diff options
author | Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> | 2019-11-28 23:10:51 +0100 |
---|---|---|
committer | Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> | 2020-02-26 21:04:38 +0100 |
commit | 5f8e6c50bd862d6bb0bbd16b4c0b3be841d9cf32 (patch) | |
tree | 41e6e7047573f760fcdf195560ccf57d672aea7f /NEWS.md | |
parent | 2e07506a12e126894cd820304465162bc0e732b4 (diff) |
doc: introduce some minimalistic markdown without essential changes
The goal is to transform the standard documents
README, INSTALL, SUPPORT, CONTRIBUTING, ...
from a pure text format into markdown format, but in such a way
that the documentation remains nicely formatted an easy readable
when viewed with an normal text editor.
To achieve this goal, we use a special form of 'minimalistic' markdown
which interferes as little as possible with the reading flow.
* avoid [ATX headings][] and use [setext headings][] instead
(works for `<h1>` and `<h2>` headings only).
* avoid [inline links][] and use [reference links][] instead.
* avoid [fenced code blocks][], use [indented-code-blocks][] instead.
The transformation will take place in several steps. This commit
introduces mostly changes the formatting and does not chang the
content significantly.
[ATX headings]: https://github.github.com/gfm/#atx-headings
[setext headings]: https://github.github.com/gfm/#setext-headings
[inline links]: https://github.github.com/gfm/#inline-link
[reference links]: https://github.github.com/gfm/#reference-link
[fenced code blocks]: https://github.github.com/gfm/#fenced-code-blocks
[indented code blocks]: https://github.github.com/gfm/#indented-code-blocks
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10545)
Diffstat (limited to 'NEWS.md')
-rw-r--r-- | NEWS.md | 1984 |
1 files changed, 1030 insertions, 954 deletions
@@ -1,960 +1,1036 @@ - NEWS - ==== - - This file gives a brief overview of the major changes between each OpenSSL - release. For more details please read the CHANGES file. - - Major changes between OpenSSL 1.1.1 and OpenSSL 3.0.0 [under development] - - o The algorithm specific public key command line applications have - been deprecated. These include dhparam, gendsa and others. The pkey - alternatives should be used intead: pkey, pkeyparam and genpkey. - o X509 certificates signed using SHA1 are no longer allowed at security - level 1 or higher. The default security level for TLS is 1, so - certificates signed using SHA1 are by default no longer trusted to - authenticate servers or clients. - o enable-crypto-mdebug and enable-crypto-mdebug-backtrace were mostly - disabled; the project uses address sanitize/leak-detect instead. - o Added OSSL_SERIALIZER, a generic serializer API. - o Added error raising macros, ERR_raise() and ERR_raise_data(). - o Deprecated ERR_put_error(). - o Added OSSL_PROVIDER_available(), to check provider availibility. - o Added 'openssl mac' that uses the EVP_MAC API. - o Added 'openssl kdf' that uses the EVP_KDF API. - o Add OPENSSL_info() and 'openssl info' to get built-in data. - o Add support for enabling instrumentation through trace and debug - output. - o Changed our version number scheme and set the next major release to - 3.0.0 - o Added EVP_MAC, an EVP layer MAC API, and a generic EVP_PKEY to EVP_MAC - bridge. - o Removed the heartbeat message in DTLS feature. - o Added EVP_KDF, an EVP layer KDF API, and a generic EVP_PKEY to EVP_KDF - bridge. - o All of the low level MD2, MD4, MD5, MDC2, RIPEMD160, SHA1, SHA224, - SHA256, SHA384, SHA512 and Whirlpool digest functions have been - deprecated. - o All of the low level AES, Blowfish, Camellia, CAST, DES, IDEA, RC2, - RC4, RC5 and SEED cipher functions have been deprecated. - o All of the low level DH, DSA, ECDH, ECDSA and RSA public key functions - have been deprecated. - - Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.1a [20 Nov 2018] - - o Timing vulnerability in DSA signature generation (CVE-2018-0734) - o Timing vulnerability in ECDSA signature generation (CVE-2018-0735) - - Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [11 Sep 2018] - - o Support for TLSv1.3 added (see https://wiki.openssl.org/index.php/TLS1.3 - for further important information). The TLSv1.3 implementation includes: - o Fully compliant implementation of RFC8446 (TLSv1.3) on by default - o Early data (0-RTT) - o Post-handshake authentication and key update - o Middlebox Compatibility Mode - o TLSv1.3 PSKs - o Support for all five RFC8446 ciphersuites - o RSA-PSS signature algorithms (backported to TLSv1.2) - o Configurable session ticket support - o Stateless server support - o Rewrite of