2014-10-15 05:25:16 +02:00
|
|
|
Because this project is maintained both in the OpenBSD tree using CVS and in
|
|
|
|
Git, it can be confusing following all of the changes.
|
|
|
|
|
|
|
|
Most of the libssl and libcrypto source code is is here in OpenBSD CVS:
|
|
|
|
|
|
|
|
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libssl/
|
|
|
|
|
|
|
|
Some of the libcrypto and OS-compatibility files for entropy and random number
|
|
|
|
generation are here:
|
|
|
|
|
|
|
|
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libcrypto/
|
|
|
|
|
2015-03-03 04:12:47 +01:00
|
|
|
A simplified TLS wrapper library is here:
|
2014-10-15 05:25:16 +02:00
|
|
|
|
2014-12-09 01:34:06 +01:00
|
|
|
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libtls/
|
2014-10-15 05:25:16 +02:00
|
|
|
|
|
|
|
The LibreSSL Portable project copies these portions of the OpenBSD tree, along
|
|
|
|
with relevant portions of the C library, to a Git repository. This makes it
|
|
|
|
easier to follow all of the relevant changes to the upstream project in a
|
|
|
|
single place:
|
|
|
|
|
2015-03-03 04:12:47 +01:00
|
|
|
https://github.com/libressl-portable/openbsd
|
2014-10-15 05:25:16 +02:00
|
|
|
|
|
|
|
The portable bits of the project are largely maintained out-of-tree, and their
|
|
|
|
history is also available from Git.
|
|
|
|
|
2015-03-03 04:12:47 +01:00
|
|
|
https://github.com/libressl-portable/portable
|
2014-10-15 05:25:16 +02:00
|
|
|
|
|
|
|
LibreSSL Portable Release Notes:
|
|
|
|
|
2015-09-12 01:18:46 +02:00
|
|
|
2.3.0 - SSLv3 removed, libtls API changes, portability improvements
|
|
|
|
e
|
|
|
|
* SSLv3 is now permanently removed from the tree.
|
|
|
|
|
|
|
|
* The libtls API is changed from the 2.2.x series.
|
|
|
|
|
|
|
|
The read/writte functions work correctly with external event
|
|
|
|
libraries. See the tls_init man page for examples of using libtls
|
|
|
|
correctly in asynchronous mode.
|
|
|
|
|
|
|
|
Client-side verification is now supported, with the client supplying
|
|
|
|
the certificate to the server.
|
|
|
|
|
|
|
|
Also, when using tls_connect_fds, tls_connect_socket or
|
|
|
|
tls_accept_fds, libtls no longer implicitly closes the passed in
|
|
|
|
sockets. The caller is responsible for closing them in this case.
|
|
|
|
|
|
|
|
* When loading a DSA key from an raw (without DH parameters) ASN.1
|
|
|
|
serialization, perform some consistency checks on its `p' and `q'
|
|
|
|
values, and return an error if the checks failed.
|
|
|
|
|
|
|
|
Thanks for Georgi Guninski (guninski at guninski dot com) for
|
|
|
|
mentioning the possibility of a weak (non prime) q value and
|
|
|
|
providing a test case.
|
|
|
|
|
|
|
|
See
|
|
|
|
https://cpunks.org/pipermail/cypherpunks/2015-September/009007.html
|
|
|
|
for a longer discussion.
|
|
|
|
|
|
|
|
* Removed support for DTLS_BAD_VER. Pre-DTLSv1 implementations are no
|
|
|
|
longer supported.
|
|
|
|
|
|
|
|
* The engine command and parameters are removed from the openssl(1).
|
|
|
|
Previous releases removed dynamic and builtin engine support
|
|
|
|
already.
|
|
|
|
|
|
|
|
* The out_len argument of AEAD changed from ssize_t to size_t.
|
|
|
|
|
2015-08-28 20:42:01 +02:00
|
|
|
2.2.3 - Bug fixes, build enhancements
|
|
|
|
|
|
|
|
* LibreSSL 2.2.2 incorrectly handles ClientHello messages that do not
|
|
|
|
include TLS extensions, resulting in such handshakes being aborted.
