summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ACKNOWLEDGEMENTS.md1
-rw-r--r--AUTHORS.md58
-rw-r--r--CHANGES.md817
-rw-r--r--CONTRIBUTING.md4
-rw-r--r--INSTALL.md312
-rw-r--r--NEWS.md296
-rw-r--r--README.md58
-rw-r--r--SUPPORT.md15
-rw-r--r--fuzz/README.md20
-rw-r--r--test/README.ssltest.md97
10 files changed, 781 insertions, 897 deletions
diff --git a/ACKNOWLEDGEMENTS.md b/ACKNOWLEDGEMENTS.md
index baf7743c8e..dae83457db 100644
--- a/ACKNOWLEDGEMENTS.md
+++ b/ACKNOWLEDGEMENTS.md
@@ -3,6 +3,5 @@ Acknowlegements
Please see our [Thanks!][] page for the current acknowledgements.
-
[Thanks!]: https://www.openssl.org/community/thanks.html
diff --git a/AUTHORS.md b/AUTHORS.md
index e9ff5441b9..af72f43b08 100644
--- a/AUTHORS.md
+++ b/AUTHORS.md
@@ -7,40 +7,38 @@ since in some cases, their employer may be the copyright holder.
To see the full list of contributors, see the revision history in
source control.
-
Groups
------
- * OpenSSL Software Services, Inc.
- * OpenSSL Software Foundation, Inc.
-
+ * OpenSSL Software Services, Inc.
+ * OpenSSL Software Foundation, Inc.
Individuals
-----------
- * Andy Polyakov
- * Ben Laurie
- * Ben Kaduk
- * Bernd Edlinger
- * Bodo Möller
- * David Benjamin
- * Emilia Käsper
- * Eric Young
- * Geoff Thorpe
- * Holger Reif
- * Kurt Roeckx
- * Lutz Jänicke
- * Mark J. Cox
- * Matt Caswell
- * Matthias St. Pierre
- * Nils Larsch
- * Paul Dale
- * Paul C. Sutton
- * Ralf S. Engelschall
- * Rich Salz
- * Richard Levitte
- * Stephen Henson
- * Steve Marquess
- * Tim Hudson
- * Ulf Möller
- * Viktor Dukhovni
+ * Andy Polyakov
+ * Ben Laurie
+ * Ben Kaduk
+ * Bernd Edlinger
+ * Bodo Möller
+ * David Benjamin
+ * Emilia Käsper
+ * Eric Young
+ * Geoff Thorpe
+ * Holger Reif
+ * Kurt Roeckx
+ * Lutz Jänicke
+ * Mark J. Cox
+ * Matt Caswell
+ * Matthias St. Pierre
+ * Nils Larsch
+ * Paul Dale
+ * Paul C. Sutton
+ * Ralf S. Engelschall
+ * Rich Salz
+ * Richard Levitte
+ * Stephen Henson
+ * Steve Marquess
+ * Tim Hudson
+ * Ulf Möller
+ * Viktor Dukhovni
diff --git a/CHANGES.md b/CHANGES.md
index 6da7bcde72..2835322bdf 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -7,7 +7,6 @@ pick the appropriate release branch.
[log]: https://github.com/openssl/openssl/commits/
-
OpenSSL Releases
----------------
@@ -22,7 +21,7 @@ OpenSSL Releases
OpenSSL 3.0
-----------
-### Changes between 1.1.1 and 3.0 [xx XXX xxxx] ###
+### Changes between 1.1.1 and 3.0 [xx XXX xxxx]
* Removed FIPS_mode() and FIPS_mode_set(). These functions are legacy API's
that are not applicable to the new provider model. Applications should
@@ -87,7 +86,6 @@ OpenSSL 3.0
*Matthias St. Pierre*
-
* The test suite is changed to preserve results of each test recipe.
A new directory test-runs/ with subdirectories named like the
test recipes are created in the build tree for this purpose.
@@ -335,7 +333,7 @@ OpenSSL 3.0
*Paul Dale*
- * Corrected the documentation of the return values from the EVP_DigestSign*
+ * Corrected the documentation of the return values from the `EVP_DigestSign*`
set of functions. The documentation mentioned negative values for some
errors, but this was never the case, so the mention of negative values
was removed.
@@ -422,10 +420,10 @@ OpenSSL 3.0
replaced with no-ops.
*Rich Salz*
-
+
* Added documentation for the STACK API. OpenSSL only defines the STACK
functions where they are used.
-
+
*Rich Salz*
* Introduced a new method type and API, OSSL_SERIALIZER, to
@@ -589,7 +587,6 @@ OpenSSL 3.0
$ mms /macro=(VF=1) test ! OpenVMS
$ nmake VF=1 test # Windows
-
*Richard Levitte*
* For built-in EC curves, ensure an EC_GROUP built from the curve name is
@@ -641,7 +638,7 @@ OpenSSL 3.0
when primes for RSA keys are computed.
