[openssl] OpenSSL_1_1_1b create

Matt Caswell matt at openssl.org
Tue Feb 26 14:39:08 UTC 2019

The annotated tag OpenSSL_1_1_1b has been created
        at  3be907df5e5619fb10863849d3504bbdc6e8630d (tag)
   tagging  50eaac9f3337667259de725451f201e784599687 (commit)
  replaces  OpenSSL_1_1_1a
 tagged by  Matt Caswell
        on  Tue Feb 26 14:15:30 2019 +0000

- Log -----------------------------------------------------------------
OpenSSL 1.1.1b release tag


Andy Polyakov (12):
      rsa/rsa_ossl.c: cache MONT_CTX for public modulus earlier.
      err/err.c: add err_clear_last_constant_time.
      rsa/rsa_ossl.c: make RSAerr call in rsa_ossl_private_decrypt unconditional.
      rsa/rsa_pk1.c: remove memcpy calls from RSA_padding_check_PKCS1_type_2.
      rsa/rsa_oaep.c: remove memcpy calls from RSA_padding_check_PKCS1_OAEP.
      rsa/rsa_ssl.c: make RSA_padding_check_SSLv23 constant-time.
      Configurations/10-main.conf: remove MIPS bn_div_3_words.
      Configure: recognize div3w modules and add -DBN_DIV3W.
      bn/bn_div.c: make conditional addition unconditional
      bn/bn_{div|shift}.c: introduce fixed-top interfaces.
      err/err.c: improve err_clear_last_constant_time's portability.
      AArch64 assembly pack: authenticate return addresses.

Behrang (1):
      Fixed minor typo in the req.pod docs

Bernd Edlinger (8):
      Fix a minor nit in the hkdflabel size
      Fix cert with rsa instead of rsaEncryption as public key algorithm
      PPC: Try out if mftb works before using it
      Make ca command silently use default if .attr file does not exist
      Fix a memory leak with di2_X509_CRL reuse
      Fixed d2i_X509 in-place not re-hashing the ex_flags
      Fix a crash in reuse of i2d_X509_PUBKEY
      Add an entry to the CHANGES for the d2i_X509_PUBKEY fix

Billy Brumley (3):
      Clean up BN_consttime_swap.
      SCA hardening for mod. field inversion in EC_GROUP
      [test] unit test for field_inv function pointer in EC_METHOD

Christian Heimes (1):
      Fix function names in ct(7) documentation

Corey Minyard (1):
      Fix a memory leak in the mem bio

Corinna Vinschen (1):
      cygwin: drop explicit O_TEXT

Daniel DeFreez (2):
      Fix null pointer dereference in ssl_module_init
      Fix null pointer dereference in cms_RecipientInfo_kari_init

David Asraf (1):
      crypto/bn: fix return value in BN_generate_prime

David Benjamin (3):
      Reduce inputs before the RSAZ code.
      Fix some CFI issues in x86_64 assembly
      Check for unpaired .cfi_remember_state

David Woodhouse (2):
      Stop marking default digest for EC keys as mandatory
      Honour mandatory digest on private key in has_usable_cert()

Dmitry Belyavskiy (3):
      Remove unused variables from tls1_change_cipher_state
      Eliminate unused buffers from ssl3_change_cipher_state
      Restore compatibility with GOST2001 implementations.

Dr. Matthias St. Pierre (7):
      curve25519.c: reformat code to follow coding guidelines
      curve25519.c: improve formula alignment
      doc/man3: remove copy&paste leftover
      man: harmonize the various formulations in the HISTORY sections
      doc/man1/x509.pod: fix typo
      X509_STORE: fix two misspelled compatibility macros
      engines/dasync: add explaining comments about AES-128-CBC-HMAC-SHA1

