[thirdparty/openssl.git] / CHANGES


 OpenSSL CHANGES
 _______________

 Changes between 1.0.2a and 1.0.2b [xx XXX xxxx]

  *)

 Changes between 1.0.2 and 1.0.2a [19 Mar 2015]

  *) ClientHello sigalgs DoS fix

     If a client connects to an OpenSSL 1.0.2 server and renegotiates with an
     invalid signature algorithms extension a NULL pointer dereference will
     occur. This can be exploited in a DoS attack against the server.

     This issue was was reported to OpenSSL by David Ramos of Stanford
     University.
     (CVE-2015-0291)
     [Stephen Henson and Matt Caswell]

  *) Multiblock corrupted pointer fix

     OpenSSL 1.0.2 introduced the "multiblock" performance improvement. This
     feature only applies on 64 bit x86 architecture platforms that support AES
     NI instructions. A defect in the implementation of "multiblock" can cause
     OpenSSL's internal write buffer to become incorrectly set to NULL when
     using non-blocking IO. Typically, when the user application is using a
     socket BIO for writing, this will only result in a failed connection.
     However if some other BIO is used then it is likely that a segmentation
     fault will be triggered, thus enabling a potential DoS attack.

     This issue was reported to OpenSSL by Daniel Danner and Rainer Mueller.
     (CVE-2015-0290)
     [Matt Caswell]

  *) Segmentation fault in DTLSv1_listen fix

     The DTLSv1_listen function is intended to be stateless and processes the
     initial ClientHello from many peers. It is common for user code to loop
     over the call to DTLSv1_listen until a valid ClientHello is received with
     an associated cookie. A defect in the implementation of DTLSv1_listen means
     that state is preserved in the SSL object from one invocation to the next
     that can lead to a segmentation fault. Errors processing the initial
     ClientHello can trigger this scenario. An example of such an error could be
     that a DTLS1.0 only client is attempting to connect to a DTLS1.2 only
     server.

     This issue was reported to OpenSSL by Per Allansson.
     (CVE-2015-0207)
     [Matt Caswell]

  *) Segmentation fault in ASN1_TYPE_cmp fix

     The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is
     made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check
     certificate signature algorithm consistency this can be used to crash any
     certificate verification operation and exploited in a DoS attack. Any
     application which performs certificate verification is vulnerable including
     OpenSSL clients and servers which enable client authentication.
     (CVE-2015-0286)
     [Stephen Henson]

  *) Segmentation fault for invalid PSS parameters fix

     The signature verification routines will crash with a NULL pointer
     dereference if presented with an ASN.1 signature using the RSA PSS
     algorithm and invalid parameters. Since these routines are used to verify
     certificate signature algorithms this can be used to crash any
     certificate verification operation and exploited in a DoS attack. Any
     application which performs certificate verification is vulnerable including
     OpenSSL clients and servers which enable client authentication.

     This issue was was reported to OpenSSL by Brian Carpenter.
     (CVE-2015-0208)
     [Stephen Henson]

  *) ASN.1 structure reuse memory corruption fix

     Reusing a structure in ASN.1 parsing may allow an attacker to cause
     memory corruption via an invalid write. Such reuse is and has been
     strongly discouraged and is believed to be rare.

     Applications that parse structures containing CHOICE or ANY DEFINED BY
     components may be affected. Certificate parsing (d2i_X509 and related
     functions) are however not affected. OpenSSL clients and servers are
     not affected.
     (CVE-2015-0287)
     [Stephen Henson]

  *) PKCS7 NULL pointer dereferences fix

     The PKCS#7 parsing code does not handle missing outer ContentInfo
     correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with
     missing content and trigger a NULL pointer dereference on parsing.

     Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or
     otherwise parse PKCS#7 structures from untrusted sources are
     affected. OpenSSL clients and servers are not affected.

