zzy/openssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update CHANGES/NEWS for new release

Browse Source 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
This commit is contained in:
Matt Caswell 2022-03-14 16:39:43 +00:00
parent 3469282ed2
commit a40398a15e
2 changed files with 47 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
CHANGES.md
View File

@ -114,7 +114,43 @@ breaking changes, and mappings for the large list of deprecated functions.
[Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod [Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod
### Changes between 3.0.1 and 3.0.2 [xx XXX xxxx] ### Changes between 3.0.1 and 3.0.2 [15 mar 2022]
* Fixed a bug in the BN_mod_sqrt() function that can cause it to loop forever
for non-prime moduli.
Internally this function is used when parsing certificates that contain
elliptic curve public keys in compressed form or explicit elliptic curve
parameters with a base point encoded in compressed form.
It is possible to trigger the infinite loop by crafting a certificate that
has invalid explicit curve parameters.
Since certificate parsing happens prior to verification of the certificate
signature, any process that parses an externally supplied certificate may thus
be subject to a denial of service attack. The infinite loop can also be
reached when parsing crafted private keys as they can contain explicit
elliptic curve parameters.
Thus vulnerable situations include:
- TLS clients consuming server certificates
- TLS servers consuming client certificates
- Hosting providers taking certificates or private keys from customers
- Certificate authorities parsing certification requests from subscribers
- Anything else which parses ASN.1 elliptic curve parameters
Also any other applications that use the BN_mod_sqrt() where the attacker
can control the parameter values are vulnerable to this DoS issue.
([CVE-2022-0778])
*Tomáš Mráz*
* Add ciphersuites based on DHE_PSK (RFC 4279) and ECDHE_PSK (RFC 5489)
to the list of ciphersuites providing Perfect Forward Secrecy as
required by SECLEVEL >= 3.
*Dmitry Belyavskiy, Nicola Tuveri*
* Made the AES constant time code for no-asm configurations * Made the AES constant time code for no-asm configurations
optional due to the resulting 95% performance degradation. optional due to the resulting 95% performance degradation.
@ -123,6 +159,11 @@ breaking changes, and mappings for the large list of deprecated functions.
*Paul Dale* *Paul Dale*
* Fixed PEM_write_bio_PKCS8PrivateKey() to make it possible to use empty
passphrase strings.
*Darshan Sen*
* The negative return value handling of the certificate verification callback * The negative return value handling of the certificate verification callback
was reverted. The replacement is to set the verification retry state with was reverted. The replacement is to set the verification retry state with
the SSL_set_retry_verify() function. the SSL_set_retry_verify() function.

5
NEWS.md
View File

@ -29,6 +29,11 @@ OpenSSL 3.1
OpenSSL 3.0 OpenSSL 3.0
----------- -----------
### Major changes between OpenSSL 3.0.1 and OpenSSL 3.0.2
* Fixed a bug in the BN_mod_sqrt() function that can cause it to loop forever
for non-prime moduli ([CVE-2022-0778])
### Major changes between OpenSSL 3.0.0 and OpenSSL 3.0.1 ### Major changes between OpenSSL 3.0.0 and OpenSSL 3.0.1
* Fixed invalid handling of X509_verify_cert() internal errors in libssl * Fixed invalid handling of X509_verify_cert() internal errors in libssl