[openssl-commits] [openssl] OpenSSL_1_1_1-pre9 create

Matt Caswell matt at openssl.org
Tue Aug 21 12:33:10 UTC 2018

The annotated tag OpenSSL_1_1_1-pre9 has been created
        at  aa8582077bbf4db70266bdc1888e9aeb37670d7f (tag)
   tagging  bb20b3fd507b635607eddd895dbcad08e0ed8793 (commit)
  replaces  OpenSSL_1_1_1-pre8
 tagged by  Matt Caswell
        on  Tue Aug 21 13:14:10 2018 +0100

- Log -----------------------------------------------------------------
OpenSSL 1.1.1-pre9 release tag


Alexandre Perrin (1):
      Documentation typo fix in BN_bn2bin.pod

Ana María Martínez Gómez (1):
      Support directories with "." in x509_load_serial()

Andy Polyakov (78):
      Remove some inline assembler and non-standard constructs.
      Configurations/10-main.conf: IRIX configs unification.
      Configure: allow some file extensions to be overridden by target config.
      Configurations/unix-Makefile.tmpl: switch to "natural" AIX shared libraries.
      Configurations/10-main.conf: always pass -bsrv4 to AIX linker.
      recipes/90-test_shlibload.t: disable tests on AIX till further notice.
      CHANGES: mention AIX shared library support overhaul.
      Configure,util/shlib_wrap.sh: harmonize -Wl and -rpath handling.
      sha/asm/sha{256|512}-armv4.pl: harmonize thumb2 support with the rest.
      ec/ec_pmeth.c: minor cleanups and readability fixes.
      rand/rand_unix.c: mask getentropy ELF detection on HP-UX.
      PA-RISC assembly pack: make it work with GNU assembler for HP-UX.
      store/loader_file.c: fix char-subscripts warning.
      NOTES.UNIX: add "Linking your application" paragraph
      evp/e_chacha20_poly1305.c: improve performance for short TLS records.
      modes/asm/ghash-armv4.pl: address "infixes are deprecated" warnings.
      rand/rand_unix.c: address macro redifinition warning.
      perlasm/x86_64-xlate.pl: refine symbol recognition in .xdata.
      chacha/asm/chacha-x86_64.pl: add dedicated path for 128-byte inputs.
      evp/e_chacha20_poly1305.c: further improve small-fragment TLS performance.
      modes/ocb128.c: readability and formatting improvements.
      apps/req.c: fix -addext option.
      poly1305/asm/poly1305-x86_64.pl: fix solaris64-x86_64-cc build.
      bn/bn_lib.c: remove bn_check_top from bn_expand2.
      bn/bn_mont.c: move boundary condition check closer to caller.
      bn/bn_mont.c: improve readability of post-condition code.
      bn/bn_lib.c: add BN_FLG_FIXED_TOP flag.
      bn/bn_{mont|exp}.c: switch to zero-padded intermediate vectors.
      bn/bn_lib.c: make BN_bn2binpad computationally constant-time.
      rsa/*: switch to BN_bn2binpad.
      bn/bn_lcl.h,bn_nist.c: addres strict warnings with -DBN_DEBUG.
      ec/asm/x25519-x86_64.pl: fix base 2^64 add/sub and final reduction.
      test/.../evppkey.txt: X25519 regression test vectors.
      ec/asm/x25519-x86_64.pl: add CFI directives and Windows SE handler.
      ec/curve25519.c: reorganize for better accessibility.
      bn/bn_lib.c address Coverity nit in bn2binpad.
      ec/ecdsa_ossl.c: revert blinding in ECDSA signature.
      ec/ecdsa_ossl.c: formatting and readability fixes.
      ec/ecdsa_ossl.c: switch to fixed-length Montgomery multiplication.
      CHANGES: mention blinding reverting in ECDSA. [skip ci]
      .travis.yml: exercise -std=c89 in order to catch corresponding problems.
      ec/ec_lcl.h: fix pre-C9x compilation problems.
      include/openssl/e_os2.h: define last-resort SSIZE_MAX.
      bio/bss_dgram.c: harmonize usage of OPENSSL_USE_IPV6 with the rest.
      crypto/*: address standard-compilance nits.
      apps/dsaparam.c: fix -C output.
      bn/bn_intern.c: const-ify bn_set_{static}_words.
      ec/asm/ecp_nistz256-{!x86_64}.pl: fix scatter_w7 function.
      ec/ecp_nistz256.c: fix ecp_nistz256_set_from_affine.
      .travis.yml: omit linux-ppc64le target.
      apps/dsaparam.c: make dsaparam -C output strict-warnings-friendly.
      ec/ecp_nistz256.c: fix Coverity nit.
      INSTALL,NOTES.WIN: classify no-asm as non-production option.
      crypto/cryptlib.c: make OPENSS_cpuid_setup safe to use as constructor.
      crypto/cryptlib.c: resolve possible race in OPENSSL_isservice.
      crypto/dllmain.c: remove unused OPENSSL_NONPIC_relocated variable.
      crypto/init.c: use destructor_key even as guard in OPENSSL_thread_stop.
      apps/apps.c: harmonize print_bignum_var output with coding style.
      bn/bn_mod.c: harmonize BN_mod_add_quick with original implementation.
      Add ec/asm/x25519-ppc64.pl module.
      00-base-templates.conf: engage x25519-ppc64 module.
      asn1/tasn_utl.c: fix logical error in and overhaul asn1_do_lock.
      INSTALL,NOTES.ANDROID: minor updates.
      x509/x509name.c: fix potential crash in X509_NAME_get_text_by_OBJ.
      Harmonize use of sk_TYPE_find's return value.
      stack/stack.c: omit redundant NULL checks.
      Add internal/tsan_assist.h.
      lhash/lhash.c: switch to Thread-Sanitizer-friendly primitives.
      ssl/*: switch to switch to Thread-Sanitizer-friendly primitives.
      x509v3/v3_purp.c: resolve Thread Sanitizer nit.
      x509v3/v3_purp.c: re-implement lock-free check for extensions cache validity.
      man3/OPENSSL_LH_COMPFUNC.pod: clarifications and updates.
      engine/eng_lib.c: remove redundant #ifdef.
      crypto/mem.c: switch to tsan_assist.h in CRYPTO_MDEBUG.
      crypto/o_fopen.c: alias fopen to fopen64.
      internal/refcount.h: overhaul fencing and add _MSC_VER section.
      crypto/threads_*: remove CRYPTO_atomic_{read|write}.
      Configure: don't probe for --noexecstack assembler option on Darwin.