|
|
|
|
This release corrects the handling of such messages. Thanks to
|
|
|
|
Ligushka from github for reporting the issue.
|
|
|
|
|
|
|
|
* Added install target for cmake builds. Thanks to TheNietsnie from
|
|
|
|
github.
|
|
|
|
|
|
|
|
* Updated pkgconfig files to correctly report the release version
|
|
|
|
number, not the individual library ABI version numbers. Thanks to
|
|
|
|
Jan Engelhardt for reporting the issue.
|
|
|
|
|
2015-08-03 06:42:48 +02:00
|
|
|
2.2.2 - More TLS parser rework, bug fixes, expanded portable build support
|
|
|
|
|
|
|
|
* Switched 'openssl dhparam' default from 512 to 2048 bits
|
|
|
|
|
|
|
|
* Reworked openssl(1) option handling
|
|
|
|
|
|
|
|
* More CRYPTO ByteString (CBC) packet parsing conversions
|
|
|
|
|
|
|
|
* Fixed 'openssl pkeyutl -verify' to exit with a 0 on success
|
|
|
|
|
|
|
|
* Fixed dozens of Coverity issues including dead code, memory leaks,
|
|
|
|
logic errors and more.
|
|
|
|
|
|
|
|
* Ensure that openssl(1) restores terminal echo state after reading a
|
|
|
|
password.
|
|
|
|
|
|
|
|
* Incorporated fix for OpenSSL Issue #3683
|
|
|
|
|
|
|
|
* LibreSSL version define LIBRESSL_VERSION_NUMBER will now be bumped
|
|
|
|
for each portable release.
|
|
|
|
|
|
|
|
* Removed workarounds for TLS client padding bugs.
|
|
|
|
|
|
|
|
* No longer disable ECDHE-ECDSA on OS X
|
|
|
|
|
|
|
|
* Removed SSLv3 support from openssl(1)
|
|
|
|
|
|
|
|
* Removed IE 6 SSLv3 workarounds.
|
|
|
|
|
2015-08-03 12:23:54 +02:00
|
|
|
* Modified tls_write in libtls to allow partial writes, clarified with
|
2015-08-03 06:42:48 +02:00
|
|
|
examples in the documentation.
|
|
|
|
|
|
|
|
* Removed RSAX engine
|
|
|
|
|
|
|
|
* Tested SSLv3 removal with the OpenBSD ports tree and found several
|
|
|
|
applications that were not ready to build without SSLv3 yet. For
|
|
|
|
now, building a program that intentionally uses SSLv3 will result in
|
|
|
|
a linker warning.
|
|
|
|
|
|
|
|
* Added TLS_method, TLS_client_method and TLS_server_method as a
|
|
|
|
replacement for the SSLv23_*method calls.
|
|
|
|
|
|
|
|
* Added initial cmake build support, including support for building with
|
|
|
|
Visual Studio, currently tested with Visual Studio 2013 Community
|
|
|
|
Edition.
|
2015-03-19 06:50:36 +01:00
|
|
|
|
2015-08-03 12:23:54 +02:00
|
|
|
* --with-enginesdir is removed as a configuration parameter
|
|
|
|
|
|
|
|
* Default cert.pem, openssl.cnf, and x509v3.cnf files are now
|
|
|
|
installed under $sysconfdir/ssl or the directory specified by
|
|
|
|
--with-openssldir. Previous versions of LibreSSL left these empty.
|
|
|
|
|
2015-07-01 10:19:21 +02:00
|
|
|
2.2.1 - Build fixes, feature added, features removed
|
|
|
|
|
|
|
|
* Assorted build fixes for musl, HP-UX, Mingw, Solaris.
