Sync CHANGES and NEWS files.
This commit is contained in:
parent
8f89c33451
commit
1b9a59c36a
200
CHANGES
200
CHANGES
@ -2,7 +2,7 @@
|
||||
OpenSSL CHANGES
|
||||
_______________
|
||||
|
||||
Changes between 1.0.1 and 1.0.2 [xx XXX xxxx]
|
||||
Changes between 1.0.1e and 1.0.2 [xx XXX xxxx]
|
||||
|
||||
*) New functions OPENSSL_gmtime_diff and ASN1_TIME_diff to find the
|
||||
difference in days and seconds between two tm or ASN1_TIME structures.
|
||||
@ -58,7 +58,7 @@
|
||||
[Steve Henson]
|
||||
|
||||
*) New ctrl and macro to retrieve supported points extensions.
|
||||
Print out extension in s_server.
|
||||
Print out extension in s_server and s_client.
|
||||
[Steve Henson]
|
||||
|
||||
*) New functions to retrieve certificate signature and signature
|
||||
@ -189,16 +189,10 @@
|
||||
platform support for Linux and Android.
|
||||
[Andy Polyakov]
|
||||
|
||||
*) Call OCSP Stapling callback after ciphersuite has been chosen, so
|
||||
the right response is stapled. Also change current certificate to
|
||||
the certificate actually sent.
|
||||
See http://rt.openssl.org/Ticket/Display.html?id=2836.
|
||||
[Rob Stradling <rob.stradling@comodo.com>]
|
||||
|
||||
*) Support for linux-x32, ILP32 environment in x86_64 framework.
|
||||
[Andy Polyakov]
|
||||
|
||||
*) RFC 5878 support.
|
||||
*) RFC 5878 (TLS Authorization Extensions) support.
|
||||
[Emilia Kasper, Adam Langley, Ben Laurie (Google)]
|
||||
|
||||
*) Experimental multi-implementation support for FIPS capable OpenSSL.
|
||||
@ -256,11 +250,48 @@
|
||||
certificates.
|
||||
[Steve Henson]
|
||||
|
||||
Changes between 1.0.1c and 1.0.1d [xx XXX xxxx]
|
||||
Changes between 1.0.1d and 1.0.1e [11 Feb 2013]
|
||||
|
||||
*) Correct fix for CVE-2013-0169. The original didn't work on AES-NI
|
||||
supporting platforms or when small records were transferred.
|
||||
[Andy Polyakov, Steve Henson]
|
||||
|
||||
Changes between 1.0.1c and 1.0.1d [5 Feb 2013]
|
||||
|
||||
*) Make the decoding of SSLv3, TLS and DTLS CBC records constant time.
|
||||
|
||||
This addresses the flaw in CBC record processing discovered by
|
||||
Nadhem Alfardan and Kenny Paterson. Details of this attack can be found
|
||||
at: http://www.isg.rhul.ac.uk/tls/
|
||||
|
||||
Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
|
||||
Security Group at Royal Holloway, University of London
|
||||
(www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and
|
||||
Emilia Käsper for the initial patch.
|
||||
(CVE-2013-0169)
|
||||
[Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]
|
||||
|
||||
*) Fix flaw in AESNI handling of TLS 1.2 and 1.1 records for CBC mode
|
||||
ciphersuites which can be exploited in a denial of service attack.
|
||||
Thanks go to and to Adam Langley <agl@chromium.org> for discovering
|
||||
and detecting this bug and to Wolfgang Ettlinger
|
||||
<wolfgang.ettlinger@gmail.com> for independently discovering this issue.
|
||||
(CVE-2012-2686)
|
||||
[Adam Langley]
|
||||
|
||||
*) Return an error when checking OCSP signatures when key is NULL.
|
||||
This fixes a DoS attack. (CVE-2013-0166)
|
||||
[Steve Henson]
|
||||
|
||||
*) Make openssl verify return errors.
|
||||
[Chris Palmer <palmer@google.com> and Ben Laurie]
|
||||
|
||||
*) Call OCSP Stapling callback after ciphersuite has been chosen, so
|
||||
the right response is stapled. Also change SSL_get_certificate()
|
||||
so it returns the certificate actually sent.
|
||||
See http://rt.openssl.org/Ticket/Display.html?id=2836.
|
||||
[Rob Stradling <rob.stradling@comodo.com>]
|
||||
|
||||
*) Fix possible deadlock when decoding public keys.
|
||||
[Steve Henson]
|
||||
|
||||
@ -271,7 +302,7 @@
|
||||
Changes between 1.0.1b and 1.0.1c [10 May 2012]
|
||||
|
||||
*) Sanity check record length before skipping explicit IV in TLS
|
||||
1.2, 1.1 and DTLS to avoid DoS attack.
