summaryrefslogtreecommitdiffstats
path: root/NEWS.md
diff options
context:
space:
mode:
authorDr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>2019-11-28 23:10:51 +0100
committerDr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>2020-02-26 21:04:38 +0100
commit5f8e6c50bd862d6bb0bbd16b4c0b3be841d9cf32 (patch)
tree41e6e7047573f760fcdf195560ccf57d672aea7f /NEWS.md
parent2e07506a12e126894cd820304465162bc0e732b4 (diff)
doc: introduce some minimalistic markdown without essential changes
The goal is to transform the standard documents README, INSTALL, SUPPORT, CONTRIBUTING, ... from a pure text format into markdown format, but in such a way that the documentation remains nicely formatted an easy readable when viewed with an normal text editor. To achieve this goal, we use a special form of 'minimalistic' markdown which interferes as little as possible with the reading flow. * avoid [ATX headings][] and use [setext headings][] instead (works for `<h1>` and `<h2>` headings only). * avoid [inline links][] and use [reference links][] instead. * avoid [fenced code blocks][], use [indented-code-blocks][] instead. The transformation will take place in several steps. This commit introduces mostly changes the formatting and does not chang the content significantly. [ATX headings]: https://github.github.com/gfm/#atx-headings [setext headings]: https://github.github.com/gfm/#setext-headings [inline links]: https://github.github.com/gfm/#inline-link [reference links]: https://github.github.com/gfm/#reference-link [fenced code blocks]: https://github.github.com/gfm/#fenced-code-blocks [indented code blocks]: https://github.github.com/gfm/#indented-code-blocks Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10545)
Diffstat (limited to 'NEWS.md')
-rw-r--r--NEWS.md1984
1 files changed, 1030 insertions, 954 deletions
diff --git a/NEWS.md b/NEWS.md
index 098b73f915..89ed7a3e1e 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -1,960 +1,1036 @@
- NEWS
- ====
-
- This file gives a brief overview of the major changes between each OpenSSL
- release. For more details please read the CHANGES file.
-
- Major changes between OpenSSL 1.1.1 and OpenSSL 3.0.0 [under development]
-
- o The algorithm specific public key command line applications have
- been deprecated. These include dhparam, gendsa and others. The pkey
- alternatives should be used intead: pkey, pkeyparam and genpkey.
- o X509 certificates signed using SHA1 are no longer allowed at security
- level 1 or higher. The default security level for TLS is 1, so
- certificates signed using SHA1 are by default no longer trusted to
- authenticate servers or clients.
- o enable-crypto-mdebug and enable-crypto-mdebug-backtrace were mostly
- disabled; the project uses address sanitize/leak-detect instead.
- o Added OSSL_SERIALIZER, a generic serializer API.
- o Added error raising macros, ERR_raise() and ERR_raise_data().
- o Deprecated ERR_put_error().
- o Added OSSL_PROVIDER_available(), to check provider availibility.
- o Added 'openssl mac' that uses the EVP_MAC API.
- o Added 'openssl kdf' that uses the EVP_KDF API.
- o Add OPENSSL_info() and 'openssl info' to get built-in data.
- o Add support for enabling instrumentation through trace and debug
- output.
- o Changed our version number scheme and set the next major release to
- 3.0.0
- o Added EVP_MAC, an EVP layer MAC API, and a generic EVP_PKEY to EVP_MAC
- bridge.
- o Removed the heartbeat message in DTLS feature.
- o Added EVP_KDF, an EVP layer KDF API, and a generic EVP_PKEY to EVP_KDF
- bridge.
- o All of the low level MD2, MD4, MD5, MDC2, RIPEMD160, SHA1, SHA224,
- SHA256, SHA384, SHA512 and Whirlpool digest functions have been
- deprecated.
- o All of the low level AES, Blowfish, Camellia, CAST, DES, IDEA, RC2,
- RC4, RC5 and SEED cipher functions have been deprecated.
- o All of the low level DH, DSA, ECDH, ECDSA and RSA public key functions
- have been deprecated.
-
- Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.1a [20 Nov 2018]
-
- o Timing vulnerability in DSA signature generation (CVE-2018-0734)
- o Timing vulnerability in ECDSA signature generation (CVE-2018-0735)
-
- Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [11 Sep 2018]
-
- o Support for TLSv1.3 added (see https://wiki.openssl.org/index.php/TLS1.3
- for further important information). The TLSv1.3 implementation includes:
- o Fully compliant implementation of RFC8446 (TLSv1.3) on by default
- o Early data (0-RTT)
- o Post-handshake authentication and key update
- o Middlebox Compatibility Mode
- o TLSv1.3 PSKs
- o Support for all five RFC8446 ciphersuites
- o RSA-PSS signature algorithms (backported to TLSv1.2)
- o Configurable session ticket support
- o Stateless server support
- o Rewrite of the packet construction code for "safer" packet handling
- o Rewrite of the extension handling code
- o Complete rewrite of the OpenSSL random number generator to introduce the
- following capabilities
- o The default RAND method now utilizes an AES-CTR DRBG according to
- NIST standard SP 800-90Ar1.
