[openssl-commits] [openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via e587e8e36a0279674882f4b8bdba81ed1b10e1a6 (commit) from c97a75bf1348e252239bb88ab4ff8ac2e0e7e092 (commit) - Log - commit e587e8e36a0279674882f4b8bdba81ed1b10e1a6 Author: cclauss Date: Tue Oct 16 07:18:00 2018 +0200 Travis CI: Use flake8 to find Python syntax errors or undefined names CLA: trivial In Travis CI, add a Python linting step that runs flake8 tests in Travis CI to find syntax errors and undefined names. (http://flake8.pycqa.org) __E901,E999,F821,F822,F823__ are the "_showstopper_" flake8 issues that can halt the runtime with a SyntaxError, NameError, etc. Most other flake8 issues are merely "style violations" -- useful for readability but they do not effect runtime safety. * F821: undefined name `name` * F822: undefined name `name` in `__all__` * F823: local variable name referenced before assignment * E901: SyntaxError or IndentationError * E999: SyntaxError -- failed to compile a file into an Abstract Syntax Tree Reviewed-by: Paul Dale Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/7410) (cherry picked from commit 2a6f57bc098cdfa6320189f2725337c7f74a052e) --- Summary of changes: .travis.yml | 12 1 file changed, 12 insertions(+) diff --git a/.travis.yml b/.travis.yml index 764da28..0124368 100644 --- a/.travis.yml +++ b/.travis.yml @@ -120,6 +120,18 @@ matrix: - gcc-mingw-w64 compiler: x86_64-w64-mingw32-gcc env: EXTENDED_TEST="yes" CONFIG_OPTS="no-pic" +- os: linux + language: python + python: 3.7 + dist: xenial# required for Python 3.7 (travis-ci/travis-ci#9069) + sudo: required # required for Python 3.7 (travis-ci/travis-ci#9069) + install: pip install flake8 + before_script: +# stop the build if there are Python syntax errors or undefined names +- flake8 . --count --select=E901,E999,F821,F822,F823 --show-source --statistics +# exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide +- flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics + script: true exclude: - os: linux compiler: clang _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 2a6f57bc098cdfa6320189f2725337c7f74a052e (commit) from c486283cb8e9bd6c1db7eb01d31a72e68b8dc4b8 (commit) - Log - commit 2a6f57bc098cdfa6320189f2725337c7f74a052e Author: cclauss Date: Tue Oct 16 07:18:00 2018 +0200 Travis CI: Use flake8 to find Python syntax errors or undefined names CLA: trivial In Travis CI, add a Python linting step that runs flake8 tests in Travis CI to find syntax errors and undefined names. (http://flake8.pycqa.org) __E901,E999,F821,F822,F823__ are the "_showstopper_" flake8 issues that can halt the runtime with a SyntaxError, NameError, etc. Most other flake8 issues are merely "style violations" -- useful for readability but they do not effect runtime safety. * F821: undefined name `name` * F822: undefined name `name` in `__all__` * F823: local variable name referenced before assignment * E901: SyntaxError or IndentationError * E999: SyntaxError -- failed to compile a file into an Abstract Syntax Tree Reviewed-by: Paul Dale Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/7410) --- Summary of changes: .travis.yml | 12 1 file changed, 12 insertions(+) diff --git a/.travis.yml b/.travis.yml index 764da28..0124368 100644 --- a/.travis.yml +++ b/.travis.yml @@ -120,6 +120,18 @@ matrix: - gcc-mingw-w64 compiler: x86_64-w64-mingw32-gcc env: EXTENDED_TEST="yes" CONFIG_OPTS="no-pic" +- os: linux + language: python + python: 3.7 + dist: xenial# required for Python 3.7 (travis-ci/travis-ci#9069) + sudo: required # required for Python 3.7 (travis-ci/travis-ci#9069) + install: pip install flake8 + before_script: +# stop the build if there are Python syntax errors or undefined names +- flake8 . --count --select=E901,E999,F821,F822,F823 --show-source --statistics +# exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide +- flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics + script: true exclude: - os: linux compiler: clang _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [tools] master update
The branch master has been updated via 191d279c0e11953cd1a3d02e3fe422391cf9674f (commit) via 617dbc4a479831adbf711df0879324b23d5f4cb6 (commit) via a89caedb7667bec77ca155ef99b6beacd7a4479c (commit) from 1de20a3a49e1b4f6e7104b84b8fc5594b144712a (commit) - Log - commit 191d279c0e11953cd1a3d02e3fe422391cf9674f Author: Richard Levitte Date: Tue Nov 20 16:34:16 2018 +0100 release-tools/do-copyright-year: skip versioned directories These are submodules, and we have no interest changing those. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/tools/pull/36) commit 617dbc4a479831adbf711df0879324b23d5f4cb6 Author: Richard Levitte Date: Tue Nov 20 16:33:12 2018 +0100 release-tools/do-copyright-year: more efficient skip of D records Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/tools/pull/36) commit a89caedb7667bec77ca155ef99b6beacd7a4479c Author: Richard Levitte Date: Tue Nov 20 16:30:21 2018 +0100 release-tools/do-copyright-year: add a spinner+counter to show process When a lot of changes has happened in a branch, processing all the files can take some time, so this adds some visual progress feedback. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/tools/pull/36) --- Summary of changes: release-tools/do-copyright-year | 30 -- 1 file changed, 24 insertions(+), 6 deletions(-) diff --git a/release-tools/do-copyright-year b/release-tools/do-copyright-year index 6c3d710..8bebf6a 100755 --- a/release-tools/do-copyright-year +++ b/release-tools/do-copyright-year @@ -29,12 +29,30 @@ EOF NYD=`date +%Y-01-01` echo Updating copryight -git diff-tree -r --name-status `git rev-list -1 --before=$NYD HEAD`..HEAD \ - | while read STATUS FILE ; do -if [ "$STATUS" = 'D' ]; then continue; fi -sed -E -f /tmp/sed$$ -i "$FILE" -git add "$FILE" -done +git diff-tree -r --name-status `git rev-list -1 --before=$NYD HEAD`..HEAD | \ +grep -v '^ *D' | \ +( + count=0 + sp="/-\|" + sc=0 + spin() { + printf "\r${sp:sc++:1} %s" "$@" + ((sc==${#sp})) && sc=0 + } + endspin() { + printf "\r%s\n" "$@" + } + + while read STATUS FILE ; do + if [ -d "$FILE" ]; then continue; fi + (( count++ )) + spin $count + sed -E -f /tmp/sed$$ -i "$FILE" + git add "$FILE" + done + endspin "Files considered: $count" +) +echo Files changed: $(git status --porcelain | grep '^ *M' | wc -l) echo Committing change locally. git commit -m 'Update copyright year' rm -f $ss _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Passed: openssl/openssl#21833 (OpenSSL_1_1_1a - d1c28d7)
Build Update for openssl/openssl - Build: #21833 Status: Passed Duration: 23 mins and 27 secs Commit: d1c28d7 (OpenSSL_1_1_1a) Author: Matt Caswell Message: Prepare for 1.1.1a release Reviewed-by: Richard Levitte View the changeset: https://github.com/openssl/openssl/compare/OpenSSL_1_1_1a View the full build log and details: https://travis-ci.org/openssl/openssl/builds/457470419?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Passed: openssl/openssl#21832 (OpenSSL_1_1_0j - 74f2d9c)
Build Update for openssl/openssl - Build: #21832 Status: Passed Duration: 17 mins and 15 secs Commit: 74f2d9c (OpenSSL_1_1_0j) Author: Matt Caswell Message: Prepare for 1.1.0j release Reviewed-by: Richard Levitte View the changeset: https://github.com/openssl/openssl/compare/OpenSSL_1_1_0j View the full build log and details: https://travis-ci.org/openssl/openssl/builds/457470395?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Passed: openssl/openssl#21831 (OpenSSL_1_0_2q - 5707219)
Build Update for openssl/openssl - Build: #21831 Status: Passed Duration: 4 mins and 35 secs Commit: 5707219 (OpenSSL_1_0_2q) Author: Matt Caswell Message: Prepare for 1.0.2q release Reviewed-by: Richard Levitte View the changeset: https://github.com/openssl/openssl/compare/OpenSSL_1_0_2q View the full build log and details: https://travis-ci.org/openssl/openssl/builds/457470382?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via af5e14f2df748257775c39faa63fcc755b81b1b9 (commit) from 28c43932d579cd6ba18ec411bb828a2512c3419e (commit) - Log - commit af5e14f2df748257775c39faa63fcc755b81b1b9 Author: Matt Caswell Date: Tue Nov 20 13:55:56 2018 + Updates for new release Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/web/pull/95) --- Summary of changes: news/newsflash.txt | 4 news/vulnerabilities.xml | 12 ++-- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/news/newsflash.txt b/news/newsflash.txt index 2c05c1a..07229f2 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,6 +4,10 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +20-Nov-2018: OpenSSL 1.1.1a is now available, including bug and security fixes +20-Nov-2018: OpenSSL 1.1.0j is now available, including bug and security fixes +20-Nov-2018: OpenSSL 1.0.2q is now available, including bug and security fixes +12-Nov-2018: Security Advisory: one low severity fix in ECC scalar multiplication 29-Oct-2018: Security Advisory: one low severity fix in DSA 29-Oct-2018: Security Advisory: one low severity fix in ECDSA 11-Sep-2018: Final version of OpenSSL 1.1.1 (LTS) is now available: please download and upgrade! diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index 46cdcff..2142ade 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -40,7 +40,7 @@ - + Side Channel Attack @@ -85,13 +85,13 @@ - + - + - + Constant time issue @@ -118,10 +118,10 @@ - + - + Constant time issue _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0j create
The annotated tag OpenSSL_1_1_0j has been created at 21830324cf9f3f9589b30303c078189fda92cd2b (tag) tagging 74f2d9c1ec5f5510e1d3da5a9f03c28df0977762 (commit) replaces OpenSSL_1_1_0i tagged by Matt Caswell on Tue Nov 20 13:41:22 2018 + - Log - OpenSSL 1.1.0j release tag -BEGIN PGP SIGNATURE- iQFFBAABCgAvFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAlv0DwIRHG1hdHRAb3Bl bnNzbC5vcmcACgkQ2cTSbQ5gRJFWawgAklJtlX3lFSkgwdBTbvuSV89o+ErEXOxV Ap9PPIIlo/ZCeOSZwNTpmwzq/LxgSCDF74nSIYhDUAKIdTyf0jesPg61CRMs0gJq yBf6xaozWDyp4/FhHqCAm2FwoFRrtnf08gTPDlpRHg04o2GSx1QPyTo7d+QPLD4h BfGJjyBZQtgoc/xfBQyaOTpojv0ehvm9lO4SGXDTAUZR1xRcIDJtsl3hhQWSlJuh zzja9utZf7BYRV0j49VYvsEpvx7y3GF6zPaoMUJLT1pNki2K0PmBrYw+DKwwQo0v aF2Bbo568lKjB+r2w8vftTkZf0WC0G9uaG08ETl0s23/91eaqPUqyg== =5beK -END PGP SIGNATURE- Andy Polyakov (8): crypto/init.c: improve destructor_key's portability. crypto/bn: add more fixed-top routines. rsa/rsa_ossl.c: implement variant of "Smooth CRT-RSA." bn/bn_blind.c: use Montgomery multiplication when possible. bn/bn_lib.c: conceal even memmory access pattern in bn2binpad. rsa/rsa_ossl.c: fix and extend commentary [skip ci]. ssl/s3_enc.c: fix logical errors in ssl3_final_finish_mac. arch/async_posix.h: improve portability. Benjamin Kaduk (2): Avoid shadowing 'free' in X509_LOOKUP_met_set_free apps: allow empty attribute values with -subj Bernd Edlinger (2): Fix a warning from MSVC build Make the config script fail with an error code if Configure failed Billy Brumley (3): More EVP ECC testing: positive and negative [test] ECC: make sure negative tests pass for the right reasons [crypto/bn] swap BN_FLG_FIXED_TOP too Daniel Bevenius (1): Document OPENSSL_VERSION_TEXT macro Dmitry Belyavskiy (1): Backport #7007 to 1.1.0 Dr. Matthias St. Pierre (1): md_rand.c: don't stop polling until properly initialized Eric Brown (1): Remove redundant ASN1_INTEGER_set call Eric Curtin (1): New openssl subject parser hard to debug Jakub Wilk (1): Fix example in crl(1) man page Matt Caswell (9): Prepare for 1.1.0j-dev Free SSL object on an error path The req documentation incorrectly states that we default to md5 Clarify the EVP_DigestSignInit docs Check the return value from ASN1_INTEGER_set Add an explicit cast to time_t Update CHANGES and NEWS for new release Update copyright year Prepare for 1.1.0j release Nicola Tuveri (5): Backport #6648 to OpenSSL_1_1_0-stable Fix segfault in RSA_free() (and DSA/DH/EC_KEY) Harmonize the error handling codepath Split test/evptests.txt into separate files. Move evp test programs input data to its own data dir Paul Kehrer (2): add getter for tbsResponseData and signatureAlgorithm on OCSP_BASICRESP add docs for OCSP_resp_get0_signature Pauli (11): Zero memory in CRYPTO_secure_malloc. Check the return from BN_sub() in BN_X931_generate_Xpq(). Make OBJ_NAME case insensitive. Key zeroization fix for EVP_SealInit. Add a compile time test to verify that openssl/rsa.h and complex.h can coexist. Use 'i' as parameter name not 'I'. Use secure_getenv(3) when available. DSA mod inverse fix Timing vulnerability in DSA signature generation (CVE-2018-0734). Timing vulnerability in ECDSA signature generation (CVE-2018-0735) Add a constant time flag to one of the bignums to avoid a timing leak. Richard Levitte (15): openssl req: don't try to report bits CAPI engine: add support for RSA_NO_PADDING crypto/ui/ui_openssl.c: make sure to recognise ENXIO and EIO too crypto/bn/asm/x86_64-gcc.c: remove unnecessary redefinition of BN_ULONG Small cleanup (util/mkdef.pl, crypto/bio/bss_log.c, include/openssl/ocsp.h) Clean out aliases in include/openssl/symhacks.h Allow parallel install Have install targets depend on more precise build targets VMS build: colon after target must be separated with a space Fix cherry-pick error Windows build: build foo.d after foo.obj Configuration: make sure the shared_sources table doesn't contain empty elements Fix rpath-related Linux "test_shlibload" failure. test/recipes/90-test_shlibload.t needs $target{shared_extension} Fix typo in util/perl/OpenSSL/Test.pm Rod Vagg (1): Remove brace from bad cherry-pick of DSA reallocation fix Shane Lontis (4): key zeroisation for pvkfmt now done on all branch paths key zeroisation fix for p12 hkdf zeroization fix RSA padding Zeroization fixes Sohaib ul Hassan (1): Implement coordinate blinding for EC_POINT Tomas Mraz (1): Fix copy error found in Coverity scan Viktor Dukhovni (2): Only CA certificates can be self-issued
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 49d07eb3cc85b5ea8877f7cdfadc8c20497eb09a (commit) via 5707219a6aae8052cb98aa361d115be01b8fd894 (commit) via d98ff540df55b6ef4e29df9590e082afa7ad65b4 (commit) from 8ea167207d2a014bf592eb21b7e33ed2204d5063 (commit) - Log - commit 49d07eb3cc85b5ea8877f7cdfadc8c20497eb09a Author: Matt Caswell Date: Tue Nov 20 13:46:11 2018 + Prepare for 1.0.2r-dev Reviewed-by: Richard Levitte commit 5707219a6aae8052cb98aa361d115be01b8fd894 Author: Matt Caswell Date: Tue Nov 20 13:45:20 2018 + Prepare for 1.0.2q release Reviewed-by: Richard Levitte commit d98ff540df55b6ef4e29df9590e082afa7ad65b4 Author: Matt Caswell Date: Tue Nov 20 13:45:20 2018 + make update Reviewed-by: Richard Levitte --- Summary of changes: CHANGES | 6 +- NEWS | 6 +- README | 2 +- crypto/Makefile | 7 +++ crypto/conf/Makefile | 7 --- crypto/opensslv.h| 6 +++--- crypto/rand/Makefile | 9 + openssl.spec | 2 +- util/libeay.num | 1 + 9 files changed, 32 insertions(+), 14 deletions(-) diff --git a/CHANGES b/CHANGES index 11d7232..ab5cdf6 100644 --- a/CHANGES +++ b/CHANGES @@ -7,7 +7,11 @@ https://github.com/openssl/openssl/commits/ and pick the appropriate release branch. - Changes between 1.0.2p and 1.0.2q [xx XXX ] + Changes between 1.0.2q and 1.0.2r [xx XXX ] + + *) + + Changes between 1.0.2p and 1.0.2q [20 Nov 2018] *) Microarchitecture timing vulnerability in ECC scalar multiplication diff --git a/NEWS b/NEWS index 38fe668..566ce43 100644 --- a/NEWS +++ b/NEWS @@ -5,7 +5,11 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. - Major changes between OpenSSL 1.0.2p and OpenSSL 1.0.2q [under development] + Major changes between OpenSSL 1.0.2q and OpenSSL 1.0.2r [under development] + + o + + Major changes between OpenSSL 1.0.2p and OpenSSL 1.0.2q [20 Nov 2018] o Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407) o Timing vulnerability in DSA signature generation (CVE-2018-0734) diff --git a/README b/README index 3f5f81e..a288fd6 100644 --- a/README +++ b/README @@ -1,5 +1,5 @@ - OpenSSL 1.0.2q-dev + OpenSSL 1.0.2r-dev Copyright (c) 1998-2018 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/crypto/Makefile b/crypto/Makefile index 72c96f6..180707e 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -180,6 +180,13 @@ ex_data.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h ex_data.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h ex_data.o: ex_data.c fips_ers.o: ../include/openssl/opensslconf.h fips_ers.c +getenv.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h +getenv.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +getenv.o: ../include/openssl/err.h ../include/openssl/lhash.h +getenv.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +getenv.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h +getenv.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h +getenv.o: getenv.c mem.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h mem.