|
||||
1.2, 1.1 and DTLS to fix DoS attack.
|
||||
|
||||
Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
|
||||
fuzzing as a service testing platform.
|
||||
@ -324,17 +355,17 @@
|
||||
[Adam Langley]
|
||||
|
||||
*) Workarounds for some broken servers that "hang" if a client hello
|
||||
record length exceeds 255 bytes:
|
||||
|
||||
record length exceeds 255 bytes.
|
||||
|
||||
1. Do not use record version number > TLS 1.0 in initial client
|
||||
hello: some (but not all) hanging servers will now work.
|
||||
2. If we set OPENSSL_MAX_TLS1_2_CIPHER_LENGTH this will truncate
|
||||
the number of ciphers sent in the client hello. This should be
|
||||
the number of ciphers sent in the client hello. This should be
|
||||
set to an even number, such as 50, for example by passing:
|
||||
-DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 to config or Configure.
|
||||
Most broken servers should now work.
|
||||
3. If all else fails setting OPENSSL_NO_TLS1_2_CLIENT will disable
|
||||
TLS 1.2 client support entirely.
|
||||
TLS 1.2 client support entirely.
|
||||
[Steve Henson]
|
||||
|
||||
*) Fix SEGV in Vector Permutation AES module observed in OpenSSH.
|
||||
@ -623,6 +654,63 @@
|
||||
Add command line options to s_client/s_server.
|
||||
[Steve Henson]
|
||||
|
||||
Changes between 1.0.0j and 1.0.0k [5 Feb 2013]
|
||||
|
||||
*) Make the decoding of SSLv3, TLS and DTLS CBC records constant time.
|
||||
|
||||
This addresses the flaw in CBC record processing discovered by
|
||||
Nadhem Alfardan and Kenny Paterson. Details of this attack can be found
|
||||
at: http://www.isg.rhul.ac.uk/tls/
|
||||
|
||||
Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
|
||||
Security Group at Royal Holloway, University of London
|
||||
(www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and
|
||||
Emilia Käsper for the initial patch.
|
||||
(CVE-2013-0169)
|
||||
[Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]
|
||||
|
||||
*) Return an error when checking OCSP signatures when key is NULL.
|
||||
This fixes a DoS attack. (CVE-2013-0166)
|
||||
[Steve Henson]
|
||||
|
||||
*) Call OCSP Stapling callback after ciphersuite has been chosen, so
|
||||
the right response is stapled. Also change SSL_get_certificate()
|
||||
so it returns the certificate actually sent.
|
||||
See http://rt.openssl.org/Ticket/Display.html?id=2836.
|
||||
(This is a backport)
|
||||
[Rob Stradling <rob.stradling@comodo.com>]
|
||||
|
||||
*) Fix possible deadlock when decoding public keys.
|
||||
[Steve Henson]
|
||||
|
||||
Changes between 1.0.0i and 1.0.0j [10 May 2012]
|
||||
|
||||
[NB: OpenSSL 1.0.0i and later 1.0.0 patch levels were released after
|
||||
OpenSSL 1.0.1.]
|
||||
|
||||
*) Sanity check record length before skipping explicit IV in DTLS
|
||||
to fix DoS attack.
|
||||
|
||||
Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
|
||||
fuzzing as a service testing platform.
|
||||
(CVE-2012-2333)
|
||||
[Steve Henson]
|
||||
|
||||
*) Initialise tkeylen properly when encrypting CMS messages.
|
||||
Thanks to Solar Designer of Openwall for reporting this issue.
|
||||
[Steve Henson]
|
||||
|
||||
Changes between 1.0.0h and 1.0.0i [19 Apr 2012]
|
||||
|
||||
*) Check for potentially exploitable overflows in asn1_d2i_read_bio
|
||||
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
|
||||
in CRYPTO_realloc_clean.
|
||||
|
||||
Thanks to Tavis Ormandy, Google Security Team, for discovering this
|
||||
issue and to Adam Langley <agl@chromium.org> for fixing it.
|
||||
(CVE-2012-2110)
|
||||
[Adam Langley (Google), Tavis Ormandy, Google Security Team]
|
||||
|
||||
Changes between 1.0.0g and 1.0.0h [12 Mar 2012]
|
||||
|
||||
*) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness
|
||||
@ -1613,6 +1701,86 @@
|
||||
*) Change 'Configure' script to enable Camellia by default.
