diff options
author | Matt Caswell <matt@openssl.org> | 2022-03-14 16:34:55 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2022-03-15 13:41:24 +0000 |
commit | f22896a2ee674a59facbd51a9a2744703a5a7308 (patch) | |
tree | ef5bac0427f25429c83cc741b5092ebadc42767d | |
parent | 3ef5c3034e5c545f34d6929568f3f2b10ac4bdf0 (diff) |
Update CHANGES/NEWS for new release
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
-rw-r--r-- | CHANGES | 29 | ||||
-rw-r--r-- | NEWS | 3 |
2 files changed, 31 insertions, 1 deletions
@@ -9,6 +9,35 @@ Changes between 1.1.1m and 1.1.1n [xx XXX xxxx] + *) Fixed a bug in the BN_mod_sqrt() function that can cause it to loop forever + for non-prime moduli. + + Internally this function is used when parsing certificates that contain + elliptic curve public keys in compressed form or explicit elliptic curve + parameters with a base point encoded in compressed form. + + It is possible to trigger the infinite loop by crafting a certificate that + has invalid explicit curve parameters. + + Since certificate parsing happens prior to verification of the certificate + signature, any process that parses an externally supplied certificate may + thus be subject to a denial of service attack. The infinite loop can also + be reached when parsing crafted private keys as they can contain explicit + elliptic curve parameters. + + Thus vulnerable situations include: + + - TLS clients consuming server certificates + - TLS servers consuming client certificates + - Hosting providers taking certificates or private keys from customers + - Certificate authorities parsing certification requests from subscribers + - Anything else which parses ASN.1 elliptic curve parameters + + Also any other applications that use the BN_mod_sqrt() where the attacker + can control the parameter values are vulnerable to this DoS issue. + (CVE-2022-0778) + [Tomáš Mráz] + *) Add ciphersuites based on DHE_PSK (RFC 4279) and ECDHE_PSK (RFC 5489) to the list of ciphersuites providing Perfect Forward Secrecy as required by SECLEVEL >= 3. @@ -7,7 +7,8 @@ Major changes between OpenSSL 1.1.1m and OpenSSL 1.1.1n [under development] - o + o Fixed a bug in the BN_mod_sqrt() function that can cause it to loop + forever for non-prime moduli ([CVE-2022-0778]) Major changes between OpenSSL 1.1.1l and OpenSSL 1.1.1m [14 Dec 2021] |