- o Support for multiple DRBG instances with seed chaining.
- o There is a public and private DRBG instance.
- o The DRBG instances are fork-safe.
- o Keep all global DRBG instances on the secure heap if it is enabled.
- o The public and private DRBG instance are per thread for lock free
- operation
- o Support for various new cryptographic algorithms including:
- o SHA3
- o SHA512/224 and SHA512/256
- o EdDSA (both Ed25519 and Ed448) including X509 and TLS support
- o X448 (adding to the existing X25519 support in 1.1.0)
- o Multi-prime RSA
- o SM2
- o SM3
- o SM4
- o SipHash
- o ARIA (including TLS support)
- o Significant Side-Channel attack security improvements
- o Add a new ClientHello callback to provide the ability to adjust the SSL
- object at an early stage.
- o Add 'Maximum Fragment Length' TLS extension negotiation and support
- o A new STORE module, which implements a uniform and URI based reader of
- stores that can contain keys, certificates, CRLs and numerous other
- objects.
- o Move the display of configuration data to configdata.pm.
- o Allow GNU style "make variables" to be used with Configure.
- o Claim the namespaces OSSL and OPENSSL, represented as symbol prefixes
- o Rewrite of devcrypto engine
-
- Major changes between OpenSSL 1.1.0h and OpenSSL 1.1.0i [under development]
-
- o Client DoS due to large DH parameter (CVE-2018-0732)
- o Cache timing vulnerability in RSA Key Generation (CVE-2018-0737)
-
- Major changes between OpenSSL 1.1.0g and OpenSSL 1.1.0h [under development]
-
- o Constructed ASN.1 types with a recursive definition could exceed the
- stack (CVE-2018-0739)
- o Incorrect CRYPTO_memcmp on HP-UX PA-RISC (CVE-2018-0733)
- o rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)
-
- Major changes between OpenSSL 1.1.0f and OpenSSL 1.1.0g [2 Nov 2017]
-
- o bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
- o Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735)
-
- Major changes between OpenSSL 1.1.0e and OpenSSL 1.1.0f [25 May 2017]
-
- o config now recognises 64-bit mingw and chooses mingw64 instead of mingw
-
- Major changes between OpenSSL 1.1.0d and OpenSSL 1.1.0e [16 Feb 2017]
-
- o Encrypt-Then-Mac renegotiation crash (CVE-2017-3733)
-
- Major changes between OpenSSL 1.1.0c and OpenSSL 1.1.0d [26 Jan 2017]
-
- o Truncated packet could crash via OOB read (CVE-2017-3731)
- o Bad (EC)DHE parameters cause a client crash (CVE-2017-3730)
- o BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)
-
- Major changes between OpenSSL 1.1.0b and OpenSSL 1.1.0c [10 Nov 2016]
-
- o ChaCha20/Poly1305 heap-buffer-overflow (CVE-2016-7054)
- o CMS Null dereference (CVE-2016-7053)
- o Montgomery multiplication may produce incorrect results (CVE-2016-7055)
-
- Major changes between OpenSSL 1.1.0a and OpenSSL 1.1.0b [26 Sep 2016]
-
- o Fix Use After Free for large message sizes (CVE-2016-6309)
-
- Major changes between OpenSSL 1.1.0 and OpenSSL 1.1.0a [22 Sep 2016]
-
- o OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
- o SSL_peek() hang on empty record (CVE-2016-6305)
- o Excessive allocation of memory in tls_get_message_header()
- (CVE-2016-6307)
- o Excessive allocation of memory in dtls1_preprocess_fragment()
- (CVE-2016-6308)
-
- Major changes between OpenSSL 1.0.2h and OpenSSL 1.1.0 [25 Aug 2016]
-
- o Copyright text was shrunk to a boilerplate that points to the license
- o "shared" builds are now the default when possible
- o Added support for "pipelining"
- o Added the AFALG engine
- o New threading API implemented
- o Support for ChaCha20 and Poly1305 added to libcrypto and libssl
- o Support for extended master secret
- o CCM ciphersuites
- o Reworked test suite, now based on perl, Test::Harness and Test::More
- o *Most* libcrypto and libssl public structures were made opaque,
- including:
- BIGNUM and associated types, EC_KEY and EC_KEY_METHOD,
- DH and DH_METHOD, DSA and DSA_METHOD, RSA and RSA_METHOD,
- BIO and BIO_METHOD, EVP_MD_CTX, EVP_MD, EVP_CIPHER_CTX,
- EVP_CIPHER, EVP_PKEY and associated types, HMAC_CTX,
- X509, X509_CRL, X509_OBJECT, X509_STORE_CTX, X509_STORE,
- X509_LOOKUP, X509_LOOKUP_METHOD
- o libssl internal structures made opaque
- o SSLv2 support removed
- o Kerberos ciphersuite support removed
- o RC4 removed from DEFAULT ciphersuites in libssl
- o 40 and 56 bit cipher support removed from libssl
- o All public header files moved to include/openssl, no more symlinking
- o SSL/TLS state machine, version negotiation and record layer rewritten
- o EC revision: now operations use new EC_KEY_METHOD.