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h mem.o: ../include/openssl/err.h ../include/openssl/lhash.h diff --git a/crypto/conf/Makefile b/crypto/conf/Makefile index d5f5c58..cd436f7 100644 --- a/crypto/conf/Makefile +++ b/crypto/conf/Makefile @@ -80,12 +80,13 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. conf_api.o: ../../e_os.h ../../include/openssl/bio.h -conf_api.o: ../../include/openssl/conf.h ../../include/openssl/conf_api.h -conf_api.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +conf_api.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +conf_api.o: ../../include/openssl/conf_api.h ../../include/openssl/crypto.h +conf_api.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h conf_api.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h conf_api.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h conf_api.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -conf_api.o: ../../include/openssl/symhacks.h conf_api.c +conf_api.o: ../../include/openssl/symhacks.h ../cryptlib.h conf_api.c conf_def.o: ../../e_os.h ../../include/openssl/bio.h conf_def.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h conf_def.o: ../../include/openssl/conf_api.h ../../include/openssl/crypto.h diff --git a/crypto/opensslv.h b/crypto/opensslv.h index 8509228..f808f1e 100644 --- a/crypto/opensslv.h
[openssl-commits] [openssl] OpenSSL_1_0_2q create
The annotated tag OpenSSL_1_0_2q has been created at 4bd676413494473ed5f3011c7ffa423eaae79468 (tag) tagging 5707219a6aae8052cb98aa361d115be01b8fd894 (commit) replaces OpenSSL_1_0_2p tagged by Matt Caswell on Tue Nov 20 13:45:20 2018 + - Log - OpenSSL 1.0.2q release tag -BEGIN PGP SIGNATURE- iQFFBAABCgAvFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAlv0D/ARHG1hdHRAb3Bl bnNzbC5vcmcACgkQ2cTSbQ5gRJEiJgf+Mi2MCBgbXiqhNckXMIZRxFqE/Yp2QanX Wei3dOmkmCGTqk/Ej2gfkZc73aGsD+ZeyMXyOdV78OyH4gZBAe4GzIXwFq/VhpQI cqY24XWciF2NjzB1DGf05ufMgoO+aOU+QGKYP2ugjGNFVy9BSn5f9FqTr48An1LL p5LalvKnwAz+gOuNxi3/uGCQYvMUQrtB8GZEK6SEBts8aO/PI6hs8X6xsjgfah1i 4IvRrKR8p/GYw6zfslaYn8kMJGDIr2JAHCNk80msj7mDNN4T1MspGqA2nI5HeKP0 RMT1pI5Ugjdb+h0XMTkZ7dewQfRkZHKXJR/M1EvVL3xCvlqUM9MibA== =OHP3 -END PGP SIGNATURE- Andy Polyakov (7): x509v3/v3_purp.c: resolve Thread Sanitizer nit. crypto/bn: add more fixed-top routines. rsa/rsa_eay.c: implement variant of "Smooth CRT-RSA." bn/bn_blind.c: use Montgomery multiplication when possible. bn/bn_lib.c: conceal even memmory access pattern in bn2binpad. util/domd: omit superfluous shift in -MD handling. rsa/rsa_ossl.c: fix and extend commentary [skip ci]. Bernd Edlinger (1): Make the config script fail with an error code if Configure failed Billy Brumley (1): CVE-2018-5407 fix: ECC ladder Daniel Bevenius (1): Document OPENSSL_VERSION_TEXT macro Dr. Matthias St. Pierre (3): drbg_get_entropy: force a reseed before calling ssleay_rand_bytes() md_rand.c: don't stop polling until properly initialized Fix 'no-ecdh' build Eric Brown (1): Remove redundant ASN1_INTEGER_set call Hubert Kario (1): document the -no_ecdhe option in s_server man page Jakub Wilk (1): Fix example in crl(1) man page Manikantan Subramanian (1): Use gethostbyname_r if available Matt Caswell (9): Prepare for 1.0.2q-dev The req documentation incorrectly states that we default to md5 Clarify the EVP_DigestSignInit docs Check the return value from ASN1_INTEGER_set Properly handle duplicated messages from the next epoch Update CHANGES and NEWS for new release Update copyright year make update Prepare for 1.0.2q release Nicola Tuveri (1): Access `group->mont_data` conditionally in EC_GROUP_set_generator() Pauli (5): Check the return from BN_sub() in BN_X931_generate_Xpq(). Merge 1.0.2 setuid calls to getenv(3) safety. Merge DSA reallocation timing fix CVE-2018-0734. Merge to 1.0.2: DSA mod inverse fix. Add a constant time flag to one of the bignums to avoid a timing leak. Richard Levitte (6): VMS: add missing x509_time test to test scripts openssl req: don't try to report bits CAPI engine: add support for RSA_NO_PADDING crypto/ui/ui_openssl.c: make sure to recognise ENXIO and EIO too crypto/bn/asm/x86_64-gcc.c: remove unnecessary redefinition of BN_ULONG VMS: ensure crypto/getenv.c is included in the build Viktor Dukhovni (2): Only CA certificates can be self-issued Apply self-imposed path length also to root CAs Vitezslav Cizek (1): DSA: Check for sanity of input parameters --- _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 0fbe8491fc05d280a1f00bfc26dd3c3a6c63f04a (commit) via 74f2d9c1ec5f5510e1d3da5a9f03c28df0977762 (commit) from a8e613cc51beaeb181a322da3620a27ef8bcead3 (commit) - Log - commit 0fbe8491fc05d280a1f00bfc26dd3c3a6c63f04a Author: Matt Caswell Date: Tue Nov 20 13:42:16 2018 + Prepare for 1.1.0k-dev Reviewed-by: Richard Levitte commit 74f2d9c1ec5f5510e1d3da5a9f03c28df0977762 Author: Matt Caswell Date: Tue Nov 20 13:41:22 2018 + Prepare for 1.1.0j release Reviewed-by: Richard Levitte --- Summary of changes: CHANGES| 6 +- NEWS | 6 +- README | 2 +- include/openssl/opensslv.h | 6 +++--- 4 files changed, 14 insertions(+), 6 deletions(-) diff --git a/CHANGES b/CHANGES index cb2e6b1..60c0dd1 100644 --- a/CHANGES +++ b/CHANGES @@ -7,7 +7,11 @@ https://github.com/openssl/openssl/commits/ and pick the appropriate release branch. - Changes between 1.1.0i and 1.1.0j [xx XXX ] + Changes between 1.1.0j and 1.1.0k [xx XXX ] + + *) + + Changes between 1.1.0i and 1.1.0j [20 Nov 2018] *) Timing vulnerability in DSA signature generation diff --git a/NEWS b/NEWS index 88a0be4..188e9aa 100644 --- a/NEWS +++ b/NEWS @@ -5,7 +5,11 