X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=b233c23335313bdcb49408b311a87a3132cdafc1;hp=e182b6072fe22fb4b68165eb3c8a2a66806939e9;hb=497f3bf9a75a2917e50b16b7985e87c89b86a39b;hpb=b8f304f70df820edb7740abcac31ed90073f3ecd diff --git a/CHANGES b/CHANGES index e182b6072f..b233c23335 100644 --- a/CHANGES +++ b/CHANGES @@ -2,7 +2,24 @@ OpenSSL CHANGES _______________ - Changes between 1.0.2h and 1.1.0 [xx XXX 2016] + Changes between 1.1.0 and 1.1.1 [xx XXX xxxx] + + *) + + Changes between 1.0.2h and 1.1.0 [25 Aug 2016] + + *) Windows command-line tool supports UTF-8 opt-in option for arguments + and console input. Setting OPENSSL_WIN32_UTF8 environment variable + (to any value) allows Windows user to access PKCS#12 file generated + with Windows CryptoAPI and protected with non-ASCII password, as well + as files generated under UTF-8 locale on Linux also protected with + non-ASCII password. + [Andy Polyakov] + + *) To mitigate the SWEET32 attack (CVE-2016-2183), 3DES cipher suites + have been disabled by default and removed from DEFAULT, just like RC4. + See the RC4 item below to re-enable both. + [Rich Salz] *) The method for finding the storage location for the Windows RAND seed file has changed. First we check %RANDFILE%. If that is not set then we check @@ -200,19 +217,13 @@ [Emilia Käsper] *) Add X25519 support. - Integrate support for X25519 into EC library. This includes support + Add ASN.1 and EVP_PKEY methods for X25519. This includes support for public and private key encoding using the format documented in - draft-josefsson-pkix-newcurves-01: specifically X25519 uses the - OID from that draft, encodes public keys using little endian - format in the ECPoint structure and private keys using - little endian form in the privateKey field of the ECPrivateKey - structure. TLS support complies with draft-ietf-tls-rfc4492bis-06 - and uses X25519(29). + draft-ietf-curdle-pkix-02. The coresponding EVP_PKEY method supports + key generation and key derivation. - Note: the current version supports key generation, public and - private key encoding and ECDH key agreement using the EC API. - Low level point operations such as EC_POINT_add(), EC_POINT_mul() - are NOT supported. + TLS support complies with draft-ietf-tls-rfc4492bis-08 and uses + X25519(29). [Steve Henson] *) Deprecate SRP_VBASE_get_by_user. @@ -867,10 +878,6 @@ combination: call this in fips_test_suite. [Steve Henson] - *) Add support for Dual EC DRBG from SP800-90. Update DRBG algorithm test - and POST to handle Dual EC cases. - [Steve Henson] - *) Add support for canonical generation of DSA parameter 'g'. See FIPS 186-3 A.2.3. @@ -1822,7 +1829,7 @@ possible to have different stores per SSL structure or one store in the parent SSL_CTX. Include distinct stores for certificate chain verification and chain building. New ctrl SSL_CTRL_BUILD_CERT_CHAIN - to build and store a certificate chain in CERT structure: returing + to build and store a certificate chain in CERT structure: returning an error if the chain cannot be built: this will allow applications to test if a chain is correctly configured. @@ -2065,7 +2072,7 @@ 3. Check DSA/ECDSA signatures use DER. - Reencode DSA/ECDSA signatures and compare with the original received + Re-encode DSA/ECDSA signatures and compare with the original received signature. Return an error if there is a mismatch. This will reject various cases including garbage after signature @@ -2155,7 +2162,7 @@ *) Add additional DigestInfo checks. - Reencode DigestInto in DER and check against the original when + Re-encode DigestInto in DER and check against the original when verifying RSA signature: this will reject any improperly encoded DigestInfo structures. @@ -2752,7 +2759,7 @@ in CMS and PKCS7 code. When RSA decryption fails use a random key for content decryption and always return the same error. Note: this attack needs on average 2^20 messages so it only affects automated senders. The - old behaviour can be reenabled in the CMS code by setting the + old behaviour can be re-enabled in the CMS code by setting the CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where an MMA defence is not necessary. Thanks to Ivan Nestlerode for discovering @@ -3048,7 +3055,7 @@ as part of the CRL checking and indicate a new error "CRL path validation error" in this case. Applications wanting additional details can use the verify callback and check the new "parent" field. If this is not - NULL CRL path validation is taking place. Existing applications wont + NULL CRL path validation is taking place. Existing applications won't see this because it requires extended CRL support which is off by default. @@ -4061,9 +4068,9 @@ This work was sponsored by Logica. [Steve Henson] - *) Fix bug in X509_ATTRIBUTE creation: dont set attribute using + *) Fix bug in X509_ATTRIBUTE creation: don't set attribute using ASN1_TYPE_set1 if MBSTRING flag set. This