the packet construction code for "safer" packet handling - o Rewrite of the extension handling code - o Complete rewrite of the OpenSSL random number generator to introduce the - following capabilities - o The default RAND method now utilizes an AES-CTR DRBG according to - NIST standard SP 800-90Ar1. - o Support for multiple DRBG instances with seed chaining. - o There is a public and private DRBG instance. - o The DRBG instances are fork-safe. - o Keep all global DRBG instances on the secure heap if it is enabled. - o The public and private DRBG instance are per thread for lock free - operation - o Support for various new cryptographic algorithms including: - o SHA3 - o SHA512/224 and SHA512/256 - o EdDSA (both Ed25519 and Ed448) including X509 and TLS support - o X448 (adding to the existing X25519 support in 1.1.0) - o Multi-prime RSA - o SM2 - o SM3 - o SM4 - o SipHash - o ARIA (including TLS support) - o Significant Side-Channel attack security improvements - o Add a new ClientHello callback to provide the ability to adjust the SSL - object at an early stage. - o Add 'Maximum Fragment Length' TLS extension negotiation and support - o A new STORE module, which implements a uniform and URI based reader of - stores that can contain keys, certificates, CRLs and numerous other - objects. - o Move the display of configuration data to configdata.pm. - o Allow GNU style "make variables" to be used with Configure. - o Claim the namespaces OSSL and OPENSSL, represented as symbol prefixes - o Rewrite of devcrypto engine - - Major changes between OpenSSL 1.1.0h and OpenSSL 1.1.0i [under development] - - o Client DoS due to large DH parameter (CVE-2018-0732) - o Cache timing vulnerability in RSA Key Generation (CVE-2018-0737) - - Major changes between OpenSSL 1.1.0g and OpenSSL 1.1.0h [under development] - - o Constructed ASN.1 types with a recursive definition could exceed the - stack (CVE-2018-0739) - o Incorrect CRYPTO_memcmp on HP-UX PA-RISC (CVE-2018-0733) - o rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738) - - Major changes between OpenSSL 1.1.0f and OpenSSL 1.1.0g [2 Nov 2017] - - o bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) - o Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735) - - Major changes between OpenSSL 1.1.0e and OpenSSL 1.1.0f [25 May 2017] - - o config now recognises 64-bit mingw and chooses mingw64 instead of mingw - - Major changes between OpenSSL 1.1.0d and OpenSSL 1.1.0e [16 Feb 2017] - - o Encrypt-Then-Mac renegotiation crash (CVE-2017-3733) - - Major changes between OpenSSL 1.1.0c and OpenSSL 1.1.0d [26 Jan 2017] - - o Truncated packet could crash via OOB read (CVE-2017-3731) - o Bad (EC)DHE parameters cause a client crash (CVE-2017-3730) - o BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732) - - Major changes between OpenSSL 1.1.0b and OpenSSL 1.1.0c [10 Nov 2016] - - o ChaCha20/Poly1305 heap-buffer-overflow (CVE-2016-7054) - o CMS Null dereference (CVE-2016-7053) - o Montgomery multiplication may produce incorrect results (CVE-2016-7055) - - Major changes between OpenSSL 1.1.0a and OpenSSL 1.1.0b [26 Sep 2016] - - o Fix Use After Free for large message sizes (CVE-2016-6309) - - Major changes between OpenSSL 1.1.0 and OpenSSL 1.1.0a [22 Sep 2016] - - o OCSP Status Request extension unbounded memory growth (CVE-2016-6304) - o SSL_peek() hang on empty record (CVE-2016-6305) - o Excessive allocation of memory in tls_get_message_header() - (CVE-2016-6307) - o Excessive allocation of memory in dtls1_preprocess_fragment() - (CVE-2016-6308) - - Major changes between OpenSSL 1.0.2h and OpenSSL 1.1.0 [25 Aug 2016] - - o Copyright text was shrunk to a boilerplate that points to the license - o "shared" builds are now the default when possible - o Added support for "pipelining" - o Added the AFALG engine - o New threading API implemented - o Support for ChaCha20 and Poly1305 added to libcrypto and libssl - o Support for extended master secret - o CCM ciphersuites - o Reworked test suite, now based on perl, Test::Harness and Test::More - o *Most* libcrypto and libssl public structures were made opaque, - including: - BIGNUM and associated types, EC_KEY and EC_KEY_METHOD, - DH and DH_METHOD, DSA and DSA_METHOD, RSA and RSA_METHOD, - BIO and BIO_METHOD, EVP_MD_CTX, EVP_MD, EVP_CIPHER_CTX, - EVP_CIPHER, EVP_PKEY and associated types, HMAC_CTX, - X509, X509_CRL, X509_OBJECT, X509_STORE_CTX, X509_STORE, - X509_LOOKUP, X509_LOOKUP_METHOD - o libssl internal structures made opaque - o SSLv2 support removed - o Kerberos ciphersuite support removed - o RC4 removed from DEFAULT ciphersuites in libssl - o 