X-Git-Url: https://git.openssl.org/gitweb/?a=blobdiff_plain;f=NEWS.md;h=36a157bc3db9f88d7dbd28fa6fce673e9f943d52;hb=b1104a3a2dd4351af85cf48f677691a414ffc3a2;hp=c1edd0c847baad654b22ce697c2d718bb68f50dd;hpb=cae118f9382c3790359b3ff050d6e01c11579a7f;p=openssl.git diff --git a/NEWS.md b/NEWS.md index c1edd0c847..36a157bc3d 100644 --- a/NEWS.md +++ b/NEWS.md @@ -7,6 +7,7 @@ release. For more details please read the CHANGES file. OpenSSL Releases ---------------- + - [OpenSSL 3.1](#openssl-31) - [OpenSSL 3.0](#openssl-30) - [OpenSSL 1.1.1](#openssl-111) - [OpenSSL 1.1.0](#openssl-110) @@ -15,23 +16,75 @@ OpenSSL Releases - [OpenSSL 1.0.0](#openssl-100) - [OpenSSL 0.9.x](#openssl-09x) -OpenSSL 3.0 +OpenSSL 3.1 ----------- -### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0 alpha 10 [in pre-release] +### Major changes between OpenSSL 3.0 and OpenSSL 3.1 [under development] + + * Subject or issuer names in X.509 objects are now displayed as UTF-8 strings + by default. + * TCP Fast Open (RFC7413) support is available on Linux, macOS, and FreeBSD + where enabled and supported. + * SSL 3, TLS 1.0, TLS 1.1, and DTLS 1.0 only work at security level 0. - * Deprecated the `DSA_` functions. +OpenSSL 3.0 +----------- + +### Major changes between OpenSSL 3.0.3 and OpenSSL 3.0.4 [21 Jun 2022] + + * Fixed additional bugs in the c_rehash script which was not properly + sanitising shell metacharacters to prevent command injection + ([CVE-2022-2068]) + +### Major changes between OpenSSL 3.0.2 and OpenSSL 3.0.3 [3 May 2022] + + * Fixed a bug in the c_rehash script which was not properly sanitising shell + metacharacters to prevent command injection ([CVE-2022-1292]) + * Fixed a bug in the function `OCSP_basic_verify` that verifies the signer + certificate on an OCSP response ([CVE-2022-1343]) + * Fixed a bug where the RC4-MD5 ciphersuite incorrectly used the + AAD data as the MAC key ([CVE-2022-1434]) + * Fix a bug in the OPENSSL_LH_flush() function that breaks reuse of the memory + occuppied by the removed hash table entries ([CVE-2022-1473]) + +### Major changes between OpenSSL 3.0.1 and OpenSSL 3.0.2 + + * Fixed a bug in the BN_mod_sqrt() function that can cause it to loop forever + for non-prime moduli ([CVE-2022-0778]) + +### Major changes between OpenSSL 3.0.0 and OpenSSL 3.0.1 + + * Fixed invalid handling of X509_verify_cert() internal errors in libssl + ([CVE-2021-4044]) + * Allow fetching an operation from the provider that owns an unexportable key + as a fallback if that is still allowed by the property query. + +### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0.0 + + * Enhanced 'openssl list' with many new options. + * Added migration guide to man7. + * Implemented support for fully "pluggable" TLSv1.3 groups. + * Added suport for Kernel TLS (KTLS). + * Changed the license to the Apache License v2.0. + * Moved all variations of the EVP ciphers CAST5, BF, IDEA, SEED, RC2, + RC4, RC5, and DES to the legacy provider. + * Moved the EVP digests MD2, MD4, MDC2, WHIRLPOOL and RIPEMD-160 to the legacy + provider. + * Added convenience functions for generating asymmetric key pairs. + * Deprecated the `OCSP_REQ_CTX` type and functions. + * Deprecated the `EC_KEY` and `EC_KEY_METHOD` types and functions. + * Deprecated the `RSA` and `RSA_METHOD` types and functions. + * Deprecated the `DSA` and `DSA_METHOD` types and functions. + * Deprecated the `DH` and `DH_METHOD` types and functions. * Deprecated the `ERR_load_` functions. * Remove the `RAND_DRBG` API. * Deprecated the `ENGINE` API. * Added `OSSL_LIB_CTX`, a libcrypto library context. + * Added various `_ex` functions to the OpenSSL API that support using + a non-default `OSSL_LIB_CTX`. * Interactive mode is removed from the 'openssl' program. - * The X25519, X448, Ed25519, Ed448 and SHAKE256 algorithms are included in - the FIPS provider. None have the "fips=yes" property set and, as such, - will not be accidentially used. - * The algorithm specific public key command line applications have - been deprecated. These include