-
NEWS
====
OpenSSL Releases
----------------
+ - [OpenSSL 3.3](#openssl-33)
+ - [OpenSSL 3.2](#openssl-32)
+ - [OpenSSL 3.1](#openssl-31)
- [OpenSSL 3.0](#openssl-30)
- [OpenSSL 1.1.1](#openssl-111)
- [OpenSSL 1.1.0](#openssl-110)
- [OpenSSL 1.0.0](#openssl-100)
- [OpenSSL 0.9.x](#openssl-09x)
-OpenSSL 3.0
+OpenSSL 3.4
+-----------
+
+### Major changes between OpenSSL 3.3 and OpenSSL 3.4 [under development]
+
+OpenSSL 3.4.0 is a feature release adding significant new functionality to
+OpenSSL.
+
+This release is in development.
+
+OpenSSL 3.3
+-----------
+
+### Major changes between OpenSSL 3.2 and OpenSSL 3.3 [under development]
+
+OpenSSL 3.3.0 is a feature release adding significant new functionality to
+OpenSSL.
+
+This release adds the following new features:
+
+ * Support for qlog for tracing QUIC connections has been added
+
+ * Added APIs to allow configuring the negotiated idle timeout for QUIC
+ connections, and to allow determining the number of additional streams
+ that can currently be created for a QUIC connection.
+
+ * Added APIs to allow disabling implicit QUIC event processing for QUIC SSL
+ objects
+
+ * Added APIs to allow querying the size and utilisation of a QUIC stream's
+ write buffer
+
+ * New API `SSL_write_ex2`, which can be used to send an end-of-stream (FIN)
+ condition in an optimised way when using QUIC.
+
+ * Limited support for polling of QUIC connection and stream objects in a
+ non-blocking manner.
+
+ * Added a new EVP_DigestSqueeze() API. This allows SHAKE to squeeze multiple
+ times with different output sizes.
+
+ * Added exporter for CMake on Unix and Windows, alongside the pkg-config
+ exporter.
+
+ * The BLAKE2s hash algorithm matches BLAKE2b's support for configurable
+ output length.
+
+ * The EVP_PKEY_fromdata function has been augmented to allow for the
+ derivation of CRT (Chinese Remainder Theorem) parameters when requested
+
+ * Added API functions SSL_SESSION_get_time_ex(), SSL_SESSION_set_time_ex()
+ using time_t which is Y2038 safe on 32 bit systems when 64 bit time
+ is enabled
+
+ * Unknown entries in TLS SignatureAlgorithms, ClientSignatureAlgorithms
+ config options and the respective calls to SSL[_CTX]_set1_sigalgs() and
+ SSL[_CTX]_set1_client_sigalgs() that start with `?` character are
+ ignored and the configuration will still be used.
+
+ * Added `-set_issuer` and `-set_subject` options to `openssl x509` to
+ override the Issuer and Subject when creating a certificate. The `-subj`
+ option now is an alias for `-set_subject`.
+
+ * Added several new features of CMPv3 defined in RFC 9480 and RFC 9483
+
+ * New option `SSL_OP_PREFER_NO_DHE_KEX`, which allows configuring a TLS1.3
+ server to prefer session resumption using PSK-only key exchange over PSK
+ with DHE, if both are available.
+
+ * New atexit configuration switch, which controls whether the OPENSSL_cleanup
+ is registered when libcrypto is unloaded.
+
+ * Added X509_STORE_get1_objects to avoid issues with the existing
+ X509_STORE_get0_objects API in multi-threaded applications.
+
+This release incorporates the following potentially significant or incompatible
+changes:
+
+ * Applied AES-GCM unroll8 optimisation to Microsoft Azure Cobalt 100
+
+ * Optimized AES-CTR for ARM Neoverse V1 and V2
+
+ * Enable AES and SHA3 optimisations on Applie Silicon M3-based MacOS systems
+ similar to M1/M2.
+
+ * Various optimizations for cryptographic routines using RISC-V vector crypto
+ extensions
+
+ * Added assembly implementation for md5 on loongarch64
+
+ * Accept longer context for TLS 1.2 exporters
+
+ * The activate and soft_load configuration settings for providers in
+ openssl.cnf have been updated to require a value of [1|yes|true|on]
+ (in lower or UPPER case) to enable the setting. Conversely a value
+ of [0|no|false|off] will disable the setting.
+
+ * In `openssl speed`, changed the default hash function used with `hmac` from
+ `md5` to `sha256`.
+
+ * The `-verify` option to the `openssl crl` and `openssl req` will make the
+ program exit with 1 on failure.
+
+ * The d2i_ASN1_GENERALIZEDTIME(), d2i_ASN1_UTCTIME(), ASN1_TIME_check(), and
+ related functions have been augmented to check for a minimum length of
+ the input string, in accordance with ITU-T X.690 section 11.7 and 11.8.
+
+ * OPENSSL_sk_push() and sk_<TYPE>_push() functions now return 0 instead of -1
+ if called with a NULL stack argument.
+
+ * New limit on HTTP response headers is introduced to HTTP client. The
+ default limit is set to 256 header lines.
+
+This release incorporates the following bug fixes and mitigations:
+
+ * The BIO_get_new_index() function can only be called 127 times before it
+ reaches its upper bound of BIO_TYPE_MASK and will now return -1 once its
+ exhausted.
+
+A more detailed list of changes in this release can be found in the
+[CHANGES.md] file.
+
+Users interested in using the new QUIC functionality are encouraged to read the
+[README file for QUIC][README-QUIC.md], which provides links to relevant
+documentation and example code.
+
+As always, bug reports and issues relating to OpenSSL can be [filed on our issue
+tracker][issue tracker].
+
+OpenSSL 3.2
+-----------
+
+### Major changes between OpenSSL 3.2.1 and OpenSSL 3.2.2 [under development]
+
+OpenSSL 3.2.2 is a security patch release. The most severe CVE fixed in this
+release is Low.
+
+This release incorporates the following bug fixes and mitigations:
+
+ * Fixed unbounded memory growth with session handling in TLSv1.3
+ ([CVE-2024-2511])
+
+### Major changes between OpenSSL 3.2.0 and OpenSSL 3.2.1 [30 Jan 2024]
+
+OpenSSL 3.2.1 is a security patch release. The most severe CVE fixed in this
+release is Low.
+
+This release incorporates the following bug fixes and mitigations:
+
+ * Fixed PKCS12 Decoding crashes
+ ([CVE-2024-0727])
+ * Fixed excessive time spent checking invalid RSA public keys
+ ([CVE-2023-6237])
+ * Fixed POLY1305 MAC implementation corrupting vector registers on PowerPC
+ CPUs which support PowerISA 2.07
+ ([CVE-2023-6129])
+
+### Major changes between OpenSSL 3.1 and OpenSSL 3.2.0 [23 Nov 2023]
+
+OpenSSL 3.2.0 is a feature release adding significant new functionality to
+OpenSSL.
+
+This release incorporates the following potentially significant or incompatible
+changes:
+
+ * The default SSL/TLS security level has been changed from 1 to 2.
+
+ * The `x509`, `ca`, and `req` apps now always produce X.509v3 certificates.
+
+ * Subject or issuer names in X.509 objects are now displayed as UTF-8 strings
+ by default. Also spaces surrounding `=` in DN output are removed.
+
+This release adds the following new features:
+
+ * Support for client side QUIC, including support for
+ multiple streams (RFC 9000)
+
+ * Support for Ed25519ctx, Ed25519ph and Ed448ph in addition
+ to existing support for Ed25519 and Ed448 (RFC 8032)
+
+ * Support for deterministic ECDSA signatures (RFC 6979)
+
+ * Support for AES-GCM-SIV, a nonce-misuse-resistant AEAD (RFC 8452)
+
+ * Support for the Argon2 KDF, along with supporting thread pool
+ functionality (RFC 9106)
+
+ * Support for Hybrid Public Key Encryption (HPKE) (RFC 9180)
+
+ * Support for SM4-XTS
+
+ * Support for Brainpool curves in TLS 1.3
+
+ * Support for TLS Raw Public Keys (RFC 7250)
+
+ * Support for TCP Fast Open on Linux, macOS and FreeBSD,
+ where enabled and supported (RFC 7413)
+
+ * Support for TLS certificate compression, including library
+ support for zlib, Brotli and zstd (RFC 8879)
+
+ * Support for provider-based pluggable signature algorithms
+ in TLS 1.3 with supporting CMS and X.509 functionality
+
+ With a suitable provider this enables the use of post-quantum/quantum-safe
+ cryptography.
+
+ * Support for using the Windows system certificate store as a source of
+ trusted root certificates
+
+ This is not yet enabled by default and must be activated using an
+ environment variable. This is likely to become enabled by default
+ in a future feature release.
+
+ * Support for using the IANA standard names in TLS ciphersuite configuration
+
+ * Multiple new features and improvements to CMP protocol support
+
+The following known issues are present in this release and will be rectified
+in a future release:
+
+ * Provider-based signature algorithms cannot be configured using the
+ SignatureAlgorithms configuration file parameter (#22761)
+
+This release incorporates the following documentation enhancements:
+
+ * Added multiple tutorials on the OpenSSL library and in particular
+ on writing various clients (using TLS and QUIC protocols) with libssl
+
+ See [OpenSSL Guide].
+
+This release incorporates the following bug fixes and mitigations:
+
+ * Fixed excessive time spent in DH check / generation with large Q parameter
+ value
+ ([CVE-2023-5678])
+
+A more detailed list of changes in this release can be found in the
+[CHANGES.md] file.
+
+Users interested in using the new QUIC functionality are encouraged to read the
+[README file for QUIC][README-QUIC.md], which provides links to relevant
+documentation and example code.
+
+As always, bug reports and issues relating to OpenSSL can be [filed on our issue
+tracker][issue tracker].
+
+OpenSSL 3.1
-----------
-### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0 [under development] ###
+### Major changes between OpenSSL 3.1.3 and OpenSSL 3.1.4 [24 Oct 2023]
+
+ * Mitigate incorrect resize handling for symmetric cipher keys and IVs.
+ ([CVE-2023-5363])
- * The X25519, X448, Ed25519, Ed448 and SHAKE256 algorithms are included in
- the FIPS provider. None have the "fips=yes" property set and, as such,
- will not be accidentially used.
- * The algorithm specific public key command line applications have
- been deprecated. These include dhparam, gendsa and others. The pkey
- alternatives should be used intead: pkey, pkeyparam and genpkey.
+### Major changes between OpenSSL 3.1.2 and OpenSSL 3.1.3 [19 Sep 2023]
+
+ * Fix POLY1305 MAC implementation corrupting XMM registers on Windows
+ ([CVE-2023-4807])
+
+### Major changes between OpenSSL 3.1.1 and OpenSSL 3.1.2 [1 Aug 2023]
+
+ * Fix excessive time spent checking DH q parameter value ([CVE-2023-3817])
+ * Fix DH_check() excessive time with over sized modulus ([CVE-2023-3446])
+ * Do not ignore empty associated data entries with AES-SIV ([CVE-2023-2975])
+ * When building with the `enable-fips` option and using the resulting
+ FIPS provider, TLS 1.2 will, by default, mandate the use of an
+ extended master secret and the Hash and HMAC DRBGs will not operate
+ with truncated digests.
+
+### Major changes between OpenSSL 3.1.0 and OpenSSL 3.1.1 [30 May 2023]
+
+ * Mitigate for very slow `OBJ_obj2txt()` performance with gigantic OBJECT
+ IDENTIFIER sub-identities. ([CVE-2023-2650])
+ * Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms
+ ([CVE-2023-1255])
+ * Fixed documentation of X509_VERIFY_PARAM_add0_policy() ([CVE-2023-0466])
+ * Fixed handling of invalid certificate policies in leaf certificates
+ ([CVE-2023-0465])
+ * Limited the number of nodes created in a policy tree ([CVE-2023-0464])
+
+### Major changes between OpenSSL 3.0 and OpenSSL 3.1.0 [14 Mar 2023]
+
+ * SSL 3, TLS 1.0, TLS 1.1, and DTLS 1.0 only work at security level 0.