- o Support for OCB mode added to libcrypto
- o Support for asynchronous crypto operations added to libcrypto and libssl
- o Deprecated interfaces can now be disabled at build time either
- relative to the latest release via the "no-deprecated" Configure
- argument, or via the "--api=1.1.0|1.0.0|0.9.8" option.
- o Application software can be compiled with -DOPENSSL_API_COMPAT=version
- to ensure that features deprecated in that version are not exposed.
- o Support for RFC6698/RFC7671 DANE TLSA peer authentication
- o Change of Configure to use --prefix as the main installation
- directory location rather than --openssldir. The latter becomes
- the directory for certs, private key and openssl.cnf exclusively.
- o Reworked BIO networking library, with full support for IPv6.
- o New "unified" build system
- o New security levels
- o Support for scrypt algorithm
- o Support for X25519
- o Extended SSL_CONF support using configuration files
- o KDF algorithm support. Implement TLS PRF as a KDF.
- o Support for Certificate Transparency
- o HKDF support.
-
- Major changes between OpenSSL 1.0.2g and OpenSSL 1.0.2h [3 May 2016]
-
- o Prevent padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
- o Fix EVP_EncodeUpdate overflow (CVE-2016-2105)
- o Fix EVP_EncryptUpdate overflow (CVE-2016-2106)
- o Prevent ASN.1 BIO excessive memory allocation (CVE-2016-2109)
- o EBCDIC overread (CVE-2016-2176)
- o Modify behavior of ALPN to invoke callback after SNI/servername
- callback, such that updates to the SSL_CTX affect ALPN.
- o Remove LOW from the DEFAULT cipher list. This removes singles DES from
- the default.
- o Only remove the SSLv2 methods with the no-ssl2-method option.
-
- Major changes between OpenSSL 1.0.2f and OpenSSL 1.0.2g [1 Mar 2016]
-
- o Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
- o Disable SSLv2 default build, default negotiation and weak ciphers
- (CVE-2016-0800)
- o Fix a double-free in DSA code (CVE-2016-0705)
- o Disable SRP fake user seed to address a server memory leak
- (CVE-2016-0798)
- o Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
- (CVE-2016-0797)
- o Fix memory issues in BIO_*printf functions (CVE-2016-0799)
- o Fix side channel attack on modular exponentiation (CVE-2016-0702)
-
- Major changes between OpenSSL 1.0.2e and OpenSSL 1.0.2f [28 Jan 2016]
-
- o DH small subgroups (CVE-2016-0701)
- o SSLv2 doesn't block disabled ciphers (CVE-2015-3197)
-
- Major changes between OpenSSL 1.0.2d and OpenSSL 1.0.2e [3 Dec 2015]
-
- o BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)
- o Certificate verify crash with missing PSS parameter (CVE-2015-3194)
- o X509_ATTRIBUTE memory leak (CVE-2015-3195)
- o Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs
- o In DSA_generate_parameters_ex, if the provided seed is too short,
- return an error
-
- Major changes between OpenSSL 1.0.2c and OpenSSL 1.0.2d [9 Jul 2015]
-
- o Alternate chains certificate forgery (CVE-2015-1793)
- o Race condition handling PSK identify hint (CVE-2015-3196)
-
- Major changes between OpenSSL 1.0.2b and OpenSSL 1.0.2c [12 Jun 2015]
-
- o Fix HMAC ABI incompatibility
-
- Major changes between OpenSSL 1.0.2a and OpenSSL 1.0.2b [11 Jun 2015]
-
- o Malformed ECParameters causes infinite loop (CVE-2015-1788)
- o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)
- o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)
- o CMS verify infinite loop with unknown hash function (CVE-2015-1792)
- o Race condition handling NewSessionTicket (CVE-2015-1791)
-
- Major changes between OpenSSL 1.0.2 and OpenSSL 1.0.2a [19 Mar 2015]
-
- o OpenSSL 1.0.2 ClientHello sigalgs DoS fix (CVE-2015-0291)
- o Multiblock corrupted pointer fix (CVE-2015-0290)
- o Segmentation fault in DTLSv1_listen fix (CVE-2015-0207)
- o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286)
- o Segmentation fault for invalid PSS parameters fix (CVE-2015-0208)
- o ASN.1 structure reuse memory corruption fix (CVE-2015-0287)
- o PKCS7 NULL pointer dereferences fix (CVE-2015-0289)
- o DoS via reachable assert in SSLv2 servers fix (CVE-2015-0293)
- o Empty CKE with client auth and DHE fix (CVE-2015-1787)
- o Handshake with unseeded PRNG fix (CVE-2015-0285)
- o Use After Free following d2i_ECPrivatekey error fix (CVE-2015-0209)
- o X509_to_X509_REQ NULL pointer deref fix (CVE-2015-0288)
- o Removed the export ciphers from the DEFAULT ciphers
-
- Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.2 [22 Jan 2015]:
-
- o Suite B support for TLS 1.2 and DTLS 1.2
- o Support for DTLS 1.2
- o TLS automatic EC curve selection.
- o API to set TLS supported signature algorithms and curves
- o SSL_CONF configuration API.
