X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=CHANGES.md;h=982e677fcc3c43803fd933986add7e798819af5b;hp=6ee0b1efde66b3d5c9bc0ef7e1ac6018fa4d2bfa;hb=b75f08cb13ca2e03946e0beeaac2e0ffa0d2aae7;hpb=5d979e0484865f48ef4d180e1698be6f2b58fd9f diff --git a/CHANGES.md b/CHANGES.md index 6ee0b1efde..982e677fcc 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -23,6 +23,73 @@ OpenSSL 3.0 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx] + * Handshake now fails if Extended Master Secret extension is dropped + on renegotiation. + + *Tomas Mraz* + + * Dropped interactive mode from the 'openssl' program. From now on, + the `openssl` command without arguments is equivalent to `openssl + help`. + + *Richard Levitte* + + * Renamed EVP_PKEY_cmp() to EVP_PKEY_eq() and + EVP_PKEY_cmp_parameters() to EVP_PKEY_parameters_eq(). + While the old function names have been retained for backward compatibility + they should not be used in new developments + because their return values are confusing: Unlike other `_cmp()` functions + they do not return 0 in case their arguments are equal. + + *David von Oheimb* + + * Deprecated EC_METHOD_get_field_type(). Applications should switch to + EC_GROUP_get_field_type(). + + *Billy Bob Brumley* + + * Deprecated EC_GFp_simple_method(), EC_GFp_mont_method(), + EC_GF2m_simple_method(), EC_GFp_nist_method(), EC_GFp_nistp224_method() + EC_GFp_nistp256_method(), and EC_GFp_nistp521_method(). + Applications should rely on the library automatically assigning a suitable + EC_METHOD internally upon EC_GROUP construction. + + *Billy Bob Brumley* + + * Deprecated EC_GROUP_new(), EC_GROUP_method_of(), and EC_POINT_method_of(). + EC_METHOD is now an internal-only concept and a suitable EC_METHOD is + assigned internally without application intervention. + Users of EC_GROUP_new() should switch to a different suitable constructor. + + *Billy Bob Brumley* + + * Add CAdES-BES signature verification support, mostly derived + from ESSCertIDv2 TS (RFC 5816) contribution by Marek Klein. + + *Filipe Raimundo da Silva* + + * Add CAdES-BES signature scheme and attributes support (RFC 5126) to CMS API. + + *Antonio Iacono* + + * Deprecated EC_POINT_make_affine() and EC_POINTs_make_affine(). These + functions are not widely used and now OpenSSL automatically perform this + conversion when needed. + + *Billy Bob Brumley* + + * Deprecated EC_GROUP_precompute_mult(), EC_GROUP_have_precompute_mult(), and + EC_KEY_precompute_mult(). These functions are not widely used and + applications should instead switch to named curves which OpenSSL has + hardcoded lookup tables for. + + *Billy Bob Brumley* + + * Deprecated EC_POINTs_mul(). This function is not widely used and applications + should instead use the L function. + + *Billy Bob Brumley* + * Removed FIPS_mode() and FIPS_mode_set(). These functions are legacy API's that are not applicable to the new provider model. Applications should instead use EVP_default_properties_is_fips_enabled() and @@ -30,6 +97,12 @@ OpenSSL 3.0 *Shane Lontis* + * The SSL option SSL_OP_IGNORE_UNEXPECTED_EOF is introduced. If that option + is set, an unexpected EOF is ignored, it pretends a close notify was received + instead and so the returned error becomes SSL_ERROR_ZERO_RETURN. + + *Dmitry Belyavskiy* + * Deprecated EC_POINT_set_Jprojective_coordinates_GFp() and EC_POINT_get_Jprojective_coordinates_GFp(). These functions are not widely used and applications should instead use the @@ -104,6 +177,12 @@ OpenSSL 3.0 *David von Oheimb* + * BIO_do_connect and BIO_do_handshake have been extended: + If domain name resolution yields multiple IP addresses all of them are tried + after connect() failures. + + *David von Oheimb* + * All of the low level RSA functions have been deprecated including: RSA_new_method, RSA_size, RSA_security_bits, RSA_get0_pss_params, @@ -282,8 +361,8 @@ OpenSSL 3.0 and HMAC_CTX_get_md. Use of these low level functions has been informally discouraged for a long - time. Instead applications should use L, - L, L, L + time. Instead applications should use L, + L, L, L and L. *Paul Dale* @@ -306,8 +385,8 @@ OpenSSL 3.0 CMAC_CTX_copy, CMAC_Init, CMAC_Update, CMAC_Final and CMAC_resume. Use of these low level functions has been informally discouraged for a long - time. Instead applications should use L, - L, L, L + time. Instead applications should use L, + L, L, L and L. *Paul Dale* @@ -509,13 +588,6 @@ OpenSSL 3.0 - SSL_CTX_load_verify_dir() - SSL_CTX_load_verify_store() - Also, the following functions are now deprecated: - - - X509_STORE_load_locations() (use X509_STORE_load_file(), - X509_STORE_load_path() or X509_STORE_load_store() instead) - - SSL_CTX_load_verify_locations() (use SSL_CTX_load_verify_file(), - SSL_CTX_load_verify_dir() or