+ * Performance enhancements and new platform support including new
+ assembler code algorithm implementations.
+ * Deprecated LHASH statistics functions.
+ * FIPS 140-3 compliance changes.
+
+OpenSSL 3.0
+-----------
+
+### Major changes between OpenSSL 3.0.7 and OpenSSL 3.0.8 [7 Feb 2023]
+
+ * Fixed NULL dereference during PKCS7 data verification ([CVE-2023-0401])
+ * Fixed X.400 address type confusion in X.509 GeneralName ([CVE-2023-0286])
+ * Fixed NULL dereference validating DSA public key ([CVE-2023-0217])
+ * Fixed Invalid pointer dereference in d2i_PKCS7 functions ([CVE-2023-0216])
+ * Fixed Use-after-free following BIO_new_NDEF ([CVE-2023-0215])
+ * Fixed Double free after calling PEM_read_bio_ex ([CVE-2022-4450])
+ * Fixed Timing Oracle in RSA Decryption ([CVE-2022-4304])
+ * Fixed X.509 Name Constraints Read Buffer Overflow ([CVE-2022-4203])
+ * Fixed X.509 Policy Constraints Double Locking ([CVE-2022-3996])
+
+### Major changes between OpenSSL 3.0.6 and OpenSSL 3.0.7 [1 Nov 2022]
+
+ * Added RIPEMD160 to the default provider.
+ * Fixed regressions introduced in 3.0.6 version.
+ * Fixed two buffer overflows in punycode decoding functions.
+ ([CVE-2022-3786]) and ([CVE-2022-3602])
+
+### Major changes between OpenSSL 3.0.5 and OpenSSL 3.0.6 [11 Oct 2022]
+
+ * Fix for custom ciphers to prevent accidental use of NULL encryption
+ ([CVE-2022-3358])
+
+### Major changes between OpenSSL 3.0.4 and OpenSSL 3.0.5 [5 Jul 2022]
+
+ * Fixed heap memory corruption with RSA private key operation
+ ([CVE-2022-2274])
+ * Fixed AES OCB failure to encrypt some bytes on 32-bit x86 platforms
+ ([CVE-2022-2097])
+
+### Major changes between OpenSSL 3.0.3 and OpenSSL 3.0.4 [21 Jun 2022]
+
+ * Fixed additional bugs in the c_rehash script which was not properly
+ sanitising shell metacharacters to prevent command injection
+ ([CVE-2022-2068])
+
+### Major changes between OpenSSL 3.0.2 and OpenSSL 3.0.3 [3 May 2022]
+
+ * Fixed a bug in the c_rehash script which was not properly sanitising shell
+ metacharacters to prevent command injection ([CVE-2022-1292])
+ * Fixed a bug in the function `OCSP_basic_verify` that verifies the signer
+ certificate on an OCSP response ([CVE-2022-1343])
+ * Fixed a bug where the RC4-MD5 ciphersuite incorrectly used the
+ AAD data as the MAC key ([CVE-2022-1434])
+ * Fix a bug in the OPENSSL_LH_flush() function that breaks reuse of the memory
+ occupied by the removed hash table entries ([CVE-2022-1473])
+
+### Major changes between OpenSSL 3.0.1 and OpenSSL 3.0.2 [15 Mar 2022]
+
+ * Fixed a bug in the BN_mod_sqrt() function that can cause it to loop forever
+ for non-prime moduli ([CVE-2022-0778])
+
+### Major changes between OpenSSL 3.0.0 and OpenSSL 3.0.1 [14 Dec 2021]
+
+ * Fixed invalid handling of X509_verify_cert() internal errors in libssl
+ ([CVE-2021-4044])
+ * Allow fetching an operation from the provider that owns an unexportable key
+ as a fallback if that is still allowed by the property query.
+
+### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0.0 [7 sep 2021]
+
+ * Enhanced 'openssl list' with many new options.
+ * Added migration guide to man7.
+ * Implemented support for fully "pluggable" TLSv1.3 groups.
+ * Added support for Kernel TLS (KTLS).
+ * Changed the license to the Apache License v2.0.
+ * Moved all variations of the EVP ciphers CAST5, BF, IDEA, SEED, RC2,
+ RC4, RC5, and DES to the legacy provider.
+ * Moved the EVP digests MD2, MD4, MDC2, WHIRLPOOL and RIPEMD-160 to the legacy
+ provider.
+ * Added convenience functions for generating asymmetric key pairs.
+ * Deprecated the `OCSP_REQ_CTX` type and functions.
+ * Deprecated the `EC_KEY` and `EC_KEY_METHOD` types and functions.
+ * Deprecated the `RSA` and `RSA_METHOD` types and functions.
+ * Deprecated the `DSA` and `DSA_METHOD` types and functions.
+ * Deprecated the `DH` and `DH_METHOD` types and functions.
+ * Deprecated the `ERR_load_` functions.
+ * Remove the `RAND_DRBG` API.
+ * Deprecated the `ENGINE` API.
+ * Added `OSSL_LIB_CTX`, a libcrypto library context.
+ * Added various `_ex` functions to the OpenSSL API that support using
+ a non-default `OSSL_LIB_CTX`.
+ * Interactive mode is removed from the 'openssl' program.
+ * The X25519, X448, Ed25519, Ed448, SHAKE128 and SHAKE256 algorithms are
+ included in the FIPS provider.
* X509 certificates signed using SHA1 are no longer allowed at security
level 1 or higher. The default security level for TLS is 1, so
certificates signed using SHA1 are by default no longer trusted to
authenticate servers or clients.
* enable-crypto-mdebug and enable-crypto-mdebug-backtrace were mostly
disabled; the project uses address sanitize/leak-detect instead.
- * Added OSSL_SERIALIZER, a generic serializer API.
+ * Added a Certificate Management Protocol (CMP, RFC 4210) implementation
+ also covering CRMF (RFC 4211) and HTTP transfer (RFC 6712).
+ It is part of the crypto lib and adds a 'cmp' app with a demo configuration.
+ All widely used CMP features are supported for both clients and servers.
+ * Added a proper HTTP client supporting GET with optional redirection, POST,
+ arbitrary request and response content types, TLS, persistent connections,
+ connections via HTTP(s) proxies, connections and exchange via user-defined
+ BIOs (allowing implicit connections), and timeout checks.
+ * Added util/check-format.pl for checking adherence to the coding guidelines.
+ * Added OSSL_ENCODER, a generic encoder API.
+ * Added OSSL_DECODER, a generic decoder API.
* Added OSSL_PARAM_BLD, an easier to use API to OSSL_PARAM.
* Added error raising macros, ERR_raise() and ERR_raise_data().
- * Deprecated ERR_put_error().
- * Added OSSL_PROVIDER_available(), to check provider availibility.
+ * Deprecated ERR_put_error(), ERR_get_error_line(), ERR_get_error_line_data(),
+ ERR_peek_error_line_data(), ERR_peek_last_error_line_data() and
+ ERR_func_error_string().
+ * Added OSSL_PROVIDER_available(), to check provider availability.
* Added 'openssl mac' that uses the EVP_MAC API.
* Added 'openssl kdf' that uses the EVP_KDF API.
* Add OPENSSL_info() and 'openssl info' to get built-in data.
* Changed our version number scheme and set the next major release to
3.0.0
* Added EVP_MAC, an EVP layer MAC API, and a generic EVP_PKEY to EVP_MAC
- bridge.
+ bridge. Supported MACs are: BLAKE2, CMAC, GMAC, HMAC, KMAC, POLY1305
+ and SIPHASH.
* Removed the heartbeat message in DTLS feature.
- * Added EVP_KDF, an EVP layer KDF API, and a generic EVP_PKEY to EVP_KDF
- bridge.
- * All of the low level MD2, MD4, MD5, MDC2, RIPEMD160, SHA1, SHA224,
+ * Added EVP_KDF, an EVP layer KDF and PRF API, and a generic EVP_PKEY to
+ EVP_KDF bridge. Supported KDFs are: HKDF, KBKDF, KRB5 KDF, PBKDF2,
+ PKCS12 KDF, SCRYPT, SSH KDF, SSKDF, TLS1 PRF, X9.42 KDF and X9.63 KDF.
+ * All of the low-level MD2, MD4, MD5, MDC2, RIPEMD160, SHA1, SHA224,
SHA256, SHA384, SHA512 and Whirlpool digest functions have been
deprecated.
- * All of the low level AES, Blowfish, Camellia, CAST, DES, IDEA, RC2,
+ * All of the low-level AES, Blowfish, Camellia, CAST, DES, IDEA, RC2,
RC4, RC5 and SEED cipher functions have been deprecated.
- * All of the low level DH, DSA, ECDH, ECDSA and RSA public key functions
+ * All of the low-level DH, DSA, ECDH, ECDSA and RSA public key functions
have been deprecated.
+ * SSL 3, TLS 1.0, TLS 1.1, and DTLS 1.0 only work at security level 0,
+ except when RSA key exchange without SHA1 is used.
+ * Added providers, a new pluggability concept that will replace the
+ ENGINE API and ENGINE implementations.
