X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=NEWS.md;h=720cec7330d6af20df49c6ec0d6be5468ec7d185;hp=c09e9599a498b277f305d31d8d144cf9a8b6fbe4;hb=398ae8231650c4bd8ddff0e5efd38233c23b1ca0;hpb=5d979e0484865f48ef4d180e1698be6f2b58fd9f diff --git a/NEWS.md b/NEWS.md index c09e9599a4..720cec7330 100644 --- a/NEWS.md +++ b/NEWS.md @@ -7,6 +7,7 @@ release. For more details please read the CHANGES file. OpenSSL Releases ---------------- + - [OpenSSL 3.1](#openssl-31) - [OpenSSL 3.0](#openssl-30) - [OpenSSL 1.1.1](#openssl-111) - [OpenSSL 1.1.0](#openssl-110) @@ -15,17 +16,43 @@ OpenSSL Releases - [OpenSSL 1.0.0](#openssl-100) - [OpenSSL 0.9.x](#openssl-09x) -OpenSSL 3.0 +OpenSSL 3.1 ----------- -### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0 [under development] +### Major changes between OpenSSL 3.0 and OpenSSL 3.1 [under development] + + * Subject or issuer names in X.509 objects are now displayed as UTF-8 strings + by default. + +OpenSSL 3.0 +----------- - * The X25519, X448, Ed25519, Ed448 and SHAKE256 algorithms are included in - the FIPS provider. None have the "fips=yes" property set and, as such, - will not be accidentially used. - * The algorithm specific public key command line applications have - been deprecated. These include dhparam, gendsa and others. The pkey - alternatives should be used intead: pkey, pkeyparam and genpkey. +### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0 + + * Enhanced 'openssl list' with many new options. + * Added migration guide to man7. + * Implemented support for fully "pluggable" TLSv1.3 groups. + * Added suport for Kernel TLS (KTLS). + * Changed the license to the Apache License v2.0. + * Moved all variations of the EVP ciphers CAST5, BF, IDEA, SEED, RC2, + RC4, RC5, and DES to the legacy provider. + * Moved the EVP digests MD2, MD4, MDC2, WHIRLPOOL and RIPEMD-160 to the legacy + provider. + * Added convenience functions for generating asymmetric key pairs. + * Deprecated the `OCSP_REQ_CTX` type and functions. + * Deprecated the `EC_KEY` and `EC_KEY_METHOD` types and functions. + * Deprecated the `RSA` and `RSA_METHOD` types and functions. + * Deprecated the `DSA` and `DSA_METHOD` types and functions. + * Deprecated the `DH` and `DH_METHOD` types and functions. + * Deprecated the `ERR_load_` functions. + * Remove the `RAND_DRBG` API. + * Deprecated the `ENGINE` API. + * Added `OSSL_LIB_CTX`, a libcrypto library context. + * Added various `_ex` functions to the OpenSSL API that support using + a non-default `OSSL_LIB_CTX`. + * Interactive mode is removed from the 'openssl' program. + * The X25519, X448, Ed25519, Ed448, SHAKE128 and SHAKE256 algorithms are + included in the FIPS provider. * X509 certificates signed using SHA1 are no longer allowed at security level 1 or higher. The default security level for TLS is 1, so certificates signed using SHA1 are by default no longer trusted to @@ -36,12 +63,18 @@ OpenSSL 3.0 also covering CRMF (RFC 4211) and HTTP transfer (RFC 6712). It is part of the crypto lib and adds a 'cmp' app with a demo configuration. All widely used CMP features are supported for both clients and servers. - * Added a proper HTTP(S) client to libcrypto supporting GET and POST, - redirection, plain and ASN.1-encoded contents, proxies, and timeouts. - * Added OSSL_SERIALIZER, a generic serializer API. + * Added a proper HTTP client supporting GET with optional redirection, POST, + arbitrary request and response content types, TLS, persistent connections, + connections via HTTP(s) proxies, connections and exchange via user-defined + BIOs (allowing implicit connections), and timeout checks. + * Added util/check-format.pl for checking adherence to the coding guidelines. + * Added OSSL_ENCODER, a generic encoder API. + * Added OSSL_DECODER, a generic decoder API. * Added OSSL_PARAM_BLD, an easier to use API to OSSL_PARAM. * Added error raising macros, ERR_raise() and ERR_raise_data(). - * Deprecated ERR_put_error(). + * Deprecated ERR_put_error(), ERR_get_error_line(), ERR_get_error_line_data(), + ERR_peek_error_line_data(), ERR_peek_last_error_line_data() and + ERR_func_error_string(). * Added OSSL_PROVIDER_available(), to check provider availibility. * Added 'openssl mac' that uses the EVP_MAC API. * Added 'openssl kdf' that uses the EVP_KDF API. @@ -51,50 +84,93 @@ OpenSSL 3.0 * Changed our version number scheme and set the next major release to 3.0.0 * Added EVP_MAC, an EVP layer MAC API, and a generic EVP_PKEY to EVP_MAC - bridge. + bridge. Supported MACs are: BLAKE2, CMAC, GMAC, HMAC, KMAC, POLY1305 + and SIPHASH. * Removed the heartbeat message in DTLS feature. - * Added EVP_KDF, an EVP layer KDF API, and a generic EVP_PKEY to EVP_KDF - bridge. - * All of the low level MD2, MD4, MD5, MDC2, RIPEMD160, SHA1, SHA224, + * Added EVP_KDF, an EVP layer KDF and PRF API, and a generic EVP_PKEY to + EVP_KDF bridge. Supported KDFs are: HKDF, KBKDF, KRB5 KDF, PBKDF2, + PKCS12 KDF, SCRYPT, SSH KDF, SSKDF, TLS1 PRF, X9.42 KDF and X9.63 KDF. + * All of the low-level MD2, MD4, MD5, MDC2, RIPEMD160, SHA1, SHA224, SHA256, SHA384, SHA512 and Whirlpool digest functions have been deprecated. - * All of the low level AES, Blowfish, Camellia, CAST, DES, IDEA, RC2, + * All of the low-level AES, Blowfish, Camellia, CAST, DES, IDEA, RC2, RC4, RC5 and SEED cipher functions have been deprecated. - * All of the low level DH, DSA, ECDH, ECDSA and RSA public key functions + * All of the low-level DH, DSA, ECDH, ECDSA and RSA public key functions have been deprecated. + * SSL 3, TLS 1.0, TLS 1.1, and DTLS 1.0 only work at security level 0. + * Added providers, a new pluggability concept that will replace the + ENGINE API and ENGINE implementations. OpenSSL 1.1.1 ------------- -### Major changes between OpenSSL 