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. - Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.0j [under development] + Major changes between OpenSSL 1.1.0j and OpenSSL 1.1.0k [under development] + + o + + Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.0j [20 Nov 2018] o Timing vulnerability in DSA signature generation (CVE-2018-0734) o Timing vulnerability in ECDSA signature generation (CVE-2018-0735) diff --git a/README b/README index 3af2619..51828a7 100644 --- a/README +++ b/README @@ -1,5 +1,5 @@ - OpenSSL 1.1.0j-dev + OpenSSL 1.1.0k-dev Copyright (c) 1998-2018 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h index 72f09af..0e2992e 100644 --- a/include/openssl/opensslv.h +++ b/include/openssl/opensslv.h @@ -39,11 +39,11 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x101000a0L +# define OPENSSL_VERSION_NUMBER 0x101000b0L # ifdef OPENSSL_FIPS -# define OPENSSL_VERSION_TEXT"OpenSSL 1.1.0j-fips-dev xx XXX " +# define OPENSSL_VERSION_TEXT"OpenSSL 1.1.0k-fips-dev xx XXX " # else -# define OPENSSL_VERSION_TEXT"OpenSSL 1.1.0j-dev xx XXX " +# define OPENSSL_VERSION_TEXT"OpenSSL 1.1.0k-dev xx XXX " # endif /*- _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via c97a75bf1348e252239bb88ab4ff8ac2e0e7e092 (commit) via d1c28d791a7391a8dc101713cd8646df96491d03 (commit) from 7c6d372affa7d40629f51de4e076e59cf6048091 (commit) - Log - commit c97a75bf1348e252239bb88ab4ff8ac2e0e7e092 Author: Matt Caswell Date: Tue Nov 20 13:38:03 2018 + Prepare for 1.1.1b-dev Reviewed-by: Richard Levitte commit d1c28d791a7391a8dc101713cd8646df96491d03 Author: Matt Caswell Date: Tue Nov 20 13:35:35 2018 + Prepare for 1.1.1a release Reviewed-by: Richard Levitte --- Summary of changes: CHANGES| 6 +- NEWS | 6 +- README | 2 +- include/openssl/opensslv.h | 4 ++-- 4 files changed, 13 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index aafc262..9cc29b7 100644 --- a/CHANGES +++ b/CHANGES @@ -7,7 +7,11 @@ https://github.com/openssl/openssl/commits/ and pick the appropriate release branch. - Changes between 1.1.1 and 1.1.1a [xx XXX ] + Changes between 1.1.1a and 1.1.1b [xx XXX ] + + *) + + Changes between 1.1.1 and 1.1.1a [20 Nov 2018] *) Timing vulnerability in DSA signature generation diff --git a/NEWS b/NEWS index 410e845..6d2b97d 100644 --- a/NEWS +++ b/NEWS @@ -5,7 +5,11 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. - Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.1a [under development] + Major changes between OpenSSL 1.1.1a and OpenSSL 1.1.1b [under development] + + o + + Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.1a [20 Nov 2018] o Timing vulnerability in DSA signature generation (CVE-2018-0734) o Timing vulnerability in ECDSA signature generation (CVE-2018-0735) diff --git a/README b/README index 5817b54..5b614cb 100644 --- a/README +++ b/README @@ -1,5 +1,5 @@ - OpenSSL 1.1.1a-dev + OpenSSL 1.1.1b-dev Copyright (c) 1998-2018 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h index 2a54f2c..308091f 100644 --- a/include/openssl/opensslv.h +++ b/include/openssl/opensslv.h @@ -39,8 +39,8 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x10101010L -# define OPENSSL_VERSION_TEXT"OpenSSL 1.1.1a-dev xx XXX " +# define OPENSSL_VERSION_NUMBER 0x10101020L +# define OPENSSL_VERSION_TEXT"OpenSSL 1.1.1b-dev xx XXX " /*- * The macros below are to be used for shared library (.so, .dll, ...) _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 8ea167207d2a014bf592eb21b7e33ed2204d5063 (commit) from 548cce63dd401b89e26d049152e3f9465f82720f (commit) - Log - commit 8ea167207d2a014bf592eb21b7e33ed2204d5063 Author: Matt Caswell Date: Tue Nov 20 13:23:36 2018 + Update copyright year Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/7671) --- Summary of changes: crypto/bn/bn_blind.c | 2 +- crypto/bn/bn_x931p.c | 2 +- crypto/conf/conf_mod.c | 2 +- crypto/ec/ec_lcl.h | 2 +- crypto/ec/ec_mult.c | 2 +- crypto/engine/eng_list.c | 2 +- crypto/pkcs12/p12_init.c | 2 +- crypto/rand/md_rand.c| 2 +- crypto/rand/rand_lcl.h | 2 +- engines/e_capi.c | 2 +- ssl/ssl_ciph.c | 2 +- 11 files changed, 11 insertions(+), 11 deletions(-) diff --git a/crypto/bn/bn_blind.c b/crypto/bn/bn_blind.c index 40e1bb6..a1e5e13 100644 --- a/crypto/bn/bn_blind.c +++ b/crypto/bn/bn_blind.c @@ -1,6 +1,6 @@ /* crypto/bn/bn_blind.c */ /* - * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/crypto/bn/bn_x931p.c b/crypto/bn/bn_x931p.c index 116620a..e40241f 100644 --- a/crypto/bn/bn_x931p.c +++ b/crypto/bn/bn_x931p.c @@ -4,7 +4,7 @@ * 2005. */ /* - * Copyright (c) 2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 2005-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c index 2a7a27b..1df463d 100644 --- a/crypto/conf/conf_mod.c +++ b/crypto/conf/conf_mod.c @@ -4,7 +4,7 @@ * 2001. */ /* - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 2001-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h index 2d604fa..8665a4c 100644 --- a/crypto/ec/ec_lcl.h +++ b/crypto/ec/ec_lcl.h @@ -3,7 +3,7 @@ * Originally written by Bodo Moeller for the OpenSSL project. */ /* - * Copyright (c) 1998-2010 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index c573d4b..da71526 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -3,7 +3,7 @@ * Originally written by Bodo Moeller and Nils Larsch for the OpenSSL project. */ /* - * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c index 9e64b9d..5d7eee4 100644 --- a/crypto/engine/eng_list.c +++ b/crypto/engine/eng_list.c @@ -4,7 +4,7 @@ * 2000. */ /* - * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/crypto/pkcs12/p12_init.c b/crypto/pkcs12/p12_init.c index 8275a23..a074b94 100644 --- a/crypto/pkcs12/p12_init.c +++ b/crypto/pkcs12/p12_init.c @@ -4,7 +4,7 @@ * 1999. */ /* - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c index 0c273ad..2983a3f 100644 --- a/crypto/rand/md_rand.c +++