- o TLS Brainpool support.
- o ALPN support.
- o CMS support for RSA-PSS, RSA-OAEP, ECDH and X9.42 DH.
-
- Major changes between OpenSSL 1.0.1k and OpenSSL 1.0.1l [15 Jan 2015]
-
- o Build fixes for the Windows and OpenVMS platforms
-
- Major changes between OpenSSL 1.0.1j and OpenSSL 1.0.1k [8 Jan 2015]
-
- o Fix for CVE-2014-3571
- o Fix for CVE-2015-0206
- o Fix for CVE-2014-3569
- o Fix for CVE-2014-3572
- o Fix for CVE-2015-0204
- o Fix for CVE-2015-0205
- o Fix for CVE-2014-8275
- o Fix for CVE-2014-3570
+NEWS
+====
+
+This file gives a brief overview of the major changes between each OpenSSL
+release. For more details please read the CHANGES file.
+
+Major changes between OpenSSL 1.1.1 and OpenSSL 3.0.0 [under development]
+----------------------------------------------------------------------
+
+ * enable-crypto-mdebug and enable-crypto-mdebug-backtrace were mostly
+ disabled; the project uses address sanitize/leak-detect instead.
+ * Added OSSL_SERIALIZER, a generic serializer API.
+ * Added error raising macros, ERR_raise() and ERR_raise_data().
+ * Deprecated ERR_put_error().
+ * Added OSSL_PROVIDER_available(), to check provider availibility.
+ * Added 'openssl mac' that uses the EVP_MAC API.
+ * Added 'openssl kdf' that uses the EVP_KDF API.
+ * Add OPENSSL_info() and 'openssl info' to get built-in data.
+ * Add support for enabling instrumentation through trace and debug
+ output.
+ * Changed our version number scheme and set the next major release to
+ 3.0.0
+ * Added EVP_MAC, an EVP layer MAC API, and a generic EVP_PKEY to EVP_MAC
+ bridge.
+ * Removed the heartbeat message in DTLS feature.
+ * Added EVP_KDF, an EVP layer KDF API, and a generic EVP_PKEY to EVP_KDF
+ bridge.
+
+Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.1a [20 Nov 2018]
+----------------------------------------------------------------------
+
+ * Timing vulnerability in DSA signature generation (CVE-2018-0734)
+ * Timing vulnerability in ECDSA signature generation (CVE-2018-0735)
+
+Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [11 Sep 2018]
+----------------------------------------------------------------------
+
+ * Support for TLSv1.3 added (see https://wiki.openssl.org/index.php/TLS1.3
+ for further important information). The TLSv1.3 implementation includes:
+ * Fully compliant implementation of RFC8446 (TLSv1.3) on by default
+ * Early data (0-RTT)
+ * Post-handshake authentication and key update
+ * Middlebox Compatibility Mode
+ * TLSv1.3 PSKs
+ * Support for all five RFC8446 ciphersuites
+ * RSA-PSS signature algorithms (backported to TLSv1.2)
+ * Configurable session ticket support
+ * Stateless server support
+ * Rewrite of the packet construction code for "safer" packet handling
+ * Rewrite of the extension handling code
+ * Complete rewrite of the OpenSSL random number generator to introduce the
+ following capabilities
+ * The default RAND method now utilizes an AES-CTR DRBG according to
+ NIST standard SP 800-90Ar1.
+ * Support for multiple DRBG instances with seed chaining.
+ * There is a public and private DRBG instance.
+ * The DRBG instances are fork-safe.
+ * Keep all global DRBG instances on the secure heap if it is enabled.
+ * The public and private DRBG instance are per thread for lock free
+ operation
+ * Support for various new cryptographic algorithms including:
+ * SHA3
+ * SHA512/224 and SHA512/256
+ * EdDSA (both Ed25519 and Ed448) including X509 and TLS support
+ * X448 (adding to the existing X25519 support in 1.1.0)
+ * Multi-prime RSA
+ * SM2
+ * SM3
+ * SM4
+ * SipHash
+ * ARIA (including TLS support)
+ * Significant Side-Channel attack security improvements
+ * Add a new ClientHello callback to provide the ability to adjust the SSL
+ object at an early stage.
+ * Add 'Maximum Fragment Length' TLS extension negotiation and support
+ * A new STORE module, which implements a uniform and URI based reader of
+ stores that can contain keys, certificates, CRLs and numerous other
+ objects.
+ * Move the display of configuration data to configdata.pm.
+ * Allow GNU style "make variables" to be used with Configure.
