Updates CHANGES.md and NEWS.md for new 1.1.1 release
Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
Matt Caswell
parent
ad1ca777f9
commit
796f4f7085
69
CHANGES.md
69
CHANGES.md
@ -1358,7 +1358,74 @@ breaking changes, and mappings for the large list of deprecated functions.
|
||||
OpenSSL 1.1.1
|
||||
-------------
|
||||
|
||||
### Changes between 1.1.1j and 1.1.1k [xx XXX xxxx]
|
||||
### Changes between 1.1.1k and 1.1.1l [24 Aug 2021]
|
||||
|
||||
* Fixed an SM2 Decryption Buffer Overflow.
|
||||
|
||||
In order to decrypt SM2 encrypted data an application is expected to call the
|
||||
API function EVP_PKEY_decrypt(). Typically an application will call this
|
||||
function twice. The first time, on entry, the "out" parameter can be NULL and,
|
||||
on exit, the "outlen" parameter is populated with the buffer size required to
|
||||
hold the decrypted plaintext. The application can then allocate a sufficiently
|
||||
sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL
|
||||
value for the "out" parameter.
|
||||
|
||||
A bug in the implementation of the SM2 decryption code means that the
|
||||
calculation of the buffer size required to hold the plaintext returned by the
|
||||
first call to EVP_PKEY_decrypt() can be smaller than the actual size required by
|
||||
the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is
|
||||
called by the application a second time with a buffer that is too small.
|
||||
|
||||
A malicious attacker who is able present SM2 content for decryption to an
|
||||
application could cause attacker chosen data to overflow the buffer by up to a
|
||||
maximum of 62 bytes altering the contents of other data held after the
|
||||
buffer, possibly changing application behaviour or causing the application to
|
||||
crash. The location of the buffer is application dependent but is typically
|
||||
heap allocated.
|
||||
([CVE-2021-3711])
|
||||
|
||||
*Matt Caswell*
|
||||
|
||||
* Fixed various read buffer overruns processing ASN.1 strings
|
||||
|
||||
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING
|
||||
structure which contains a buffer holding the string data and a field holding
|
||||
the buffer length. This contrasts with normal C strings which are repesented as
|
||||
a buffer for the string data which is terminated with a NUL (0) byte.
|
||||
|
||||
Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's
|
||||
own "d2i" functions (and other similar parsing functions) as well as any string
|
||||
whose value has been set with the ASN1_STRING_set() function will additionally
|
||||
NUL terminate the byte array in the ASN1_STRING structure.
|
||||
|
||||
However, it is possible for applications to directly construct valid ASN1_STRING
|
||||
structures which do not NUL terminate the byte array by directly setting the
|
||||
"data" and "length" fields in the ASN1_STRING array. This can also happen by
|
||||
using the ASN1_STRING_set0() function.
|
||||
|
||||
Numerous OpenSSL functions that print ASN.1 data have been found to assume that
|
||||
the ASN1_STRING byte array will be NUL terminated, even though this is not
|
||||
guaranteed for strings that have been directly constructed. Where an application
|
||||
requests an ASN.1 structure to be printed, and where that ASN.1 structure
|
||||
contains ASN1_STRINGs that have been directly constructed by the application
|
||||
without NUL terminating the "data" field, then a read buffer overrun can occur.
|
||||
|
||||
The same thing can also occur during name constraints processing of certificates
|
||||
(for example if a certificate has been directly constructed by the application
|
||||
instead of loading it via the OpenSSL parsing functions, and the certificate
|
||||
contains non NUL terminated ASN1_STRING structures). It can also occur in the
|
||||
X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions.
|
||||
|
||||
If a malicious actor can cause an application to directly construct an
|
||||
ASN1_STRING and then process it through one of the affected OpenSSL functions
|
||||
then this issue could be hit. This might result in a crash (causing a Denial of
|
||||
Service attack). It could also result in the disclosure of private memory
|
||||
contents (such as private keys, or sensitive plaintext).
|
||||
([CVE-2021-3712])
|
||||
|
||||
*Matt Caswell*
|
||||
|
||||
### Changes between 1.1.1j and 1.1.1k [25 Mar 2021]
|
||||
|
||||
* Fixed a problem with verifying a certificate chain when using the
|
||||
X509_V_FLAG_X509_STRICT flag. This flag enables additional security checks of
|
||||
|
||||
6
NEWS.md
6
NEWS.md
@ -89,7 +89,11 @@ OpenSSL 3.0
|
||||
OpenSSL 1.1.1
|
||||
-------------
|
||||
|
||||
### Major changes between OpenSSL 1.1.1j and OpenSSL 1.1.1k [under development]
|
||||
### Major changes between OpenSSL 1.1.1k and OpenSSL 1.1.1l [24 Aug 2021]
|
||||
* Fixed an SM2 Decryption Buffer Overflow ([CVE-2021-3711])
|
||||
* Fixed various read buffer overruns processing ASN.1 strings ([CVE-2021-3712])
|
||||
|
||||
### Major changes between OpenSSL 1.1.1j and OpenSSL 1.1.1k [25 Mar 2021]
|
||||
|
||||
* Fixed a problem with verifying a certificate chain when using the
|
||||
X509_V_FLAG_X509_STRICT flag ([CVE-2021-3450])
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user