Merge commit '97c0959f27b294fe1eb10b547145ebef2524b896'

Author: Sibras

.gitignore

@@ -51,6 +51,7 @@ Makefile
 /test/ssltest_old
 /test/x509aux
 /test/v3ext
+/test/versions
 
 # Certain files that get created by tests on the fly
 /test/test-runs

.travis.yml

@@ -61,15 +61,15 @@ matrix:
                   sources:
                       - ubuntu-toolchain-r-test
           compiler: gcc-5
-          env: CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 -DPEDANTIC"
+          env: UBUNTU_GCC_HACK="yes" CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 -DPEDANTIC"
         - os: linux
           addons:
               apt:
                   packages:
                       - binutils-mingw-w64
                       - gcc-mingw-w64
           compiler: i686-w64-mingw32-gcc
-          env: CONFIG_OPTS="no-pic" TESTS="-test_fuzz"
+          env: CONFIG_OPTS="no-pic"
         - os: linux
           addons:
               apt:
@@ -85,7 +85,7 @@ matrix:
                       - binutils-mingw-w64
                       - gcc-mingw-w64
           compiler: x86_64-w64-mingw32-gcc
-          env: CONFIG_OPTS="no-pic" TESTS="-test_fuzz"
+          env: CONFIG_OPTS="no-pic"
         - os: linux
           addons:
               apt:
@@ -112,6 +112,10 @@ before_script:
           srcdir=.;
           top=.;
       fi
+    - if [ -n "$UBUNTU_GCC_HACK" ]; then
+          $CC -dumpspecs | sed "s/--push-state//g; s/--pop-state/--as-needed/g" > gcc-specs.txt;
+          CC="$CC -specs=gcc-specs.txt";
+      fi
     - if [ "$CC" == i686-w64-mingw32-gcc ]; then
           export CROSS_COMPILE=${CC%%gcc}; unset CC;
           $srcdir/Configure mingw $CONFIG_OPTS -Wno-pedantic-ms-format;
@@ -186,7 +190,7 @@ script:
       fi
     - if [ -n "$DESTDIR" ]; then
           mkdir "../$DESTDIR";
-          if $make install install_docs DESTDIR="../$DESTDIR"; then
+          if $make install DESTDIR="../$DESTDIR"; then
               echo -e '+\057\057\057\057\057 MAKE INSTALL_DOCS OK';
           else
               echo -e '+\057\057\057\057\057 MAKE INSTALL_DOCS FAILED'; false;

CHANGES

@@ -7,6 +7,81 @@
  https://github.com/openssl/openssl/commits/ and pick the appropriate
  release branch.
 
+ Changes between 1.1.0h and 1.1.0i [14 Aug 2018]
+
+  *) Client DoS due to large DH parameter
+
+     During key agreement in a TLS handshake using a DH(E) based ciphersuite a
+     malicious server can send a very large prime value to the client. This will
+     cause the client to spend an unreasonably long period of time generating a
+     key for this prime resulting in a hang until the client has finished. This
+     could be exploited in a Denial Of Service attack.
+
+     This issue was reported to OpenSSL on 5th June 2018 by Guido Vranken
+     (CVE-2018-0732)
+     [Guido Vranken]
+
+  *) Cache timing vulnerability in RSA Key Generation
+
+     The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to
+     a cache timing side channel attack. An attacker with sufficient access to
+     mount cache timing attacks during the RSA key generation process could
+     recover the private key.
+
+     This issue was reported to OpenSSL on 4th April 2018 by Alejandro Cabrera
+     Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia.
+     (CVE-2018-0737)
+     [Billy Brumley]
+
+  *) Make EVP_PKEY_asn1_new() a bit stricter about its input.  A NULL pem_str
+     parameter is no longer accepted, as it leads to a corrupt table.  NULL
+     pem_str is reserved for alias entries only.
+     [Richard Levitte]
+
+  *) Revert blinding in ECDSA sign and instead make problematic addition
+     length-invariant. Switch even to fixed-length Montgomery multiplication.
+     [Andy Polyakov]
+
+  *) Change generating and checking of primes so that the error rate of not
+     being prime depends on the intended use based on the size of the input.
+     For larger primes this will result in more rounds of Miller-Rabin.
+     The maximal error rate for primes with more than 1080 bits is lowered
+     to 2^-128.
+     [Kurt Roeckx, Annie Yousar]
+
+  *) Increase the number of Miller-Rabin rounds for DSA key generating to 64.
+     [Kurt Roeckx]
+
+  *) Add blinding to ECDSA and DSA signatures to protect against side channel
+     attacks discovered by Keegan Ryan (NCC Group).
+     [Matt Caswell]
+
+  *) When unlocking a pass phrase protected PEM file or PKCS#8 container, we
+     now allow empty (zero character) pass phrases.
+     [Richard Levitte]
+
+  *) Certificate time validation (X509_cmp_time) enforces stricter
+     compliance with RFC 5280. Fractional seconds and timezone offsets
+     are no longer allowed.
+     [Emilia Käsper]
+
+  *) Fixed a text canonicalisation bug in CMS
+
+     Where a CMS detached signature is used with text content the text goes
+     through a canonicalisation process first prior to signing or verifying a
+     signature. This process strips trailing space at the end of lines, converts
+     line terminators to CRLF and removes additional trailing line terminators
+     at the end of a file. A bug in the canonicalisation process meant that
+     some characters, such as form-feed, were incorrectly treated as whitespace
+     and removed. This is contrary to the specification (RFC5485). This fix
+     could mean that detached text data signed with an earlier version of
+     OpenSSL 1.1.0 may fail to verify using the fixed version, or text data
+     signed with a fixed OpenSSL may fail to verify with an earlier version of
+     OpenSSL 1.1.0. A workaround is to only verify the canonicalised text data
+     and use the "-binary" flag (for the "cms" command line application) or set
+     the SMIME_BINARY/PKCS7_BINARY/CMS_BINARY flags (if using CMS_verify()).
+     [Matt Caswell]
+
  Changes between 1.1.0g and 1.1.0h [27 Mar 2018]
 
