Changes between 1.0.2 and 1.1.0 [xx XXX xxxx]
+ *) Experimental support for a new, fast, unbiased prime candidate generator,
+ bn_probable_prime_dh_coprime(). Not currently used by any prime generator.
+ [Felix Laurie von Massenbach <felix@erbridge.co.uk>]
+
+ *) New output format NSS in the sess_id command line tool. This allows
+ exporting the session id and the master key in NSS keylog format.
+ [Martin Kaiser <martin@kaiser.cx>]
+
+ *) Harmonize version and its documentation. -f flag is used to display
+ compilation flags.
+ [mancha <mancha1@zoho.com>]
+
+ *) Fix eckey_priv_encode so it immediately returns an error upon a failure
+ in i2d_ECPrivateKey.
+ [mancha <mancha1@zoho.com>]
+
+ *) Fix some double frees. These are not thought to be exploitable.
+ [mancha <mancha1@zoho.com>]
+
+ *) A missing bounds check in the handling of the TLS heartbeat extension
+ can be used to reveal up to 64k of memory to a connected client or
+ server.
+
+ Thanks for Neel Mehta of Google Security for discovering this bug and to
+ Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
+ preparing the fix (CVE-2014-0160)
+ [Adam Langley, Bodo Moeller]
+
*) Fix for the attack described in the paper "Recovering OpenSSL
ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
by Yuval Yarom and Naomi Benger. Details can be obtained from:
[Steve Henson]
- *) Add callbacks supporting generation and retrieval of supplemental
- data entries.
- [Scott Deboy <sdeboy@apache.org>, Trevor Perrin and Ben Laurie]
-
*) Add EVP support for key wrapping algorithms, to avoid problems with
existing code the flag EVP_CIPHER_CTX_WRAP_ALLOW has to be set in
the EVP_CIPHER_CTX or an error is returned. Add AES and DES3 wrap
to be resent. (CVE-2013-6450)
[Steve Henson]
- *) TLS pad extension: draft-agl-tls-padding-02
+ *) TLS pad extension: draft-agl-tls-padding-03
Workaround for the "TLS hang bug" (see FAQ and PR#2771): if the
TLS client Hello record length value would otherwise be > 255 and
less that 512 pad with a dummy extension containing zeroes so it
is at least 512 bytes long.
- To enable it use an unused extension number (for example chrome uses
- 35655) using:
-
- e.g. -DTLSEXT_TYPE_padding=35655
-
- Since the extension is ignored the actual number doesn't matter as long
- as it doesn't clash with any existing extension.
-
- This will be updated when the extension gets an official number.
-
[Adam Langley, Steve Henson]
*) Add functions to allocate and set the fields of an ECDSA_METHOD
*) Support for linux-x32, ILP32 environment in x86_64 framework.
[Andy Polyakov]
- *) RFC 5878 (TLS Authorization Extensions) support.
- [Emilia Kasper, Adam Langley, Ben Laurie (Google)]
-
*) Experimental multi-implementation support for FIPS capable OpenSSL.
When in FIPS mode the approved implementations are used as normal,
when not in FIPS mode the internal unapproved versions are used instead.