[openssl-commits] Build completed: openssl master.17291
Build openssl master.17291 completed Commit bb60663f59 by Andy Polyakov on 4/16/2018 8:32 PM: recipes/70-test_ssl{cbcpadding,extension,records}: make it work w/fragmentation. Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build failed: openssl master.17290
Build openssl master.17290 failed Commit 74e72df820 by FdaSilvaYY on 3/31/2018 10:21 PM: mkerr.pl -internal Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via dbbaeb8973d662ae0d009e0fb6c8975721991b63 (commit) from 6939eab03a6e23d2bd2c3f5e34fe1d48e542e787 (commit) - Log - commit dbbaeb8973d662ae0d009e0fb6c8975721991b63 Author: Dr. Matthias St. PierreDate: Mon Apr 16 15:19:14 2018 +0200 Revert "Add OPENSSL_VERSION_AT_LEAST" Fixes #5961 This reverts commit d8adfdcd2e5de23f3e1d1a1d10c2fda6f4a65c4a. The macros OPENSSL_MAKE_VERSION() and OPENSSL_VERSION_AT_LEAST() contain errors and don't work as designed. Apart from that, their introduction should be held back until a decision has been mad about the future versioning scheme. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/5968) --- Summary of changes: doc/crypto/OPENSSL_VERSION_NUMBER.pod | 5 - doc/ssl/ssl.pod | 6 -- include/openssl/opensslv.h| 5 - 3 files changed, 16 deletions(-) diff --git a/doc/crypto/OPENSSL_VERSION_NUMBER.pod b/doc/crypto/OPENSSL_VERSION_NUMBER.pod index f50faec..f5429d2 100644 --- a/doc/crypto/OPENSSL_VERSION_NUMBER.pod +++ b/doc/crypto/OPENSSL_VERSION_NUMBER.pod @@ -47,11 +47,6 @@ number was therefore 0x0090581f. OpenSSL_version_num() returns the version number. -The macro OPENSSL_VERSION_AT_LEAST(major,minor) can be used at compile -time test if the current version is at least as new as the version provided. -The arguments major, minor and fix correspond to the version information -as given above. - OpenSSL_version() returns different strings depending on B: =over 4 diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod index 4d91907..7307a2b 100644 --- a/doc/ssl/ssl.pod +++ b/doc/ssl/ssl.pod @@ -91,12 +91,6 @@ includes both more private SSL headers and headers from the B library. Whenever you need hard-core details on the internals of the SSL API, look inside this header file. -OPENSSL_VERSION_AT_LEAST(major,minor) can be -used in C<#if> statements in order to determine which version of the library is -being used. This can be used to either enable optional features at compile -time, or work around issues with a previous version. -See L . - =item B Unused. Present for backwards compatibility only. diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h index 3532521..7221a45 100644 --- a/include/openssl/opensslv.h +++ b/include/openssl/opensslv.h @@ -46,11 +46,6 @@ extern "C" { # define OPENSSL_VERSION_TEXT"OpenSSL 1.1.0i-dev xx XXX " # endif -#define OPENSSL_MAKE_VERSION(maj,min,fix,patch) ((0x1000L)+((maj&0xff)<<20)+((min&0xff)<<12)+((fix&0xff)<<4)+patch) - -/* use this for #if tests, should never depend upon fix/patch */ -#define OPENSSL_VERSION_AT_LEAST(maj,min) (OPENSSL_MAKE_VERSION(maj,min, 0, 0) >= OPENSSL_VERSION_NUMBER) - /*- * The macros below are to be used for shared library (.so, .dll, ...) * versioning. That kind of versioning works a bit differently between _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 168a9472b41c33b508d82a167ec169482b854664 (commit) from 58fdfb2faa17a780294c693bc5c8f08149bd3d2c (commit) - Log - commit 168a9472b41c33b508d82a167ec169482b854664 Author: Rich SalzDate: Mon Apr 16 11:47:44 2018 -0400 1747 newsflash --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index e4ecaef..b0b7cf1 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,6 +4,7 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +16-Apr-2018: https://mta.openssl.org/pipermail/openssl-announce/2018-April/000121.html;>OpenSSL 1747 Validation not moved to historical 16-Apr-2018: Security Advisory: one low severity fix 03-Apr-2018: Beta 2 of OpenSSL 1.1.1 is now available: please download and test it 27-Mar-2018: Security Advisory: several security fixes _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 