Since we previously always generated primes == 2 (mod 3) for RSA keys,
the 2-prime and 3-prime RSA modules were easy to distinguish, since
- N = p*q = 1 (mod 3), but N = p*q*r = 2 (mod 3). Therefore fingerprinting
+ `N = p*q = 1 (mod 3)`, but `N = p*q*r = 2 (mod 3)`. Therefore fingerprinting
2-prime vs. 3-prime RSA keys was possible by computing N mod 3.
This avoids possible fingerprinting of newly generated RSA modules.
@@ -692,7 +689,7 @@ OpenSSL 3.0
*Paul Dale*
- * {CRYPTO,OPENSSL}_mem_debug_{push,pop} are now no-ops and have been
+ * `{CRYPTO,OPENSSL}_mem_debug_{push,pop}` are now no-ops and have been
deprecated.
*Rich Salz*
@@ -807,7 +804,7 @@ OpenSSL 3.0
*Paul Dale*
* Added newline escaping functionality to a filename when using openssl dgst.
- This output format is to replicate the output format found in the '*sum'
+ This output format is to replicate the output format found in the `*sum`
checksum programs. This aims to preserve backward compatibility.
*Matt Eaton, Richard Levitte, and Paul Dale*
@@ -967,7 +964,7 @@ OpenSSL 3.0
the attacked described in "Efficient Instantiations of Tweakable
Blockciphers and Refinements to Modes OCB and PMAC" by Phillip Rogaway.
Details of this attack can be obtained from:
- http://web.cs.ucdavis.edu/%7Erogaway/papers/offsets.pdf
+ <http://web.cs.ucdavis.edu/%7Erogaway/papers/offsets.pdf>
*Paul Dale*
@@ -988,14 +985,12 @@ OpenSSL 3.0
*Boris Pismenny*
-
OpenSSL 1.1.1
-------------
-### Changes between 1.1.1e and 1.1.1f [xx XXX xxxx] ###
+### Changes between 1.1.1e and 1.1.1f [xx XXX xxxx]
-
-### Changes between 1.1.1d and 1.1.1e [17 Mar 2020] ###
+### Changes between 1.1.1d and 1.1.1e [17 Mar 2020]
* Properly detect EOF while reading in libssl. Previously if we hit an EOF
while reading in libssl then we would report an error back to the
@@ -1039,7 +1034,7 @@ OpenSSL 1.1.1
*Richard Levitte*
* Added newline escaping functionality to a filename when using openssl dgst.
- This output format is to replicate the output format found in the '*sum'
+ This output format is to replicate the output format found in the `*sum`
checksum programs. This aims to preserve backward compatibility.
*Matt Eaton, Richard Levitte, and Paul Dale*
@@ -1049,7 +1044,7 @@ OpenSSL 1.1.1
*Jon Spillett*
-### Changes between 1.1.1c and 1.1.1d [10 Sep 2019] ###
+### Changes between 1.1.1c and 1.1.1d [10 Sep 2019]
* Fixed a fork protection issue. OpenSSL 1.1.1 introduced a rewritten random
number generator (RNG). This was intended to include protection in the
@@ -1154,7 +1149,7 @@ OpenSSL 1.1.1
*Matthias St. Pierre*
-### Changes between 1.1.1b and 1.1.1c [28 May 2019] ###
+### Changes between 1.1.1b and 1.1.1c [28 May 2019]
* Add build tests for C++. These are generated files that only do one
thing, to include one public OpenSSL head file each. This tests that
@@ -1245,7 +1240,7 @@ OpenSSL 1.1.1
*Paul Yang*
-### Changes between 1.1.1a and 1.1.1b [26 Feb 2019] ###
+### Changes between 1.1.1a and 1.1.1b [26 Feb 2019]
* Change the info callback signals for the start and end of a post-handshake
message exchange in TLSv1.3. In 1.1.1/1.1.1a we used SSL_CB_HANDSHAKE_START
@@ -1259,7 +1254,7 @@ OpenSSL 1.1.1
*Matt Caswell*
-### Changes between 1.1.1 and 1.1.1a [20 Nov 2018] ###
+### Changes between 1.1.1 and 1.1.1a [20 Nov 2018]
* Timing vulnerability in DSA signature generation
@@ -1292,7 +1287,7 @@ OpenSSL 1.1.1
automatically and is fully functional even without additional randomness
provided by the application.
-### Changes between 1.1.0i and 1.1.1 [11 Sep 2018] ###
+### Changes between 1.1.0i and 1.1.1 [11 Sep 2018]
* Add a new ClientHello callback. Provides a callback interface that gives
the application the ability to adjust the nascent SSL object at the
@@ -1562,7 +1557,7 @@ OpenSSL 1.1.1
* Support for TLSv1.3 added. Note that users upgrading from an earlier
version of OpenSSL should review their configuration settings to ensure
that they are still appropriate for TLSv1.3. For further information see:
- https://wiki.openssl.org/index.php/TLS1.3
+ <https://wiki.openssl.org/index.php/TLS1.3>
*Matt Caswell*
@@ -1815,7 +1810,7 @@ OpenSSL 1.1.1
* 'openssl passwd' can now produce SHA256 and SHA512 based output,
using the algorithm defined in
- https://www.akkadia.org/drepper/SHA-crypt.txt
+ <https://www.akkadia.org/drepper/SHA-crypt.txt>
*Richard Levitte*
@@ -1835,8 +1830,7 @@ OpenSSL 1.1.1
OpenSSL 1.1.0
-------------
-
-### Changes between 1.1.0k and 1.1.0l [10 Sep 2019] ###
+### Changes between 1.1.0k and 1.1.0l [10 Sep 2019]
* For built-in EC curves, ensure an EC_GROUP built from the curve name is
used even when parsing explicit parameters, when loading a serialized key
@@ -1882,7 +1876,7 @@ OpenSSL 1.1.0
*Richard Levitte*
-### Changes between 1.1.0j and 1.1.0k [28 May 2019] ###
+### Changes between 1.1.0j and 1.1.0k [28 May 2019]
* Change the default RSA, DSA and DH size to 2048 bit instead of 1024.