+ * Claim the namespaces OSSL and OPENSSL, represented as symbol prefixes
+ * Rewrite of devcrypto engine
+
+Major changes between OpenSSL 1.1.0h and OpenSSL 1.1.0i [under development]
+----------------------------------------------------------------------
+
+ * Client DoS due to large DH parameter (CVE-2018-0732)
+ * Cache timing vulnerability in RSA Key Generation (CVE-2018-0737)
+
+Major changes between OpenSSL 1.1.0g and OpenSSL 1.1.0h [under development]
+----------------------------------------------------------------------
+
+ * Constructed ASN.1 types with a recursive definition could exceed the
+ stack (CVE-2018-0739)
+ * Incorrect CRYPTO_memcmp on HP-UX PA-RISC (CVE-2018-0733)
+ * rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)
+
+Major changes between OpenSSL 1.1.0f and OpenSSL 1.1.0g [2 Nov 2017]
+----------------------------------------------------------------------
+
+ * bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
+ * Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735)
+
+Major changes between OpenSSL 1.1.0e and OpenSSL 1.1.0f [25 May 2017]
+----------------------------------------------------------------------
+
+ * config now recognises 64-bit mingw and chooses mingw64 instead of mingw
+
+Major changes between OpenSSL 1.1.0d and OpenSSL 1.1.0e [16 Feb 2017]
+----------------------------------------------------------------------
+
+ * Encrypt-Then-Mac renegotiation crash (CVE-2017-3733)
+
+Major changes between OpenSSL 1.1.0c and OpenSSL 1.1.0d [26 Jan 2017]
+----------------------------------------------------------------------
+
+ * Truncated packet could crash via OOB read (CVE-2017-3731)
+ * Bad (EC)DHE parameters cause a client crash (CVE-2017-3730)
+ * BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)
+
+Major changes between OpenSSL 1.1.0b and OpenSSL 1.1.0c [10 Nov 2016]
+----------------------------------------------------------------------
+
+ * ChaCha20/Poly1305 heap-buffer-overflow (CVE-2016-7054)
+ * CMS Null dereference (CVE-2016-7053)
+ * Montgomery multiplication may produce incorrect results (CVE-2016-7055)
+
+Major changes between OpenSSL 1.1.0a and OpenSSL 1.1.0b [26 Sep 2016]
+----------------------------------------------------------------------
+
+ * Fix Use After Free for large message sizes (CVE-2016-6309)
+
+Major changes between OpenSSL 1.1.0 and OpenSSL 1.1.0a [22 Sep 2016]
+----------------------------------------------------------------------
+
+ * OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
+ * SSL_peek() hang on empty record (CVE-2016-6305)
+ * Excessive allocation of memory in tls_get_message_header()
+ (CVE-2016-6307)
+ * Excessive allocation of memory in dtls1_preprocess_fragment()
+ (CVE-2016-6308)
+
+Major changes between OpenSSL 1.0.2h and OpenSSL 1.1.0 [25 Aug 2016]
+----------------------------------------------------------------------
+
+ * Copyright text was shrunk to a boilerplate that points to the license
+ * "shared" builds are now the default when possible
+ * Added support for "pipelining"
+ * Added the AFALG engine
+ * New threading API implemented
+ * Support for ChaCha20 and Poly1305 added to libcrypto and libssl
+ * Support for extended master secret
+ * CCM ciphersuites
+ * Reworked test suite, now based on perl, Test::Harness and Test::More
+ * *Most* libcrypto and libssl public structures were made opaque,
+ including:
+ BIGNUM and associated types, EC_KEY and EC_KEY_METHOD,
+ DH and DH_METHOD, DSA and DSA_METHOD, RSA and RSA_METHOD,
+ BIO and BIO_METHOD, EVP_MD_CTX, EVP_MD, EVP_CIPHER_CTX,
+ EVP_CIPHER, EVP_PKEY and associated types, HMAC_CTX,
+ X509, X509_CRL, X509_OBJECT, X509_STORE_CTX, X509_STORE,
+ X509_LOOKUP, X509_LOOKUP_METHOD
+ * libssl internal structures made opaque
+ * SSLv2 support removed
+ * Kerberos ciphersuite support removed
+ * RC4 removed from DEFAULT ciphersuites in libssl
+ * 40 and 56 bit cipher support removed from libssl
+ * All public header files moved to include/openssl, no more symlinking
+ * SSL/TLS state machine, version negotiation and record layer rewritten
+ * EC revision: now operations use new EC_KEY_METHOD.
+ * Support for OCB mode added to libcrypto
+ * Support for asynchronous crypto operations added to libcrypto and libssl
+ * Deprecated interfaces can now be disabled at build time either
+ relative to the latest release via the "no-deprecated" Configure
+ argument, or via the "--api=1.1.0|1.0.0|0.9.8" option.
+ * Application software can be compiled with -DOPENSSL_API_COMPAT=version
+ to ensure that features deprecated in that version are not exposed.
+ * Support for RFC6698/RFC7671 DANE TLSA peer authentication
+ * Change of Configure to use --prefix as the main installation
+ directory location rather than --openssldir. The latter becomes
+ the directory for certs, private key and openssl.cnf exclusively.
+ * Reworked BIO networking library, with full support for IPv6.
+ * New "unified" build system
+ * New security levels
+ * Support for scrypt algorithm
+ * Support for X25519
+ * Extended SSL_CONF support using configuration files
+ * KDF algorithm support. Implement TLS PRF as a KDF.
+ * Support for Certificate Transparency
+ * HKDF support.
