https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
- Changes between 1.0.2s and 1.0.2t [xx XXX xxxx]
-
- *) Fixed a padding oracle in PKCS7_decrypt() and CMS_decrypt(). In situations
- where an attacker receives automated notification of the success or failure
- of a decryption attempt an attacker, after sending a very large number of
- messages to be decrypted, can recover a CMS/PKCS7 transported encryption
- key or decrypt any RSA encrypted message that was encrypted with the public
- RSA key, using a Bleichenbacher padding oracle attack. Applications are not
- affected if they use a certificate together with the private RSA key to the
- CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info
- to decrypt.
- (CVE-2019-1563)
- [Bernd Edlinger]
+ Changes between 1.0.2t and 1.0.2u [xx XXX xxxx]
+
+ *)
+
+ Changes between 1.0.2s and 1.0.2t [10 Sep 2019]
*) For built-in EC curves, ensure an EC_GROUP built from the curve name is
used even when parsing explicit parameters, when loading a serialized key
(CVE-2019-1547)
[Billy Bob Brumley]
+ *) Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey.
+ An attack is simple, if the first CMS_recipientInfo is valid but the
+ second CMS_recipientInfo is chosen ciphertext. If the second
+ recipientInfo decodes to PKCS #1 v1.5 form plaintext, the correct
+ encryption key will be replaced by garbage, and the message cannot be
+ decoded, but if the RSA decryption fails, the correct encryption key is
+ used and the recipient will not notice the attack.
+ As a work around for this potential attack the length of the decrypted
+ key must be equal to the cipher default key length, in case the
+ certifiate is not given and all recipientInfo are tried out.
+ The old behaviour can be re-enabled in the CMS code by setting the
+ CMS_DEBUG_DECRYPT flag.
+ (CVE-2019-1563)
+ [Bernd Edlinger]
+
*) Document issue with installation paths in diverse Windows builds
'/usr/local/ssl' is an unsafe prefix for location to install OpenSSL