[openssl-commits] [openssl] master update
Dr. Stephen Henson
steve at openssl.org
Mon Dec 7 14:31:13 UTC 2015
The branch master has been updated
via 5fa30720e481e62d14c113f502db1a76cf5dd221 (commit)
from a285992763f3961f69a8d86bf7dfff020a08cef9 (commit)
- Log -----------------------------------------------------------------
commit 5fa30720e481e62d14c113f502db1a76cf5dd221
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Thu Dec 3 22:57:25 2015 +0000
Fix and update versions in CHANGES and NEWS
Reviewed-by: Matt Caswell <matt at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
CHANGES | 60 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
NEWS | 16 +++++++++++++++-
2 files changed, 74 insertions(+), 2 deletions(-)
diff --git a/CHANGES b/CHANGES
index 56092dc..db3f638 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,7 +2,7 @@
OpenSSL CHANGES
_______________
- Changes between 1.0.2 and 1.1.0 [xx XXX xxxx]
+ Changes between 1.0.2e and 1.1.0 [xx XXX xxxx]
*) Remove support for all 40 and 56 bit ciphers. This includes all the export
ciphers who are no longer supported and drops support the ephemeral RSA key
@@ -558,6 +558,64 @@
whose return value is often ignored.
[Steve Henson]
+ Changes between 1.0.2d and 1.0.2e [3 Dec 2015]
+
+ *) BN_mod_exp may produce incorrect results on x86_64
+
+ There is a carry propagating bug in the x86_64 Montgomery squaring
+ procedure. No EC algorithms are affected. Analysis suggests that attacks
+ against RSA and DSA as a result of this defect would be very difficult to
+ perform and are not believed likely. Attacks against DH are considered just
+ feasible (although very difficult) because most of the work necessary to
+ deduce information about a private key may be performed offline. The amount
+ of resources required for such an attack would be very significant and
+ likely only accessible to a limited number of attackers. An attacker would
+ additionally need online access to an unpatched system using the target
+ private key in a scenario with persistent DH parameters and a private
+ key that is shared between multiple clients. For example this can occur by
+ default in OpenSSL DHE based SSL/TLS ciphersuites.
+
+ This issue was reported to OpenSSL by Hanno Böck.
+ (CVE-2015-3193)
+ [Andy Polyakov]
+
+ *) Certificate verify crash with missing PSS parameter
+
+ The signature verification routines will crash with a NULL pointer
+ dereference if presented with an ASN.1 signature using the RSA PSS
+ algorithm and absent mask generation function parameter. Since these
+ routines are used to verify certificate signature algorithms this can be
+ used to crash any certificate verification operation and exploited in a
+ DoS attack. Any application which performs certificate verification is
+ vulnerable including OpenSSL clients and servers which enable client
+ authentication.
+
+ This issue was reported to OpenSSL by Loïc Jonas Etienne (Qnective AG).
+ (CVE-2015-3194)
+ [Stephen Henson]
+
+ *) X509_ATTRIBUTE memory leak
+
+ When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak
+ memory. This structure is used by the PKCS#7 and CMS routines so any
+ application which reads PKCS#7 or CMS data from untrusted sources is
+ affected. SSL/TLS is not affected.
+
+ This issue was reported to OpenSSL by Adam Langley (Google/BoringSSL) using
+ libFuzzer.
+ (CVE-2015-3195)
+ [Stephen Henson]
+
+ *) Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs.
+ This changes the decoding behaviour for some invalid messages,
+ though the change is mostly in the more lenient direction, and
+ legacy behaviour is preserved as much as possible.
+ [Emilia Käsper]
+
+ *) In DSA_generate_parameters_ex, if the provided seed is too short,
+ return an error
+ [Rich Salz and Ismo Puustinen <ismo.puustinen at intel.com>]
+
Changes between 1.0.2c and 1.0.2d [9 Jul 2015]
*) Alternate chains certificate forgery
diff --git a/NEWS b/NEWS
index e51526e..c5cb71b 100644
--- a/NEWS
+++ b/NEWS
@@ -5,9 +5,23 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
- Major changes between OpenSSL 1.0.2c and OpenSSL 1.0.2d [under development]
+ Major changes between OpenSSL 1.0.2e and OpenSSL 1.1.0 [under development]
+
+ o
+
+ Major changes between OpenSSL 1.0.2d and OpenSSL 1.0.2e [3 Dec 2015]
+
+ o BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)
+ o Certificate verify crash with missing PSS parameter (CVE-2015-3194)
+ o X509_ATTRIBUTE memory leak (CVE-2015-3195)
+ o Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs
+ o In DSA_generate_parameters_ex, if the provided seed is too short,
+ return an error
+
+ Major changes between OpenSSL 1.0.2c and OpenSSL 1.0.2d [9 Jul 2015]
o Alternate chains certificate forgery (CVE-2015-1793)
+ o Race condition handling PSK identify hint (CVE-2015-3196)
Major changes between OpenSSL 1.0.2b and OpenSSL 1.0.2c [12 Jun 2015]
More information about the openssl-commits
mailing list