OpenSSL is one of the cryptographic libraries most used by operating systems, Windows and many Linux and Unix-based distributions make use of OpenSSL to manage all cryptography, digital certificates, etc. Having a cryptographic library without security flaws is essential, and today we have known the launch of a new OpenSSL 1.1.1k version that comes to solve two serious flaws that were incorporated when solving other security flaws. Do you want to know all the details and if these security flaws affect you?
Bypass in checking the CA certificate
OpenSSL introduced a new function called X509_V_FLAG_X509_STRICT, the objective of this function is to check suspicious digital certificates, with the aim of denying their use by returning an error. This feature was incorporated because a bug was found in the ECC elliptical curve certificate checking feature in the Windows implementation, this would allow an attacker to validate the entire certificate as good without returning any errors. These Microsoft-verified ECC-based certificates didn’t work, and everyone accepted them. Microsoft added a new feature and OpenSSL inherited this feature to detect “suspicious” digital certificates. As of OpenSSL version 1.1.1h, an additional check was added to not allow this type of certificate.
An error in the implementation of this check, caused a pre-check to not validate correctly, and non-CA certificates can issue certificates (something that should not happen, only CAs can issue and revoke certificates). Therefore, this could cause certificates to be generated from normal certificates (not CAs), something that should never happen.
An important detail is that the X509_V_FLAG_X509_STRICT function is not enabled by default, but if an application activates it to use it, it could cause other problems. This bug affects all OpenSSL versions 1.1.1h and later, all users of this version should update to version 1.1.1k as soon as possible. If you are using OpenSSL version 1.0.2 you are not affected by this problem.
Denial of service to TLS servers with OpenSSL
Another very important bug that they have fixed is related to the negotiation of the TLS protocol. A TLS server using the OpenSSL cryptographic library may fail if a ClientHello renegotiation is sent from the client. If in a renegotiation with TLSv1.2 the ClienHello omits the signature_algoritms extension (where the initial ClientHello was present) but includes a signature_algorithms_cert extension then dereference the pointer and causes a lock with its corresponding denial of service.
Any server is only vulnerable if it uses the TLSv1.2 protocol and renegotiation is enabled (by default it is). TLS clients are not affected by this vulnerability, only servers. All OpenSSL 1.1.1 versions are affected by this bug, therefore, it is recommended to update to OpenSSL 1.1.1k version as soon as possible. The OpenSSL version 1.0.2 is also not affected by this problem.
We must remember that OpenSSL version 1.0.2 is out of support, the same as version 1.1.0, therefore, it is recommended that we always update to the latest OpenSSL 1.1.1k version to solve all these problems found. If you have a Linux operating system, just run the following commands to proceed with the update when it is available in the repository:
sudo apt updatesudo apt upgrade
We recommend you read the thread by Sergio de los Santos where he easily explains both failures: