[openssl-commits] [openssl] master update

Dr. Stephen Henson steve at openssl.org
Mon Dec 7 14:31:13 UTC 2015


The branch master has been updated
       via  5fa30720e481e62d14c113f502db1a76cf5dd221 (commit)
      from  a285992763f3961f69a8d86bf7dfff020a08cef9 (commit)


- Log -----------------------------------------------------------------
commit 5fa30720e481e62d14c113f502db1a76cf5dd221
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Thu Dec 3 22:57:25 2015 +0000

    Fix and update versions in CHANGES and NEWS
    
    Reviewed-by: Matt Caswell <matt at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 CHANGES | 60 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
 NEWS    | 16 +++++++++++++++-
 2 files changed, 74 insertions(+), 2 deletions(-)

diff --git a/CHANGES b/CHANGES
index 56092dc..db3f638 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,7 +2,7 @@
  OpenSSL CHANGES
  _______________
 
- Changes between 1.0.2 and 1.1.0  [xx XXX xxxx]
+ Changes between 1.0.2e and 1.1.0  [xx XXX xxxx]
 
   *) Remove support for all 40 and 56 bit ciphers.  This includes all the export
      ciphers who are no longer supported and drops support the ephemeral RSA key
@@ -558,6 +558,64 @@
      whose return value is often ignored. 
      [Steve Henson]
 
+ Changes between 1.0.2d and 1.0.2e [3 Dec 2015]
+
+  *) BN_mod_exp may produce incorrect results on x86_64
+
+     There is a carry propagating bug in the x86_64 Montgomery squaring
+     procedure. No EC algorithms are affected. Analysis suggests that attacks
+     against RSA and DSA as a result of this defect would be very difficult to
+     perform and are not believed likely. Attacks against DH are considered just
+     feasible (although very difficult) because most of the work necessary to
+     deduce information about a private key may be performed offline. The amount
+     of resources required for such an attack would be very significant and
+     likely only accessible to a limited number of attackers. An attacker would
+     additionally need online access to an unpatched system using the target
+     private key in a scenario with persistent DH parameters and a private
+     key that is shared between multiple clients. For example this can occur by
+     default in OpenSSL DHE based SSL/TLS ciphersuites.
+
+     This issue was reported to OpenSSL by Hanno Böck.
+     (CVE-2015-3193)
+     [Andy Polyakov]
+
+  *) Certificate verify crash with missing PSS parameter
+
+     The signature verification routines will crash with a NULL pointer
+     dereference if presented with an ASN.1 signature using the RSA PSS
+     algorithm and absent mask generation function parameter. Since these
+     routines are used to verify certificate signature algorithms this can be
+     used to crash any certificate verification operation and exploited in a
+     DoS attack. Any application which performs certificate verification is
+     vulnerable including OpenSSL clients and servers which enable client
+     authentication.
+
+     This issue was reported to OpenSSL by Loïc Jonas Etienne (Qnective AG).
+     (CVE-2015-3194)
+     [Stephen Henson]
+
+  *) X509_ATTRIBUTE memory leak
+
+     When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak
+     memory. This structure is used by the PKCS#7 and CMS routines so any
+     application which reads PKCS#7 or CMS data from untrusted sources is
+     affected. SSL/TLS is not affected.
+
+     This issue was reported to OpenSSL by Adam Langley (Google/BoringSSL) using
+     libFuzzer.
+     (CVE-2015-3195)
+     [Stephen Henson]
+
+  *) Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs.
+     This changes the decoding behaviour for some invalid messages,
+     though the change is mostly in the more lenient direction, and
+     legacy behaviour is preserved as much as possible.
+     [Emilia Käsper]
+
+  *) In DSA_generate_parameters_ex, if the provided seed is too short,
+     return an error
+     [Rich Salz and Ismo Puustinen <ismo.puustinen at intel.com>]
+
  Changes between 1.0.2c and 1.0.2d [9 Jul 2015]
 
   *) Alternate chains certificate forgery
diff --git a/NEWS b/NEWS
index e51526e..c5cb71b 100644
--- a/NEWS
+++ b/NEWS
@@ -5,9 +5,23 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
-  Major changes between OpenSSL 1.0.2c and OpenSSL 1.0.2d [under development]
+  Major changes between OpenSSL 1.0.2e and OpenSSL 1.1.0 [under development]
+
+      o
+
+  Major changes between OpenSSL 1.0.2d and OpenSSL 1.0.2e [3 Dec 2015]
+
+      o BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)
+      o Certificate verify crash with missing PSS parameter (CVE-2015-3194)
+      o X509_ATTRIBUTE memory leak (CVE-2015-3195)
+      o Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs
+      o In DSA_generate_parameters_ex, if the provided seed is too short,
+        return an error
+
+  Major changes between OpenSSL 1.0.2c and OpenSSL 1.0.2d [9 Jul 2015]
 
       o Alternate chains certificate forgery (CVE-2015-1793)
+      o Race condition handling PSK identify hint (CVE-2015-3196)
 
   Major changes between OpenSSL 1.0.2b and OpenSSL 1.0.2c [12 Jun 2015]
 


More information about the openssl-commits mailing list