This changes the size when using the genpkey app when no size is given. It
@@ -1945,7 +1939,7 @@ OpenSSL 1.1.0
*Richard Levitte*
-### Changes between 1.1.0i and 1.1.0j [20 Nov 2018] ###
+### Changes between 1.1.0i and 1.1.0j [20 Nov 2018]
* Timing vulnerability in DSA signature generation
@@ -1975,7 +1969,7 @@ OpenSSL 1.1.0
*Sohaib ul Hassan, Nicola Tuveri, Billy Bob Brumley*
-### Changes between 1.1.0h and 1.1.0i [14 Aug 2018] ###
+### Changes between 1.1.0h and 1.1.0i [14 Aug 2018]
* Client DoS due to large DH parameter
@@ -2060,7 +2054,7 @@ OpenSSL 1.1.0
*Matt Caswell*
-### Changes between 1.1.0g and 1.1.0h [27 Mar 2018] ###
+### Changes between 1.1.0g and 1.1.0h [27 Mar 2018]
* Constructed ASN.1 types with a recursive definition could exceed the stack
@@ -2139,7 +2133,7 @@ OpenSSL 1.1.0
*Andy Polyakov*
-### Changes between 1.1.0f and 1.1.0g [2 Nov 2017] ###
+### Changes between 1.1.0f and 1.1.0g [2 Nov 2017]
* bn_sqrx8x_internal carry bug on x86_64
@@ -2174,7 +2168,7 @@ OpenSSL 1.1.0
*Rich Salz*
-### Changes between 1.1.0e and 1.1.0f [25 May 2017] ###
+### Changes between 1.1.0e and 1.1.0f [25 May 2017]
* Have 'config' recognise 64-bit mingw and choose 'mingw64' as the target
platform rather than 'mingw'.
@@ -2187,7 +2181,7 @@ OpenSSL 1.1.0
*Richard Levitte*
-### Changes between 1.1.0d and 1.1.0e [16 Feb 2017] ###
+### Changes between 1.1.0d and 1.1.0e [16 Feb 2017]
* Encrypt-Then-Mac renegotiation crash
@@ -2201,7 +2195,7 @@ OpenSSL 1.1.0
*Matt Caswell*
-### Changes between 1.1.0c and 1.1.0d [26 Jan 2017] ###
+### Changes between 1.1.0c and 1.1.0d [26 Jan 2017]
* Truncated packet could crash via OOB read
@@ -2247,11 +2241,11 @@ OpenSSL 1.1.0
*Andy Polyakov*
-### Changes between 1.1.0b and 1.1.0c [10 Nov 2016] ###
+### Changes between 1.1.0b and 1.1.0c [10 Nov 2016]
* ChaCha20/Poly1305 heap-buffer-overflow
- TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to
+ TLS connections using `*-CHACHA20-POLY1305` ciphersuites are susceptible to
a DoS attack by corrupting larger payloads. This can result in an OpenSSL
crash. This issue is not considered to be exploitable beyond a DoS.
@@ -2303,7 +2297,7 @@ OpenSSL 1.1.0
*Richard Levitte*
-### Changes between 1.1.0a and 1.1.0b [26 Sep 2016] ###
+### Changes between 1.1.0a and 1.1.0b [26 Sep 2016]
* Fix Use After Free for large message sizes
@@ -2321,7 +2315,7 @@ OpenSSL 1.1.0
*Matt Caswell*
-### Changes between 1.1.0 and 1.1.0a [22 Sep 2016] ###
+### Changes between 1.1.0 and 1.1.0a [22 Sep 2016]
* OCSP Status Request extension unbounded memory growth
@@ -2400,7 +2394,7 @@ OpenSSL 1.1.0
*Andy Polyakov*
-### Changes between 1.0.2h and 1.1.0 [25 Aug 2016] ###
+### Changes between 1.0.2h and 1.1.0 [25 Aug 2016]
* Windows command-line tool supports UTF-8 opt-in option for arguments
and console input. Setting OPENSSL_WIN32_UTF8 environment variable
@@ -2443,8 +2437,8 @@ OpenSSL 1.1.0
*Joseph Wylie Yandle, Rich Salz*
- * The stack and lhash API's were renamed to start with OPENSSL_SK_
- and OPENSSL_LH_, respectively. The old names are available
+ * The stack and lhash API's were renamed to start with `OPENSSL_SK_`
+ and `OPENSSL_LH_`, respectively. The old names are available
with API compatibility. They new names are now completely documented.