dhparam, gendsa and others. The pkey - alternatives should be used instead: pkey, pkeyparam and genpkey. + * The X25519, X448, Ed25519, Ed448, SHAKE128 and SHAKE256 algorithms are + included in the FIPS provider. * X509 certificates signed using SHA1 are no longer allowed at security level 1 or higher. The default security level for TLS is 1, so certificates signed using SHA1 are by default no longer trusted to @@ -42,10 +95,13 @@ OpenSSL 3.0 also covering CRMF (RFC 4211) and HTTP transfer (RFC 6712). It is part of the crypto lib and adds a 'cmp' app with a demo configuration. All widely used CMP features are supported for both clients and servers. - * Added a proper HTTP(S) client to libcrypto supporting GET and POST, - redirection, plain and ASN.1-encoded contents, proxies, and timeouts. + * Added a proper HTTP client supporting GET with optional redirection, POST, + arbitrary request and response content types, TLS, persistent connections, + connections via HTTP(s) proxies, connections and exchange via user-defined + BIOs (allowing implicit connections), and timeout checks. * Added util/check-format.pl for checking adherence to the coding guidelines. * Added OSSL_ENCODER, a generic encoder API. + * Added OSSL_DECODER, a generic decoder API. * Added OSSL_PARAM_BLD, an easier to use API to OSSL_PARAM. * Added error raising macros, ERR_raise() and ERR_raise_data(). * Deprecated ERR_put_error(), ERR_get_error_line(), ERR_get_error_line_data(), @@ -60,10 +116,12 @@ OpenSSL 3.0 * Changed our version number scheme and set the next major release to 3.0.0 * Added EVP_MAC, an EVP layer MAC API, and a generic EVP_PKEY to EVP_MAC - bridge. + bridge. Supported MACs are: BLAKE2, CMAC, GMAC, HMAC, KMAC, POLY1305 + and SIPHASH. * Removed the heartbeat message in DTLS feature. - * Added EVP_KDF, an EVP layer KDF API, and a generic EVP_PKEY to EVP_KDF - bridge. + * Added EVP_KDF, an EVP layer KDF and PRF API, and a generic EVP_PKEY to + EVP_KDF bridge. Supported KDFs are: HKDF, KBKDF, KRB5 KDF, PBKDF2, + PKCS12 KDF, SCRYPT, SSH KDF, SSKDF, TLS1 PRF, X9.42 KDF and X9.63 KDF. * All of the low-level MD2, MD4, MD5, MDC2, RIPEMD160, SHA1, SHA224, SHA256, SHA384, SHA512 and Whirlpool digest functions have been deprecated. @@ -71,12 +129,37 @@ OpenSSL 3.0 RC4, RC5 and SEED cipher functions have been deprecated. * All of the low-level DH, DSA, ECDH, ECDSA and RSA public key functions have been deprecated. - * SSL 3, TLS 1.0, TLS 1.1, and DTLS 1.0 only work at security level 0. + * SSL 3, TLS 1.0, TLS 1.1, and DTLS 1.0 only work at security level 0, + except when RSA key exchange without SHA1 is used. + * Added providers, a new pluggability concept that will replace the + ENGINE API and ENGINE implementations. OpenSSL 1.1.1 ------------- -### Major changes between OpenSSL 1.1.1h and OpenSSL 1.1.1i [under development] +### Major changes between OpenSSL 1.1.1k and OpenSSL 1.1.1l [24 Aug 2021] + + * Fixed an SM2 Decryption Buffer Overflow ([CVE-2021-3711]) + * Fixed various read buffer overruns processing ASN.1 strings ([CVE-2021-3712]) + +### Major changes between OpenSSL 1.1.1j and OpenSSL 1.1.1k [25 Mar 2021] + + * Fixed a problem with verifying a certificate chain when using the + X509_V_FLAG_X509_STRICT flag ([CVE-2021-3450]) + * Fixed an issue where an OpenSSL TLS server may crash if sent a maliciously + crafted renegotiation ClientHello message from a client ([CVE-2021-3449]) + +### Major changes between OpenSSL 1.1.1i and OpenSSL 1.1.1j [16 Feb 2021] + + * Fixed a NULL pointer deref in the X509_issuer_and_serial_hash() + function ([CVE-2021-23841]) + * Fixed the RSA_padding_check_SSLv23() function and the RSA_SSLV23_PADDING + padding mode to correctly check for rollback attacks + * Fixed an overflow in the EVP_CipherUpdate, EVP_EncryptUpdate and + EVP_DecryptUpdate functions ([CVE-2021-23840]) + * Fixed SRP_Calc_client_key so that it runs in constant time + +### Major changes between OpenSSL 1.1.1h and OpenSSL 1.1.1i [8 Dec 2020] * Fixed NULL pointer deref in GENERAL_NAME_cmp ([CVE-2020-1971])