40 and 56 bit cipher support removed from libssl - o All public header files moved to include/openssl, no more symlinking - o SSL/TLS state machine, version negotiation and record layer rewritten - o EC revision: now operations use new EC_KEY_METHOD. - o Support for OCB mode added to libcrypto - o Support for asynchronous crypto operations added to libcrypto and libssl - o Deprecated interfaces can now be disabled at build time either - relative to the latest release via the "no-deprecated" Configure - argument, or via the "--api=1.1.0|1.0.0|0.9.8" option. - o Application software can be compiled with -DOPENSSL_API_COMPAT=version - to ensure that features deprecated in that version are not exposed. - o Support for RFC6698/RFC7671 DANE TLSA peer authentication - o Change of Configure to use --prefix as the main installation - directory location rather than --openssldir. The latter becomes - the directory for certs, private key and openssl.cnf exclusively. - o Reworked BIO networking library, with full support for IPv6. - o New "unified" build system - o New security levels - o Support for scrypt algorithm - o Support for X25519 - o Extended SSL_CONF support using configuration files - o KDF algorithm support. Implement TLS PRF as a KDF. - o Support for Certificate Transparency - o HKDF support. - - Major changes between OpenSSL 1.0.2g and OpenSSL 1.0.2h [3 May 2016] - - o Prevent padding oracle in AES-NI CBC MAC check (CVE-2016-2107) - o Fix EVP_EncodeUpdate overflow (CVE-2016-2105) - o Fix EVP_EncryptUpdate overflow (CVE-2016-2106) - o Prevent ASN.1 BIO excessive memory allocation (CVE-2016-2109) - o EBCDIC overread (CVE-2016-2176) - o Modify behavior of ALPN to invoke callback after SNI/servername - callback, such that updates to the SSL_CTX affect ALPN. - o Remove LOW from the DEFAULT cipher list. This removes singles DES from - the default. - o Only remove the SSLv2 methods with the no-ssl2-method option. - - Major changes between OpenSSL 1.0.2f and OpenSSL 1.0.2g [1 Mar 2016] - - o Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. - o Disable SSLv2 default build, default negotiation and weak ciphers - (CVE-2016-0800) - o Fix a double-free in DSA code (CVE-2016-0705) - o Disable SRP fake user seed to address a server memory leak - (CVE-2016-0798) - o Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption - (CVE-2016-0797) - o Fix memory issues in BIO_*printf functions (CVE-2016-0799) - o Fix side channel attack on modular exponentiation (CVE-2016-0702) - - Major changes between OpenSSL 1.0.2e and OpenSSL 1.0.2f [28 Jan 2016] - - o DH small subgroups (CVE-2016-0701) - o SSLv2 doesn't block disabled ciphers (CVE-2015-3197) - - Major changes between OpenSSL 1.0.2d and OpenSSL 1.0.2e [3 Dec 2015] - - o BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193) - o Certificate verify crash with missing PSS parameter (CVE-2015-3194) - o X509_ATTRIBUTE memory leak (CVE-2015-3195) - o Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs - o In DSA_generate_parameters_ex, if the provided seed is too short, - return an error - - Major changes between OpenSSL 1.0.2c and OpenSSL 1.0.2d [9 Jul 2015] - - o Alternate chains certificate forgery (CVE-2015-1793) - o Race condition handling PSK identify hint (CVE-2015-3196) - - Major changes between OpenSSL 1.0.2b and OpenSSL 1.0.2c [12 Jun 2015] - - o Fix HMAC ABI incompatibility - - Major changes between OpenSSL 1.0.2a and OpenSSL 1.0.2b [11 Jun 2015] - - o Malformed ECParameters causes infinite loop (CVE-2015-1788) - o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789) - o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790) - o CMS verify infinite loop with unknown hash function (CVE-2015-1792) - o Race condition handling NewSessionTicket (CVE-2015-1791) - - Major changes between OpenSSL 1.0.2 and OpenSSL 1.0.2a [19 Mar 2015] - - o OpenSSL 1.0.2 ClientHello sigalgs DoS fix (CVE-2015-0291) - o Multiblock corrupted pointer fix (CVE-2015-0290) - o Segmentation fault in DTLSv1_listen fix (CVE-2015-0207) - o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286) - o Segmentation fault for invalid PSS parameters fix (CVE-2015-0208) - o ASN.1 structure reuse memory corruption fix (CVE-2015-0287) - o PKCS7 NULL pointer dereferences fix (CVE-2015-0289) - o DoS via reachable assert in SSLv2 servers fix (CVE-2015-0293) - o Empty CKE with client auth and DHE fix (CVE-2015-1787) - o Handshake with unseeded PRNG fix (CVE-2015-0285) - o Use After Free following d2i_ECPrivatekey error fix (CVE-2015-0209) - o X509_to_X509_REQ NULL pointer deref fix (CVE-2015-0288) - o Removed the export ciphers from the DEFAULT ciphers - - Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.2 [22 Jan 2015]: - - o Suite B support for TLS 1.2 and DTLS 1.2 - o Support for DTLS 1.2 - o TLS automatic EC curve selection. - o API to set TLS supported signature algorithms and curves - o SSL_CONF configuration API. - o TLS Brainpool support. - o ALPN support. - o CMS support for RSA-PSS, RSA-OAEP, ECDH and X9.42 DH. - - Major changes between OpenSSL 1.0.1k and OpenSSL 1.0.1l [15 Jan 2015] - - o Build fixes for the Windows and OpenVMS platforms - - Major changes between OpenSSL 1.0.1j and OpenSSL 1.0.1k [8 Jan 2015] - - o Fix for CVE-2014-3571 - o Fix for CVE-2015-0206 - o Fix for CVE-2014-3569 - o Fix for CVE-2014-3572 - o Fix for CVE-2015-0204 - o Fix for CVE-2015-0205 - o Fix for CVE-2014-8275 - o Fix for CVE-2014-3570 +NEWS +==== + +This file gives a brief overview of the major changes between each OpenSSL +release. For more details please read the CHANGES file. + +Major changes between OpenSSL 1.1.1 and OpenSSL 3.0.0 [under development] +---------------------------------------------------------------------- + + * enable-crypto-mdebug and enable-crypto-mdebug-backtrace were mostly + disabled; the project uses address sanitize/leak-detect instead. + * Added OSSL_SERIALIZER, a generic serializer API. + * Added error raising macros, ERR_raise() and ERR_raise_data(). + * Deprecated ERR_put_error(). + * Added OSSL_PROVIDER_available(), to check provider availibility. + * Added 'openssl mac' that uses the EVP_MAC API. + * Added 'openssl kdf' that uses the EVP_KDF API. + * Add OPENSSL_info() and 'openssl info' to get built-in data. + * Add support for enabling instrumentation through trace and debug + output. + * Changed our version number scheme and set the next major release to + 3.0.0 + * Added EVP_MAC, an EVP layer MAC API, and a generic EVP_PKEY to EVP_MAC + bridge. + * Removed the heartbeat message in DTLS feature. + * Added EVP_KDF, an EVP layer KDF API, and a generic EVP_PKEY to EVP_KDF + bridge. + +Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.1a [20 Nov 2018] +---------------------------------------------------------------------- + + * Timing vulnerability in DSA signature generation (CVE-2018-0734) + * Timing vulnerability in ECDSA signature generation (CVE-2018-0735) + +Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [11 Sep 2018] +---------------------------------------------------------------------- + + * Support for TLSv1.3 added (see https://wiki.openssl.org/index.php/TLS1.3 + for further important information). The TLSv1.3 implementation includes: + * Fully compliant implementation of RFC8446 (TLSv1.3) on by default + * Early data (0-RTT) + * Post-handshake authentication and key update + * Middlebox Compatibility Mode + * TLSv1.3 PSKs + * Support for all five RFC8446 ciphersuites + * RSA-PSS signature algorithms (backported to TLSv1.2) + * Configurable session ticket support + * Stateless server support + * Rewrite of the packet construction code for "safer" packet handling + * Rewrite of the extension handling code + * Complete rewrite of the OpenSSL random number generator to introduce the + following capabilities + * The default RAND method now utilizes an AES-CTR DRBG according to + NIST standard SP 800-90Ar1. + * Support for multiple DRBG instances with seed chaining. + * There is a public and private DRBG instance. + * The DRBG instances are fork-safe. + * Keep all global DRBG instances on the secure heap if it is enabled. + * The public and private DRBG instance are per thread for lock free + operation + * Support for various new cryptographic algorithms including: + * SHA3 + * SHA512/224 and SHA512/256 + * EdDSA (both Ed25519 and Ed448) including X509 and TLS support + * X448 (adding to the existing X25519 support in 1.1.0) + * Multi-prime RSA + * SM2 + * SM3 + * SM4 + * SipHash + * ARIA (including TLS support) + * Significant Side-Channel attack security improvements + * Add a new ClientHello callback to provide the ability to adjust the SSL + object at an early stage. + * Add 'Maximum Fragment Length' TLS extension negotiation and support + * A new STORE module, which implements a uniform and URI based reader of + stores that can contain keys, certificates, CRLs and numerous other + objects. + * Move the display of configuration data to configdata.pm. + * Allow GNU style "make variables" to be used with Configure. + * Claim the namespaces OSSL and OPENSSL, represented as symbol prefixes + * Rewrite of devcrypto engine + +Major changes between OpenSSL 1.1.0h and OpenSSL 1.1.0i [under development] +---------------------------------------------------------------------- + + * Client DoS due to large DH parameter (CVE-2018-0732) + * Cache timing vulnerability in RSA Key Generation (CVE-2018-0737) + +Major changes between OpenSSL 1.1.0g and OpenSSL 1.1.0h [under development] +---------------------------------------------------------------------- + + * Constructed ASN.1 types with a recursive definition could exceed the + stack (CVE-2018-0739) + * Incorrect CRYPTO_memcmp on HP-UX PA-RISC (CVE-2018-0733) + * rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738) + +Major changes between OpenSSL 1.1.0f and OpenSSL 1.1.0g [2 Nov 2017] +---------------------------------------------------------------------- + + * bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) + * Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735) + +Major changes between OpenSSL 1.1.0e and OpenSSL 1.1.0f [25 May 2017] +---------------------------------------------------------------------- + + * config now recognises 64-bit mingw and chooses mingw64 instead of mingw + +Major changes between OpenSSL 1.1.0d and OpenSSL 1.1.0e [16 Feb 2017] +---------------------------------------------------------------------- + + * Encrypt-Then-Mac renegotiation crash (CVE-2017-3733) + +Major changes between OpenSSL 1.1.0c and OpenSSL 1.1.0d [26 Jan 2017] +---------------------------------------------------------------------- + + * Truncated packet could crash via OOB read (CVE-2017-3731) + * Bad (EC)DHE parameters cause a client crash (CVE-2017-3730) + * BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732) + +Major changes between OpenSSL 1.1.0b and OpenSSL 1.1.0c [10 Nov 2016] +---------------------------------------------------------------------- + + * ChaCha20/Poly1305 heap-buffer-overflow (CVE-2016-7054) + * CMS Null dereference (CVE-2016-7053) + * Montgomery multiplication may produce incorrect results (CVE-2016-7055) + +Major changes between OpenSSL 1.1.0a and OpenSSL 1.1.0b [26 Sep 2016] +---------------------------------------------------------------------- + + * Fix Use After Free for large message sizes (CVE-2016-6309) + +Major changes between OpenSSL 1.1.0 and OpenSSL 1.1.0a [22 Sep 2016] +---------------------------------------------------------------------- + + * OCSP Status Request extension unbounded memory growth (CVE-2016-6304) + * SSL_peek() hang on empty record (CVE-2016-6305) + * Excessive allocation of memory in tls_get_message_header() + (CVE-2016-6307) + * Excessive allocation of memory in dtls1_preprocess_fragment() + (CVE-2016-6308) + +Major changes between OpenSSL 1.0.2h and OpenSSL 1.1.0 [25 Aug 2016] +---------------------------------------------------------------------- + + * Copyright text was shrunk to a boilerplate that points to the license + * "shared" builds are now the default when possible + * Added support for "pipelining" + * Added the AFALG engine + * New threading API implemented + * Support for ChaCha20 and Poly1305 added to libcrypto and libssl + * Support for extended master secret + * CCM ciphersuites + * Reworked test suite, now based on perl, Test::Harness and Test::More + * *Most* libcrypto and libssl public structures were made opaque, + including: + BIGNUM and associated types, EC_KEY and EC_KEY_METHOD, + DH and DH_METHOD, DSA and DSA_METHOD, RSA and RSA_METHOD, + BIO and BIO_METHOD, EVP_MD_CTX, EVP_MD, EVP_CIPHER_CTX, + EVP_CIPHER, EVP_PKEY and associated types, HMAC_CTX, + X509, X509_CRL, X509_OBJECT, X509_STORE_CTX, X509_STORE, + X509_LOOKUP, X509_LOOKUP_METHOD + * libssl internal structures made opaque + * SSLv2 support removed + * Kerberos ciphersuite support removed + * RC4 removed from DEFAULT ciphersuites in libssl + * 40 and 56 bit cipher support removed from libssl + * All public header files moved to include/openssl, no more symlinking + * SSL/TLS state machine, version negotiation and record layer rewritten + * EC revision: now operations use new EC_KEY_METHOD. + * Support for OCB mode added to libcrypto + * Support for asynchronous crypto operations added to libcrypto and libssl + * Deprecated interfaces can now be disabled at build time either + relative to the latest release via the "no-deprecated" Configure + argument, or via the "--api=1.1.0|1.0.0|0.9.8" option. + * Application software can be compiled with -DOPENSSL_API_COMPAT=version + to ensure that features deprecated in that version are not exposed. + * Support for RFC6698/RFC7671 DANE TLSA peer authentication + * Change of Configure to use --prefix as the main installation + directory location rather than --openssldir. The latter becomes + the directory for certs, private key and openssl.cnf exclusively. + * Reworked BIO networking library, with full support for IPv6. + * New "unified" build system + * New security levels + * Support for scrypt algorithm + * Support for X25519 + * Extended SSL_CONF support using configuration files + * KDF algorithm support. Implement TLS PRF as a KDF. + * Support for Certificate Transparency + * HKDF support. + +Major changes between OpenSSL 1.0.2g and OpenSSL 1.0.2h [3 May 2016] +---------------------------------------------------------------------- + + * Prevent padding oracle in AES-NI CBC MAC check (CVE-2016-2107) + * Fix EVP_EncodeUpdate overflow (CVE-2016-2105) + * Fix EVP_EncryptUpdate overflow (CVE-2016-2106) + * Prevent ASN.1 BIO excessive memory allocation (CVE-2016-2109) + * EBCDIC overread (CVE-2016-2176) + * Modify behavior of ALPN to invoke callback after SNI/servername + callback, such that updates to the SSL_CTX affect ALPN. + * Remove LOW from the DEFAULT cipher list. This removes singles DES from + the default. + * Only remove the SSLv2 methods with the no-ssl2-method option. + +Major changes between OpenSSL 1.0.2f and OpenSSL 1.0.2g [1 Mar 2016] +---------------------------------------------------------------------- + + * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. + * Disable SSLv2 default build, default negotiation and weak ciphers + (CVE-2016-0800) + * Fix a double-free in DSA code (CVE-2016-0705) + * Disable SRP fake user seed to address a server memory leak + (CVE-2016-0798) + * Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption + (CVE-2016-0797) + * Fix memory issues in BIO_*printf functions (CVE-2016-0799) + * Fix side channel attack on modular exponentiation (CVE-2016-0702) + +Major changes between OpenSSL 1.0.2e and OpenSSL 1.0.2f [28 Jan 2016] +---------------------------------------------------------------------- + + * DH small subgroups (CVE-2016-0701) + * SSLv2 doesn't block disabled ciphers (CVE-2015-3197) + +Major changes between OpenSSL 1.0.2d and OpenSSL 1.0.2e [3 Dec 2015] +---------------------------------------------------------------------- + + * BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193) + * Certificate verify crash with missing PSS parameter (CVE-2015-3194) + * X509_ATTRIBUTE memory leak (CVE-2015-3195) + * Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs + * In DSA_generate_parameters_ex, if the provided seed is too short, + return an error + +Major changes between OpenSSL 1.0.2c and OpenSSL 1.0.2d [9 Jul 2015] +---------------------------------------------------------------------- + + * Alternate chains certificate forgery (CVE-2015-1793) + * Race condition handling PSK identify hint (CVE-2015-3196) + +Major changes between OpenSSL 1.0.2b and OpenSSL 1.0.2c [12 Jun 2015] +---------------------------------------------------------------------- + + * Fix HMAC ABI incompatibility + +Major changes between OpenSSL 1.0.2a and OpenSSL 1.0.2b [11 Jun 2015] +---------------------------------------------------------------------- + + * Malformed ECParameters causes infinite loop (CVE-2015-1788) + * Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789) + * PKCS7 crash with missing EnvelopedContent (CVE-2015-1790) + * CMS verify infinite loop with unknown hash function (CVE-2015-1792) + * Race condition handling NewSessionTicket (CVE-2015-1791) + +Major changes between OpenSSL 1.0.2 and OpenSSL 1.0.2a [19 Mar 2015] +---------------------------------------------------------------------- + + * OpenSSL 1.0.2 ClientHello sigalgs DoS fix (CVE-2015-0291) + * Multiblock corrupted pointer fix (CVE-2015-0290) + * Segmentation fault in DTLSv1_listen fix (CVE-2015-0207) + * Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286) + * Segmentation fault for invalid PSS parameters fix (CVE-2015-0208) + * ASN.1 structure reuse memory corruption fix (CVE-2015-0287) + * PKCS7 NULL pointer dereferences fix (CVE-2015-0289) + * DoS via reachable assert in SSLv2 servers fix (CVE-2015-0293) + * Empty CKE with client auth and DHE fix (CVE-2015-1787) + * Handshake with unseeded PRNG fix (CVE-2015-0285) + * Use After Free following d2i_ECPrivatekey error fix (CVE-2015-0209) + * X509_to_X509_REQ NULL pointer deref fix (CVE-2015-0288) + * Removed the export ciphers from the DEFAULT ciphers + +Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.2 [22 Jan 2015]: +---------------------------------------------------------------------- + + * Suite B support for TLS 1.2 and DTLS 1.2 + * Support for DTLS 1.2 + * TLS automatic EC curve selection. + * API to set TLS supported signature algorithms and curves + * SSL_CONF configuration