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via a8e613cc51beaeb181a322da3620a27ef8bcead3 (commit) from 503c18583a1c8910ad42d4426290f0a61daae7a6 (commit) - Log - commit a8e613cc51beaeb181a322da3620a27ef8bcead3 Author: Matt Caswell Date: Tue Nov 20 13:21:36 2018 + Update copyright year Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/7670) --- Summary of changes: apps/pkey.c | 2 +- apps/req.c | 2 +- config | 2 +- crypto/bio/b_print.c| 2 +- crypto/bn/asm/x86_64-gcc.c | 2 +- crypto/bn/bn_blind.c| 2 +- crypto/bn/bn_mul.c | 2 +- crypto/bn/bn_x931p.c| 2 +- crypto/conf/conf_mod.c | 2 +- crypto/ct/ct_log.c | 2 +- crypto/dh/dh_lib.c | 2 +- crypto/dsa/dsa_lib.c| 2 +- crypto/ec/ec_key.c | 2 +- crypto/ec/ec_kmeth.c| 2 +- crypto/ec/ecp_mont.c| 2 +- crypto/ec/ecp_nist.c| 2 +- crypto/ec/ecp_nistp224.c| 2 +- crypto/ec/ecp_nistp521.c| 2 +- crypto/engine/eng_list.c| 2 +- crypto/kdf/hkdf.c | 2 +- crypto/lhash/lhash.c| 2 +- crypto/objects/o_names.c| 2 +- crypto/ocsp/ocsp_cl.c | 2 +- crypto/pkcs12/p12_init.c| 2 +- crypto/pkcs12/p12_mutl.c| 2 +- crypto/pkcs7/pk7_lib.c | 2 +- crypto/rand/md_rand.c | 2 +- crypto/rand/randfile.c | 2 +- crypto/rsa/rsa_lib.c| 2 +- crypto/x509/by_file.c | 2 +- doc/apps/crl.pod| 2 +- doc/apps/req.pod| 2 +- doc/crypto/EVP_DigestVerifyInit.pod | 2 +- engines/e_capi.c| 2 +- include/openssl/ec.h| 2 +- include/openssl/ocsp.h | 2 +- include/openssl/symhacks.h | 2 +- ssl/s3_enc.c| 2 +- test/ct_test.c | 2 +- test/recipes/30-test_evp.t | 2 +- test/secmemtest.c | 2 +- util/mkrc.pl| 2 +- 42 files changed, 42 insertions(+), 42 deletions(-) diff --git a/apps/pkey.c b/apps/pkey.c index 60e8581..5c13d8b 100644 --- a/apps/pkey.c +++ b/apps/pkey.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/apps/req.c b/apps/req.c index a691f93..a20e7c1 100644 --- a/apps/req.c +++ b/apps/req.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/config b/config index 19c0071..ef0841d 100755 --- a/config +++ b/config @@ -1,5 +1,5 @@ #!/bin/sh -# Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c index bf006d1..8f50cb8 100644 --- a/crypto/bio/b_print.c +++ b/crypto/bio/b_print.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bn/asm/x86_64-gcc.c b/crypto/bn/asm/x86_64-gcc.c index cdb54fa..621be33 100644 --- a/crypto/bn/asm/x86_64-gcc.c +++ b/crypto/bn/asm/x86_64-gcc.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bn/bn_blind.c b/crypto/bn/bn_blind.c index 7a8237c..9474e21 100644 --- a/crypto/bn/bn_blind.c +++ b/crypto/bn/bn_blind.c @@ -1,5 +1,5 @@ /* - * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved. *
[openssl-commits] [openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 7c6d372affa7d40629f51de4e076e59cf6048091 (commit) from d90d8537959683d6bc25636120b885f27bbce060 (commit) - Log - commit 7c6d372affa7d40629f51de4e076e59cf6048091 Author: Matt Caswell Date: Tue Nov 20 13:20:01 2018 + Update copyright year Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/7669) --- Summary of changes: apps/app_rand.c| 2 +- crypto/bn/asm/x86_64-gcc.c | 2 +- crypto/evp/e_rc2.c | 2 +- doc/man3/EVP_aes.pod | 2 +- doc/man3/EVP_aria.pod | 2 +- doc/man3/EVP_bf_cbc.pod| 2 +- doc/man3/EVP_camellia.pod | 2 +- doc/man3/EVP_cast5_cbc.pod | 2 +- doc/man3/EVP_des.pod | 2 +- doc/man3/EVP_idea_cbc.pod | 2 +- doc/man3/EVP_rc2_cbc.pod | 2 +- doc/man3/EVP_rc5_32_12_16_cbc.pod | 2 +- doc/man3/EVP_seed_cbc.pod | 2 +- doc/man3/SSL_CTX_set1_curves.pod | 2 +- doc/man3/SSL_CTX_set_quiet_shutdown.pod| 2 +- doc/man3/SSL_get_peer_tmp_key.pod | 2 +- doc/man3/SSL_set_shutdown.pod | 2 +- fuzz/helper.py | 2 +- include/openssl/symhacks.h | 2 +- ssl/d1_lib.c | 2 +- ssl/record/record.h| 2 +- ssl/s3_cbc.c | 2 +- test/recipes/02-test_internal_ctype.t | 2 +- test/recipes/03-test_internal_asn1.t | 2 +- test/recipes/03-test_internal_chacha.t | 2 +- test/recipes/03-test_internal_modes.t | 2 +- test/recipes/03-test_internal_poly1305.t | 2 +- test/recipes/03-test_internal_siphash.t| 2 +- test/recipes/03-test_internal_ssl_cert_table.t | 2 +- test/recipes/03-test_internal_x509.t | 2 +- test/ssl-tests/28-seclevel.conf.in | 2 +- 31 files changed, 31 insertions(+), 31 deletions(-) diff --git a/apps/app_rand.c b/apps/app_rand.c index d0b2e83..2b0bbde 100644 --- a/apps/app_rand.c +++ b/apps/app_rand.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bn/asm/x86_64-gcc.c b/crypto/bn/asm/x86_64-gcc.c index e6f1698..31839ba 100644 --- a/crypto/bn/asm/x86_64-gcc.c +++ b/crypto/bn/asm/x86_64-gcc.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/evp/e_rc2.c b/crypto/evp/e_rc2.c index 234d1eb..aa0d140 100644 --- a/crypto/evp/e_rc2.c +++ b/crypto/evp/e_rc2.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_aes.pod b/doc/man3/EVP_aes.pod index a47c7eb..4192a9e 100644 --- a/doc/man3/EVP_aes.pod +++ b/doc/man3/EVP_aes.pod @@ -176,7 +176,7 @@ L =head1 COPYRIGHT -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_aria.pod b/doc/man3/EVP_aria.pod index b98ec56..fbb7918 100644 --- a/doc/man3/EVP_aria.pod +++ b/doc/man3/EVP_aria.pod @@ -106,7 +106,7 @@ L =head1 COPYRIGHT -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_bf_cbc.pod b/doc/man3/EVP_bf_cbc.pod index 09b412d..505d41b 100644 --- a/doc/man3/EVP_bf_cbc.pod +++ b/doc/man3/EVP_bf_cbc.pod @@ -51,7 +51,7 @@ L =head1 COPYRIGHT -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
[openssl-commits] [openssl] master update
