The key adjustments and known considerations for the 1.1.1 department
of the OpenSSL toolkit are summarised below. The contents
suppose the most up-to-date suppose of the NEWS file inner
the git repository.
More shrimp print could almost certainly even be train within the ChangeLog.
Main adjustments between OpenSSL 1.1.1g and OpenSSL 1.1.1h [22 Sep 2020]
- Disallow specific curve parameters in verifications chains when X509_V_FLAG_X509_STRICT is mature
- Enable ‘MinProtocol’ and ‘MaxProtocol’ to configure both TLS and DTLS contexts
- Oracle Developer Studio will initiate reporting deprecation warnings
Main adjustments between OpenSSL 1.1.1f and OpenSSL 1.1.1g [21 Apr 2020]
- Mounted segmentation fault in SSL_check_chain() (CVE-2020-1967)
Main adjustments between OpenSSL 1.1.1e and OpenSSL 1.1.1f [31 Mar 2020]
- Revert the surprising EOF reporting by the consume of SSL_ERROR_SSL
Main adjustments between OpenSSL 1.1.1d and OpenSSL 1.1.1e [17 Mar 2020]
- Mounted an overflow computer virus within the x64_64 Sir Bernard Law squaring course of mature in exponentiation with 512-bit moduli (CVE-2019-1551)
- Wisely detect surprising EOF while studying in libssl and file it by the consume of SSL_ERROR_SSL
Main adjustments between OpenSSL 1.1.1c and OpenSSL 1.1.1d [10 Sep 2019]
- Mounted a fork protection discipline (CVE-2019-1549)
- Mounted a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey (CVE-2019-1563)
- For built-in EC curves, invent sure that an EC_GROUP built from the curve title is mature even when parsing specific parameters
- Compute ECC cofactors if no longer equipped at some stage in EC_GROUP constructing (CVE-2019-1547)
- Early initiate up entropy high quality from the DEVRANDOM seed supply has been improved for older Linux systems
- Merely the extended grasp secret constant on EBCDIC systems
- Exercise Windows installation paths within the mingw builds (CVE-2019-1552)
- Modified DH_check to accept parameters with train q and 2q subgroups
- Very a lot minimize obtain reminiscence utilization by the randomness swimming pools
- Revert the DEVRANDOM_WAIT characteristic for Linux systems
Main adjustments between OpenSSL 1.1.1b and OpenSSL 1.1.1c [28 May 2019]
- Stop over prolonged nonces in ChaCha20-Poly1305 (CVE-2019-1543)
Main adjustments between OpenSSL 1.1.1a and OpenSSL 1.1.1b [26 Feb 2019]
- Trade the guidelines callback signals for the initiate and fracture of a put up-handshake message change in TLSv1.3.
- Fix a computer virus in DTLS over SCTP. This breaks interoperability with older versions of OpenSSL fancy OpenSSL 1.1.0 and OpenSSL 1.0.2.
Main adjustments between OpenSSL 1.1.1 and OpenSSL 1.1.1a [20 Nov 2018]
- Timing vulnerability in DSA signature generation (CVE-2018-0734)
- Timing vulnerability in ECDSA signature generation (CVE-2018-0735)
Main adjustments between OpenSSL 1.1.0i and OpenSSL 1.1.1 [11 Sep 2018]
- Toughen for TLSv1.3 added (uncover about https://wiki.openssl.org/index.php/TLS1.3 for additional critical data). The TLSv1.3 implementation involves:
- Completely compliant implementation of RFC8446 (TLSv1.3) on by default
- Early data (0-RTT)
- Put up-handshake authentication and key change
- Middlebox Compatibility Mode
- TLSv1.3 PSKs
- Toughen for all 5 RFC8446 ciphersuites
- RSA-PSS signature algorithms (backported to TLSv1.2)
- Configurable session worth toughen
- Stateless server toughen
- Rewrite of the packet constructing code for “safer” packet handling
- Rewrite of the extension handling code
- Complete rewrite of the OpenSSL random quantity generator to introduce the following capabilities
- The default RAND manner now utilizes an AES-CTR DRBG in step with NIST modern SP 800-90Ar1.
- Toughen for a few DRBG cases with seed chaining.
- There could be a public and non-public DRBG occasion.
- The DRBG cases are fork-obtain.
- Assist all world DRBG cases on the obtain heap if it’s miles enabled.
- The final public and non-public DRBG occasion are per thread for lock free operation
- Toughen for somewhat loads of modern cryptographic algorithms including:
- SHA512/224 and SHA512/256
- EdDSA (both Ed25519 and Ed448) including X509 and TLS toughen
- X448 (adding to the present X25519 toughen in 1.1.0)
- Multi-prime RSA
- ARIA (including TLS toughen)
- Fundamental Aspect-Channel assault security enhancements
- Add a modern ClientHello callback to provide the flexibility to alter the SSL object at an early stage.
- Add ‘Maximum Fragment Length’ TLS extension negotiation and toughen
- A brand modern STORE module, which implements a uniform and URI based reader of stores that can relish keys, certificates, CRLs and diverse somewhat loads of objects.
- Switch the picture of configuration data to configdata.pm.
- Enable GNU vogue “invent variables” to be mature with Configure.
- Claim the namespaces OSSL and OPENSSL, represented as symbol prefixes
- Rewrite of devcrypto engine
- Client DoS resulting from gargantuan DH parameter (CVE-2018-0732)
- Cache timing vulnerability in RSA Key Skills (CVE-2018-0737)
- Constructed ASN.1 styles with a recursive definition could almost certainly exceed the stack (CVE-2018-0739)
- Erroneous CRYPTO_memcmp on HP-UX PA-RISC (CVE-2018-0733)
- rsaz_1024_mul_avx2 overflow computer virus on x86_64 (CVE-2017-3738)