API. + * TLS Brainpool support. + * ALPN support. + * CMS support for RSA-PSS, RSA-OAEP, ECDH and X9.42 DH. + +Major changes between OpenSSL 1.0.1k and OpenSSL 1.0.1l [15 Jan 2015] +---------------------------------------------------------------------- + + * Build fixes for the Windows and OpenVMS platforms + +Major changes between OpenSSL 1.0.1j and OpenSSL 1.0.1k [8 Jan 2015] +---------------------------------------------------------------------- + + * Fix for CVE-2014-3571 + * Fix for CVE-2015-0206 + * Fix for CVE-2014-3569 + * Fix for CVE-2014-3572 + * Fix for CVE-2015-0204 + * Fix for CVE-2015-0205 + * Fix for CVE-2014-8275 + * Fix for CVE-2014-3570 + +Major changes between OpenSSL 1.0.1i and OpenSSL 1.0.1j [15 Oct 2014] +---------------------------------------------------------------------- + + * Fix for CVE-2014-3513 + * Fix for CVE-2014-3567 + * Mitigation for CVE-2014-3566 (SSL protocol vulnerability) + * Fix for CVE-2014-3568 + +Major changes between OpenSSL 1.0.1h and OpenSSL 1.0.1i [6 Aug 2014] +---------------------------------------------------------------------- + + * Fix for CVE-2014-3512 + * Fix for CVE-2014-3511 + * Fix for CVE-2014-3510 + * Fix for CVE-2014-3507 + * Fix for CVE-2014-3506 + * Fix for CVE-2014-3505 + * Fix for CVE-2014-3509 + * Fix for CVE-2014-5139 + * Fix for CVE-2014-3508 + +Major changes between OpenSSL 1.0.1g and OpenSSL 1.0.1h [5 Jun 2014] +---------------------------------------------------------------------- + + * Fix for CVE-2014-0224 + * Fix for CVE-2014-0221 + * Fix for CVE-2014-0198 + * Fix for CVE-2014-0195 + * Fix for CVE-2014-3470 + * Fix for CVE-2010-5298 + +Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014] +---------------------------------------------------------------------- + + * Fix for CVE-2014-0160 + * Add TLS padding extension workaround for broken servers. + * Fix for CVE-2014-0076 + +Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014] +---------------------------------------------------------------------- + + * Don't include gmt_unix_time in TLS server and client random values + * Fix for TLS record tampering bug CVE-2013-4353 + * Fix for TLS version checking bug CVE-2013-6449 + * Fix for DTLS retransmission bug CVE-2013-6450 + +Major changes between OpenSSL 1.0.1d and OpenSSL 1.0.1e [11 Feb 2013]: +---------------------------------------------------------------------- + + * Corrected fix for CVE-2013-0169 + +Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d [4 Feb 2013]: +---------------------------------------------------------------------- + + * Fix renegotiation in TLS 1.1, 1.2 by using the correct TLS version. + * Include the fips configuration module. + * Fix OCSP bad key DoS attack CVE-2013-0166 + * Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169 + * Fix for TLS AESNI record handling flaw CVE-2012-2686 + +Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c [10 May 2012]: +---------------------------------------------------------------------- + + * Fix TLS/DTLS record length checking bug CVE-2012-2333 + * Don't attempt to use non-FIPS composite ciphers in FIPS mode. + +Major changes between OpenSSL 1.0.1a and OpenSSL 1.0.1b [26 Apr 2012]: +---------------------------------------------------------------------- + + * Fix compilation error on non-x86 platforms. + * Make FIPS capable OpenSSL ciphers work in non-FIPS mode. + * Fix SSL_OP_NO_TLSv1_1 clash with SSL_OP_ALL in OpenSSL 1.0.0 + +Major changes between OpenSSL 1.0.1 and OpenSSL 1.0.1a [19 Apr 2012]: +---------------------------------------------------------------------- + + * Fix for ASN1 overflow bug CVE-2012-2110 + * Workarounds for some servers that hang on long client hellos. + * Fix SEGV in AES code. + +Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1 [14 Mar 2012]: +---------------------------------------------------------------------- + + * TLS/DTLS heartbeat support. + * SCTP support. + * RFC 5705 TLS key material exporter. + * RFC 5764 DTLS-SRTP negotiation. + * Next Protocol Negotiation. + * PSS signatures in certificates, requests and CRLs. + * Support for password based recipient info for CMS. + * Support TLS v1.2 and TLS v1.1. + * Preliminary FIPS capability for unvalidated 2.0 FIPS module. + * SRP support. + +Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h [12 Mar 2012]: +---------------------------------------------------------------------- + + * Fix for CMS/PKCS#7 MMA CVE-2012-0884 + * Corrected fix for CVE-2011-4619 + * Various DTLS fixes. + +Major changes between OpenSSL 1.0.0f and OpenSSL 1.0.0g [18 Jan 2012]: +---------------------------------------------------------------------- + + * Fix