From matt at openssl.org  Tue Feb  9 17:33:54 2021
From: matt at openssl.org (Matt Caswell)
Date: Tue, 9 Feb 2021 17:33:54 +0000
Subject: Forthcoming OpenSSL Release
Message-ID: <bb9fc59d-d65b-33c3-5f3a-3117d3e3d1f4@openssl.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

The OpenSSL project team would like to announce the forthcoming
release of OpenSSL version 1.1.1j.

This release will be made available on Tuesday 16th February 2021
between 1300-1700 UTC.

OpenSSL 1.1.1j is a security-fix release. The highest severity issue
fixed in this release is MODERATE:
https://www.openssl.org/policies/secpolicy.html#moderate

Yours

The OpenSSL Project Team
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmAix4IACgkQ2cTSbQ5g
RJEObwgAkM5/Nx3KjqX1Uj69C6b+8Cxx2ijdfei4wQjkVhLqZLteZpKDE0QBAHsV
wGc3cwv1AyPnNfgWvfUwj0k5mRr67fYkz+iAJiNisLc40k0+xPd9F2F804TvKQh2
6HPRY2+AEpQD6nuxJejIOBZruDbFaXRzh1rloQggE9tqUoLslQbYhkrR6BRiePqN
zQarux5yBZDfkQzkaYTDqFH5M6RLrb3w5hlJiJ4uJ1lLz4FNyeUtADofluiIrJuj
zDRZxocOVoyUt2wIZZ+2xhMY894hlilwnBE+fXvWu5d4HakdZkHe4p+HFvP/O0IY
AGn/qXIQfYGt9jH93jCPFdrgO/jvWA==
=ZcL6
-----END PGP SIGNATURE-----

From openssl at openssl.org  Tue Feb 16 16:12:43 2021
From: openssl at openssl.org (OpenSSL)
Date: Tue, 16 Feb 2021 16:12:43 +0000
Subject: OpenSSL version 1.1.1j published
Message-ID: <20210216161243.GA15166@openssl.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


   OpenSSL version 1.1.1j released
   ===============================

   OpenSSL - The Open Source toolkit for SSL/TLS
   https://www.openssl.org/

   The OpenSSL project team is pleased to announce the release of
   version 1.1.1j of our open source toolkit for SSL/TLS. For details
   of changes and known issues see the release notes at:

        https://www.openssl.org/news/openssl-1.1.1-notes.html

   OpenSSL 1.1.1j is available for download via HTTP and FTP from the
   following master locations (you can find the various FTP mirrors under
   https://www.openssl.org/source/mirror.html):

     * https://www.openssl.org/source/
     * ftp://ftp.openssl.org/source/

   The distribution file name is:

    o openssl-1.1.1j.tar.gz
      Size: 9823161
      SHA1 checksum: 04c340b086828eecff9df06dceff196790bb9268
      SHA256 checksum: aaf2fcb575cdf6491b98ab4829abf78a3dec8402b8b81efc8f23c00d443981bf

   The checksums were calculated using the following commands:

    openssl sha1 openssl-1.1.1j.tar.gz
    openssl sha256 openssl-1.1.1j.tar.gz

   Yours,

   The OpenSSL Project Team.

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmAr45gACgkQ2cTSbQ5g
RJFhXAf7BMbLDUqKxw1YnGpUTXRTKe1TSzrOPI/m/yfyn3YHm64HYwTxNy8Idm9Y
V+78djXqhs3VMDDu9ZOmopSLEOOOHvpKE89kj7pHrYnOJcmPE+HNmS0qneOyQZtb
slvYbDhqeyEqNxy/jVlz6Bm/BV57HdbszpAzhv9zTP6hf6aYvNwIFJoPpHznu028
Knn+qrlkcHizKPY9zG1h8zfK9m6CWGV+S8qeKHERgvlKBz6hAOYC/3f6sZumRr7K
m7jEEjkEvjVzcojXKoY2+C9yeRwJdj8GM2Haa+kdwcW34o4uCOrP+mW+MeBg+4qM
id26+r6cNtTdv7jE4gPWLCKoOZ7CsA==
=baPF
-----END PGP SIGNATURE-----

