[openssl-commits] [openssl] OpenSSL_1_1_1-pre2 create

Matt Caswell matt at openssl.org
Tue Feb 27 14:04:45 UTC 2018

The annotated tag OpenSSL_1_1_1-pre2 has been created
        at  68d5f598acf715a36071a8fa17f87f54ca1e8548 (tag)
   tagging  6941960602658a52742786978fe8e677548f89bf (commit)
  replaces  OpenSSL_1_1_1-pre1
 tagged by  Matt Caswell
        on  Tue Feb 27 14:02:48 2018 +0000

- Log -----------------------------------------------------------------
OpenSSL 1.1.1-pre2 release tag


Andy Polyakov (13):
      sha/asm/keccak1600-armv8.pl: add hardware-assisted ARMv8.2 subroutines.
      crypto/ec/curve25519.c: remove redundant fe[51]_cswap.
      Add x25519-x86_64.pl module, mod 2^255-19 primitives.
      ec/curve25519.c: facilitate assembly implementations.
      Configure: engage x25519 assembly support.
      test/recipes/80-test_pkcs12.t: handle lack of Win32::API.
      ec/asm/x25519-x86_64.pl: fix up ADCX/ADOX fallback.
      ec/curve448: portability fixups.
      {ec/curve25519,poly1305/poly1305}.c: relax pedantic constraint.
      ec/ecp_nistp{224,256,521}.c: harmonize usage of __uint128_t.
      appveyor.yml: omit makedepend step.
      test/ct_test.c: remove dependency on -lm.
      mem_sec.c: relax POSIX requirement.

Benjamin Kaduk (1):
      Auto-size more of configdata.pm "disabled features"

Bernd Edlinger (3):
      Fix a gcc warning about possible fall through
      Remove executable bit from test/recipes/03-test_internal_sm4.t
      Fix some bugs with the cfb1 bitsize handling

Dr. Matthias St. Pierre (8):
      DRBG: add locking api
      DRBG: unify initialization and cleanup code
      DRBG: make the derivation function the default for ctr_drbg
      OPENSSL_cleanup: cleanup secure memory
      d2i_X509.pod: clarify usage of the 'pp' function parameter
      PEM_read_bio_PrivateKey.pod: replace geek speek by something more serious
      DRBG: make locking api truly private
      pkeyparam.pod: correct the command description

EasySec (1):
      Add support for PBKDF2 for enc command

John Hughes (1):
      Add BIO_bind function to bind local address for a socket.

Kurt Roeckx (3):
      Use both getrandom() and /dev/urandom by default on Linux.
      Switch the DRBGs from AES-128-CTR to AES-256-CTR
      Check return value of time() when getting additional data for the DRBG

Massimiliano Pala (1):
      Add X509_get0_authority_key_id() function

Matt Caswell (87):
      Prepare for 1.1.1-pre2-dev
      Fix a memory leak in an error path
      Make sure we check the return value of extract_min_max()
      Ignore an s_client psk in TLSv1.3 if not TLSv1.3 suitable
      If s->ctx is NULL then this is an internal error
      The function X509_gmtime_adj() can fail
      Check the return code from ASN1_TIME_diff()
      The record version for ClientHello2 should be TLS1.2
      Import Curve 448 support
      Flatten the Curve 448 source structure
      Remove some unneeded files and further flatten the curve 448 structure
      Remove some deprecated curve 448 code and remove some unneeded defines
      Remove some unneeded code
      Remove the curve448/decaf sub-directory
      Remove the decaf_bzero function and replace with OPENSSL_cleanse()
      Add the X448() and X448_public_from_private() functions
      Add a local test
      Remove some unneeded stuff
      Remove some uneeded macros and conditionally compiled code
      Remove some more unneeded code
      Rename decaf_448_* to curve448_*
      Remove some vestiges of the old decaf template approach
      Replace DECAF_INLINE with ossl_inline
      Replace DECAF_WARN_UNUSED with __owur
      Remove all instances of DECAF_API_VIS
      Remove DECAF_NONNULL
      Remove inclusion of header files that we can't rely on due to portability
      Add Ed448 tests
      Add tests for Ed448ph
      Use OpenSSL shake256
      Convert Curve448 internals to use OpenSSL shake256
      Remove the old shake256 implementation
      Remove portable_endian.h
      Rename the decaf files to curve448 files
      Convert to C90 from C99
      Integrate Curve448 into the build system
      Fix the ED448 key lengths
      Update the imported curve448 code to use OpenSSL copyright headers
      Run util/openssl-format-source on the Curve448 code
      Manual formatting tweaks to Curve448 code
      Remove some unneeded code
      Remove references to libdecaf
      Merge f_arithmetic.c into f_generic.c
      Merge f_field.h into field.h
      Remove duplicated 448 in the names of various things
      Remove some gcc/clang specific attributes we don't support
      Fix build errors for Curve448 code on Windows (VC-WIN32 and VC-WIN64A)
      Move curve448_test.c to be a full internal test
      Update the curve448 internal test to use testutil.h
      Fixes for compilation using clang
      Code tidy up
      Update Curve448 copyright for 2018
      Fix a typo in a comment
      Fix travis failure in f_impl.c
      Fix AppVeyor failure in eddsa.c
      Remove curve448 architecture specific files
      Rename a function to avoid a clash
      Use the NLIMBS macro rather than try and calculate the number of limbs
      Add some new constant time functions needed by curve448
      Remove the curve448 specific constant time implementation
      Remove cplusplus guards in internal headers
      Use NLIMBS where appropriate to simplify the code
      Formatting tweak based on review feedback
      Some style fixes
      More style fixes to Curve448 code based on review feedback
      Remove a strict aliasing issue with pre-computed curve448 constants
      More style fixes for the curve448 code
      Remove the curve448 vector code
      Fix a travis failure in the curve448 code
      Remove some unneccessary use of constant time code in curve448
      Simplify some code
      Further style changes to curve448 code
      Yet more style updates to the curve448 code
      Remove unrolled loops
      Improve readability of f_impl.c and f_impl.h
      fixup! Improve readability of f_impl.c and f_impl.h
      fixup! More style fixes for the curve448 code
      Some more cleanups of curve448 code
      Add tests for newly added constant time functions
      Remove a spurious TLSProxy byte in TLSv1.3
      Fix some undefined behaviour in the Curve448 code
      Fix no-ec build
      Sanity check the ticket length before using key name/IV
      Clear some sslapitest global variables after use
      Update copyright year
      Prepare for 1.1.1-pre2 release

