Changeset View
Changeset View
Standalone View
Standalone View
CHANGES.md
Context not available. | |||||
[Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod | [Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod | ||||
### Changes between 3.0.8 and 3.0.9 [30 May 2023] | |||||
* Mitigate for the time it takes for `OBJ_obj2txt` to translate gigantic | |||||
OBJECT IDENTIFIER sub-identifiers to canonical numeric text form. | |||||
OBJ_obj2txt() would translate any size OBJECT IDENTIFIER to canonical | |||||
numeric text form. For gigantic sub-identifiers, this would take a very | |||||
long time, the time complexity being O(n^2) where n is the size of that | |||||
sub-identifier. ([CVE-2023-2650]) | |||||
To mitigitate this, `OBJ_obj2txt()` will only translate an OBJECT | |||||
IDENTIFIER to canonical numeric text form if the size of that OBJECT | |||||
IDENTIFIER is 586 bytes or less, and fail otherwise. | |||||
The basis for this restriction is RFC 2578 (STD 58), section 3.5. OBJECT | |||||
IDENTIFIER values, which stipulates that OBJECT IDENTIFIERS may have at | |||||
most 128 sub-identifiers, and that the maximum value that each sub- | |||||
identifier may have is 2^32-1 (4294967295 decimal). | |||||
For each byte of every sub-identifier, only the 7 lower bits are part of | |||||
the value, so the maximum amount of bytes that an OBJECT IDENTIFIER with | |||||
these restrictions may occupy is 32 * 128 / 7, which is approximately 586 | |||||
bytes. | |||||
Ref: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5 | |||||
*Richard Levitte* | |||||
* Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms which | |||||
happens if the buffer size is 4 mod 5 in 16 byte AES blocks. This can | |||||
trigger a crash of an application using AES-XTS decryption if the memory | |||||
just after the buffer being decrypted is not mapped. | |||||
Thanks to Anton Romanov (Amazon) for discovering the issue. | |||||
([CVE-2023-1255]) | |||||
*Nevine Ebeid* | |||||
* Reworked the Fix for the Timing Oracle in RSA Decryption ([CVE-2022-4304]). | |||||
The previous fix for this timing side channel turned out to cause | |||||
a severe 2-3x performance regression in the typical use case | |||||
compared to 3.0.7. The new fix uses existing constant time | |||||
code paths, and restores the previous performance level while | |||||
fully eliminating all existing timing side channels. | |||||
The fix was developed by Bernd Edlinger with testing support | |||||
by Hubert Kario. | |||||
*Bernd Edlinger* | |||||
* Corrected documentation of X509_VERIFY_PARAM_add0_policy() to mention | |||||
that it does not enable policy checking. Thanks to David Benjamin for | |||||
discovering this issue. | |||||
([CVE-2023-0466]) | |||||
*Tomáš Mráz* | |||||
* Fixed an issue where invalid certificate policies in leaf certificates are | |||||
silently ignored by OpenSSL and other certificate policy checks are skipped | |||||
for that certificate. A malicious CA could use this to deliberately assert | |||||
invalid certificate policies in order to circumvent policy checking on the | |||||
certificate altogether. | |||||
([CVE-2023-0465]) | |||||
*Matt Caswell* | |||||
* Limited the number of nodes created in a policy tree to mitigate | |||||
against CVE-2023-0464. The default limit is set to 1000 nodes, which | |||||
should be sufficient for most installations. If required, the limit | |||||
can be adjusted by setting the OPENSSL_POLICY_TREE_NODES_MAX build | |||||
time define to a desired maximum number of nodes or zero to allow | |||||
unlimited growth. | |||||
([CVE-2023-0464]) | |||||
*Paul Dale* | |||||
### Changes between 3.0.7 and 3.0.8 [7 Feb 2023] | ### Changes between 3.0.7 and 3.0.8 [7 Feb 2023] | ||||
* Fixed NULL dereference during PKCS7 data verification. | * Fixed NULL dereference during PKCS7 data verification. | ||||
Context not available. | |||||
<!-- Links --> | <!-- Links --> | ||||
[CVE-2023-2650]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2650 | |||||
[CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255 | |||||
[CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466 | |||||
[CVE-2023-0465]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0465 | |||||
[CVE-2023-0464]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0464 | |||||
[CVE-2023-0401]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0401 | [CVE-2023-0401]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0401 | ||||
[CVE-2023-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0286 | [CVE-2023-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0286 | ||||
[CVE-2023-0217]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0217 | [CVE-2023-0217]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0217 | ||||
Context not available. | |||||
[CVE-2022-4203]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4203 | [CVE-2022-4203]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4203 | ||||
[CVE-2022-3996]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-3996 | [CVE-2022-3996]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-3996 | ||||
[CVE-2022-2274]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2274 | [CVE-2022-2274]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2274 | ||||
[CVE-2022-2097]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2274 | [CVE-2022-2097]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2097 | ||||
[CVE-2020-1971]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1971 | [CVE-2020-1971]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1971 | ||||
[CVE-2020-1967]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1967 | [CVE-2020-1967]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1967 | ||||
[CVE-2019-1563]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1563 | [CVE-2019-1563]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1563 | ||||
Context not available. |