|
||||
[NTT]
|
||||
|
||||
Changes between 0.9.8x and 0.9.8y [5 Feb 2013]
|
||||
|
||||
*) Make the decoding of SSLv3, TLS and DTLS CBC records constant time.
|
||||
|
||||
This addresses the flaw in CBC record processing discovered by
|
||||
Nadhem Alfardan and Kenny Paterson. Details of this attack can be found
|
||||
at: http://www.isg.rhul.ac.uk/tls/
|
||||
|
||||
Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
|
||||
Security Group at Royal Holloway, University of London
|
||||
(www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and
|
||||
Emilia Käsper for the initial patch.
|
||||
(CVE-2013-0169)
|
||||
[Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]
|
||||
|
||||
*) Return an error when checking OCSP signatures when key is NULL.
|
||||
This fixes a DoS attack. (CVE-2013-0166)
|
||||
[Steve Henson]
|
||||
|
||||
*) Call OCSP Stapling callback after ciphersuite has been chosen, so
|
||||
the right response is stapled. Also change SSL_get_certificate()
|
||||
so it returns the certificate actually sent.
|
||||
See http://rt.openssl.org/Ticket/Display.html?id=2836.
|
||||
(This is a backport)
|
||||
[Rob Stradling <rob.stradling@comodo.com>]
|
||||
|
||||
*) Fix possible deadlock when decoding public keys.
|
||||
[Steve Henson]
|
||||
|
||||
Changes between 0.9.8w and 0.9.8x [10 May 2012]
|
||||
|
||||
*) Sanity check record length before skipping explicit IV in DTLS
|
||||
to fix DoS attack.
|
||||
|
||||
Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
|
||||
fuzzing as a service testing platform.
|
||||
(CVE-2012-2333)
|
||||
[Steve Henson]
|
||||
|
||||
*) Initialise tkeylen properly when encrypting CMS messages.
|
||||
Thanks to Solar Designer of Openwall for reporting this issue.
|
||||
[Steve Henson]
|
||||
|
||||
Changes between 0.9.8v and 0.9.8w [23 Apr 2012]
|
||||
|
||||
*) The fix for CVE-2012-2110 did not take into account that the
|
||||
'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an
|
||||
int in OpenSSL 0.9.8, making it still vulnerable. Fix by
|
||||
rejecting negative len parameter. (CVE-2012-2131)
|
||||
[Tomas Hoger <thoger@redhat.com>]
|
||||
|
||||
Changes between 0.9.8u and 0.9.8v [19 Apr 2012]
|
||||
|
||||
*) Check for potentially exploitable overflows in asn1_d2i_read_bio
|
||||
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
|
||||
in CRYPTO_realloc_clean.
|
||||
|
||||
Thanks to Tavis Ormandy, Google Security Team, for discovering this
|
||||
issue and to Adam Langley <agl@chromium.org> for fixing it.
|
||||
(CVE-2012-2110)
|
||||
[Adam Langley (Google), Tavis Ormandy, Google Security Team]
|
||||
|
||||
Changes between 0.9.8t and 0.9.8u [12 Mar 2012]
|
||||
|
||||
*) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness
|
||||
in CMS and PKCS7 code. When RSA decryption fails use a random key for
|
||||
content decryption and always return the same error. Note: this attack
|
||||
needs on average 2^20 messages so it only affects automated senders. The
|
||||
old behaviour can be reenabled in the CMS code by setting the
|
||||
CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where
|
||||
an MMA defence is not necessary.
|
||||
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
|
||||
this issue. (CVE-2012-0884)
|
||||
[Steve Henson]
|
||||
|
||||
*) Fix CVE-2011-4619: make sure we really are receiving a
|
||||
client hello before rejecting multiple SGC restarts. Thanks to
|
||||
Ivan Nestlerode <inestlerode@us.ibm.com> for discovering this bug.
|
||||
[Steve Henson]
|
||||
|
||||
Changes between 0.9.8s and 0.9.8t [18 Jan 2012]
|
||||
|
||||
*) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
|
||||
@ -1620,7 +1788,7 @@
|
||||
Development, Cisco Systems, Inc. for discovering this bug and
|
||||
preparing a fix. (CVE-2012-0050)
|
||||
[Antonio Martin]
|
||||
|
||||
|
||||
Changes between 0.9.8r and 0.9.8s [4 Jan 2012]
|
||||
|
||||
*) Nadhem Alfardan and Kenny Paterson have discovered an extension
|
||||
|
77
NEWS
77
NEWS
@ -5,6 +5,35 @@
|
||||
This file gives a brief overview of the major changes between each OpenSSL
|
||||
release. For more details please read the CHANGES file.
