[openssl] OpenSSL_1_1_1c create

Richard Levitte levitte at openssl.org
Tue May 28 13:17:06 UTC 2019

The annotated tag OpenSSL_1_1_1c has been created
        at  2b37c85bb6c1ba67b25ae8dc0c9024cc5c727046 (tag)
   tagging  97ace46e11dba4c4c2b7cb67140b6ec152cfaaf4 (commit)
  replaces  OpenSSL_1_1_1b
 tagged by  Richard Levitte
        on  Tue May 28 15:12:21 2019 +0200

- Log -----------------------------------------------------------------
OpenSSL 1.1.1c release tag


A. Schulze (1):
      Fix two spelling errors

Arne Schwabe (1):
      Change SSL parameter SSL_session_reused const

Bernd Edlinger (16):
      Fix seeding from random device w/o getrandom syscall
      Limit DEVRANDOM_WAIT to linux
      Fix memory overrun in rsa padding check functions
      Update documentation regarding required output buffer memory size     of RSA_private_decrypt/RSA_public_encrypt.
      Add a simple test for RSA_SSLV23_PADDING
      Do the error handling in pkey_rsa_decrypt in constant time
      Update documentation of RSA_padding_check_PKCS1_OAEP_mgf1
      Clear the secret point in ecdh_simple_compute_key
      Clear the point S before freeing in ec_scalar_mul_ladder
      Make err_clear_constant_time really constant time
      Modify the RSA_private_decrypt functions to check the padding in     constant time with a memory access pattern that does not depend     on secret information.
      Fix the allocation size in EVP_OpenInit and PEM_SignFinal
      Avoid creating invalid rsa pss params
      Don't use coordinate blinding when scalar is group order
      Add test for the BIO_get_mem_ptr() regression
      Fix a crash in the speed command with wrap ciphers

Billy Brumley (1):
      [test] modernize ecdsatest and extend ECDSA sign KATs

Dan Campbell (1):
      s_client starttls: fix handling of multiline reply

Daniel Axtens (1):
      PPC assembly pack: fix copy-paste error in CTR mode

Dmitry Belyavskiy (2):
      Providing missing accessor to EVP_PKEY.engine
      Add some checks of OCSP functions

Dr. Matthias St. Pierre (7):
      VMS: only use the high precision on VMS v8.4 and up
      Configure: untabify indentation
      Fix three identical grammatical errors
      rand_win.c: loosen version requirements for BCryptGenRandom
      Test: use keywords instead of magic numbers for 'rsa_pss_saltlen'
      openssl cms: add error message if operation option is missing
      man: fix a typo and a grammar nit in EVP_PKEY_meth_new(3)

FdaSilvaYY (1):
      OCSP: fix memory leak in OCSP_url_svcloc_new method.     Add a few coverage test case.

Guido Vranken (1):
      Enforce a strict output length check in CRYPTO_ccm128_tag

Hua Zhang (1):
      Fix compiling error for mips32r6 and mips64r6

Hubert Kario (1):
      ts(1): digest option is mandatory

Jake Massimo (1):
      Increase rounds of Miller-Rabin testing DH_check

Jakub Jelen (1):
      doc: Get rid of unrelated reference to DSA_new()

Jakub Wilk (1):
      Fix typos

Joshua Lock (4):
      Make check_example_location() in find-doc-nits generic
      Add a check for history section location to find-doc-nits
      Update various man pages to place HISTORY section after SEE ALSO
      Further harmonisation of manual page HISTORY sections

Kurt Roeckx (1):
      Change default RSA, DSA and DH size to 2048 bit

Lorinczy Zsigmond (1):
      Reorganized signature-scheme detection in 'apps/s_cb.c:security_callback_debug' callback-function.

Matt Caswell (20):
      Prepare for 1.1.1c-dev
      Don't write the tick_identity to the session
      Prevent over long nonces in ChaCha20-Poly1305
      Test an overlong ChaCha20-Poly1305 nonce
      Update ChaCha20-Poly1305 documentation
      Avoid an underflow in ecp_nistp521.c
      Add a test for underflow in ecp_nistp521.c
      Fix memory leaks in pkread.c demo file
      Update pkeyutl documentation about the digest option
      Tolerate 0 byte input length for Update functions
      Fix a memory leak in ARIA GCM
      Don't allow SHAKE128/SHAKE256 with HMAC
      Make OCSP_id_cmp and OCSP_id_issuer_cmp accept const params
      Correct the documentation about SSL_CIPHER_description()
      Fix crash in X509_STORE_CTX_get_by_subject
      Clarify the documentation on the use of ChaCha20
      Add some more test vectors for ChaCha20
      Reject obviously invalid DSA parameters during signing
      Revert "EVP_*Update: ensure that input NULL with length 0 isn't passed"
      Add the NIST CAVS test vectors for CCM

Nicola Tuveri (2):
      Fix trivial typo in EVP_DigestVerifyInit doc
      Fix memory leak in ectest

Patrick Steuer (3):
      s390x assembly pack: allow specifying the tag after aad in aes-ccm
      EVP_Digest*: enable SHA3 pre-hashing for ECDSA
      EVP_Digest*: enable SHA3 pre-hashing for DSA

Paul Monson (1):
      conn_is_closed should return 1 if get_last_sys_error is WSAECONNRESET     CLA: trivial

Paul Yang (3):
      Fix the default digest algorthm of SM2
      Place return values after examples in doc
      Add section order check in util/find-doc-nits

Pauli (4):
      Cosmetic rand/drbg changes.
      Add the prediction_resistance flag to the documentation.
      Statistically test BN_rand_range().
      Revert "Statistically test BN_rand_range()."     The testutil support for doubles isn't present in 1.1.1.

Rashmica Gupta (1):
      crypto/ppccap.c: Fix which hwcap value used to check for HWCAP_ARCH_3_00

Richard Levitte (30):
      Revert "Configure: stop forcing use of DEFINE macros in headers"
      Add PADLOCK_ASM to dso_defines rather than lib_defines
      Ensure configured module specific and application specific defines are used
      Make the padlock engine build correctly
      Configure: make --strict-warnings a regular user provided compiler option
      Do buildtests on our public header files with C++ as well
      Configuration: divide devteam flags into language specific sets
      .travis.yml: change -std=c89 to -ansi
      Configure: support a few more "make variables" defaulting from env
      Add missing '.text' in crypto/bn/asm/ppc.pl
      OPENSSL_config(): restore error agnosticism
      crypto/rand/rand_win.c: include "e_os.h" to get the default _WIN32_WINNT
      Revert "crypto/rand/rand_win.c: include "e_os.h" to get the default _WIN32_WINNT"
      OPENSSL_init_crypto(): check config return code correctly
      Rework DSO API conditions and configuration option
      EVP_*Update: ensure that input NULL with length 0 isn't passed
      asn1parse: avoid double free
      Configure: merge all of %user and %useradd into %config earlier
      Configure: recognise -static even if given through variables
      Configure: make disabling stuff easier and safer
      Configure: process shared-info.pl later
      doc/man3/X509_LOOKUP_meth_new.pod: clarify the requirements
      Configure: Remove extra warning and sanitizer options from CXXFLAGS
      Configure: make C++ build tests optional and configurable
      Travis: use enable-buildtest-c++
      Add advice on setting CXX at the same time as CC
      Configure: make 'enable-buildtest-c++' work (not be a regexp)
      Add CHANGES and NEWS for 1.1.1c
      Update copyright year
      Prepare for 1.1.1c release

Sambit Kumar Dash (1):
      Doc update: minor typo in CMS_verify.pod     CLA: trivial

Shane Lontis (7):
      cfi build fixes in x86-64 ghash assembly
      fix truncation of integers on 32bit AIX
      coverity fixes for bntest.c
      Added NULL check to BN_clear() & BN_CTX_end()
      Updated doc for BN_clear, BN_CTX_end when param is NULL
      fixed public range check in ec_GF2m_simple_oct2point
      Fixed linux_x86_icc compiler errors in EC code related to __uint128_t/__int128_t

Shigeki Ohtsu (1):
      deps: add s390 asm rules for OpenSSL-1.1.1

Soujyu Tanaka (4):
      Avoid linking error on WCE700 for _InterlockedExchangeAdd().     This implementation is referenced to https://www.boost.org/doc/libs/1_69_0/boost/detail/interlocked.hpp
      Avoid linking error for InitializeCriticalSectionAndSpinCount().     Replace it with InitializeCriticalSection()
      Circumvent a problem of lacking GetEnvironmentVariable() in WindowsCE.
      For the lack of GetModuleHandleEx(), we use DSO route for WinCE.     Revert win32_pathbyaddr() which is used in DSO_dsobyaddr().

Tobias Nießen (1):
      Allow specifying the tag after AAD in CCM mode

Tomas Mraz (5):
      Use AI_ADDRCONFIG hint with getaddrinfo if available.
      Fix for BIO_get_mem_ptr and related regressions
      Add testing of RDONLY memory BIOs
      Add documentation for the BIO_s_mem pecularities
      Add test for the BIO_s_mem rdwr->rdonly->rdwr use-case

Valentin Robert (1):
      Fix typo in NOTES.PERL

Vitezslav Cizek (3):
      openssl_strerror_r: Fix handling of GNU strerror_r
      apps/speed.c: skip binary curves when compiling with OPENSSL_NO_EC2M
      apps/speed.c: properly address NO_EC2M on systems without SIGALRM

Wojciech Kaluza (2):
      Add RCFLAGS variable in Windows build file, and use it
      Allow setting RCFLAGS as Configure option or environment variable

agnosticdev (1):
      issue-8973: Added const to parameters for values that were not altered

dyrock (1):
      Check if num is 0 before trying to malloc memory. Otherwise for client hellos without extensions SSL_client_hello_get1_extensions_present will return MALLOC_FAILURE.

voev (1):
      Fix GOST OID

x753 (1):
      Fixed typo in enc.c warning


More information about the openssl-commits mailing list