From 257e9d03b028402089c9f98f3acb25ba668c09af Mon Sep 17 00:00:00 2001 From: Rich Salz Date: Thu, 7 May 2020 13:44:01 +0200 Subject: [PATCH] Fix issues reported by markdownlint Reviewed-by: Tomas Mraz Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/11739) --- ACKNOWLEDGEMENTS.md | 1 - AUTHORS.md | 58 ++- CHANGES.md | 817 +++++++++++++++++++---------------------- CONTRIBUTING.md | 4 +- INSTALL.md | 312 +++++++--------- NEWS.md | 296 ++++++++------- README.md | 58 ++- SUPPORT.md | 15 +- fuzz/README.md | 20 +- test/README.ssltest.md | 97 ++--- 10 files changed, 781 insertions(+), 897 deletions(-) diff --git a/ACKNOWLEDGEMENTS.md b/ACKNOWLEDGEMENTS.md index baf7743c8e..dae83457db 100644 --- a/ACKNOWLEDGEMENTS.md +++ b/ACKNOWLEDGEMENTS.md @@ -3,6 +3,5 @@ Acknowlegements Please see our [Thanks!][] page for the current acknowledgements. - [Thanks!]: https://www.openssl.org/community/thanks.html diff --git a/AUTHORS.md b/AUTHORS.md index e9ff5441b9..af72f43b08 100644 --- a/AUTHORS.md +++ b/AUTHORS.md @@ -7,40 +7,38 @@ since in some cases, their employer may be the copyright holder. To see the full list of contributors, see the revision history in source control. - Groups ------ - * OpenSSL Software Services, Inc. - * OpenSSL Software Foundation, Inc. - + * OpenSSL Software Services, Inc. + * OpenSSL Software Foundation, Inc. Individuals ----------- - * Andy Polyakov - * Ben Laurie - * Ben Kaduk - * Bernd Edlinger - * Bodo Möller - * David Benjamin - * Emilia Käsper - * Eric Young - * Geoff Thorpe - * Holger Reif - * Kurt Roeckx - * Lutz Jänicke - * Mark J. Cox - * Matt Caswell - * Matthias St. Pierre - * Nils Larsch - * Paul Dale - * Paul C. Sutton - * Ralf S. Engelschall - * Rich Salz - * Richard Levitte - * Stephen Henson - * Steve Marquess - * Tim Hudson - * Ulf Möller - * Viktor Dukhovni + * Andy Polyakov + * Ben Laurie + * Ben Kaduk + * Bernd Edlinger + * Bodo Möller + * David Benjamin + * Emilia Käsper + * Eric Young + * Geoff Thorpe + * Holger Reif + * Kurt Roeckx + * Lutz Jänicke + * Mark J. Cox + * Matt Caswell + * Matthias St. Pierre + * Nils Larsch + * Paul Dale + * Paul C. Sutton + * Ralf S. Engelschall + * Rich Salz + * Richard Levitte + * Stephen Henson + * Steve Marquess + * Tim Hudson + * Ulf Möller + * Viktor Dukhovni diff --git a/CHANGES.md b/CHANGES.md index 6da7bcde72..2835322bdf 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -7,7 +7,6 @@ pick the appropriate release branch. [log]: https://github.com/openssl/openssl/commits/ - OpenSSL Releases ---------------- @@ -22,7 +21,7 @@ OpenSSL Releases OpenSSL 3.0 ----------- -### Changes between 1.1.1 and 3.0 [xx XXX xxxx] ### +### Changes between 1.1.1 and 3.0 [xx XXX xxxx] * Removed FIPS_mode() and FIPS_mode_set(). These functions are legacy API's that are not applicable to the new provider model. Applications should @@ -87,7 +86,6 @@ OpenSSL 3.0 *Matthias St. Pierre* - * The test suite is changed to preserve results of each test recipe. A new directory test-runs/ with subdirectories named like the test recipes are created in the build tree for this purpose. @@ -335,7 +333,7 @@ OpenSSL 3.0 *Paul Dale* - * Corrected the documentation of the return values from the EVP_DigestSign* + * Corrected the documentation of the return values from the `EVP_DigestSign*` set of functions. The documentation mentioned negative values for some errors, but this was never the case, so the mention of negative values was removed. @@ -422,10 +420,10 @@ OpenSSL 3.0 replaced with no-ops. *Rich Salz* - + * Added documentation for the STACK API. OpenSSL only defines the STACK functions where they are used. - + *Rich Salz* * Introduced a new method type and API, OSSL_SERIALIZER, to @@ -589,7 +587,6 @@ OpenSSL 3.0 $ mms /macro=(VF=1) test ! OpenVMS $ nmake VF=1 test # Windows - *Richard Levitte* * For built-in EC curves, ensure an EC_GROUP built from the curve name is @@ -641,7 +638,7 @@ OpenSSL 3.0 when primes for RSA keys are