecp_nistz256-armv4.pl Improve side channel fix in ecp_nistz256-x86_64.pl Fix side channel in the ecp_nistz256.c reference implementation Fix TLS not using aes_cbc_hmac_sha ciphers Remove remaining references to crypto/include Adjust minimal build config in 1.1.1 branch This works around a gcc-9 crash Billy Brumley (1): [crypto/bn] fix a few small timing leaks in BN_lshift1 and BN_rshift1 Cesar Pereida Garcia (6): [crypto/asn1/x_bignum.c] Explicit test against NULL Unify BN_rshift design Constant-time GCD function. Add GCD testing infrastructure. Update control logic for BN_gcd Enable runtime testing of no-deprecated builds in Travis Christian Heimes (2): doc: EVP_DigestInit clears all flags Add test cases for min/max protocol API Daniil Zotkin (1): Do not print extensions in Certificate message for TLS1.2 and lower David Benjamin (3): Document and add macros for additional DSA options Avoid leaking intermediate states in point doubling special case. Do not silently truncate files on perlasm errors David Makepeace (1): Fix type name typo in d2i/i2d documentation. Davide Galassi (1): Prevent compiler warning for unused static function. Dmitry Belyavskiy (3): Workaround for Windows-based GOST implementations Difference between EVP_CipherInit and EVP_CipherInit_ex Parse large GOST ClientKeyExchange messages Dr. David von Oheimb (1): fix a glitch in the documentation of OCSP_sendreq_bio() Dr. Matthias St. Pierre (16): crypto/threads_none.c: fix syntax error in openssl_get_fork_id() crypto/threads_win.c: fix preprocessor indentation Reorganize private crypto header files Reorganize local header files Fix header file include guard names Add util/fix-includes script rsa: replace magic number '11' by RSA_PKCS1_PADDING_SIZE Configure: accept Windows style compiler options rand_unix.c: correct include guard comments Move random-related defines from e_os.h to rand_unix.c util/mkerr.pl: revert accidental change of header guards rand_lib.c: fix null pointer dereferences after RAND_get_rand_method() failure Temporarily disable external pyca tests Revert "Move random-related defines from e_os.h to rand_unix.c" Fix misspelling errors and typos reported by codespell doc: document that 'openssl rand' is cryptographically secure Fangming.Fang (4): Add arm64 in test matrix on TravisCI. Fix exit issue in travisci Enrich arm64 tests in Travis matrix Fix side channel in ecp_nistz256-armv8.pl FdaSilvaYY (1): Appveyor: update to Visual Studio 2017. H.J. Lu (1): Fix unwind info in crypto/rc4/asm/rc4-x86_64.pl Ido Ben-Natan (1): Fix misspelled resumption_label for CHARSET_EBCDIC Jakub Jelen (2): doc: Fix typo in EVP_DigestSignInit manpage doc: Update the reference from draft to RFC Jakub Zelenka (1): Fix SYNOPSIS for ASN1_ENUMERATED_get_int64 and ASN1_ENUMERATED_set_int64 James Peach (1): docs: fix typo in SSL functions Jan-Frederik Rieckers (1): Fix small typo in doc for X509_STORE_CTX_new Joerg Schmidbauer (1): chacha_enc.c: fix for EBCDIC platforms Johannes Bauer (1): Cleanup hardcoded cipher suite codepoints in s_server Jon Spillett (1): apps/pkcs12: print multiple PKCS#12 safeBag attribute values if present Jussi Keranen (1): Fix regression on x509 keyform argument Kurt Roeckx (8): Use the correct maximum indent Add defines for __NR_getrandom for all Linux architectures Replace apps/server.pem with certificate with a sha256 signature. Check that the default signature type is allowed Create a new embeddedSCTs1 that's signed using SHA256 Stop accepting certificates signed using SHA1 at security level 1 Generate new Ed488 certificates Check that ed25519 and ed448 are allowed by the security level ManishPatidar1 (1): clearing the ecx private key memory Matt Caswell (33): Prepare for 1.1.1e-dev Correct the function names in SSL_CTX_set_stateless_cookie_generate_cb.pod Send bad_record_mac instead of decryption_failed i2d_PublicKey was listed in 2 different man pages Fix an incorrect macro Fix a copy&paste error in the TLSv1.3 server side PSK documentation Fix an s_server arbitrary file read issue on Windows Don't leak memory in the event of a failure in i2v_GENERAL_NAMES EVP_*Update: ensure that input NULL with length 0 isn't passed Add a test for NULL chunks in encrypt/decrypt Ensure EVP_PKEY_set1_DH detects X9.42 keys Test that EVP_PKEY_set1_DH() correctly identifies the DH type Backport the RSA_get0_pss_params() function from master Update the HISTORY entry for RSA_get0_pss_params() Fix evp_extra_test with no-dh Run make update Don't store an HMAC key for longer than we need Fix pkeyutl -verifyrecover Fix SSL_get_servername() and SNI behaviour Test that SSL_get_servername returns what we expect Provide better documentation for SSL_get_servername() Don't acknowledge a servername following warning alert in servername cb Fix no-tls1_3 Add *.d.tmp files to .gitignore Detect EOF while reading in libssl Teach more BIOs how to handle BIO_CTRL_EOF Clarify the usage of EVP_PKEY_get_raw_[private|public]_key() Revert "Stop accepting certificates signed using SHA1 at security level 1" Revert "Create a new embeddedSCTs1 that's signed using SHA256" Update NEWS for the new release Update CHANGES for the new release Update copyright year Prepare for 1.1.1e release Matt Turner (1): config: Drop linux-alpha-gcc+bwx Michael Osipov (1): Fix long name of some Microsoft objects NaveenShivanna86 (1): 'init_buf' memory can be freed when DTLS is used over SCTP (not over UDP). Nicola Tuveri (8): [ec_asn1.c] Avoid injecting seed when built-in matches Improve formatting for man3/EC_GROUP_new.pod Fix doc for EC_GROUP_set_curve() Add more tests for apps/req Fix EC_POINT_bn2point() for BN_zero() Add self-test for EC_POINT_hex2point Extend docs for EC_POINT conversion functions Fix potential SCA vulnerability in some EC_METHODs Nikolay Morozov (1): Forgotten GOST2012 support in non-vital places Patrick Steuer (9): md4/md5: macros should not include the line following them s390x assembly pack: enable clang build Fix --strict-warnings build testutil/init.c rename to testutil/testutil_init.c travis.yml: add arch s390x target s390x assembly pack: fix bn_mul_comba4 Allow specifying the tag after AAD in CCM mode (2) aes-s390x.pl: fix stg offset caused by typo in perlasm crypto/ec/curve448/eddsa.c: fix EBCDIC platforms Paul Yang (3): Fix a return value bug in apps/speed.c Fix a bundle of mischecks of return values Suppress an error when doing SM2 sign/verify ops Pauli (9): Fix typo in comment Add documentation for the -sigopt option. issue-8493: Fix for filenames with newlines using openssl dgst ECDSA: don't clear free memory after verify. Engine: Add NULL check. EVP p_lib: Add NULL check to EVP_PKEY_missing_parameters. main: avoid a NULL dereference on initialisation. Remove spurious space from file. Coverity CID 1444960: Error handling issues Pavel Karagodin (1): apps/dgst.c: allocate a new signature buffer Rich Salz (3): Fix reference to PEM docs Ignore duplicated undocumented things Fix docs for CRYPTO_secure_allocated Richard Levitte (27): Do no mention private headers in public headers DOC: fix documentation of som EVP_MD_CTX functions Define AESNI_ASM if AESNI assembler is included, and use it Add documentation for PEM_{read,write}_bio_Parameters() VMS: Added new method to gather entropy on VMS, based on SYS$GET_ENTROPY. BIO_s_connect: add an error state and use it Configure: Make --strict-warnings meaningful with MSVC cl SSL: Document SSL_add_{file,dir}_cert_subjects_to_stack() UI_UTIL_wrap_read_pem_callback(): when |cb| is NULL, use PEM_def_callback doc/man7/proxy-certificates.pod: New guide for proxy certificates i2b_PVK(): Use Encrypt, not Decrypt apps/ocsp.c: sock_timeout -> socket_timeout Disable devcryptoeng on newer OpenBSD versions Configuration: compute openssl_other_defines and related info later Configure: use $list_separator_re only for defines and includes Fix documentation of return value for EVP_Digest{Sign,Verify}Init() For all assembler scripts where it matters, recognise clang > 9.x OpenSSL::Test: bring back the relative paths config: ensure the perl Configure run is the last statement VMS: Adapt descrip.mms template to the changed inclustion dirs VMS: Correct error reporting in crypto/rand/rand_vms.c DOC: document in more detail what a BIO_read_ex() via BIO_f_buffer() does VMS: mitigate for the C++ compiler that doesn't understand certain pragmas DOC: Add documentation related to X509_LOOKUPs DOC: Fixups of X509_LOOKUP.pod DOC: New file for EVP_PKEY_size(), EVP_PKEY_bits() and EVP_PKEY_security_bits() DOC: Make EVP_SignInit.pod conform with man-pages(7) Saritha (1): apps/speed.c: Fix eddsa sign and verify output with -multi option Scott Arciszewski (1): Fix comment placement in ecp_nistp256.ci Scott Wilson (1): Fix potential memory leak in dh_ameth.c Simon Cornish (1): Handle max_fragment_length overflow for DTLS Tanzinul Islam (1): Fix find/rm command in Unix clean recipe Tobias Nießen (1): Allow EVP_PKEY_get0_RSA for RSA-PSS keys Tomas Mraz (1): BIO_f_zlib: Properly handle BIO_CTRL_PENDING and BIO_CTRL_WPENDING calls. Veres Lajos (1): Fix some typos Viktor Dukhovni (1): Ignore empty ALPN elements in CLI args Viktor Szakats (1): Fix unused goto label gcc warning agnosticdev (1): Update dgst.c to show a list of message digests dcruette (1): Update tls13_enc.c fangming.fang (1): Fix disabled ecdsa in apps/speed jayaram (1): fixed the RETURN VALUES section in the EC_GROUP documentation for the following functions. kinichiro (4): Check return value after loading config file Return 1 when openssl req -addext kv is duplicated Avoid leak in error path of asn1_parse2 Avoid leak in error path of PKCS5_PBE_keyivgen moehuster (1): Fix L<EVP_MD_CTX_set_pkey_ctx> links raniervf (1): conf_def.c: Avoid calling strlen() in a loop thekuwayama (1): Fix small misspelling in doc for OCSP_response_status zero (1): Update NOTES.ANDROID for newer NDK versions + small fixes. -----------------------------------------------------------------------