Beat Bolli (2):
      doc/BN_generate_prime: update doc about other callback values
      apps/dsaparam.c generates code that is intended to be pasted or included     into an existing source file: the function is static, and the code     doesn't include dsa.h.  Match the generated C source style of dsaparam.

Benjamin Kaduk (8):
      ecdsa_ossl: address coverity nit
      Address coverity-reported NULL dereference in SSL_SESSION_print()
      const-ify some input SSL * arguments
      Normalize SNI hostname handling for SSL and SSL_SESSION
      Add TODO comment for a nonsensical public API
      Fix ossl_shim SNI handling
      Improve backwards compat for SSL_get_servername()
      Avoid shadowing 'free' in X509_LOOKUP_met_set_free

Bernd Edlinger (6):
      Add -Wstrict-prototypes option to --strict-warnings
      Fix negative test result in sm2 test
      Replace accidentally used C99 macro __func__ with __FILE__/__LINE__
      Fix a new gcc-9 warning [-Wstringop-truncation]
      Fix minor windows build issues
      Fix uninitialized value $s warning in windows static builds

Billy Brumley (8):
      [crypto/ec] don't assume points are of order group->order
      make EC_GROUP_do_inverse_ord more robust
      [crypto/ec] remove blinding to support even orders
      [crypto/ec] default to FLT or error
      More EVP ECC testing: positive and negative
      [crypto/ec] disable SCA mitigations for curves with incomplete parameters
      [test] test some important ladder corner cases     and catch corner cases better and earlier
      EC GFp ladder

Bryan Donlan (2):
      Remove DSA digest length checks when no digest is passed
      Add test for DSA signatures of raw digests of various sizes

Conrad Meyer (1):
      Correctly check for cryptodev hash support

David Benjamin (1):
      Remove zero special-case in BN_mod_exp_mont.

David von Oheimb (1):
      add documentation for OCSP_basic_verify()

DesWurstes (1):
      modes/ocb128.c: improve the calculation of double mask

Dmitry Yakovlev (1):
      Move SSL_DEBUG md fprintf after assignment

Dr. Matthias St. Pierre (7):
      testutil/driver.c: Fix function prototype warning [-Wstrict-prototypes]
      Fix some undefined behaviour in the Curve448 code (2nd attempt)
      test/asn1_internal_test.c: silence the new check for the ASN1 method table
      test/recipes/30-test_evp_data: fix two typos
      rand_unix.c: assimilate syscall_random() with getrandom(2)
      rand_unix.c: don't discard entropy bytes from syscall_random()
      rand_unix.c: don't discard entropy bytes from /dev/*random

FdaSilvaYY (1):
      apps/ca: fix useless get before delete.

