[openssl] master update

matthias.st.pierre at ncp-e.com matthias.st.pierre at ncp-e.com
Thu Mar 19 00:06:35 UTC 2020 

The branch master has been updated
       via  8658feddea6aef5cf5cbb1cfbf6b1817fa432051 (commit)
      from  ad090d57e223f3dbac43e724ed9be7ebf5629fcd (commit)


- Log -----------------------------------------------------------------
commit 8658feddea6aef5cf5cbb1cfbf6b1817fa432051
Author: Dr. Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
Date:   Tue Mar 17 17:25:51 2020 +0100

    Update CHANGES and NEWS for 1.1.1e release
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/11346)

-----------------------------------------------------------------------

Summary of changes:
 CHANGES.md | 28 +++++++++++++++++++++++++++-
 NEWS.md    | 10 ++++++++++
 2 files changed, 37 insertions(+), 1 deletion(-)

diff --git a/CHANGES.md b/CHANGES.md
index c552e9a0a8..d2aaec9fbe 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -938,7 +938,33 @@ OpenSSL 3.0
 OpenSSL 1.1.1
 -------------
 
-### Changes between 1.1.1d and 1.1.1e [xx XXX xxxx] ###
+### Changes between 1.1.1e and 1.1.1f [xx XXX xxxx] ###
+
+
+### Changes between 1.1.1d and 1.1.1e [17 Mar 2020] ###
+
+ * Properly detect EOF while reading in libssl. Previously if we hit an EOF
+   while reading in libssl then we would report an error back to the
+   application (SSL_ERROR_SYSCALL) but errno would be 0. We now add
+   an error to the stack (which means we instead return SSL_ERROR_SSL) and
+   therefore give a hint as to what went wrong.
+
+   *Matt Caswell*
+
+ * Check that ed25519 and ed448 are allowed by the security level. Previously
+   signature algorithms not using an MD were not being checked that they were
+   allowed by the security level.
+
+   *Kurt Roeckx*
+
+ * Fixed SSL_get_servername() behaviour. The behaviour of SSL_get_servername()
+   was not quite right. The behaviour was not consistent between resumption
+   and normal handshakes, and also not quite consistent with historical
+   behaviour. The behaviour in various scenarios has been clarified and
+   it has been updated to make it match historical behaviour as closely as
+   possible.
+
+   *Matt Caswell*
 
  * *[VMS only]* The header files that the VMS compilers include automatically,
    `__DECC_INCLUDE_PROLOGUE.H` and `__DECC_INCLUDE_EPILOGUE.H`, use pragmas
diff --git a/NEWS.md b/NEWS.md
index 434f306e11..10a38b2aaf 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -57,6 +57,15 @@ OpenSSL 3.0
 OpenSSL 1.1.1
 -------------
 
+### Major changes between OpenSSL 1.1.1e and OpenSSL 1.1.1f [under development] ###
+
+  * 
+
+### Major changes between OpenSSL 1.1.1d and OpenSSL 1.1.1e [17 Mar 2020] ###
+
+  * Fixed an overflow bug in the x64_64 Montgomery squaring procedure
+    used in exponentiation with 512-bit moduli ([CVE-2019-1551][])
+
 ### Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [10 Sep 2019] ###
 
   * Fixed a fork protection issue ([CVE-2019-1549][])
@@ -1295,6 +1304,7 @@ OpenSSL 0.9.x
 [CVE-2019-1563]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1563
 [CVE-2019-1559]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1559
 [CVE-2019-1552]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1552
+[CVE-2019-1551]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1551
 [CVE-2019-1549]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1549
 [CVE-2019-1547]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1547
 [CVE-2019-1543]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1543

More information about the openssl-commits mailing list