X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=0c1e8984bc41411236b3d75d7590719f7848a157;hp=c835f6aae482b92a82ff684a91bea7df30ae4716;hb=1518c55a796b058eff01f3cbf177f4b726c01d7c;hpb=21c03ee534ffa78ac44325ca30e1cfc18c2888c0 diff --git a/CHANGES b/CHANGES index c835f6aae4..0c1e8984bc 100644 --- a/CHANGES +++ b/CHANGES @@ -7,10 +7,45 @@ https://github.com/openssl/openssl/commits/ and pick the appropriate release branch. - Changes between 1.1.0g and 1.1.1 [xx XXX xxxx] + Changes between 1.1.0h and 1.1.1 [xx XXX xxxx] - *) Added support for X448 and Ed448. Currently this is only supported in - libcrypto (not libssl). Heavily based on original work by Mike Hamburg. + *) Added new public header file and documentation + for the RAND_DRBG API. See manual page RAND_DRBG(7) for an overview. + [Matthias St. Pierre] + + *) QNX support removed (cannot find contributors to get their approval + for the license change). + [Rich Salz] + + *) TLSv1.3 replay protection for early data has been implemented. See the + SSL_read_early_data() man page for further details. + [Matt Caswell] + + *) Separated TLSv1.3 ciphersuite configuration out from TLSv1.2 ciphersuite + configuration. TLSv1.3 ciphersuites are not compatible with TLSv1.2 and + below. Similarly TLSv1.2 ciphersuites are not compatible with TLSv1.3. + In order to avoid issues where legacy TLSv1.2 ciphersuite configuration + would otherwise inadvertently disable all TLSv1.3 ciphersuites the + configuraton has been separated out. See the ciphers man page or the + SSL_CTX_set_ciphersuites() man page for more information. + [Matt Caswell] + + *) On POSIX (BSD, Linux, ...) systems the ocsp(1) command running + in responder mode now supports the new "-multi" option, which + spawns the specified number of child processes to handle OCSP + requests. The "-timeout" option now also limits the OCSP + responder's patience to wait to receive the full client request + on a newly accepted connection. Child processes are respawned + as needed, and the CA index file is automatically reloaded + when changed. This makes it possible to run the "ocsp" responder + as a long-running service, making the OpenSSL CA somewhat more + feature-complete. In this mode, most diagnostic messages logged + after entering the event loop are logged via syslog(3) rather than + written to stderr. + [Viktor Dukhovni] + + *) Added support for X448 and Ed448. Heavily based on original work by + Mike Hamburg. [Matt Caswell] *) Extend OSSL_STORE with capabilities to search and to narrow the set of @@ -21,12 +56,7 @@ *) Support for TLSv1.3 added. Note that users upgrading from an earlier version of OpenSSL should review their configuration settings to ensure - that they are still appropriate for TLSv1.3. In particular if no TLSv1.3 - ciphersuites are enabled then OpenSSL will refuse to make a connection - unless (1) TLSv1.3 is explicitly disabled or (2) the ciphersuite - configuration is updated to include suitable ciphersuites. The DEFAULT - ciphersuite configuration does include TLSv1.3 ciphersuites. For further - information on this and other related issues please see: + that they are still appropriate for TLSv1.3. For further information see: https://www.openssl.org/blog/blog/2018/02/08/tlsv1.3/ NOTE: In this pre-release of OpenSSL a draft version of the @@ -266,6 +296,52 @@ Changes between 1.1.0g and 1.1.0h [xx XXX xxxx] + *) Constructed ASN.1 types with a recursive definition could exceed the stack + + Constructed ASN.1 types with a recursive definition (such as can be found + in PKCS7) could eventually exceed the stack given malicious input with + excessive recursion. This could result in a Denial Of Service attack. There + are no such structures used within SSL/TLS that come from untrusted sources + so this is considered safe. + + This issue was reported to OpenSSL on 4th January 2018 by the OSS-fuzz + project. + (CVE-2018-0739) + [Matt Caswell] + + *) Incorrect CRYPTO_memcmp on HP-UX PA-RISC + + Because of an implementation bug the PA-RISC CRYPTO_memcmp function is + effectively reduced to only comparing the least significant bit of each + byte. This allows an attacker to forge messages that would be considered as + authenticated in an amount of tries lower than that guaranteed by the + security claims of the scheme. The module can only be compiled by the + HP-UX assembler, so that only HP-UX PA-RISC targets are affected. + + This issue was reported to OpenSSL on 2nd March 2018 by Peter Waltenberg + (IBM). + (CVE-2018-0733) + [Andy Polyakov] + + *) Add a build target 'build_all_generated', to build all generated files + and only that. This can be used to prepare everything that requires + things like perl for a system that lacks perl and then move everything + to that system and do the rest of the build there. + [Richard Levitte] + + *) Backport SSL_OP_NO_RENGOTIATION + + OpenSSL 1.0.2 and below had the ability to disable renegotiation using the + (undocumented) SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS flag. Due to the opacity + changes this is no longer possible in 1.1.0. Therefore the new + SSL_OP_NO_RENEGOTIATION option from 1.1.1-dev has been backported to + 1.1.0 to provide equivalent functionality. + + Note that if an application built against 1.1.0h headers (or above) is run + using an older version of 1.1.0 (prior to 1.1.0h) then the option will be + accepted but nothing will happen, i.e. renegotiation will not be prevented. + [Matt Caswell] + *) Removed the OS390-Unix config target. It relied on a script that doesn't exist. [Rich Salz] @@ -3260,8 +3336,11 @@ to work with OPENSSL_NO_SSL_INTERN defined. [Steve Henson] - *) Add SRP support. - [Tom Wu and Ben Laurie] + *) A long standing patch to add support for SRP from EdelWeb (Peter + Sylvester and Christophe Renou) was integrated. + [Christophe Renou , Peter Sylvester + , Tom Wu , and + Ben Laurie] *) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id. [Steve Henson]