OpenSSL

The major changes and known issues for the 1.0.2 branch of the OpenSSL toolkit are summarised below. The contents reflect the current state of the NEWS file inside the git repository.

More details can be found in the ChangeLog.

Major changes between OpenSSL 1.0.2m and OpenSSL 1.0.2n [7 Dec 2017]

• Read/write after SSL object in error state (CVE-2017-3737)
• rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)

Major changes between OpenSSL 1.0.2l and OpenSSL 1.0.2m [2 Nov 2017]

• bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
• Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735)

Major changes between OpenSSL 1.0.2k and OpenSSL 1.0.2l [25 May 2017]

• config now recognises 64-bit mingw and chooses mingw64 instead of mingw

Major changes between OpenSSL 1.0.2j and OpenSSL 1.0.2k [26 Jan 2017]

• Truncated packet could crash via OOB read (CVE-2017-3731)
• BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)
• Montgomery multiplication may produce incorrect results (CVE-2016-7055)

Major changes between OpenSSL 1.0.2i and OpenSSL 1.0.2j [26 Sep 2016]

• Missing CRL sanity check (CVE-2016-7052)

Major changes between OpenSSL 1.0.2h and OpenSSL 1.0.2i [22 Sep 2016]

• OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
• SWEET32 Mitigation (CVE-2016-2183)
• OOB write in MDC2_Update() (CVE-2016-6303)
• Malformed SHA512 ticket DoS (CVE-2016-6302)
• OOB write in BN_bn2dec() (CVE-2016-2182)
• OOB read in TS_OBJ_print_bio() (CVE-2016-2180)
• Pointer arithmetic undefined behaviour (CVE-2016-2177)
• Constant time flag not preserved in DSA signing (CVE-2016-2178)
• DTLS buffered message DoS (CVE-2016-2179)
• DTLS replay protection DoS (CVE-2016-2181)
• Certificate message OOB reads (CVE-2016-6306)

Major changes between OpenSSL 1.0.2g and OpenSSL 1.0.2h [3 May 2016]

• Prevent padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
• Fix EVP_EncodeUpdate overflow (CVE-2016-2105)
• Fix EVP_EncryptUpdate overflow (CVE-2016-2106)
• Prevent ASN.1 BIO excessive memory allocation (CVE-2016-2109)
• EBCDIC overread (CVE-2016-2176)
• Modify behavior of ALPN to invoke callback after SNI/servername callback, such that updates to the SSL_CTX affect ALPN.
• Remove LOW from the DEFAULT cipher list. This removes singles DES from the default.
• Only remove the SSLv2 methods with the no-ssl2-method option.

Major changes between OpenSSL 1.0.2f and OpenSSL 1.0.2g [1 Mar 2016]

• Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
• Disable SSLv2 default build, default negotiation and weak ciphers (CVE-2016-0800)
• Fix a double-free in DSA code (CVE-2016-0705)
• Disable SRP fake user seed to address a server memory leak (CVE-2016-0798)
• Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption (CVE-2016-0797)
• Fix memory issues in BIO_*printf functions (CVE-2016-0799)
• Fix side channel attack on modular exponentiation (CVE-2016-0702)

Major changes between OpenSSL 1.0.2e and OpenSSL 1.0.2f [28 Jan 2016]

• DH small subgroups (CVE-2016-0701)
• SSLv2 doesn't block disabled ciphers (CVE-2015-3197)

Major changes between OpenSSL 1.0.2d and OpenSSL 1.0.2e [3 Dec 2015]

• BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)
• Certificate verify crash with missing PSS parameter (CVE-2015-3194)
• X509_ATTRIBUTE memory leak (CVE-2015-3195)
• Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs
• In DSA_generate_parameters_ex, if the provided seed is too short, return an error

Major changes between OpenSSL 1.0.2c and OpenSSL 1.0.2d [9 Jul 2015]

• Alternate chains certificate forgery (CVE-2015-1793)
• Race condition handling PSK identify hint (CVE-2015-3196)

Major changes between OpenSSL 1.0.2b and OpenSSL 1.0.2c [12 Jun 2015]

• Fix HMAC ABI incompatibility

Major changes between OpenSSL 1.0.2a and OpenSSL 1.0.2b [11 Jun 2015]

• Malformed ECParameters causes infinite loop (CVE-2015-1788)
• Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)
• PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)
• CMS verify infinite loop with unknown hash function (CVE-2015-1792)
• Race condition handling NewSessionTicket (CVE-2015-1791)

Major changes between OpenSSL 1.0.2 and OpenSSL 1.0.2a [19 Mar 2015]

• OpenSSL 1.0.2 ClientHello sigalgs DoS fix (CVE-2015-0291)
• Multiblock corrupted pointer fix (CVE-2015-0290)
• Segmentation fault in DTLSv1_listen fix (CVE-2015-0207)
• Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286)
• Segmentation fault for invalid PSS parameters fix (CVE-2015-0208)
• ASN.1 structure reuse memory corruption fix (CVE-2015-0287)
• PKCS7 NULL pointer dereferences fix (CVE-2015-0289)
• DoS via reachable assert in SSLv2 servers fix (CVE-2015-0293)
• Empty CKE with client auth and DHE fix (CVE-2015-1787)
• Handshake with unseeded PRNG fix (CVE-2015-0285)
• Use After Free following d2i_ECPrivatekey error fix (CVE-2015-0209)
• X509_to_X509_REQ NULL pointer deref fix (CVE-2015-0288)
• Removed the export ciphers from the DEFAULT ciphers

Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.2 [22 Jan 2015]:

• Suite B support for TLS 1.2 and DTLS 1.2
• Support for DTLS 1.2
• TLS automatic EC curve selection.
• API to set TLS supported signature algorithms and curves
• SSL_CONF configuration API.
• TLS Brainpool support.
• ALPN support.
• CMS support for RSA-PSS, RSA-OAEP, ECDH and X9.42 DH.