diff options
| author | Matt Caswell <matt@openssl.org> | 2022-03-14 17:39:43 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2022-03-15 14:25:14 +0100 |
| commit | a40398a15ea9c218f4a6db8fef2b925ca4d39451 (patch) | |
| tree | cae1dbc5d78c18052c02aea40a5a13e5493835fc /CHANGES.md | |
| parent | Add a negative testcase for BN_mod_sqrt (diff) | |
| download | openssl-a40398a15ea9c218f4a6db8fef2b925ca4d39451.tar.xz openssl-a40398a15ea9c218f4a6db8fef2b925ca4d39451.zip | |
Update CHANGES/NEWS for new release
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'CHANGES.md')
| -rw-r--r-- | CHANGES.md | 43 |
1 files changed, 42 insertions, 1 deletions
diff --git a/CHANGES.md b/CHANGES.md index eb6174966f..a343db2d50 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -114,7 +114,43 @@ breaking changes, and mappings for the large list of deprecated functions. [Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod -### Changes between 3.0.1 and 3.0.2 [xx XXX xxxx] +### Changes between 3.0.1 and 3.0.2 [15 mar 2022] + + * Fixed a bug in the BN_mod_sqrt() function that can cause it to loop forever + for non-prime moduli. + + Internally this function is used when parsing certificates that contain + elliptic curve public keys in compressed form or explicit elliptic curve + parameters with a base point encoded in compressed form. + + It is possible to trigger the infinite loop by crafting a certificate that + has invalid explicit curve parameters. + + Since certificate parsing happens prior to verification of the certificate + signature, any process that parses an externally supplied certificate may thus + be subject to a denial of service attack. The infinite loop can also be + reached when parsing crafted private keys as they can contain explicit + elliptic curve parameters. + + Thus vulnerable situations include: + + - TLS clients consuming server certificates + - TLS servers consuming client certificates + - Hosting providers taking certificates or private keys from customers + - Certificate authorities parsing certification requests from subscribers + - Anything else which parses ASN.1 elliptic curve parameters + + Also any other applications that use the BN_mod_sqrt() where the attacker + can control the parameter values are vulnerable to this DoS issue. + ([CVE-2022-0778]) + + *Tomáš Mráz* + + * Add ciphersuites based on DHE_PSK (RFC 4279) and ECDHE_PSK (RFC 5489) + to the list of ciphersuites providing Perfect Forward Secrecy as + required by SECLEVEL >= 3. + + *Dmitry Belyavskiy, Nicola Tuveri* * Made the AES constant time code for no-asm configurations optional due to the resulting 95% performance degradation. @@ -123,6 +159,11 @@ breaking changes, and mappings for the large list of deprecated functions. *Paul Dale* + * Fixed PEM_write_bio_PKCS8PrivateKey() to make it possible to use empty + passphrase strings. + + *Darshan Sen* + * The negative return value handling of the certificate verification callback was reverted. The replacement is to set the verification retry state with the SSL_set_retry_verify() function. |