[openssl/openssl] 5dc2b7: Sync CHANGES.md and NEWS.md with 3.2 branch

Tomáš Mráz noreply at github.com
Tue Jan 9 14:47:54 UTC 2024 

  Branch: refs/heads/master
  Home:   https://github.com/openssl/openssl
  Commit: 5dc2b72df76cf21095bd6a34449feb8474d85368
      https://github.com/openssl/openssl/commit/5dc2b72df76cf21095bd6a34449feb8474d85368
  Author: Tomas Mraz <tomas at openssl.org>
  Date:   2024-01-09 (Tue, 09 Jan 2024)

  Changed paths:
    M CHANGES.md
    M NEWS.md

  Log Message:
  -----------
  Sync CHANGES.md and NEWS.md with 3.2 branch

Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23200)


  Commit: 8d847a3ffd4f0b17ee33962cf69c36224925b34f
      https://github.com/openssl/openssl/commit/8d847a3ffd4f0b17ee33962cf69c36224925b34f
  Author: Rohan McLure <rmclure at linux.ibm.com>
  Date:   2024-01-09 (Tue, 09 Jan 2024)

  Changed paths:
    M crypto/poly1305/asm/poly1305-ppc.pl

  Log Message:
  -----------
  poly1305-ppc.pl: Fix vector register clobbering

Fixes CVE-2023-6129

The POLY1305 MAC (message authentication code) implementation in OpenSSL for
PowerPC CPUs saves the the contents of vector registers in different order
than they are restored. Thus the contents of some of these vector registers
is corrupted when returning to the caller. The vulnerable code is used only
on newer PowerPC processors supporting the PowerISA 2.07 instructions.

Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23200)


  Commit: 858c7bc210a406cc7f891ac2aed78692d2e02937
      https://github.com/openssl/openssl/commit/858c7bc210a406cc7f891ac2aed78692d2e02937
  Author: Tomas Mraz <tomas at openssl.org>
  Date:   2024-01-09 (Tue, 09 Jan 2024)

  Changed paths:
    M CHANGES.md
    M NEWS.md

  Log Message:
  -----------
  Add CHANGES.md and NEWS.md entries for CVE-2023-6129

Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23200)


Compare: https://github.com/openssl/openssl/compare/f3be53668665...858c7bc210a4

More information about the openssl-commits mailing list