1.1.1e and OpenSSL 1.1.1f [under development] +### Major changes between OpenSSL 1.1.1k and OpenSSL 1.1.1l [24 Aug 2021] + + * Fixed an SM2 Decryption Buffer Overflow ([CVE-2021-3711]) + * Fixed various read buffer overruns processing ASN.1 strings ([CVE-2021-3712]) + +### Major changes between OpenSSL 1.1.1j and OpenSSL 1.1.1k [25 Mar 2021] + + * Fixed a problem with verifying a certificate chain when using the + X509_V_FLAG_X509_STRICT flag ([CVE-2021-3450]) + * Fixed an issue where an OpenSSL TLS server may crash if sent a maliciously + crafted renegotiation ClientHello message from a client ([CVE-2021-3449]) + +### Major changes between OpenSSL 1.1.1i and OpenSSL 1.1.1j [16 Feb 2021] + + * Fixed a NULL pointer deref in the X509_issuer_and_serial_hash() + function ([CVE-2021-23841]) + * Fixed the RSA_padding_check_SSLv23() function and the RSA_SSLV23_PADDING + padding mode to correctly check for rollback attacks + * Fixed an overflow in the EVP_CipherUpdate, EVP_EncryptUpdate and + EVP_DecryptUpdate functions ([CVE-2021-23840]) + * Fixed SRP_Calc_client_key so that it runs in constant time + +### Major changes between OpenSSL 1.1.1h and OpenSSL 1.1.1i [8 Dec 2020] + + * Fixed NULL pointer deref in GENERAL_NAME_cmp ([CVE-2020-1971]) + +### Major changes between OpenSSL 1.1.1g and OpenSSL 1.1.1h [22 Sep 2020] + + * Disallow explicit curve parameters in verifications chains when + X509_V_FLAG_X509_STRICT is used + * Enable 'MinProtocol' and 'MaxProtocol' to configure both TLS and DTLS + contexts + * Oracle Developer Studio will start reporting deprecation warnings + +### Major changes between OpenSSL 1.1.1f and OpenSSL 1.1.1g [21 Apr 2020] + + * Fixed segmentation fault in SSL_check_chain() ([CVE-2020-1967]) + +### Major changes between OpenSSL 1.1.1e and OpenSSL 1.1.1f [31 Mar 2020] - * + * Revert the unexpected EOF reporting via SSL_ERROR_SSL ### Major changes between OpenSSL 1.1.1d and OpenSSL 1.1.1e [17 Mar 2020] * Fixed an overflow bug in the x64_64 Montgomery squaring procedure - used in exponentiation with 512-bit moduli ([CVE-2019-1551][]) + used in exponentiation with 512-bit moduli ([CVE-2019-1551]) ### Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [10 Sep 2019] - * Fixed a fork protection issue ([CVE-2019-1549][]) + * Fixed a fork protection issue ([CVE-2019-1549]) * Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey - ([CVE-2019-1563][]) + ([CVE-2019-1563]) * For built-in EC curves, ensure an EC_GROUP built from the curve name is used even when parsing explicit parameters * Compute ECC cofactors if not provided during EC_GROUP construction - ([CVE-2019-1547][]) + ([CVE-2019-1547]) * Early start up entropy quality from the DEVRANDOM seed source has been improved for older Linux systems * Correct the extended master secret constant on EBCDIC systems - * Use Windows installation paths in the mingw builds ([CVE-2019-1552][]) + * Use Windows installation paths in the mingw builds ([CVE-2019-1552]) * Changed DH_check to accept parameters with order q and 2q subgroups * Significantly reduce secure memory usage by the randomness pools * Revert the DEVRANDOM_WAIT feature for Linux systems ### Major changes between OpenSSL 1.1.1b and OpenSSL 1.1.1c [28 May 2019] - * Prevent over long nonces in ChaCha20-Poly1305 ([CVE-2019-1543][]) + * Prevent over long nonces in ChaCha20-Poly1305 ([CVE-2019-1543]) ### Major changes between OpenSSL 1.1.1a and OpenSSL 1.1.1b [26 Feb 2019] @@ -105,8 +181,8 @@ OpenSSL 1.1.1 ### Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.1a [20 Nov 2018] - * Timing vulnerability in DSA signature generation ([CVE-2018-0734][]) - * Timing vulnerability in ECDSA signature generation ([CVE-2018-0735][]) + * Timing vulnerability in DSA signature generation ([CVE-2018-0734]) + * Timing vulnerability in ECDSA signature generation ([CVE-2018-0735]) ### Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [11 Sep 2018] @@ -164,38 +240,38 @@ OpenSSL 1.1.0 ### Major changes between OpenSSL 1.1.0k and OpenSSL 1.1.0l [10 Sep 2019] * Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey - ([CVE-2019-1563][]) + ([CVE-2019-1563]) * For built-in EC curves, ensure an EC_GROUP built from the curve name is used even when parsing explicit parameters * Compute ECC cofactors if not provided during EC_GROUP construction - ([CVE-2019-1547][]) - * Use Windows installation paths in the mingw builds ([CVE-2019-1552][]) + ([CVE-2019-1547]) + * Use Windows installation paths in the mingw builds ([CVE-2019-1552]) ### Major changes between OpenSSL 1.1.0j and OpenSSL 1.1.0k [28 May 2019] - * Prevent over long nonces in ChaCha20-Poly1305 ([CVE-2019-1543][]) + * Prevent over long nonces in ChaCha20-Poly1305 ([CVE-2019-1543]) ### Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.0j [20 Nov 2018] - * Timing vulnerability in DSA signature generation ([CVE-2018-0734][]) - * Timing vulnerability in ECDSA signature generation ([CVE-2018-0735][]) + * Timing vulnerability in DSA signature generation ([CVE-2018-0734]) + * Timing vulnerability in ECDSA signature generation ([CVE-2018-0735]) ### Major changes between OpenSSL 1.1.0h and OpenSSL 1.1.0i [14 Aug 2018] - * Client DoS due to large DH parameter ([CVE-2018-0732][]) - * Cache timing vulnerability in RSA Key Generation ([CVE-2018-0737][]) + * Client DoS due to large DH parameter ([CVE-2018-0732]) + * Cache timing vulnerability in RSA Key Generation ([CVE-2018-0737]) ### Major changes between OpenSSL 1.1.0g and OpenSSL 1.1.0h [27 Mar 2018] * Constructed ASN.1 types with a recursive definition could exceed the - stack ([CVE-2018-0739][]) - * Incorrect CRYPTO_memcmp on HP-UX PA-RISC ([CVE-2018-0733][]) - * rsaz_1024_mul_avx2 overflow bug on x86_64 ([CVE-2017-3738][]) + stack ([CVE-2018-0739]) + * Incorrect CRYPTO_memcmp