+
+Major changes between OpenSSL 1.0.2g and OpenSSL 1.0.2h [3 May 2016]
+----------------------------------------------------------------------
+
+ * Prevent padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
+ * Fix EVP_EncodeUpdate overflow (CVE-2016-2105)
+ * Fix EVP_EncryptUpdate overflow (CVE-2016-2106)
+ * Prevent ASN.1 BIO excessive memory allocation (CVE-2016-2109)
+ * EBCDIC overread (CVE-2016-2176)
+ * Modify behavior of ALPN to invoke callback after SNI/servername
+ callback, such that updates to the SSL_CTX affect ALPN.
+ * Remove LOW from the DEFAULT cipher list. This removes singles DES from
+ the default.
+ * Only remove the SSLv2 methods with the no-ssl2-method option.
+
+Major changes between OpenSSL 1.0.2f and OpenSSL 1.0.2g [1 Mar 2016]
+----------------------------------------------------------------------
+
+ * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
+ * Disable SSLv2 default build, default negotiation and weak ciphers
+ (CVE-2016-0800)
+ * Fix a double-free in DSA code (CVE-2016-0705)
+ * Disable SRP fake user seed to address a server memory leak
+ (CVE-2016-0798)
+ * Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
+ (CVE-2016-0797)
+ * Fix memory issues in BIO_*printf functions (CVE-2016-0799)
+ * Fix side channel attack on modular exponentiation (CVE-2016-0702)
+
+Major changes between OpenSSL 1.0.2e and OpenSSL 1.0.2f [28 Jan 2016]
+----------------------------------------------------------------------
+
+ * DH small subgroups (CVE-2016-0701)
+ * SSLv2 doesn't block disabled ciphers (CVE-2015-3197)
+
+Major changes between OpenSSL 1.0.2d and OpenSSL 1.0.2e [3 Dec 2015]
+----------------------------------------------------------------------
+
+ * BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)
+ * Certificate verify crash with missing PSS parameter (CVE-2015-3194)
+ * X509_ATTRIBUTE memory leak (CVE-2015-3195)
+ * Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs
+ * In DSA_generate_parameters_ex, if the provided seed is too short,
+ return an error
+
+Major changes between OpenSSL 1.0.2c and OpenSSL 1.0.2d [9 Jul 2015]
+----------------------------------------------------------------------
+
+ * Alternate chains certificate forgery (CVE-2015-1793)
+ * Race condition handling PSK identify hint (CVE-2015-3196)
+
+Major changes between OpenSSL 1.0.2b and OpenSSL 1.0.2c [12 Jun 2015]
+----------------------------------------------------------------------
+
+ * Fix HMAC ABI incompatibility
+
+Major changes between OpenSSL 1.0.2a and OpenSSL 1.0.2b [11 Jun 2015]
+----------------------------------------------------------------------
+
+ * Malformed ECParameters causes infinite loop (CVE-2015-1788)
+ * Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)
+ * PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)
+ * CMS verify infinite loop with unknown hash function (CVE-2015-1792)
+ * Race condition handling NewSessionTicket (CVE-2015-1791)
+
+Major changes between OpenSSL 1.0.2 and OpenSSL 1.0.2a [19 Mar 2015]
+----------------------------------------------------------------------
+
+ * OpenSSL 1.0.2 ClientHello sigalgs DoS fix (CVE-2015-0291)
+ * Multiblock corrupted pointer fix (CVE-2015-0290)
+ * Segmentation fault in DTLSv1_listen fix (CVE-2015-0207)
+ * Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286)
+ * Segmentation fault for invalid PSS parameters fix (CVE-2015-0208)
+ * ASN.1 structure reuse memory corruption fix (CVE-2015-0287)
+ * PKCS7 NULL pointer dereferences fix (CVE-2015-0289)
+ * DoS via reachable assert in SSLv2 servers fix (CVE-2015-0293)
+ * Empty CKE with client auth and DHE fix (CVE-2015-1787)
+ * Handshake with unseeded PRNG fix (CVE-2015-0285)
+ * Use After Free following d2i_ECPrivatekey error fix (CVE-2015-0209)
+ * X509_to_X509_REQ NULL pointer deref fix (CVE-2015-0288)
+ * Removed the export ciphers from the DEFAULT ciphers
+
+Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.2 [22 Jan 2015]:
+----------------------------------------------------------------------
+
+ * Suite B support for TLS 1.2 and DTLS 1.2
+ * Support for DTLS 1.2
+ * TLS automatic EC curve selection.
+ * API to set TLS supported signature algorithms and curves
+ * SSL_CONF configuration API.
+ * TLS Brainpool support.
+ * ALPN support.
+ * CMS support for RSA-PSS, RSA-OAEP, ECDH and X9.42 DH.
