Update CHANGES.md and NEWS.md for new release

Reviewed-by: Tomas Mraz <tomas@openssl.org>
2025-01-18 13:44:20 +08:00 · 2021-03-25 10:20:50 +00:00 · 2021-03-25 10:20:50 +00:00 · 468d9d5564
commit 468d9d5564
parent 39a140597d
2 changed files with 48 additions and 0 deletions
--- a/CHANGES.md
+++ b/CHANGES.md
@ -1661,6 +1661,49 @@ OpenSSL 1.1.1

 ### Changes between 1.1.1j and 1.1.1k [xx XXX xxxx]

+ * Fixed a problem with verifying a certificate chain when using the
+   X509_V_FLAG_X509_STRICT flag. This flag enables additional security checks of
+   the certificates present in a certificate chain. It is not set by default.
+
+   Starting from OpenSSL version 1.1.1h a check to disallow certificates in
+   the chain that have explicitly encoded elliptic curve parameters was added
+   as an additional strict check.
+
+   An error in the implementation of this check meant that the result of a
+   previous check to confirm that certificates in the chain are valid CA
+   certificates was overwritten. This effectively bypasses the check
+   that non-CA certificates must not be able to issue other certificates.
+
+   If a "purpose" has been configured then there is a subsequent opportunity
+   for checks that the certificate is a valid CA.  All of the named "purpose"
+   values implemented in libcrypto perform this check.  Therefore, where
+   a purpose is set the certificate chain will still be rejected even when the
+   strict flag has been used. A purpose is set by default in libssl client and
+   server certificate verification routines, but it can be overridden or
+   removed by an application.
+
+   In order to be affected, an application must explicitly set the
+   X509_V_FLAG_X509_STRICT verification flag and either not set a purpose
+   for the certificate verification or, in the case of TLS client or server
+   applications, override the default purpose.
+   ([CVE-2021-3450])
+
+   *Tomáš Mráz*
+
+ * Fixed an issue where an OpenSSL TLS server may crash if sent a maliciously
+   crafted renegotiation ClientHello message from a client. If a TLSv1.2
+   renegotiation ClientHello omits the signature_algorithms extension (where it
+   was present in the initial ClientHello), but includes a
+   signature_algorithms_cert extension then a NULL pointer dereference will
+   result, leading to a crash and a denial of service attack.
+
+   A server is only vulnerable if it has TLSv1.2 and renegotiation enabled
+   (which is the default configuration). OpenSSL TLS clients are not impacted by
+   this issue.
+   ([CVE-2021-3449])
+
+   *Peter Kästle and Samuel Sapalski*
+
 ### Changes between 1.1.1i and 1.1.1j [16 Feb 2021]

 * Fixed the X509_issuer_and_serial_hash() function. It attempts to
--- a/NEWS.md
+++ b/NEWS.md
@ -87,6 +87,11 @@ OpenSSL 1.1.1

 ### Major changes between OpenSSL 1.1.1j and OpenSSL 1.1.1k [under development]

+  * Fixed a problem with verifying a certificate chain when using the
+    X509_V_FLAG_X509_STRICT flag ([CVE-2021-3450])
+  * Fixed an issue where an OpenSSL TLS server may crash if sent a maliciously
+    crafted renegotiation ClientHello message from a client ([CVE-2021-3449])
+
 ### Major changes between OpenSSL 1.1.1i and OpenSSL 1.1.1j [16 Feb 2021]

  * Fixed a NULL pointer deref in the X509_issuer_and_serial_hash()