From 88869608422632f70456e3f4cb658fba8eac0b04 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Mon, 29 Sep 2025 14:23:12 +0200 Subject: [PATCH] Add CHANGES.md and NEWS.md updates Including a few corrections of the previous entries. Reviewed-by: Neil Horman Reviewed-by: Matt Caswell --- CHANGES.md | 102 +++++++++++++++++++++++++++++++++++++++++++++++++++++ NEWS.md | 49 +++++++++++++++++++------ 2 files changed, 141 insertions(+), 10 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 6aab4733e1..185c5caf00 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -296,6 +296,105 @@ OpenSSL 3.6 OpenSSL 3.5 ----------- +### Changes between 3.5.3 and 3.5.4 [xx XXX xxxx] + + * Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap + + Issue summary: An application trying to decrypt CMS messages encrypted using + password based encryption can trigger an out-of-bounds read and write. + + Impact summary: This out-of-bounds read may trigger a crash which leads to + Denial of Service for an application. The out-of-bounds write can cause + a memory corruption which can have various consequences including + a Denial of Service or Execution of attacker-supplied code. + + The issue was reported by Stanislav Fort (Aisle Research). + + ([CVE-2025-9230]) + + *Viktor Dukhovni* + + * Fix Timing side-channel in SM2 algorithm on 64 bit ARM + + Issue summary: A timing side-channel which could potentially allow remote + recovery of the private key exists in the SM2 algorithm implementation on + 64 bit ARM platforms. + + Impact summary: A timing side-channel in SM2 signature computations on + 64 bit ARM platforms could allow recovering the private key by an attacker. + + The issue was reported by Stanislav Fort (Aisle Research). + + ([CVE-2025-9231]) + + *Stanislav Fort and Tomáš Mráz* + + * Fix Out-of-bounds read in HTTP client no_proxy handling + + Issue summary: An application using the OpenSSL HTTP client API functions + may trigger an out-of-bounds read if the "no_proxy" environment variable is + set and the host portion of the authority component of the HTTP URL is an + IPv6 address. + + Impact summary: An out-of-bounds read can trigger a crash which leads to + Denial of Service for an application. + + The issue was reported by Stanislav Fort (Aisle Research). + + ([CVE-2025-9232]) + + *Stanislav Fort* + +### Changes between 3.5.2 and 3.5.3 [16 Sep 2025] + + * Avoided a potential race condition introduced in 3.5.1, where + `OSSL_STORE_CTX` kept open during lookup while potentially being used + by multiple threads simultaneously, that could lead to potential crashes + when multiple concurrent TLS connections are served. + + *Matt Caswell* + + * The FIPS provider no longer performs a PCT on key import for RSA, DH, + and EC keys (that was introduced in 3.5.2), following the latest update + on that requirement in FIPS 140-3 IG 10.3.A additional comment 1. + + *Dr Paul Dale* + + * Secure memory allocation calls are no longer used for HMAC keys. + + *Dr Paul Dale* + + * `openssl req` no longer generates certificates with an empty extension list + when SKID/AKID are set to `none` during generation. + + *David Benjamin* + + * The man page date is now derived from the release date provided + in `VERSION.dat` and not the current date for the released builds. + + *Enji Cooper* + + * Hardened the provider implementation of the RSA public key "encrypt" + operation to add a missing check that the caller-indicated output buffer + size is at least as large as the byte count of the RSA modulus. The issue + was reported by Arash Ale Ebrahim from SYSPWN. + + This operation is typically invoked via `EVP_PKEY_encrypt(3)`. Callers that + in fact provide a sufficiently large buffer, but fail to correctly indicate + its size may now encounter unexpected errors. In applications that attempt + RSA public encryption into a buffer that is too small, an out-of-bounds + write is now avoided and an error is reported instead. + + *Viktor Dukhovni* + + * Added FIPS 140-3 PCT on DH key generation. + + *Nikola Pajkovsky* + + * Fixed the synthesised `OPENSSL_VERSION_NUMBER`. + + *Richard Levitte* + ### Changes between 3.5.1 and 3.5.2 [5 Aug 2025] * The FIPS provider now performs a PCT on key import for RSA, EC and ECX. @@ -21502,6 +21601,9 @@ ndif +[CVE-2025-9232]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9232 +[CVE-2025-9231]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9231 +[CVE-2025-9230]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9230 [CVE-2025-4575]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-4575 [CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176 [CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143 diff --git a/NEWS.md b/NEWS.md index 3f0901520d..a08f2541cc 100644 --- a/NEWS.md +++ b/NEWS.md @@ -37,9 +37,7 @@ OpenSSL 3.6 This release incorporates the following potentially significant or incompatible changes: - * Added PCT for key import for SLH-DSA when in FIPS mode - - * Added FIPS 140-3 PCT on DH key generation + * Added FIPS 140-3 PCT on DH key generation. * Added NIST security categories for PKEY objects. @@ -55,7 +53,7 @@ changes: * The VxWorks platforms have been removed. - * Added an `openssl configutl` utility for processing the openssl + * Added an `openssl configutl` utility for processing the OpenSSL configuration file and dumping the equal configuration file. * Added support for FIPS 186-5 deterministic ECDSA signature @@ -66,12 +64,40 @@ changes: OpenSSL 3.5 ----------- -### Changes between 3.5.1 and 3.5.2 [5 Aug 2025] +### Major changes between OpenSSL 3.5.3 and OpenSSL 3.5.4 [under development] - * The FIPS provider now performs a PCT on key import for RSA, EC and ECX. - This is mandated by FIPS 140-3 IG 10.3.A additional comment 1. +OpenSSL 3.5.4 is a security patch release. The most severe CVE fixed in this +release is Moderate. - *Dr Paul Dale* +This release incorporates the following bug fixes and mitigations: + + * Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap. + ([CVE-2025-9230]) + + * Fix Timing side-channel in SM2 algorithm on 64 bit ARM. + ([CVE-2025-9231]) + + * Fix Out-of-bounds read in HTTP client no_proxy handling. + ([CVE-2025-9232]) + +### Major changes between OpenSSL 3.5.2 and OpenSSL 3.5.3 [16 Sep 2025] + +OpenSSL 3.5.3 is a bug fix release. + +This release incorporates the following bug fixes and mitigations: + + * Added FIPS 140-3 PCT on DH key generation. + + * Fixed the synthesised `OPENSSL_VERSION_NUMBER`. + + * Removed PCT on key import in the FIPS provider as it is not required by + the standard. + +### Major changes between OpenSSL 3.5.1 and OpenSSL 3.5.2 [5 Aug 2025] + +OpenSSL 3.5.2 is a bug fix release. + + * The FIPS provider now performs a PCT on key import for RSA, EC and ECX. ### Major changes between OpenSSL 3.5.0 and OpenSSL 3.5.1 [1 Jul 2025] @@ -81,9 +107,9 @@ release is Low. This release incorporates the following bug fixes and mitigations: * Fix x509 application adds trusted use instead of rejected use. - ([CVE-2025-4575]) + ([CVE-2025-4575]) -### Major changes between OpenSSL 3.4 and OpenSSL 3.5 [8 Apr 2025] +### Major changes between OpenSSL 3.4 and OpenSSL 3.5.0 [8 Apr 2025] OpenSSL 3.5.0 is a feature release adding significant new functionality to OpenSSL. @@ -1949,6 +1975,9 @@ OpenSSL 0.9.x * Support for various new platforms +[CVE-2025-9232]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9232 +[CVE-2025-9231]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9231 +[CVE-2025-9230]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9230 [CVE-2025-4575]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-4575 [CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176 [CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143