58fdfb2faa17a780294c693bc5c8f08149bd3d2c (commit) from 5d178ddbeb5943d800ecf261449b139971d6743a (commit) - Log - commit 58fdfb2faa17a780294c693bc5c8f08149bd3d2c Author: Matt CaswellDate: Mon Apr 16 16:33:11 2018 +0100 Update newsflash for security advisory --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index fe25c29..e4ecaef 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,6 +4,7 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +16-Apr-2018: Security Advisory: one low severity fix 03-Apr-2018: Beta 2 of OpenSSL 1.1.1 is now available: please download and test it 27-Mar-2018: Security Advisory: several security fixes 27-Mar-2018: OpenSSL 1.1.0h is now available, including bug and security fixes _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 90b3a620f56da8d8ef9c4c76919d0dca51150685 (commit) via cf54d00aa82302d2570531b4bd7841230ced0555 (commit) from 54f007af94b8924a46786b34665223c127c19081 (commit) - Log - commit 90b3a620f56da8d8ef9c4c76919d0dca51150685 Author: Bernd EdlingerDate: Sun Apr 15 15:51:07 2018 +0200 Remove mandatory generated files on VMS too Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/5958) commit cf54d00aa82302d2570531b4bd7841230ced0555 Author: Bernd Edlinger Date: Sun Apr 15 12:07:17 2018 +0200 Remove mandatory generated files on windows too Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/5958) --- Summary of changes: Configurations/descrip.mms.tmpl | 1 + Configurations/windows-makefile.tmpl | 2 ++ 2 files changed, 3 insertions(+) diff --git a/Configurations/descrip.mms.tmpl b/Configurations/descrip.mms.tmpl index bbd9b0e..70e566e 100644 --- a/Configurations/descrip.mms.tmpl +++ b/Configurations/descrip.mms.tmpl @@ -491,6 +491,7 @@ clean : libclean {- join("\n\t", map { "- DELETE $_.EXE;*,$_.OPT;*" } @{$unified_info{programs}}) || "@ !" -} {- join("\n\t", map { "- DELETE $_.EXE;*,$_.OPT;*" } @{$unified_info{engines}}) || "@ !" -} {- join("\n\t", map { "- DELETE $_;*" } @{$unified_info{scripts}}) || "@ !" -} +{- join("\n\t", map { "- DELETE $_;*" } @{$unified_info{depends}->{""}}) || "@ !" -} {- join("\n\t", map { "- DELETE $_;*" } @generated) || "@ !" -} - DELETE [...]*.MAP;* - DELETE [...]*.D;* diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl index c51e4c7..0fe6ca2 100644 --- a/Configurations/windows-makefile.tmpl +++ b/Configurations/windows-makefile.tmpl @@ -360,10 +360,12 @@ clean: libclean {- join("\n\t", map { "-del /Q /F $_" } @PROGRAMS) -} -del /Q /F $(ENGINES) -del /Q /F $(SCRIPTS) + -del /Q /F $(GENERATED_MANDATORY) -del /Q /F $(GENERATED) -del /Q /S /F *.d *.obj *.pdb *.exp *.ilk *.manifest -del /Q /S /F engines\*.lib -del /Q /S /F apps\*.lib apps\*.rc apps\*.res + -rmdir /Q /S test\test-runs distclean: clean -del /Q /F configdata.pm _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 5d178ddbeb5943d800ecf261449b139971d6743a (commit) from e73e4460aa47e8cb6c694625584c26e9298d0bb5 (commit) - Log - commit 5d178ddbeb5943d800ecf261449b139971d6743a Author: Matt Caswell <m...@openssl.org> Date: Mon Apr 16 16:30:00 2018 +0100 Updates for CVE-2018-0737 --- Summary of changes: news/secadv/20180416.txt | 35 +++ news/vulnerabilities.xml | 43 +++ 2 files changed, 78 insertions(+) create mode 100644 news/secadv/20180416.txt diff --git a/news/secadv/20180416.txt b/news/secadv/20180416.txt new file mode 100644 index 000..700beb6 --- /dev/null +++ b/news/secadv/20180416.txt @@ -0,0 +1,35 @@ + +OpenSSL Security Advisory [16 Apr 2018] + + +Cache timing vulnerability in RSA Key Generation (CVE-2018-0737) + + +Severity: Low + +The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a +cache timing side channel attack. An attacker with sufficient access to mount +cache timing attacks during the RSA key generation process could recover the +private key. + +Due to the low severity of this issue we are not issuing a new release of +OpenSSL 1.1.0 or 1.0.2 at this time. The fix will be included in OpenSSL 1.1.0i +and OpenSSL 1.0.2p when they become available. The fix is also available in +commit 6939eab03 (for 1.1.0) and commit 349a41da1 (for 1.0.2) in