[openssl] OpenSSL_1_1_1d create

Matt Caswell matt at openssl.org
Tue Sep 10 14:00:08 UTC 2019

The annotated tag OpenSSL_1_1_1d has been created
        at  150886311c80c1d06786d152039650ecb6ff6746 (tag)
   tagging  894da2fb7ed5d314ee5c2fc9fd2d9b8b74111596 (commit)
  replaces  OpenSSL_1_1_1c
 tagged by  Matt Caswell
        on  Tue Sep 10 14:13:07 2019 +0100

- Log -----------------------------------------------------------------
OpenSSL 1.1.1d release tag


Acheev Bhagat (2):
      Replace BIO_printf with ASN1_STRING_print in GENERAL_NAME_print
      Remove redundant include

Antoine Cœur (2):
      Fix Typos
      Fix Typos

Benjamin Kaduk (3):
      Add regression test for #9099
      Revert "Delay setting the sig algs until after the cert_cb has been called"
      Move 'shared_sigalgs' from cert_st to ssl_st

Bernd Edlinger (26):
      Fix a URL to the NMBRTHRY list archive
      Fix error handling at openssl_strerror_r
      Handle CTRL-C as non-redoable abort signal
      Fix ASN1_TYPE_get/set with type=V_ASN1_BOOLEAN
      Check for V_ASN1_BOOLEAN/V_ASN1_NULL in X509_ATTRIBUTE_get0_data
      Fix an endless loop in BN_generate_prime_ex
      Fix a C++ comment in the refcount.h
      Add value_barriers in constant time select functions
      Change DH parameters to generate the order q subgroup instead of 2q
      Allocate DRBG additional data pool from non-secure memory
      Use OPENSSL_strlcpy instead of strncpy in e_afalg.c
      Fix error handling in X509_chain_up_ref
      Add a fallback definition for __NR_getrandom for ARM linux
      Add a fallback definition for __NR_getrandom for x86 linux
      Remove ifndef FIPS_MODE from rand_unix.c
      Cleanup includes in rand_unix.c
      Fix error handling in x509_lu.c
      Fix a SCA leak in BN_generate_dsa_nonce
      Remove x86/x86_64 BSAES and AES_ASM support
      Change DH_generate_parameters back to order 2q subgroup
      DH_check_pub_key_ex was accidentally calling DH_check, so results were undefined.
      Use BN_clear_free in DH_set0_key
      Fix build with VS2008
      Fix a strict warnings error in rand_pool_acquire_entropy
      Fix a potential crash in rand_unix.c
      Fix a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey

Billy Brawner (1):
      Suppress 'No server certificate CA names sent' message

Billy Brumley (4):
      [crypto/ec] for ECC parameters with NULL or zero cofactor, compute it
      [test] computing ECC cofactors: regression test
      CHANGES entry: for ECC parameters with NULL or zero cofactor, compute it
      [test] ECC: check the bounds for auto computing cofactor

Cesar Pereida Garcia (3):
      Fix SCA vulnerability when using PVK and MSBLOB key formats
      [crypto/asn1] Fix multiple SCA vulnerabilities during RSA key validation.
      [crypto/rsa] Set the constant-time flag in multi-prime RSA too

David Benjamin (2):
      Fix various mistakes in ec_GFp_nistp_recode_scalar_bits comment.
      Don't generate an unnecessary Diffie-Hellman key in TLS 1.3 clients.

David Makepeace (1):
      Fixed typo in code comment. [skip ci]

David Woodhouse (1):
      Fix bogus check for EVP_PKEY mandatory digest in check_cert_usable()

David von Oheimb (1):
      make RSA and DSA operations throw MISSING_PRIVATE_KEY if needed, adapt ECDSA

Denis Ovsienko (1):
      Remove some duplicate words from the documentation

Dmitry Belyavskiy (1):
      Avoid NULL pointer dereference. Fixes #9043.

Dr. Matthias St. Pierre (20):
      crypto/conf: openssl_config_int() returns unitialized value
      Remove last references to DEBUG_SAFESTACK
      Document deprecation of version-specific SSL/TLS methods
      Fix typo in macro argument of SSL_set1_client_sigalgs_list()
      Revert the DEVRANDOM_WAIT feature
      Add CHANGES entries for the DEVRANDOM_WAIT feature and its removal
      man: fix documentation for RSA_generate_key()
      man: clarify the 'random number generator must be seeded' requirement
      Add regenerated header files
      man: fix typo in OPENSSL_fork_prepare.pod
      Remove external HEADER_SYMHACKS_H include guard
      Remove HEADER_BSS_FILE_C module include guard
      Remove OPENSSL_X509V3_H include detector from openssl/cms.h
      Remove HEADER_X509_H include detector from apps
      Add missing accessors for X509 AuthorityKeyIdentifier
      INSTALL: clarify documentation of the --api=x.y.z deprecation option
      Configure: clang: move -Wno-unknown-warning-option to the front
      drbg: ensure fork-safety without using a pthread_atfork handler
      drbg: add fork id to additional data on UNIX systems
      drbg: fix issue where DRBG_CTR fails if NO_DF is used (2nd attempt)

Iuri Rezende Souza (1):

Johannes (1):
      Correct documented return value for BIO_get_mem_data()

John Schember (1):
      iOS build: Replace %20 with space in config script

Krists Krilovs (1):
      Fix wrong lock claimed in x509 dir lookup.

Lei Maohui (1):
      Fix build error for aarch64 big endian.

Martin Peylo (1):
      Adding Test.pm with workaround for Perl abs2rel bug

Martin Ukrop (1):
      Fix reversed meaning of error codes

Matt Caswell (24):
      Defer sending a KeyUpdate until after pending writes are complete
      Write a test for receiving a KeyUpdate (update requested) while writing
      Move a fall through comment
      Update the d2i docs to reflect reality
      Fix a race condition in supported groups handling
      Fix a race condition in ciphers handling
      Following the previous 2 commits also move ecpointformats out of session
      Ensure that rc5 doesn't try to use a key longer than 2040 bits
      Fix the return value for SSL_get0_chain_certs()
      Fix SSL_MODE_RELEASE_BUFFERS functionality
      Correct the Extended Master Secret string for EBCDIC
      Fix ECDSA_SIG docs
      Clarify the INSTALL instructions
      Ensure RSA PSS correctly returns the right default digest
      Add Restricted PSS certificate and key
      Add TLS tests for RSA-PSS Restricted certificates
      Fix SSL_check_chain()
      Extend tests of SSL_check_chain()
      Don't send a status_request extension in a CertificateRequest message
      Teach TLSProxy how to parse CertificateRequest messages
      Update CHANGES and NEWS for the new release
      Remove duplicate CHANGES entry
      Update copyright year
      Prepare for 1.1.1d release

Miquel Ruiz (1):
      Add SSL_shutdown to SSL_get_error's documentation

Mykola Baibuz (1):
      doc: fix link in BN_new.pod

Nicola Tuveri (8):
      Fix a SCA leak using BN_bn2bin()
      Make BN_num_bits() consttime upon BN_FLG_CONSTTIME
      Uniform BN_bn2binpad() and BN_bn2lebinpad() implementations
      [ec/ecp_nistp*.c] remove flip_endian()
      [ec/ecp_nistp*.c] restyle: use {} around `else` too
      Append CVE-2019-1547 to related CHANGES entry
      [ec] Match built-in curves on EC_GROUP_new_from_ecparameters
      Fix spacing nit in test/ectest.c

Omid Najafi (1):
      Fix syntax error for the armv4 assembler

Patrick Steuer (3):
      s390x assembly pack: fix restoring of SIGILL action
      Directly return from final sha3/keccak_final if no bytes are requested
      Test for out-of-bounds write when requesting zero bytes from shake

Paul Yang (2):
      Add documentation for X509_cmp and related APIs
      Add description in X509_STORE manipulation

Pauli (14):
      Fix broken change from b3d113e.
      ARIA documentation titled itself AES
      Add documentation for CRYPTO_memcmp.
      Allow AES XTS decryption using duplicate keys.
      Excise AES-XTS FIPS check.
      Remove DRBG from SSL structure.
      Avoid double clearing some BIGNUMs
      Make rand_pool buffers more dynamic in their sizing.
      Add weak platform independent PRNG to test framework.
      Start up DEVRANDOM entropy improvement for older Linux devices.
      Avoid overflowing FDSET when using select(2).
      Fix NITs in comments and CHANGES for DEVRANDOM seeded check.
      Don't include the DEVRANDOM being seeded logic on Android.
      Remove duplicate CHANGES text.

Rebecca Cran (2):
      Swap #if blocks in uid.c so target platform gets checked before host
      Fix UEFI build on FreeBSD by not including system headers

Retropotenza (1):
      Fix CHECK_BSD_STYLE_MACROS for OpenBSD and cryptodev-linux

Rich Salz (3):
      util/mkerr.pl: Add an inclusion of symhacks.h in all error files
      .travis.yml: Use travis_terminate on failure
      Fix some pod-page ordering nits

Richard Levitte (12):
      Prepare for 1.1.1d-dev
      Configure: link AIX modules correctly
      Configurations/unix-Makefile.tmpl: not -v for rm
      apps/ca.c: only output DER with SPKAC input and when -out is chosen
      test/enginetest.c: Make sure no config file is loaded
      Cygwin: enable the use of Dl_info and dladdr()
      Fix default installation paths on mingw
      engines/build.info: if the padlock engine is disabled, don't build it!
      Configurations/unit-Makefile.tmpl: Don't clean away dotted files
      crypto/engine/eng_openssl.c: define TEST_ENG_OPENSSL_RC4_P_INIT conditionally
      openssl dgst, openssl enc: check for end of input
      test/evp_test.c: distinguish parsing errors from processing errors

Sambit Kumar Dash (2):
      Update EVP_VerifyInit.pod
      Update X509_STORE_new.pod

Shane Lontis (3):
      Add the content type attribute to additional CMS signerinfo.
      Cleanup use of X509 STORE locks
      Change EVP_CIPHER_CTX_iv_length() to return current ivlen for some modes

Shigeki Ohtsu (1):
      Fix doc to remove const arg in GEN_SESSION_CB

Todd Short (1):
      Fix SSL_CTX_set_session_id_context() docs

Tomas Mraz (6):
      The SHA256 is not a mandatory digest for DSA.
      BIO_lookup_ex: Retry with AI_ADDRCONFIG cleared if getaddrinfo fails
      Fix and document BIO_FLAGS_NONCLEAR_RST behavior on memory BIO
      Clarify documentation of SSL_CTX_set_verify client side behavior
      BIO_lookup_ex: Always retry the lookup on failure with AI_NUMERICHOST set
      BIO_lookup_ex: Do not retry on EAI_MEMORY

Viktor Dukhovni (1):
      Actually silently ignore GET / OCSP requests

Vitezslav Cizek (1):
      build_SYS_str_reasons: Fix a crash caused by overlong locales

Vladimir Kotal (2):
      make ecp_nistz256_point_add_vis3() local
      mention what happens if OPENSSL_NO_RC2 is defined

agnosticdev (2):
      issue-8998: Ensure that the alert is generated and reaches the remote
      issue-9316: Update return documentation for RAND_set_rand_engine

joe2018Outlookcom (1):
      Fix warning C4164 in MSVC.

opensslonzos-github (1):
      Add missing EBCDIC strings

raja-ashok (4):
      Fix typo mistake on calls to SSL_ctrl in ssl.h
      Use allow_early_data_cb from SSL instead of SSL_CTX
      Fix SSL_set_ciphersuites to set even if no call to SSL_set_cipher_list
      Test SSL_set_ciphersuites


More information about the openssl-commits mailing list