Kurt Roeckx (7):
      Fix prototype of ASN1_INTEGER_get and ASN1_INTEGER_set
      Update DRBG CHANGES section
      Enable all protocols and ciphers in the fuzzer
      Improve documentation about reading and writing
      Change the number of Miller-Rabin test for DSA generation to 64
      Make number of Miller-Rabin tests for a prime tests depend on the security level of the prime
      Fix inconsisten use of bit vs bits

Mat (1):
      Fix typo in x25519-x86_64.pl

Matt Caswell (74):
      Prepare for 1.1.1-pre9-dev
      Document no-sm2
      Add blinding to a DSA signature
      Don't use OPENSSL_strdup() for copying alpn_selected
      Add a high level note about the various SCA mitigations
      Don't change a session once its in the cache
      Only dump session data after we have received it
      Update SSL_SESSION_print for TLSv1.3
      Restructure the ticket construction code
      Respect SSL_OP_NO_TICKET in TLSv1.3
      Use stateful tickets if we are doing anti-replay
      Document changes to SSL_OP_NO_TICKET for TLSv1.3
      Auto retry if we ditch records during shutdown
      Add a bi-directional shutdown test
      Return SSL_ERROR_WANT_READ if SSL_shutdown() encounters handshake data
      Return a fatal error if application data is encountered during shutdown
      Fix a NULL ptr deref in error path in tls_process_cke_dhe()
      Make the anti-replay feature optional
      Add setters to set the early_data callback
      Document the new early data callback and option
      Add a test for the new early data callback
      Add the ability to configure anti-replay via SSL_CONF
      Restore behaviour from commit 36ff232cf that was incorrectly removed
      Remove TLSv1.3 tickets from the client cache as we use them
      Fix no-tls1_2
      Introduce the recv_max_early_data setting
      Add a test for the recv_max_early_data setting
      Add the ability to configure recv_max_early_data via s_server
      Document SSL_CTX_set_recv_max_early_data() etc
      Don't fail if the PSK identity doesn't match
      Check md_size isn't negative before we use it
      Fix some Coverity issues in sm2_encrypt()
      Check a return value for success in ec_field_size()
      Remove a memset
      Do not use GOST sig algs in TLSv1.3 where possible
      Use ssl_version_supported() when choosing server version
      As a server don't select TLSv1.3 if we're not capable of it
      Add a GOST test
      Don't remove sessions from the cache during PHA in TLSv1.3
      Improve testing of stateful tickets
      Always issue new tickets when using TLSv1.3 stateful tickets
      Test that a failed resumption issues the correct number of tickets
      Fix no-psk
      Fix a memory leak in the ticket test
      Skip the GOST test where appropriate
      Check that the public key OID matches the sig alg
      Add a test for mismatch between key OID and sig alg
      Don't skip over early_data if we sent an HRR
      Test early_data sent after a second ClientHello causes a failure
      Update the TLSv1.3 test vectors
      Validate legacy_version
      Add a note about aborts encountered while sending early_data
      Provide EC functions that are not curve type specific
      Add documentation for the new non-curve type specific EC functions
      Use the new non-curve type specific EC functions internally
      Deprecate the EC curve type specific functions in 1.2.0
      Fix some TLSv1.3 alert issues
      Ensure we send an alert on error when processing a ticket
      Fix a missing call to SSLfatal
      Ensure that we write out alerts correctly after early_data
      Tolerate encrypted or plaintext alerts
      Add a test for unencrypted alert
      Improve fallback protection
      Add a test for TLSv1.3 fallback
      Revert "stack/stack.c: omit redundant NULL checks."
      Fix no-comp
      Updates to CHANGES and NEWS for the new release.
      Update code for the final RFC version of TLSv1.3 (RFC8446)
      Turn on TLSv1.3 downgrade protection by default
      Fix a bug in test_sslversions
      Change Post Handshake auth so that it is opt-in
      Add support for SSL_CTX_set_post_handshake_auth()
      Fix a version error in CHANGES and NEWS
      Prepare for 1.1.1-pre9 release

Nicola Tuveri (11):
      Use DEPRECATEDIN_1_2_0 macro for DSA_sign_setup declaration
      [fixup] Add CHANGES entry
      enable-ec_nistp_64_gcc_128: Fix function prototype warning [-Wstrict-prototypes]
      Remove __cplusplus preamble from internal headers
      Add inter-module private header for EC functions
      Use ec_group_do_inverse_ord() in SM2
      Remove stale SM2 error codes
      EC point multiplication: add `ladder` scaffold     for specialized Montgomery ladder implementations
      EC2M Lopez-Dahab ladder implementation
      EC2M Lopez-Dahab ladder: use it also for ECDSA verify
      Replace GFp ladder implementation with ladd-2002-it-4 from EFD

Patrick Steuer (4):
      apps/speed.c: let EVP_Update_loop_ccm behave more like EVP_Update_loop
      Fix undefined behavior in s390x aes-gcm/ccm
      s390x assembly pack: add KIMD/KLMD code path for sha3/shake
      CHANGES: mention s390x assembly pack extensions

Paul Kehrer (1):
      fix pyca/cryptography test suite failure

Paul Yang (1):
      Fix a trivial coding style nit in sm2_sign.c

Pauli (15):
      Fix spelling errors in documentation.     Also fix some clumsy wording.
      Modify the DEVRANDOM source so that the files are kept open persistently.     This allows operation inside a chroot environment without having the     random device present.
      Check return from BN_set_word.     In ssl/t1_lib.c.
      Remove development artifacts.
      Check for NULL conf in NCONF_get_number
      Tests for MD5-SHA1 combined digest.
      NCONF_get_number refix.
      Check conversion return in ASN1_INTEGER_print_bio.
      Check return from BN_sub
      Add OIDs for HMAC SHA512/224 and HMAC SHA512/256.
      Relocate memcmp test.
      Change the OID references for X25519, X448, ED25519 and ED448 from the draft RFC     to the now released RFC 8410.
      Add SHA3 HMAC test vectors from NIST.
      Add a helper routine so that evp_test can compare memory without producing     spurious output when checking for error conditions.
      Check getauxval on systems that have it when checking for setuid execution.

Philip Prindeville (1):
      Travis: don't generate git clone progress for logs

Rich Salz (10):
      Zero-fill IV by default.
      Fix some issues found by Denian's lintian tool
      Add missing include file to doc
      Reject duplicate -addext parameters
      Update AUTHORS list, add commentary
      Add tests for the "req" command, -addext flag
      Check for failures, to avoid memory leak
      Some protocol versions are build-time
      Fix setting of ssl_strings_inited.
      Increase CT_NUMBER values

Richard Levitte (28):
      NOTES.UNIX: expand the description of RPATHs
      openssl ca: open the output file as late as possible
      OpenSSL-II style for emacs: don't indent because of extern block
      OpenSSL_add_ssl_algorithm-is-deprecated() is deprecated, make it so
      Document more EVP_MD_CTX functions
      Keep supporting the env / make variable PERL
      Avoid __GNUC__ warnings when defining DECLARE_DEPRECATED
      Make 'with_fallback' use 'use' instead of 'require'
      Existing transfer modules must have a package and a $VERSION
      util/dofile.pl: require Text::Template 1.46 or newer
      Guard DECLARE_DEPRECATED against multiple includes of opensslconf.h
      Windows: fix echo for nmake
      Windows: avoid using 'rem' in the nmake makefile
      PKCS12: change safeContentsBag from a SET OF to a SEQUENCE OF
      Configure: Display error/warning on deprecated/unsupported options after loop
      Make sure the 'tsget' script is called 'tsget.pl' everywhere
      def_load_bio(): Free |biosk| more carefully
      Configure: print generic advice when dying
      Configure death handler: bail out early when run in eval block
      Configure death handler: remember to call original death handler
      Configure death handler: instead of printing directly, amend the message
      Ensure symbols don't get deprecated too early
      Make EVP_PKEY_asn1_new() stricter with its input
      Check early that the config target exists and isn't a template
      i2d_ASN1_OBJECT(): allocate memory if the user didn't provide a buffer
      Configurations/15-android.conf: Make sure that the NDK path is canonical
      Configuration/15-android.conf: slightly move NDK canonisation
      Configure: warn when 'none' is the chosen seed source

Shane Lontis (2):
      Fixed range of random produced in BN_is_prime_fasttest_ex() to be 1 < rand < w-1. It was using 1<= rand < w (which is wrong by 1 on both ends)
      Fixed issue where DRBG_CTR fails if NO_DF is used - when entropy is called

Tomas Mraz (1):
      Deallocate previously loaded SSL CONF module data

neighbads (1):
      Update sm2_crypt.c

parasssh (1):
      Fix typos and errors in Ed25519.pod documentation

捷成吴 (1):
      apps/speed.c: add missing checks for RAND_bytes()


More information about the openssl-commits mailing list