diff options
author | Matt Caswell <matt@openssl.org> | 2021-02-16 12:17:04 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2021-02-16 12:33:40 +0000 |
commit | 8b02603cedc8fbdf9901aa2cc71877c28adbcaf2 (patch) | |
tree | 15dda126e89df57a37101e5c0b2c9976ff2b641e | |
parent | 6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1 (diff) |
Update CHANGES and NEWS for new release
Reviewed-by: Richard Levitte <levitte@openssl.org>
-rw-r--r-- | CHANGES | 27 | ||||
-rw-r--r-- | NEWS | 8 |
2 files changed, 33 insertions, 2 deletions
@@ -9,7 +9,32 @@ Changes between 1.1.1i and 1.1.1j [xx XXX xxxx] - *) Fixed SRP_Calc_client_key so that it uses constant time. The previous + *) Fixed the X509_issuer_and_serial_hash() function. It attempts to + create a unique hash value based on the issuer and serial number data + contained within an X509 certificate. However it was failing to correctly + handle any errors that may occur while parsing the issuer field (which might + occur if the issuer field is maliciously constructed). This may subsequently + result in a NULL pointer deref and a crash leading to a potential denial of + service attack. + (CVE-2021-23841) + [Matt Caswell] + + *) Fixed the RSA_padding_check_SSLv23() function and the RSA_SSLV23_PADDING + padding mode to correctly check for rollback attacks. This is considered a + bug in OpenSSL 1.1.1 because it does not support SSLv2. In 1.0.2 this is + CVE-2021-23839. + [Matt Caswell] + + *) Fixed the EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate + functions. Previously they could overflow the output length argument in some + cases where the input length is close to the maximum permissable length for + an integer on the platform. In such cases the return value from the function + call would be 1 (indicating success), but the output length value would be + negative. This could cause applications to behave incorrectly or crash. + (CVE-2021-23840) + [Matt Caswell] + + *) Fixed SRP_Calc_client_key so that it runs in constant time. The previous implementation called BN_mod_exp without setting BN_FLG_CONSTTIME. This could be exploited in a side channel attack to recover the password. Since the attack is local host only this is outside of the current OpenSSL @@ -7,7 +7,13 @@ Major changes between OpenSSL 1.1.1i and OpenSSL 1.1.1j [under development] - o + o Fixed a NULL pointer deref in the X509_issuer_and_serial_hash() + function (CVE-2021-23841) + o Fixed the RSA_padding_check_SSLv23() function and the RSA_SSLV23_PADDING + padding mode to correctly check for rollback attacks + o Fixed an overflow in the EVP_CipherUpdate, EVP_EncryptUpdate and + EVP_DecryptUpdate functions (CVE-2021-23840) + o Fixed SRP_Calc_client_key so that it runs in constant time Major changes between OpenSSL 1.1.1h and OpenSSL 1.1.1i [8 Dec 2020] |