mirror of https://github.com/openssl/openssl
Update CHANGES.md and NEWS.md for new release
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19379)
This commit is contained in:
Matt Caswell
parent
7b141d4934
commit
79edcf4da7
130
CHANGES.md
130
CHANGES.md
|
|
@ -218,7 +218,135 @@ breaking changes, and mappings for the large list of deprecated functions.
|
|||
|
||||
[Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod
|
||||
|
||||
### Changes between 3.0.3 and 3.0.4 [21 June 2022]
|
||||
### Changes between 3.0.5 and 3.0.6 [11 Oct 2022]
|
||||
|
||||
* OpenSSL supports creating a custom cipher via the legacy
|
||||
EVP_CIPHER_meth_new() function and associated function calls. This function
|
||||
was deprecated in OpenSSL 3.0 and application authors are instead encouraged
|
||||
to use the new provider mechanism in order to implement custom ciphers.
|
||||
|
||||
OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy custom ciphers
|
||||
passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and
|
||||
EVP_CipherInit_ex2() functions (as well as other similarly named encryption
|
||||
and decryption initialisation functions). Instead of using the custom cipher
|
||||
directly it incorrectly tries to fetch an equivalent cipher from the
|
||||
available providers. An equivalent cipher is found based on the NID passed to
|
||||
EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a
|
||||
given cipher. However it is possible for an application to incorrectly pass
|
||||
NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef
|
||||
is used in this way the OpenSSL encryption/decryption initialisation function
|
||||
will match the NULL cipher as being equivalent and will fetch this from the
|
||||
available providers. This will succeed if the default provider has been
|
||||
loaded (or if a third party provider has been loaded that offers this
|
||||
cipher). Using the NULL cipher means that the plaintext is emitted as the
|
||||
ciphertext.
|
||||
|
||||
Applications are only affected by this issue if they call
|
||||
EVP_CIPHER_meth_new() using NID_undef and subsequently use it in a call to an
|
||||
encryption/decryption initialisation function. Applications that only use
|
||||
SSL/TLS are not impacted by this issue.
|
||||
([CVE-2022-3358])
|
||||
|
||||
*Matt Caswell*
|
||||
|
||||
* Fix LLVM vs Apple LLVM version numbering confusion that caused build failures
|
||||
on MacOS 10.11
|
||||
|
||||
*Richard Levitte*
|
||||
|
||||
* Fixed the linux-mips64 Configure target which was missing the
|
||||
SIXTY_FOUR_BIT bn_ops flag. This was causing heap corruption on that
|
||||
platform.
|
||||
|
||||
*Adam Joseph*
|
||||
|
||||
* Fix handling of a ticket key callback that returns 0 in TLSv1.3 to not send a
|
||||
ticket
|
||||
|
||||
*Matt Caswell*
|
||||
|
||||
* Correctly handle a retransmitted ClientHello in DTLS
|
||||
|
||||
*Matt Caswell*
|
||||
|
||||
* Fixed detection of ktls support in cross-compile environment on Linux
|
||||
|
||||
*Tomas Mraz*
|
||||
|
||||
* Fixed some regressions and test failures when running the 3.0.0 FIPS provider
|
||||
against 3.0.x
|
||||
|
||||
*Paul Dale*
|
||||
|
||||
* Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to
|
||||
report correct results in some cases
|
||||
|
||||
*Matt Caswell*
|
||||
|
||||
* Fix UWP builds by defining VirtualLock
|
||||
|
||||
*Charles Milette*
|
||||
|
||||
* For known safe primes use the minimum key length according to RFC 7919.
|
||||
Longer private key sizes unnecessarily raise the cycles needed to compute the
|
||||
shared secret without any increase of the real security. This fixes a
|
||||
regression from 1.1.1 where these shorter keys were generated for the known
|
||||
safe primes.
|
||||
|
||||
*Tomas Mraz*
|
||||
|
||||
* Added the loongarch64 target
|
||||
|
||||
*Shi Pujin*
|
||||
|
||||
* Fixed EC ASM flag passing. Flags for ASM implementations of EC curves were
|
||||
only passed to the FIPS provider and not to the default or legacy provider.
|
||||
|
||||
*Juergen Christ*
|
||||
|
||||
* Fixed reported performance degradation on aarch64. Restored the
|
||||
implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid
|
||||
32-bit lane assignment in CTR mode") for 64bit targets only, since it is
|
||||
reportedly 2-17% slower and the silicon errata only affects 32bit targets.
|
||||
The new algorithm is still used for 32 bit targets.
|
||||
|
||||
*Bernd Edlinger*
|
||||
|
||||
* Added a missing header for memcmp that caused compilation failure on some
|
||||
platforms
|
||||
|
||||
*Gregor Jasny*
|
||||
|
||||
### Changes between 3.0.4 and 3.0.5 [5 Jul 2022]
|
||||
|
||||
* The OpenSSL 3.0.4 release introduced a serious bug in the RSA
|
||||
implementation for X86_64 CPUs supporting the AVX512IFMA instructions.
|
||||
This issue makes the RSA implementation with 2048 bit private keys
|
||||
incorrect on such machines and memory corruption will happen during
|
||||
the computation. As a consequence of the memory corruption an attacker
|
||||
may be able to trigger a remote code execution on the machine performing
|
||||
the computation.
|
||||
|
||||
SSL/TLS servers or other servers using 2048 bit RSA private keys running
|
||||
on machines supporting AVX512IFMA instructions of the X86_64 architecture
|
||||
are affected by this issue.
|
||||
([CVE-2022-2274])
|
||||
|
||||
*Xi Ruoyao*
|
||||
|
||||
* AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised
|
||||
implementation would not encrypt the entirety of the data under some
|
||||
circumstances. This could reveal sixteen bytes of data that was
|
||||
preexisting in the memory that wasn't written. In the special case of
|
||||
"in place" encryption, sixteen bytes of the plaintext would be revealed.
|
||||
|
||||
Since OpenSSL does not support OCB based cipher suites for TLS and DTLS,
|
||||
they are both unaffected.
|
||||
([CVE-2022-2097])
|
||||
|
||||
*Alex Chernyakhovsky, David Benjamin, Alejandro Sedeño*
|
||||
|
||||
### Changes between 3.0.3 and 3.0.4 [21 Jun 2022]
|
||||
|
||||
* In addition to the c_rehash shell command injection identified in
|
||||
CVE-2022-1292, further bugs where the c_rehash script does not
|
||||
|
|
|
|||
12
NEWS.md
12
NEWS.md
|
|
@ -30,6 +30,18 @@ OpenSSL 3.2
|
|||
OpenSSL 3.0
|
||||
-----------
|
||||
|
||||
### Major changes between OpenSSL 3.0.5 and OpenSSL 3.0.6 [11 Oct 2022]
|
||||
|
||||
* Fix for custom ciphers to prevent accidental use of NULL encryption
|
||||
([CVE-2022-3358])
|
||||
|
||||
### Major changes between OpenSSL 3.0.4 and OpenSSL 3.0.5 [5 Jul 2022]
|
||||
|
||||
* Fixed heap memory corruption with RSA private key operation
|
||||
([CVE-2022-2274])
|
||||
* Fixed AES OCB failure to encrypt some bytes on 32-bit x86 platforms
|
||||
([CVE-2022-2097])
|
||||
|
||||
### Major changes between OpenSSL 3.0.3 and OpenSSL 3.0.4 [21 Jun 2022]
|
||||
|
||||
* Fixed additional bugs in the c_rehash script which was not properly
|
||||
|
|
|
|||
Loading…
Reference in New Issue