     This issue was reported to OpenSSL by Michal Zalewski (Google).
     (CVE-2015-0289)
Commit	Line	Data
81a6c781	1
f1c236f8	2	OpenSSL CHANGES
651d0aff RE	3	_______________
651d0aff RE	4
0d6d10d9 MC	5	Changes between 1.0.2a and 1.0.2b [xx XXX xxxx]
	6
	7	*)
	8
3df69d3a	9	Changes between 1.0.2 and 1.0.2a [19 Mar 2015]
06aab268	10
da947c97 MC	11	*) ClientHello sigalgs DoS fix
	12
	13	If a client connects to an OpenSSL 1.0.2 server and renegotiates with an
	14	invalid signature algorithms extension a NULL pointer dereference will
	15	occur. This can be exploited in a DoS attack against the server.
	16
	17	This issue was was reported to OpenSSL by David Ramos of Stanford
	18	University.
	19	(CVE-2015-0291)
	20	[Stephen Henson and Matt Caswell]
	21
	22	*) Multiblock corrupted pointer fix
	23
	24	OpenSSL 1.0.2 introduced the "multiblock" performance improvement. This
	25	feature only applies on 64 bit x86 architecture platforms that support AES
	26	NI instructions. A defect in the implementation of "multiblock" can cause
	27	OpenSSL's internal write buffer to become incorrectly set to NULL when
	28	using non-blocking IO. Typically, when the user application is using a
	29	socket BIO for writing, this will only result in a failed connection.
	30	However if some other BIO is used then it is likely that a segmentation
	31	fault will be triggered, thus enabling a potential DoS attack.
	32
	33	This issue was reported to OpenSSL by Daniel Danner and Rainer Mueller.
	34	(CVE-2015-0290)
	35	[Matt Caswell]
	36
	37	*) Segmentation fault in DTLSv1_listen fix
	38
	39	The DTLSv1_listen function is intended to be stateless and processes the
	40	initial ClientHello from many peers. It is common for user code to loop
	41	over the call to DTLSv1_listen until a valid ClientHello is received with
	42	an associated cookie. A defect in the implementation of DTLSv1_listen means
	43	that state is preserved in the SSL object from one invocation to the next
	44	that can lead to a segmentation fault. Errors processing the initial
	45	ClientHello can trigger this scenario. An example of such an error could be
	46	that a DTLS1.0 only client is attempting to connect to a DTLS1.2 only
	47	server.
	48
	49	This issue was reported to OpenSSL by Per Allansson.
	50	(CVE-2015-0207)
	51	[Matt Caswell]
	52
	53	*) Segmentation fault in ASN1_TYPE_cmp fix
	54
	55	The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is
	56	made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check
	57	certificate signature algorithm consistency this can be used to crash any
	58	certificate verification operation and exploited in a DoS attack. Any
	59	application which performs certificate verification is vulnerable including
	60	OpenSSL clients and servers which enable client authentication.
	61	(CVE-2015-0286)
	62	[Stephen Henson]
	63
	64	*) Segmentation fault for invalid PSS parameters fix
	65
	66	The signature verification routines will crash with a NULL pointer
	67	dereference if presented with an ASN.1 signature using the RSA PSS
	68	algorithm and invalid parameters. Since these routines are used to verify
	69	certificate signature algorithms this can be used to crash any
	70	certificate verification operation and exploited in a DoS attack. Any
	71	application which performs certificate verification is vulnerable including
	72	OpenSSL clients and servers which enable client authentication.
	73
	74	This issue was was reported to OpenSSL by Brian Carpenter.
75	(CVE-2015-0208)
76	[Stephen Henson]
77
78	*) ASN.1 structure reuse memory corruption fix
79
80	Reusing a structure in ASN.1 parsing may allow an attacker to cause
81	memory corruption via an invalid write. Such reuse is and has been
82	strongly discouraged and is believed to be rare.
83
84	Applications that parse structures containing CHOICE or ANY DEFINED BY
85	components may be affected. Certificate parsing (d2i_X509 and related
86	functions) are however not affected. OpenSSL clients and servers are
87	not affected.
88	(CVE-2015-0287)
89	[Stephen Henson]
90
91	*) PKCS7 NULL pointer dereferences fix
92
93	The PKCS#7 parsing code does not handle missing outer ContentInfo
94	correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with
95	missing content and trigger a NULL pointer dereference on parsing.
96
97	Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or
98	otherwise parse PKCS#7 structures from untrusted sources are
99	affected. OpenSSL clients and servers are not affected.
100
101	This issue was reported to OpenSSL by Michal Zalewski (Google).
102	(CVE-2015-0289)
103