From: Matt Caswell Date: Mon, 10 Oct 2022 10:20:08 +0000 (+0100) Subject: Update CHANGES.md and NEWS.md for new release X-Git-Tag: openssl-3.2.0-alpha1~1918 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=79edcf4da7d4525acf0db894bc6af6f9ca2b9b9b;p=thirdparty%2Fopenssl.git Update CHANGES.md and NEWS.md for new release Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19379) --- diff --git a/CHANGES.md b/CHANGES.md index dd33d5177a0..fac9d80cc02 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -218,7 +218,135 @@ breaking changes, and mappings for the large list of deprecated functions. [Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod -### Changes between 3.0.3 and 3.0.4 [21 June 2022] +### Changes between 3.0.5 and 3.0.6 [11 Oct 2022] + + * OpenSSL supports creating a custom cipher via the legacy + EVP_CIPHER_meth_new() function and associated function calls. This function + was deprecated in OpenSSL 3.0 and application authors are instead encouraged + to use the new provider mechanism in order to implement custom ciphers. + + OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy custom ciphers + passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and + EVP_CipherInit_ex2() functions (as well as other similarly named encryption + and decryption initialisation functions). Instead of using the custom cipher + directly it incorrectly tries to fetch an equivalent cipher from the + available providers. An equivalent cipher is found based on the NID passed to + EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a + given cipher. However it is possible for an application to incorrectly pass + NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef + is used in this way the OpenSSL encryption/decryption initialisation function + will match the NULL cipher as being equivalent and will fetch this from the + available providers. This will succeed if the default provider has been + loaded (or if a third party provider has been loaded that offers this + cipher). Using the NULL cipher means that the plaintext is emitted as the + ciphertext. + + Applications are only affected by this issue if they call + EVP_CIPHER_meth_new() using NID_undef and subsequently use it in a call to an + encryption/decryption initialisation function. Applications that only use + SSL/TLS are not impacted by this issue. + ([CVE-2022-3358]) + + *Matt Caswell* + + * Fix LLVM vs Apple LLVM version numbering confusion that caused build failures + on MacOS 10.11 + + *Richard Levitte* + + * Fixed the linux-mips64 Configure target which was missing the + SIXTY_FOUR_BIT bn_ops flag. This was causing heap corruption on that + platform. + + *Adam Joseph* + + * Fix handling of a ticket key callback that returns 0 in TLSv1.3 to not send a + ticket + + *Matt Caswell* + + * Correctly handle a retransmitted ClientHello in DTLS + + *Matt Caswell* + + * Fixed detection of ktls support in cross-compile environment on Linux + + *Tomas Mraz* + + * Fixed some regressions and test failures when running the 3.0.0 FIPS provider + against 3.0.x + + *Paul Dale* + + * Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to + report correct results in some cases + + *Matt Caswell* + + * Fix UWP builds by defining VirtualLock + + *Charles Milette* + + * For known safe primes use the minimum key length according to RFC 7919. + Longer private key sizes unnecessarily raise the cycles needed to compute the + shared secret without any increase of the real security. This fixes a + regression from 1.1.1 where these shorter keys were generated for the known + safe primes. + + *Tomas Mraz* + + * Added the loongarch64 target + + *Shi Pujin* + + * Fixed EC ASM flag passing. Flags for ASM implementations of EC curves were + only passed to the FIPS provider and not to the default or legacy provider. + + *Juergen Christ* + + * Fixed reported performance degradation on aarch64. Restored the + implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid + 32-bit lane assignment in CTR mode") for 64bit targets only, since it is + reportedly 2-17% slower and the silicon errata only affects 32bit targets. + The new algorithm is still used for 32 bit targets. + + *Bernd Edlinger* + + * Added a missing header for memcmp that caused compilation failure on some + platforms + + *Gregor Jasny* + +### Changes between 3.0.4 and 3.0.5 [5 Jul 2022] + + * The OpenSSL 3.0.4 release introduced a serious bug in the RSA + implementation for X86_64 CPUs supporting the AVX512IFMA instructions. + This issue makes the RSA implementation with 2048 bit private keys + incorrect on such machines and memory corruption will happen during + the computation. As a consequence of the memory corruption an attacker + may be able to trigger a remote code execution on the machine performing + the computation. + + SSL/TLS servers or other servers using 2048 bit RSA private keys running + on machines supporting AVX512IFMA instructions of the X86_64 architecture + are affected by this issue. + ([CVE-2022-2274]) + + *Xi Ruoyao* + + * AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised + implementation would not encrypt the entirety of the data under some + circumstances. This could reveal sixteen bytes of data that was + preexisting in the memory that wasn't written. In the special case of + "in place" encryption, sixteen bytes of the plaintext would be revealed. + + Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, + they are both unaffected. + ([CVE-2022-2097]) + + *Alex Chernyakhovsky, David Benjamin, Alejandro Sedeño* + +### Changes between 3.0.3 and 3.0.4 [21 Jun 2022] * In addition to the c_rehash shell command injection identified in CVE-2022-1292, further bugs where the c_rehash script does not diff --git a/NEWS.md b/NEWS.md index 3ab273da089..3df3bbc007a 100644 --- a/NEWS.md +++ b/NEWS.md @@ -30,6 +30,18 @@ OpenSSL 3.2 OpenSSL 3.0 ----------- +### Major changes between OpenSSL 3.0.5 and OpenSSL 3.0.6 [11 Oct 2022] + + * Fix for custom ciphers to prevent accidental use of NULL encryption + ([CVE-2022-3358]) + +### Major changes between OpenSSL 3.0.4 and OpenSSL 3.0.5 [5 Jul 2022] + + * Fixed heap memory corruption with RSA private key operation + ([CVE-2022-2274]) + * Fixed AES OCB failure to encrypt some bytes on 32-bit x86 platforms + ([CVE-2022-2097]) + ### Major changes between OpenSSL 3.0.3 and OpenSSL 3.0.4 [21 Jun 2022] * Fixed additional bugs in the c_rehash script which was not properly