X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=bf37e589992745ea92369942c3bcd2c250f24ecd;hp=111db939f94a508d66bb203b22446b1506162a96;hb=7efd0e777e65eaa6c60d85b1cc5c889f872f8fc4;hpb=20b82b514d81a64f5b240788e5051167456af379 diff --git a/CHANGES b/CHANGES index 111db939f9..bf37e58999 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,47 @@ Changes between 1.0.2 and 1.1.0 [xx XXX xxxx] + *) Experimental support for a new, fast, unbiased prime candidate generator, + bn_probable_prime_dh_coprime(). Not currently used by any prime generator. + [Felix Laurie von Massenbach ] + + *) New output format NSS in the sess_id command line tool. This allows + exporting the session id and the master key in NSS keylog format. + [Martin Kaiser ] + + *) Harmonize version and its documentation. -f flag is used to display + compilation flags. + [mancha ] + + *) Fix eckey_priv_encode so it immediately returns an error upon a failure + in i2d_ECPrivateKey. + [mancha ] + + *) Fix some double frees. These are not thought to be exploitable. + [mancha ] + + *) A missing bounds check in the handling of the TLS heartbeat extension + can be used to reveal up to 64k of memory to a connected client or + server. + + Thanks for Neel Mehta of Google Security for discovering this bug and to + Adam Langley and Bodo Moeller for + preparing the fix (CVE-2014-0160) + [Adam Langley, Bodo Moeller] + + *) Fix for the attack described in the paper "Recovering OpenSSL + ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" + by Yuval Yarom and Naomi Benger. Details can be obtained from: + http://eprint.iacr.org/2014/140 + + Thanks to Yuval Yarom and Naomi Benger for discovering this + flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076) + [Yuval Yarom and Naomi Benger] + + *) Use algorithm specific chains in SSL_CTX_use_certificate_chain_file(): + this fixes a limiation in previous versions of OpenSSL. + [Steve Henson] + *) Experimental encrypt-then-mac support. Experimental support for encrypt then mac from @@ -19,10 +60,6 @@ [Steve Henson] - *) Add callbacks supporting generation and retrieval of supplemental - data entries. - [Scott Deboy , Trevor Perrin and Ben Laurie] - *) Add EVP support for key wrapping algorithms, to avoid problems with existing code the flag EVP_CIPHER_CTX_WRAP_ALLOW has to be set in the EVP_CIPHER_CTX or an error is returned. Add AES and DES3 wrap @@ -278,23 +315,13 @@ to be resent. (CVE-2013-6450) [Steve Henson] - *) TLS pad extension: draft-agl-tls-padding-02 + *) TLS pad extension: draft-agl-tls-padding-03 Workaround for the "TLS hang bug" (see FAQ and PR#2771): if the TLS client Hello record length value would otherwise be > 255 and less that 512 pad with a dummy extension containing zeroes so it is at least 512 bytes long. - To enable it use an unused extension number (for example chrome uses - 35655) using: - - e.g. -DTLSEXT_TYPE_padding=35655 - - Since the extension is ignored the actual number doesn't matter as long - as it doesn't clash with any existing extension. - - This will be updated when the extension gets an official number. - [Adam Langley, Steve Henson] *) Add functions to allocate and set the fields of an ECDSA_METHOD @@ -497,9 +524,6 @@ *) Support for linux-x32, ILP32 environment in x86_64 framework. [Andy Polyakov] - *) RFC 5878 (TLS Authorization Extensions) support. - [Emilia Kasper, Adam Langley, Ben Laurie (Google)] - *) Experimental multi-implementation support for FIPS capable OpenSSL. When in FIPS mode the approved implementations are used as normal, when not in FIPS mode the internal unapproved versions are used instead. @@ -2025,6 +2049,10 @@ This fixes a DoS attack. (CVE-2013-0166) [Steve Henson] + *) Return an error when checking OCSP signatures when key is NULL. + This fixes a DoS attack. (CVE-2013-0166) + [Steve Henson] + *) Call OCSP Stapling callback after ciphersuite has been chosen, so the right response is stapled. Also change SSL_get_certificate() so it returns the certificate actually sent.