SSL_CTX_load_verify_store() instead) - *Richard Levitte* * Added a new method to gather entropy on VMS, based on SYS$GET_ENTROPY. @@ -6001,40 +6073,40 @@ OpenSSL 1.0.1 *Steve Henson* - *) Correct Bignum squaring. Bignum squaring (BN_sqr) may produce incorrect - results on some platforms, including x86_64. This bug occurs at random - with a very low probability, and is not known to be exploitable in any - way, though its exact impact is difficult to determine. Thanks to Pieter - Wuille (Blockstream) who reported this issue and also suggested an initial - fix. Further analysis was conducted by the OpenSSL development team and - Adam Langley of Google. The final fix was developed by Andy Polyakov of - the OpenSSL core team. - [CVE-2014-3570][] + * Correct Bignum squaring. Bignum squaring (BN_sqr) may produce incorrect + results on some platforms, including x86_64. This bug occurs at random + with a very low probability, and is not known to be exploitable in any + way, though its exact impact is difficult to determine. Thanks to Pieter + Wuille (Blockstream) who reported this issue and also suggested an initial + fix. Further analysis was conducted by the OpenSSL development team and + Adam Langley of Google. The final fix was developed by Andy Polyakov of + the OpenSSL core team. + [CVE-2014-3570][] *Andy Polyakov* - *) Do not resume sessions on the server if the negotiated protocol - version does not match the session's version. Resuming with a different - version, while not strictly forbidden by the RFC, is of questionable - sanity and breaks all known clients. + * Do not resume sessions on the server if the negotiated protocol + version does not match the session's version. Resuming with a different + version, while not strictly forbidden by the RFC, is of questionable + sanity and breaks all known clients. *David Benjamin, Emilia Käsper* - *) Tighten handling of the ChangeCipherSpec (CCS) message: reject - early CCS messages during renegotiation. (Note that because - renegotiation is encrypted, this early CCS was not exploitable.) + * Tighten handling of the ChangeCipherSpec (CCS) message: reject + early CCS messages during renegotiation. (Note that because + renegotiation is encrypted, this early CCS was not exploitable.) *Emilia Käsper* - *) Tighten client-side session ticket handling during renegotiation: - ensure that the client only accepts a session ticket if the server sends - the extension anew in the ServerHello. Previously, a TLS client would - reuse the old extension state and thus accept a session ticket if one was - announced in the initial ServerHello. + * Tighten client-side session ticket handling during renegotiation: + ensure that the client only accepts a session ticket if the server sends + the extension anew in the ServerHello. Previously, a TLS client would + reuse the old extension state and thus accept a session ticket if one was + announced in the initial ServerHello. - Similarly, ensure that the client requires a session ticket if one - was advertised in the ServerHello. Previously, a TLS client would - ignore a missing NewSessionTicket message. + Similarly, ensure that the client requires a session ticket if one + was advertised in the ServerHello. Previously, a TLS client would + ignore a missing NewSessionTicket message. *Emilia Käsper* @@ -7020,19 +7092,19 @@ OpenSSL 1.0.0 *Steve Henson* - *) Correct Bignum squaring. Bignum squaring (BN_sqr) may produce incorrect - results on some platforms, including x86_64. This bug occurs at random - with a very low probability, and is not known to be exploitable in any - way, though its exact impact is difficult to determine. Thanks to Pieter - Wuille (Blockstream) who reported this issue and also suggested an initial - fix. Further analysis was conducted by the OpenSSL development team and - Adam Langley of Google. The final fix was developed by Andy Polyakov of - the OpenSSL core team. - [CVE-2014-3570][] + * Correct Bignum squaring. Bignum squaring (BN_sqr) may produce incorrect + results on some platforms, including x86_64. This bug occurs at random + with a very low probability, and is not known to be exploitable in any + way, though its exact impact is difficult to determine. Thanks to Pieter + Wuille (Blockstream) who reported this issue and also suggested an initial + fix. Further analysis was conducted by the OpenSSL development team and + Adam Langley of Google. The final fix was developed by Andy Polyakov of + the OpenSSL core team. + [CVE-2014-3570][] - *Andy Polyakov* + *Andy Polyakov* - *) Fix various certificate fingerprint issues. + * Fix various certificate fingerprint issues. By using non-DER or invalid encodings outside the signed portion of a certificate the fingerprint can be changed without breaking the signature.