|
|
|
|
|
2015-07-09 17:50:53 +02:00
|
|
|
* Initial support for Windows Embedded 2009, Server 2003, XP
|
2015-07-03 00:49:51 +02:00
|
|
|
|
2015-07-01 10:19:21 +02:00
|
|
|
* Protocol parsing conversions to BoringSSL's CRYPTO ByteString (CBS) API
|
|
|
|
|
|
|
|
* Added EC_curve_nid2nist and EC_curve_nist2nid from OpenSSL
|
|
|
|
|
|
|
|
* Removed Dynamic Engine support
|
|
|
|
|
|
|
|
* Removed unused and obsolete MDC-2DES cipher
|
|
|
|
|
|
|
|
* Removed workarounds for obsolete SSL implementations
|
|
|
|
|
2015-06-11 16:02:54 +02:00
|
|
|
2.2.0 - Build cleanups and new OS support, Security Updates
|
2015-06-05 12:56:18 +02:00
|
|
|
|
|
|
|
* AIX Support - thanks to Michael Felt
|
|
|
|
|
|
|
|
* Cygwin Support - thanks to Corinna Vinschen
|
|
|
|
|
|
|
|
* Refactored build macros, support packaging libtls independently.
|
|
|
|
There are more pieces required to support building and using OpenSSL
|
|
|
|
with libtls, but this is an initial start at providing an
|
|
|
|
independent package for people to start hacking on.
|
|
|
|
|
|
|
|
* Removal of OPENSSL_issetugid and all library getenv calls.
|
|
|
|
Applications can and should no longer rely on environment variables
|
|
|
|
for changing library behavior. OPENSSL_CONF/SSLEAY_CONF is still
|
|
|
|
supported with the openssl(1) command.
|
|
|
|
|
|
|
|
* libtls API and documentation additions
|
|
|
|
|
|
|
|
* Various bug fixes and simplifications to libssl and libcrypto
|
|
|
|
|
2015-06-11 16:02:54 +02:00
|
|
|
* Fixes for the following issues are integrated into LibreSSL 2.2.0:
|
|
|
|
- CVE-2015-1788 - Malformed ECParameters causes infinite loop
|
|
|
|
- CVE-2015-1789 - Exploitable out-of-bounds read in X509_cmp_time
|
|
|
|
- CVE-2015-1792 - CMS verify infinite loop with unknown hash function
|
|
|
|
|
|
|
|
* The following CVEs did not apply to LibreSSL or were fixed in
|
|
|
|
earlier releases:
|
|
|
|
- CVE-2015-4000 - DHE man-in-the-middle protection (Logjam)
|
|
|
|
- CVE-2015-1790 - PKCS7 crash with missing EnvelopedContent
|
|
|
|
- CVE-2014-8176 - Invalid free in DTLS
|
|
|
|
|
|
|
|
* Fixes for the following CVEs are still in review for LibreSSL
|
|
|
|
- CVE-2015-1791 - Race condition handling NewSessionTicket
|
|
|
|
|
2015-03-19 06:50:36 +01:00
|
|
|
2.1.6 - Security update
|
|
|
|
|
|
|
|
* Fixes for the following issues are integrated into LibreSSL 2.1.6:
|
|
|
|
- CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error
|
|
|
|
- CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp
|
|
|
|
- CVE-2015-0287 - ASN.1 structure reuse memory corruption
|
|
|
|
- CVE-2015-0288 - X509_to_X509_REQ NULL pointer deref
|
|
|
|
- CVE-2015-0289 - PKCS7 NULL pointer dereferences
|
|
|
|
|
|
|
|
* The fix for CVE-2015-0207 - Segmentation fault in DTLSv1_listen
|
|
|
|
is integrated for safety, but LibreSSL is not vulnerable.
|
|
|
|
|
|
|
|
* Libtls is now built by default. The --enable-libtls
|
|
|
|
configuration option is no longer required.
|
|
|
|
The libtls API is now stable for the 2.1.x series.
|
|
|
|
|
2015-03-09 00:38:34 +01:00
|
|
|
2.1.5 - Bug fixes and a security update
|
|
|
|
* Fix incorrect comparison function in openssl(1) certhash command.
|
2015-03-09 13:22:18 +01:00
|
|
|
Thanks to Christian Neukirchen / Void Linux.
|
2015-03-09 00:38:34 +01:00
|
|
|
|
|
|
|
* Windows port improvements and bug fixes.
