[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Tue Aug 14 09:55:58 UTC 2018
The branch master has been updated
via 80162ad645f8982102d6994b9ea9ca6c371e933d (commit)
from 2369111fd94ebc9b7d37e68f3ea9629f2fe5fa2e (commit)
- Log -----------------------------------------------------------------
commit 80162ad645f8982102d6994b9ea9ca6c371e933d
Author: Matt Caswell <matt at openssl.org>
Date: Tue Aug 14 10:43:29 2018 +0100
Updates to CHANGES and NEWS for the new release.
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6949)
-----------------------------------------------------------------------
Summary of changes:
CHANGES | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
NEWS | 5 +++++
2 files changed, 61 insertions(+)
diff --git a/CHANGES b/CHANGES
index 8c67dab..8d07a23 100644
--- a/CHANGES
+++ b/CHANGES
@@ -465,6 +465,62 @@
Changes between 1.1.0h and 1.1.0i [xx XXX xxxx]
+ *) Client DoS due to large DH parameter
+
+ During key agreement in a TLS handshake using a DH(E) based ciphersuite a
+ malicious server can send a very large prime value to the client. This will
+ cause the client to spend an unreasonably long period of time generating a
+ key for this prime resulting in a hang until the client has finished. This
+ could be exploited in a Denial Of Service attack.
+
+ This issue was reported to OpenSSL on 5th June 2018 by Guido Vranken
+ (CVE-2018-0732)
+ [Guido Vranken]
+
+ *) Cache timing vulnerability in RSA Key Generation
+
+ The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to
+ a cache timing side channel attack. An attacker with sufficient access to
+ mount cache timing attacks during the RSA key generation process could
+ recover the private key.
+
+ This issue was reported to OpenSSL on 4th April 2018 by Alejandro Cabrera
+ Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia.
+ (CVE-2018-0737)
+ [Billy Brumley]
+
+ *) Make EVP_PKEY_asn1_new() a bit stricter about its input. A NULL pem_str
+ parameter is no longer accepted, as it leads to a corrupt table. NULL
+ pem_str is reserved for alias entries only.
+ [Richard Levitte]
+
+ *) Revert blinding in ECDSA sign and instead make problematic addition
+ length-invariant. Switch even to fixed-length Montgomery multiplication.
+ [Andy Polyakov]
+
+ *) Change generating and checking of primes so that the error rate of not
+ being prime depends on the intended use based on the size of the input.
+ For larger primes this will result in more rounds of Miller-Rabin.
+ The maximal error rate for primes with more than 1080 bits is lowered
+ to 2^-128.
+ [Kurt Roeckx, Annie Yousar]
+
+ *) Increase the number of Miller-Rabin rounds for DSA key generating to 64.
+ [Kurt Roeckx]
+
+ *) Add blinding to ECDSA and DSA signatures to protect against side channel
+ attacks discovered by Keegan Ryan (NCC Group).
+ [Matt Caswell]
+
+ *) When unlocking a pass phrase protected PEM file or PKCS#8 container, we
+ now allow empty (zero character) pass phrases.
+ [Richard Levitte]
+
+ *) Certificate time validation (X509_cmp_time) enforces stricter
+ compliance with RFC 5280. Fractional seconds and timezone offsets
+ are no longer allowed.
+ [Emilia Käsper]
+
*) Fixed a text canonicalisation bug in CMS
Where a CMS detached signature is used with text content the text goes
diff --git a/NEWS b/NEWS
index 60c841f..1f98b93 100644
--- a/NEWS
+++ b/NEWS
@@ -22,6 +22,11 @@
o Add support for SipHash
o Grand redesign of the OpenSSL random generator
+ Major changes between OpenSSL 1.1.0h and OpenSSL 1.1.0i [under development]
+
+ o Client DoS due to large DH parameter (CVE-2018-0732)
+ o Cache timing vulnerability in RSA Key Generation (CVE-2018-0737)
+
Major changes between OpenSSL 1.1.0g and OpenSSL 1.1.0h [under development]
o Constructed ASN.1 types with a recursive definition could exceed the
More information about the openssl-commits
mailing list