computed. Since we previously always generated primes == 2 (mod 3) for RSA keys, the 2-prime and 3-prime RSA modules were easy to distinguish, since - N = p*q = 1 (mod 3), but N = p*q*r = 2 (mod 3). Therefore fingerprinting + `N = p*q = 1 (mod 3)`, but `N = p*q*r = 2 (mod 3)`. Therefore fingerprinting 2-prime vs. 3-prime RSA keys was possible by computing N mod 3. This avoids possible fingerprinting of newly generated RSA modules. @@ -692,7 +689,7 @@ OpenSSL 3.0 *Paul Dale* - * {CRYPTO,OPENSSL}_mem_debug_{push,pop} are now no-ops and have been + * `{CRYPTO,OPENSSL}_mem_debug_{push,pop}` are now no-ops and have been deprecated. *Rich Salz* @@ -807,7 +804,7 @@ OpenSSL 3.0 *Paul Dale* * Added newline escaping functionality to a filename when using openssl dgst. - This output format is to replicate the output format found in the '*sum' + This output format is to replicate the output format found in the `*sum` checksum programs. This aims to preserve backward compatibility. *Matt Eaton, Richard Levitte, and Paul Dale* @@ -967,7 +964,7 @@ OpenSSL 3.0 the attacked described in "Efficient Instantiations of Tweakable Blockciphers and Refinements to Modes OCB and PMAC" by Phillip Rogaway. Details of this attack can be obtained from: - http://web.cs.ucdavis.edu/%7Erogaway/papers/offsets.pdf + *Paul Dale* @@ -988,14 +985,12 @@ OpenSSL 3.0 *Boris Pismenny* - OpenSSL 1.1.1 ------------- -### Changes between 1.1.1e and 1.1.1f [xx XXX xxxx] ### +### Changes between 1.1.1e and 1.1.1f [xx XXX xxxx] - -### Changes between 1.1.1d and 1.1.1e [17 Mar 2020] ### +### Changes between 1.1.1d and 1.1.1e [17 Mar 2020] * Properly detect EOF while reading in libssl. Previously if we hit an EOF while reading in libssl then we would report an error back to the @@ -1039,7 +1034,7 @@ OpenSSL 1.1.1 *Richard Levitte* * Added newline escaping functionality to a filename when using openssl dgst. - This output format is to replicate the output format found in the '*sum' + This output format is to replicate the output format found in the `*sum` checksum programs. This aims to preserve backward compatibility. *Matt Eaton, Richard Levitte, and Paul Dale* @@ -1049,7 +1044,7 @@ OpenSSL 1.1.1 *Jon Spillett* -### Changes between 1.1.1c and 1.1.1d [10 Sep 2019] ### +### Changes between 1.1.1c and 1.1.1d [10 Sep 2019] * Fixed a fork protection issue. OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the @@ -1154,7 +1149,7 @@ OpenSSL 1.1.1 *Matthias St. Pierre* -### Changes between 1.1.1b and 1.1.1c [28 May 2019] ### +### Changes between 1.1.1b and 1.1.1c [28 May 2019] * Add build tests for C++. These are generated files that only do one thing, to include one public OpenSSL head file each. This tests that @@ -1245,7 +1240,7 @@ OpenSSL 1.1.1 *Paul Yang* -### Changes between 1.1.1a and 1.1.1b [26 Feb 2019] ### +### Changes between 1.1.1a and 1.1.1b [26 Feb 2019] * Change the info callback signals for the start and end of a post-handshake message exchange in TLSv1.3. In 1.1.1/1.1.1a we used SSL_CB_HANDSHAKE_START @@ -1259,7 +1254,7 @@ OpenSSL 1.1.1 *Matt Caswell* -### Changes between 1.1.1 and 1.1.1a [20 Nov 2018] ### +### Changes between 1.1.1 and 1.1.1a [20 Nov 2018] * Timing vulnerability in DSA signature generation @@ -1292,7 +1287,7 @@ OpenSSL 1.1.1 automatically and is fully functional even without additional randomness provided by the application. -### Changes between 1.1.0i and 1.1.1 [11 Sep 2018] ### +### Changes between 1.1.0i and 1.1.1 [11 Sep 2018] * Add a new ClientHello callback. Provides a callback interface that gives the application the ability to adjust the nascent SSL object at the @@ -1562,7 +1557,7 @@ OpenSSL 1.1.1 * Support for TLSv1.3 added. Note that users upgrading from an earlier version of OpenSSL should review their configuration settings to ensure that they are still appropriate for TLSv1.3. For further information see: - https://wiki.openssl.org/index.php/TLS1.3 + *Matt Caswell* @@ -1815,7 +1810,7 @@ OpenSSL 1.1.1 * 'openssl passwd' can now produce SHA256 and SHA512 based output, using the algorithm defined in - https://www.akkadia.org/drepper/SHA-crypt.txt + *Richard Levitte* @@ -1835,8 +1830,7 @@ OpenSSL 1.1.1 OpenSSL 1.1.0 ------------- - -### Changes between 1.1.0k and 1.1.0l [10 Sep 2019] ### +### Changes between 1.1.0k and 1.1.0l [10 Sep 2019] * For built-in EC curves, ensure an EC_GROUP built from the curve name is used even when parsing explicit parameters, when loading a serialized key @@ -1882,7 +1876,7 @@ OpenSSL 1.1.0 *Richard Levitte* -### Changes between 1.1.0j and 1.1.0k [28 May 2019] ### +### Changes between 1.1.0j and 1.1.0k [28 May 2019] * Change the default RSA, DSA and DH size to 2048 bit instead of 1024. This changes the size when using the genpkey app when no size is given. It @@ -1945,7 +1939,7 @@ OpenSSL 1.1.0 *Richard Levitte* -### Changes between 1.1.0i and 1.1.0j [20 Nov 2018] ### +### Changes between 1.1.0i and 1.1.0j [20 Nov 2018] * Timing vulnerability in DSA signature generation @@ -1975,7 +1969,7 @@ OpenSSL 1.1.0 *Sohaib ul Hassan, Nicola Tuveri, Billy Bob Brumley* -### Changes between 1.1.0h and 1.1.0i [14 Aug 2018] ### +### Changes between 1.1.0h and 1.1.0i [14 Aug 2018] * Client DoS due to large DH parameter @@ -2060,7 +2054,7 @@ OpenSSL 1.1.0 *Matt Caswell* -### Changes between 1.1.0g and 1.1.0h [27 Mar 2018] ### +### Changes between 1.1.0g and 1.1.0h [27 Mar 2018] * Constructed ASN.1 types with a recursive definition could exceed the stack @@ -2139,7 +2133,7 @@ OpenSSL 1.1.0 *Andy Polyakov* -### Changes between 1.1.0f and 1.1.0g [2 Nov 2017] ### +### Changes between 1.1.0f and 1.1.0g [2 Nov 2017] * bn_sqrx8x_internal carry bug on x86_64 @@ -2174,7 +2168,7 @@ OpenSSL 1.1.0 *Rich Salz* -### Changes between 1.1.0e and 1.1.0f [25 May 2017] ### +### Changes between 1.1.0e and 1.1.0f [25 May 2017] * Have 'config' recognise 64-bit mingw and choose 'mingw64' as the target platform rather than 'mingw'. @@ -2187,7 +2181,7 @@ OpenSSL 1.1.0 *Richard Levitte* -### Changes between 1.1.0d and 1.1.0e [16 Feb 2017] ### +### Changes between 1.1.0d and 1.1.0e [16 Feb 2017] * Encrypt-Then-Mac renegotiation crash @@ -2201,7 +2195,7 @@ OpenSSL 1.1.0 *Matt Caswell* -### Changes between 1.1.0c and 1.1.0d [26 Jan 2017] ### +### Changes between 1.1.0c and 1.1.0d [26 Jan 2017] * Truncated packet could crash via OOB read @@ -2247,11 +2241,11 @@ OpenSSL 1.1.0 *Andy Polyakov* -### Changes between 1.1.0b and 1.1.0c [10 Nov 2016] ### +### Changes between 1.1.0b and 1.1.0c [10 Nov 2016] * ChaCha20/Poly1305 heap-buffer-overflow - TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to + TLS connections using `*-CHACHA20-POLY1305` ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS. @@ -2303,7 +2297,7 @@ OpenSSL 1.1.0 *Richard Levitte* -### Changes between 1.1.0a and 1.1.0b [26 Sep 2016] ### +### Changes between 1.1.0a and 1.1.0b [26 Sep 2016] * Fix Use After Free for large message sizes @@ -2321,7 +2315,7 @@ OpenSSL 1.1.0 *Matt Caswell* -### Changes between 1.1.0 and 1.1.0a [22 Sep 2016] ### +### Changes between 1.1.0 and 1.1.0a [22 Sep 2016] * OCSP Status Request extension unbounded memory growth @@ -2400,7 +2394,7 @@ OpenSSL 1.1.0 *Andy Polyakov* -### Changes between 1.0.2h and 1.1.0 [25 Aug 2016] ### +### Changes between 1.0.2h and 1.1.0 [25 Aug 2016] * Windows command-line tool supports UTF-8 opt-in option for arguments and console input. Setting OPENSSL_WIN32_UTF8 environment variable @@ -2443,8 +2437,8 @@ OpenSSL 1.1.0 *Joseph Wylie Yandle, Rich Salz* - * The stack and lhash API's were renamed to start with OPENSSL_SK_ - and OPENSSL_LH_, respectively. The old names are available + * The stack and lhash API's were renamed to start with `OPENSSL_SK_` + and `OPENSSL_LH_`, respectively. The old names are available with API compatibility. They new names are now completely documented. *Rich Salz* @@ -2622,12 +2616,12 @@ OpenSSL 1.1.0 *Todd Short* * Changes