on HP-UX PA-RISC ([CVE-2018-0733]) + * rsaz_1024_mul_avx2 overflow bug on x86_64 ([CVE-2017-3738]) ### Major changes between OpenSSL 1.1.0f and OpenSSL 1.1.0g [2 Nov 2017] - * bn_sqrx8x_internal carry bug on x86_64 ([CVE-2017-3736][]) - * Malformed X.509 IPAddressFamily could cause OOB read ([CVE-2017-3735][]) + * bn_sqrx8x_internal carry bug on x86_64 ([CVE-2017-3736]) + * Malformed X.509 IPAddressFamily could cause OOB read ([CVE-2017-3735]) ### Major changes between OpenSSL 1.1.0e and OpenSSL 1.1.0f [25 May 2017] @@ -203,32 +279,32 @@ OpenSSL 1.1.0 ### Major changes between OpenSSL 1.1.0d and OpenSSL 1.1.0e [16 Feb 2017] - * Encrypt-Then-Mac renegotiation crash ([CVE-2017-3733][]) + * Encrypt-Then-Mac renegotiation crash ([CVE-2017-3733]) ### Major changes between OpenSSL 1.1.0c and OpenSSL 1.1.0d [26 Jan 2017] - * Truncated packet could crash via OOB read ([CVE-2017-3731][]) - * Bad (EC)DHE parameters cause a client crash ([CVE-2017-3730][]) - * BN_mod_exp may produce incorrect results on x86_64 ([CVE-2017-3732][]) + * Truncated packet could crash via OOB read ([CVE-2017-3731]) + * Bad (EC)DHE parameters cause a client crash ([CVE-2017-3730]) + * BN_mod_exp may produce incorrect results on x86_64 ([CVE-2017-3732]) ### Major changes between OpenSSL 1.1.0b and OpenSSL 1.1.0c [10 Nov 2016] - * ChaCha20/Poly1305 heap-buffer-overflow ([CVE-2016-7054][]) - * CMS Null dereference ([CVE-2016-7053][]) - * Montgomery multiplication may produce incorrect results ([CVE-2016-7055][]) + * ChaCha20/Poly1305 heap-buffer-overflow ([CVE-2016-7054]) + * CMS Null dereference ([CVE-2016-7053]) + * Montgomery multiplication may produce incorrect results ([CVE-2016-7055]) ### Major changes between OpenSSL 1.1.0a and OpenSSL 1.1.0b [26 Sep 2016] - * Fix Use After Free for large message sizes ([CVE-2016-6309][]) + * Fix Use After Free for large message sizes ([CVE-2016-6309]) ### Major changes between OpenSSL 1.1.0 and OpenSSL 1.1.0a [22 Sep 2016] - * OCSP Status Request extension unbounded memory growth ([CVE-2016-6304][]) - * SSL_peek() hang on empty record ([CVE-2016-6305][]) + * OCSP Status Request extension unbounded memory growth ([CVE-2016-6304]) + * SSL_peek() hang on empty record ([CVE-2016-6305]) * Excessive allocation of memory in tls_get_message_header() - ([CVE-2016-6307][]) + ([CVE-2016-6307]) * Excessive allocation of memory in dtls1_preprocess_fragment() - ([CVE-2016-6308][]) + ([CVE-2016-6308]) ### Major changes between OpenSSL 1.0.2h and OpenSSL 1.1.0 [25 Aug 2016] @@ -284,13 +360,13 @@ OpenSSL 1.0.2 ### Major changes between OpenSSL 1.0.2s and OpenSSL 1.0.2t [10 Sep 2019] * Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey - ([CVE-2019-1563][]) + ([CVE-2019-1563]) * For built-in EC curves, ensure an EC_GROUP built from the curve name is used even when parsing explicit parameters * Compute ECC cofactors if not provided during EC_GROUP construction - ([CVE-2019-1547][]) + ([CVE-2019-1547]) * Document issue with installation paths in diverse Windows builds - ([CVE-2019-1552][]) + ([CVE-2019-1552]) ### Major changes between OpenSSL 1.0.2r and OpenSSL 1.0.2s [28 May 2019] @@ -298,32 +374,32 @@ OpenSSL 1.0.2 ### Major changes between OpenSSL 1.0.2q and OpenSSL 1.0.2r [26 Feb 2019] - * 0-byte record padding oracle ([CVE-2019-1559][]) + * 0-byte record padding oracle ([CVE-2019-1559]) ### Major changes between OpenSSL 1.0.2p and OpenSSL 1.0.2q [20 Nov 2018] - * Microarchitecture timing vulnerability in ECC scalar multiplication ([CVE-2018-5407][]) - * Timing vulnerability in DSA signature generation ([CVE-2018-0734][]) + * Microarchitecture timing vulnerability in ECC scalar multiplication ([CVE-2018-5407]) + * Timing vulnerability in DSA signature generation ([CVE-2018-0734]) ### Major changes between OpenSSL 1.0.2o and OpenSSL 1.0.2p [14 Aug 2018] - * Client DoS due to large DH parameter ([CVE-2018-0732][]) - * Cache timing vulnerability in RSA Key Generation ([CVE-2018-0737][]) + * Client DoS due to large DH parameter ([CVE-2018-0732]) + * Cache timing vulnerability in RSA Key Generation ([CVE-2018-0737]) ### Major changes between OpenSSL 1.0.2n and OpenSSL 1.0.2o [27 Mar 2018] * Constructed ASN.1 types with a recursive definition could exceed the - stack ([CVE-2018-0739][]) + stack ([CVE-2018-0739]) ### Major changes between OpenSSL 1.0.2m and OpenSSL 1.0.2n [7 Dec 2017] - * Read/write after SSL object in error state ([CVE-2017-3737][]) - * rsaz_1024_mul_avx2 overflow bug on x86_64 ([CVE-2017-3738][]) + * Read/write after SSL object in error state ([CVE-2017-3737]) + * rsaz_1024_mul_avx2 overflow bug on x86_64 ([CVE-2017-3738]) ### Major changes between OpenSSL 1.0.2l and OpenSSL 1.0.2m [2 Nov 2017] - * bn_sqrx8x_internal carry bug on x86_64 ([CVE-2017-3736][]) - * Malformed X.509 IPAddressFamily could cause OOB read ([CVE-2017-3735][]) + * bn_sqrx8x_internal carry bug on x86_64 ([CVE-2017-3736]) + * Malformed X.509 IPAddressFamily could cause OOB read ([CVE-2017-3735]) ### Major changes between OpenSSL 1.0.2k and OpenSSL 1.0.2l [25 May 2017] @@ -331,35 +407,35 @@ OpenSSL 1.0.2 ### Major changes between OpenSSL 1.0.2j and OpenSSL 1.0.2k [26 Jan 2017] - * Truncated packet could crash via OOB read ([CVE-2017-3731][]) - * BN_mod_exp may produce incorrect results on x86_64 ([CVE-2017-3732][]) - * Montgomery multiplication may produce incorrect results ([CVE-2016-7055][]) + * Truncated packet could crash via OOB read ([CVE-2017-3731]) + * BN_mod_exp may produce incorrect results on x86_64 ([CVE-2017-3732]) + * Montgomery multiplication may produce incorrect results ([CVE-2016-7055]) ### Major changes between OpenSSL 1.0.2i and OpenSSL 1.0.2j [26 Sep 2016] - * Missing CRL sanity check ([CVE-2016-7052][]) + * Missing CRL sanity check ([CVE-2016-7052]) ### Major changes between OpenSSL 1.0.2h and OpenSSL 1.0.2i [22 Sep 2016] - * OCSP Status Request extension unbounded memory growth ([CVE-2016-6304][]) - * SWEET32 Mitigation ([CVE-2016-2183][]) - * OOB write in MDC2_Update() ([CVE-2016-6303][]) - * Malformed SHA512 ticket DoS ([CVE-2016-6302][]) - * OOB write in BN_bn2dec() ([CVE-2016-2182][]) - * OOB read in TS_OBJ_print_bio() ([CVE-2016-2180][]) - * Pointer arithmetic undefined behaviour ([CVE-2016-2177][]) - * Constant time flag not preserved in DSA signing ([CVE-2016-2178][]) - * DTLS buffered message DoS ([CVE-2016-2179][]) - * DTLS replay protection DoS ([CVE-2016-2181][]) - * Certificate message OOB reads ([CVE-2016-6306][]) + * OCSP Status Request extension unbounded memory growth ([CVE-2016-6304]) + * SWEET32 Mitigation ([CVE-2016-2183]) + * OOB write in MDC2_Update() ([CVE-2016-6303]) + * Malformed SHA512 ticket DoS ([CVE-2016-6302]) + * OOB write in BN_bn2dec() ([CVE-2016-2182]) + * OOB read in TS_OBJ_print_bio() ([CVE-2016-2180]) + * Pointer arithmetic undefined behaviour ([CVE-2016-2177]) + * Constant time flag not preserved in DSA signing ([CVE-2016-2178]) + * DTLS buffered message DoS ([CVE-2016-2179]) + * DTLS replay protection DoS ([CVE-2016-2181]) + * Certificate message OOB reads ([CVE-2016-6306]) ### Major changes between OpenSSL 1.0.2g and OpenSSL 1.0.2h [3 May 2016] - * Prevent padding oracle in AES-NI CBC MAC check ([CVE-2016-2107][]) - * Fix EVP_EncodeUpdate overflow ([CVE-2016-2105][]) - * Fix EVP_EncryptUpdate overflow ([CVE-2016-2106][]) - * Prevent ASN.1 BIO excessive memory allocation ([CVE-2016-2109][]) - * EBCDIC overread ([CVE-2016-2176][]) + * Prevent padding oracle in AES-NI CBC MAC check ([CVE-2016-2107]) + * Fix EVP_EncodeUpdate overflow ([CVE-2016-2105]) + * Fix EVP_EncryptUpdate overflow ([CVE-2016-2106]) + * Prevent ASN.1 BIO excessive memory allocation ([CVE-2016-2109]) + * EBCDIC overread ([CVE-2016-2176]) * Modify behavior of ALPN to invoke callback after SNI/servername callback, such that updates to the SSL_CTX affect ALPN. * Remove LOW from the DEFAULT cipher list. This removes singles DES from @@ -370,33 +446,33 @@ OpenSSL 1.0.2 * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. * Disable SSLv2 default build, default negotiation and weak ciphers - ([CVE-2016-0800][]) - * Fix a double-free in DSA code ([CVE-2016-0705][]) + ([CVE-2016-0800]) + * Fix a double-free in DSA code ([CVE-2016-0705]) * Disable SRP fake user seed to address a server memory leak - ([CVE-2016-0798][]) + ([CVE-2016-0798]) * Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption - ([CVE-2016-0797][]) - * Fix memory issues in BIO_*printf functions ([CVE-2016-0799][]) - * Fix side channel attack on modular exponentiation ([CVE-2016-0702][]) + ([CVE-2016-0797]) + * Fix memory issues in BIO_*printf functions ([CVE-2016-0799]) + * Fix side channel attack on modular exponentiation ([CVE-2016-0702]) ### Major changes between OpenSSL 1.0.2e and OpenSSL 1.0.2f [28 Jan 2016] - * DH small subgroups ([CVE-2016-0701][]) - * SSLv2 doesn't block disabled ciphers ([CVE-2015-3197][]) + * DH small subgroups ([CVE-2016-0701]) + * SSLv2 doesn't block disabled ciphers ([CVE-2015-3197]) ### Major changes between OpenSSL 1.0.2d and OpenSSL 1.0.2e [3 Dec 2015] - * BN_mod_exp may produce incorrect results on x86_64 ([CVE-2015-3193][]) - * Certificate verify crash with missing PSS parameter ([CVE-2015-3194][]) - * X509_ATTRIBUTE memory leak ([CVE-2015-3195][]) + * BN_mod_exp may produce incorrect results on x86_64 ([CVE-2015-3193]) + * Certificate verify crash with missing PSS parameter ([CVE-2015-3194]) + * X509_ATTRIBUTE memory leak ([CVE-2015-3195]) * Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs * In DSA_generate_parameters_ex, if the provided seed is too short, return an error ### Major changes between OpenSSL 1.0.2c and OpenSSL 1.0.2d [9 Jul 2015] - * Alternate chains certificate forgery ([CVE-2015-1793][]) - * Race condition handling PSK identify hint ([CVE-2015-3196][]) + * Alternate chains certificate forgery ([CVE-2015-1793]) + * Race condition handling PSK identify hint ([CVE-2015-3196]) ### Major changes between OpenSSL 1.0.2b and OpenSSL 1.0.2c [12 Jun 2015] @@ -404,26 +480,26 @@ OpenSSL 1.0.2 ### Major changes between OpenSSL 1.0.2a and OpenSSL 1.0.2b [11 Jun 2015] - * Malformed ECParameters causes infinite loop ([CVE-2015-1788][]) - * Exploitable out-of-bounds read in X509_cmp_time ([CVE-2015-1789][]) - * PKCS7 crash with missing EnvelopedContent ([CVE-2015-1790][]) - * CMS verify infinite loop with unknown hash function ([CVE-2015-1792][]) - * Race condition handling NewSessionTicket ([CVE-2015-1791][]) + * Malformed ECParameters causes infinite loop ([CVE-2015-1788]) + * Exploitable out-of-bounds read in X509_cmp_time ([CVE-2015-1789]) + * PKCS7 crash with missing EnvelopedContent ([CVE-2015-1790]) + * CMS verify infinite loop with unknown hash function ([CVE-2015-1792]) + * Race condition handling NewSessionTicket ([CVE-2015-1791]) ### Major changes between OpenSSL 1.0.2 and OpenSSL 1.0.2a [19 Mar 2015] - * OpenSSL 1.0.2 ClientHello sigalgs DoS fix ([CVE-2015-0291][]) - * Multiblock corrupted pointer fix ([CVE-2015-0290][]) - * Segmentation fault in DTLSv1_listen fix ([CVE-2015-0207][]) - * Segmentation fault in ASN1_TYPE_cmp fix ([CVE-2015-0286][]) - * Segmentation fault for invalid PSS parameters fix ([CVE-2015-0208][]) - * ASN.1 structure reuse memory corruption fix ([CVE-2015-0287][]) - * PKCS7 NULL pointer dereferences fix ([CVE-2015-0289][]) - * DoS via reachable assert in SSLv2 servers fix ([CVE-2015-0293][]) - * Empty CKE with client auth and DHE fix ([CVE-2015-1787][]) - * Handshake with unseeded PRNG fix ([CVE-2015-0285][]) - * Use After Free following d2i_ECPrivatekey error fix ([CVE-2015-0209][]) - * X509_to_X509_REQ NULL pointer deref fix ([CVE-2015-0288][]) + * OpenSSL 1.0.2 ClientHello sigalgs DoS fix ([CVE-2015-0291]) + * Multiblock corrupted pointer fix ([CVE-2015-0290]) + * Segmentation fault in DTLSv1_listen fix ([CVE-2015-0207]) + * Segmentation fault in ASN1_TYPE_cmp fix ([CVE-2015-0286]) + * Segmentation fault for invalid PSS parameters fix ([CVE-2015-0208]) + * ASN.1 structure reuse memory corruption fix ([CVE-2015-0287]) + * PKCS7 NULL pointer dereferences fix ([CVE-2015-0289]) + * DoS via reachable assert in SSLv2 servers fix ([CVE-2015-0293]) + * Empty CKE with client auth and DHE fix ([CVE-2015-1787]) + * Handshake with unseeded PRNG fix ([CVE-2015-0285]) + * Use After Free following d2i_ECPrivatekey error fix ([CVE-2015-0209]) + * X509_to_X509_REQ NULL pointer deref fix ([CVE-2015-0288]) * Removed the export ciphers from the DEFAULT ciphers ### Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.2 [22 Jan 2015] @@ -442,25 +518,25 @@ OpenSSL 1.0.1 ### Major changes between OpenSSL 1.0.1t and OpenSSL 1.0.1u [22 Sep 2016] - * OCSP Status Request extension unbounded memory growth ([CVE-2016-6304][]) - * SWEET32 Mitigation ([CVE-2016-2183][]) - * OOB write in MDC2_Update() ([CVE-2016-6303][]) - * Malformed SHA512 ticket DoS ([CVE-2016-6302][]) - * OOB write in BN_bn2dec() ([CVE-2016-2182][]) - * OOB read in TS_OBJ_print_bio() ([CVE-2016-2180][]) - * Pointer arithmetic undefined behaviour ([CVE-2016-2177][]) - * Constant time flag not preserved in DSA signing ([CVE-2016-2178][]) - * DTLS buffered message DoS ([CVE-2016-2179][]) - * DTLS replay protection DoS ([CVE-2016-2181][]) - * Certificate message OOB reads ([CVE-2016-6306][]) + * OCSP Status Request extension unbounded memory growth ([CVE-2016-6304]) + * SWEET32 Mitigation ([CVE-2016-2183]) + * OOB write in MDC2_Update() ([CVE-2016-6303]) + * Malformed SHA512 ticket DoS ([CVE-2016-6302]) + * OOB write in BN_bn2dec() ([CVE-2016-2182]) + * OOB read in TS_OBJ_print_bio() ([CVE-2016-2180]) + * Pointer arithmetic undefined behaviour ([CVE-2016-2177]) + * Constant time flag not preserved in DSA signing ([CVE-2016-2178]) + * DTLS buffered message DoS ([CVE-2016-2179]) + * DTLS replay protection DoS ([CVE-2016-2181]) + * Certificate message OOB reads ([CVE-2016-6306]) ### Major changes between OpenSSL 1.0.1s and OpenSSL 1.0.1t [3 May 2016] - * Prevent padding oracle in AES-NI CBC MAC check ([CVE-2016-2107][]) - * Fix EVP_EncodeUpdate overflow ([CVE-2016-2105][]) - * Fix EVP_EncryptUpdate overflow ([CVE-2016-2106][]) - * Prevent ASN.1 BIO excessive memory allocation ([CVE-2016-2109][]) - * EBCDIC overread ([CVE-2016-2176][]) + * Prevent padding oracle in AES-NI CBC MAC check ([CVE-2016-2107]) + * Fix EVP_EncodeUpdate overflow ([CVE-2016-2105]) + * Fix EVP_EncryptUpdate overflow ([CVE-2016-2106]) + * Prevent ASN.1 BIO excessive memory allocation ([CVE-2016-2109]) + * EBCDIC overread ([CVE-2016-2176]) * Modify behavior of ALPN to invoke callback after SNI/servername callback, such that updates to the SSL_CTX affect ALPN. * Remove LOW from the DEFAULT cipher list. This removes singles DES from @@ -471,32 +547,32 @@ OpenSSL 1.0.1 * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. * Disable SSLv2 default build, default negotiation and weak ciphers - ([CVE-2016-0800][]) - * Fix a double-free in DSA code ([CVE-2016-0705][]) + ([CVE-2016-0800]) + * Fix a double-free in DSA code ([CVE-2016-0705]) * Disable SRP fake user seed to address a server memory leak - ([CVE-2016-0798][]) + ([CVE-2016-0798]) * Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption - ([CVE-2016-0797][]) - * Fix memory issues in BIO_*printf functions ([CVE-2016-0799][]) - * Fix side channel attack on modular exponentiation ([CVE-2016-0702][]) + ([CVE-2016-0797]) + * Fix memory issues in BIO_*printf functions ([CVE-2016-0799]) + * Fix side channel attack on modular exponentiation ([CVE-2016-0702]) ### Major changes between OpenSSL 1.0.1q and OpenSSL 1.0.1r [28 Jan 2016] * Protection for DH small subgroup attacks - * SSLv2 doesn't block disabled ciphers ([CVE-2015-3197][]) + * SSLv2 doesn't block disabled ciphers ([CVE-2015-3197]) ### Major changes between OpenSSL 1.0.1p and OpenSSL 1.0.1q [3 Dec 2015] - * Certificate verify crash with missing PSS parameter ([CVE-2015-3194][]) - * X509_ATTRIBUTE memory leak ([CVE-2015-3195][]) + * Certificate verify crash with missing PSS parameter ([CVE-2015-3194]) + * X509_ATTRIBUTE memory leak ([CVE-2015-3195]) * Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs * In DSA_generate_parameters_ex, if the provided seed is too short, return an error ### Major changes between OpenSSL 1.0.1o and OpenSSL 1.0.1p [9 Jul 2015] - * Alternate chains certificate forgery ([CVE-2015-1793][]) - * Race condition handling PSK identify hint ([CVE-2015-3196][]) + * Alternate chains certificate forgery ([CVE-2015-1793]) + * Race condition handling PSK identify hint ([CVE-2015-3196]) ### Major changes between OpenSSL 1.0.1n and OpenSSL 1.0.1o [12 Jun 2015] @@ -504,20 +580,20 @@ OpenSSL 1.0.1 ### Major changes between OpenSSL 1.0.1m and OpenSSL 1.0.1n [11 Jun 2015] - * Malformed ECParameters causes infinite loop ([CVE-2015-1788][]) - * Exploitable out-of-bounds read in X509_cmp_time ([CVE-2015-1789][]) - * PKCS7 crash with missing EnvelopedContent ([CVE-2015-1790][]) - * CMS verify infinite loop with unknown hash function ([CVE-2015-1792][]) - * Race condition handling NewSessionTicket ([CVE-2015-1791][]) + * Malformed ECParameters causes infinite loop ([CVE-2015-1788]) + * Exploitable out-of-bounds read in X509_cmp_time ([CVE-2015-1789]) + * PKCS7 crash with missing EnvelopedContent ([CVE-2015-1790]) + * CMS verify infinite loop with unknown hash function ([CVE-2015-1792]) + * Race condition