Update CHANGES and NEWS for new release

Reviewed-by: Richard Levitte <levitte@openssl.org>

diff --git a/CHANGES b/CHANGES
index ba224c45cd49295915e05ea5345b75e73bde5991..a8c28aafd489b3e46659a81b37bc13a0e273c8e0 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -9,7 +9,32 @@
 
  Changes between 1.1.1i and 1.1.1j [xx XXX xxxx]
 
-  *) Fixed SRP_Calc_client_key so that it uses constant time. The previous
+  *) Fixed the X509_issuer_and_serial_hash() function. It attempts to
+     create a unique hash value based on the issuer and serial number data
+     contained within an X509 certificate. However it was failing to correctly
+     handle any errors that may occur while parsing the issuer field (which might
+     occur if the issuer field is maliciously constructed). This may subsequently
+     result in a NULL pointer deref and a crash leading to a potential denial of
+     service attack.
+     (CVE-2021-23841)
+     [Matt Caswell]
+
+  *) Fixed the RSA_padding_check_SSLv23() function and the RSA_SSLV23_PADDING
+     padding mode to correctly check for rollback attacks. This is considered a
+     bug in OpenSSL 1.1.1 because it does not support SSLv2. In 1.0.2 this is
+     CVE-2021-23839.
+     [Matt Caswell]
+
+  *) Fixed the EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate
+     functions. Previously they could overflow the output length argument in some
+     cases where the input length is close to the maximum permissable length for
+     an integer on the platform. In such cases the return value from the function
+     call would be 1 (indicating success), but the output length value would be
+     negative. This could cause applications to behave incorrectly or crash.
+     (CVE-2021-23840)
+     [Matt Caswell]
+
+  *) Fixed SRP_Calc_client_key so that it runs in constant time. The previous
      implementation called BN_mod_exp without setting BN_FLG_CONSTTIME. This
      could be exploited in a side channel attack to recover the password. Since
      the attack is local host only this is outside of the current OpenSSL

diff --git a/NEWS b/NEWS
index 55ffce8ea3965d8cc89ac3f3ab8f9f0c9e85f5b6..32e036ee2f2ae10f30d31433ce7782b55e9fa625 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -7,7 +7,13 @@
 
   Major changes between OpenSSL 1.1.1i and OpenSSL 1.1.1j [under development]
 
-      o
+      o Fixed a NULL pointer deref in the X509_issuer_and_serial_hash()
+        function (CVE-2021-23841)
+      o Fixed the RSA_padding_check_SSLv23() function and the RSA_SSLV23_PADDING
+        padding mode to correctly check for rollback attacks
+      o Fixed an overflow in the EVP_CipherUpdate, EVP_EncryptUpdate and
+        EVP_DecryptUpdate functions (CVE-2021-23840)
+      o Fixed SRP_Calc_client_key so that it runs in constant time
 
   Major changes between OpenSSL 1.1.1h and OpenSSL 1.1.1i [8 Dec 2020]