[thirdparty/openssl.git] / CHANGES


 OpenSSL CHANGES
 _______________

 Changes between 1.0.1n and 1.0.1o [12 Jun 2015]

  *) Fix HMAC ABI incompatibility. The previous version introduced an ABI
     incompatibility in the handling of HMAC. The previous ABI has now been
     restored.

 Changes between 1.0.1m and 1.0.1n [11 Jun 2015]

  *) Malformed ECParameters causes infinite loop

     When processing an ECParameters structure OpenSSL enters an infinite loop
     if the curve specified is over a specially malformed binary polynomial
     field.

     This can be used to perform denial of service against any
     system which processes public keys, certificate requests or
     certificates.  This includes TLS clients and TLS servers with
     client authentication enabled.

     This issue was reported to OpenSSL by Joseph Barr-Pixton.
     (CVE-2015-1788)
     [Andy Polyakov]

  *) Exploitable out-of-bounds read in X509_cmp_time

     X509_cmp_time does not properly check the length of the ASN1_TIME
     string and can read a few bytes out of bounds. In addition,
     X509_cmp_time accepts an arbitrary number of fractional seconds in the
     time string.

     An attacker can use this to craft malformed certificates and CRLs of
     various sizes and potentially cause a segmentation fault, resulting in
     a DoS on applications that verify certificates or CRLs. TLS clients
     that verify CRLs are affected. TLS clients and servers with client
     authentication enabled may be affected if they use custom verification
     callbacks.

     This issue was reported to OpenSSL by Robert Swiecki (Google), and
Commit	Line	Data
81a6c781	1
f1c236f8	2	OpenSSL CHANGES
651d0aff RE	3	_______________
651d0aff RE	4
2a8c2799	5	Changes between 1.0.1n and 1.0.1o [12 Jun 2015]
3adca975	6
2ad310ff MC	7	*) Fix HMAC ABI incompatibility. The previous version introduced an ABI
	8	incompatibility in the handling of HMAC. The previous ABI has now been
	9	restored.
3adca975	10
517899e6	11	Changes between 1.0.1m and 1.0.1n [11 Jun 2015]
a6a704f4	12
1f31458a MC	13	*) Malformed ECParameters causes infinite loop
	14
	15	When processing an ECParameters structure OpenSSL enters an infinite loop
	16	if the curve specified is over a specially malformed binary polynomial
	17	field.
	18
	19	This can be used to perform denial of service against any
	20	system which processes public keys, certificate requests or
	21	certificates. This includes TLS clients and TLS servers with
	22	client authentication enabled.
	23
	24	This issue was reported to OpenSSL by Joseph Barr-Pixton.
	25	(CVE-2015-1788)
	26	[Andy Polyakov]
	27
	28	*) Exploitable out-of-bounds read in X509_cmp_time
	29
	30	X509_cmp_time does not properly check the length of the ASN1_TIME
	31	string and can read a few bytes out of bounds. In addition,
	32	X509_cmp_time accepts an arbitrary number of fractional seconds in the
	33	time string.
	34
	35	An attacker can use this to craft malformed certificates and CRLs of
	36	various sizes and potentially cause a segmentation fault, resulting in
	37	a DoS on applications that verify certificates or CRLs. TLS clients
	38	that verify CRLs are affected. TLS clients and servers with client
	39	authentication enabled may be affected if they use custom verification
	40	callbacks.
	41
	42	This issue was reported to OpenSSL by Robert Swiecki (Google), and
	43