+
+Major changes between OpenSSL 1.0.1k and OpenSSL 1.0.1l [15 Jan 2015]
+----------------------------------------------------------------------
+
+ * Build fixes for the Windows and OpenVMS platforms
+
+Major changes between OpenSSL 1.0.1j and OpenSSL 1.0.1k [8 Jan 2015]
+----------------------------------------------------------------------
+
+ * Fix for CVE-2014-3571
+ * Fix for CVE-2015-0206
+ * Fix for CVE-2014-3569
+ * Fix for CVE-2014-3572
+ * Fix for CVE-2015-0204
+ * Fix for CVE-2015-0205
+ * Fix for CVE-2014-8275
+ * Fix for CVE-2014-3570
+
+Major changes between OpenSSL 1.0.1i and OpenSSL 1.0.1j [15 Oct 2014]
+----------------------------------------------------------------------
+
+ * Fix for CVE-2014-3513
+ * Fix for CVE-2014-3567
+ * Mitigation for CVE-2014-3566 (SSL protocol vulnerability)
+ * Fix for CVE-2014-3568
+
+Major changes between OpenSSL 1.0.1h and OpenSSL 1.0.1i [6 Aug 2014]
+----------------------------------------------------------------------
+
+ * Fix for CVE-2014-3512
+ * Fix for CVE-2014-3511
+ * Fix for CVE-2014-3510
+ * Fix for CVE-2014-3507
+ * Fix for CVE-2014-3506
+ * Fix for CVE-2014-3505
+ * Fix for CVE-2014-3509
+ * Fix for CVE-2014-5139
+ * Fix for CVE-2014-3508
+
+Major changes between OpenSSL 1.0.1g and OpenSSL 1.0.1h [5 Jun 2014]
+----------------------------------------------------------------------
+
+ * Fix for CVE-2014-0224
+ * Fix for CVE-2014-0221
+ * Fix for CVE-2014-0198
+ * Fix for CVE-2014-0195
+ * Fix for CVE-2014-3470
+ * Fix for CVE-2010-5298
+
+Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014]
+----------------------------------------------------------------------
+
+ * Fix for CVE-2014-0160
+ * Add TLS padding extension workaround for broken servers.
+ * Fix for CVE-2014-0076
+
+Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014]
+----------------------------------------------------------------------
+
+ * Don't include gmt_unix_time in TLS server and client random values
+ * Fix for TLS record tampering bug CVE-2013-4353
+ * Fix for TLS version checking bug CVE-2013-6449
+ * Fix for DTLS retransmission bug CVE-2013-6450
+
+Major changes between OpenSSL 1.0.1d and OpenSSL 1.0.1e [11 Feb 2013]:
+----------------------------------------------------------------------
+
+ * Corrected fix for CVE-2013-0169
+
+Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d [4 Feb 2013]:
+----------------------------------------------------------------------
+
+ * Fix renegotiation in TLS 1.1, 1.2 by using the correct TLS version.
+ * Include the fips configuration module.
+ * Fix OCSP bad key DoS attack CVE-2013-0166
+ * Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
+ * Fix for TLS AESNI record handling flaw CVE-2012-2686
+
+Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c [10 May 2012]:
+----------------------------------------------------------------------
+
+ * Fix TLS/DTLS record length checking bug CVE-2012-2333
+ * Don't attempt to use non-FIPS composite ciphers in FIPS mode.
+
+Major changes between OpenSSL 1.0.1a and OpenSSL 1.0.1b [26 Apr 2012]:
+----------------------------------------------------------------------
+
+ * Fix compilation error on non-x86 platforms.
+ * Make FIPS capable OpenSSL ciphers work in non-FIPS mode.
+ * Fix SSL_OP_NO_TLSv1_1 clash with SSL_OP_ALL in OpenSSL 1.0.0
+
+Major changes between OpenSSL 1.0.1 and OpenSSL 1.0.1a [19 Apr 2012]:
+----------------------------------------------------------------------
+
+ * Fix for ASN1 overflow bug CVE-2012-2110
+ * Workarounds for some servers that hang on long client hellos.
+ * Fix SEGV in AES code.
+
+Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1 [14 Mar 2012]:
+----------------------------------------------------------------------
+
+ * TLS/DTLS heartbeat support.
+ * SCTP support.
+ * RFC 5705 TLS key material exporter.
+ * RFC 5764 DTLS-SRTP negotiation.
+ * Next Protocol Negotiation.
+ * PSS signatures in certificates, requests and CRLs.
+ * Support for password based recipient info for CMS.
+ * Support TLS v1.2 and TLS v1.1.
+ * Preliminary FIPS capability for unvalidated 2.0 FIPS module.
+ * SRP support.
+
+Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h [12 Mar 2012]:
+----------------------------------------------------------------------
+
+ * Fix for CMS/PKCS#7 MMA CVE-2012-0884
+ * Corrected fix for CVE-2011-4619
+ * Various DTLS fixes.
+
+Major changes between OpenSSL 1.0.0f and OpenSSL 1.0.0g [18 Jan 2012]:
+----------------------------------------------------------------------
+
+ * Fix for DTLS DoS issue CVE-2012-0050
+
+Major changes between OpenSSL 1.0.0e and OpenSSL 1.0.0f [4 Jan 2012]:
+----------------------------------------------------------------------
+
+ * Fix for DTLS plaintext recovery attack CVE-2011-4108
+ * Clear block padding bytes of SSL 3.0 records CVE-2011-4576
+ * Only allow one SGC handshake restart for SSL/TLS CVE-2011-4619
+ * Check parameters are not NULL in GOST ENGINE CVE-2012-0027
+ * Check for malformed RFC3779 data CVE-2011-4577
+
+Major changes between OpenSSL 1.0.0d and OpenSSL 1.0.0e [6 Sep 2011]:
+----------------------------------------------------------------------
+
+ * Fix for CRL vulnerability issue CVE-2011-3207
+ * Fix for ECDH crashes CVE-2011-3210
+ * Protection against EC timing attacks.
