[openssl] OpenSSL_1_1_1e create

Matt Caswell matt at openssl.org
Tue Mar 17 15:00:05 UTC 2020

The annotated tag OpenSSL_1_1_1e has been created
        at  b1632d3a3eb3a7a70e6cbec3a06bf0d43878d953 (tag)
   tagging  a61eba4814fb748ad67e90e81c005ffb09b67d3d (commit)
  replaces  OpenSSL_1_1_1d
 tagged by  Matt Caswell
        on  Tue Mar 17 14:31:17 2020 +0000

- Log -----------------------------------------------------------------
OpenSSL 1.1.1e release tag


Andrew Hoang (1):
      Fix incorrect return code on ECDSA key verification

Andy Polyakov (1):
      Fix an overflow bug in rsaz_512_sqr

Anthony Hu (1):
      Add missing EVP_PKEY_METHOD accessors for digestsign and digestverify

Antoine Salon (1):
      Add missing EVP_MD documentation

Artiom Vaskov (1):
      ssl/statem/statem_lib.c: make servercontext/clientcontext arrays of chars instead of char pointers to fix EBCDIC builds.

Bastian Germann (2):
      apps x509: restrict CAkeyform option to OPT_FMT_PDE
      apps x509: passing PKCS#11 URL as -signkey

Ben Kaduk (1):
      sslapitest: don't leak the SSL_CTX pair

Benjamin Kaduk (10):
      Fix a race condition in SNI handling
      Update the krb5 submodule
      Update SSL_CTX_sess_set_new_cb(3) docs for refcounts
      openssl-config: add example libssl system-defaults
      Additional updates to SSL_CTX_sess_set_get_cb.pod
      doc: fix spelling of TYPE_get_ex_new_index
      Fix whitespace nit in ssl_generate_master_secret()
      Don't write to the session when computing TLS 1.3 keys
      Code to thread-safety in ChangeCipherState
      Add test that changes ciphers on CCS

Bernd Edlinger (32):
      Fix potential memory leaks with BN_to_ASN1_INTEGER
      Add a minimal windows build config for AppVeyor
      Add a minimal linux build target for Travis
      Fix building statically without any dso support
      Fix iOS simulator build
      Fix a -Warray-bounds gcc warning in OPENSSL_DIR_read
      Fix sha512_block_data_order_avx2 backtrace info
      Improve the overflow handling in rsaz_512_sqr
      Add a test case for rsaz_512_sqr overflow handling
      Add a CHANGES entry for CVE-2019-1551
      Fix unwind info for some trivial functions
      Add some missing cfi frame info in camellia-x86_64.pl
      Add some missing cfi frame info in x86_64-mont5.pl
      Add some missing cfi frame info in rsaz-x86_64
      Add some missing cfi frame info in aesni-x86_64.pl
      Add some missing cfi frame info in keccak1600-x86_64.pl
      Add some missing cfi frame info in aesni-sha and sha-x86_64.pl
      Add some missing cfi frame info in ecp_nistz256-x86_64.pl
      Fix aesni_cbc_sha256_enc_avx2 backtrace info
      Add some missing cfi frame info in x25519-x86_64.pl
      Add some missing cfi frame info in aesni-gcm-x86_64.pl
      Add some missing cfi frame info in poly1305-x86_64.pl
      Add some missing cfi frame info in rc4-md5-x86_64.pl
      Fix a race condition in the speed command
      Fix side channel in ecp_nistz256-x86.pl
      Fix side channel in ecp_nistz256-armv4.pl
      Improve side channel fix in ecp_nistz256-x86_64.pl
      Fix side channel in the ecp_nistz256.c reference implementation
      Fix TLS not using aes_cbc_hmac_sha ciphers
      Remove remaining references to crypto/include
      Adjust minimal build config in 1.1.1 branch
      This works around a gcc-9 crash

Billy Brumley (1):
      [crypto/bn] fix a few small timing leaks in BN_lshift1 and BN_rshift1

Cesar Pereida Garcia (6):
      [crypto/asn1/x_bignum.c] Explicit test against NULL
      Unify BN_rshift design
      Constant-time GCD function.
      Add GCD testing infrastructure.
      Update control logic for BN_gcd
      Enable runtime testing of no-deprecated builds in Travis

Christian Heimes (2):
      doc: EVP_DigestInit clears all flags
      Add test cases for min/max protocol API

Daniil Zotkin (1):
      Do not print extensions in Certificate message for TLS1.2 and lower

David Benjamin (3):
      Document and add macros for additional DSA options
      Avoid leaking intermediate states in point doubling special case.
      Do not silently truncate files on perlasm errors

David Makepeace (1):
      Fix type name typo in d2i/i2d documentation.

Davide Galassi (1):
      Prevent compiler warning for unused static function.

Dmitry Belyavskiy (3):
      Workaround for Windows-based GOST implementations
      Difference between EVP_CipherInit and EVP_CipherInit_ex
      Parse large GOST ClientKeyExchange messages

Dr. David von Oheimb (1):
      fix a glitch in the documentation of OCSP_sendreq_bio()

Dr. Matthias St. Pierre (16):
      crypto/threads_none.c: fix syntax error in openssl_get_fork_id()
      crypto/threads_win.c: fix preprocessor indentation
      Reorganize private crypto header files
      Reorganize local header files
      Fix header file include guard names
      Add util/fix-includes script
      rsa: replace magic number '11' by RSA_PKCS1_PADDING_SIZE
      Configure: accept Windows style compiler options
      rand_unix.c: correct include guard comments
      Move random-related defines from e_os.h to rand_unix.c
      util/mkerr.pl: revert accidental change of header guards
      rand_lib.c: fix null pointer dereferences after RAND_get_rand_method() failure
      Temporarily disable external pyca tests
      Revert "Move random-related defines from e_os.h to rand_unix.c"
      Fix misspelling errors and typos reported by codespell
      doc: document that 'openssl rand' is cryptographically secure

Fangming.Fang (4):
      Add arm64 in test matrix on TravisCI.
      Fix exit issue in travisci
      Enrich arm64 tests in Travis matrix
      Fix side channel in ecp_nistz256-armv8.pl

FdaSilvaYY (1):
      Appveyor: update to Visual Studio 2017.

H.J. Lu (1):
      Fix unwind info in crypto/rc4/asm/rc4-x86_64.pl

Ido Ben-Natan (1):
      Fix misspelled resumption_label for CHARSET_EBCDIC

Jakub Jelen (2):
      doc: Fix typo in EVP_DigestSignInit manpage
      doc: Update the reference from draft to RFC

Jakub Zelenka (1):
      Fix SYNOPSIS for ASN1_ENUMERATED_get_int64 and ASN1_ENUMERATED_set_int64

James Peach (1):
      docs: fix typo in SSL functions

Jan-Frederik Rieckers (1):
      Fix small typo in doc for X509_STORE_CTX_new

Joerg Schmidbauer (1):
      chacha_enc.c: fix for EBCDIC platforms

Johannes Bauer (1):
      Cleanup hardcoded cipher suite codepoints in s_server

Jon Spillett (1):
      apps/pkcs12: print multiple PKCS#12 safeBag attribute values if present

Jussi Keranen (1):
      Fix regression on x509 keyform argument

Kurt Roeckx (8):
      Use the correct maximum indent
      Add defines for __NR_getrandom for all Linux architectures
      Replace apps/server.pem with certificate with a sha256 signature.
      Check that the default signature type is allowed
      Create a new embeddedSCTs1 that's signed using SHA256
      Stop accepting certificates signed using SHA1 at security level 1
      Generate new Ed488 certificates
      Check that ed25519 and ed448 are allowed by the security level

ManishPatidar1 (1):
      clearing the ecx private key memory

Matt Caswell (33):
      Prepare for 1.1.1e-dev
      Correct the function names in SSL_CTX_set_stateless_cookie_generate_cb.pod
      Send bad_record_mac instead of decryption_failed
      i2d_PublicKey was listed in 2 different man pages
      Fix an incorrect macro
      Fix a copy&paste error in the TLSv1.3 server side PSK documentation
      Fix an s_server arbitrary file read issue on Windows
      Don't leak memory in the event of a failure in i2v_GENERAL_NAMES
      EVP_*Update: ensure that input NULL with length 0 isn't passed
      Add a test for NULL chunks in encrypt/decrypt
      Ensure EVP_PKEY_set1_DH detects X9.42 keys
      Test that EVP_PKEY_set1_DH() correctly identifies the DH type
      Backport the RSA_get0_pss_params() function from master
      Update the HISTORY entry for RSA_get0_pss_params()
      Fix evp_extra_test with no-dh
      Run make update
      Don't store an HMAC key for longer than we need
      Fix pkeyutl -verifyrecover
      Fix SSL_get_servername() and SNI behaviour
      Test that SSL_get_servername returns what we expect
      Provide better documentation for SSL_get_servername()
      Don't acknowledge a servername following warning alert in servername cb
      Fix no-tls1_3
      Add *.d.tmp files to .gitignore
      Detect EOF while reading in libssl
      Teach more BIOs how to handle BIO_CTRL_EOF
      Clarify the usage of EVP_PKEY_get_raw_[private|public]_key()
      Revert "Stop accepting certificates signed using SHA1 at security level 1"
      Revert "Create a new embeddedSCTs1 that's signed using SHA256"
      Update NEWS for the new release
      Update CHANGES for the new release
      Update copyright year
      Prepare for 1.1.1e release

Matt Turner (1):
      config: Drop linux-alpha-gcc+bwx

Michael Osipov (1):
      Fix long name of some Microsoft objects

NaveenShivanna86 (1):
      'init_buf' memory can be freed when DTLS is used over SCTP (not over UDP).

Nicola Tuveri (8):
      [ec_asn1.c] Avoid injecting seed when built-in matches
      Improve formatting for man3/EC_GROUP_new.pod
      Fix doc for EC_GROUP_set_curve()
      Add more tests for apps/req
      Fix EC_POINT_bn2point() for BN_zero()
      Add self-test for EC_POINT_hex2point
      Extend docs for EC_POINT conversion functions
      Fix potential SCA vulnerability in some EC_METHODs

Nikolay Morozov (1):
      Forgotten GOST2012 support in non-vital places

Patrick Steuer (9):
      md4/md5: macros should not include the line following them
      s390x assembly pack: enable clang build
      Fix --strict-warnings build
      testutil/init.c rename to testutil/testutil_init.c
      travis.yml: add arch s390x target
      s390x assembly pack: fix bn_mul_comba4
      Allow specifying the tag after AAD in CCM mode (2)
      aes-s390x.pl: fix stg offset caused by typo in perlasm
      crypto/ec/curve448/eddsa.c: fix EBCDIC platforms

Paul Yang (3):
      Fix a return value bug in apps/speed.c
      Fix a bundle of mischecks of return values
      Suppress an error when doing SM2 sign/verify ops

Pauli (9):
      Fix typo in comment
      Add documentation for the -sigopt option.
      issue-8493: Fix for filenames with newlines using openssl dgst
      ECDSA: don't clear free memory after verify.
      Engine: Add NULL check.
      EVP p_lib: Add NULL check to EVP_PKEY_missing_parameters.
      main: avoid a NULL dereference on initialisation.
      Remove spurious space from file.
      Coverity CID 1444960: Error handling issues

Pavel Karagodin (1):
      apps/dgst.c: allocate a new signature buffer

Rich Salz (3):
      Fix reference to PEM docs
      Ignore duplicated undocumented things
      Fix docs for CRYPTO_secure_allocated

Richard Levitte (27):
      Do no mention private headers in public headers
      DOC: fix documentation of som EVP_MD_CTX functions
      Define AESNI_ASM if AESNI assembler is included, and use it
      Add documentation for PEM_{read,write}_bio_Parameters()
      VMS: Added new method to gather entropy on VMS, based on SYS$GET_ENTROPY.
      BIO_s_connect: add an error state and use it
      Configure: Make --strict-warnings meaningful with MSVC cl
      SSL: Document SSL_add_{file,dir}_cert_subjects_to_stack()
      UI_UTIL_wrap_read_pem_callback(): when |cb| is NULL, use PEM_def_callback
      doc/man7/proxy-certificates.pod: New guide for proxy certificates
      i2b_PVK(): Use Encrypt, not Decrypt
      apps/ocsp.c: sock_timeout -> socket_timeout
      Disable devcryptoeng on newer OpenBSD versions
      Configuration: compute openssl_other_defines and related info later
      Configure: use $list_separator_re only for defines and includes
      Fix documentation of return value for EVP_Digest{Sign,Verify}Init()
      For all assembler scripts where it matters, recognise clang > 9.x
      OpenSSL::Test: bring back the relative paths
      config: ensure the perl Configure run is the last statement
      VMS: Adapt descrip.mms template to the changed inclustion dirs
      VMS: Correct error reporting in crypto/rand/rand_vms.c
      DOC: document in more detail what a BIO_read_ex() via BIO_f_buffer() does
      VMS: mitigate for the C++ compiler that doesn't understand certain pragmas
      DOC: Add documentation related to X509_LOOKUPs
      DOC: Fixups of X509_LOOKUP.pod
      DOC: New file for EVP_PKEY_size(), EVP_PKEY_bits() and EVP_PKEY_security_bits()
      DOC: Make EVP_SignInit.pod conform with man-pages(7)

Saritha (1):
      apps/speed.c: Fix eddsa sign and verify output with -multi option

Scott Arciszewski (1):
      Fix comment placement in ecp_nistp256.ci

Scott Wilson (1):
      Fix potential memory leak in dh_ameth.c

Simon Cornish (1):
      Handle max_fragment_length overflow for DTLS

Tanzinul Islam (1):
      Fix find/rm command in Unix clean recipe

Tobias Nießen (1):
      Allow EVP_PKEY_get0_RSA for RSA-PSS keys

Tomas Mraz (1):
      BIO_f_zlib: Properly handle BIO_CTRL_PENDING and BIO_CTRL_WPENDING calls.

Veres Lajos (1):
      Fix some typos

Viktor Dukhovni (1):
      Ignore empty ALPN elements in CLI args

Viktor Szakats (1):
      Fix unused goto label gcc warning

agnosticdev (1):
      Update dgst.c to show a list of message digests

dcruette (1):
      Update tls13_enc.c

fangming.fang (1):
      Fix disabled ecdsa in apps/speed

jayaram (1):
      fixed the RETURN VALUES section in the EC_GROUP documentation for the following functions.

kinichiro (4):
      Check return value after loading config file
      Return 1 when openssl req -addext kv is duplicated
      Avoid leak in error path of asn1_parse2
      Avoid leak in error path of PKCS5_PBE_keyivgen

moehuster (1):
      Fix L<EVP_MD_CTX_set_pkey_ctx> links

raniervf (1):
      conf_def.c: Avoid calling strlen() in a loop

thekuwayama (1):
      Fix small misspelling in doc for OCSP_response_status

zero (1):
      Update NOTES.ANDROID for newer NDK versions + small fixes.


More information about the openssl-commits mailing list