X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=c596c35e452c320559d896a619ad3e7538053f11;hp=0435e2918ec4ac688ced05da5c2b6b96af0e19fe;hb=a43526302f3049f2eed3fc2ea538c14a5f3ff956;hpb=8e8554528449bc58f2a8da16b205a2824dc4a57f diff --git a/CHANGES b/CHANGES index 0435e2918e..c596c35e45 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,42 @@ Changes between 1.0.1 and 1.1.0 [xx XXX xxxx] + *) Support for automatic EC temporary key parameter selection. If enabled + the most preferred EC parameters are automatically used instead of + hardcoded fixed parameters. Now a server just has to call: + SSL_CTX_set_ecdh_auto(ctx, 1) and the server will automatically + support ECDH and use the most appropriate parameters. + [Steve Henson] + + *) Enhance and tidy EC curve and point format TLS extension code. Use + static structures instead of allocation if default values are used. + New ctrls to set curves we wish to support and to retrieve shared curves. + Print out shared curves in s_server. New options to s_server and s_client + to set list of supported curves. + [Steve Henson] + + *) New ctrls to retrieve supported signature algorithms and + supported curve values as an array of NIDs. Extend openssl utility + to print out received values. + [Steve Henson] + + *) Add new APIs EC_curve_nist2nid and EC_curve_nid2nist which convert + between NIDs and the more common NIST names such as "P-256". Enhance + ecparam utility and ECC method to recognise the NIST names for curves. + [Steve Henson] + + *) Enhance SSL/TLS certificate chain handling to support different + chains for each certificate instead of one chain in the parent SSL_CTX. + [Steve Henson] + + *) Support for fixed DH ciphersuite client authentication: where both + server and client use DH certificates with common parameters. + [Steve Henson] + + *) Support for fixed DH ciphersuites: those requiring DH server + certificates. + [Steve Henson] + *) Transparently support X9.42 DH parameters when calling PEM_read_bio_DHparameters. This means existing applications can handle the new parameter format automatically. @@ -253,7 +289,34 @@ whose return value is often ignored. [Steve Henson] - Changes between 1.0.0f and 1.0.1 [xx XXX xxxx] + Changes between 1.0.1 and 1.0.1a [xx XXX xxxx] + + *) Fix SEGV in Vector Permutation AES module observed in OpenSSH. + [Andy Polyakov] + + Changes between 1.0.0h and 1.0.1 [14 Mar 2012] + + *) Add compatibility with old MDC2 signatures which use an ASN1 OCTET + STRING form instead of a DigestInfo. + [Steve Henson] + + *) The format used for MDC2 RSA signatures is inconsistent between EVP + and the RSA_sign/RSA_verify functions. This was made more apparent when + OpenSSL used RSA_sign/RSA_verify for some RSA signatures in particular + those which went through EVP_PKEY_METHOD in 1.0.0 and later. Detect + the correct format in RSA_verify so both forms transparently work. + [Steve Henson] + + *) Add compatibility with old MDC2 signatures which use an ASN1 OCTET + STRING form instead of a DigestInfo. + [Steve Henson] + + *) Some servers which support TLS 1.0 can choke if we initially indicate + support for TLS 1.2 and later renegotiate using TLS 1.0 in the RSA + encrypted premaster secret. As a workaround use the maximum pemitted + client version in client hello, this should keep such servers happy + and still work with previous versions of OpenSSL. + [Steve Henson] *) Add support for TLS/DTLS heartbeats. [Robin Seggelmann ] @@ -518,6 +581,32 @@ Add command line options to s_client/s_server. [Steve Henson] + Changes between 1.0.0g and 1.0.0h [12 Mar 2012] + + *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness + in CMS and PKCS7 code. When RSA decryption fails use a random key for + content decryption and always return the same error. Note: this attack + needs on average 2^20 messages so it only affects automated senders. The + old behaviour can be reenabled in the CMS code by setting the + CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where + an MMA defence is not necessary. + Thanks to Ivan Nestlerode for discovering + this issue. (CVE-2012-0884) + [Steve Henson] + + *) Fix CVE-2011-4619: make sure we really are receiving a + client hello before rejecting multiple SGC restarts. Thanks to + Ivan Nestlerode for discovering this bug. + [Steve Henson] + + Changes between 1.0.0f and 1.0.0g [18 Jan 2012] + + *) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109. + Thanks to Antonio Martin, Enterprise Secure Access Research and + Development, Cisco Systems, Inc. for discovering this bug and + preparing a fix. (CVE-2012-0050) + [Antonio Martin] + Changes between 1.0.0e and 1.0.0f [4 Jan 2012] *) Nadhem Alfardan and Kenny Paterson have discovered an extension @@ -538,7 +627,9 @@ (CVE-2011-4576) [Adam Langley (Google)] - *) Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619) + *) Only allow one SGC handshake restart for SSL/TLS. Thanks to George + Kadianakis for discovering this issue and + Adam Langley for preparing the fix. (CVE-2011-4619) [Adam Langley (Google)] *) Check parameters are not NULL in GOST ENGINE. (CVE-2012-0027) @@ -1479,6 +1570,14 @@ *) Change 'Configure' script to enable Camellia by default. [NTT] + + Changes between 0.9.8s and 0.9.8t [18 Jan 2012] + + *) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109. + Thanks to Antonio Martin, Enterprise Secure Access Research and + Development, Cisco Systems, Inc. for discovering this bug and + preparing a fix. (CVE-2012-0050) + [Antonio Martin] Changes between 0.9.8r and 0.9.8s [4 Jan 2012] @@ -1503,7 +1602,9 @@ (CVE-2011-4576) [Adam Langley (Google)] - *) Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619) + *) Only allow one SGC handshake restart for SSL/TLS. Thanks to George + Kadianakis for discovering this issue and + Adam Langley for preparing the fix. (CVE-2011-4619) [Adam Langley (Google)] *) Prevent malformed RFC3779 data triggering an assertion failure.