Update CHANGES and NEWS for new release
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell
3 years ago
| 8 | 8 |
|
| 9 | 9 |
Changes between 1.1.1i and 1.1.1j [xx XXX xxxx]
|
| 10 | 10 |
|
| 11 | |
*) Fixed SRP_Calc_client_key so that it uses constant time. The previous
|
|
11 |
*) Fixed the X509_issuer_and_serial_hash() function. It attempts to
|
|
12 |
create a unique hash value based on the issuer and serial number data
|
|
13 |
contained within an X509 certificate. However it was failing to correctly
|
|
14 |
handle any errors that may occur while parsing the issuer field (which might
|
|
15 |
occur if the issuer field is maliciously constructed). This may subsequently
|
|
16 |
result in a NULL pointer deref and a crash leading to a potential denial of
|
|
17 |
service attack.
|
|
18 |
(CVE-2021-23841)
|
|
19 |
[Matt Caswell]
|
|
20 |
|
|
21 |
*) Fixed the RSA_padding_check_SSLv23() function and the RSA_SSLV23_PADDING
|
|
22 |
padding mode to correctly check for rollback attacks. This is considered a
|
|
23 |
bug in OpenSSL 1.1.1 because it does not support SSLv2. In 1.0.2 this is
|
|
24 |
CVE-2021-23839.
|
|
25 |
[Matt Caswell]
|
|
26 |
|
|
27 |
*) Fixed the EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate
|
|
28 |
functions. Previously they could overflow the output length argument in some
|
|
29 |
cases where the input length is close to the maximum permissable length for
|
|
30 |
an integer on the platform. In such cases the return value from the function
|
|
31 |
call would be 1 (indicating success), but the output length value would be
|
|
32 |
negative. This could cause applications to behave incorrectly or crash.
|
|
33 |
(CVE-2021-23840)
|
|
34 |
[Matt Caswell]
|
|
35 |
|
|
36 |
*) Fixed SRP_Calc_client_key so that it runs in constant time. The previous
|
| 12 | 37 |
implementation called BN_mod_exp without setting BN_FLG_CONSTTIME. This
|
| 13 | 38 |
could be exploited in a side channel attack to recover the password. Since
|
| 14 | 39 |
the attack is local host only this is outside of the current OpenSSL
|
| 6 | 6 |
|
| 7 | 7 |
Major changes between OpenSSL 1.1.1i and OpenSSL 1.1.1j [under development]
|
| 8 | 8 |
|
| 9 | |
o
|
|
9 |
o Fixed a NULL pointer deref in the X509_issuer_and_serial_hash()
|
|
10 |
function (CVE-2021-23841)
|
|
11 |
o Fixed the RSA_padding_check_SSLv23() function and the RSA_SSLV23_PADDING
|
|
12 |
padding mode to correctly check for rollback attacks
|
|
13 |
o Fixed an overflow in the EVP_CipherUpdate, EVP_EncryptUpdate and
|
|
14 |
EVP_DecryptUpdate functions (CVE-2021-23840)
|
|
15 |
o Fixed SRP_Calc_client_key so that it runs in constant time
|
| 10 | 16 |
|
| 11 | 17 |
Major changes between OpenSSL 1.1.1h and OpenSSL 1.1.1i [8 Dec 2020]
|
| 12 | 18 |
|