|
2015-03-09 13:22:18 +01:00
|
|
|
- Removed a dependency on libgcc in 32-bit dynamic libraries.
|
|
|
|
- Correct a hang in openssl(1) reading from stdin on an connection.
|
|
|
|
- Initialize winsock in openssl(1) earlier, allow 'openssl ocsp' and
|
|
|
|
any other network-related commands to function properly.
|
2015-03-09 00:38:34 +01:00
|
|
|
|
2015-03-09 13:22:18 +01:00
|
|
|
* Reject all server DH keys smaller than 1024 bits.
|
2015-03-09 00:38:34 +01:00
|
|
|
|
2015-02-23 01:06:46 +01:00
|
|
|
2.1.4 - Security and feature updates
|
|
|
|
* Improvements to libtls:
|
2015-03-03 03:47:26 +01:00
|
|
|
- a new API for loading CA chains directly from memory instead of a
|
2015-02-23 01:06:46 +01:00
|
|
|
file, allowing verification with privilege separation in a chroot
|
|
|
|
without direct access to CA certificate files.
|
|
|
|
|
2015-03-03 03:47:26 +01:00
|
|
|
- Ciphers default to TLSv1.2 with AEAD and PFS.
|
2015-02-23 01:06:46 +01:00
|
|
|
|
2015-03-03 03:47:26 +01:00
|
|
|
- Improved error handling and message generation
|
2015-02-23 01:06:46 +01:00
|
|
|
|
2015-03-03 03:47:26 +01:00
|
|
|
- New APIs and improved documentation
|
2015-02-23 01:06:46 +01:00
|
|
|
|
|
|
|
* Added X509_STORE_load_mem API for loading certificates from memory.
|
|
|
|
This facilitates accessing certificates from a chrooted environment.
|
|
|
|
|
|
|
|
* New AEAD "MAC alias" allows configuring TLSv1.2 AEAD ciphers by
|
|
|
|
using 'TLSv1.2+AEAD' as the cipher selection string.
|
|
|
|
|
|
|
|
* Dead and disabled code removal including MD5, Netscape workarounds,
|
|
|
|
non-POSIX IO, SCTP, RFC 3779 support, many #if 0 sections, and more.
|
|
|
|
|
|
|
|
* ASN1 macro maze expanded to aid reading and searching the code.
|
|
|
|
|
|
|
|
* NULL pointer asserts removed in favor of letting the OS/signal
|
|
|
|
handler catch them.
|
|
|
|
|
|
|
|
* Refactored argument handling in openssl(1) for consistency and
|
|
|
|
maintainability.
|
|
|
|
|
|
|
|
* New openssl(1) command 'certhash' replaces the c_rehash script.
|
|
|
|
|
|
|
|
* Support for building with OPENSSL_NO_DEPRECATED
|
|
|
|
|
|
|
|
* Server-side support for TLS_FALLBACK_SCSV for compatibility with
|
|
|
|
various auditor and vulnerability scanners.
|
|
|
|
|
2015-03-03 03:47:26 +01:00
|
|
|
* Dozens of issues found with the Coverity scanner fixed.
|
|
|
|
|
|
|
|
* Security Updates:
|
|
|
|
|
|
|
|
- Fix a minor information leak that was introduced in t1_lib.c
|
|
|
|
r1.71, whereby an additional 28 bytes of .rodata (or .data) is
|
|
|
|
provided to the network. In most cases this is a non-issue since
|
|
|
|
the memory content is already public. Issue found and reported by
|
|
|
|
Felix Groebert of the Google Security Team.
|
|
|
|
|
|
|
|
- Fixes for the following low-severity issues were integrated into
|
|
|
|
LibreSSL from OpenSSL 1.0.1k:
|
|
|
|
|
|
|
|
CVE-2015-0205 - DH client certificates accepted without
|
|
|
|
verification
|
|
|
|
CVE-2014-3570 - Bignum squaring may produce incorrect results
|
|
|
|
CVE-2014-8275 - Certificate fingerprints can be modified
|
|
|
|
CVE-2014-3572 - ECDHE silently downgrades to ECDH [Client]
|
|
|
|
Reported by Karthikeyan Bhargavan of the PROSECCO team at INRIA.