the OpenSSL git +repository. + +This issue was reported to OpenSSL on 4th April 2018 by Alejandro Cabrera +Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia. +The fix was developed by Billy Brumley. + +References +== + +URL for this Security Advisory: +https://www.openssl.org/news/secadv/20180416.txt + +Note: the online version of the advisory may be updated with additional details +over time. + +For details of OpenSSL severity classifications please see: +https://www.openssl.org/policies/secpolicy.html diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index b565e18..684eb33 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -8,6 +8,49 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Constant time issue +Cache timing vulnerability in RSA Key Generation + + The OpenSSL RSA Key generation algorithm has been shown to be vulnerable + to a cache timing side channel attack. An attacker with sufficient access + to mount cache timing attacks during the RSA key generation process could + recover the private key. + + + + _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 349a41da1ad88ad87825414752a8ff5fdd6a6c3f (commit) from d1a64149b061172d120559aea289498ec680b497 (commit) - Log - commit 349a41da1ad88ad87825414752a8ff5fdd6a6c3f Author: Billy BrumleyDate: Wed Apr 11 10:10:58 2018 +0300 RSA key generation: ensure BN_mod_inverse and BN_mod_exp_mont both get called with BN_FLG_CONSTTIME flag set. CVE-2018-0737 Reviewed-by: Rich Salz Reviewed-by: Matt Caswell (cherry picked from commit 6939eab03a6e23d2bd2c3f5e34fe1d48e542e787) --- Summary of changes: crypto/rsa/rsa_gen.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c index 9ca5dfe..42b89a8 100644 --- a/crypto/rsa/rsa_gen.c +++ b/crypto/rsa/rsa_gen.c @@ -156,6 +156,8 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, if (BN_copy(rsa->e, e_value) == NULL) goto err; +BN_set_flags(rsa->p, BN_FLG_CONSTTIME); +BN_set_flags(rsa->q, BN_FLG_CONSTTIME); BN_set_flags(r2, BN_FLG_CONSTTIME); /* generate p and q */ for (;;) { _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 6939eab03a6e23d2bd2c3f5e34fe1d48e542e787 (commit) from e4fa7cc3fb9909c6aee411de15a06f918687b8e2 (commit) - Log - commit 6939eab03a6e23d2bd2c3f5e34fe1d48e542e787 Author: Billy BrumleyDate: Wed Apr 11 10:10:58 2018 +0300 RSA key generation: ensure BN_mod_inverse and BN_mod_exp_mont both get called with BN_FLG_CONSTTIME flag set. CVE-2018-0737 Reviewed-by: Rich Salz Reviewed-by: Matt Caswell --- Summary of changes: crypto/rsa/rsa_gen.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c index 9af43e0..79f77e3 100644 --- a/crypto/rsa/rsa_gen.c +++ b/crypto/rsa/rsa_gen.c @@ -89,6 +89,8 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, if (BN_copy(rsa->e, e_value) == NULL) goto err; +BN_set_flags(rsa->p, BN_FLG_CONSTTIME); +BN_set_flags(rsa->q, BN_FLG_CONSTTIME); BN_set_flags(r2, BN_FLG_CONSTTIME); /* generate p and q */ for (;;) { _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 54f007af94b8924a46786b34665223c127c19081 (commit) from b0a97931fbfd5c84e1ac031cb8a8d213d437fec5 (commit) - Log - commit 54f007af94b8924a46786b34665223c127c19081 Author: Matt CaswellDate: Thu Apr 12 12:07:53 2018 +0100 RSA key generation: ensure BN_mod_inverse and BN_mod_exp_mont both get called with BN_FLG_CONSTTIME flag set. Based on an original patch by Billy Brumley CVE-2018-0737 Reviewed-by: Rich Salz --- Summary of changes: crypto/rsa/rsa_gen.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c index d8ef3c7..7f0a256 100644 --- a/crypto/rsa/rsa_gen.c +++ b/crypto/rsa/rsa_gen.c @@ -157,6 +157,7 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, int primes, BIGNUM *e_value, pinfo = sk_RSA_PRIME_INFO_value(prime_infos, i - 2); prime = pinfo->r; } +BN_set_flags(prime, BN_FLG_CONSTTIME); for (;;) { redo: _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build completed: openssl master.17270
Build openssl master.17270 completed Commit 1f25d118c2 by Davide Galassi on 4/16/2018 9:45 AM: BIGNUM signed add/sub routines refactory Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits