OpenSSL CHANGES
_______________
- Changes between 1.0.0 and 1.1.0 [xx XXX xxxx]
+ Changes between 1.0.1 and 1.1.0 [xx XXX xxxx]
+
+ *) Initial, experimental EVP support for AES-GCM. AAD can be input by
+ setting output buffer to NULL. The *Final function must be
+ called although it will not retrieve any additional data. The tag
+ can be set or retrieved with a ctrl. The IV length is by default 12
+ bytes (96 bits) but can be set to an alternative value. If the IV
+ length exceeds the maximum IV length (currently 16 bytes) it cannot be
+ set before the key.
+ [Steve Henson]
+
+ *) New flag in ciphers: EVP_CIPH_FLAG_CUSTOM_CIPHER. This means the
+ underlying do_cipher function handles all cipher semantics itself
+ including padding and finalisation. This is useful if (for example)
+ an ENGINE cipher handles block padding itself. The behaviour of
+ do_cipher is subtly changed if this flag is set: the return value
+ is the number of characters written to the output buffer (zero is
+ no longer an error code) or a negative error code. Also if the
+ input buffer is NULL and length 0 finalisation should be performed.
+ [Steve Henson]
+
+ *) If a candidate issuer certificate is already part of the constructed
+ path ignore it: new debug notification X509_V_ERR_PATH_LOOP for this case.
+ [Steve Henson]
+
+ *) Improve forward-security support: add functions
+
+ void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx, int (*cb)(SSL *ssl, int is_forward_secure))
+ void SSL_set_not_resumable_session_callback(SSL *ssl, int (*cb)(SSL *ssl, int is_forward_secure))
+
+ for use by SSL/TLS servers; the callback function will be called whenever a
+ new session is created, and gets to decide whether the session may be
+ cached to make it resumable (return 0) or not (return 1). (As by the
+ SSL/TLS protocol specifications, the session_id sent by the server will be
+ empty to indicate that the session is not resumable; also, the server will
+ not generate RFC 4507 (RFC 5077) session tickets.)
+
+ A simple reasonable callback implementation is to return is_forward_secure.
+ This parameter will be set to 1 or 0 depending on the ciphersuite selected
+ by the SSL/TLS server library, indicating whether it can provide forward
+ security.
+ [Emilia Käsper <emilia.kasper@esat.kuleuven.be> (Google)]
*) Add Next Protocol Negotiation,
http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-00. Can be
whose return value is often ignored.
[Steve Henson]
- Changes between 1.0.0a and 1.0.1 [xx XXX xxxx]
+ Changes between 1.0.0c and 1.0.1 [xx XXX xxxx]
+
+ *) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id.
+ [Steve Henson]
*) Add EC_GFp_nistp224_method(), a 64-bit optimized implementation for
elliptic curve NIST-P224 with constant-time single point multiplication on
Add command line options to s_client/s_server.
[Steve Henson]
- Changes between 1.0.0a and 1.0.0b [xx XXX xxxx]
+ Changes between 1.0.0c and 1.0.0d [xx XXX xxxx]
+
+ *) Fix bug in string printing code: if *any* escaping is enabled we must
+ escape the escape character (backslash) or the resulting string is
+ ambiguous.
+ [Steve Henson]
+
+ Changes between 1.0.0b and 1.0.0c [2 Dec 2010]
+
+ *) Disable code workaround for ancient and obsolete Netscape browsers
+ and servers: an attacker can use it in a ciphersuite downgrade attack.
+ Thanks to Martin Rex for discovering this bug. CVE-2010-4180
+ [Steve Henson]
+
+ *) Fixed J-PAKE implementation error, originally discovered by
+ Sebastien Martini, further info and confirmation from Stefan
+ Arentz and Feng Hao. Note that this fix is a security fix. CVE-2010-4252
+ [Ben Laurie]
+
+ Changes between 1.0.0a and 1.0.0b [16 Nov 2010]
+
+ *) Fix extension code to avoid race conditions which can result in a buffer
+ overrun vulnerability: resumed sessions must not be modified as they can
+ be shared by multiple threads. CVE-2010-3864
+ [Steve Henson]
*) Fix WIN32 build system to correctly link an ENGINE directory into
a DLL.
Changes between 0.9.8o and 0.9.8p [xx XXX xxxx]
+ *) Fix extension code to avoid race conditions which can result in a buffer
+ overrun vulnerability: resumed sessions must not be modified as they can
+ be shared by multiple threads. CVE-2010-3864
+
+ *) Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939
+ [Steve Henson]
+
+ *) Don't reencode certificate when calculating signature: cache and use
+ the original encoding instead. This makes signature verification of
+ some broken encodings work correctly.
+ [Steve Henson]
+
*) ec2_GF2m_simple_mul bugfix: compute correct result if the output EC_POINT
is also one of the inputs.
[Emilia Käsper <emilia.kasper@esat.kuleuven.be> (Google)]