*Rich Salz*
@@ -2622,12 +2616,12 @@ OpenSSL 1.1.0
*Todd Short*
* Changes to the DEFAULT cipherlist:
- - Prefer (EC)DHE handshakes over plain RSA.
- - Prefer AEAD ciphers over legacy ciphers.
- - Prefer ECDSA over RSA when both certificates are available.
- - Prefer TLSv1.2 ciphers/PRF.
- - Remove DSS, SEED, IDEA, CAMELLIA, and AES-CCM from the
- default cipherlist.
+ - Prefer (EC)DHE handshakes over plain RSA.
+ - Prefer AEAD ciphers over legacy ciphers.
+ - Prefer ECDSA over RSA when both certificates are available.
+ - Prefer TLSv1.2 ciphers/PRF.
+ - Remove DSS, SEED, IDEA, CAMELLIA, and AES-CCM from the
+ default cipherlist.
*Emilia Käsper*
@@ -2789,8 +2783,8 @@ OpenSSL 1.1.0
* The signature of the session callback configured with
SSL_CTX_sess_set_get_cb was changed. The read-only input buffer
- was explicitly marked as 'const unsigned char*' instead of
- 'unsigned char*'.
+ was explicitly marked as `const unsigned char*` instead of
+ `unsigned char*`.
*Emilia Käsper*
@@ -2822,7 +2816,7 @@ OpenSSL 1.1.0
Makefile. Instead, Configure produces a perl module in
configdata.pm which holds most of the config data (in the hash
table %config), the target data that comes from the target
- configuration in one of the Configurations/*.conf files (in
+ configuration in one of the `Configurations/*.conf~ files (in
%target).
*Richard Levitte*
@@ -2851,7 +2845,7 @@ OpenSSL 1.1.0
* The GOST engine was out of date and therefore it has been removed. An up
to date GOST engine is now being maintained in an external repository.
- See: https://wiki.openssl.org/index.php/Binaries. Libssl still retains
+ See: <https://wiki.openssl.org/index.php/Binaries>. Libssl still retains
support for GOST ciphersuites (these are only activated if a GOST engine
is present).
@@ -3205,7 +3199,7 @@ OpenSSL 1.1.0
* Added support for OCB mode. OpenSSL has been granted a patent license
compatible with the OpenSSL license for use of OCB. Details are available
- at https://www.openssl.org/source/OCB-patent-grant-OpenSSL.pdf. Support
+ at <https://www.openssl.org/source/OCB-patent-grant-OpenSSL.pdf>. Support
for OCB can be removed by calling config with no-ocb.
*Matt Caswell*
@@ -3244,16 +3238,16 @@ OpenSSL 1.1.0
*Rich Salz*
* Clean up OPENSSL_NO_xxx #define's
- - Use setbuf() and remove OPENSSL_NO_SETVBUF_IONBF
- - Rename OPENSSL_SYSNAME_xxx to OPENSSL_SYS_xxx
- - OPENSSL_NO_EC{DH,DSA} merged into OPENSSL_NO_EC
- - OPENSSL_NO_RIPEMD160, OPENSSL_NO_RIPEMD merged into OPENSSL_NO_RMD160
- - OPENSSL_NO_FP_API merged into OPENSSL_NO_STDIO
- - Remove OPENSSL_NO_BIO OPENSSL_NO_BUFFER OPENSSL_NO_CHAIN_VERIFY
- OPENSSL_NO_EVP OPENSSL_NO_FIPS_ERR OPENSSL_NO_HASH_COMP
- OPENSSL_NO_LHASH OPENSSL_NO_OBJECT OPENSSL_NO_SPEED OPENSSL_NO_STACK
- OPENSSL_NO_X509 OPENSSL_NO_X509_VERIFY
- - Remove MS_STATIC; it's a relic from platforms <32 bits.
+ - Use setbuf() and remove OPENSSL_NO_SETVBUF_IONBF
+ - Rename OPENSSL_SYSNAME_xxx to OPENSSL_SYS_xxx
+ - OPENSSL_NO_EC{DH,DSA} merged into OPENSSL_NO_EC
+ - OPENSSL_NO_RIPEMD160, OPENSSL_NO_RIPEMD merged into OPENSSL_NO_RMD160
+ - OPENSSL_NO_FP_API merged into OPENSSL_NO_STDIO
+ - Remove OPENSSL_NO_BIO OPENSSL_NO_BUFFER OPENSSL_NO_CHAIN_VERIFY
+ OPENSSL_NO_EVP OPENSSL_NO_FIPS_ERR OPENSSL_NO_HASH_COMP
+ OPENSSL_NO_LHASH OPENSSL_NO_OBJECT OPENSSL_NO_SPEED OPENSSL_NO_STACK
+ OPENSSL_NO_X509 OPENSSL_NO_X509_VERIFY
+ - Remove MS_STATIC; it's a relic from platforms <32 bits.