From openssl at openssl.org  Tue Feb 16 16:27:22 2021
From: openssl at openssl.org (OpenSSL)
Date: Tue, 16 Feb 2021 16:27:22 +0000
Subject: OpenSSL Security Advisory
Message-ID: <20210216162722.GA18992@openssl.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

OpenSSL Security Advisory [16 February 2021]
============================================

Null pointer deref in X509_issuer_and_serial_hash() (CVE-2021-23841)
====================================================================

Severity: Moderate

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to
create a unique hash value based on the issuer and serial number data contained
within an X509 certificate. However it fails to correctly handle any errors
that may occur while parsing the issuer field (which might occur if the issuer
field is maliciously constructed). This may subsequently result in a NULL
pointer deref and a crash leading to a potential denial of service attack.

The function X509_issuer_and_serial_hash() is never directly called by OpenSSL
itself so applications are only vulnerable if they use this function directly
and they use it on certificates that may have been obtained from untrusted
sources.

OpenSSL versions 1.1.1i and below are affected by this issue. Users of these
versions should upgrade to OpenSSL 1.1.1j.

OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL
1.0.2 is out of support and no longer receiving public updates. Premium support
customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade
to 1.1.1j.

This issue was reported to OpenSSL on 15th December 2020 by Tavis Ormandy from
Google. The fix was developed by Matt Caswell.

Incorrect SSLv2 rollback protection (CVE-2021-23839)
====================================================

Severity: Low

OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a
server that is configured to support both SSLv2 and more recent SSL and TLS
versions then a check is made for a version rollback attack when unpadding an
RSA signature. Clients that support SSL or TLS versions greater than SSLv2 are
supposed to use a special form of padding. A server that supports greater than
SSLv2 is supposed to reject connection attempts from a client where this special
form of padding is present, because this indicates that a version rollback has
occurred (i.e. both client and server support greater than SSLv2, and yet this
is the version that is being requested).

The implementation of this padding check inverted the logic so that the
connection attempt is accepted if the padding is present, and rejected if it
is absent. This means that such as server will accept a connection if a version
rollback attack has occurred. Further the server will erroneously reject a
connection if a normal SSLv2 connection attempt is made.

Only OpenSSL 1.0.2 servers from version 1.0.2s to 1.0.2x are affected by this
issue. In order to be vulnerable a 1.0.2 server must:

1) have configured SSLv2 support at compile time (this is off by default),
2) have configured SSLv2 support at runtime (this is off by default),
3) have configured SSLv2 ciphersuites (these are not in the default ciphersuite
   list)

OpenSSL 1.1.1 does not have SSLv2 support and therefore is not vulnerable to
this issue. The underlying error is in the implementation of the
RSA_padding_check_SSLv23() function. This also affects the RSA_SSLV23_PADDING
padding mode used by various other functions. Although 1.1.1 does not support
SSLv2 the RSA_padding_check_SSLv23() function still exists, as does the
RSA_SSLV23_PADDING padding mode. Applications that directly call that function
or use that padding mode will encounter this issue. However since there is no
support for the SSLv2 protocol in 1.1.1 this is considered a bug and not a
security issue in that version.

OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium
support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should
upgrade to 1.1.1j.

This issue was reported to OpenSSL on 21st January 2021 by D. Katz and Joel
Luellwitz from Trustwave. The fix was developed by Matt Caswell.

Integer overflow in CipherUpdate (CVE-2021-23840)
=================================================

Severity: Low

Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow
the output length argument in some cases where the input length is close to the
maximum permissable length for an integer on the platform. In such cases the
return value from the function call will be 1 (indicating success), but the
output length value will be negative. This could cause applications to behave
incorrectly or crash.

OpenSSL versions 1.1.1i and below are affected by this issue. Users of these
versions should upgrade to OpenSSL 1.1.1j.

OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL
1.0.2 is out of support and no longer receiving public updates. Premium support
customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade
to 1.1.1j.

This issue was reported to OpenSSL on 13th December 2020 by Paul Kehrer. The fix
was developed by Matt Caswell.

Note
====

OpenSSL 1.0.2 is out of support and no longer receiving public updates. Extended
support is available for premium support customers:
https://www.openssl.org/support/contracts.html

OpenSSL 1.1.0 is out of support and no longer receiving updates of any kind.
The impact of these issues on OpenSSL 1.1.0 has not been analysed.

Users of these versions should upgrade to OpenSSL 1.1.1.

References
==========

URL for this Security Advisory:
https://www.openssl.org/news/secadv/20210216.txt

Note: the online version of the advisory may be updated with additional details
over time.

For details of OpenSSL severity classifications please see:
https://www.openssl.org/policies/secpolicy.html
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmAr8gYACgkQ2cTSbQ5g
RJFzowf/UF+mnAAOuOEO+aNIsMSnuzeylkAtKXnSHEa1uKeLd1udlLls75WUCW0R
d8PfDrAMuYn7XQdQ/NalQ52teES0+XNGG6+s8FukmAiaCYIzu4Ko0C0VJK0BuaJk
fa5DCPec+XzudqqLAgxzfV+lRakCf/ARfBoT1/JRXHXv3VIUXFN/QEonjbpxmH3C
czWqOiPyZ+gY7MKlGer8AohQtc+GjQRSJKpUzW76Itr0MlzUlitnLs4VK16Tu1pc
b6sruEl4/ukAodvTUkVLaDDNqEgtYK676ABJ8h2L+Muy7s+ZY34sKSbhN76E4I1h
YGqcOFFEerFiZivfyqdbrLNUxKLMkA==
=NAqk
-----END PGP SIGNATURE-----

From openssl at openssl.org  Thu Feb 18 15:37:49 2021
From: openssl at openssl.org (OpenSSL)
Date: Thu, 18 Feb 2021 15:37:49 +0000
Subject: OpenSSL version 3.0.0-alpha12 published
Message-ID: <20210218153749.GA15169@openssl.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


   OpenSSL version 3.0 alpha 12 released
   =====================================

   OpenSSL - The Open Source toolkit for SSL/TLS
   https://www.openssl.org/

   OpenSSL 3.0 is currently in alpha.

   OpenSSL 3.0 alpha 12 has now been made available.

   Note: This OpenSSL pre-release has been provided for testing ONLY.
   It should NOT be used for security critical purposes.

   Specific notes on upgrading to OpenSSL 3.0 from previous versions, as well
   as known issues are available on the OpenSSL Wiki, here:

        https://wiki.openssl.org/index.php/OpenSSL_3.0

   The alpha release is available for download via HTTPS and FTP from the
   following master locations (you can find the various FTP mirrors under
   https://www.openssl.org/source/mirror.html):

     * https://www.openssl.org/source/
     * ftp://ftp.openssl.org/source/

   The distribution file name is:

    o openssl-3.0.0-alpha12.tar.gz
      Size: 14142492
      SHA1 checksum:  fbcb255c1bf11928f4bd52b8cf68ab8341238d4f
      SHA256 checksum:  8d78239be66af578b969441252e7c125aa134ef3b9bac6179d84275cfe01950c

   The checksums were calculated using the following commands:

    openssl sha1 openssl-3.0.0-alpha12.tar.gz
    openssl sha256 openssl-3.0.0-alpha12.tar.gz

   Please download and check this alpha release as soon as possible.
   To report a bug, open an issue on GitHub:

    https://github.com/openssl/openssl/issues

   Please check the release notes and mailing lists to avoid duplicate
   reports of known issues. (Of course, the source is also available
   on GitHub.)

   Yours,

   The OpenSSL Project Team.

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmAugwwACgkQ2cTSbQ5g
RJHuyQgApX0LV7z8tmxqPNyMIfLMMnlFfV7m4YcblXN6YO+wDwFiX3KgnopGvfim
0B8pGPxkwJjPhLQxGyZ4fUkTMEJ3jtp+ncVf7+ccF7JfKkh1bjBmmSBZ0GhJPqhB
HGxdb+cNe0rQFxXoWU5s8YmV4ImmPzUOhMKMP3b/lUJZpzlmriMw5QxbTc/dk96J
5wVf36sHbMPbAQlVrzRXLDWSacUXLVk4D4C9KJ1xt3Ri6RsWdlx6Z4N+dzhxOwP3
kyIzJAckQ8x3f8cAYu9CEgncLquUVO9vnC3CsbK6rfqNuGu6FzhDGYRzf5nn6NVd
4AAM/zKCkUlyufNVGQa7O96mkG6fsQ==
=BcMo
-----END PGP SIGNATURE-----