Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update openssl1.1.1b #26327

Closed
wants to merge 5 commits into from
Closed
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
3 changes: 0 additions & 3 deletions deps/openssl/openssl/.gitattributes

This file was deleted.

14 changes: 0 additions & 14 deletions deps/openssl/openssl/.github/PULL_REQUEST_TEMPLATE.md

This file was deleted.

11 changes: 0 additions & 11 deletions deps/openssl/openssl/.gitmodules

This file was deleted.

15 changes: 0 additions & 15 deletions deps/openssl/openssl/.travis-apt-pin.preferences

This file was deleted.

11 changes: 0 additions & 11 deletions deps/openssl/openssl/.travis-create-release.sh

This file was deleted.

254 changes: 0 additions & 254 deletions deps/openssl/openssl/.travis.yml

This file was deleted.

38 changes: 38 additions & 0 deletions deps/openssl/openssl/CHANGES
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,44 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.

Changes between 1.1.1a and 1.1.1b [26 Feb 2019]

*) Added SCA hardening for modular field inversion in EC_GROUP through
a new dedicated field_inv() pointer in EC_METHOD.
This also addresses a leakage affecting conversions from projective
to affine coordinates.
[Billy Bob Brumley, Nicola Tuveri]

*) Change the info callback signals for the start and end of a post-handshake
message exchange in TLSv1.3. In 1.1.1/1.1.1a we used SSL_CB_HANDSHAKE_START
and SSL_CB_HANDSHAKE_DONE. Experience has shown that many applications get
confused by this and assume that a TLSv1.2 renegotiation has started. This
can break KeyUpdate handling. Instead we no longer signal the start and end
of a post handshake message exchange (although the messages themselves are
still signalled). This could break some applications that were expecting
the old signals. However without this KeyUpdate is not usable for many
applications.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FWIW, this is openssl/openssl@37857e9. That change looks safe to me in the sense of no observable change with TLS <= 1.2 (and TLSv1.3 isn't an issue for us just yet.) Agree/disagree?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not just safe for TSL1.3, necessary. I'm floating this on #26209 and can drop it from there once 1.1.1b is merged.

[Matt Caswell]

*) Fix a bug in the computation of the endpoint-pair shared secret used
by DTLS over SCTP. This breaks interoperability with older versions
of OpenSSL like OpenSSL 1.1.0 and OpenSSL 1.0.2. There is a runtime
switch SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG (off by default) enabling
interoperability with such broken implementations. However, enabling
this switch breaks interoperability with correct implementations.

*) Fix a use after free bug in d2i_X509_PUBKEY when overwriting a
re-used X509_PUBKEY object if the second PUBKEY is malformed.
[Bernd Edlinger]

*) Move strictness check from EVP_PKEY_asn1_new() to EVP_PKEY_asn1_add0().
[Richard Levitte]

*) Remove the 'dist' target and add a tarball building script. The
'dist' target has fallen out of use, and it shouldn't be
necessary to configure just to create a source distribution.
[Richard Levitte]

Changes between 1.1.1 and 1.1.1a [20 Nov 2018]

*) Timing vulnerability in DSA signature generation
Expand Down
2 changes: 1 addition & 1 deletion deps/openssl/openssl/CONTRIBUTING
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ guidelines:
7. For user visible changes (API changes, behaviour changes, ...),
consider adding a note in CHANGES. This could be a summarising
description of the change, and could explain the grander details.
Have a look through existing entries for inspiration.
Have a look through existing entries for inspiration.
Please note that this is NOT simply a copy of git-log oneliners.
Also note that security fixes get an entry in CHANGES.
This file helps users get more in depth information of what comes
Expand Down
2 changes: 1 addition & 1 deletion deps/openssl/openssl/Configurations/00-base-templates.conf
Original file line number Diff line number Diff line change
Expand Up @@ -306,7 +306,7 @@ my %targets=(
sha1_asm_src => "sha1-armv4-large.S sha256-armv4.S sha512-armv4.S",
modes_asm_src => "ghash-armv4.S ghashv8-armx.S",
chacha_asm_src => "chacha-armv4.S",
poly1305_asm_src=> "poly1305-armv4.S",
poly1305_asm_src=> "poly1305-armv4.S",
keccak1600_asm_src => "keccak1600-armv4.S",
perlasm_scheme => "void"
},
Expand Down
Loading