diff options
| author | Matt Caswell <matt@openssl.org> | 2022-03-14 16:30:26 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2022-03-15 13:36:32 +0000 |
| commit | db9c0d5969de809d452162e9bdc08291b78913bf (patch) | |
| tree | 79bbfb62043bfb87759ac069f2a943ce87dbefde | |
| parent | af9ca22dee50cc30e89bd2817340d00e2a174fc9 (diff) | |
Update CHANGES/NEWS for new release
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
| -rw-r--r-- | CHANGES.md | 30 | ||||
| -rw-r--r-- | NEWS.md | 3 |
2 files changed, 32 insertions, 1 deletions
diff --git a/CHANGES.md b/CHANGES.md index b569b1c1c5..77a414020e 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -30,6 +30,36 @@ breaking changes, and mappings for the large list of deprecated functions. ### Changes between 3.0.1 and 3.0.2 [xx XXX xxxx] + * Fixed a bug in the BN_mod_sqrt() function that can cause it to loop forever + for non-prime moduli. + + Internally this function is used when parsing certificates that contain + elliptic curve public keys in compressed form or explicit elliptic curve + parameters with a base point encoded in compressed form. + + It is possible to trigger the infinite loop by crafting a certificate that + has invalid explicit curve parameters. + + Since certificate parsing happens prior to verification of the certificate + signature, any process that parses an externally supplied certificate may thus + be subject to a denial of service attack. The infinite loop can also be + reached when parsing crafted private keys as they can contain explicit + elliptic curve parameters. + + Thus vulnerable situations include: + + - TLS clients consuming server certificates + - TLS servers consuming client certificates + - Hosting providers taking certificates or private keys from customers + - Certificate authorities parsing certification requests from subscribers + - Anything else which parses ASN.1 elliptic curve parameters + + Also any other applications that use the BN_mod_sqrt() where the attacker + can control the parameter values are vulnerable to this DoS issue. + ([CVE-2022-0778]) + + *Tomáš Mráz* + * Add ciphersuites based on DHE_PSK (RFC 4279) and ECDHE_PSK (RFC 5489) to the list of ciphersuites providing Perfect Forward Secrecy as required by SECLEVEL >= 3. @@ -20,7 +20,8 @@ OpenSSL 3.0 ### Major changes between OpenSSL 3.0.1 and OpenSSL 3.0.2 [under development] - * none + * Fixed a bug in the BN_mod_sqrt() function that can cause it to loop forever + for non-prime moduli ([CVE-2022-0778]) ### Major changes between OpenSSL 3.0.0 and OpenSSL 3.0.1 [14 Dec 2021] |