The annotated tag OpenSSL_1_1_1h has been created at 2cc678ce157832a21d2716c7f1774371b811cc15 (tag) tagging f123043faa15965c34947670ff3d3a7005d6bdb4 (commit) replaces OpenSSL_1_1_1g tagged by Matt Caswell on Tue Sep 22 13:55:07 2020 +0100
- Log ----------------------------------------------------------------- OpenSSL 1.1.1h release tag -----BEGIN PGP SIGNATURE----- iQFFBAABCAAvFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAl9p9CsRHG1hdHRAb3Bl bnNzbC5vcmcACgkQ2cTSbQ5gRJE4pgf+LraDk/D4QHxLzVEo7ZrSIUR1u75tHTlz YnlbquplRRu7eg9V6IuBN3WZofmOfiN+VjpZUe59sI+hjPq6iVohVKkRqEVAPEMT 2h1H+pXhe/OM4rBiaA/W08kwb1kRI4dS9hdX2DRMjNW+oIYLslBXPjjMtnU0/L0A qX12jsFhTt5gx1wNiLIe9h6U/YVg3ZCjgMBem4koPsVfXO00p3WxfVKgpHs2/yxJ KT7qhaEievULOxROWzzGl2wlVUgzGq62fSfkPicGD7pee7kw0wi/Meos6l4Vyexo dzG7bFIUMI57dkFOWEqX4tKwCyO2MxmO1Xc4aw3fvcEyOu74BFXXJA== =Ezks -----END PGP SIGNATURE----- Arne Schwabe (1): Fix type cast in SSL_CTX_set1_groups macro Attila Szakacs (1): Configuration: do not overwrite BASE_unix ex_libs in AIX Benjamin Kaduk (2): sslapitest: only compile test when it will be used Fix a typo in SSL_CTX_set_session_ticket_cb.pod Benny Baumann (1): Force ssl/tls protocol flags to use stream sockets Bernd Edlinger (9): Remove AES bitsliced S-box implementation from Boyar and Peralta Fix rsa8192.pem Fix some places where X509_up_ref is used without error handling. Fix egd and devrandom source configs Avoid undefined behavior with unaligned accesses bio printf: Avoid using rounding errors in range check Revert the check for NaN in %f format Prevent extended tests run unexpectedly in appveyor Fix a buffer overflow in drbg_ctr_generate Billy Brumley (1): [test] ectest: check custom generators Christian Hohnstaedt (1): i2b_PVK_bio: don't set PEM_R_BIO_WRITE_FAILURE in case of success Dimitri John Ledkov (1): man3: Drop warning about using security levels higher than 1. Dirk-Willem van Gulik (1): Add setter equivalents to X509_REQ_get0_signature Dr. David von Oheimb (9): Allow NULL arg to OSSL_STORE_close() Fix B<..> vs. I<..> and add two remarks in OSSL_STORE_open.pod Make BIO_do_connect() and friends handle multiple IP addresses Replace BUF_strdup() call by OPENSSL_strdup() adding failure check in bss_acpt.c Fix err checking and mem leaks of BIO_set_conn_port and BIO_set_conn_address Silence gcc false positive warning on refdatalen in test/tls13encryptiontest.c Silence gcc false positive warning on alpn_protos_len in test/handshake_helper.c Fix issue 1418 by moving check of KU_KEY_CERT_SIGN and weakening check_issued() x509_vfy.c: Improve key usage checks in internal_verify() of cert chains Dr. Matthias St. Pierre (3): Fix use-after-free in BIO_C_SET_SSL callback Fix the DRBG seed propagation Revert two renamings backported from master Glenn Strauss (1): improve SSL_CTX_set_tlsext_ticket_key_cb ref impl Gustaf Neumann (1): Fix typos and repeated words Henry N (1): Fix: ecp_nistz256-armv4.S bad arguments Hubert Kario (1): use safe primes in ssl_get_auto_dh() Jack O'Connor (1): fix a docs typo Jung-uk Kim (1): Ignore vendor name in Clang version number. Kurt Roeckx (1): Improve SSL_shutdown documentation. Matt Caswell (15): Prepare for 1.1.1h-dev Correct alignment calculation in ssl3_setup_write Ensure we never use a partially initialised CMAC_CTX Correctly handle the return value from EVP_Cipher() in the CMAC code Add a CMAC test Make it clear that you can't use all ciphers for CMAC Ensure that SSL_dup copies the min/max protocol version Update the SSL_dup documentation to match reality Don't attempt to duplicate the BIO state in SSL_dup Add an SSL_dup test Fix a typo on the SSL_dup page Fix a test_verify failure Updates CHANGES and NEWS for the new release Update copyright year Prepare for 1.1.1h release Maxim Zakharov (1): TTY_get() in crypto/ui/ui_openssl.c open_console() can also return errno 1 (EPERM, Linux) Maximilian Blenk (1): Fix PEM certificate loading that sometimes fails MiĆosz Kaniewski (1): Free pre_proc_exts in SSL_free() Nicola Tuveri (13): [EC] Constify internal EC_KEY pointer usage [EC] harden EC_KEY against leaks from memory accesses [BN] harden `BN_copy()` against leaks from memory accesses Fix typo from #10631 More testing for sign/verify through `dgst` More testing for CLI usage of Ed25519 and Ed448 keys [crypto/ec] Remove unreachable AVX2 code in NISTZ256 implementation Test genpkey app for EC keygen with various args Refactor BN_R_NO_INVERSE logic in internal functions [EC][ASN1] Detect missing OID when serializing EC parameters and keys [apps/genpkey] exit status should not be 0 on output errors [test][15-test_genec] Improve EC tests with genpkey [1.1.1][test] Avoid missing EC_GROUP wrappers Nicolas Vigier (1): If SOURCE_DATE_EPOCH is defined, use it for copyright year Nihal Jere (1): fixed swapped parameters descriptions for x509 Norman Ashley (1): Support keys with RSA_METHOD_FLAG_NO_CHECK with OCSP sign Orgad Shaneh (1): Configure: Avoid SIXTY_FOUR_BIT for linux-mips64 Patrick Steuer (2): AES CTR-DRGB: performance improvement EVP_EncryptInit.pod: fix example Pauli (3): Coverity 1463830: Resource leaks (RESOURCE_LEAK) doc: remove reference to the predecessor of SHA-1. doc: Fix documentation of EVP_EncryptUpdate(). Rajat Dipta Biswas (1): Update dgst.pod Read Hughes (1): Update EVP_EncodeInit.pod Richard Levitte (6): fuzz/asn1.c: Add missing #include Fix d2i_PrivateKey() to work as documented STORE: Make try_decode_PrivateKey() ENGINE aware EVP: allow empty strings to EVP_Decode* functions Configure: Check source and build dir equality a little more thoroughly Fix PEM_write_bio_PrivateKey_traditional() to not output PKCS#8 Sebastian Andrzej Siewior (1): doc: Random spellchecking Shane Lontis (1): Coverity Fixes Tomas Mraz (10): Replace misleading error message when loading PEM Cast the unsigned char to unsigned int before shifting left Avoid potential overflow to the sign bit when shifting left 24 places t1_trce: Fix remaining places where the 24 bit shift overflow happens Prevent use after free of global_engine_lock Do not allow dropping Extended Master Secret extension on renegotiaton Avoid segfault in SSL_export_keying_material if there is no session sslapitest: Add test for premature call of SSL_export_keying_material EC_KEY: add EC_KEY_decoded_from_explicit_params() Disallow certs with explicit curve in verification chain Tristan Bauer (1): Fix wrong return value check of mmap function Viktor Dukhovni (1): Avoid errors with a priori inapplicable protocol bounds Vitezslav Cizek (1): test/drbgtest.c: Fix error check test Vladimir Kotal (1): enable DECLARE_DEPRECATED macro for Oracle Developer Studio compiler aSoujyuTanaka (4): Changed uintptr_t to size_t. WinCE6 doesn't seem it have the definition. Disable optimiization of BN_num_bits_word() for VS2005 ARM compiler due to its miscompilation of the function. https://mta.openssl.org/pipermail/openssl-users/2018-August/008465.html To generate makefile with correct parameters for WinCE. Enable WinCE build without deceiving _MSC_VER. luxinyou (1): Fix memory leaks in conf_def.c mettacrawler (1): There is no -signreq option in CA.pl nia (3): rand_unix.c: Include correct headers for sysctl() on NetBSD rand_unix.c: Only enable hack for old FreeBSD versions on FreeBSD rand_unix.c: Ensure requests to KERN_ARND don't exceed 256 bytes. olszomal (2): CMS_get0_signers() description Add const to 'ppin' function parameter pedro martelletto (1): doc/man3: fix types taken by HMAC(), HMAC_Update() raja-ashok (4): Fix crash in early data send with out-of-band PSK using AES CCM Test TLSv1.3 out-of-band PSK with all 5 ciphersuites Update limitation of psk_client_cb and psk_server_cb in usage with TLSv1.3 Update early data exchange scenarios in doc -----------------------------------------------------------------------