OpenSSL 1.1.1
-------------
-### Major changes between OpenSSL 1.1.1e and OpenSSL 1.1.1f [under development] ###
+### Major changes between OpenSSL 1.1.1k and OpenSSL 1.1.1l [24 Aug 2021]
+
+ * Fixed an SM2 Decryption Buffer Overflow ([CVE-2021-3711])
+ * Fixed various read buffer overruns processing ASN.1 strings ([CVE-2021-3712])
+
+### Major changes between OpenSSL 1.1.1j and OpenSSL 1.1.1k [25 Mar 2021]
+
+ * Fixed a problem with verifying a certificate chain when using the
+ X509_V_FLAG_X509_STRICT flag ([CVE-2021-3450])
+ * Fixed an issue where an OpenSSL TLS server may crash if sent a maliciously
+ crafted renegotiation ClientHello message from a client ([CVE-2021-3449])
+
+### Major changes between OpenSSL 1.1.1i and OpenSSL 1.1.1j [16 Feb 2021]
- *
+ * Fixed a NULL pointer deref in the X509_issuer_and_serial_hash()
+ function ([CVE-2021-23841])
+ * Fixed the RSA_padding_check_SSLv23() function and the RSA_SSLV23_PADDING
+ padding mode to correctly check for rollback attacks
+ * Fixed an overflow in the EVP_CipherUpdate, EVP_EncryptUpdate and
+ EVP_DecryptUpdate functions ([CVE-2021-23840])
+ * Fixed SRP_Calc_client_key so that it runs in constant time
-### Major changes between OpenSSL 1.1.1d and OpenSSL 1.1.1e [17 Mar 2020] ###
+### Major changes between OpenSSL 1.1.1h and OpenSSL 1.1.1i [8 Dec 2020]
+
+ * Fixed NULL pointer deref in GENERAL_NAME_cmp ([CVE-2020-1971])
+
+### Major changes between OpenSSL 1.1.1g and OpenSSL 1.1.1h [22 Sep 2020]
+
+ * Disallow explicit curve parameters in verifications chains when
+ X509_V_FLAG_X509_STRICT is used
+ * Enable 'MinProtocol' and 'MaxProtocol' to configure both TLS and DTLS
+ contexts
+ * Oracle Developer Studio will start reporting deprecation warnings
+
+### Major changes between OpenSSL 1.1.1f and OpenSSL 1.1.1g [21 Apr 2020]
+
+ * Fixed segmentation fault in SSL_check_chain() ([CVE-2020-1967])
+
+### Major changes between OpenSSL 1.1.1e and OpenSSL 1.1.1f [31 Mar 2020]
+
+ * Revert the unexpected EOF reporting via SSL_ERROR_SSL
+
+### Major changes between OpenSSL 1.1.1d and OpenSSL 1.1.1e [17 Mar 2020]
* Fixed an overflow bug in the x64_64 Montgomery squaring procedure
- used in exponentiation with 512-bit moduli ([CVE-2019-1551][])
+ used in exponentiation with 512-bit moduli ([CVE-2019-1551])
-### Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [10 Sep 2019] ###
+### Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [10 Sep 2019]
- * Fixed a fork protection issue ([CVE-2019-1549][])
+ * Fixed a fork protection issue ([CVE-2019-1549])
* Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey
- ([CVE-2019-1563][])
+ ([CVE-2019-1563])
* For built-in EC curves, ensure an EC_GROUP built from the curve name is
used even when parsing explicit parameters
* Compute ECC cofactors if not provided during EC_GROUP construction
- ([CVE-2019-1547][])
+ ([CVE-2019-1547])
* Early start up entropy quality from the DEVRANDOM seed source has been
improved for older Linux systems
* Correct the extended master secret constant on EBCDIC systems
- * Use Windows installation paths in the mingw builds ([CVE-2019-1552][])
+ * Use Windows installation paths in the mingw builds ([CVE-2019-1552])
* Changed DH_check to accept parameters with order q and 2q subgroups
* Significantly reduce secure memory usage by the randomness pools
* Revert the DEVRANDOM_WAIT feature for Linux systems
-### Major changes between OpenSSL 1.1.1b and OpenSSL 1.1.1c [28 May 2019] ###
+### Major changes between OpenSSL 1.1.1b and OpenSSL 1.1.1c [28 May 2019]
- * Prevent over long nonces in ChaCha20-Poly1305 ([CVE-2019-1543][])
+ * Prevent over long nonces in ChaCha20-Poly1305 ([CVE-2019-1543])
-### Major changes between OpenSSL 1.1.1a and OpenSSL 1.1.1b [26 Feb 2019] ###
+### Major changes between OpenSSL 1.1.1a and OpenSSL 1.1.1b [26 Feb 2019]
* Change the info callback signals for the start and end of a post-handshake
message exchange in TLSv1.3.
* Fix a bug in DTLS over SCTP. This breaks interoperability with older
versions of OpenSSL like OpenSSL 1.1.0 and OpenSSL 1.0.2.
-### Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.1a [20 Nov 2018] ###
+### Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.1a [20 Nov 2018]
- * Timing vulnerability in DSA signature generation ([CVE-2018-0734][])
- * Timing vulnerability in ECDSA signature generation ([CVE-2018-0735][])
+ * Timing vulnerability in DSA signature generation ([CVE-2018-0734])
+ * Timing vulnerability in ECDSA signature generation ([CVE-2018-0735])
-### Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [11 Sep 2018] ###
+### Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [11 Sep 2018]
* Support for TLSv1.3 added. The TLSv1.3 implementation includes:
- * Fully compliant implementation of RFC8446 (TLSv1.3) on by default
- * Early data (0-RTT)
- * Post-handshake authentication and key update
- * Middlebox Compatibility Mode
- * TLSv1.3 PSKs
- * Support for all five RFC8446 ciphersuites
- * RSA-PSS signature algorithms (backported to TLSv1.2)
- * Configurable session ticket support
- * Stateless server support
- * Rewrite of the packet construction code for "safer" packet handling
- * Rewrite of the extension handling code
+ * Fully compliant implementation of RFC8446 (TLSv1.3) on by default
+ * Early data (0-RTT)
+ * Post-handshake authentication and key update
+ * Middlebox Compatibility Mode
+ * TLSv1.3 PSKs
+ * Support for all five RFC8446 ciphersuites
+ * RSA-PSS signature algorithms (backported to TLSv1.2)
+ * Configurable session ticket support
+ * Stateless server support
+ * Rewrite of the packet construction code for "safer" packet handling
+ * Rewrite of the extension handling code
For further important information, see the [TLS1.3 page](
https://wiki.openssl.org/index.php/TLS1.3) in the OpenSSL Wiki.
* Claim the namespaces OSSL and OPENSSL, represented as symbol prefixes
* Rewrite of devcrypto engine
-
OpenSSL 1.1.0
-------------
-### Major changes between OpenSSL 1.1.0k and OpenSSL 1.1.0l [10 Sep 2019] ###
+### Major changes between OpenSSL 1.1.0k and OpenSSL 1.1.0l [10 Sep 2019]
* Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey
- ([CVE-2019-1563][])
+ ([CVE-2019-1563])
* For built-in EC curves, ensure an EC_GROUP built from the curve name is
used even when parsing explicit parameters
* Compute ECC cofactors if not provided during EC_GROUP construction
- ([CVE-2019-1547][])
- * Use Windows installation paths in the mingw builds ([CVE-2019-1552][])
+ ([CVE-2019-1547])
+ * Use Windows installation paths in the mingw builds ([CVE-2019-1552])
-### Major changes between OpenSSL 1.1.0j and OpenSSL 1.1.0k [28 May 2019] ###
+### Major changes between OpenSSL 1.1.0j and OpenSSL 1.1.0k [28 May 2019]
- * Prevent over long nonces in ChaCha20-Poly1305 ([CVE-2019-1543][])
+ * Prevent over long nonces in ChaCha20-Poly1305 ([CVE-2019-1543])
-### Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.0j [20 Nov 2018] ###
+### Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.0j [20 Nov 2018]
- * Timing vulnerability in DSA signature generation ([CVE-2018-0734][])
- * Timing vulnerability in ECDSA signature generation ([CVE-2018-0735][])
+ * Timing vulnerability in DSA signature generation ([CVE-2018-0734])
+ * Timing vulnerability in ECDSA signature generation ([CVE-2018-0735])
-### Major changes between OpenSSL 1.1.0h and OpenSSL 1.1.0i [14 Aug 2018] ###
+### Major changes between OpenSSL 1.1.0h and OpenSSL 1.1.0i [14 Aug 2018]
- * Client DoS due to large DH parameter ([CVE-2018-0732][])
- * Cache timing vulnerability in RSA Key Generation ([CVE-2018-0737][])
+ * Client DoS due to large DH parameter ([CVE-2018-0732])
+ * Cache timing vulnerability in RSA Key Generation ([CVE-2018-0737])
-### Major changes between OpenSSL 1.1.0g and OpenSSL 1.1.0h [27 Mar 2018] ###
+### Major changes between OpenSSL 1.1.0g and OpenSSL 1.1.0h [27 Mar 2018]
* Constructed ASN.1 types with a recursive definition could exceed the
- stack ([CVE-2018-0739][])
- * Incorrect CRYPTO_memcmp on HP-UX PA-RISC ([CVE-2018-0733][])
- * rsaz_1024_mul_avx2 overflow bug on x86_64 ([CVE-2017-3738][])
+ stack ([CVE-2018-0739])
+ * Incorrect CRYPTO_memcmp on HP-UX PA-RISC ([CVE-2018-0733])
+ * rsaz_1024_mul_avx2 overflow bug on x86_64 ([CVE-2017-3738])
-### Major changes between OpenSSL 1.1.0f and OpenSSL 1.1.0g [2 Nov 2017] ###
+### Major changes between OpenSSL 1.1.0f and OpenSSL 1.1.0g [2 Nov 2017]
- * bn_sqrx8x_internal carry bug on x86_64 ([CVE-2017-3736][])
- * Malformed X.509 IPAddressFamily could cause OOB read ([CVE-2017-3735][])
+ * bn_sqrx8x_internal carry bug on x86_64 ([CVE-2017-3736])
+ * Malformed X.509 IPAddressFamily could cause OOB read ([CVE-2017-3735])
-### Major changes between OpenSSL 1.1.0e and OpenSSL 1.1.0f [25 May 2017] ###
+### Major changes between OpenSSL 1.1.0e and OpenSSL 1.1.0f [25 May 2017]
* config now recognises 64-bit mingw and chooses mingw64 instead of mingw
-### Major changes between OpenSSL 1.1.0d and OpenSSL 1.1.0e [16 Feb 2017] ###
+### Major changes between OpenSSL 1.1.0d and OpenSSL 1.1.0e [16 Feb 2017]
- * Encrypt-Then-Mac renegotiation crash ([CVE-2017-3733][])
+ * Encrypt-Then-Mac renegotiation crash ([CVE-2017-3733])
-### Major changes between OpenSSL 1.1.0c and OpenSSL 1.1.0d [26 Jan 2017] ###
+### Major changes between OpenSSL 1.1.0c and OpenSSL 1.1.0d [26 Jan 2017]
- * Truncated packet could crash via OOB read ([CVE-2017-3731][])
- * Bad (EC)DHE parameters cause a client crash ([CVE-2017-3730][])
- * BN_mod_exp may produce incorrect results on x86_64 ([CVE-2017-3732][])
+ * Truncated packet could crash via OOB read ([CVE-2017-3731])
+ * Bad (EC)DHE parameters cause a client crash ([CVE-2017-3730])
+ * BN_mod_exp may produce incorrect results on x86_64 ([CVE-2017-3732])
-### Major changes between OpenSSL 1.1.0b and OpenSSL 1.1.0c [10 Nov 2016] ###
+### Major changes between OpenSSL 1.1.0b and OpenSSL 1.1.0c [10 Nov 2016]
- * ChaCha20/Poly1305 heap-buffer-overflow ([CVE-2016-7054][])
- * CMS Null dereference ([CVE-2016-7053][])
- * Montgomery multiplication may produce incorrect results ([CVE-2016-7055][])
+ * ChaCha20/Poly1305 heap-buffer-overflow ([CVE-2016-7054])
+ * CMS Null dereference ([CVE-2016-7053])
+ * Montgomery multiplication may produce incorrect results ([CVE-2016-7055])
-### Major changes between OpenSSL 1.1.0a and OpenSSL 1.1.0b [26 Sep 2016] ###
+### Major changes between OpenSSL 1.1.0a and OpenSSL 1.1.0b [26 Sep 2016]
- * Fix Use After Free for large message sizes ([CVE-2016-6309][])
+ * Fix Use After Free for large message sizes ([CVE-2016-6309])
-### Major changes between OpenSSL 1.1.0 and OpenSSL 1.1.0a [22 Sep 2016] ###
+### Major changes between OpenSSL 1.1.0 and OpenSSL 1.1.0a [22 Sep 2016]
- * OCSP Status Request extension unbounded memory growth ([CVE-2016-6304][])
- * SSL_peek() hang on empty record ([CVE-2016-6305][])
+ * OCSP Status Request extension unbounded memory growth ([CVE-2016-6304])
+ * SSL_peek() hang on empty record ([CVE-2016-6305])
* Excessive allocation of memory in tls_get_message_header()
- ([CVE-2016-6307][])
+ ([CVE-2016-6307])
* Excessive allocation of memory in dtls1_preprocess_fragment()
- ([CVE-2016-6308][])
+ ([CVE-2016-6308])
-### Major changes between OpenSSL 1.0.2h and OpenSSL 1.1.0 [25 Aug 2016] ###
+### Major changes between OpenSSL 1.0.2h and OpenSSL 1.1.0 [25 Aug 2016]
* Copyright text was shrunk to a boilerplate that points to the license
* "shared" builds are now the default when possible
* Support for Certificate Transparency
* HKDF support.