|
|
|
|
|
|
|
|
The following CVEs were fixed in earlier LibreSSL releases:
|
|
|
|
CVE-2015-0206 - Memory leak handling repeated DLTS records
|
|
|
|
CVE-2014-3510 - Flaw handling DTLS anonymous EC(DH) ciphersuites.
|
|
|
|
|
|
|
|
The following CVEs did not apply to LibreSSL:
|
|
|
|
CVE-2014-3571 - DTLS segmentation fault in dtls1_get_record
|
|
|
|
CVE-2014-3569 - no-ssl3 configuration sets method to NULL
|
|
|
|
CVE-2015-0204 - RSA silently downgrades to EXPORT_RSA
|
|
|
|
|
2015-01-21 15:04:11 +01:00
|
|
|
2.1.3 - Security update and OS support improvements
|
|
|
|
* Fixed various memory leaks in DTLS, including fixes for
|
|
|
|
CVE-2015-0206.
|
|
|
|
|
|
|
|
* Added Application-Layer Protocol Negotiation (ALPN) support.
|
|
|
|
|
|
|
|
* Removed GOST R 34.10-94 signature authentication.
|
|
|
|
|
|
|
|
* Removed nonfunctional Netscape browser-hang workaround code.
|
|
|
|
|
|
|
|
* Simplfied and refactored SSL/DTLS handshake code.
|
|
|
|
|
|
|
|
* Added SHA256 Camellia cipher suites for TLS 1.2 from RFC 5932.
|
|
|
|
|
|
|
|
* Hide timing info about padding errors during handshakes.
|
|
|
|
|
|
|
|
* Improved libtls support for non-blocking sockets, added randomized
|
|
|
|
session ID contexts. Work is ongoing with this library - feedback
|
|
|
|
and potential use-cases are welcome.
|
|
|
|
|
|
|
|
* Support building Windows DLLs.
|
|
|
|
Thanks to Jan Engelhard.
|
|
|
|
|
|
|
|
* Packaged config wrapper for better compatibility with OpenSSL-based
|
|
|
|
build systems.
|
|
|
|
Thanks to @technion from github
|
|
|
|
|
|
|
|
* Ensure the stack is marked non-executable for assembly sections.
|
|
|
|
Thanks to Anthony G. Bastile.
|
|
|
|
|
|
|
|
* Enable extra compiler hardening flags by default, where applicable.
|
|
|
|
The default set of hardening features can vary by OS to OS, so
|
|
|
|
feedback is welcome on this. To disable the default hardening flags,
|
|
|
|
specify '--disable-hardening' during configure.
|
|
|
|
Thanks to Jim Barlow
|
|
|
|
|
|
|
|
* Initial HP-UX support, tested with HP-UX 11.31 ia64
|
|
|
|
Thanks to Kinichiro Inoguchi
|
|
|
|
|
|
|
|
* Initial NetBSD support, tested with NetBSD 6.1.5 x86_64
|
|
|
|
Imported from OpenNTPD, thanks to @gitisihara from github
|
|
|
|
|
2014-12-08 02:09:24 +01:00
|
|
|
2.1.2 - Many new features and improvements
|
2014-12-04 06:11:08 +01:00
|
|
|
* Added reworked GOST cipher suite support
|
|
|
|
thanks to Dmitry Eremin-Solenikov
|
2014-12-08 02:09:24 +01:00
|
|
|
|
2014-12-04 06:11:08 +01:00
|
|
|
* Enabled Camellia ciphers due to improved patent situation
|
2014-12-08 02:09:24 +01:00
|
|
|
|
2014-12-04 06:11:08 +01:00
|
|
|
* Use builtin arc4random implementation on OS X and FreeBSD
|
2014-12-08 02:09:24 +01:00
|
|
|
this addresses some deficiencies in the native implementations of
|
|
|
|
these operating systems, see commit logs for more information
|
|
|
|
|
|
|
|
* Added initial Windows mingw-w64 support (32 and 64-bit)
|
|
|
|
thanks to Song Dongsheng and others for code and feedback
|
|
|
|
|
|
|
|
* Enabled assembly optimizations on x86_64 CPUs
|
|
|
|
supports Linux, *BSD, Solaris and OS X operating systems
|
|
|
|
thanks to Wouter Clarie for the initial implementation
|
|
|
|
|
2014-12-04 06:11:08 +01:00
|
|
|
* Added no_ssl3/no_tls1_1/no_tls1_2 options to openssl(1)
|
|
|
|
|
2014-12-08 02:09:24 +01:00
|
|
|
* Improved build infrastructure, 'make distcheck' now passes
|
|
|
|
this simplifies and speeds developer efficiency
|
|
|
|
thanks to Dmitry Eremin-Solenikov and Wouter Clarie
|
|
|
|
|
|
|
|
* Allow conditional building of the libtls library
|
|
|
|
expect the API and ABI of the library to change
|
|
|
|
feedback is welcome
|
|
|
|
|
|
|
|
* Fixes for more memory leaks, cleanups, etc.
