X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=4236f8600eab6a113a431bd8343c7f06ec537127;hp=2602cfac968e83848d95003a58839278ee1dfd16;hb=a09220d823f654bc6a6f03d79f0c9d8c7071e3c7;hpb=4fcdd66fff5fea0cfa1055c6680a76a4303f28a2 diff --git a/CHANGES b/CHANGES index 2602cfac96..4236f8600e 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,47 @@ Changes between 1.0.2 and 1.1.0 [xx XXX xxxx] + *) Experimental support for a new, fast, unbiased prime candidate generator, + bn_probable_prime_dh_coprime(). Not currently used by any prime generator. + [Felix Laurie von Massenbach ] + + *) New output format NSS in the sess_id command line tool. This allows + exporting the session id and the master key in NSS keylog format. + [Martin Kaiser ] + + *) Harmonize version and its documentation. -f flag is used to display + compilation flags. + [mancha ] + + *) Fix eckey_priv_encode so it immediately returns an error upon a failure + in i2d_ECPrivateKey. + [mancha ] + + *) Fix some double frees. These are not thought to be exploitable. + [mancha ] + + *) A missing bounds check in the handling of the TLS heartbeat extension + can be used to reveal up to 64k of memory to a connected client or + server. + + Thanks for Neel Mehta of Google Security for discovering this bug and to + Adam Langley and Bodo Moeller for + preparing the fix (CVE-2014-0160) + [Adam Langley, Bodo Moeller] + + *) Fix for the attack described in the paper "Recovering OpenSSL + ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" + by Yuval Yarom and Naomi Benger. Details can be obtained from: + http://eprint.iacr.org/2014/140 + + Thanks to Yuval Yarom and Naomi Benger for discovering this + flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076) + [Yuval Yarom and Naomi Benger] + + *) Use algorithm specific chains in SSL_CTX_use_certificate_chain_file(): + this fixes a limiation in previous versions of OpenSSL. + [Steve Henson] + *) Experimental encrypt-then-mac support. Experimental support for encrypt then mac from @@ -273,23 +314,18 @@ Changes between 1.0.1e and 1.0.2 [xx XXX xxxx] - *) TLS pad extension: draft-agl-tls-padding-02 + *) Keep original DTLS digest and encryption contexts in retransmission + structures so we can use the previous session parameters if they need + to be resent. (CVE-2013-6450) + [Steve Henson] + + *) TLS pad extension: draft-agl-tls-padding-03 Workaround for the "TLS hang bug" (see FAQ and PR#2771): if the TLS client Hello record length value would otherwise be > 255 and less that 512 pad with a dummy extension containing zeroes so it is at least 512 bytes long. - To enable it use an unused extension number (for example chrome uses - 35655) using: - - e.g. -DTLSEXT_TYPE_padding=35655 - - Since the extension is ignored the actual number doesn't matter as long - as it doesn't clash with any existing extension. - - This will be updated when the extension gets an official number. - [Adam Langley, Steve Henson] *) Add functions to allocate and set the fields of an ECDSA_METHOD @@ -2020,6 +2056,10 @@ This fixes a DoS attack. (CVE-2013-0166) [Steve Henson] + *) Return an error when checking OCSP signatures when key is NULL. + This fixes a DoS attack. (CVE-2013-0166) + [Steve Henson] + *) Call OCSP Stapling callback after ciphersuite has been chosen, so the right response is stapled. Also change SSL_get_certificate() so it returns the certificate actually sent.