+ * Support ECDH ciphersuites for certificates using SHA2 algorithms.
+ * Various DTLS fixes.
+
+Major changes between OpenSSL 1.0.0c and OpenSSL 1.0.0d [8 Feb 2011]:
+----------------------------------------------------------------------
+
+ * Fix for security issue CVE-2011-0014
- Major changes between OpenSSL 1.0.1i and OpenSSL 1.0.1j [15 Oct 2014]
-
- o Fix for CVE-2014-3513
- o Fix for CVE-2014-3567
- o Mitigation for CVE-2014-3566 (SSL protocol vulnerability)
- o Fix for CVE-2014-3568
-
- Major changes between OpenSSL 1.0.1h and OpenSSL 1.0.1i [6 Aug 2014]
-
- o Fix for CVE-2014-3512
- o Fix for CVE-2014-3511
- o Fix for CVE-2014-3510
- o Fix for CVE-2014-3507
- o Fix for CVE-2014-3506
- o Fix for CVE-2014-3505
- o Fix for CVE-2014-3509
- o Fix for CVE-2014-5139
- o Fix for CVE-2014-3508
-
- Major changes between OpenSSL 1.0.1g and OpenSSL 1.0.1h [5 Jun 2014]
-
- o Fix for CVE-2014-0224
- o Fix for CVE-2014-0221
- o Fix for CVE-2014-0198
- o Fix for CVE-2014-0195
- o Fix for CVE-2014-3470
- o Fix for CVE-2010-5298
-
- Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014]
-
- o Fix for CVE-2014-0160
- o Add TLS padding extension workaround for broken servers.
- o Fix for CVE-2014-0076
-
- Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014]
-
- o Don't include gmt_unix_time in TLS server and client random values
- o Fix for TLS record tampering bug CVE-2013-4353
- o Fix for TLS version checking bug CVE-2013-6449
- o Fix for DTLS retransmission bug CVE-2013-6450
-
- Major changes between OpenSSL 1.0.1d and OpenSSL 1.0.1e [11 Feb 2013]:
-
- o Corrected fix for CVE-2013-0169
-
- Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d [4 Feb 2013]:
-
- o Fix renegotiation in TLS 1.1, 1.2 by using the correct TLS version.
- o Include the fips configuration module.
- o Fix OCSP bad key DoS attack CVE-2013-0166
- o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
- o Fix for TLS AESNI record handling flaw CVE-2012-2686
-
- Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c [10 May 2012]:
-
- o Fix TLS/DTLS record length checking bug CVE-2012-2333
- o Don't attempt to use non-FIPS composite ciphers in FIPS mode.
-
- Major changes between OpenSSL 1.0.1a and OpenSSL 1.0.1b [26 Apr 2012]:
-
- o Fix compilation error on non-x86 platforms.
- o Make FIPS capable OpenSSL ciphers work in non-FIPS mode.
- o Fix SSL_OP_NO_TLSv1_1 clash with SSL_OP_ALL in OpenSSL 1.0.0
-
- Major changes between OpenSSL 1.0.1 and OpenSSL 1.0.1a [19 Apr 2012]:
-
- o Fix for ASN1 overflow bug CVE-2012-2110
- o Workarounds for some servers that hang on long client hellos.
- o Fix SEGV in AES code.
-
- Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1 [14 Mar 2012]:
-
- o TLS/DTLS heartbeat support.
- o SCTP support.
- o RFC 5705 TLS key material exporter.
- o RFC 5764 DTLS-SRTP negotiation.
- o Next Protocol Negotiation.
- o PSS signatures in certificates, requests and CRLs.
- o Support for password based recipient info for CMS.
- o Support TLS v1.2 and TLS v1.1.
- o Preliminary FIPS capability for unvalidated 2.0 FIPS module.
- o SRP support.
-
- Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h [12 Mar 2012]:
-
- o Fix for CMS/PKCS#7 MMA CVE-2012-0884
- o Corrected fix for CVE-2011-4619
- o Various DTLS fixes.
-
- Major changes between OpenSSL 1.0.0f and OpenSSL 1.0.0g [18 Jan 2012]:
-
- o Fix for DTLS DoS issue CVE-2012-0050
-
- Major changes between OpenSSL 1.0.0e and OpenSSL 1.0.0f [4 Jan 2012]:
-
- o Fix for DTLS plaintext recovery attack CVE-2011-4108
- o Clear block padding bytes of SSL 3.0 records CVE-2011-4576
- o Only allow one SGC handshake restart for SSL/TLS CVE-2011-4619
- o Check parameters are not NULL in GOST ENGINE CVE-2012-0027
- o Check for malformed RFC3779 data CVE-2011-4577
-
- Major changes between OpenSSL 1.0.0d and OpenSSL 1.0.0e [6 Sep 2011]:
-
- o Fi