handling NewSessionTicket ([CVE-2015-1791]) ### Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.1m [19 Mar 2015] - * Segmentation fault in ASN1_TYPE_cmp fix ([CVE-2015-0286][]) - * ASN.1 structure reuse memory corruption fix ([CVE-2015-0287][]) - * PKCS7 NULL pointer dereferences fix ([CVE-2015-0289][]) - * DoS via reachable assert in SSLv2 servers fix ([CVE-2015-0293][]) - * Use After Free following d2i_ECPrivatekey error fix ([CVE-2015-0209][]) - * X509_to_X509_REQ NULL pointer deref fix ([CVE-2015-0288][]) + * Segmentation fault in ASN1_TYPE_cmp fix ([CVE-2015-0286]) + * ASN.1 structure reuse memory corruption fix ([CVE-2015-0287]) + * PKCS7 NULL pointer dereferences fix ([CVE-2015-0289]) + * DoS via reachable assert in SSLv2 servers fix ([CVE-2015-0293]) + * Use After Free following d2i_ECPrivatekey error fix ([CVE-2015-0209]) + * X509_to_X509_REQ NULL pointer deref fix ([CVE-2015-0288]) * Removed the export ciphers from the DEFAULT ciphers ### Major changes between OpenSSL 1.0.1k and OpenSSL 1.0.1l [15 Jan 2015] @@ -526,71 +602,71 @@ OpenSSL 1.0.1 ### Major changes between OpenSSL 1.0.1j and OpenSSL 1.0.1k [8 Jan 2015] - * Fix for [CVE-2014-3571][] - * Fix for [CVE-2015-0206][] - * Fix for [CVE-2014-3569][] - * Fix for [CVE-2014-3572][] - * Fix for [CVE-2015-0204][] - * Fix for [CVE-2015-0205][] - * Fix for [CVE-2014-8275][] - * Fix for [CVE-2014-3570][] + * Fix for [CVE-2014-3571] + * Fix for [CVE-2015-0206] + * Fix for [CVE-2014-3569] + * Fix for [CVE-2014-3572] + * Fix for [CVE-2015-0204] + * Fix for [CVE-2015-0205] + * Fix for [CVE-2014-8275] + * Fix for [CVE-2014-3570] ### Major changes between OpenSSL 1.0.1i and OpenSSL 1.0.1j [15 Oct 2014] - * Fix for [CVE-2014-3513][] - * Fix for [CVE-2014-3567][] - * Mitigation for [CVE-2014-3566][] (SSL protocol vulnerability) - * Fix for [CVE-2014-3568][] + * Fix for [CVE-2014-3513] + * Fix for [CVE-2014-3567] + * Mitigation for [CVE-2014-3566] (SSL protocol vulnerability) + * Fix for [CVE-2014-3568] ### Major changes between OpenSSL 1.0.1h and OpenSSL 1.0.1i [6 Aug 2014] - * Fix for [CVE-2014-3512][] - * Fix for [CVE-2014-3511][] - * Fix for [CVE-2014-3510][] - * Fix for [CVE-2014-3507][] - * Fix for [CVE-2014-3506][] - * Fix for [CVE-2014-3505][] - * Fix for [CVE-2014-3509][] - * Fix for [CVE-2014-5139][] - * Fix for [CVE-2014-3508][] + * Fix for [CVE-2014-3512] + * Fix for [CVE-2014-3511] + * Fix for [CVE-2014-3510] + * Fix for [CVE-2014-3507] + * Fix for [CVE-2014-3506] + * Fix for [CVE-2014-3505] + * Fix for [CVE-2014-3509] + * Fix for [CVE-2014-5139] + * Fix for [CVE-2014-3508] ### Major changes between OpenSSL 1.0.1g and OpenSSL 1.0.1h [5 Jun 2014] - * Fix for [CVE-2014-0224][] - * Fix for [CVE-2014-0221][] - * Fix for [CVE-2014-0198][] - * Fix for [CVE-2014-0195][] - * Fix for [CVE-2014-3470][] - * Fix for [CVE-2010-5298][] + * Fix for [CVE-2014-0224] + * Fix for [CVE-2014-0221] + * Fix for [CVE-2014-0198] + * Fix for [CVE-2014-0195] + * Fix for [CVE-2014-3470] + * Fix for [CVE-2010-5298] ### Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014] - * Fix for [CVE-2014-0160][] + * Fix for [CVE-2014-0160] * Add TLS padding extension workaround for broken servers. - * Fix for [CVE-2014-0076][] + * Fix for [CVE-2014-0076] ### Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014] * Don't include gmt_unix_time in TLS server and client random values - * Fix for TLS record tampering bug [CVE-2013-4353][] - * Fix for TLS version checking bug [CVE-2013-6449][] - * Fix for DTLS retransmission bug [CVE-2013-6450][] + * Fix for TLS record tampering bug ([CVE-2013-4353]) + * Fix for TLS version checking bug ([CVE-2013-6449]) + * Fix for DTLS retransmission bug ([CVE-2013-6450]) ### Major changes between OpenSSL 1.0.1d and OpenSSL 1.0.1e [11 Feb 2013] - * Corrected fix for [CVE-2013-0169][] + * Corrected fix for ([CVE-2013-0169]) ### Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d [4 Feb 2013] * Fix renegotiation in TLS 1.1, 1.2 by using the correct TLS version. * Include the fips configuration module. - * Fix OCSP bad key DoS attack [CVE-2013-0166][] - * Fix for SSL/TLS/DTLS CBC plaintext recovery attack [CVE-2013-0169][] - * Fix for TLS AESNI record handling flaw [CVE-2012-2686][] + * Fix OCSP bad key DoS attack ([CVE-2013-0166]) + * Fix for SSL/TLS/DTLS CBC plaintext recovery attack ([CVE-2013-0169]) + * Fix for TLS AESNI record handling flaw ([CVE-2012-2686]) ### Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c [10 May 2012] - * Fix TLS/DTLS record length checking bug [CVE-2012-2333][] + * Fix TLS/DTLS record length checking bug ([CVE-2012-2333]) * Don't attempt to use non-FIPS composite ciphers in FIPS mode. ### Major changes between OpenSSL 1.0.1a and OpenSSL 1.0.1b [26 Apr 2012] @@ -601,7 +677,7 @@ OpenSSL 1.0.1 ### Major changes between OpenSSL 1.0.1 and OpenSSL 1.0.1a [19 Apr 2012] - * Fix for ASN1 overflow bug [CVE-2012-2110][] + * Fix for ASN1 overflow bug ([CVE-2012-2110]) * Workarounds for some servers that hang on long client hellos. * Fix SEGV in AES code. @@ -623,25 +699,25 @@ OpenSSL 1.0.0 ### Major changes between OpenSSL 1.0.0s and OpenSSL 1.0.0t [3 Dec 2015] - * X509_ATTRIBUTE memory leak ([CVE-2015-3195][]) - * Race condition handling PSK identify hint ([CVE-2015-3196][]) + * X509_ATTRIBUTE memory leak (([CVE-2015-3195])) + * Race condition handling PSK identify hint ([CVE-2015-3196]) ### Major changes between OpenSSL 1.0.0r and OpenSSL 1.0.0s [11 Jun 2015] - * Malformed ECParameters causes infinite loop ([CVE-2015-1788][]) - * Exploitable out-of-bounds read in X509_cmp_time ([CVE-2015-1789][]) - * PKCS7 crash with missing EnvelopedContent ([CVE-2015-1790][]) - * CMS verify infinite loop with unknown hash function ([CVE-2015-1792][]) - * Race condition handling NewSessionTicket ([CVE-2015-1791][]) + * Malformed ECParameters causes infinite loop ([CVE-2015-1788]) + * Exploitable out-of-bounds read in X509_cmp_time ([CVE-2015-1789]) + * PKCS7 crash with missing EnvelopedContent ([CVE-2015-1790]) + * CMS verify infinite loop with unknown hash function ([CVE-2015-1792]) + * Race condition handling NewSessionTicket ([CVE-2015-1791]) ### Major changes between OpenSSL 1.0.0q and OpenSSL 1.0.0r [19 Mar 2015] - * Segmentation fault in ASN1_TYPE_cmp fix ([CVE-2015-0286][]) - * ASN.1 structure reuse memory corruption fix ([CVE-2015-0287][]) - * PKCS7 NULL pointer dereferences fix ([CVE-2015-0289][]) - * DoS via reachable assert in SSLv2 servers fix ([CVE-2015-0293][]) - * Use After Free following d2i_ECPrivatekey error fix ([CVE-2015-0209][]) - * X509_to_X509_REQ NULL pointer deref fix ([CVE-2015-0288][]) + * Segmentation fault in ASN1_TYPE_cmp fix ([CVE-2015-0286]) + * ASN.1 structure reuse memory corruption fix ([CVE-2015-0287]) + * PKCS7 NULL pointer dereferences fix ([CVE-2015-0289]) + * DoS via reachable assert in SSLv2 servers fix ([CVE-2015-0293]) + * Use After Free following d2i_ECPrivatekey error fix ([CVE-2015-0209]) + * X509_to_X509_REQ NULL pointer deref fix ([CVE-2015-0288]) * Removed the export ciphers from the DEFAULT ciphers ### Major changes between OpenSSL 1.0.0p and OpenSSL 1.0.0q [15 Jan 2015] @@ -650,112 +726,112 @@ OpenSSL 1.0.0 ### Major changes between OpenSSL 1.0.0o and OpenSSL 1.0.0p [8 Jan 2015] - * Fix for [CVE-2014-3571][] - * Fix for [CVE-2015-0206][] - * Fix for [CVE-2014-3569][] - * Fix for [CVE-2014-3572][] - * Fix for [CVE-2015-0204][] - * Fix for [CVE-2015-0205][] - * Fix for [CVE-2014-8275][] - * Fix for [CVE-2014-3570][] + * Fix for [CVE-2014-3571] + * Fix for [CVE-2015-0206] + * Fix for [CVE-2014-3569] + * Fix for [CVE-2014-3572] + * Fix for [CVE-2015-0204] + * Fix for [CVE-2015-0205] + * Fix for [CVE-2014-8275] + * Fix for [CVE-2014-3570] ### Major changes between OpenSSL 1.0.0n and OpenSSL 1.0.0o [15 Oct 2014] - * Fix for [CVE-2014-3513][] - * Fix for [CVE-2014-3567][] - * Mitigation for [CVE-2014-3566][] (SSL protocol vulnerability) - * Fix for [CVE-2014-3568][] + * Fix for [CVE-2014-3513] + * Fix for [CVE-2014-3567] + * Mitigation for [CVE-2014-3566] (SSL protocol vulnerability) + * Fix for [CVE-2014-3568] ### Major changes between OpenSSL 1.0.0m and OpenSSL 1.0.0n [6 Aug 2014] - * Fix for [CVE-2014-3510][] - * Fix for [CVE-2014-3507][] - * Fix for [CVE-2014-3506][] - * Fix for [CVE-2014-3505][] - * Fix for [CVE-2014-3509][] - * Fix for [CVE-2014-3508][] + * Fix for [CVE-2014-3510] + * Fix for [CVE-2014-3507] + * Fix for [CVE-2014-3506] + * Fix for [CVE-2014-3505] + * Fix for [CVE-2014-3509] + * Fix for [CVE-2014-3508] Known issues in OpenSSL 1.0.0m: * EAP-FAST and other applications using tls_session_secret_cb - wont resume sessions. Fixed in 1.0.0n-dev + won't resume sessions. Fixed in 1.0.0n-dev * Compilation failure of s3_pkt.c on some platforms due to missing `` include. Fixed in 1.0.0n-dev ### Major changes between OpenSSL 1.0.0l and OpenSSL 1.0.0m [5 Jun 2014] - * Fix for [CVE-2014-0224][] - * Fix for [CVE-2014-0221][] - * Fix for [CVE-2014-0198][] - * Fix for [CVE-2014-0195][] - * Fix for [CVE-2014-3470][] - * Fix for [CVE-2014-0076][] - * Fix for [CVE-2010-5298][] + * Fix for [CVE-2014-0224] + * Fix for [CVE-2014-0221] + * Fix for [CVE-2014-0198] + * Fix for [CVE-2014-0195] + * Fix for [CVE-2014-3470] + * Fix for [CVE-2014-0076] + * Fix for [CVE-2010-5298] ### Major changes between OpenSSL 1.0.0k and OpenSSL 1.0.0l [6 Jan 2014] - * Fix for DTLS retransmission bug [CVE-2013-6450][] + * Fix for DTLS retransmission bug ([CVE-2013-6450]) ### Major changes between OpenSSL 1.0.0j and OpenSSL 1.0.0k [5 Feb 2013] - * Fix for SSL/TLS/DTLS CBC plaintext recovery attack [CVE-2013-0169][] - * Fix OCSP bad key DoS attack [CVE-2013-0166][] + * Fix for SSL/TLS/DTLS CBC plaintext recovery attack ([CVE-2013-0169]) + * Fix OCSP bad key DoS attack ([CVE-2013-0166]) ### Major changes between OpenSSL 1.0.0i and OpenSSL 1.0.0j [10 May 2012] - * Fix DTLS record length checking bug [CVE-2012-2333][] + * Fix DTLS record length checking bug ([CVE-2012-2333]) ### Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.0i [19 Apr 2012] - * Fix for ASN1 overflow bug [CVE-2012-2110][] + * Fix for ASN1 overflow bug ([CVE-2012-2110]) ### Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h [12 Mar 2012] - * Fix for CMS/PKCS#7 MMA [CVE-2012-0884][] - * Corrected fix for [CVE-2011-4619][] + * Fix for CMS/PKCS#7 MMA ([CVE-2012-0884]) + * Corrected fix for ([CVE-2011-4619]) * Various DTLS fixes. ### Major changes between OpenSSL 1.0.0f and OpenSSL 1.0.0g [18 Jan 2012] - * Fix for DTLS DoS issue [CVE-2012-0050][] + * Fix for DTLS DoS issue ([CVE-2012-0050]) ### Major changes between OpenSSL 1.0.0e and OpenSSL 1.0.0f [4 Jan 2012] - * Fix for DTLS plaintext recovery attack [CVE-2011-4108][] - * Clear block padding bytes of SSL 3.0 records [CVE-2011-4576][] - * Only allow one SGC handshake restart for SSL/TLS [CVE-2011-4619][] - * Check parameters are not NULL in GOST ENGINE [CVE-2012-0027][] - * Check for malformed RFC3779 data [CVE-2011-4577][] + * Fix for DTLS plaintext recovery attack ([CVE-2011-4108]) + * Clear block padding bytes of SSL 3.0 records ([CVE-2011-4576]) + * Only allow one SGC handshake restart for SSL/TLS ([CVE-2011-4619]) + * Check parameters are not NULL in GOST ENGINE ([CVE-2012-0027]) + * Check for malformed RFC3779 data ([CVE-2011-4577]) ### Major changes between OpenSSL 1.0.0d and OpenSSL 1.0.0e [6 Sep 2011] - * Fix for CRL vulnerability issue [CVE-2011-3207][] - * Fix for ECDH crashes [CVE-2011-3210][] + * Fix for CRL vulnerability issue ([CVE-2011-3207]) + * Fix for ECDH crashes ([CVE-2011-3210]) * Protection