-
OpenSSL 1.0.2
-------------
-### Major changes between OpenSSL 1.0.2s and OpenSSL 1.0.2t [10 Sep 2019] ###
+### Major changes between OpenSSL 1.0.2s and OpenSSL 1.0.2t [10 Sep 2019]
* Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey
- ([CVE-2019-1563][])
+ ([CVE-2019-1563])
* For built-in EC curves, ensure an EC_GROUP built from the curve name is
used even when parsing explicit parameters
* Compute ECC cofactors if not provided during EC_GROUP construction
- ([CVE-2019-1547][])
+ ([CVE-2019-1547])
* Document issue with installation paths in diverse Windows builds
- ([CVE-2019-1552][])
+ ([CVE-2019-1552])
-### Major changes between OpenSSL 1.0.2r and OpenSSL 1.0.2s [28 May 2019] ###
+### Major changes between OpenSSL 1.0.2r and OpenSSL 1.0.2s [28 May 2019]
* None
-### Major changes between OpenSSL 1.0.2q and OpenSSL 1.0.2r [26 Feb 2019] ###
+### Major changes between OpenSSL 1.0.2q and OpenSSL 1.0.2r [26 Feb 2019]
- * 0-byte record padding oracle ([CVE-2019-1559][])
+ * 0-byte record padding oracle ([CVE-2019-1559])
-### Major changes between OpenSSL 1.0.2p and OpenSSL 1.0.2q [20 Nov 2018] ###
+### Major changes between OpenSSL 1.0.2p and OpenSSL 1.0.2q [20 Nov 2018]
- * Microarchitecture timing vulnerability in ECC scalar multiplication ([CVE-2018-5407][])
- * Timing vulnerability in DSA signature generation ([CVE-2018-0734][])
+ * Microarchitecture timing vulnerability in ECC scalar multiplication ([CVE-2018-5407])
+ * Timing vulnerability in DSA signature generation ([CVE-2018-0734])
-### Major changes between OpenSSL 1.0.2o and OpenSSL 1.0.2p [14 Aug 2018] ###
+### Major changes between OpenSSL 1.0.2o and OpenSSL 1.0.2p [14 Aug 2018]
- * Client DoS due to large DH parameter ([CVE-2018-0732][])
- * Cache timing vulnerability in RSA Key Generation ([CVE-2018-0737][])
+ * Client DoS due to large DH parameter ([CVE-2018-0732])
+ * Cache timing vulnerability in RSA Key Generation ([CVE-2018-0737])
-### Major changes between OpenSSL 1.0.2n and OpenSSL 1.0.2o [27 Mar 2018] ###
+### Major changes between OpenSSL 1.0.2n and OpenSSL 1.0.2o [27 Mar 2018]
* Constructed ASN.1 types with a recursive definition could exceed the
- stack ([CVE-2018-0739][])
+ stack ([CVE-2018-0739])
-### Major changes between OpenSSL 1.0.2m and OpenSSL 1.0.2n [7 Dec 2017] ###
+### Major changes between OpenSSL 1.0.2m and OpenSSL 1.0.2n [7 Dec 2017]
- * Read/write after SSL object in error state ([CVE-2017-3737][])
- * rsaz_1024_mul_avx2 overflow bug on x86_64 ([CVE-2017-3738][])
+ * Read/write after SSL object in error state ([CVE-2017-3737])
+ * rsaz_1024_mul_avx2 overflow bug on x86_64 ([CVE-2017-3738])
-### Major changes between OpenSSL 1.0.2l and OpenSSL 1.0.2m [2 Nov 2017] ###
+### Major changes between OpenSSL 1.0.2l and OpenSSL 1.0.2m [2 Nov 2017]
- * bn_sqrx8x_internal carry bug on x86_64 ([CVE-2017-3736][])
- * Malformed X.509 IPAddressFamily could cause OOB read ([CVE-2017-3735][])
+ * bn_sqrx8x_internal carry bug on x86_64 ([CVE-2017-3736])
+ * Malformed X.509 IPAddressFamily could cause OOB read ([CVE-2017-3735])
-### Major changes between OpenSSL 1.0.2k and OpenSSL 1.0.2l [25 May 2017] ###
+### Major changes between OpenSSL 1.0.2k and OpenSSL 1.0.2l [25 May 2017]
* config now recognises 64-bit mingw and chooses mingw64 instead of mingw
-### Major changes between OpenSSL 1.0.2j and OpenSSL 1.0.2k [26 Jan 2017] ###
+### Major changes between OpenSSL 1.0.2j and OpenSSL 1.0.2k [26 Jan 2017]
- * Truncated packet could crash via OOB read ([CVE-2017-3731][])
- * BN_mod_exp may produce incorrect results on x86_64 ([CVE-2017-3732][])
- * Montgomery multiplication may produce incorrect results ([CVE-2016-7055][])
+ * Truncated packet could crash via OOB read ([CVE-2017-3731])
+ * BN_mod_exp may produce incorrect results on x86_64 ([CVE-2017-3732])
+ * Montgomery multiplication may produce incorrect results ([CVE-2016-7055])
-### Major changes between OpenSSL 1.0.2i and OpenSSL 1.0.2j [26 Sep 2016] ###
+### Major changes between OpenSSL 1.0.2i and OpenSSL 1.0.2j [26 Sep 2016]
- * Missing CRL sanity check ([CVE-2016-7052][])
+ * Missing CRL sanity check ([CVE-2016-7052])
-### Major changes between OpenSSL 1.0.2h and OpenSSL 1.0.2i [22 Sep 2016] ###
+### Major changes between OpenSSL 1.0.2h and OpenSSL 1.0.2i [22 Sep 2016]
- * OCSP Status Request extension unbounded memory growth ([CVE-2016-6304][])
- * SWEET32 Mitigation ([CVE-2016-2183][])
- * OOB write in MDC2_Update() ([CVE-2016-6303][])
- * Malformed SHA512 ticket DoS ([CVE-2016-6302][])
- * OOB write in BN_bn2dec() ([CVE-2016-2182][])
- * OOB read in TS_OBJ_print_bio() ([CVE-2016-2180][])
- * Pointer arithmetic undefined behaviour ([CVE-2016-2177][])
- * Constant time flag not preserved in DSA signing ([CVE-2016-2178][])
- * DTLS buffered message DoS ([CVE-2016-2179][])
- * DTLS replay protection DoS ([CVE-2016-2181][])
- * Certificate message OOB reads ([CVE-2016-6306][])
+ * OCSP Status Request extension unbounded memory growth ([CVE-2016-6304])
+ * SWEET32 Mitigation ([CVE-2016-2183])
+ * OOB write in MDC2_Update() ([CVE-2016-6303])
+ * Malformed SHA512 ticket DoS ([CVE-2016-6302])
+ * OOB write in BN_bn2dec() ([CVE-2016-2182])
+ * OOB read in TS_OBJ_print_bio() ([CVE-2016-2180])
+ * Pointer arithmetic undefined behaviour ([CVE-2016-2177])
+ * Constant time flag not preserved in DSA signing ([CVE-2016-2178])
+ * DTLS buffered message DoS ([CVE-2016-2179])
+ * DTLS replay protection DoS ([CVE-2016-2181])
+ * Certificate message OOB reads ([CVE-2016-6306])
-### Major changes between OpenSSL 1.0.2g and OpenSSL 1.0.2h [3 May 2016] ###
+### Major changes between OpenSSL 1.0.2g and OpenSSL 1.0.2h [3 May 2016]
- * Prevent padding oracle in AES-NI CBC MAC check ([CVE-2016-2107][])
- * Fix EVP_EncodeUpdate overflow ([CVE-2016-2105][])
- * Fix EVP_EncryptUpdate overflow ([CVE-2016-2106][])
- * Prevent ASN.1 BIO excessive memory allocation ([CVE-2016-2109][])
- * EBCDIC overread ([CVE-2016-2176][])
+ * Prevent padding oracle in AES-NI CBC MAC check ([CVE-2016-2107])
+ * Fix EVP_EncodeUpdate overflow ([CVE-2016-2105])
+ * Fix EVP_EncryptUpdate overflow ([CVE-2016-2106])
+ * Prevent ASN.1 BIO excessive memory allocation ([CVE-2016-2109])
+ * EBCDIC overread ([CVE-2016-2176])
* Modify behavior of ALPN to invoke callback after SNI/servername
callback, such that updates to the SSL_CTX affect ALPN.
* Remove LOW from the DEFAULT cipher list. This removes singles DES from
the default.
* Only remove the SSLv2 methods with the no-ssl2-method option.
-### Major changes between OpenSSL 1.0.2f and OpenSSL 1.0.2g [1 Mar 2016] ###
+### Major changes between OpenSSL 1.0.2f and OpenSSL 1.0.2g [1 Mar 2016]
* Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
* Disable SSLv2 default build, default negotiation and weak ciphers
- ([CVE-2016-0800][])
- * Fix a double-free in DSA code ([CVE-2016-0705][])
+ ([CVE-2016-0800])
+ * Fix a double-free in DSA code ([CVE-2016-0705])
* Disable SRP fake user seed to address a server memory leak
- ([CVE-2016-0798][])
+ ([CVE-2016-0798])
* Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
- ([CVE-2016-0797][])
- * Fix memory issues in BIO_*printf functions ([CVE-2016-0799][])
- * Fix side channel attack on modular exponentiation ([CVE-2016-0702][])
+ ([CVE-2016-0797])
+ * Fix memory issues in BIO_*printf functions ([CVE-2016-0799])
+ * Fix side channel attack on modular exponentiation ([CVE-2016-0702])
-### Major changes between OpenSSL 1.0.2e and OpenSSL 1.0.2f [28 Jan 2016] ###
+### Major changes between OpenSSL 1.0.2e and OpenSSL 1.0.2f [28 Jan 2016]
- * DH small subgroups ([CVE-2016-0701][])
- * SSLv2 doesn't block disabled ciphers ([CVE-2015-3197][])
+ * DH small subgroups ([CVE-2016-0701])
+ * SSLv2 doesn't block disabled ciphers ([CVE-2015-3197])
-### Major changes between OpenSSL 1.0.2d and OpenSSL 1.0.2e [3 Dec 2015] ###
+### Major changes between OpenSSL 1.0.2d and OpenSSL 1.0.2e [3 Dec 2015]
- * BN_mod_exp may produce incorrect results on x86_64 ([CVE-2015-3193][])
- * Certificate verify crash with missing PSS parameter ([CVE-2015-3194][])
- * X509_ATTRIBUTE memory leak ([CVE-2015-3195][])
+ * BN_mod_exp may produce incorrect results on x86_64 ([CVE-2015-3193])
+ * Certificate verify crash with missing PSS parameter ([CVE-2015-3194])
+ * X509_ATTRIBUTE memory leak ([CVE-2015-3195])
* Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs
* In DSA_generate_parameters_ex, if the provided seed is too short,
return an error
-### Major changes between OpenSSL 1.0.2c and OpenSSL 1.0.2d [9 Jul 2015] ###
+### Major changes between OpenSSL 1.0.2c and OpenSSL 1.0.2d [9 Jul 2015]
- * Alternate chains certificate forgery ([CVE-2015-1793][])
- * Race condition handling PSK identify hint ([CVE-2015-3196][])
+ * Alternate chains certificate forgery ([CVE-2015-1793])
+ * Race condition handling PSK identify hint ([CVE-2015-3196])
-### Major changes between OpenSSL 1.0.2b and OpenSSL 1.0.2c [12 Jun 2015] ###
+### Major changes between OpenSSL 1.0.2b and OpenSSL 1.0.2c [12 Jun 2015]
* Fix HMAC ABI incompatibility
-### Major changes between OpenSSL 1.0.2a and OpenSSL 1.0.2b [11 Jun 2015] ###
-
- * Malformed ECParameters causes infinite loop ([CVE-2015-1788][])
- * Exploitable out-of-bounds read in X509_cmp_time ([CVE-2015-1789][])
- * PKCS7 crash with missing EnvelopedContent ([CVE-2015-1790][])
- * CMS verify infinite loop with unknown hash function ([CVE-2015-1792][])
- * Race condition handling NewSessionTicket ([CVE-2015-1791][])
-
-### Major changes between OpenSSL 1.0.2 and OpenSSL 1.0.2a [19 Mar 2015] ###
-
- * OpenSSL 1.0.2 ClientHello sigalgs DoS fix ([CVE-2015-0291][])
- * Multiblock corrupted pointer fix ([CVE-2015-0290][])
- * Segmentation fault in DTLSv1_listen fix ([CVE-2015-0207][])
- * Segmentation fault in ASN1_TYPE_cmp fix ([CVE-2015-0286][])
- * Segmentation fault for invalid PSS parameters fix ([CVE-2015-0208][])
- * ASN.1 structure reuse memory corruption fix ([CVE-2015-0287][])
- * PKCS7 NULL pointer dereferences fix ([CVE-2015-0289][])
- * DoS via reachable assert in SSLv2 servers fix ([CVE-2015-0293][])
- * Empty CKE with client auth and DHE fix ([CVE-2015-1787][])
- * Handshake with unseeded PRNG fix ([CVE-2015-0285][])
- * Use After Free following d2i_ECPrivatekey error fix ([CVE-2015-0209][])
- * X509_to_X509_REQ NULL pointer deref fix ([CVE-2015-0288][])
+### Major changes between OpenSSL 1.0.2a and OpenSSL 1.0.2b [11 Jun 2015]
+
+ * Malformed ECParameters causes infinite loop ([CVE-2015-1788])
+ * Exploitable out-of-bounds read in X509_cmp_time ([CVE-2015-1789])
+ * PKCS7 crash with missing EnvelopedContent ([CVE-2015-1790])
+ * CMS verify infinite loop with unknown hash function ([CVE-2015-1792])
+ * Race condition handling NewSessionTicket ([CVE-2015-1791])
+
+### Major changes between OpenSSL 1.0.2 and OpenSSL 1.0.2a [19 Mar 2015]
+
+ * OpenSSL 1.0.2 ClientHello sigalgs DoS fix ([CVE-2015-0291])
+ * Multiblock corrupted pointer fix ([CVE-2015-0290])
+ * Segmentation fault in DTLSv1_listen fix ([CVE-2015-0207])
+ * Segmentation fault in ASN1_TYPE_cmp fix ([CVE-2015-0286])
+ * Segmentation fault for invalid PSS parameters fix ([CVE-2015-0208])
+ * ASN.1 structure reuse memory corruption fix ([CVE-2015-0287])
+ * PKCS7 NULL pointer dereferences fix ([CVE-2015-0289])
+ * DoS via reachable assert in SSLv2 servers fix ([CVE-2015-0293])
+ * Empty CKE with client auth and DHE fix ([CVE-2015-1787])
+ * Handshake with unseeded PRNG fix ([CVE-2015-0285])
+ * Use After Free following d2i_ECPrivatekey error fix ([CVE-2015-0209])
+ * X509_to_X509_REQ NULL pointer deref fix ([CVE-2015-0288])
* Removed the export ciphers from the DEFAULT ciphers
-### Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.2 [22 Jan 2015] ###
+### Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.2 [22 Jan 2015]
* Suite B support for TLS 1.2 and DTLS 1.2
* Support for DTLS 1.2
* ALPN support.
* CMS support for RSA-PSS, RSA-OAEP, ECDH and X9.42 DH.
-
OpenSSL 1.0.1
-------------
-### Major changes between OpenSSL 1.0.1t and OpenSSL 1.0.1u [22 Sep 2016] ###
-
- * OCSP Status Request extension unbounded memory growth ([CVE-2016-6304][])
- * SWEET32 Mitigation ([CVE-2016-2183][])
- * OOB write in MDC2_Update() ([CVE-2016-6303][])
- * Malformed SHA512 ticket DoS ([CVE-2016-6302][])
- * OOB write in BN_bn2dec() ([CVE-2016-2182][])
- * OOB read in TS_OBJ_print_bio() ([CVE-2016-2180][])
- * Pointer arithmetic undefined behaviour ([CVE-2016-2177][])
- * Constant time flag not preserved in DSA signing ([CVE-2016-2178][])
- * DTLS buffered message DoS ([CVE-2016-2179][])
- * DTLS replay protection DoS ([CVE-2016-2181][])
- * Certificate message OOB reads ([CVE-2016-6306][])
-
-### Major changes between OpenSSL 1.0.1s and OpenSSL 1.0.1t [3 May 2016] ###
-
- * Prevent padding oracle in AES-NI CBC MAC check ([CVE-2016-2107][])
- * Fix EVP_EncodeUpdate overflow ([CVE-2016-2105][])
- * Fix EVP_EncryptUpdate overflow ([CVE-2016-2106][])
- * Prevent ASN.1 BIO excessive memory allocation ([CVE-2016-2109][])
- * EBCDIC overread ([CVE-2016-2176][])
+### Major changes between OpenSSL 1.0.1t and OpenSSL 1.0.1u [22 Sep 2016]
+
+ * OCSP Status Request extension unbounded memory growth ([CVE-2016-6304])
+ * SWEET32 Mitigation ([CVE-2016-2183])
+ * OOB write in MDC2_Update() ([CVE-2016-6303])
+ * Malformed SHA512 ticket DoS ([CVE-2016-6302])
+ * OOB write in BN_bn2dec() ([CVE-2016-2182])
+ * OOB read in TS_OBJ_print_bio() ([CVE-2016-2180])
+ * Pointer arithmetic undefined behaviour ([CVE-2016-2177])
+ * Constant time flag not preserved in DSA signing ([CVE-2016-2178])
+ * DTLS buffered message DoS ([CVE-2016-2179])
+ * DTLS replay protection DoS ([CVE-2016-2181])
+ * Certificate message OOB reads ([CVE-2016-6306])
+
+### Major changes between OpenSSL 1.0.1s and OpenSSL 1.0.1t [3 May 2016]
+
+ * Prevent padding oracle in AES-NI CBC MAC check ([CVE-2016-2107])
+ * Fix EVP_EncodeUpdate overflow ([CVE-2016-2105])
+ * Fix EVP_EncryptUpdate overflow ([CVE-2016-2106])
+ * Prevent ASN.1 BIO excessive memory allocation ([CVE-2016-2109])
+ * EBCDIC overread ([CVE-2016-2176])
* Modify behavior of ALPN to invoke callback after SNI/servername
callback, such that updates to the SSL_CTX affect ALPN.
* Remove LOW from the DEFAULT cipher list. This removes singles DES from
the default.
* Only remove the SSLv2 methods with the no-ssl2-method option.
-### Major changes between OpenSSL 1.0.1r and OpenSSL 1.0.1s [1 Mar 2016] ###
+### Major changes between OpenSSL 1.0.1r and OpenSSL 1.0.1s [1 Mar 2016]
* Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
* Disable SSLv2 default build, default negotiation and weak ciphers
- ([CVE-2016-0800][])
- * Fix a double-free in DSA code ([CVE-2016-0705][])
+ ([CVE-2016-0800])
+ * Fix a double-free in DSA code ([CVE-2016-0705])
* Disable SRP fake user seed to address a server memory leak
- ([CVE-2016-0798][])
+ ([CVE-2016-0798])
* Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
- ([CVE-2016-0797][])
- * Fix memory issues in BIO_*printf functions ([CVE-2016-0799][])
- * Fix side channel attack on modular exponentiation ([CVE-2016-0702][])
+ ([CVE-2016-0797])
+ * Fix memory issues in BIO_*printf functions ([CVE-2016-0799])
+ * Fix side channel attack on modular exponentiation ([CVE-2016-0702])
-### Major changes between OpenSSL 1.0.1q and OpenSSL 1.0.1r [28 Jan 2016] ###
+### Major changes between OpenSSL 1.0.1q and OpenSSL 1.0.1r [28 Jan 2016]
* Protection for DH small subgroup attacks
- * SSLv2 doesn't block disabled ciphers ([CVE-2015-3197][])
+ * SSLv2 doesn't block disabled ciphers ([CVE-2015-3197])
-### Major changes between OpenSSL 1.0.1p and OpenSSL 1.0.1q [3 Dec 2015] ###
+### Major changes between OpenSSL 1.0.1p and OpenSSL 1.0.1q [3 Dec 2015]
- * Certificate verify crash with missing PSS parameter ([CVE-2015-3194][])
- * X509_ATTRIBUTE memory leak ([CVE-2015-3195][])
+ * Certificate verify crash with missing PSS parameter ([CVE-2015-3194])
+ * X509_ATTRIBUTE memory leak ([CVE-2015-3195])
* Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs
* In DSA_generate_parameters_ex, if the provided seed is too short,
return an error
-### Major changes between OpenSSL 1.0.1o and OpenSSL 1.0.1p [9 Jul 2015] ###
+### Major changes between OpenSSL 1.0.1o and OpenSSL 1.0.1p [9 Jul 2015]
- * Alternate chains certificate forgery ([CVE-2015-1793][])
- * Race condition handling PSK identify hint ([CVE-2015-3196][])
+ * Alternate chains certificate forgery ([CVE-2015-1793])
+ * Race condition handling PSK identify hint ([CVE-2015-3196])
-### Major changes between OpenSSL 1.0.1n and OpenSSL 1.0.1o [12 Jun 2015] ###
+### Major changes between OpenSSL 1.0.1n and OpenSSL 1.0.1o [12 Jun 2015]
* Fix HMAC ABI incompatibility
-### Major changes between OpenSSL 1.0.1m and OpenSSL 1.0.1n [11 Jun 2015] ###
+### Major changes between OpenSSL 1.0.1m and OpenSSL 1.0.1n [11 Jun 2015]
- * Malformed ECParameters causes infinite loop ([CVE-2015-1788][])
- * Exploitable out-of-bounds read in X509_cmp_time ([CVE-2015-1789][])
- * PKCS7 crash with missing EnvelopedContent ([CVE-2015-1790][])
- * CMS verify infinite loop with unknown hash function ([CVE-2015-1792][])
- * Race condition handling NewSessionTicket ([CVE-2015-1791][])
+ * Malformed ECParameters causes infinite loop ([CVE-2015-1788])
+ * Exploitable out-of-bounds read in X509_cmp_time ([CVE-2015-1789])
+ * PKCS7 crash with missing EnvelopedContent ([CVE-2015-1790])
+ * CMS verify infinite loop with unknown hash function ([CVE-2015-1792])
+ * Race condition handling NewSessionTicket ([CVE-2015-1791])
-### Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.1m [19 Mar 2015] ###
+### Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.1m [19 Mar 2015]
- * Segmentation fault in ASN1_TYPE_cmp fix ([CVE-2015-0286][])
- * ASN.1 structure reuse memory corruption fix ([CVE-2015-0287][])
- * PKCS7 NULL pointer dereferences fix ([CVE-2015-0289][])
- * DoS via reachable assert in SSLv2 servers fix ([CVE-2015-0293][])
- * Use After Free following d2i_ECPrivatekey error fix ([CVE-2015-0209][])
- * X509_to_X509_REQ NULL pointer deref fix ([CVE-2015-0288][])
+ * Segmentation fault in ASN1_TYPE_cmp fix ([CVE-2015-0286])
+ * ASN.1 structure reuse memory corruption fix ([CVE-2015-0287])
+ * PKCS7 NULL pointer dereferences fix ([CVE-2015-0289])
+ * DoS via reachable assert in SSLv2 servers fix ([CVE-2015-0293])
+ * Use After Free following d2i_ECPrivatekey error fix ([CVE-2015-0209])
+ * X509_to_X509_REQ NULL pointer deref fix ([CVE-2015-0288])
* Removed the export ciphers from the DEFAULT ciphers
-### Major changes between OpenSSL 1.0.1k and OpenSSL 1.0.1l [15 Jan 2015] ###
+### Major changes between OpenSSL 1.0.1k and OpenSSL 1.0.1l [15 Jan 2015]
* Build fixes for the Windows and OpenVMS platforms
-### Major changes between OpenSSL 1.0.1j and OpenSSL 1.0.1k [8 Jan 2015] ###
+### Major changes between OpenSSL 1.0.1j and OpenSSL 1.0.1k [8 Jan 2015]
- * Fix for [CVE-2014-3571][]
- * Fix for [CVE-2015-0206][]
- * Fix for [CVE-2014-3569][]
- * Fix for [CVE-2014-3572][]
- * Fix for [CVE-2015-0204][]
- * Fix for [CVE-2015-0205][]
- * Fix for [CVE-2014-8275][]
- * Fix for [CVE-2014-3570][]
+ * Fix for [CVE-2014-3571]
+ * Fix for [CVE-2015-0206]
+ * Fix for [CVE-2014-3569]
+ * Fix for [CVE-2014-3572]
+ * Fix for [CVE-2015-0204]
+ * Fix for [CVE-2015-0205]
+ * Fix for [CVE-2014-8275]
+ * Fix for [CVE-2014-3570]
-### Major changes between OpenSSL 1.0.1i and OpenSSL 1.0.1j [15 Oct 2014] ###
+### Major changes between OpenSSL 1.0.1i and OpenSSL 1.0.1j [15 Oct 2014]
- * Fix for [CVE-2014-3513][]
- * Fix for [CVE-2014-3567][]
- * Mitigation for [CVE-2014-3566][] (SSL protocol vulnerability)
- * Fix for [CVE-2014-3568][]
+ * Fix for [CVE-2014-3513]
+ * Fix for [CVE-2014-3567]
+ * Mitigation for [CVE-2014-3566] (SSL protocol vulnerability)
+ * Fix for [CVE-2014-3568]
-### Major changes between OpenSSL 1.0.1h and OpenSSL 1.0.1i [6 Aug 2014] ###
+### Major changes between OpenSSL 1.0.1h and OpenSSL 1.0.1i [6 Aug 2014]
- * Fix for [CVE-2014-3512][]
- * Fix for [CVE-2014-3511][]
- * Fix for [CVE-2014-3510][]
- * Fix for [CVE-2014-3507][]
- * Fix for [CVE-2014-3506][]
- * Fix for [CVE-2014-3505][]
- * Fix for [CVE-2014-3509][]
- * Fix for [CVE-2014-5139][]
- * Fix for [CVE-2014-3508][]
+ * Fix for [CVE-2014-3512]
+ * Fix for [CVE-2014-3511]
+ * Fix for [CVE-2014-3510]
+ * Fix for [CVE-2014-3507]
+ * Fix for [CVE-2014-3506]
+ * Fix for [CVE-2014-3505]
+ * Fix for [CVE-2014-3509]
+ * Fix for [CVE-2014-5139]
+ * Fix for [CVE-2014-3508]
-### Major changes between OpenSSL 1.0.1g and OpenSSL 1.0.1h [5 Jun 2014] ###
+### Major changes between OpenSSL 1.0.1g and OpenSSL 1.0.1h [5 Jun 2014]
- * Fix for [CVE-2014-0224][]
- * Fix for [CVE-2014-0221][]
- * Fix for [CVE-2014-0198][]
- * Fix for [CVE-2014-0195][]
- * Fix for [CVE-2014-3470][]
- * Fix for [CVE-2010-5298][]
+ * Fix for [CVE-2014-0224]
+ * Fix for [CVE-2014-0221]
+ * Fix for [CVE-2014-0198]
+ * Fix for [CVE-2014-0195]
+ * Fix for [CVE-2014-3470]
+ * Fix for [CVE-2010-5298]
-### Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014] ###
+### Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014]
- * Fix for [CVE-2014-0160][]
+ * Fix for [CVE-2014-0160]
* Add TLS padding extension workaround for broken servers.
- * Fix for [CVE-2014-0076][]
+ * Fix for [CVE-2014-0076]
-### Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014] ###
+### Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014]
* Don't include gmt_unix_time in TLS server and client random values
- * Fix for TLS record tampering bug [CVE-2013-4353][]
- * Fix for TLS version checking bug [CVE-2013-6449][]
- * Fix for DTLS retransmission bug [CVE-2013-6450][]
+ * Fix for TLS record tampering bug ([CVE-2013-4353])
+ * Fix for TLS version checking bug ([CVE-2013-6449])
+ * Fix for DTLS retransmission bug ([CVE-2013-6450])
-### Major changes between OpenSSL 1.0.1d and OpenSSL 1.0.1e [11 Feb 2013] ###
+### Major changes between OpenSSL 1.0.1d and OpenSSL 1.0.1e [11 Feb 2013]
- * Corrected fix for [CVE-2013-0169][]
+ * Corrected fix for ([CVE-2013-0169])
-### Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d [4 Feb 2013] ###
+### Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d [4 Feb 2013]
* Fix renegotiation in TLS 1.1, 1.2 by using the correct TLS version.
* Include the fips configuration module.
- * Fix OCSP bad key DoS attack [CVE-2013-0166][]
- * Fix for SSL/TLS/DTLS CBC plaintext recovery attack [CVE-2013-0169][]
- * Fix for TLS AESNI record handling flaw [CVE-2012-2686][]
+ * Fix OCSP bad key DoS attack ([CVE-2013-0166])
+ * Fix for SSL/TLS/DTLS CBC plaintext recovery attack ([CVE-2013-0169])
+ * Fix for TLS AESNI record handling flaw ([CVE-2012-2686])
-### Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c [10 May 2012] ###
+### Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c [10 May 2012]
- * Fix TLS/DTLS record length checking bug [CVE-2012-2333][]
+ * Fix TLS/DTLS record length checking bug ([CVE-2012-2333])
* Don't attempt to use non-FIPS composite ciphers in FIPS mode.
-### Major changes between OpenSSL 1.0.1a and OpenSSL 1.0.1b [26 Apr 2012] ###
+### Major changes between OpenSSL 1.0.1a and OpenSSL 1.0.1b [26 Apr 2012]
* Fix compilation error on non-x86 platforms.
* Make FIPS capable OpenSSL ciphers work in non-FIPS mode.
* Fix SSL_OP_NO_TLSv1_1 clash with SSL_OP_ALL in OpenSSL 1.0.0
-### Major changes between OpenSSL 1.0.1 and OpenSSL 1.0.1a [19 Apr 2012] ###
+### Major changes between OpenSSL 1.0.1 and OpenSSL 1.0.1a [19 Apr 2012]
- * Fix for ASN1 overflow bug [CVE-2012-2110][]
+ * Fix for ASN1 overflow bug ([CVE-2012-2110])
* Workarounds for some servers that hang on long client hellos.
* Fix SEGV in AES code.
-### Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1 [14 Mar 2012] ###
+### Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1 [14 Mar 2012]
* TLS/DTLS heartbeat support.
* SCTP support.
* Preliminary FIPS capability for unvalidated 2.0 FIPS module.
* SRP support.
-
OpenSSL 1.0.0
-------------
-### Major changes between OpenSSL 1.0.0s and OpenSSL 1.0.0t [3 Dec 2015] ###
+### Major changes between OpenSSL 1.0.0s and OpenSSL 1.0.0t [3 Dec 2015]
- * X509_ATTRIBUTE memory leak ([CVE-2015-3195][])
- * Race condition handling PSK identify hint ([CVE-2015-3196][])
+ * X509_ATTRIBUTE memory leak (([CVE-2015-3195]))
+ * Race condition handling PSK identify hint ([CVE-2015-3196])
-### Major changes between OpenSSL 1.0.0r and OpenSSL 1.0.0s [11 Jun 2015] ###
+### Major changes between OpenSSL 1.0.0r and OpenSSL 1.0.0s [11 Jun 2015]
- * Malformed ECParameters causes infinite loop ([CVE-2015-1788][])
- * Exploitable out-of-bounds read in X509_cmp_time ([CVE-2015-1789][])
- * PKCS7 crash with missing EnvelopedContent ([CVE-2015-1790][])
- * CMS verify infinite loop with unknown hash function ([CVE-2015-1792][])
- * Race condition handling NewSessionTicket ([CVE-2015-1791][])
+ * Malformed ECParameters causes infinite loop ([CVE-2015-1788])
+ * Exploitable out-of-bounds read in X509_cmp_time ([CVE-2015-1789])
+ * PKCS7 crash with missing EnvelopedContent ([CVE-2015-1790])
+ * CMS verify infinite loop with unknown hash function ([CVE-2015-1792])
+ * Race condition handling NewSessionTicket ([CVE-2015-1791])
-### Major changes between OpenSSL 1.0.0q and OpenSSL 1.0.0r [19 Mar 2015] ###
+### Major changes between OpenSSL 1.0.0q and OpenSSL 1.0.0r [19 Mar 2015]
- * Segmentation fault in ASN1_TYPE_cmp fix ([CVE-2015-0286][])
- * ASN.1 structure reuse memory corruption fix ([CVE-2015-0287][])
- * PKCS7 NULL pointer dereferences fix ([CVE-2015-0289][])
- * DoS via reachable assert in SSLv2 servers fix ([CVE-2015-0293][])
- * Use After Free following d2i_ECPrivatekey error fix ([CVE-2015-0209][])
- * X509_to_X509_REQ NULL pointer deref fix ([CVE-2015-0288][])
+ * Segmentation fault in ASN1_TYPE_cmp fix ([CVE-2015-0286])
+ * ASN.1 structure reuse memory corruption fix ([CVE-2015-0287])
+ * PKCS7 NULL pointer dereferences fix ([CVE-2015-0289])
+ * DoS via reachable assert in SSLv2 servers fix ([CVE-2015-0293])
+ * Use After Free following d2i_ECPrivatekey error fix ([CVE-2015-0209])
+ * X509_to_X509_REQ NULL pointer deref fix ([CVE-2015-0288])
* Removed the export ciphers from the DEFAULT ciphers
-### Major changes between OpenSSL 1.0.0p and OpenSSL 1.0.0q [15 Jan 2015] ###
+### Major changes between OpenSSL 1.0.0p and OpenSSL 1.0.0q [15 Jan 2015]
* Build fixes for the Windows and OpenVMS platforms
-### Major changes between OpenSSL 1.0.0o and OpenSSL 1.0.0p [8 Jan 2015] ###
+### Major changes between OpenSSL 1.0.0o and OpenSSL 1.0.0p [8 Jan 2015]
- * Fix for [CVE-2014-3571][]
- * Fix for [CVE-2015-0206][]
- * Fix for [CVE-2014-3569][]
- * Fix for [CVE-2014-3572][]
- * Fix for [CVE-2015-0204][]
- * Fix for [CVE-2015-0205][]
- * Fix for [CVE-2014-8275][]
- * Fix for [CVE-2014-3570][]
+ * Fix for [CVE-2014-3571]
+ * Fix for [CVE-2015-0206]
+ * Fix for [CVE-2014-3569]
+ * Fix for [CVE-2014-3572]
+ * Fix for [CVE-2015-0204]
+ * Fix for [CVE-2015-0205]
+ * Fix for [CVE-2014-8275]
+ * Fix for [CVE-2014-3570]
-### Major changes between OpenSSL 1.0.0n and OpenSSL 1.0.0o [15 Oct 2014] ###
+### Major changes between OpenSSL 1.0.0n and OpenSSL 1.0.0o [15 Oct 2014]
- * Fix for [CVE-2014-3513][]
- * Fix for [CVE-2014-3567][]
- * Mitigation for [CVE-2014-3566][] (SSL protocol vulnerability)
- * Fix for [CVE-2014-3568][]
+ * Fix for [CVE-2014-3513]
+ * Fix for [CVE-2014-3567]
+ * Mitigation for [CVE-2014-3566] (SSL protocol vulnerability)
+ * Fix for [CVE-2014-3568]
-### Major changes between OpenSSL 1.0.0m and OpenSSL 1.0.0n [6 Aug 2014] ###
+### Major changes between OpenSSL 1.0.0m and OpenSSL 1.0.0n [6 Aug 2014]
- * Fix for [CVE-2014-3510][]
- * Fix for [CVE-2014-3507][]
- * Fix for [CVE-2014-3506][]
- * Fix for [CVE-2014-3505][]
- * Fix for [CVE-2014-3509][]
- * Fix for [CVE-2014-3508][]
+ * Fix for [CVE-2014-3510]
+ * Fix for [CVE-2014-3507]
+ * Fix for [CVE-2014-3506]
+ * Fix for [CVE-2014-3505]
+ * Fix for [CVE-2014-3509]
+ * Fix for [CVE-2014-3508]
Known issues in OpenSSL 1.0.0m:
* EAP-FAST and other applications using tls_session_secret_cb
- wont resume sessions. Fixed in 1.0.0n-dev
+ won't resume sessions. Fixed in 1.0.0n-dev
* Compilation failure of s3_pkt.c on some platforms due to missing
- <limits.h> include. Fixed in 1.0.0n-dev
+ `<limits.h>` include. Fixed in 1.0.0n-dev
-### Major changes between OpenSSL 1.0.0l and OpenSSL 1.0.0m [5 Jun 2014] ###
+### Major changes between OpenSSL 1.0.0l and OpenSSL 1.0.0m [5 Jun 2014]
- * Fix for [CVE-2014-0224][]
- * Fix for [CVE-2014-0221][]
- * Fix for [CVE-2014-0198][]
- * Fix for [CVE-2014-0195][]
- * Fix for [CVE-2014-3470][]
- * Fix for [CVE-2014-0076][]
- * Fix for [CVE-2010-5298][]
+ * Fix for [CVE-2014-0224]
+ * Fix for [CVE-2014-0221]
+ * Fix for [CVE-2014-0198]
+ * Fix for [CVE-2014-0195]
+ * Fix for [CVE-2014-3470]
+ * Fix for [CVE-2014-0076]
+ * Fix for [CVE-2010-5298]
-### Major changes between OpenSSL 1.0.0k and OpenSSL 1.0.0l [6 Jan 2014] ###
+### Major changes between OpenSSL 1.0.0k and OpenSSL 1.0.0l [6 Jan 2014]
- * Fix for DTLS retransmission bug [CVE-2013-6450][]
+ * Fix for DTLS retransmission bug ([CVE-2013-6450])
-### Major changes between OpenSSL 1.0.0j and OpenSSL 1.0.0k [5 Feb 2013] ###
+### Major changes between OpenSSL 1.0.0j and OpenSSL 1.0.0k [5 Feb 2013]
- * Fix for SSL/TLS/DTLS CBC plaintext recovery attack [CVE-2013-0169][]
- * Fix OCSP bad key DoS attack [CVE-2013-0166][]
+ * Fix for SSL/TLS/DTLS CBC plaintext recovery attack ([CVE-2013-0169])
+ * Fix OCSP bad key DoS attack ([CVE-2013-0166])
-### Major changes between OpenSSL 1.0.0i and OpenSSL 1.0.0j [10 May 2012] ###
+### Major changes between OpenSSL 1.0.0i and OpenSSL 1.0.0j [10 May 2012]
- * Fix DTLS record length checking bug [CVE-2012-2333][]
+ * Fix DTLS record length checking bug ([CVE-2012-2333])
-### Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.0i [19 Apr 2012] ###
+### Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.0i [19 Apr 2012]
- * Fix for ASN1 overflow bug [CVE-2012-2110][]
+ * Fix for ASN1 overflow bug ([CVE-2012-2110])
+### Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h [12 Mar 2012]
-### Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h [12 Mar 2012] ###
-
- * Fix for CMS/PKCS#7 MMA [CVE-2012-0884][]
- * Corrected fix for [CVE-2011-4619][]
+ * Fix for CMS/PKCS#7 MMA ([CVE-2012-0884])
+ * Corrected fix for ([CVE-2011-4619])
* Various DTLS fixes.
-### Major changes between OpenSSL 1.0.0f and OpenSSL 1.0.0g [18 Jan 2012] ###
+### Major changes between OpenSSL 1.0.0f and OpenSSL 1.0.0g [18 Jan 2012]
- * Fix for DTLS DoS issue [CVE-2012-0050][]
+ * Fix for DTLS DoS issue ([CVE-2012-0050])
-### Major changes between OpenSSL 1.0.0e and OpenSSL 1.0.0f [4 Jan 2012] ###
+### Major changes between OpenSSL 1.0.0e and OpenSSL 1.0.0f [4 Jan 2012]
- * Fix for DTLS plaintext recovery attack [CVE-2011-4108][]
- * Clear block padding bytes of SSL 3.0 records [CVE-2011-4576][]
- * Only allow one SGC handshake restart for SSL/TLS [CVE-2011-4619][]
- * Check parameters are not NULL in GOST ENGINE [CVE-2012-0027][]
- * Check for malformed RFC3779 data [CVE-2011-4577][]
+ * Fix for DTLS plaintext recovery attack ([CVE-2011-4108])
+ * Clear block padding bytes of SSL 3.0 records ([CVE-2011-4576])
+ * Only allow one SGC handshake restart for SSL/TLS ([CVE-2011-4619])
+ * Check parameters are not NULL in GOST ENGINE ([CVE-2012-0027])
+ * Check for malformed RFC3779 data ([CVE-2011-4577])
-### Major changes between OpenSSL 1.0.0d and OpenSSL 1.0.0e [6 Sep 2011] ###
+### Major changes between OpenSSL 1.0.0d and OpenSSL 1.0.0e [6 Sep 2011]
- * Fix for CRL vulnerability issue [CVE-2011-3207][]
- * Fix for ECDH crashes [CVE-2011-3210][]
+ * Fix for CRL vulnerability issue ([CVE-2011-3207])
+ * Fix for ECDH crashes ([CVE-2011-3210])
* Protection against EC timing attacks.
* Support ECDH ciphersuites for certificates using SHA2 algorithms.
* Various DTLS fixes.
-### Major changes between OpenSSL 1.0.0c and OpenSSL 1.0.0d [8 Feb 2011] ###
+### Major changes between OpenSSL 1.0.0c and OpenSSL 1.0.0d [8 Feb 2011]
- * Fix for security issue [CVE-2011-0014][]
+ * Fix for security issue ([CVE-2011-0014])
-### Major changes between OpenSSL 1.0.0b and OpenSSL 1.0.0c [2 Dec 2010] ###
+### Major changes between OpenSSL 1.0.0b and OpenSSL 1.0.0c [2 Dec 2010]
- * Fix for security issue [CVE-2010-4180][]
- * Fix for [CVE-2010-4252][]
+ * Fix for security issue ([CVE-2010-4180])
+ * Fix for ([CVE-2010-4252])
* Fix mishandling of absent EC point format extension.
* Fix various platform compilation issues.
- * Corrected fix for security issue [CVE-2010-3864][].
+ * Corrected fix for security issue ([CVE-2010-3864]).
-### Major changes between OpenSSL 1.0.0a and OpenSSL 1.0.0b [16 Nov 2010] ###
+### Major changes between OpenSSL 1.0.0a and OpenSSL 1.0.0b [16 Nov 2010]
- * Fix for security issue [CVE-2010-3864][].
- * Fix for [CVE-2010-2939][]
+ * Fix for security issue ([CVE-2010-3864]).
+ * Fix for ([CVE-2010-2939])
* Fix WIN32 build system for GOST ENGINE.
-### Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a [1 Jun 2010] ###
+### Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a [1 Jun 2010]
- * Fix for security issue [CVE-2010-1633][].
+ * Fix for security issue ([CVE-2010-1633]).
* GOST MAC and CFB fixes.
-### Major changes between OpenSSL 0.9.8n and OpenSSL 1.0.0 [29 Mar 2010] ###
+### Major changes between OpenSSL 0.9.8n and OpenSSL 1.0.0 [29 Mar 2010]
* RFC3280 path validation: sufficient to process PKITS tests.
* Integrated support for PVK files and keyblobs.
OpenSSL 0.9.x
-------------
-### Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n [24 Mar 2010] ###
+### Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n [24 Mar 2010]
* CFB cipher definition fixes.
- * Fix security issues [CVE-2010-0740][] and [CVE-2010-0433][].
+ * Fix security issues [CVE-2010-0740] and [CVE-2010-0433].
-### Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m [25 Feb 2010] ###
+### Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m [25 Feb 2010]
* Cipher definition fixes.
* Workaround for slow RAND_poll() on some WIN32 versions.
* Ticket and SNI coexistence fixes.
* Many fixes to DTLS handling.
-### Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l [5 Nov 2009] ###
+### Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l [5 Nov 2009]
- * Temporary work around for [CVE-2009-3555][]: disable renegotiation.
+ * Temporary work around for [CVE-2009-3555]: disable renegotiation.
-### Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k [25 Mar 2009] ###
+### Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k [25 Mar 2009]
* Fix various build issues.
- * Fix security issues ([CVE-2009-0590][], [CVE-2009-0591][], [CVE-2009-0789][])
+ * Fix security issues [CVE-2009-0590], [CVE-2009-0591], [CVE-2009-0789]
-### Major changes between OpenSSL 0.9.8i and OpenSSL 0.9.8j [7 Jan 2009] ###
+### Major changes between OpenSSL 0.9.8i and OpenSSL 0.9.8j [7 Jan 2009]
- * Fix security issue ([CVE-2008-5077][])
+ * Fix security issue ([CVE-2008-5077])
* Merge FIPS 140-2 branch code.
-### Major changes between OpenSSL 0.9.8g and OpenSSL 0.9.8h [28 May 2008] ###
+### Major changes between OpenSSL 0.9.8g and OpenSSL 0.9.8h [28 May 2008]
* CryptoAPI ENGINE support.
* Various precautionary measures.
* Fix for bugs affecting certificate request creation.
* Support for local machine keyset attribute in PKCS#12 files.
-### Major changes between OpenSSL 0.9.8f and OpenSSL 0.9.8g [19 Oct 2007] ###
+### Major changes between OpenSSL 0.9.8f and OpenSSL 0.9.8g [19 Oct 2007]
* Backport of CMS functionality to 0.9.8.
* Fixes for bugs introduced with 0.9.8f.
-### Major changes between OpenSSL 0.9.8e and OpenSSL 0.9.8f [11 Oct 2007] ###
+### Major changes between OpenSSL 0.9.8e and OpenSSL 0.9.8f [11 Oct 2007]
* Add gcc 4.2 support.
* Add support for AES and SSE2 assembly language optimization
* RFC4507bis support.
* TLS Extensions support.
-### Major changes between OpenSSL 0.9.8d and OpenSSL 0.9.8e [23 Feb 2007] ###
+### Major changes between OpenSSL 0.9.8d and OpenSSL 0.9.8e [23 Feb 2007]
* Various ciphersuite selection fixes.
* RFC3779 support.