*Rich Salz*
@@ -3311,7 +3305,7 @@ OpenSSL 1.1.0
* Fix for the attack described in the paper "Recovering OpenSSL
ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
by Yuval Yarom and Naomi Benger. Details can be obtained from:
- http://eprint.iacr.org/2014/140
+ <http://eprint.iacr.org/2014/140>
Thanks to Yuval Yarom and Naomi Benger for discovering this
flaw and to Yuval Yarom for supplying a fix [CVE-2014-0076][]
@@ -3336,7 +3330,6 @@ OpenSSL 1.1.0
WARNING: EXPERIMENTAL, SUBJECT TO CHANGE.
-
*Steve Henson*
* Add EVP support for key wrapping algorithms, to avoid problems with
@@ -3542,7 +3535,7 @@ OpenSSL 1.1.0
*Steve Henson*
* Initial, experimental EVP support for AES-GCM. AAD can be input by
- setting output buffer to NULL. The *Final function must be
+ setting output buffer to NULL. The `*Final` function must be
called although it will not retrieve any additional data. The tag
can be set or retrieved with a ctrl. The IV length is by default 12
bytes (96 bits) but can be set to an alternative value. If the IV
@@ -3634,7 +3627,7 @@ OpenSSL 1.1.0
OpenSSL 1.0.2
-------------
-### Changes between 1.0.2s and 1.0.2t [10 Sep 2019] ###
+### Changes between 1.0.2s and 1.0.2t [10 Sep 2019]
* For built-in EC curves, ensure an EC_GROUP built from the curve name is
used even when parsing explicit parameters, when loading a serialized key
@@ -3680,7 +3673,7 @@ OpenSSL 1.0.2
*Richard Levitte*
-### Changes between 1.0.2r and 1.0.2s [28 May 2019] ###
+### Changes between 1.0.2r and 1.0.2s [28 May 2019]
* Change the default RSA, DSA and DH size to 2048 bit instead of 1024.
This changes the size when using the genpkey app when no size is given. It
@@ -3699,7 +3692,7 @@ OpenSSL 1.0.2
*Matthias St. Pierre*
-### Changes between 1.0.2q and 1.0.2r [26 Feb 2019] ###
+### Changes between 1.0.2q and 1.0.2r [26 Feb 2019]
* 0-byte record padding oracle
@@ -3728,7 +3721,7 @@ OpenSSL 1.0.2
*Richard Levitte*
-### Changes between 1.0.2p and 1.0.2q [20 Nov 2018] ###
+### Changes between 1.0.2p and 1.0.2q [20 Nov 2018]
* Microarchitecture timing vulnerability in ECC scalar multiplication
@@ -3761,7 +3754,7 @@ OpenSSL 1.0.2
*Nicola Tuveri*
-### Changes between 1.0.2o and 1.0.2p [14 Aug 2018] ###
+### Changes between 1.0.2o and 1.0.2p [14 Aug 2018]
* Client DoS due to large DH parameter
@@ -3828,7 +3821,7 @@ OpenSSL 1.0.2
*Emilia Käsper*
-### Changes between 1.0.2n and 1.0.2o [27 Mar 2018] ###
+### Changes between 1.0.2n and 1.0.2o [27 Mar 2018]
* Constructed ASN.1 types with a recursive definition could exceed the stack
@@ -3844,7 +3837,7 @@ OpenSSL 1.0.2
*Matt Caswell*
-### Changes between 1.0.2m and 1.0.2n [7 Dec 2017] ###
+### Changes between 1.0.2m and 1.0.2n [7 Dec 2017]
* Read/write after SSL object in error state
@@ -3891,7 +3884,7 @@ OpenSSL 1.0.2
*Andy Polyakov*
-### Changes between 1.0.2l and 1.0.2m [2 Nov 2017] ###
+### Changes between 1.0.2l and 1.0.2m [2 Nov 2017]
* bn_sqrx8x_internal carry bug on x86_64
@@ -3926,14 +3919,14 @@ OpenSSL 1.0.2
*Rich Salz*
-### Changes between 1.0.2k and 1.0.2l [25 May 2017] ###
+### Changes between 1.0.2k and 1.0.2l [25 May 2017]
* Have 'config' recognise 64-bit mingw and choose 'mingw64' as the target
platform rather than 'mingw'.
*Richard Levitte*
-### Changes between 1.0.2j and 1.0.2k [26 Jan 2017] ###
+### Changes between 1.0.2j and 1.0.2k [26 Jan 2017]
* Truncated packet could crash via OOB read
@@ -3998,7 +3991,7 @@ OpenSSL 1.0.2
*Matt Caswell*
-### Changes between 1.0.2i and 1.0.2j [26 Sep 2016] ###
+### Changes between 1.0.2i and 1.0.2j [26 Sep 2016]
* Missing CRL sanity check
@@ -4011,7 +4004,7 @@ OpenSSL 1.0.2
*Matt Caswell*
-### Changes between 1.0.2h and 1.0.2i [22 Sep 2016] ###
+### Changes between 1.0.2h and 1.0.2i [22 Sep 2016]
* OCSP Status Request extension unbounded memory growth
@@ -4182,7 +4175,7 @@ OpenSSL 1.0.2
*Stephen Henson*
-### Changes between 1.0.2g and 1.0.2h [3 May 2016] ###
+### Changes between 1.0.2g and 1.0.2h [3 May 2016]
* Prevent padding oracle in AES-NI CBC MAC check
@@ -4210,7 +4203,7 @@ OpenSSL 1.0.2
corruption.
