[openssl] OpenSSL_1_1_1-stable update

Matt Caswell matt at openssl.org
Tue Mar 17 13:44:09 UTC 2020


The branch OpenSSL_1_1_1-stable has been updated
       via  48a09ebc273f98380a7578c4243adc0e14f8f2db (commit)
       via  5a77b55cdc142acad28b8e78db0d8990c0f48724 (commit)
      from  19599138463e910a9ee4cfa122e941752491ffc3 (commit)


- Log -----------------------------------------------------------------
commit 48a09ebc273f98380a7578c4243adc0e14f8f2db
Author: Matt Caswell <matt at openssl.org>
Date:   Tue Mar 17 11:24:20 2020 +0000

    Update CHANGES for the new release
    
    Reviewed-by: Mark J. Cox <mark at awe.com>
    (Merged from https://github.com/openssl/openssl/pull/11342)

commit 5a77b55cdc142acad28b8e78db0d8990c0f48724
Author: Matt Caswell <matt at openssl.org>
Date:   Tue Mar 17 10:11:28 2020 +0000

    Update NEWS for the new release
    
    Reviewed-by: Mark J. Cox <mark at awe.com>
    (Merged from https://github.com/openssl/openssl/pull/11342)

-----------------------------------------------------------------------

Summary of changes:
 CHANGES | 19 +++++++++++++++++++
 NEWS    |  3 ++-
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index 8c29dfae55..005ea56d40 100644
--- a/CHANGES
+++ b/CHANGES
@@ -8,6 +8,25 @@
  release branch.
 
  Changes between 1.1.1d and 1.1.1e [xx XXX xxxx]
+  *) Properly detect EOF while reading in libssl. Previously if we hit an EOF
+     while reading in libssl then we would report an error back to the
+     application (SSL_ERROR_SYSCALL) but errno would be 0. We now add
+     an error to the stack (which means we instead return SSL_ERROR_SSL) and
+     therefore give a hint as to what went wrong.
+     [Matt Caswell]
+
+  *) Check that ed25519 and ed448 are allowed by the security level. Previously
+     signature algorithms not using an MD were not being checked that they were
+     allowed by the security level.
+     [Kurt Roeckx]
+
+  *) Fixed SSL_get_servername() behaviour. The behaviour of SSL_get_servername()
+     was not quite right. The behaviour was not consistent between resumption
+     and normal handshakes, and also not quite consistent with historical
+     behaviour. The behaviour in various scenarios has been clarified and
+     it has been updated to make it match historical behaviour as closely as
+     possible.
+     [Matt Caswell]
 
   *) [VMS only] The header files that the VMS compilers include automatically,
      __DECC_INCLUDE_PROLOGUE.H and __DECC_INCLUDE_EPILOGUE.H, use pragmas that
diff --git a/NEWS b/NEWS
index 4af390505d..2d2cf66c60 100644
--- a/NEWS
+++ b/NEWS
@@ -7,7 +7,8 @@
 
   Major changes between OpenSSL 1.1.1d and OpenSSL 1.1.1e [under development]
 
-      o
+      o Fixed an overflow bug in the x64_64 Montgomery squaring procedure
+        used in exponentiation with 512-bit moduli (CVE-2019-1551)
 
   Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [10 Sep 2019]
 


More information about the openssl-commits mailing list