Eneas U de Queiroz (10):
      INSTALL: add note about devcrypto engine
      eng_devcrypto: don't leak methods tables
      eng_devcrypto: expand digest failure cases
      eng_devcrypto: fix copy of unitilialized digest
      eng_devcrypto: close session on cleanup, not final
      eng_devcrypto: add cipher CTX copy function
      eng_devcrypto: fix ctr mode
      eng_devcrypto: make sure digest can do copy
      eng_devcrypto: close open session on init
      e_devcrypto: set digest input_blocksize

FdaSilvaYY (4):
      Doc: fix reference to deprecated methods.
      Coverity fix in apps/oscp
      Coverity fix in some crypto/asn1 code
      Fix CID 1434549: Unchecked return value in test/evp_test.c

Hubert Kario (1):
      SSL_CONF_cmd: fix doc for NoRenegotiation

Ionut Mihalcea (1):
      Don't set SNI by default if hostname is not dNS name

Jakub Jelen (1):
      Use the correct function name

Jan Macku (1):
      Fixed typo

Jung-uk Kim (1):
      Do not complain when /dev/crypto does not exist.

Ken Goldman (1):
      Admit unknown pkey types at security level 0

Klotz, Tobias (1):
      Cleanup vxworks support to be able to compile for VxWorks 7

Mansour Ahmadi (3):
      fix inconsistent flen check in rsa_pk1 and rsa_oaep
      add missing check for BN_mod_inverse
      Add missing OPENSSL_clear_free before using ec->key

Matt Caswell (44):
      Prepare for 1.1.1b-dev
      Disallow Ed25519 signature maleability
      Add an Ed25519 signature maleability test
      Revert "Reduce stack usage in tls13_hkdf_expand"
      Fix some SSL_export_keying_material() issues
      Make sure build_SYS_str_reasons() preserves errno
      Preserve errno on dlopen
      Document the num_tickets s_server option
      Disallow Ed448 signature malleability
      Add an Ed448 malleability test
      make update
      Fix shlibloadtest to properly execute the dso_ref test
      Fix a RUN_ONCE bug
      Don't link shlibloadtest against libcrypto
      Test atexit handlers
      Introduce a no-pinshared option
      Support _onexit() in preference to atexit() on Windows
      Fix no-cmac
      Don't complain if we receive the cryptopro extension in the ClientHello
      Add a test for correct handling of the cryptopro bug extension
      Don't artificially limit the size of the ClientHello
      Check a return value in the SRP code
      Check more return values in the SRP code
      Add missing entries in ssl_mac_pkey_id
      Don't get the mac type in TLSv1.3
      Make sure we trigger retransmits in DTLS testing
      Revert "Keep the DTLS timer running after the end of the handshake if appropriate"
      Don't leak memory from ERR_add_error_vdata()
      Fix no-dso builds
      Complain if -twopass is used incorrectly
      Make OPENSSL_malloc_init() a no-op
      Don't signal SSL_CB_HANDSHAKE_START for TLSv1.3 post-handshake messages
      Fix -verify_return_error in s_client
      Use order not degree to calculate a buffer size in ecdsatest
      Don't interleave handshake and other record types in TLSv1.3
      Add a test for interleaving app data with handshake data in TLSv1.3
      Fix dasync engine
      Don't restrict the number of KeyUpdate messages we can process
      Ensure bn_cmp_words can handle the case where n == 0
      Update NEWS for new release
      Update copyright year
      Clarify that SSL_shutdown() must not be called after a fatal error
      Prepare for 1.1.1b release

Matt Eaton (1):
      Update NOTES.ANDROID

Matthew Hodgson (1):
      openssl s_server: don't use sendto() with connected UDP socket

Matthias Kraft (3):
      Add "weak" declarations of symbols used in safestack.h and lhash.h
      Fix Invalid Argument return code from IP_Factory in connect_to_server().
      Fix reference to symbol 'main'.