Internally to OpenSSL the EVP_EncodeUpdate() function is primarily used by
- the PEM_write_bio* family of functions. These are mainly used within the
+ the `PEM_write_bio*` family of functions. These are mainly used within the
OpenSSL command line applications, so any application which processes data
from an untrusted source and outputs it as a PEM file should be considered
vulnerable to this issue. User applications that call these APIs directly
@@ -4287,7 +4280,7 @@ OpenSSL 1.0.2
*Kurt Roeckx*
-### Changes between 1.0.2f and 1.0.2g [1 Mar 2016] ###
+### Changes between 1.0.2f and 1.0.2g [1 Mar 2016]
* Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
Builds that are not configured with "enable-weak-ssl-ciphers" will not
@@ -4372,10 +4365,10 @@ OpenSSL 1.0.2
*Matt Caswell*
- * Fix memory issues in BIO_*printf functions
+ * Fix memory issues in `BIO_*printf` functions
The internal |fmtstr| function used in processing a "%s" format string in
- the BIO_*printf functions could overflow while calculating the length of a
+ the `BIO_*printf` functions could overflow while calculating the length of a
string and cause an OOB read when printing very long strings.
Additionally the internal |doapr_outch| function can attempt to write to an
@@ -4387,7 +4380,7 @@ OpenSSL 1.0.2
The first issue may mask the second issue dependent on compiler behaviour.
These problems could enable attacks where large amounts of untrusted data
- is passed to the BIO_*printf functions. If applications use these functions
+ is passed to the `BIO_*printf` functions. If applications use these functions
in this way then they could be vulnerable. OpenSSL itself uses these
functions when printing out human-readable dumps of ASN.1 data. Therefore
applications that print this data could be vulnerable if the data is from
@@ -4415,7 +4408,7 @@ OpenSSL 1.0.2
This issue was reported to OpenSSL by Yuval Yarom, The University of
Adelaide and NICTA, Daniel Genkin, Technion and Tel Aviv University, and
Nadia Heninger, University of Pennsylvania with more information at
- http://cachebleed.info.
+ <http://cachebleed.info>.
[CVE-2016-0702][]
*Andy Polyakov*
@@ -4427,7 +4420,8 @@ OpenSSL 1.0.2
*Emilia Käsper*
-### Changes between 1.0.2e and 1.0.2f [28 Jan 2016] ###
+### Changes between 1.0.2e and 1.0.2f [28 Jan 2016]
+
* DH small subgroups
Historically OpenSSL only ever generated DH parameters based on "safe"
@@ -4473,7 +4467,7 @@ OpenSSL 1.0.2
*Viktor Dukhovni*
-### Changes between 1.0.2d and 1.0.2e [3 Dec 2015] ###
+### Changes between 1.0.2d and 1.0.2e [3 Dec 2015]
* BN_mod_exp may produce incorrect results on x86_64
@@ -4536,7 +4530,7 @@ OpenSSL 1.0.2
*Rich Salz and Ismo Puustinen <ismo.puustinen@intel.com>*
-### Changes between 1.0.2c and 1.0.2d [9 Jul 2015] ###
+### Changes between 1.0.2c and 1.0.2d [9 Jul 2015]
* Alternate chains certificate forgery
@@ -4552,7 +4546,7 @@ OpenSSL 1.0.2
*Matt Caswell*
-### Changes between 1.0.2b and 1.0.2c [12 Jun 2015] ###
+### Changes between 1.0.2b and 1.0.2c [12 Jun 2015]
* Fix HMAC ABI incompatibility. The previous version introduced an ABI
incompatibility in the handling of HMAC. The previous ABI has now been
@@ -4560,7 +4554,7 @@ OpenSSL 1.0.2
*Matt Caswell*
-### Changes between 1.0.2a and 1.0.2b [11 Jun 2015] ###
+### Changes between 1.0.2a and 1.0.2b [11 Jun 2015]
* Malformed ECParameters causes infinite loop
@@ -4639,7 +4633,7 @@ OpenSSL 1.0.2
*Emilia Kasper*
-### Changes between 1.0.2 and 1.0.2a [19 Mar 2015] ###
+### Changes between 1.0.2 and 1.0.2a [19 Mar 2015]
* ClientHello sigalgs DoS fix
@@ -4815,7 +4809,7 @@ OpenSSL 1.0.2
*Kurt Roeckx*
-### Changes between 1.0.1l and 1.0.2 [22 Jan 2015] ###
+### Changes between 1.0.1l and 1.0.2 [22 Jan 2015]
* Facilitate "universal" ARM builds targeting range of ARM ISAs, e.g.
ARMv5 through ARMv8, as opposite to "locking" it to single one.
@@ -4966,7 +4960,7 @@ OpenSSL 1.0.2
*Steve Henson*
- * SSL_CONF* functions. These provide a common framework for application
+ * `SSL_CONF*` functions. These provide a common framework for application
configuration using configuration files or command lines.