-### Major changes between OpenSSL 0.9.8c and OpenSSL 0.9.8d [28 Sep 2006] ###
+### Major changes between OpenSSL 0.9.8c and OpenSSL 0.9.8d [28 Sep 2006]
- * Introduce limits to prevent malicious key DoS ([CVE-2006-2940][])
- * Fix security issues ([CVE-2006-2937][], [CVE-2006-3737][], [CVE-2006-4343][])
+ * Introduce limits to prevent malicious key DoS ([CVE-2006-2940])
+ * Fix security issues [CVE-2006-2937], [CVE-2006-3737], [CVE-2006-4343]
* Changes to ciphersuite selection algorithm
-### Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c [5 Sep 2006] ###
+### Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c [5 Sep 2006]
- * Fix Daniel Bleichenbacher forged signature attack, [CVE-2006-4339][]
+ * Fix Daniel Bleichenbacher forged signature attack, [CVE-2006-4339]
* New cipher Camellia
-### Major changes between OpenSSL 0.9.8a and OpenSSL 0.9.8b [4 May 2006] ###
+### Major changes between OpenSSL 0.9.8a and OpenSSL 0.9.8b [4 May 2006]
* Cipher string fixes.
* Fixes for VC++ 2005.
* Built in dynamic engine compilation support on Win32.
* Fixes auto dynamic engine loading in Win32.
-### Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a [11 Oct 2005] ###
+### Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a [11 Oct 2005]
- * Fix potential SSL 2.0 rollback, [CVE-2005-2969][]
+ * Fix potential SSL 2.0 rollback ([CVE-2005-2969])
* Extended Windows CE support
-### Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8 [5 Jul 2005] ###
+### Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8 [5 Jul 2005]
* Major work on the BIGNUM library for higher efficiency and to
make operations more streamlined and less contradictory. This
* Added initial support for Win64.
* Added alternate pkg-config files.
-### Major changes between OpenSSL 0.9.7l and OpenSSL 0.9.7m [23 Feb 2007] ###
+### Major changes between OpenSSL 0.9.7l and OpenSSL 0.9.7m [23 Feb 2007]
* FIPS 1.1.1 module linking.
* Various ciphersuite selection fixes.
-### Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l [28 Sep 2006] ###
+### Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l [28 Sep 2006]
- * Introduce limits to prevent malicious key DoS ([CVE-2006-2940][])
- * Fix security issues ([CVE-2006-2937][], [CVE-2006-3737][], [CVE-2006-4343][])
+ * Introduce limits to prevent malicious key DoS ([CVE-2006-2940])
+ * Fix security issues [CVE-2006-2937], [CVE-2006-3737], [CVE-2006-4343]
-### Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k [5 Sep 2006] ###
+### Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k [5 Sep 2006]
- * Fix Daniel Bleichenbacher forged signature attack, [CVE-2006-4339][]
+ * Fix Daniel Bleichenbacher forged signature attack, [CVE-2006-4339]
-### Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j [4 May 2006] ###
+### Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j [4 May 2006]
* Visual C++ 2005 fixes.
* Update Windows build system for FIPS.
-### Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i [14 Oct 2005] ###
+### Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i [14 Oct 2005]
* Give EVP_MAX_MD_SIZE its old value, except for a FIPS build.
-### Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h [11 Oct 2005] ###
+### Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h [11 Oct 2005]
- * Fix SSL 2.0 Rollback, [CVE-2005-2969][]
+ * Fix SSL 2.0 Rollback ([CVE-2005-2969])
* Allow use of fixed-length exponent on DSA signing
* Default fixed-window RSA, DSA, DH private-key operations
-### Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g [11 Apr 2005] ###
+### Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g [11 Apr 2005]
* More compilation issues fixed.
* Adaptation to more modern Kerberos API.
* More constification.
* Added processing of proxy certificates (RFC 3820).
-### Major changes between OpenSSL 0.9.7e and OpenSSL 0.9.7f [22 Mar 2005] ###
+### Major changes between OpenSSL 0.9.7e and OpenSSL 0.9.7f [22 Mar 2005]
* Several compilation issues fixed.
* Many memory allocation failure checks added.
* Mandatory basic checks on certificates.
* Performance improvements.
-### Major changes between OpenSSL 0.9.7d and OpenSSL 0.9.7e [25 Oct 2004] ###
+### Major changes between OpenSSL 0.9.7d and OpenSSL 0.9.7e [25 Oct 2004]
* Fix race condition in CRL checking code.
* Fixes to PKCS#7 (S/MIME) code.
-### Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d [17 Mar 2004] ###
+### Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d [17 Mar 2004]
* Security: Fix Kerberos ciphersuite SSL/TLS handshaking bug
* Security: Fix null-pointer assignment in do_change_cipher_spec()
* Multiple X509 verification fixes
* Speed up HMAC and other operations
-### Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c [30 Sep 2003] ###
+### Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c [30 Sep 2003]
* Security: fix various ASN1 parsing bugs.
* New -ignore_err option to OCSP utility.
* Various interop and bug fixes in S/MIME code.
* SSL/TLS protocol fix for unrequested client certificates.
-### Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b [10 Apr 2003] ###
+### Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b [10 Apr 2003]
* Security: counter the Klima-Pokorny-Rosa extension of
Bleichbacher's attack
* ASN.1: treat domainComponent correctly.
* Documentation: fixes and additions.
-### Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a [19 Feb 2003] ###
+### Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a [19 Feb 2003]
* Security: Important security related bugfixes.
* Enhanced compatibility with MIT Kerberos.
* SSL/TLS: now handles manual certificate chain building.
* SSL/TLS: certain session ID malfunctions corrected.
-### Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7 [30 Dec 2002] ###
+### Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7 [30 Dec 2002]
* New library section OCSP.
* Complete rewrite of ASN1 code.
* SSL/TLS: add callback to retrieve SSL/TLS messages.
* SSL/TLS: support AES cipher suites (RFC3268).
-### Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k [30 Sep 2003] ###
+### Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k [30 Sep 2003]
* Security: fix various ASN1 parsing bugs.
* SSL/TLS protocol fix for unrequested client certificates.
-### Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j [10 Apr 2003] ###
+### Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j [10 Apr 2003]
* Security: counter the Klima-Pokorny-Rosa extension of
Bleichbacher's attack
* Security: make RSA blinding default.
* Build: shared library support fixes.
-### Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i [19 Feb 2003] ###
+### Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i [19 Feb 2003]
* Important security related bugfixes.
-### Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h [5 Dec 2002] ###
+### Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h [5 Dec 2002]
* New configuration targets for Tandem OSS and A/UX.
* New OIDs for Microsoft attributes.
* Fixes for smaller building problems.
* Updates of manuals, FAQ and other instructive documents.
-### Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g [9 Aug 2002] ###
+### Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g [9 Aug 2002]
* Important building fixes on Unix.
-### Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f [8 Aug 2002] ###
+### Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f [8 Aug 2002]
* Various important bugfixes.
-### Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e [30 Jul 2002] ###
+### Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e [30 Jul 2002]
* Important security related bugfixes.
* Various SSL/TLS library bugfixes.
-### Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d [9 May 2002] ###
+### Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d [9 May 2002]
* Various SSL/TLS library bugfixes.
* Fix DH parameter generation for 'non-standard' generators.
-### Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c [21 Dec 2001] ###
+### Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c [21 Dec 2001]
* Various SSL/TLS library bugfixes.
* BIGNUM library fixes.
Broadcom and Cryptographic Appliance's keyserver
[in 0.9.6c-engine release].
-### Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b [9 Jul 2001] ###
+### Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b [9 Jul 2001]
* Security fix: PRNG improvements.
* Security fix: RSA OAEP check.
* Increase default size for BIO buffering filter.
* Compatibility fixes in some scripts.
-### Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a [5 Apr 2001] ###
+### Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a [5 Apr 2001]
* Security fix: change behavior of OpenSSL to avoid using
environment variables when running as root.
* New function BN_rand_range().
* Add "-rand" option to openssl s_client and s_server.
-### Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6 [10 Oct 2000] ###
+### Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6 [10 Oct 2000]
* Some documentation for BIO and SSL libraries.
* Enhanced chain verification using key identifiers.
* New sign and verify options to 'dgst' application.
* Support for DER and PEM encoded messages in 'smime' application.
- * New 'rsautl' application, low level RSA utility.
+ * New 'rsautl' application, low-level RSA utility.
* MD4 now included.
* Bugfix for SSL rollback padding check.
* Support for external crypto devices [1].
* Enhanced EVP interface.
[1] The support for external crypto devices is currently a separate
- distribution. See the file README.ENGINE.
+ distribution. See the file README-Engine.md.
-### Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a [1 Apr 2000] ###
+### Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a [1 Apr 2000]
* Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8
* Shared library support for HPUX and Solaris-gcc
* New 'rand' application
* New way to check for existence of algorithms from scripts
-### Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5 [25 May 2000] ###
+### Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5 [25 May 2000]
* S/MIME support in new 'smime' command
* Documentation for the OpenSSL command line application
* BIGNUM library bug fixes
* Faster DSA parameter generation
* Enhanced support for Alpha Linux
- * Experimental MacOS support
+ * Experimental macOS support
-### Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4 [9 Aug 1999] ###
+### Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4 [9 Aug 1999]
* Transparent support for PKCS#8 format private keys: these are used
by several software packages and are more secure than the standard
* New pipe-like BIO that allows using the SSL library when actual I/O
must be handled by the application (BIO pair)
-### Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3 [24 May 1999] ###
+### Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3 [24 May 1999]
* Lots of enhancements and cleanups to the Configuration mechanism
* RSA OEAP related fixes
* Sparc assembler bignum implementation, optimized hash functions
* Option to disable selected ciphers
-### Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b [22 Mar 1999] ###
+### Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b [22 Mar 1999]
* Fixed a security hole related to session resumption
* Fixed RSA encryption routines for the p < q case
* Overhauled Win32 builds
* Cleanups and fixes to the Big Number (BN) library
* Support for ASN.1 GeneralizedTime
- * Splitted ASN.1 SETs from SEQUENCEs
+ * Split ASN.1 SETs from SEQUENCEs
* ASN1 and PEM support for Netscape Certificate Sequences
* Overhauled Perl interface
* Lots of source tree cleanups.
* Lots of memory leak fixes.
* Lots of bug fixes.
-### Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c [23 Dec 1998] ###
+### Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c [23 Dec 1998]
* Integration of the popular NO_RSA/NO_DSA patches
* Initial support for compression inside the SSL record layer
* Adjustments of the source tree for CVS
* Support for various new platforms
-
-
<!-- Links -->
+[CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511
+[CVE-2024-0727]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-0727
+[CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237
+[CVE-2023-6129]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6129
+[CVE-2023-5678]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5678
+[CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363
+[CVE-2023-4807]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-4807
+[CVE-2023-3817]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3817
+[CVE-2023-3446]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3446
+[CVE-2023-2975]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2975
+[CVE-2023-2650]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2650
+[CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255
+[CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466
+[CVE-2023-0465]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0465
+[CVE-2023-0464]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0464
+[CVE-2023-0401]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0401
+[CVE-2023-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0286
+[CVE-2023-0217]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0217
+[CVE-2023-0216]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0216
+[CVE-2023-0215]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0215
+[CVE-2022-4450]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4450
+[CVE-2022-4304]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4304
+[CVE-2022-4203]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4203
+[CVE-2022-3996]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-3996
+[CVE-2022-2274]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2274
+[CVE-2022-2097]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2097
+[CVE-2020-1971]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1971
+[CVE-2020-1967]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1967
[CVE-2019-1563]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1563
[CVE-2019-1559]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1559
[CVE-2019-1552]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1552
[CVE-2006-2940]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-2940
[CVE-2006-2937]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-2937
[CVE-2005-2969]: https://www.openssl.org/news/vulnerabilities.html#CVE-2005-2969
+[OpenSSL Guide]: https://www.openssl.org/docs/manmaster/man7/ossl-guide-introduction.html
+[CHANGES.md]: ./CHANGES.md
+[README-QUIC.md]: ./README-QUIC.md
+[issue tracker]: https://github.com/openssl/openssl/issues
projects / openssl.git / blobdiff