against EC timing attacks. * Support ECDH ciphersuites for certificates using SHA2 algorithms. * Various DTLS fixes. ### Major changes between OpenSSL 1.0.0c and OpenSSL 1.0.0d [8 Feb 2011] - * Fix for security issue [CVE-2011-0014][] + * Fix for security issue ([CVE-2011-0014]) ### Major changes between OpenSSL 1.0.0b and OpenSSL 1.0.0c [2 Dec 2010] - * Fix for security issue [CVE-2010-4180][] - * Fix for [CVE-2010-4252][] + * Fix for security issue ([CVE-2010-4180]) + * Fix for ([CVE-2010-4252]) * Fix mishandling of absent EC point format extension. * Fix various platform compilation issues. - * Corrected fix for security issue [CVE-2010-3864][]. + * Corrected fix for security issue ([CVE-2010-3864]). ### Major changes between OpenSSL 1.0.0a and OpenSSL 1.0.0b [16 Nov 2010] - * Fix for security issue [CVE-2010-3864][]. - * Fix for [CVE-2010-2939][] + * Fix for security issue ([CVE-2010-3864]). + * Fix for ([CVE-2010-2939]) * Fix WIN32 build system for GOST ENGINE. ### Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a [1 Jun 2010] - * Fix for security issue [CVE-2010-1633][]. + * Fix for security issue ([CVE-2010-1633]). * GOST MAC and CFB fixes. ### Major changes between OpenSSL 0.9.8n and OpenSSL 1.0.0 [29 Mar 2010] @@ -787,7 +863,7 @@ OpenSSL 0.9.x ### Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n [24 Mar 2010] * CFB cipher definition fixes. - * Fix security issues [CVE-2010-0740][] and [CVE-2010-0433][]. + * Fix security issues [CVE-2010-0740] and [CVE-2010-0433]. ### Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m [25 Feb 2010] @@ -803,16 +879,16 @@ OpenSSL 0.9.x ### Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l [5 Nov 2009] - * Temporary work around for [CVE-2009-3555][]: disable renegotiation. + * Temporary work around for [CVE-2009-3555]: disable renegotiation. ### Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k [25 Mar 2009] * Fix various build issues. - * Fix security issues ([CVE-2009-0590][], [CVE-2009-0591][], [CVE-2009-0789][]) + * Fix security issues [CVE-2009-0590], [CVE-2009-0591], [CVE-2009-0789] ### Major changes between OpenSSL 0.9.8i and OpenSSL 0.9.8j [7 Jan 2009] - * Fix security issue ([CVE-2008-5077][]) + * Fix security issue ([CVE-2008-5077]) * Merge FIPS 140-2 branch code. ### Major changes between OpenSSL 0.9.8g and OpenSSL 0.9.8h [28 May 2008] @@ -845,13 +921,13 @@ OpenSSL 0.9.x ### Major changes between OpenSSL 0.9.8c and OpenSSL 0.9.8d [28 Sep 2006] - * Introduce limits to prevent malicious key DoS ([CVE-2006-2940][]) - * Fix security issues ([CVE-2006-2937][], [CVE-2006-3737][], [CVE-2006-4343][]) + * Introduce limits to prevent malicious key DoS ([CVE-2006-2940]) + * Fix security issues [CVE-2006-2937], [CVE-2006-3737], [CVE-2006-4343] * Changes to ciphersuite selection algorithm ### Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c [5 Sep 2006] - * Fix Daniel Bleichenbacher forged signature attack, [CVE-2006-4339][] + * Fix Daniel Bleichenbacher forged signature attack, [CVE-2006-4339] * New cipher Camellia ### Major changes between OpenSSL 0.9.8a and OpenSSL 0.9.8b [4 May 2006] @@ -866,7 +942,7 @@ OpenSSL 0.9.x ### Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a [11 Oct 2005] - * Fix potential SSL 2.0 rollback, [CVE-2005-2969][] + * Fix potential SSL 2.0 rollback ([CVE-2005-2969]) * Extended Windows CE support ### Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8 [5 Jul 2005] @@ -950,12 +1026,12 @@ OpenSSL 0.9.x ### Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l [28 Sep 2006] - * Introduce limits to prevent malicious key DoS ([CVE-2006-2940][]) - * Fix security issues ([CVE-2006-2937][], [CVE-2006-3737][], [CVE-2006-4343][]) + * Introduce limits to prevent malicious key DoS ([CVE-2006-2940]) + * Fix security issues [CVE-2006-2937], [CVE-2006-3737], [CVE-2006-4343] ### Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k [5 Sep 2006] - * Fix Daniel Bleichenbacher forged signature attack, [CVE-2006-4339][] + * Fix Daniel Bleichenbacher forged signature attack, [CVE-2006-4339] ### Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j [4 May 2006] @@ -968,7 +1044,7 @@ OpenSSL 0.9.x ### Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h [11 Oct 2005] - * Fix SSL 2.0 Rollback, [CVE-2005-2969][] + * Fix SSL 2.0 Rollback ([CVE-2005-2969]) * Allow use of fixed-length exponent on DSA signing * Default fixed-window RSA, DSA, DH private-key operations @@ -1186,14 +1262,14 @@ OpenSSL 0.9.x * Enhanced chain verification using key identifiers. * New sign and verify options to 'dgst' application. * Support for DER and PEM encoded messages in 'smime' application. - * New 'rsautl' application, low level RSA utility. + * New 'rsautl' application, low-level RSA utility. * MD4 now included. * Bugfix for SSL rollback padding check. * Support for external crypto devices [1]. * Enhanced EVP interface. [1] The support for external crypto devices is currently a separate - distribution. See the file README.ENGINE. + distribution. See the file README-Engine.md. ### Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a [1 Apr 2000] @@ -1238,7 +1314,7 @@ OpenSSL 0.9.x * BIGNUM library bug fixes * Faster DSA parameter generation * Enhanced support for Alpha Linux - * Experimental MacOS support + * Experimental macOS support ### Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4 [9 Aug 1999] @@ -1303,6 +1379,8 @@ OpenSSL 0.9.x +[CVE-2020-1971]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1971 +[CVE-2020-1967]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1967 [CVE-2019-1563]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1563 [CVE-2019-1559]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1559 [CVE-2019-1552]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1552