The branch master has been updated via c486283cb8e9bd6c1db7eb01d31a72e68b8dc4b8 (commit) from c1ef2852b252307d001a80409dc1ef23a3c1d874 (commit) - Log - commit c486283cb8e9bd6c1db7eb01d31a72e68b8dc4b8 Author: Matt Caswell Date: Tue Nov 20 13:13:00 2018 + Update copyright year Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/7668) --- Summary of changes: apps/app_rand.c| 2 +- crypto/bn/asm/x86_64-gcc.c | 2 +- crypto/evp/e_rc2.c | 2 +- crypto/s390xcap.c | 2 +- doc/man1/list.pod | 2 +- doc/man1/srp.pod | 2 +- doc/man3/EVP_aes.pod | 2 +- doc/man3/EVP_aria.pod | 2 +- doc/man3/EVP_bf_cbc.pod| 2 +- doc/man3/EVP_camellia.pod | 2 +- doc/man3/EVP_cast5_cbc.pod | 2 +- doc/man3/EVP_des.pod | 2 +- doc/man3/EVP_idea_cbc.pod | 2 +- doc/man3/EVP_rc2_cbc.pod | 2 +- doc/man3/EVP_rc5_32_12_16_cbc.pod | 2 +- doc/man3/EVP_seed_cbc.pod | 2 +- doc/man3/SSL_CTX_set1_curves.pod | 2 +- doc/man3/SSL_CTX_set_quiet_shutdown.pod| 2 +- doc/man3/SSL_get_peer_tmp_key.pod | 2 +- doc/man3/SSL_set_shutdown.pod | 2 +- fuzz/helper.py | 2 +- include/openssl/symhacks.h | 2 +- ssl/d1_lib.c | 2 +- ssl/record/record.h| 2 +- ssl/s3_cbc.c | 2 +- test/cipher_overhead_test.c| 2 +- test/drbgtest.h| 2 +- test/recipes/01-test_symbol_presence.t | 2 +- test/recipes/02-test_internal_ctype.t | 2 +- test/recipes/03-test_internal_asn1.t | 2 +- test/recipes/03-test_internal_chacha.t | 2 +- test/recipes/03-test_internal_modes.t | 2 +- test/recipes/03-test_internal_poly1305.t | 2 +- test/recipes/03-test_internal_siphash.t| 2 +- test/recipes/03-test_internal_ssl_cert_table.t | 2 +- test/recipes/03-test_internal_x509.t | 2 +- test/rsa_test.c| 2 +- test/ssl-tests/28-seclevel.conf.in | 2 +- test/wpackettest.c | 2 +- 39 files changed, 39 insertions(+), 39 deletions(-) diff --git a/apps/app_rand.c b/apps/app_rand.c index d0b2e83..2b0bbde 100644 --- a/apps/app_rand.c +++ b/apps/app_rand.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bn/asm/x86_64-gcc.c b/crypto/bn/asm/x86_64-gcc.c index e6f1698..31839ba 100644 --- a/crypto/bn/asm/x86_64-gcc.c +++ b/crypto/bn/asm/x86_64-gcc.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/evp/e_rc2.c b/crypto/evp/e_rc2.c index 234d1eb..aa0d140 100644 --- a/crypto/evp/e_rc2.c +++ b/crypto/evp/e_rc2.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/s390xcap.c b/crypto/s390xcap.c index 881613a..c04e52d 100644 --- a/crypto/s390xcap.c +++ b/crypto/s390xcap.c @@ -1,5 +1,5 @@ /* - * Copyright 2010-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/list.pod b/doc/man1/list.pod index ca7af49..394d70e 100644 --- a/doc/man1/list.pod +++ b/doc/man1/list.pod @@ -94,7 +94,7 @@ format described in L. =head1 COPYRIGHT -Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 548cce63dd401b89e26d049152e3f9465f82720f (commit) from d88ff8962c2fd86aeb7ca7297ca9526d0916787e (commit) - Log - commit 548cce63dd401b89e26d049152e3f9465f82720f Author: Matt Caswell Date: Tue Nov 20 10:52:53 2018 + Update CHANGES and NEWS for new release Reviewed-by: Richard Levitte Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/7667) --- Summary of changes: CHANGES | 10 ++ NEWS| 3 ++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index fde66b5..11d7232 100644 --- a/CHANGES +++ b/CHANGES @@ -22,6 +22,16 @@ (CVE-2018-5407) [Billy Brumley] + *) Timing vulnerability in DSA signature generation + + The OpenSSL DSA signature algorithm has been shown to be vulnerable to a + timing side channel attack. An attacker could use variations in the signing + algorithm to recover the private key. + + This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser. + (CVE-2018-0734) + [Paul Dale] + *) Resolve a compatibility issue in EC_GROUP handling with the FIPS Object Module, accidentally introduced while backporting security fixes from the development branch and hindering the use of ECC in FIPS mode. diff --git a/NEWS b/NEWS index 2c5f5f8..38fe668 100644 --- a/NEWS +++ b/NEWS @@ -7,7 +7,8 @@ Major changes between OpenSSL 1.0.2p and OpenSSL 1.0.2q [under development] - o + o Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407) + o Timing vulnerability in DSA signature generation (CVE-2018-0734) Major changes between OpenSSL 1.0.2o and OpenSSL 1.0.2p [14 Aug 2018] _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 503c18583a1c8910ad42d4426290f0a61daae7a6 (commit) from b1aec9e84e2d36b0c4b45633d5343a39cb1ac25f (commit) - Log - commit 503c18583a1c8910ad42d4426290f0a61daae7a6 Author: Matt Caswell Date: Tue Nov 20 10:52:53 2018 + Update CHANGES and NEWS for new release Reviewed-by: Richard Levitte Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/7666) --- Summary of changes: CHANGES | 20 NEWS| 3 ++- 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 28b9938..cb2e6b1 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,26 @@ Changes between 1.1.0i and 1.1.0j [xx XXX ] + *) Timing vulnerability in DSA signature generation + + The OpenSSL DSA signature algorithm has been shown to be vulnerable to a + timing side channel attack. An attacker could use variations in the signing + algorithm to recover the private key. + + This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser. + (CVE-2018-0734) + [Paul Dale] + + *) Timing vulnerability in ECDSA signature generation + + The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a + timing side channel attack. An attacker could use variations in the signing + algorithm to recover the private key. + + This issue was reported to OpenSSL on 25th October 2018 by Samuel Weiser. + (CVE-2018-0735) + [Paul Dale] + *) Add coordinate blinding for EC_POINT and implement projective coordinate blinding for generic prime curves as a countermeasure to chosen point SCA attacks. diff --git a/NEWS b/NEWS index