   *) Constructed ASN.1 types with a recursive definition could exceed the stack

CONTRIBUTING

@@ -1,26 +1,26 @@
-HOW TO CONTRIBUTE PATCHES TO OpenSSL
-------------------------------------
+HOW TO CONTRIBUTE TO OpenSSL
+----------------------------
 
 (Please visit https://www.openssl.org/community/getting-started.html for
 other ideas about how to contribute.)
 
-Development is coordinated on the openssl-dev mailing list (see the
-above link or https://mta.openssl.org for information on subscribing).
-If you are unsure as to whether a feature will be useful for the general
-OpenSSL community you might want to discuss it on the openssl-dev mailing
-list first.  Someone may be already working on the same thing or there
-may be a good reason as to why that feature isn't implemented.
+Development is done on GitHub, https://github.com/openssl/openssl.
 
-To submit a patch, make a pull request on GitHub.  If you think the patch
-could use feedback from the community, please start a thread on openssl-dev
-to discuss it.
+To request new features or report bugs, please open an issue on GitHub
 
-Having addressed the following items before the PR will help make the
-acceptance and review process faster:
+To submit a patch, please open a pull request on GitHub.  If you are thinking
+of making a large contribution, open an issue for it before starting work,
+to get comments from the community.  Someone may be already working on
+the same thing or there may be reasons why that feature isn't implemented.
 
-    1. Anything other than trivial contributions will require a contributor
-    licensing agreement, giving us permission to use your code. See
-    https://www.openssl.org/policies/cla.html for details.
+To make it easier to review and accept your pull request, please follow these
+guidelines:
+
+    1. Anything other than a trivial contribution requires a Contributor
+    License Agreement (CLA), giving us permission to use your code. See
+    https://www.openssl.org/policies/cla.html for details.  If your
+    contribution is too small to require a CLA, put "CLA: trivial" on a
+    line by itself in your commit message body.
 
     2.  All source files should start with the following text (with
     appropriate comment characters at the start of each line and the
@@ -34,21 +34,38 @@ acceptance and review process faster:
         https://www.openssl.org/source/license.html
 
     3.  Patches should be as current as possible; expect to have to rebase
-    often. We do not accept merge commits; You will be asked to remove
-    them before a patch is considered acceptable.
+    often. We do not accept merge commits, you will have to remove them
+    (usually by rebasing) before it will be acceptable.
 
     4.  Patches should follow our coding style (see
-    https://www.openssl.org/policies/codingstyle.html) and compile without
-    warnings. Where gcc or clang is available you should use the
+    https://www.openssl.org/policies/codingstyle.html) and compile
+    without warnings. Where gcc or clang is available you should use the
     --strict-warnings Configure option.  OpenSSL compiles on many varied
-    platforms: try to ensure you only use portable features.
-    Clean builds via Travis and AppVeyor are expected, and done whenever
-    a PR is created or updated.
+    platforms: try to ensure you only use portable features.  Clean builds
+    via Travis and AppVeyor are required, and they are started automatically
+    whenever a PR is created or updated.
 
     5.  When at all possible, patches should include tests. These can
     either be added to an existing test, or completely new.  Please see
     test/README for information on the test framework.
 
     6.  New features or changed functionality must include
-    documentation. Please look at the "pod" files in doc/apps, doc/crypto
-    and doc/ssl for examples of our style.
+    documentation. Please look at the "pod" files in doc for
+    examples of our style.
+
+    7.  For user visible changes (API changes, behaviour changes, ...),
+    consider adding a note in CHANGES.  This could be a summarising
+    description of the change, and could explain the grander details.
+    Have a look through existing entries for inspiration. 
+    Please note that this is NOT simply a copy of git-log oneliners.
+    Also note that security fixes get an entry in CHANGES.
+    This file helps users get more in depth information of what comes
+    with a specific release without having to sift through the higher
+    noise ratio in git-log.
+
+    8.  For larger or more important user visible changes, as well as
+    security fixes, please add a line in NEWS.  On exception, it might be
+    worth adding a multi-line entry (such as the entry that announces all
+    the types that became opaque with OpenSSL 1.1.0).
+    This file helps users get a very quick summary of what comes with a
+    specific release, to see if an upgrade is worth the effort.