[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
Matt Caswell
matt at openssl.org
Thu Nov 2 14:54:58 UTC 2017
The branch OpenSSL_1_1_0-stable has been updated
via 382253938fd95d8ac65c56ba74b5cf95b05f6ebf (commit)
via b2758a2292aceda93e9f44c219b94fe21bb9a650 (commit)
via 6190960c263af2533cba8660580b71849ad6699b (commit)
via 4443cf7aa0099e5ce615c18cee249fff77fb0871 (commit)
from b701fa8340944c2a0481457f96e7f38b03180c24 (commit)
- Log -----------------------------------------------------------------
commit 382253938fd95d8ac65c56ba74b5cf95b05f6ebf
Author: Matt Caswell <matt at openssl.org>
Date: Thu Nov 2 14:30:01 2017 +0000
Prepare for 1.1.0h-dev
Reviewed-by: Andy Polyakov <appro at openssl.org>
commit b2758a2292aceda93e9f44c219b94fe21bb9a650
Author: Matt Caswell <matt at openssl.org>
Date: Thu Nov 2 14:29:01 2017 +0000
Prepare for 1.1.0g release
Reviewed-by: Andy Polyakov <appro at openssl.org>
commit 6190960c263af2533cba8660580b71849ad6699b
Author: Matt Caswell <matt at openssl.org>
Date: Thu Nov 2 11:23:17 2017 +0000
Update CHANGES and NEWS for new release
Reviewed-by: Andy Polyakov <appro at openssl.org>
commit 4443cf7aa0099e5ce615c18cee249fff77fb0871
Author: Andy Polyakov <appro at openssl.org>
Date: Thu Aug 17 21:08:57 2017 +0200
bn/asm/x86_64-mont5.pl: fix carry bug in bn_sqrx8x_internal.
Credit to OSS-Fuzz for finding this.
CVE-2017-3736
Reviewed-by: Rich Salz <rsalz at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
CHANGES | 38 +++++++++++++++++++++++++++++++++++++-
NEWS | 7 ++++++-
README | 2 +-
crypto/bn/asm/x86_64-mont5.pl | 12 ++++++++++--
include/openssl/opensslv.h | 6 +++---
5 files changed, 57 insertions(+), 8 deletions(-)
diff --git a/CHANGES b/CHANGES
index b237273..a8cea3a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -7,11 +7,47 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
- Changes between 1.1.0f and 1.1.0g [xx XXX xxxx]
+ Changes between 1.1.0g and 1.1.0h [xx XXX xxxx]
+
+ *)
+
+ Changes between 1.1.0f and 1.1.0g [2 Nov 2017]
+
+ *) bn_sqrx8x_internal carry bug on x86_64
+
+ There is a carry propagating bug in the x86_64 Montgomery squaring
+ procedure. No EC algorithms are affected. Analysis suggests that attacks
+ against RSA and DSA as a result of this defect would be very difficult to
+ perform and are not believed likely. Attacks against DH are considered just
+ feasible (although very difficult) because most of the work necessary to
+ deduce information about a private key may be performed offline. The amount
+ of resources required for such an attack would be very significant and
+ likely only accessible to a limited number of attackers. An attacker would
+ additionally need online access to an unpatched system using the target
+ private key in a scenario with persistent DH parameters and a private
+ key that is shared between multiple clients.
+
+ This only affects processors that support the BMI1, BMI2 and ADX extensions
+ like Intel Broadwell (5th generation) and later or AMD Ryzen.
+
+ This issue was reported to OpenSSL by the OSS-Fuzz project.
+ (CVE-2017-3736)
+ [Andy Polyakov]
+
+ *) Malformed X.509 IPAddressFamily could cause OOB read
+
+ If an X.509 certificate has a malformed IPAddressFamily extension,
+ OpenSSL could do a one-byte buffer overread. The most likely result
+ would be an erroneous display of the certificate in text format.
+
+ This issue was reported to OpenSSL by the OSS-Fuzz project.
+ (CVE-2017-3735)
+ [Rich Salz]
*) Ignore the '-named_curve auto' value for compatibility of applications
with OpenSSL 1.0.2.
[Tomas Mraz <tmraz at fedoraproject.org>]
+
*) Support for SSL_OP_NO_ENCRYPT_THEN_MAC in SSL_CONF_cmd.
[Emilia Käsper]
diff --git a/NEWS b/NEWS
index 0332a0c..3a58d25 100644
--- a/NEWS
+++ b/NEWS
@@ -5,10 +5,15 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
- Major changes between OpenSSL 1.1.0f and OpenSSL 1.1.0g [under development]
+ Major changes between OpenSSL 1.1.0g and OpenSSL 1.1.0h [under development]
o
+ Major changes between OpenSSL 1.1.0f and OpenSSL 1.1.0g [2 Nov 2017]
+
+ o bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
+ o Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735)
+
Major changes between OpenSSL 1.1.0e and OpenSSL 1.1.0f [25 May 2017]
o config now recognises 64-bit mingw and chooses mingw64 instead of mingw
diff --git a/README b/README
index 6f88dc7..ae5e5e7 100644
--- a/README
+++ b/README
@@ -1,5 +1,5 @@
- OpenSSL 1.1.0g-dev
+ OpenSSL 1.1.0h-dev
Copyright (c) 1998-2016 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
diff --git a/crypto/bn/asm/x86_64-mont5.pl b/crypto/bn/asm/x86_64-mont5.pl
index 6807ab5..5779059 100755
--- a/crypto/bn/asm/x86_64-mont5.pl
+++ b/crypto/bn/asm/x86_64-mont5.pl
@@ -3099,11 +3099,19 @@ $code.=<<___;
.align 32
.Lsqrx8x_break:
- sub 16+8(%rsp),%r8 # consume last carry
+ xor $zero,$zero
+ sub 16+8(%rsp),%rbx # mov 16(%rsp),%cf
+ adcx $zero,%r8
mov 24+8(%rsp),$carry # initial $tptr, borrow $carry
+ adcx $zero,%r9
mov 0*8($aptr),%rdx # a[8], modulo-scheduled
- xor %ebp,%ebp # xor $zero,$zero
+ adc \$0,%r10
mov %r8,0*8($tptr)
+ adc \$0,%r11
+ adc \$0,%r12
+ adc \$0,%r13
+ adc \$0,%r14
+ adc \$0,%r15
cmp $carry,$tptr # cf=0, of=0
je .Lsqrx8x_outer_loop
diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h
index ae56705..47cb0bf 100644
--- a/include/openssl/opensslv.h
+++ b/include/openssl/opensslv.h
@@ -39,11 +39,11 @@ extern "C" {
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-# define OPENSSL_VERSION_NUMBER 0x10100070L
+# define OPENSSL_VERSION_NUMBER 0x10100080L
# ifdef OPENSSL_FIPS
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0g-fips-dev xx XXX xxxx"
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0h-fips-dev xx XXX xxxx"
# else
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0g-dev xx XXX xxxx"
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0h-dev xx XXX xxxx"
# endif
/*-
More information about the openssl-commits
mailing list