From: Richard Levitte <levitte@openssl.org>
Date: Tue, 5 Jul 2022 08:25:00 +0000 (+0200)
Subject: Update CHANGES and NEWS for upcoming release 1.1.1q
X-Git-Tag: OpenSSL_1_1_1q~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=78ba51a3b8b505d8d03abca8fa95e4fb1464d94e;p=thirdparty%2Fopenssl.git

Update CHANGES and NEWS for upcoming release 1.1.1q

Reviewed-by: Paul Dale <pauli@openssl.org>
Release: yes
---

diff --git a/CHANGES b/CHANGES
index b72c71d26b4..62a555762dd 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,7 +9,16 @@
 
  Changes between 1.1.1p and 1.1.1q [xx XXX xxxx]
 
-  *)
+  *) AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised
+     implementation would not encrypt the entirety of the data under some
+     circumstances.  This could reveal sixteen bytes of data that was
+     preexisting in the memory that wasn't written.  In the special case of
+     "in place" encryption, sixteen bytes of the plaintext would be revealed.
+
+     Since OpenSSL does not support OCB based cipher suites for TLS and DTLS,
+     they are both unaffected.
+     (CVE-2022-2097)
+     [Alex Chernyakhovsky, David Benjamin, Alejandro Sedeño]
 
  Changes between 1.1.1o and 1.1.1p [21 Jun 2022]
 
diff --git a/NEWS b/NEWS
index d0c810f52f6..892793313fb 100644
--- a/NEWS
+++ b/NEWS
@@ -7,7 +7,8 @@
 
   Major changes between OpenSSL 1.1.1p and OpenSSL 1.1.1q [under development]
 
-      o
+      o Fixed AES OCB failure to encrypt some bytes on 32-bit x86 platforms
+        (CVE-2022-2097)
 
   Major changes between OpenSSL 1.1.1o and OpenSSL 1.1.1p [21 Jun 2022]