diff --git a/CHANGES.md b/CHANGES.md index e4dd7833fa..2c12daf151 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -24,16 +24,6 @@ OpenSSL 3.2 ### Changes between 3.0 and 3.2 [xx XXX xxxx] - * Removed all references to invalid OSSL_PKEY_PARAM_RSA names for CRT parameters - in OpenSSL code. - Applications should not use the names OSSL_PKEY_PARAM_RSA_FACTOR, - OSSL_PKEY_PARAM_RSA_EXPONENT and OSSL_PKEY_PARAM_RSA_COEFFICIENT. - Use the numbered names such as OSSL_PKEY_PARAM_RSA_FACTOR1 instead. - Using these invalid names may cause algorithms to use slower methods - that ignore the CRT parameters. - - *Shane Lontis* - * Add support for certificate compression (RFC8879), including library support for Brotli and Zstandard compression. @@ -246,12 +236,64 @@ breaking changes, and mappings for the large list of deprecated functions. [Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod -### Changes between 3.0.6 and 3.0.7 [xx XXX xxxx] +### Changes between 3.0.6 and 3.0.7 [1 Nov 2022] + + * Fixed two buffer overflows in punycode decoding functions. + + A buffer overrun can be triggered in X.509 certificate verification, + specifically in name constraint checking. Note that this occurs after + certificate chain signature verification and requires either a CA to + have signed the malicious certificate or for the application to continue + certificate verification despite failure to construct a path to a trusted + issuer. + + In a TLS client, this can be triggered by connecting to a malicious + server. In a TLS server, this can be triggered if the server requests + client authentication and a malicious client connects. + + An attacker can craft a malicious email address to overflow + an arbitrary number of bytes containing the `.` character (decimal 46) + on the stack. This buffer overflow could result in a crash (causing a + denial of service). + ([CVE-2022-3786]) + + An attacker can craft a malicious email address to overflow four + attacker-controlled bytes on the stack. This buffer overflow could + result in a crash (causing a denial of service) or potentially remote code + execution depending on stack layout for any given platform/compiler. + ([CVE-2022-3602]) + + *Paul Dale* + + * Removed all references to invalid OSSL_PKEY_PARAM_RSA names for CRT + parameters in OpenSSL code. + Applications should not use the names OSSL_PKEY_PARAM_RSA_FACTOR, + OSSL_PKEY_PARAM_RSA_EXPONENT and OSSL_PKEY_PARAM_RSA_COEFFICIENT. + Use the numbered names such as OSSL_PKEY_PARAM_RSA_FACTOR1 instead. + Using these invalid names may cause algorithms to use slower methods + that ignore the CRT parameters. + + *Shane Lontis* + + * Fixed a regression introduced in 3.0.6 version raising errors on some stack + operations. + + *Tomáš Mráz* + + * Fixed a regression introduced in 3.0.6 version not refreshing the certificate + data to be signed before signing the certificate. + + *Gibeom Gwon* * Added RIPEMD160 to the default provider. *Paul Dale* + * Ensured that the key share group sent or accepted for the key exchange + is allowed for the protocol version. + + *Matt Caswell* + ### Changes between 3.0.5 and 3.0.6 [11 Oct 2022] * OpenSSL supports creating a custom cipher via the legacy diff --git a/NEWS.md b/NEWS.md index b934aaa0a8..fa5b43b16d 100644 --- a/NEWS.md +++ b/NEWS.md @@ -32,6 +32,13 @@ OpenSSL 3.2 OpenSSL 3.0 ----------- +### Major changes between OpenSSL 3.0.6 and OpenSSL 3.0.7 [1 Nov 2022] + + * Added RIPEMD160 to the default provider. + * Fixed regressions introduced in 3.0.6 version. + * Fixed two buffer overflows in punycode decoding functions. + ([CVE-2022-3786]) and ([CVE-2022-3602]) + ### Major changes between OpenSSL 3.0.5 and OpenSSL 3.0.6 [11 Oct 2022] * Fix for custom ciphers to prevent accidental use of NULL encryption