Patrick Steuer (1):
      s390x assembly pack: implement OPENSSL_rdtsc as STCKF

Pauli (2):
      Avoid mentioning uninitialised contexts.
      Remove unreachable statement.

Pavel Kopyl (2):
      X509V3_EXT_add_nconf_sk, X509v3_add_ext: fix errors handling
      do_body: fix heap-use-after-free.

Per Sandström (1):
      Update EC_POINT_new.pod

Rich Salz (3):
      Generate copyright year properly
      Remove unused num.pl,segregnam scripts
      Remove OSSLzu, and fix the one place that used it.

Richard Levitte (37):
      Configure: if a file is generated, never assume it's in the source dir
      VMS: for testutil, make sure to use BIO_f_linebuffer
      VMS: simplify config targets
      Build files: parametrize cpp
      Harmonize the make variables across all known platforms families
      VMS: add the possibility to use Itanium assembler with 'ias'
      VMS: modify crypto/bn/asm/ia64.S to build properly
      VMS: build ia64 assembler files if 'ias' is available
      OSSL_STORE: Add OSSL_STORE_vctrl()
      NOTES.UNIX: add additional note about --enable-new-dtags
      AIX: make sure that the arflags value includes the command letter (r)
      Configure: move down the treatment of seed sources
      Configure: avoid uninit data in configdata.pm
      OpenSSL::Test::quotify: put quotes around empty arguments
      test_ssl_old: avoid empty strings for flags
      VMS: Fix curve448 internal test program
      Have configdata.pm display information on perl
      Refactor the ranlib attribute
      Unix Makefile: Rework the assignment of CXX and AS
      Make CROSS_COMPILE another supported "make variable" in Configure
      Add a comment in configdata.pm regarding script-only variables
      Replace the message about configdata.pm as a script
      Build file templates: be less verbose when reconfiguring
      Build files: when using $(CPP), use the C flags alongside the CPP flags
      STORE: In preparation for coming work, mark when loading is started
      STORE: Add the possibility to specify an expected info type
      STORE 'file' scheme loader: Add info type expectation
      Adapt storeutl to allow looking for a specific info type
      STORE: Add documentation on expecting specific infos
      Test the storeutl expectation options
      STORE: Add the possibility to search for specific information
      STORE 'file' scheme loader: Add search capibility
      Adapt storeutl to allow search for specific objects
      STORE: Add documentation on search criteria
      Test the storeutl searching options
      Add a note in CHANGES
      Make it possible to give --libdir an absolute path

Samuel Weiser (1):
      Replaced variable-time GCD with consttime inversion to avoid side-channel attacks on RSA key generation

Steve Linsell (1):
      initialise dc variable to satisfy old compilers.

Tatsuhiro Tsujikawa (1):
      Export keying material using early exporter master secret

Viktor Dukhovni (2):
      Avoid fragile aliasing of SHA224/384 update/final
      Use malloc to avoid alignment problems.


More information about the openssl-commits mailing list