for DTLS DoS issue CVE-2012-0050 + +Major changes between OpenSSL 1.0.0e and OpenSSL 1.0.0f [4 Jan 2012]: +---------------------------------------------------------------------- + + * Fix for DTLS plaintext recovery attack CVE-2011-4108 + * Clear block padding bytes of SSL 3.0 records CVE-2011-4576 + * Only allow one SGC handshake restart for SSL/TLS CVE-2011-4619 + * Check parameters are not NULL in GOST ENGINE CVE-2012-0027 + * Check for malformed RFC3779 data CVE-2011-4577 + +Major changes between OpenSSL 1.0.0d and OpenSSL 1.0.0e [6 Sep 2011]: +---------------------------------------------------------------------- + + * Fix for CRL vulnerability issue CVE-2011-3207 + * Fix for ECDH crashes CVE-2011-3210 + * Protection against EC timing attacks. + * Support ECDH ciphersuites for certificates using SHA2 algorithms. + * Various DTLS fixes. + +Major changes between OpenSSL 1.0.0c and OpenSSL 1.0.0d [8 Feb 2011]: +---------------------------------------------------------------------- + + * Fix for security issue CVE-2011-0014 - Major changes between OpenSSL 1.0.1i and OpenSSL 1.0.1j [15 Oct 2014] - - o Fix for CVE-2014-3513 - o Fix for CVE-2014-3567 - o Mitigation for CVE-2014-3566 (SSL protocol vulnerability) - o Fix for CVE-2014-3568 - - Major changes between OpenSSL 1.0.1h and OpenSSL 1.0.1i [6 Aug 2014] - - o Fix for CVE-2014-3512 - o Fix for CVE-2014-3511 - o Fix for CVE-2014-3510 - o Fix for CVE-2014-3507 - o Fix for CVE-2014-3506 - o Fix for CVE-2014-3505 - o Fix for CVE-2014-3509 - o Fix for CVE-2014-5139 - o Fix for CVE-2014-3508 - - Major changes between OpenSSL 1.0.1g and OpenSSL 1.0.1h [5 Jun 2014] - - o Fix for CVE-2014-0224 - o Fix for CVE-2014-0221 - o Fix for CVE-2014-0198 - o Fix for CVE-2014-0195 - o Fix for CVE-2014-3470 - o Fix for CVE-2010-5298 - - Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014] - - o Fix for CVE-2014-0160 - o Add TLS padding extension workaround for broken servers. - o Fix for CVE-2014-0076 - - Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014] - - o Don't include gmt_unix_time in TLS server and client random values - o Fix for TLS record tampering bug CVE-2013-4353 - o Fix for TLS version checking bug CVE-2013-6449 - o Fix for DTLS retransmission bug CVE-2013-6450 - - Major changes between OpenSSL 1.0.1d and OpenSSL 1.0.1e [11 Feb 2013]: - - o Corrected fix for CVE-2013-0169 - - Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d [4 Feb 2013]: - - o Fix renegotiation in TLS 1.1, 1.2 by using the correct TLS version. - o Include the fips configuration module. - o Fix OCSP bad key DoS attack CVE-2013-0166 - o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169 - o Fix for TLS AESNI record handling flaw CVE-2012-2686 - - Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c [10 May 2012]: - - o Fix TLS/DTLS record length checking bug CVE-2012-2333 - o Don't attempt to use non-FIPS composite ciphers in FIPS mode. - - Major changes between OpenSSL 1.0.1a and OpenSSL 1.0.1b [26 Apr 2012]: - - o Fix compilation error on non-x86 platforms. - o Make FIPS capable OpenSSL ciphers work in non-FIPS mode. - o Fix SSL_OP_NO_TLSv1_1 clash with SSL_OP_ALL in OpenSSL 1.0.0 - - Major changes between OpenSSL 1.0.1 and OpenSSL 1.0.1a [19 Apr 2012]: - - o Fix for ASN1 overflow bug CVE-2012-2110 - o Workarounds for some servers that hang on long client hellos. - o Fix SEGV in AES code. - - Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1 [14 Mar 2012]: - - o TLS/DTLS heartbeat support. - o SCTP support. - o RFC 5705 TLS key material exporter. - o RFC 5764 DTLS-SRTP negotiation. - o Next Protocol Negotiation. - o PSS signatures in certificates, requests and CRLs. - o Support for password based recipient info for CMS. - o Support TLS v1.2 and TLS v1.1. - o Preliminary FIPS capability for unvalidated 2.0 FIPS module. - o SRP support. - - Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h [12 Mar 2012]: - - o Fix for CMS/PKCS#7 MMA CVE-2012-0884 - o Corrected fix for CVE-2011-4619 - o Various DTLS fixes. - - Major changes between OpenSSL 1.0.0f and OpenSSL 1.0.0g [18 Jan 2012]: - - o Fix for DTLS DoS issue CVE-2012-0050 - - Major changes between OpenSSL 1.0.0e and OpenSSL 1.0.0f [4 Jan 2012]: - - o Fix for DTLS plaintext recovery attack CVE-2011-4108 - o Clear block padding bytes of SSL 3.0 records CVE-2011-4576 - o Only allow one SGC handshake restart for SSL/TLS CVE-2011-4619 - o Check parameters are not NULL in GOST ENGINE CVE-2012-0027 - o Check for malformed RFC3779 data CVE-2011-4577 - - Major changes between OpenSSL 1.0.0d and OpenSSL 1.0.0e [6 Sep 2011]: |