Update CHANGES/NEWS for new release

Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
2024-11-27 05:21:51 +08:00 · 2022-03-14 16:39:43 +00:00 · 2022-03-14 16:39:43 +00:00 · a40398a15e
commit a40398a15e
parent 3469282ed2
2 changed files with 47 additions and 1 deletions
--- a/CHANGES.md
+++ b/CHANGES.md
@ -114,7 +114,43 @@ breaking changes, and mappings for the large list of deprecated functions.

 [Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod

-### Changes between 3.0.1 and 3.0.2 [xx XXX xxxx]
+### Changes between 3.0.1 and 3.0.2 [15 mar 2022]
+
+ * Fixed a bug in the BN_mod_sqrt() function that can cause it to loop forever
+   for non-prime moduli.
+
+   Internally this function is used when parsing certificates that contain
+   elliptic curve public keys in compressed form or explicit elliptic curve
+   parameters with a base point encoded in compressed form.
+
+   It is possible to trigger the infinite loop by crafting a certificate that
+   has invalid explicit curve parameters.
+
+   Since certificate parsing happens prior to verification of the certificate
+   signature, any process that parses an externally supplied certificate may thus
+   be subject to a denial of service attack. The infinite loop can also be
+   reached when parsing crafted private keys as they can contain explicit
+   elliptic curve parameters.
+
+   Thus vulnerable situations include:
+
+    - TLS clients consuming server certificates
+    - TLS servers consuming client certificates
+    - Hosting providers taking certificates or private keys from customers
+    - Certificate authorities parsing certification requests from subscribers
+    - Anything else which parses ASN.1 elliptic curve parameters
+
+   Also any other applications that use the BN_mod_sqrt() where the attacker
+   can control the parameter values are vulnerable to this DoS issue.
+   ([CVE-2022-0778])
+
+   *Tomáš Mráz*
+
+ * Add ciphersuites based on DHE_PSK (RFC 4279) and ECDHE_PSK (RFC 5489)
+   to the list of ciphersuites providing Perfect Forward Secrecy as
+   required by SECLEVEL >= 3.
+
+   *Dmitry Belyavskiy, Nicola Tuveri*

 * Made the AES constant time code for no-asm configurations
   optional due to the resulting 95% performance degradation.
@ -123,6 +159,11 @@ breaking changes, and mappings for the large list of deprecated functions.

   *Paul Dale*

+ * Fixed PEM_write_bio_PKCS8PrivateKey() to make it possible to use empty
+   passphrase strings.
+
+   *Darshan Sen*
+
 * The negative return value handling of the certificate verification callback
   was reverted. The replacement is to set the verification retry state with
   the SSL_set_retry_verify() function.
--- a/NEWS.md
+++ b/NEWS.md
@ -29,6 +29,11 @@ OpenSSL 3.1
 OpenSSL 3.0
 -----------

+### Major changes between OpenSSL 3.0.1 and OpenSSL 3.0.2
+
+  * Fixed a bug in the BN_mod_sqrt() function that can cause it to loop forever
+    for non-prime moduli ([CVE-2022-0778])
+
 ### Major changes between OpenSSL 3.0.0 and OpenSSL 3.0.1

  * Fixed invalid handling of X509_verify_cert() internal errors in libssl