|
|
|
|
|
|
|
|
2.1.1 - Security update
|
2014-10-16 05:28:34 +02:00
|
|
|
* Address POODLE attack by disabling SSLv3 by default
|
2014-12-08 02:09:24 +01:00
|
|
|
|
2014-10-16 05:28:34 +02:00
|
|
|
* Fix Eliptical Curve cipher selection bug
|
|
|
|
(https://github.com/libressl-portable/portable/issues/35)
|
|
|
|
|
2014-10-15 05:25:16 +02:00
|
|
|
2.1.0 - First release from the OpenBSD 5.7 tree
|
|
|
|
* Added support for automatic ephemeral EC keys
|
2014-12-08 02:09:24 +01:00
|
|
|
|
2014-10-15 05:25:16 +02:00
|
|
|
* Fixes for many memory leaks and overflows in error handlers
|
2014-12-08 02:09:24 +01:00
|
|
|
|
2014-10-15 05:25:16 +02:00
|
|
|
* The TLS padding extension (that works around bugs in F5 terminators) is
|
|
|
|
off by default
|
2014-12-08 02:09:24 +01:00
|
|
|
|
2014-10-15 05:25:16 +02:00
|
|
|
* support for getrandom(2) on Linux 3.17
|
2014-12-08 02:09:24 +01:00
|
|
|
|
2014-10-15 05:25:16 +02:00
|
|
|
* the NO_ASM macro is no longer being set, providing the first bits toward
|
|
|
|
enabling other assembly offloads.
|
|
|
|
|
|
|
|
2.0.5 - Fixes for CVEs from OpenSSL 1.0.1i
|
|
|
|
* CVE-2014-3506
|
|
|
|
* CVE-2014-3507
|
|
|
|
* CVE-2014-3508 (partially vulnerable)he
|
|
|
|
* CVE-2014-3509
|
|
|
|
* CVE-2014-3510
|
|
|
|
* CVE-2014-3511
|
|
|
|
* Synced LibreSSL Portable with the release version of OpenBSD 5.6
|
|
|
|
|
|
|
|
2.0.4 - Portability fixes, deleted unused SRP code
|
|
|
|
|
|
|
|
2.0.3 - Portability fixes, improvements to fork detection
|
|
|
|
|
|
|
|
2.0.2 - Address arc4random fork PID wraparound issues with pthread_atfork
|
|
|
|
|
|
|
|
2.0.1 - Portability fixes:
|
|
|
|
* Removed -Werror and and other non-portable compiler flags
|
2014-12-08 02:09:24 +01:00
|
|
|
|
2014-10-15 05:25:16 +02:00
|
|
|
* Allow setting OPENSSLDIR and ENGINSDIR
|
|
|
|
|
|
|
|
2.0.0 - First release from the OpenBSD 5.6 tree
|
|
|
|
* Removal of many obsolete features and coding conventions from the OpenSSL
|
|
|
|
1.0.1h source
|