*Steve Henson*
@@ -5034,7 +5028,6 @@ OpenSSL 1.0.2
Note: if the CERT based stores are not set then the parent SSL_CTX
store is used to retain compatibility with existing behaviour.
-
*Steve Henson*
* New function ssl_set_client_disabled to set a ciphersuite disabled
@@ -5210,11 +5203,10 @@ OpenSSL 1.0.2
X509_CINF_set_modified, X509_CINF_get_issuer, X509_CINF_get_extensions and
X509_CINF_get_signature were reverted post internal team review.
-
OpenSSL 1.0.1
-------------
-### Changes between 1.0.1t and 1.0.1u [22 Sep 2016] ###
+### Changes between 1.0.1t and 1.0.1u [22 Sep 2016]
* OCSP Status Request extension unbounded memory growth
@@ -5385,7 +5377,7 @@ OpenSSL 1.0.1
*Stephen Henson*
-### Changes between 1.0.1s and 1.0.1t [3 May 2016] ###
+### Changes between 1.0.1s and 1.0.1t [3 May 2016]
* Prevent padding oracle in AES-NI CBC MAC check
@@ -5413,7 +5405,7 @@ OpenSSL 1.0.1
corruption.
Internally to OpenSSL the EVP_EncodeUpdate() function is primarly used by
- the PEM_write_bio* family of functions. These are mainly used within the
+ the `PEM_write_bio*` family of functions. These are mainly used within the
OpenSSL command line applications, so any application which processes data
from an untrusted source and outputs it as a PEM file should be considered
vulnerable to this issue. User applications that call these APIs directly
@@ -5490,7 +5482,7 @@ OpenSSL 1.0.1
*Kurt Roeckx*
-### Changes between 1.0.1r and 1.0.1s [1 Mar 2016] ###
+### Changes between 1.0.1r and 1.0.1s [1 Mar 2016]
* Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
Builds that are not configured with "enable-weak-ssl-ciphers" will not
@@ -5575,10 +5567,10 @@ OpenSSL 1.0.1
*Matt Caswell*
- * Fix memory issues in BIO_*printf functions
+ * Fix memory issues in `BIO_*printf` functions
The internal |fmtstr| function used in processing a "%s" format string in
- the BIO_*printf functions could overflow while calculating the length of a
+ the `BIO_*printf` functions could overflow while calculating the length of a
string and cause an OOB read when printing very long strings.
Additionally the internal |doapr_outch| function can attempt to write to an
@@ -5590,7 +5582,7 @@ OpenSSL 1.0.1
The first issue may mask the second issue dependent on compiler behaviour.
These problems could enable attacks where large amounts of untrusted data
- is passed to the BIO_*printf functions. If applications use these functions
+ is passed to the `BIO_*printf` functions. If applications use these functions
in this way then they could be vulnerable. OpenSSL itself uses these
functions when printing out human-readable dumps of ASN.1 data. Therefore
applications that print this data could be vulnerable if the data is from
@@ -5618,7 +5610,7 @@ OpenSSL 1.0.1
This issue was reported to OpenSSL by Yuval Yarom, The University of
Adelaide and NICTA, Daniel Genkin, Technion and Tel Aviv University, and
Nadia Heninger, University of Pennsylvania with more information at
- http://cachebleed.info.
+ <http://cachebleed.info>.
[CVE-2016-0702][]
*Andy Polyakov*
@@ -5630,7 +5622,7 @@ OpenSSL 1.0.1
*Emilia Käsper*
-### Changes between 1.0.1q and 1.0.1r [28 Jan 2016] ###
+### Changes between 1.0.1q and 1.0.1r [28 Jan 2016]
* Protection for DH small subgroup attacks
@@ -5657,7 +5649,7 @@ OpenSSL 1.0.1
*Kurt Roeckx*
-### Changes between 1.0.1p and 1.0.1q [3 Dec 2015] ###
+### Changes between 1.0.1p and 1.0.1q [3 Dec 2015]
* Certificate verify crash with missing PSS parameter
@@ -5700,7 +5692,7 @@ OpenSSL 1.0.1
*Rich Salz and Ismo Puustinen <ismo.puustinen@intel.com>*
-### Changes between 1.0.1o and 1.0.1p [9 Jul 2015] ###
+### Changes between 1.0.1o and 1.0.1p [9 Jul 2015]
* Alternate chains certificate forgery
@@ -5727,12 +5719,13 @@ OpenSSL 1.0.1
*Stephen Henson*
-### Changes between 1.0.1n and 1.0.1o [12 Jun 2015] ###
+### Changes between 1.0.1n and 1.0.1o [12 Jun 2015]
+
* Fix HMAC ABI incompatibility. The previous version introduced an ABI
incompatibility in the handling of HMAC. The previous ABI has now been
restored.
-### Changes between 1.0.1m and 1.0.1n [11 Jun 2015] ###
+### Changes between 1.0.1m and 1.0.1n [11 Jun 2015]
* Malformed ECParameters causes infinite loop
@@ -5813,7 +5806,7 @@ OpenSSL 1.0.1
*Kurt Roeckx and Emilia Kasper*
-### Changes between 1.0.1l and 1.0.1m [19 Mar 2015] ###
+### Changes between 1.0.1l and 1.0.1m [19 Mar 2015]
* Segmentation fault in ASN1_TYPE_cmp fix
@@ -5897,13 +5890,13 @@ OpenSSL 1.0.1
*Kurt Roeckx*
-### Changes between 1.0.1k and 1.0.1l [15 Jan 2015] ###
+### Changes between 1.0.1k and 1.0.1l [15 Jan 2015]
* Build fixes for the Windows and OpenVMS platforms
*Matt Caswell and Richard Levitte*
-### Changes between 1.0.1j and 1.0.1k [8 Jan 2015] ###
+### Changes between 1.0.1j and 1.0.1k [8 Jan 2015]
* Fix DTLS segmentation fault in dtls1_get_record. A carefully crafted DTLS
message can cause a segmentation fault in OpenSSL due to a NULL pointer
@@ -6045,7 +6038,7 @@ OpenSSL 1.0.1
*Emilia Käsper*
-### Changes between 1.0.1i and 1.0.1j [15 Oct 2014] ###
+### Changes between 1.0.1i and 1.0.1j [15 Oct 2014]
* SRTP Memory Leak.
@@ -6098,10 +6091,9 @@ OpenSSL 1.0.1
Note: this is a precautionary measure and no attacks are currently known.
-
*Steve Henson*
-### Changes between 1.0.1h and 1.0.1i [6 Aug 2014] ###
+### Changes between 1.0.1h and 1.0.1i [6 Aug 2014]
* Fix SRP buffer overrun vulnerability. Invalid parameters passed to the
SRP code can be overrun an internal buffer. Add sanity check that
@@ -6197,7 +6189,7 @@ OpenSSL 1.0.1
*Bodo Moeller*
-### Changes between 1.0.1g and 1.0.1h [5 Jun 2014] ###
+### Changes between 1.0.1g and 1.0.1h [5 Jun 2014]
* Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted
handshake can force the use of weak keying material in OpenSSL
@@ -6248,7 +6240,7 @@ OpenSSL 1.0.1
*mancha <mancha1@zoho.com>*
-### Changes between 1.0.1f and 1.0.1g [7 Apr 2014] ###
+### Changes between 1.0.1f and 1.0.1g [7 Apr 2014]
* A missing bounds check in the handling of the TLS heartbeat extension
can be used to reveal up to 64k of memory to a connected client or
@@ -6263,7 +6255,7 @@ OpenSSL 1.0.1
* Fix for the attack described in the paper "Recovering OpenSSL
ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
by Yuval Yarom and Naomi Benger. Details can be obtained from:
- http://eprint.iacr.org/2014/140
+ <http://eprint.iacr.org/2014/140>
Thanks to Yuval Yarom and Naomi Benger for discovering this
flaw and to Yuval Yarom for supplying a fix [CVE-2014-0076][]
@@ -6277,10 +6269,9 @@ OpenSSL 1.0.1
less that 512 pad with a dummy extension containing zeroes so it
is at least 512 bytes long.
-
*Adam Langley, Steve Henson*
-### Changes between 1.0.1e and 1.0.1f [6 Jan 2014] ###
+### Changes between 1.0.1e and 1.0.1f [6 Jan 2014]
* Fix for TLS record tampering bug. A carefully crafted invalid
handshake could crash OpenSSL with a NULL pointer exception.
@@ -6302,20 +6293,20 @@ OpenSSL 1.0.1
*Rob Stradling, Adam Langley*
-### Changes between 1.0.1d and 1.0.1e [11 Feb 2013] ###
+### Changes between 1.0.1d and 1.0.1e [11 Feb 2013]
* Correct fix for CVE-2013-0169. The original didn't work on AES-NI
supporting platforms or when small records were transferred.
*Andy Polyakov, Steve Henson*
-### Changes between 1.0.1c and 1.0.1d [5 Feb 2013] ###
+### Changes between 1.0.1c and 1.0.1d [5 Feb 2013]
* Make the decoding of SSLv3, TLS and DTLS CBC records constant time.
This addresses the flaw in CBC record processing discovered by
Nadhem Alfardan and Kenny Paterson. Details of this attack can be found
- at: http://www.isg.rhul.ac.uk/tls/
+ at: <http://www.isg.rhul.ac.uk/tls/>
Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
Security Group at Royal Holloway, University of London
@@ -6346,7 +6337,7 @@ OpenSSL 1.0.1
* Call OCSP Stapling callback after ciphersuite has been chosen, so
the right response is stapled. Also change SSL_get_certificate()
so it returns the certificate actually sent.
- See http://rt.openssl.org/Ticket/Display.html?id=2836.
+ See <http://rt.openssl.org/Ticket/Display.html?id=2836>.
*Rob Stradling <rob.stradling@comodo.com>*
@@ -6359,7 +6350,7 @@ OpenSSL 1.0.1
*Steve Henson*
-### Changes between 1.0.1b and 1.0.1c [10 May 2012] ###
+### Changes between 1.0.1b and 1.0.1c [10 May 2012]
* Sanity check record length before skipping explicit IV in TLS