X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=63fdb5543ccb37a860a775f67fc0afac413dfe7a;hp=0bc0d90e7de2abf5b6052e3a0dea8c871dba7787;hb=3e8e12a6b6b4e8583e45a66d1a269f424182ddf0;hpb=376bbb5887031a1404bc9654f7974fd612fbad59 diff --git a/CHANGES b/CHANGES index 0bc0d90e7d..63fdb5543c 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,47 @@ Changes between 0.9.8k and 1.0 [xx XXX xxxx] + *) Add load_crls() function to apps tidying load_certs() too. Add option + to verify utility to allow additional CRLs to be included. + [Steve Henson] + + *) Update OCSP request code to permit adding custom headers to the request: + some responders need this. + [Steve Henson] + + *) The function EVP_PKEY_sign() returns <=0 on error: check return code + correctly. + [Julia Lawall ] + + *) Update verify callback code in apps/s_cb.c and apps/verify.c, it + needlessly dereferenced structures, used obsolete functions and + didn't handle all updated verify codes correctly. + [Steve Henson] + + *) Delete MD2 from algorithm tables. This follows the recommendation in + several standards that it is not used in new applications due to + several cryptographic weaknesses. The algorithm is also disabled in + the default configuration. + [Steve Henson] + + *) In BIO_pop() and BIO_push() use the ctrl argument (which was NULL) to + indicate the initial BIO being pushed or popped. This makes it possible + to determine whether the BIO is the one explicitly called or as a result + of the ctrl being passed down the chain. Fix BIO_pop() and SSL BIOs so + it handles reference counts correctly and doesn't zero out the I/O bio + when it is not being explicitly popped. WARNING: applications which + included workarounds for the old buggy behaviour will need to be modified + or they could free up already freed BIOs. + [Steve Henson] + + *) Rename uni2asc and asc2uni functions to OPENSSL_uni2asc and + OPENSSL_asc2uni the original names were too generic and cause name + clashes on Netware. + [Guenter ] + + *) Add ECDHE and PSK support to DTLS. + [Michael Tuexen ] + *) Add CHECKED_STACK_OF macro to safestack.h, otherwise safestack can't be used on C++. [Steve Henson] @@ -788,7 +829,83 @@ *) Change 'Configure' script to enable Camellia by default. [NTT] - Changes between 0.9.8k and 0.9.8l [xx XXX xxxx] + Changes between 0.9.8l and 0.9.8m [xx XXX xxxx] + + *) Implement + https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt. Re-enable + renegotiation but require the extension as needed. Unfortunately, + SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION turns out to be a + bad idea. It has been replaced by + SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION which can be set with + SSL_CTX_set_options(). This is really not recommended unless you + know what you are doing. + [Eric Rescorla and Ben Laurie] + + *) Fixes to stateless session resumption handling. Use initial_ctx when + issuing and attempting to decrypt tickets in case it has changed during + servername handling. Use a non-zero length session ID when attempting + stateless session resumption: this makes it possible to determine if + a resumption has occurred immediately after receiving server hello + (several places in OpenSSL subtly assume this) instead of later in + the handshake. + [Steve Henson] + + *) The functions ENGINE_ctrl(), OPENSSL_isservice(), + CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error + fixes for a few places where the return code is not checked + correctly. + [Julia Lawall ] + + *) Add --strict-warnings option to Configure script to include devteam + warnings in other configurations. + [Steve Henson] + + *) Add support for --libdir option and LIBDIR variable in makefiles. This + makes it possible to install openssl libraries in locations which + have names other than "lib", for example "/usr/lib64" which some + systems need. + [Steve Henson, based on patch from Jeremy Utley] + + *) Don't allow the use of leading 0x80 in OIDs. This is a violation of + X690 8.9.12 and can produce some misleading textual output of OIDs. + [Steve Henson, reported by Dan Kaminsky] + + *) Add compression id to {d2i,i2d}_SSL_SESSION so it is correctly saved + and restored. + [Steve Henson] + + *) Fix the server certificate chain building code to use X509_verify_cert(), + it used to have an ad-hoc builder which was unable to cope with anything + other than a simple chain. + [David Woodhouse , Steve Henson] + + *) Don't check self signed certificate signatures in X509_verify_cert() + by default (a flag can override this): it just wastes time without + adding any security. As a useful side effect self signed root CAs + with non-FIPS digests are now usable in FIPS mode. + [Steve Henson] + + *) In dtls1_process_out_of_seq_message() the check if the current message + is already buffered was missing. For every new message was memory + allocated, allowing an attacker to perform an denial of service attack + with sending out of seq handshake messages until there is no memory + left. Additionally every future messege was buffered, even if the + sequence number made no sense and would be part of another handshake. + So only messages with sequence numbers less than 10 in advance will be + buffered. + [Robin Seggelmann, discovered by Daniel Mentz] + + *) Records are buffered if they arrive with a future epoch to be + processed after finishing the corresponding handshake. There is + currently no limitation to this buffer allowing an attacker to perform + a DOS attack with sending records with future epochs until there is no + memory left. This patch adds the pqueue_size() function to detemine + the size of a buffer and limits the record buffer to 100 entries. + [Robin Seggelmann, discovered by Daniel Mentz] + + *) Keep a copy of frag->msg_header.frag_len so it can be used after the + parent structure is freed. + [Daniel Mentz] *) Handle non-blocking I/O properly in SSL_shutdown() call. [Darryl Miles ]