ca3ed49..88a0be4 100644 --- a/NEWS +++ b/NEWS @@ -7,7 +7,8 @@ Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.0j [under development] - o + o Timing vulnerability in DSA signature generation (CVE-2018-0734) + o Timing vulnerability in ECDSA signature generation (CVE-2018-0735) Major changes between OpenSSL 1.1.0h and OpenSSL 1.1.0i [14 Aug 2018] _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via d90d8537959683d6bc25636120b885f27bbce060 (commit) from cc330c704d961e51eae561a4dff425965c656914 (commit) - Log - commit d90d8537959683d6bc25636120b885f27bbce060 Author: Matt Caswell Date: Tue Nov 20 10:52:53 2018 + Update CHANGES and NEWS for new release Reviewed-by: Richard Levitte Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/7664) --- Summary of changes: CHANGES | 20 NEWS| 3 ++- 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index cf45875..aafc262 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,26 @@ Changes between 1.1.1 and 1.1.1a [xx XXX ] + *) Timing vulnerability in DSA signature generation + + The OpenSSL DSA signature algorithm has been shown to be vulnerable to a + timing side channel attack. An attacker could use variations in the signing + algorithm to recover the private key. + + This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser. + (CVE-2018-0734) + [Paul Dale] + + *) Timing vulnerability in ECDSA signature generation + + The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a + timing side channel attack. An attacker could use variations in the signing + algorithm to recover the private key. + + This issue was reported to OpenSSL on 25th October 2018 by Samuel Weiser. + (CVE-2018-0735) + [Paul Dale] + *) Added EVP_PKEY_ECDH_KDF_X9_63 and ecdh_KDF_X9_63() as replacements for the EVP_PKEY_ECDH_KDF_X9_62 KDF type and ECDH_KDF_X9_62(). The old names are retained for backwards compatibility. diff --git a/NEWS b/NEWS index 4026385..410e845 100644 --- a/NEWS +++ b/NEWS @@ -7,7 +7,8 @@ Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.1a [under development] - o + o Timing vulnerability in DSA signature generation (CVE-2018-0734) + o Timing vulnerability in ECDSA signature generation (CVE-2018-0735) Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [11 Sep 2018] _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via c1ef2852b252307d001a80409dc1ef23a3c1d874 (commit) from 9694ebf753e571a55935a63b4df8016e7bd3248d (commit) - Log - commit c1ef2852b252307d001a80409dc1ef23a3c1d874 Author: Matt Caswell Date: Tue Nov 20 10:52:53 2018 + Update CHANGES and NEWS for new release Reviewed-by: Richard Levitte Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/7663) --- Summary of changes: CHANGES | 22 +- NEWS| 5 + 2 files changed, 26 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index df6e6b1..95bced8 100644 --- a/CHANGES +++ b/CHANGES @@ -55,7 +55,27 @@ list of built in objects, i.e. OIDs with names. [Richard Levitte] - Changes between 1.1.1 and 1.1.1a [xx XXX ] + Changes between 1.1.1 and 1.1.1a [20 Nov 2018] + + *) Timing vulnerability in DSA signature generation + + The OpenSSL DSA signature algorithm has been shown to be vulnerable to a + timing side channel attack. An attacker could use variations in the signing + algorithm to recover the private key. + + This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser. + (CVE-2018-0734) + [Paul Dale] + + *) Timing vulnerability in ECDSA signature generation + + The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a + timing side channel attack. An attacker could use variations in the signing + algorithm to recover the private key. + + This issue was reported to OpenSSL on 25th October 2018 by Samuel Weiser. + (CVE-2018-0735) + [Paul Dale] *) Fixed the issue that RAND_add()/RAND_seed() silently discards random input if its length exceeds 4096 bytes. The limit has been raised to a buffer size diff --git a/NEWS b/NEWS index 56aab21..df16b78 100644 --- a/NEWS +++ b/NEWS @@ -10,6 +10,11 @@ o Added EVP_MAC, an EVP layer MAC API, and a generic EVP_PKEY to EVP_MAC bridge. + Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.1a [20 Nov 2018] + + o Timing vulnerability in DSA signature generation (CVE-2018-0734) + o Timing vulnerability in ECDSA signature generation (CVE-2018-0735) + Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [11 Sep 2018] o Support for TLSv1.3 added (see https://wiki.openssl.org/index.php/TLS1.3 _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via d88ff8962c2fd86aeb7ca7297ca9526d0916787e (commit) from 84b4759dbd0d7917091d20cd78712a20afb57d9b (commit) - Log - commit d88ff8962c2fd86aeb7ca7297ca9526d0916787e Author: Richard Levitte Date: Tue Nov 20 12:11:38 2018 +0100 VMS: ensure crypto/getenv.c is included in the build Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/7665) --- Summary of changes: crypto/crypto-lib.com | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/crypto-lib.com b/crypto/crypto-lib.com index 37dc418..efed110 100644 --- a/crypto/crypto-lib.com +++ b/crypto/crypto-lib.com @@ -214,7 +214,8 @@ $! The contents of these variables are copied from the LIBOBJ variable in the $! corresponding Makefile from each corresponding subdirectory, with .o stripped $! and spaces replaced with commas. $ LIB_ = "cryptlib,mem,mem_dbg,cversion,ex_data,cpt_err,ebcdic,"+ - - "uid,o_time,o_str,o_dir,o_fips,o_init,fips_ers,mem_clr" + "uid,o_time,o_str,o_dir,o_fips,o_init,fips_ers,mem_clr,"+ - + "getenv" $ LIB_OBJECTS = "o_names,obj_dat,obj_lib,obj_err,obj_xref" $ LIB_MD2 = "md2_dgst,md2_one" $ LIB_MD4 = "md4_dgst,md4_one" _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits