[thirdparty/openssl.git] / CHANGES


 OpenSSL CHANGES
 _______________

 Changes between 1.0.2c and 1.0.2d [9 Jul 2015]

  *) Alternate chains certificate forgery

     During certificate verfification, OpenSSL will attempt to find an
     alternative certificate chain if the first attempt to build such a chain
     fails. An error in the implementation of this logic can mean that an
     attacker could cause certain checks on untrusted certificates to be
     bypassed, such as the CA flag, enabling them to use a valid leaf
     certificate to act as a CA and "issue" an invalid certificate.

     This issue was reported to OpenSSL by Adam Langley/David Benjamin
     (Google/BoringSSL).
     [Matt Caswell]

 Changes between 1.0.2b and 1.0.2c [12 Jun 2015]

  *) Fix HMAC ABI incompatibility. The previous version introduced an ABI
     incompatibility in the handling of HMAC. The previous ABI has now been
     restored.

 Changes between 1.0.2a and 1.0.2b [11 Jun 2015]

  *) Malformed ECParameters causes infinite loop

     When processing an ECParameters structure OpenSSL enters an infinite loop
     if the curve specified is over a specially malformed binary polynomial
     field.

     This can be used to perform denial of service against any
     system which processes public keys, certificate requests or
     certificates.  This includes TLS clients and TLS servers with
     client authentication enabled.

     This issue was reported to OpenSSL by Joseph Barr-Pixton.
     (CVE-2015-1788)
     [Andy Polyakov]

  *) Exploitable out-of-bounds read in X509_cmp_time

     X509_cmp_time does not properly check the length of the ASN1_TIME
     string and can read a few bytes out of bounds. In addition,
     X509_cmp_time accepts an arbitrary number of fractional seconds in the
     time string.

     An attacker can use this to craft malformed certificates and CRLs of
     various sizes and potentially cause a segmentation fault, resulting in
     a DoS on applications that verify certificates or CRLs. TLS clients
     that verify CRLs are affected. TLS clients and servers with client
     authentication enabled may be affected if they use custom verification
     callbacks.

     This issue was reported to OpenSSL by Robert Swiecki (Google), and
Commit	Line	Data
81a6c781	1
f1c236f8	2	OpenSSL CHANGES
651d0aff RE	3	_______________
651d0aff RE	4
33dd0832	5	Changes between 1.0.2c and 1.0.2d [9 Jul 2015]
54ae378c	6
5627e0f7 MC	7	*) Alternate chains certificate forgery
	8
	9	During certificate verfification, OpenSSL will attempt to find an
	10	alternative certificate chain if the first attempt to build such a chain
	11	fails. An error in the implementation of this logic can mean that an
	12	attacker could cause certain checks on untrusted certificates to be
	13	bypassed, such as the CA flag, enabling them to use a valid leaf
	14	certificate to act as a CA and "issue" an invalid certificate.
	15
	16	This issue was reported to OpenSSL by Adam Langley/David Benjamin
	17	(Google/BoringSSL).
	18	[Matt Caswell]
54ae378c	19
0ee5fcde	20	Changes between 1.0.2b and 1.0.2c [12 Jun 2015]
b6ed9917	21
d4c17638 MC	22	*) Fix HMAC ABI incompatibility. The previous version introduced an ABI
	23	incompatibility in the handling of HMAC. The previous ABI has now been
	24	restored.
b6ed9917	25
7b560c17	26	Changes between 1.0.2a and 1.0.2b [11 Jun 2015]
0d6d10d9	27
ab17f6b7 MC	28	*) Malformed ECParameters causes infinite loop
	29
	30	When processing an ECParameters structure OpenSSL enters an infinite loop
	31	if the curve specified is over a specially malformed binary polynomial
	32	field.
	33
	34	This can be used to perform denial of service against any
	35	system which processes public keys, certificate requests or
	36	certificates. This includes TLS clients and TLS servers with
	37	client authentication enabled.
	38
	39	This issue was reported to OpenSSL by Joseph Barr-Pixton.
	40	(CVE-2015-1788)
	41	[Andy Polyakov]
	42
	43	*) Exploitable out-of-bounds read in X509_cmp_time
	44
	45	X509_cmp_time does not properly check the length of the ASN1_TIME
	46	string and can read a few bytes out of bounds. In addition,
	47	X509_cmp_time accepts an arbitrary number of fractional seconds in the
	48	time string.
	49
	50	An attacker can use this to craft malformed certificates and CRLs of
	51	various sizes and potentially cause a segmentation fault, resulting in
	52	a DoS on applications that verify certificates or CRLs. TLS clients
	53	that verify CRLs are affected. TLS clients and servers with client
	54	authentication enabled may be affected if they use custom verification
	55	callbacks.
	56
	57	This issue was reported to OpenSSL by Robert Swiecki (Google), and
	58