[openssl] OpenSSL_1_1_1-stable update
Matt Caswell
matt at openssl.org
Tue Sep 10 09:52:29 UTC 2019
The branch OpenSSL_1_1_1-stable has been updated
via 7ff84d88036237dc36f4c2cf2dc814e4bf611084 (commit)
from 79f5e2f4b9d9886d1b0da09c2eb3e397bcf82876 (commit)
- Log -----------------------------------------------------------------
commit 7ff84d88036237dc36f4c2cf2dc814e4bf611084
Author: Matt Caswell <matt at openssl.org>
Date: Tue Sep 10 10:26:07 2019 +0100
Update CHANGES and NEWS for the new release
Reviewed-by: Paul Dale <paul.dale at oracle.com>
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9841)
-----------------------------------------------------------------------
Summary of changes:
CHANGES | 28 ++++++++++++++++++++++++++++
NEWS | 15 ++++++++++++++-
2 files changed, 42 insertions(+), 1 deletion(-)
diff --git a/CHANGES b/CHANGES
index 1b9299fba7..6679f6ed5f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,33 @@
Changes between 1.1.1c and 1.1.1d [xx XXX xxxx]
+ *) Fixed a fork protection issue. OpenSSL 1.1.1 introduced a rewritten random
+ number generator (RNG). This was intended to include protection in the
+ event of a fork() system call in order to ensure that the parent and child
+ processes did not share the same RNG state. However this protection was not
+ being used in the default case.
+
+ A partial mitigation for this issue is that the output from a high
+ precision timer is mixed into the RNG state so the likelihood of a parent
+ and child process sharing state is significantly reduced.
+
+ If an application already calls OPENSSL_init_crypto() explicitly using
+ OPENSSL_INIT_ATFORK then this problem does not occur at all.
+ (CVE-2019-1549)
+ [Matthias St. Pierre]
+
+ *) Fixed a padding oracle in PKCS7_decrypt() and CMS_decrypt(). In situations
+ where an attacker receives automated notification of the success or failure
+ of a decryption attempt an attacker, after sending a very large number of
+ messages to be decrypted, can recover a CMS/PKCS7 transported encryption
+ key or decrypt any RSA encrypted message that was encrypted with the public
+ RSA key, using a Bleichenbacher padding oracle attack. Applications are not
+ affected if they use a certificate together with the private RSA key to the
+ CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info
+ to decrypt.
+ (CVE-2019-1563)
+ [Bernd Edlinger]
+
*) For built-in EC curves, ensure an EC_GROUP built from the curve name is
used even when parsing explicit parameters, when loading a serialized key
or calling `EC_GROUP_new_from_ecpkparameters()`/
@@ -70,6 +97,7 @@
was decided to revert this feature and leave it up to the OS
resp. the platform maintainer to ensure a proper initialization
during early boot time.
+ [Matthias St. Pierre]
Changes between 1.1.1b and 1.1.1c [28 May 2019]
diff --git a/NEWS b/NEWS
index f6264bf6b7..22be168091 100644
--- a/NEWS
+++ b/NEWS
@@ -7,7 +7,20 @@
Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [under development]
- o
+ o Fixed a fork protection issue (CVE-2019-1549)
+ o Fixed a padding oracle in PKCS7_decrypt() and CMS_decrypt()
+ (CVE-2019-1563)
+ o For built-in EC curves, ensure an EC_GROUP built from the curve name is
+ used even when parsing explicit parameters
+ o Compute ECC cofactors if not provided during EC_GROUP construction
+ (CVE-2019-1547)
+ o Early start up entropy quality from the DEVRANDOM seed source has been
+ improved for older Linux systems
+ o Correct the extended master secret constant on EBCDIC systems
+ o Use Windows installation paths in the mingw builds (CVE-2019-1552)
+ o Changed DH_check to accept parameters with order q and 2q subgroups
+ o Significantly reduce secure memory usage by the randomness pools
+ o Revert the DEVRANDOM_WAIT feature for Linux systems
Major changes between OpenSSL 1.1.1b and OpenSSL 1.1.1c [28 May 2019]
More information about the openssl-commits
mailing list