1.1.1b

CHANGES

@@ -7,6 +7,80 @@
  https://github.com/openssl/openssl/commits/ and pick the appropriate
  release branch.
 
+ Changes between 1.1.1a and 1.1.1b [26 Feb 2019]
+
+  *) Added SCA hardening for modular field inversion in EC_GROUP through
+     a new dedicated field_inv() pointer in EC_METHOD.
+     This also addresses a leakage affecting conversions from projective
+     to affine coordinates.
+     [Billy Bob Brumley, Nicola Tuveri]
+
+  *) Change the info callback signals for the start and end of a post-handshake
+     message exchange in TLSv1.3. In 1.1.1/1.1.1a we used SSL_CB_HANDSHAKE_START
+     and SSL_CB_HANDSHAKE_DONE. Experience has shown that many applications get
+     confused by this and assume that a TLSv1.2 renegotiation has started. This
+     can break KeyUpdate handling. Instead we no longer signal the start and end
+     of a post handshake message exchange (although the messages themselves are
+     still signalled). This could break some applications that were expecting
+     the old signals. However without this KeyUpdate is not usable for many
+     applications.
+     [Matt Caswell]
+
+  *) Fix a bug in the computation of the endpoint-pair shared secret used
+     by DTLS over SCTP. This breaks interoperability with older versions
+     of OpenSSL like OpenSSL 1.1.0 and OpenSSL 1.0.2. There is a runtime
+     switch SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG (off by default) enabling
+     interoperability with such broken implementations. However, enabling
+     this switch breaks interoperability with correct implementations.
+
+  *) Fix a use after free bug in d2i_X509_PUBKEY when overwriting a
+     re-used X509_PUBKEY object if the second PUBKEY is malformed.
+     [Bernd Edlinger]
+
+  *) Move strictness check from EVP_PKEY_asn1_new() to EVP_PKEY_asn1_add0().
+     [Richard Levitte]
+
+  *) Remove the 'dist' target and add a tarball building script.  The
+     'dist' target has fallen out of use, and it shouldn't be
+     necessary to configure just to create a source distribution.
+     [Richard Levitte]
+
+ Changes between 1.1.1 and 1.1.1a [20 Nov 2018]
+
+  *) Timing vulnerability in DSA signature generation
+
+     The OpenSSL DSA signature algorithm has been shown to be vulnerable to a
+     timing side channel attack. An attacker could use variations in the signing
+     algorithm to recover the private key.
+
+     This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser.
+     (CVE-2018-0734)
+     [Paul Dale]
+
+  *) Timing vulnerability in ECDSA signature generation
+
+     The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a
+     timing side channel attack. An attacker could use variations in the signing
+     algorithm to recover the private key.
+
+     This issue was reported to OpenSSL on 25th October 2018 by Samuel Weiser.
+     (CVE-2018-0735)
+     [Paul Dale]
+
+  *) Added EVP_PKEY_ECDH_KDF_X9_63 and ecdh_KDF_X9_63() as replacements for
+     the EVP_PKEY_ECDH_KDF_X9_62 KDF type and ECDH_KDF_X9_62(). The old names
+     are retained for backwards compatibility.
+     [Antoine Salon]
+
+  *) Fixed the issue that RAND_add()/RAND_seed() silently discards random input
+     if its length exceeds 4096 bytes. The limit has been raised to a buffer size
+     of two gigabytes and the error handling improved.
+
+     This issue was reported to OpenSSL by Dr. Falko Strenzke. It has been
+     categorized as a normal bug, not a security issue, because the DRBG reseeds
+     automatically and is fully functional even without additional randomness
+     provided by the application.
+
  Changes between 1.1.0i and 1.1.1 [11 Sep 2018]
 
   *) Add a new ClientHello callback. Provides a callback interface that gives
@@ -13103,4 +13177,3 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
   *) A minor bug in ssl/s3_clnt.c where there would always be 4 0
      bytes sent in the client random.
      [Edward Bishop <ebishop@spyglass.com>]
-

CONTRIBUTING

@@ -57,7 +57,7 @@ guidelines:
     7.  For user visible changes (API changes, behaviour changes, ...),
     consider adding a note in CHANGES.  This could be a summarising
     description of the change, and could explain the grander details.
-    Have a look through existing entries for inspiration. 
+    Have a look through existing entries for inspiration.
     Please note that this is NOT simply a copy of git-log oneliners.
     Also note that security fixes get an entry in CHANGES.
     This file helps users get more in depth information of what comes

Configurations/00-base-templates.conf

@@ -45,7 +45,7 @@ my %targets=(
 	shared_extension	=> "",
 
 	#### Defaults for the benefit of the config targets who don't inherit
-	#### a BASE and assume Unixly defaults
+	#### a BASE and assume Unix defaults
 	#### THESE WILL DISAPPEAR IN OpenSSL 1.2
 	build_scheme	=> [ "unified", "unix" ],
 	build_file	=> "Makefile",
@@ -102,6 +102,8 @@ my %targets=(
                                      ? "ranlib" : "" },
         RC              => "windres",
 
+        shared_extension => ".so",
+
         build_scheme    => [ "unified", "unix" ],
         build_file      => "Makefile",
     },
@@ -142,6 +144,8 @@ my %targets=(
         mtinflag        => "-manifest ",
         mtoutflag       => "-outputresource:",
 
+        shared_extension => ".dll",
+
         build_file      => "makefile",
         build_scheme    => [ "unified", "windows" ],
     },
@@ -160,6 +164,8 @@ my %targets=(
                     return [ @incs ];
                 }),
 
+        shared_extension => ".exe",
+
         build_file       => "descrip.mms",
         build_scheme     => [ "unified", "VMS" ],
     },
@@ -300,7 +306,7 @@ my %targets=(
 	sha1_asm_src    => "sha1-armv4-large.S sha256-armv4.S sha512-armv4.S",
 	modes_asm_src   => "ghash-armv4.S ghashv8-armx.S",
 	chacha_asm_src  => "chacha-armv4.S",
-	poly1305_asm_src=> "poly1305-armv4.S", 
+	poly1305_asm_src=> "poly1305-armv4.S",
 	keccak1600_asm_src	=> "keccak1600-armv4.S",
 	perlasm_scheme	=> "void"
     },

Configurations/10-main.conf

@@ -360,7 +360,7 @@ my %targets = (
         inherit_from     => [ "BASE_unix" ],
         template         => 1,
         cppflags         => threads("-D_SGI_MP_SOURCE"),
-        lib_cppflags     => "-DB_ENDIAN -DBN_DIV3W",
+        lib_cppflags     => "-DB_ENDIAN",
         ex_libs          => add(threads("-lpthread")),
         thread_scheme    => "pthreads",
         dso_scheme       => "dlfcn",
@@ -651,7 +651,7 @@ my %targets = (
         dso_scheme       => "dlfcn",
         shared_target    => "linux-shared",
         shared_cflag     => "-fPIC",
-        shared_ldflag    => "-Wl,-znodelete",
+        shared_ldflag    => sub { $disabled{pinshared} ? () : "-Wl,-znodelete" },
         shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)",
         enable           => [ "afalgeng" ],
     },
@@ -733,7 +733,6 @@ my %targets = (
         inherit_from     => [ "linux-generic32", asm("mips32_asm") ],
         cflags           => add("-mabi=32"),
         cxxflags         => add("-mabi=32"),
-        lib_cppflags     => add("-DBN_DIV3W"),
         perlasm_scheme   => "o32",
     },
     # mips32 and mips64 below refer to contemporary MIPS Architecture
@@ -742,7 +741,6 @@ my %targets = (
         inherit_from     => [ "linux-generic32", asm("mips64_asm") ],
         cflags           => add("-mabi=n32"),
         cxxflags         => add("-mabi=n32"),
-        lib_cppflags     => add("-DBN_DIV3W"),
         bn_ops           => "SIXTY_FOUR_BIT RC4_CHAR",
         perlasm_scheme   => "n32",
         multilib         => "32",
@@ -751,7 +749,6 @@ my %targets = (
         inherit_from     => [ "linux-generic64", asm("mips64_asm") ],
         cflags           => add("-mabi=64"),
         cxxflags         => add("-mabi=64"),
-        lib_cppflags     => add("-DBN_DIV3W"),
         perlasm_scheme   => "64",
         multilib         => "64",
     },
@@ -1115,7 +1112,7 @@ my %targets = (
         dso_scheme       => "dlfcn",
         shared_target    => "self",
         module_ldflags   => "-Wl,-G,-bsymbolic,-bexpall",
-        shared_ldflag    => "-Wl,-G,-bsymbolic",
+        shared_ldflag    => "-Wl,-G,-bsymbolic,-bnoentry",
         shared_defflag   => "-Wl,-bE:",
         shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)",
         dso_extension    => ".so",
@@ -1747,6 +1744,8 @@ my %targets = (
         asflags          => sub { vms_info()->{asflags} },
         perlasm_scheme   => sub { vms_info()->{perlasm_scheme} },
 
+        disable          => add('pinshared'),
+
         apps_aux_src     => "vms_term_sock.c",
         apps_init_src    => "vms_decc_init.c",
     },
@@ -1782,7 +1781,7 @@ my %targets = (
     },
     "vms-ia64" => {
         inherit_from     => [ "vms-generic",
-                              sub { vms_info()->{as}
+                              sub { vms_info()->{AS}
                                         ? asm("ia64_asm")->() : () } ],
         bn_ops           => "SIXTY_FOUR_BIT RC4_INT",
         pointer_size     => "",

Configurations/15-android.conf

@@ -22,9 +22,20 @@
                 return $android_ndk = { bn_ops => "BN_AUTO" };
             }
 
-            my $ndk = $ENV{ANDROID_NDK};
-            die "\$ANDROID_NDK is not defined"  if (!$ndk);
-            die "\$ANDROID_NDK=$ndk is invalid" if (!-d "$ndk/platforms");
+            my $ndk_var;
+            my $ndk;
+            foreach (qw(ANDROID_NDK_HOME ANDROID_NDK)) {
+                $ndk_var = $_;
+                $ndk = $ENV{$ndk_var};
+                last if defined $ndk;
+            }
+            die "\$ANDROID_NDK_HOME is not defined"  if (!$ndk);
+            if (!-d "$ndk/platforms" && !-f "$ndk/AndroidVersion.txt") {
+                # $ndk/platforms is traditional "all-inclusive" NDK, while
+                # $ndk/AndroidVersion.txt is so-called standalone toolchain
+                # tailored for specific target down to API level.
+                die "\$ANDROID_NDK_HOME=$ndk is invalid";
+            }
             $ndk = canonpath($ndk);
 
             my $ndkver = undef;
@@ -40,10 +51,18 @@
                 close $fh;
             }
 
-            my $sysroot;
+            my ($sysroot, $api, $arch);
 
-            if (!($sysroot = $ENV{CROSS_SYSROOT})) {
-                my $api = "*";
+            $config{target} =~ m|[^-]+-([^-]+)$|;	# split on dash
+            $arch = $1;
+
+            if ($sysroot = $ENV{CROSS_SYSROOT}) {
+                $sysroot =~ m|/android-([0-9]+)/arch-(\w+)/?$|;
+                ($api, $arch) = ($1, $2);
+            } elsif (-f "$ndk/AndroidVersion.txt") {
+                $sysroot = "$ndk/sysroot";
+            } else {
+                $api = "*";
 
                 # see if user passed -D__ANDROID_API__=N
                 foreach (@{$useradd{CPPDEFINES}}, @{$user{CPPFLAGS}}) {
@@ -59,30 +78,45 @@
                                      } glob("$ndk/platforms/android-$api");
                 die "no $ndk/platforms/android-$api" if ($#platforms < 0);
 
-                $config{target} =~ m|[^-]+-([^-]+)$|;   # split on dash
-                $sysroot = "@platforms[$#platforms]/arch-$1";
+                $sysroot = "@platforms[$#platforms]/arch-$arch";
+                $sysroot =~ m|/android-([0-9]+)/arch-$arch|;
+                $api = $1;
             }
             die "no sysroot=$sysroot"   if (!-d $sysroot);
 
-            $sysroot =~ m|/android-([0-9]+)/arch-(\w+)/?$|;
-            my ($api, $arch) = ($1, $2);
-
             my $triarch = $triplet{$arch};
             my $cflags;
             my $cppflags;
 
-            # see if there is NDK clang on $PATH
+            # see if there is NDK clang on $PATH, "universal" or "standalone"
             if (which("clang") =~ m|^$ndk/.*/prebuilt/([^/]+)/|) {
                 my $host=$1;
                 # harmonize with gcc default
                 my $arm = $ndkver > 16 ? "armv7a" : "armv5te";
                 (my $tridefault = $triarch) =~ s/^arm-/$arm-/;
                 (my $tritools   = $triarch) =~ s/(?:x|i6)86(_64)?-.*/x86$1/;
                 $cflags .= " -target $tridefault "
-                        .  "-gcc-toolchain \$(ANDROID_NDK)/toolchains"
+                        .  "-gcc-toolchain \$($ndk_var)/toolchains"
                         .  "/$tritools-4.9/prebuilt/$host";
                 $user{CC} = "clang" if ($user{CC} !~ m|clang|);
                 $user{CROSS_COMPILE} = undef;
+                if (which("llvm-ar") =~ m|^$ndk/.*/prebuilt/([^/]+)/|) {
+                    $user{AR} = "llvm-ar";
+                    $user{ARFLAGS} = [ "rs" ];
+                    $user{RANLIB} = ":";
+                }
+            } elsif (-f "$ndk/AndroidVersion.txt") {    #"standalone toolchain"
+                my $cc = $user{CC} // "clang";
+                # One can probably argue that both clang and gcc should be
+                # probed, but support for "standalone toolchain" was added
+                # *after* announcement that gcc is being phased out, so
+                # favouring clang is considered adequate. Those who insist
+                # have option to enforce test for gcc with CC=gcc.
+                if (which("$triarch-$cc") !~ m|^$ndk|) {
+                    die "no NDK $triarch-$cc on \$PATH";
+                }
+                $user{CC} = $cc;
+                $user{CROSS_COMPILE} = "$triarch-";
             } elsif ($user{CC} eq "clang") {
                 die "no NDK clang on \$PATH";
             } else {
@@ -99,13 +133,13 @@
                 die "no $incroot/$triarch" if (!-d "$incroot/$triarch");
                 $incroot =~ s|^$ndk/||;
                 $cppflags  = "-D__ANDROID_API__=$api";
-                $cppflags .= " -isystem \$(ANDROID_NDK)/$incroot/$triarch";
-                $cppflags .= " -isystem \$(ANDROID_NDK)/$incroot";
+                $cppflags .= " -isystem \$($ndk_var)/$incroot/$triarch";
+                $cppflags .= " -isystem \$($ndk_var)/$incroot";
             }
 
             $sysroot =~ s|^$ndk/||;
             $android_ndk = {
-                cflags   => "$cflags --sysroot=\$(ANDROID_NDK)/$sysroot",
+                cflags   => "$cflags --sysroot=\$($ndk_var)/$sysroot",
                 cppflags => $cppflags,
                 bn_ops   => $arch =~ m/64$/ ? "SIXTY_FOUR_BIT_LONG"
                                             : "BN_LLONG",

Configurations/15-ios.conf

@@ -6,31 +6,31 @@
 # work...
 #
 my %targets = (
+    "ios-common" => {
+        template         => 1,
+        inherit_from     => [ "darwin-common" ],
+        sys_id           => "iOS",
+        disable          => [ "engine", "async" ],
+    },
     "ios-xcrun" => {
-        inherit_from     => [ "darwin-common", asm("armv4_asm") ],
+        inherit_from     => [ "ios-common", asm("armv4_asm") ],
         # It should be possible to go below iOS 6 and even add -arch armv6,
         # thus targeting iPhone pre-3GS, but it's assumed to be irrelevant
         # at this point.
         CC               => "xcrun -sdk iphoneos cc",
         cflags           => add("-arch armv7 -mios-version-min=6.0.0 -fno-common"),
-        sys_id           => "iOS",
         perlasm_scheme   => "ios32",
-        disable          => [ "engine" ],
     },
     "ios64-xcrun" => {
-        inherit_from     => [ "darwin-common", asm("aarch64_asm") ],
+        inherit_from     => [ "ios-common", asm("aarch64_asm") ],
         CC               => "xcrun -sdk iphoneos cc",
         cflags           => add("-arch arm64 -mios-version-min=7.0.0 -fno-common"),
-        sys_id           => "iOS",
         bn_ops           => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
         perlasm_scheme   => "ios64",
-        disable          => [ "engine" ],
     },
     "iossimulator-xcrun" => {
-        inherit_from     => [ "darwin-common" ],
+        inherit_from     => [ "ios-common" ],
         CC               => "xcrun -sdk iphonesimulator cc",
-        sys_id           => "iOS",
-        disable          => [ "engine" ],
     },
 # It takes three prior-set environment variables to make it work:
 #
@@ -46,10 +46,8 @@ my %targets = (
 # CROSS_SDK=iPhoneOS.sdk
 #
     "iphoneos-cross" => {
-        inherit_from     => [ "darwin-common" ],
+        inherit_from     => [ "ios-common" ],
         cflags           => add("-isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fno-common"),
-        sys_id           => "iOS",
-        disable          => [ "engine" ],
     },
     "ios-cross" => {
         inherit_from     => [ "ios-xcrun" ],

Configurations/50-win-onecore.conf

@@ -4,7 +4,7 @@
 # Mobile[?] Windows editions. It's a set up "umbrella" libraries that
 # export subset of Win32 API that are common to all Windows 10 devices.
 #
-# OneCore Configuration temporarly dedicated for console applications 
+# OneCore Configuration temporarly dedicated for console applications
 # due to disabled event logging, which is incompatible with one core.
 # Error messages are provided via standard error only.
 # TODO: extend error handling to use ETW based eventing