bug would crash certain - attribute creation routines such as certifcate requests and PKCS#12 + attribute creation routines such as certificate requests and PKCS#12 files. [Steve Henson] @@ -4138,7 +4145,7 @@ [Ian Lister (tweaked by Geoff Thorpe)] *) Backport of CMS code to OpenSSL 0.9.8. This differs from the 0.9.9 - implemention in the following ways: + implementation in the following ways: Lack of EVP_PKEY_ASN1_METHOD means algorithm parameters have to be hard coded. @@ -4336,7 +4343,7 @@ implementation in BN_mod_exp_mont_consttime().) The old name remains as a deprecated alias. - Similary, RSA_FLAG_NO_EXP_CONSTTIME is replaced by a more general + Similarly, RSA_FLAG_NO_EXP_CONSTTIME is replaced by a more general RSA_FLAG_NO_CONSTTIME flag since the RSA implementation now uses constant-time implementations for more than just exponentiation. Here too the old name is kept as a deprecated alias. @@ -5040,7 +5047,7 @@ *) Key-generation can now be implemented in RSA_METHOD, DSA_METHOD and DH_METHOD (eg. by ENGINE implementations) to override the normal software implementations. For DSA and DH, parameter generation can - also be overriden by providing the appropriate method callbacks. + also be overridden by providing the appropriate method callbacks. [Geoff Thorpe] *) Change the "progress" mechanism used in key-generation and @@ -5123,7 +5130,7 @@ the "shared" options was given to ./Configure or ./config. Otherwise, they are inserted in libcrypto.a. /usr/local/ssl/engines is the default directory for dynamic - engines, but that can be overriden at configure time through + engines, but that can be overridden at configure time through the usual use of --prefix and/or --openssldir, and at run time with the environment variable OPENSSL_ENGINES. [Geoff Thorpe and Richard Levitte] @@ -5658,8 +5665,8 @@ [Steve Henson] *) Perform some character comparisons of different types in X509_NAME_cmp: - this is needed for some certificates that reencode DNs into UTF8Strings - (in violation of RFC3280) and can't or wont issue name rollover + this is needed for some certificates that re-encode DNs into UTF8Strings + (in violation of RFC3280) and can't or won't issue name rollover certificates. [Steve Henson] @@ -6717,7 +6724,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k const ASN1_ITEM *it = &ASN1_INTEGER_it; - wont compile. This is used by the any applications that need to + won't compile. This is used by the any applications that need to declare their own ASN1 modules. This was fixed by adding the option EXPORT_VAR_AS_FN to all Win32 platforms, although this isn't strictly needed for static libraries under Win32. @@ -7318,7 +7325,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k entropy, EGD style sockets (served by EGD or PRNGD) will automatically be queried. The locations /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool, and - /etc/entropy will be queried once each in this sequence, quering stops + /etc/entropy will be queried once each in this sequence, querying stops when enough entropy was collected without querying more sockets. [Lutz Jaenicke] @@ -7346,7 +7353,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k information from an OCSP_CERTID structure (which will be created when the request structure is built). These are built from lower level functions which work on OCSP_SINGLERESP structures but - wont normally be used unless the application wishes to examine + won't normally be used unless the application wishes to examine extensions in the OCSP response for example. Replace nonce routines with a pair of functions. @@ -7422,7 +7429,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) New function X509V3_add1_i2d(). This automatically encodes and adds an extension. Its behaviour can be customised with various flags to append, replace or delete. Various wrappers added for - certifcates and CRLs. + certificates and CRLs. [Steve Henson] *) Fix to avoid calling the underlying ASN1 print routine when @@ -7967,7 +7974,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Nils Larsch ] *) Fix BASE64 decode (EVP_DecodeUpdate) for data with CR/LF ended lines: - an end-of-file condition would erronously be flagged, when the CRLF + an end-of-file condition would erroneously be flagged, when the CRLF was just at the end of a processed block. The bug was discovered when processing data through a buffering memory BIO handing the data to a BASE64-decoding BIO. Bug fund and patch submitted by Pavel Tsekov @@ -8897,7 +8904,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) When a certificate request is read in keep a copy of the - original encoding of the signed data and use it when outputing + original encoding of the signed data and use it when outputting again. Signatures then use the original encoding rather than a decoded, encoded version which may cause problems if the request is improperly encoded.