Michael Haubenwallner (1):
      Windows/Cygwin dlls need the executable bit set

Michael Richardson (2):
      fixed grammar typo
      clarify which functions are the CMS functions which must have CMS_PARTIAL set

Michael Tuexen (1):
      Fix end-point shared secret for DTLS/SCTP

Nicola Tuveri (2):
      Test for constant-time flag leakage in BN_CTX
      Clear BN_FLG_CONSTTIME on BN_CTX_get()

Paul Yang (3):
      Fix wrong return value in ssl3_ctx_ctrl
      Fix access zero memory if SSL_DEBUG is enabled
      Fix a grammar nit in CRYPTO_get_ex_new_index.pod

Pauli (1):
      Address a bug in the DRBG tests where the reseeding wasn't properly     reinstantiating the DRBG.

Petr Vorel (1):
      Reuse already defined macros

Richard Levitte (37):
      Smarter build of system error text database
      Add an error message test recipes for system error messages
      Change tarball making procedure
      Remove all 'make dist' artifacts
      VMS: fix collected error strings
      VMS config: Typo fix, as -> AS
      Document the removed 'dist' target
      Don't export util/mktar.sh
      Don't export the submodules 'boringssl', 'krb5' and 'pyca-cryptography'
      Make sure to run util/mktar.sh from the source directory
      Have util/mktar.sh display the absolute path to the tarball
      Avoid test_errstr in a cross compiled configuration
      VMS build: in descrip.mms.tmpl's src2obj, do .S -> .asm too
      VMS build: don't forget the generation marker when removing files
      Don't test the collected system errors when configured to not have them
      Docs fixup: some man3 pages had unindented code in SYNOPSIS
      Make EVP_PKEY_asn1_add0() stricter about its input
      Prevent calling decryption in an encryption context and vice versa
      make update
      Fix error in processing $target{enable}
      VMS build: better treatment of .S -> .obj compilation
      ERR: preserve system error number in a few more places
      crypto/uid.c: use own macro as guard rather than AT_SECURE
      crypto/armcap.c, crypto/ppccap.c: stricter use of getauxval()
      apps/verify.c: Change an old comment to clarify what the callback does
      Android build: use ANDROID_NDK_HOME rather than ANDROID_NDK
      VMS: force 'pinshared'
      Better phrasing around 1.1.0
      test/drbgtest.c: call OPENSSL_thread_stop() explicitly
      test/recipes/02-err_errstr: skip errors that may not be loaded on Windows
      apps/ocsp.c Use the same HAVE_FORK / NO_FORK as in speed.c
      Configure: stop forcing use of DEFINE macros in headers
      Mark generated functions unused (applies to safestack, lhash, sparse_array)
      Windows: Call TerminateProcess, not ExitProcess
      Rearrange the inclusion of curve448/curve448_lcl.h
      VMS: disable the shlibload test for now
      Disable 02-test_errstr.t on msys/mingw as well as MSWin32

Sam Roberts (3):
      Make some simple getters take const SSL/SSL_CTX
      Remove unnecessary trailing whitespace
      Ignore cipher suites when setting cipher list

Shigeki Ohtsu (1):
      s_client: fix not to send a command letter of R

Shreya Bhandare (1):
      EVP_PKEY_size declared to take a const parameter

Tobias Stoeckmann (1):
      Fixed typo (vi leftover).

Todd Short (2):
      Fix d2i_PublicKey() for EC keys
      Update d2i_PrivateKey documentation

Tomas Mraz (2):
      Remove stray -modulus option from the ec manual page.
      Allow the syntax of the .include directive to optionally have '='

Vedran Miletić (1):
      Add missing dots in dgst man page

Viktor Dukhovni (2):
      Update generator copyright year.
      More configurable crypto and ssl library initialization

batist73 (1):
      Android build: fix usage of NDK home variable ($ndk_var)

cclauss (1):
      Travis CI: Use flake8 to find Python syntax errors or undefined names

weinholtendian (1):
      Fix error message for s_server -psk option


More information about the openssl-commits mailing list