|
||||
|
||||
Major changes between OpenSSL 1.0.1d and OpenSSL 1.0.1e:
|
||||
|
||||
o Corrected fix for CVE-2013-0169
|
||||
|
||||
Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d:
|
||||
|
||||
o Fix renegotiation in TLS 1.1, 1.2 by using the correct TLS version.
|
||||
o Include the fips configuration module.
|
||||
o Fix OCSP bad key DoS attack CVE-2013-0166
|
||||
o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
|
||||
o Fix for TLS AESNI record handling flaw CVE-2012-2686
|
||||
|
||||
Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c:
|
||||
|
||||
o Fix TLS/DTLS record length checking bug CVE-2012-2333
|
||||
o Don't attempt to use non-FIPS composite ciphers in FIPS mode.
|
||||
|
||||
Major changes between OpenSSL 1.0.1a and OpenSSL 1.0.1b:
|
||||
|
||||
o Fix compilation error on non-x86 platforms.
|
||||
o Make FIPS capable OpenSSL ciphers work in non-FIPS mode.
|
||||
o Fix SSL_OP_NO_TLSv1_1 clash with SSL_OP_ALL in OpenSSL 1.0.0
|
||||
|
||||
Major changes between OpenSSL 1.0.1 and OpenSSL 1.0.1a:
|
||||
|
||||
o Fix for ASN1 overflow bug CVE-2012-2110
|
||||
o Workarounds for some servers that hang on long client hellos.
|
||||
o Fix SEGV in AES code.
|
||||
|
||||
Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1:
|
||||
|
||||
o TLS/DTLS heartbeat support.
|
||||
@ -18,6 +47,19 @@
|
||||
o Preliminary FIPS capability for unvalidated 2.0 FIPS module.
|
||||
o SRP support.
|
||||
|
||||
Major changes between OpenSSL 1.0.0j and OpenSSL 1.0.0k:
|
||||
|
||||
o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
|
||||
o Fix OCSP bad key DoS attack CVE-2013-0166
|
||||
|
||||
Major changes between OpenSSL 1.0.0i and OpenSSL 1.0.0j:
|
||||
|
||||
o Fix DTLS record length checking bug CVE-2012-2333
|
||||
|
||||
Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.0i:
|
||||
|
||||
o Fix for ASN1 overflow bug CVE-2012-2110
|
||||
|
||||
Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h:
|
||||
|
||||
o Fix for CMS/PKCS#7 MMA CVE-2012-0884
|
||||
@ -90,6 +132,41 @@
|
||||
o Opaque PRF Input TLS extension support.
|
||||
o Updated time routines to avoid OS limitations.
|
||||
|
||||
Major changes between OpenSSL 0.9.8x and OpenSSL 0.9.8y:
|
||||
|
||||
o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
|
||||
o Fix OCSP bad key DoS attack CVE-2013-0166
|
||||
|
||||
Major changes between OpenSSL 0.9.8w and OpenSSL 0.9.8x:
|
||||
|
||||
o Fix DTLS record length checking bug CVE-2012-2333
|
||||
|
||||
Major changes between OpenSSL 0.9.8v and OpenSSL 0.9.8w:
|
||||
|
||||
o Fix for CVE-2012-2131 (corrected fix for 0.9.8 and CVE-2012-2110)
|
||||
|
||||
Major changes between OpenSSL 0.9.8u and OpenSSL 0.9.8v:
|
||||
|
||||
o Fix for ASN1 overflow bug CVE-2012-2110
|
||||
|
||||
Major changes between OpenSSL 0.9.8t and OpenSSL 0.9.8u:
|
||||
|
||||
o Fix for CMS/PKCS#7 MMA CVE-2012-0884
|
||||
o Corrected fix for CVE-2011-4619
|
||||
o Various DTLS fixes.
|
||||
|
||||
Major changes between OpenSSL 0.9.8s and OpenSSL 0.9.8t:
|
||||
|
||||
o Fix for DTLS DoS issue CVE-2012-0050
|
||||
|
||||
Major changes between OpenSSL 0.9.8r and OpenSSL 0.9.8s:
|
||||
|
||||
o Fix for DTLS plaintext recovery attack CVE-2011-4108
|
||||
o Fix policy check double free error CVE-2011-4109
|
||||
o Clear block padding bytes of SSL 3.0 records CVE-2011-4576
|
||||
o Only allow one SGC handshake restart for SSL/TLS CVE-2011-4619
|
||||
o Check for malformed RFC3779 data CVE-2011-4577
|
||||
|
||||
Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r:
|
||||
|
||||
o Fix for security issue CVE-2011-0014
|
||||
|
Loading…
x
Reference in New Issue
Block a user