X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=8d6fcaf493b412da418e89b18b37b7b15aae75a4;hp=4d27975da60b8d646c2d596273a130864165300a;hb=3d6aa6d441fe8124d247dffee5c68c2e5efd8258;hpb=5ad4fdce41bb1ce7762b70fb50f732f70e3772cf diff --git a/CHANGES b/CHANGES index 4d27975da6..8d6fcaf493 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,17 @@ Changes between 1.0.2 and 1.1.0 [xx XXX xxxx] + *) Added support for TLS extended master secret from + draft-ietf-tls-session-hash-03.txt. Thanks for Alfredo Pironti for an + initial patch which was a great help during development. + [Steve Henson] + + *) All libssl internal structures have been removed from the public header + files, and the OPENSSL_NO_SSL_INTERN option has been removed (since it is + now redundant). Users should not attempt to access internal structures + directly. Instead they should use the provided API functions. + [Matt Caswell] + *) config has been changed so that by default OPENSSL_NO_DEPRECATED is used. Access to deprecated functions can be re-enabled by running config with "enable-deprecated". In addition applications wishing to use deprecated @@ -26,12 +37,38 @@ done while fixing the error code for the key-too-small case. [Annie Yousar ] + *) Removed old DES API. + [Rich Salz] + *) Remove various unsupported platforms: - Sony NEWS4 - BEOS and BEOS_R5 - NeXT - SUNOS - MPE/iX + Sony NEWS4 + BEOS and BEOS_R5 + NeXT + SUNOS + MPE/iX + Sinix/ReliantUNIX RM400 + DGUX + NCR + Tandem + Cray + 16-bit platforms such as WIN16 + [Rich Salz] + + *) Clean up OPENSSL_NO_xxx #define's + Use setbuf() and remove OPENSSL_NO_SETVBUF_IONBF + Rename OPENSSL_SYSNAME_xxx to OPENSSL_SYS_xxx + OPENSSL_NO_EC{DH,DSA} merged into OPENSSL_NO_EC + OPENSSL_NO_RIPEMD160, OPENSSL_NO_RIPEMD merged into OPENSSL_NO_RMD160 + OPENSSL_NO_FP_API merged into OPENSSL_NO_STDIO + Remove OPENSSL_NO_BIO OPENSSL_NO_BUFFER OPENSSL_NO_CHAIN_VERIFY + OPENSSL_NO_EVP OPENSSL_NO_FIPS_ERR OPENSSL_NO_HASH_COMP + OPENSSL_NO_LHASH OPENSSL_NO_OBJECT OPENSSL_NO_SPEED OPENSSL_NO_STACK + OPENSSL_NO_X509 OPENSSL_NO_X509_VERIFY + Remove MS_STATIC; it's a relic from platforms <32 bits. + [Rich Salz] + + *) Cleaned up dead code + Remove all but one '#ifdef undef' which is to be looked at. [Rich Salz] *) Experimental support for a new, fast, unbiased prime candidate generator, @@ -335,6 +372,14 @@ Changes between 1.0.1k and 1.0.2 [xx XXX xxxx] + *) Facilitate "universal" ARM builds targeting range of ARM ISAs, e.g. + ARMv5 through ARMv8, as opposite to "locking" it to single one. + So far those who have to target multiple plaforms would compromise + and argue that binary targeting say ARMv5 would still execute on + ARMv8. "Universal" build resolves this compromise by providing + near-optimal performance even on newer platforms. + [Andy Polyakov] + *) Accelerated NIST P-256 elliptic curve implementation for x86_64 (other platforms pending). [Shay Gueron & Vlad Krasnov (Intel Corp), Andy Polyakov] @@ -657,6 +702,67 @@ Changes between 1.0.1j and 1.0.1k [xx XXX xxxx] + *) Abort handshake if server key exchange message is omitted for ephemeral + ECDH ciphersuites. + + Thanks to Karthikeyan Bhargavan of the PROSECCO team at INRIA for + reporting this issue. + (CVE-2014-3572) + [Steve Henson] + + *) Remove non-export ephemeral RSA code on client and server. This code + violated the TLS standard by allowing the use of temporary RSA keys in + non-export ciphersuites and could be used by a server to effectively + downgrade the RSA key length used to a value smaller than the server + certificate. Thanks for Karthikeyan Bhargavan of the PROSECCO team at + INRIA or reporting this issue. + (CVE-2015-0204) + [Steve Henson] + + *) Ensure that the session ID context of an SSL is updated when its + SSL_CTX is updated via SSL_set_SSL_CTX. + + The session ID context is typically set from the parent SSL_CTX, + and can vary with the CTX. + [Adam Langley] + + *) Fix various certificate fingerprint issues. + + By using non-DER or invalid encodings outside the signed portion of a + certificate the fingerprint can be changed without breaking the signature. + Although no details of the signed portion of the certificate can be changed + this can cause problems with some applications: e.g. those using the + certificate fingerprint for blacklists. + + 1. Reject signatures with non zero unused bits. + + If the BIT STRING containing the signature has non zero unused bits reject + the signature. All current signature algorithms require zero unused bits. + + 2. Check certificate algorithm consistency. + + Check the AlgorithmIdentifier inside TBS matches the one in the + certificate signature. NB: this will result in signature failure + errors for some broken certificates. + + Thanks to Konrad Kraszewski from Google for reporting this issue. + + 3. Check DSA/ECDSA signatures use DER. + + Reencode DSA/ECDSA signatures and compare with the original received + signature. Return an error if there is a mismatch. + + This will reject various cases including garbage after signature + (thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS + program for discovering this case) and use of BER or invalid ASN.1 INTEGERs + (negative or with leading zeroes). + + Further analysis was conducted and fixes were developed by Stephen Henson + of the OpenSSL core team. + + (CVE-2014-8275) + [Steve Henson] + *) Do not resume sessions on the server if the negotiated protocol version does not match the session's version. Resuming with a different version, while not strictly forbidden by the RFC, is of questionable