### Changes between 3.0.5 and 3.0.6 [xx XXX xxxx]
- * none yet
+ * OpenSSL supports creating a custom cipher via the legacy
+ EVP_CIPHER_meth_new() function and associated function calls. This function
+ was deprecated in OpenSSL 3.0 and application authors are instead encouraged
+ to use the new provider mechanism in order to implement custom ciphers.
+
+ OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy custom ciphers
+ passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and
+ EVP_CipherInit_ex2() functions (as well as other similarly named encryption
+ and decryption initialisation functions). Instead of using the custom cipher
+ directly it incorrectly tries to fetch an equivalent cipher from the
+ available providers. An equivalent cipher is found based on the NID passed to
+ EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a
+ given cipher. However it is possible for an application to incorrectly pass
+ NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef
+ is used in this way the OpenSSL encryption/decryption initialisation function
+ will match the NULL cipher as being equivalent and will fetch this from the
+ available providers. This will succeed if the default provider has been
+ loaded (or if a third party provider has been loaded that offers this
+ cipher). Using the NULL cipher means that the plaintext is emitted as the
+ ciphertext.
+
+ Applications are only affected by this issue if they call
+ EVP_CIPHER_meth_new() using NID_undef and subsequently use it in a call to an
+ encryption/decryption initialisation function. Applications that only use
+ SSL/TLS are not impacted by this issue.
+ ([CVE-2022-3358])
+
+ *Matt Caswell*
+
+ * Fix LLVM vs Apple LLVM version numbering confusion that caused build failures
+ on MacOS 10.11
+
+ *Richard Levitte*
+
+ * Fixed the linux-mips64 Configure target which was missing the
+ SIXTY_FOUR_BIT bn_ops flag. This was causing heap corruption on that
+ platform.
+
+ *Adam Joseph*
+
+ * Fix handling of a ticket key callback that returns 0 in TLSv1.3 to not send a
+ ticket
+
+ *Matt Caswell*
+
+ * Correctly handle a retransmitted ClientHello in DTLS
+
+ *Matt Caswell*
+
+ * Fixed detection of ktls support in cross-compile environment on Linux
+
+ *Tomas Mraz*
+
+ * Fixed some regressions and test failures when running the 3.0.0 FIPS provider
+ against 3.0.x
+
+ *Paul Dale*
+
+ * Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to
+ report correct results in some cases
+
+ *Matt Caswell*
+
+ * Fix UWP builds by defining VirtualLock
+
+ *Charles Milette*
+
+ * For known safe primes use the minimum key length according to RFC 7919.
+ Longer private key sizes unnecessarily raise the cycles needed to compute the
+ shared secret without any increase of the real security. This fixes a
+ regression from 1.1.1 where these shorter keys were generated for the known
+ safe primes.
+
+ *Tomas Mraz*
+
+ * Added the loongarch64 target
+
+ *Shi Pujin*
+
+ * Fixed EC ASM flag passing. Flags for ASM implementations of EC curves were
+ only passed to the FIPS provider and not to the default or legacy provider.
+
+ *Juergen Christ*
+
+ * Fixed reported performance degradation on aarch64. Restored the
+ implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid
+ 32-bit lane assignment in CTR mode") for 64bit targets only, since it is
+ reportedly 2-17% slower and the silicon errata only affects 32bit targets.
+ The new algorithm is still used for 32 bit targets.
+
+ *Bernd Edlinger*
+
+ * Added a missing header for memcmp that caused compilation failure on some
+ platforms
+
+ *Gregor Jasny*
### Changes between 3.0.4 and 3.0.5 [5 Jul 2022]
projects / openssl.git / commitdiff