to the DEFAULT cipherlist: - - Prefer (EC)DHE handshakes over plain RSA. - - Prefer AEAD ciphers over legacy ciphers. - - Prefer ECDSA over RSA when both certificates are available. - - Prefer TLSv1.2 ciphers/PRF. - - Remove DSS, SEED, IDEA, CAMELLIA, and AES-CCM from the - default cipherlist. + - Prefer (EC)DHE handshakes over plain RSA. + - Prefer AEAD ciphers over legacy ciphers. + - Prefer ECDSA over RSA when both certificates are available. + - Prefer TLSv1.2 ciphers/PRF. + - Remove DSS, SEED, IDEA, CAMELLIA, and AES-CCM from the + default cipherlist. *Emilia Käsper* @@ -2789,8 +2783,8 @@ OpenSSL 1.1.0 * The signature of the session callback configured with SSL_CTX_sess_set_get_cb was changed. The read-only input buffer - was explicitly marked as 'const unsigned char*' instead of - 'unsigned char*'. + was explicitly marked as `const unsigned char*` instead of + `unsigned char*`. *Emilia Käsper* @@ -2822,7 +2816,7 @@ OpenSSL 1.1.0 Makefile. Instead, Configure produces a perl module in configdata.pm which holds most of the config data (in the hash table %config), the target data that comes from the target - configuration in one of the Configurations/*.conf files (in + configuration in one of the `Configurations/*.conf~ files (in %target). *Richard Levitte* @@ -2851,7 +2845,7 @@ OpenSSL 1.1.0 * The GOST engine was out of date and therefore it has been removed. An up to date GOST engine is now being maintained in an external repository. - See: https://wiki.openssl.org/index.php/Binaries. Libssl still retains + See: . Libssl still retains support for GOST ciphersuites (these are only activated if a GOST engine is present). @@ -3205,7 +3199,7 @@ OpenSSL 1.1.0 * Added support for OCB mode. OpenSSL has been granted a patent license compatible with the OpenSSL license for use of OCB. Details are available - at https://www.openssl.org/source/OCB-patent-grant-OpenSSL.pdf. Support + at . Support for OCB can be removed by calling config with no-ocb. *Matt Caswell* @@ -3244,16 +3238,16 @@ OpenSSL 1.1.0 *Rich Salz* * Clean up OPENSSL_NO_xxx #define's - - Use setbuf() and remove OPENSSL_NO_SETVBUF_IONBF - - Rename OPENSSL_SYSNAME_xxx to OPENSSL_SYS_xxx - - OPENSSL_NO_EC{DH,DSA} merged into OPENSSL_NO_EC - - OPENSSL_NO_RIPEMD160, OPENSSL_NO_RIPEMD merged into OPENSSL_NO_RMD160 - - OPENSSL_NO_FP_API merged into OPENSSL_NO_STDIO - - Remove OPENSSL_NO_BIO OPENSSL_NO_BUFFER OPENSSL_NO_CHAIN_VERIFY - OPENSSL_NO_EVP OPENSSL_NO_FIPS_ERR OPENSSL_NO_HASH_COMP - OPENSSL_NO_LHASH OPENSSL_NO_OBJECT OPENSSL_NO_SPEED OPENSSL_NO_STACK - OPENSSL_NO_X509 OPENSSL_NO_X509_VERIFY - - Remove MS_STATIC; it's a relic from platforms <32 bits. + - Use setbuf() and remove OPENSSL_NO_SETVBUF_IONBF + - Rename OPENSSL_SYSNAME_xxx to OPENSSL_SYS_xxx + - OPENSSL_NO_EC{DH,DSA} merged into OPENSSL_NO_EC + - OPENSSL_NO_RIPEMD160, OPENSSL_NO_RIPEMD merged into OPENSSL_NO_RMD160 + - OPENSSL_NO_FP_API merged into OPENSSL_NO_STDIO + - Remove OPENSSL_NO_BIO OPENSSL_NO_BUFFER OPENSSL_NO_CHAIN_VERIFY + OPENSSL_NO_EVP OPENSSL_NO_FIPS_ERR OPENSSL_NO_HASH_COMP + OPENSSL_NO_LHASH OPENSSL_NO_OBJECT OPENSSL_NO_SPEED OPENSSL_NO_STACK + OPENSSL_NO_X509 OPENSSL_NO_X509_VERIFY + - Remove MS_STATIC; it's a relic from platforms <32 bits. *Rich Salz* @@ -3311,7 +3305,7 @@ OpenSSL 1.1.0 * Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" by Yuval Yarom and Naomi Benger. Details can be obtained from: - http://eprint.iacr.org/2014/140 + Thanks to Yuval Yarom and Naomi Benger for discovering this flaw and to Yuval Yarom for supplying a fix [CVE-2014-0076][] @@ -3336,7 +3330,6 @@ OpenSSL 1.1.0 WARNING: EXPERIMENTAL, SUBJECT TO CHANGE. - *Steve Henson* * Add EVP support for key wrapping algorithms, to avoid problems with @@ -3542,7 +3535,7 @@ OpenSSL 1.1.0 *Steve Henson* * Initial, experimental EVP support for AES-GCM. AAD can be input by - setting output buffer to NULL. The *Final function must be + setting output buffer to NULL. The `*Final` function must be called although it will not retrieve any additional data. The tag can be set or retrieved with a ctrl. The IV length is by default 12 bytes (96 bits) but can be set to an alternative value. If the IV @@ -3634,7 +3627,7 @@ OpenSSL 1.1.0 OpenSSL 1.0.2 ------------- -### Changes between 1.0.2s and 1.0.2t [10 Sep 2019] ### +### Changes between 1.0.2s and 1.0.2t [10 Sep 2019] * For built-in EC curves, ensure an EC_GROUP built from the curve name is used even when parsing explicit parameters, when loading a serialized key @@ -3680,7 +3673,7 @@ OpenSSL 1.0.2 *Richard Levitte* -### Changes between 1.0.2r and 1.0.2s [28 May 2019] ### +### Changes between 1.0.2r and 1.0.2s [28 May 2019] * Change the default RSA, DSA and DH size to 2048 bit instead of 1024. This changes the size when using the genpkey app when no size is given. It @@ -3699,7 +3692,7 @@ OpenSSL 1.0.2 *Matthias St. Pierre* -### Changes between 1.0.2q and 1.0.2r [26 Feb 2019] ### +### Changes between 1.0.2q and 1.0.2r [26 Feb 2019] * 0-byte record padding oracle @@ -3728,7 +3721,7 @@ OpenSSL 1.0.2 *Richard Levitte* -### Changes between 1.0.2p and 1.0.2q [20 Nov 2018] ### +### Changes between 1.0.2p and 1.0.2q [20 Nov 2018] * Microarchitecture timing vulnerability in ECC scalar multiplication @@ -3761,7 +3754,7 @@ OpenSSL 1.0.2 *Nicola Tuveri* -### Changes between 1.0.2o and 1.0.2p [14 Aug 2018] ### +### Changes between 1.0.2o and 1.0.2p [14 Aug 2018] * Client DoS due to large DH parameter @@ -3828,7 +3821,7 @@ OpenSSL 1.0.2 *Emilia Käsper* -### Changes between 1.0.2n and 1.0.2o [27 Mar 2018] ### +### Changes between 1.0.2n and 1.0.2o [27 Mar 2018] * Constructed ASN.1 types with a recursive definition could exceed the stack @@ -3844,7 +3837,7 @@ OpenSSL 1.0.2 *Matt Caswell* -### Changes between 1.0.2m and 1.0.2n [7 Dec 2017] ### +### Changes between 1.0.2m and 1.0.2n [7 Dec 2017] * Read/write after SSL object in error state @@ -3891,7 +3884,7 @@ OpenSSL 1.0.2 *Andy Polyakov* -### Changes between 1.0.2l and 1.0.2m [2 Nov 2017] ### +### Changes between 1.0.2l and 1.0.2m [2 Nov 2017] * bn_sqrx8x_internal carry bug on x86_64 @@ -3926,14 +3919,14 @@ OpenSSL 1.0.2 *Rich Salz* -### Changes between 1.0.2k and 1.0.2l [25 May 2017] ### +### Changes between 1.0.2k and 1.0.2l [25 May 2017] * Have 'config' recognise 64-bit mingw and choose 'mingw64' as the target platform rather than 'mingw'. *Richard Levitte* -### Changes between 1.0.2j and 1.0.2k [26 Jan 2017] ### +### Changes between 1.0.2j and 1.0.2k [26 Jan 2017] * Truncated packet could crash via OOB read @@ -3998,7 +3991,7 @@ OpenSSL 1.0.2 *Matt Caswell* -### Changes between 1.0.2i and 1.0.2j [26 Sep 2016] ### +### Changes between 1.0.2i and 1.0.2j [26 Sep 2016] * Missing CRL sanity check @@ -4011,7 +4004,7 @@ OpenSSL 1.0.2 *Matt Caswell* -### Changes between 1.0.2h and 1.0.2i [22 Sep 2016] ### +### Changes between 1.0.2h and 1.0.2i [22 Sep 2016] * OCSP Status Request extension unbounded memory growth @@ -4182,7 +4175,7 @@ OpenSSL 1.0.2 *Stephen Henson* -### Changes between 1.0.2g and 1.0.2h [3 May 2016] ### +### Changes between 1.0.2g and 1.0.2h [3 May 2016] * Prevent padding oracle in AES-NI CBC MAC check @@ -4210,7 +4203,7 @@ OpenSSL 1.0.2 corruption. Internally to OpenSSL the EVP_EncodeUpdate() function is primarily used by - the PEM_write_bio* family of functions. These are mainly used within the + the `PEM_write_bio*` family of functions. These are mainly used within the OpenSSL command line applications, so any application which processes data from an untrusted source and outputs it as a PEM file should be considered vulnerable to this issue. User applications that call these APIs directly @@ -4287,7 +4280,7 @@ OpenSSL 1.0.2 *Kurt Roeckx* -### Changes between 1.0.2f and 1.0.2g [1 Mar 2016] ### +### Changes between 1.0.2f and 1.0.2g [1 Mar 2016] * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. Builds that are not configured with "enable-weak-ssl-ciphers" will not @@ -4372,10 +4365,10 @@ OpenSSL 1.0.2 *Matt Caswell* - * Fix memory issues in BIO_*printf functions + * Fix memory issues in `BIO_*printf` functions The internal |fmtstr| function used in processing a "%s" format string in - the BIO_*printf functions could overflow while calculating the length of a + the `BIO_*printf` functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an @@ -4387,7 +4380,7 @@ OpenSSL 1.0.2 The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data - is passed to the BIO_*printf functions. If applications use these functions + is passed to the `BIO_*printf` functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from @@ -4415,7 +4408,7 @@ OpenSSL 1.0.2 This issue was reported to OpenSSL by Yuval Yarom, The University of Adelaide and NICTA, Daniel Genkin, Technion and Tel Aviv University, and Nadia Heninger, University of Pennsylvania with more information at - http://cachebleed.info. + . [CVE-2016-0702][] *Andy Polyakov* @@ -4427,7 +4420,8 @@ OpenSSL 1.0.2 *Emilia Käsper* -### Changes between 1.0.2e and 1.0.2f [28 Jan 2016] ### +### Changes between 1.0.2e and 1.0.2f [28 Jan 2016] + * DH small subgroups Historically OpenSSL only ever generated DH parameters based on "safe" @@ -4473,7 +4467,7 @@ OpenSSL 1.0.2 *Viktor Dukhovni* -### Changes between 1.0.2d and 1.0.2e [3 Dec 2015] ### +### Changes between 1.0.2d and 1.0.2e [3 Dec 2015] * BN_mod_exp may produce incorrect results on x86_64 @@ -4536,7 +4530,7 @@ OpenSSL 1.0.2 *Rich Salz and Ismo Puustinen * -### Changes between 1.0.2c and 1.0.2d [9 Jul 2015] ### +### Changes between 1.0.2c and 1.0.2d [9 Jul 2015] * Alternate chains certificate forgery @@ -4552,7 +4546,7 @@ OpenSSL 1.0.2 *Matt Caswell* -### Changes between 1.0.2b and 1.0.2c [12 Jun 2015] ### +### Changes between 1.0.2b and 1.0.2c [12 Jun 2015] * Fix HMAC ABI incompatibility. The previous version introduced an ABI incompatibility in the handling of HMAC. The previous ABI has now been @@ -4560,7 +4554,7 @@ OpenSSL 1.0.2 *Matt Caswell* -### Changes between 1.0.2a and 1.0.2b [11 Jun 2015] ### +### Changes between 1.0.2a and 1.0.2b [11 Jun 2015] * Malformed ECParameters causes infinite loop @@ -4639,7 +4633,7 @@ OpenSSL 1.0.2 *Emilia Kasper* -### Changes between 1.0.2 and 1.0.2a [19 Mar 2015] ### +### Changes between 1.0.2 and 1.0.2a [19 Mar 2015] * ClientHello sigalgs DoS fix @@ -4815,7 +4809,7 @@ OpenSSL 1.0.2 *Kurt Roeckx* -### Changes between 1.0.1l and 1.0.2 [22 Jan 2015] ### +### Changes between 1.0.1l and 1.0.2 [22 Jan 2015] * Facilitate "universal" ARM builds targeting range of ARM ISAs, e.g. ARMv5 through ARMv8, as opposite to "locking" it to single one. @@ -4966,7 +4960,7 @@ OpenSSL 1.0.2 *Steve Henson* - * SSL_CONF* functions. These provide a common framework for application + * `SSL_CONF*` functions. These provide a common framework for application configuration using configuration files or command lines. *Steve Henson* @@ -5034,7 +5028,6 @@ OpenSSL 1.0.2 Note: if the CERT based stores are not set then the parent SSL_CTX store is used to retain compatibility with existing behaviour. - *Steve Henson* * New function ssl_set_client_disabled to set a ciphersuite disabled @@ -5210,11 +5203,10 @@ OpenSSL 1.0.2 X509_CINF_set_modified, X509_CINF_get_issuer, X509_CINF_get_extensions and X509_CINF_get_signature were reverted post internal team review. - OpenSSL 1.0.1 ------------- -### Changes between 1.0.1t and 1.0.1u [22 Sep 2016] ### +### Changes between 1.0.1t and 1.0.1u [22 Sep 2016] * OCSP Status Request extension unbounded memory growth @@ -5385,7 +5377,7 @@ OpenSSL 1.0.1 *Stephen Henson* -### Changes between 1.0.1s and 1.0.1t [3 May 2016] ### +### Changes between 1.0.1s and 1.0.1t [3 May 2016] * Prevent padding oracle in AES-NI CBC MAC check @@ -5413,7 +5405,7 @@ OpenSSL 1.0.1 corruption. Internally to OpenSSL the EVP_EncodeUpdate() function is primarly used by - the PEM_write_bio* family of functions. These are mainly used within the + the `PEM_write_bio*` family of functions. These are mainly used within the OpenSSL command line applications, so any application which processes data from an untrusted source and outputs it as a PEM file should be considered vulnerable to this issue. User applications that call these APIs directly @@ -5490,7 +5482,7 @@ OpenSSL 1.0.1 *Kurt Roeckx* -### Changes between 1.0.1r and 1.0.1s [1 Mar 2016] ### +### Changes between 1.0.1r and 1.0.1s [1 Mar 2016] * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. Builds that are not configured with "enable-weak-ssl-ciphers" will not @@ -5575,10 +5567,10 @@ OpenSSL 1.0.1 *Matt Caswell* - * Fix memory issues in BIO_*printf functions + * Fix memory issues in `BIO_*printf` functions The internal |fmtstr| function used in processing a "%s" format string in - the BIO_*printf functions could overflow while calculating the length of a + the `BIO_*printf` functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an @@ -5590,7 +5582,7 @@ OpenSSL 1.0.1 The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data - is passed to the BIO_*printf functions. If applications use these functions + is passed to the `BIO_*printf` functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from @@ -5618,7 +5610,7 @@ OpenSSL 1.0.1 This issue was reported to OpenSSL by Yuval Yarom, The University of Adelaide and NICTA, Daniel Genkin, Technion and Tel Aviv University, and Nadia Heninger, University of Pennsylvania with more information at - http://cachebleed.info. + . [CVE-2016-0702][] *Andy Polyakov* @@ -5630,7 +5622,7 @@ OpenSSL 1.0.1 *Emilia Käsper* -### Changes between 1.0.1q and 1.0.1r [28 Jan 2016] ### +### Changes between 1.0.1q and 1.0.1r [28 Jan 2016] * Protection for DH small subgroup attacks @@ -5657,7 +5649,7 @@ OpenSSL 1.0.1 *Kurt Roeckx* -### Changes between 1.0.1p and 1.0.1q [3 Dec 2015] ### +### Changes between 1.0.1p and 1.0.1q [3 Dec 2015] * Certificate verify crash with missing PSS parameter @@ -5700,7 +5692,7 @@ OpenSSL 1.0.1 *Rich Salz and Ismo Puustinen * -### Changes between 1.0.1o and 1.0.1p [9 Jul 2015] ### +### Changes between 1.0.1o and 1.0.1p [9 Jul 2015] * Alternate chains certificate forgery @@ -5727,12 +5719,13 @@ OpenSSL 1.0.1 *Stephen Henson* -### Changes between 1.0.1n and 1.0.1o [12 Jun 2015] ### +### Changes between 1.0.1n and 1.0.1o [12 Jun 2015] + * Fix HMAC ABI incompatibility. The previous version introduced an ABI incompatibility in the handling of HMAC. The previous ABI has now been restored. -### Changes between 1.0.1m and 1.0.1n [11 Jun 2015] ### +### Changes between 1.0.1m and 1.0.1n [11 Jun 2015] * Malformed ECParameters causes infinite loop @@ -5813,7 +5806,7 @@ OpenSSL 1.0.1 *Kurt Roeckx and Emilia Kasper* -### Changes between 1.0.1l and 1.0.1m [19 Mar 2015] ### +### Changes between 1.0.1l and 1.0.1m [19 Mar 2015] * Segmentation fault in ASN1_TYPE_cmp fix @@ -5897,13 +5890,13 @@ OpenSSL 1.0.1 *Kurt Roeckx* -### Changes between 1.0.1k and 1.0.1l [15 Jan 2015] ### +### Changes between 1.0.1k and 1.0.1l [15 Jan 2015] * Build fixes for the Windows and OpenVMS platforms *Matt Caswell and Richard Levitte* -### Changes between 1.0.1j and 1.0.1k [8 Jan 2015] ### +### Changes between 1.0.1j and 1.0.1k [8 Jan 2015] * Fix DTLS segmentation fault in dtls1_get_record. A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due to a NULL pointer @@ -6045,7 +6038,7 @@ OpenSSL 1.0.1 *Emilia Käsper* -### Changes between 1.0.1i and 1.0.1j [15 Oct 2014] ### +### Changes between 1.0.1i and 1.0.1j [15 Oct 2014] * SRTP Memory Leak. @@ -6098,10 +6091,9 @@ OpenSSL 1.0.1 Note: this is a precautionary measure and no attacks are currently known. - *Steve Henson* -### Changes between 1.0.1h and 1.0.1i [6 Aug 2014] ### +### Changes between 1.0.1h and 1.0.1i [6 Aug 2014] * Fix SRP buffer overrun vulnerability. Invalid parameters passed to the SRP code can be overrun an internal buffer. Add sanity check that @@ -6197,7 +6189,7 @@ OpenSSL 1.0.1 *Bodo Moeller* -### Changes between 1.0.1g and 1.0.1h [5 Jun 2014] ### +### Changes between 1.0.1g and 1.0.1h [5 Jun 2014] * Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL @@ -6248,7 +6240,7 @@ OpenSSL 1.0.1 *mancha * -### Changes between 1.0.1f and 1.0.1g [7 Apr 2014] ### +### Changes between 1.0.1f and 1.0.1g [7 Apr 2014] * A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or @@ -6263,7 +6255,7 @@ OpenSSL 1.0.1 * Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" by Yuval Yarom and Naomi Benger. Details can be obtained from: - http://eprint.iacr.org/2014/140 + Thanks to Yuval Yarom and Naomi Benger for discovering this flaw and to Yuval Yarom for supplying a fix [CVE-2014-0076][] @@ -6277,10 +6269,9 @@ OpenSSL 1.0.1 less that 512 pad with a dummy extension containing zeroes so it is at least 512 bytes long. - *Adam Langley, Steve Henson* -### Changes between 1.0.1e and 1.0.1f [6 Jan 2014] ### +### Changes between 1.0.1e and 1.0.1f [6 Jan 2014] * Fix for TLS record tampering bug. A carefully crafted invalid handshake could crash OpenSSL with a NULL pointer exception. @@ -6302,20 +6293,20 @@ OpenSSL 1.0.1 *Rob Stradling, Adam Langley* -### Changes between 1.0.1d and 1.0.1e [11 Feb 2013] ### +### Changes between 1.0.1d and 1.0.1e [11 Feb 2013] * Correct fix for CVE-2013-0169. The original didn't work on AES-NI supporting platforms or when small records were transferred. *Andy Polyakov, Steve Henson* -### Changes between 1.0.1c and 1.0.1d [5 Feb 2013] ### +### Changes between 1.0.1c and 1.0.1d [5 Feb 2013] * Make the decoding of SSLv3, TLS and DTLS CBC records constant time. This addresses the flaw in CBC record processing discovered by Nadhem Alfardan and Kenny Paterson. Details of this attack can be found - at: http://www.isg.rhul.ac.uk/tls/ + at: Thanks go to Nadhem Alfardan and Kenny Paterson of the Information Security Group at Royal Holloway, University of London @@ -6346,7 +6337,7 @@ OpenSSL 1.0.1 * Call OCSP Stapling callback after ciphersuite has been chosen, so the right response is stapled. Also change SSL_get_certificate() so it returns the certificate actually sent. - See http://rt.openssl.org/Ticket/Display.html?id=2836. + See . *Rob Stradling * @@ -6359,7 +6350,7 @@ OpenSSL 1.0.1 *Steve Henson* -### Changes between 1.0.1b and 1.0.1c [10 May 2012] ### +### Changes between 1.0.1b and 1.0.1c [10 May 2012] * Sanity check record length before skipping explicit IV in TLS 1.2, 1.1 and DTLS to fix DoS attack. @@ -6380,7 +6371,7 @@ OpenSSL 1.0.1 *Steve Henson* -### Changes between 1.0.1a and 1.0.1b [26 Apr 2012] ### +### Changes between 1.0.1a and 1.0.1b [26 Apr 2012] * OpenSSL 1.0.0 sets SSL_OP_ALL to 0x80000FFFL and OpenSSL 1.0.1 and 1.0.1a set SSL_OP_NO_TLSv1_1 to 0x00000400L which would unfortunately @@ -6405,7 +6396,7 @@ OpenSSL 1.0.1 *Andy Polyakov* -### Changes between 1.0.1 and 1.0.1a [19 Apr 2012] ### +### Changes between 1.0.1 and 1.0.1a [19 Apr 2012] * Check for potentially exploitable overflows in asn1_d2i_read_bio BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer @@ -6440,7 +6431,7 @@ OpenSSL 1.0.1 *Andy Polyakov* -### Changes between 1.0.0h and 1.0.1 [14 Mar 2012] ### +### Changes between 1.0.0h and 1.0.1 [14 Mar 2012] * Add compatibility with old MDC2 signatures which use an ASN1 OCTET STRING form instead of a DigestInfo. @@ -6477,12 +6468,12 @@ OpenSSL 1.0.1 * Extensive assembler packs updates, most notably: - - x86[_64]: AES-NI, PCLMULQDQ, RDRAND support; - - x86[_64]: SSSE3 support (SHA1, vector-permutation AES); - - x86_64: bit-sliced AES implementation; - - ARM: NEON support, contemporary platforms optimizations; - - s390x: z196 support; - - *: GHASH and GF(2^m) multiplication implementations; + - x86[_64]: AES-NI, PCLMULQDQ, RDRAND support; + - x86[_64]: SSSE3 support (SHA1, vector-permutation AES); + - x86_64: bit-sliced AES implementation; + - ARM: NEON support, contemporary platforms optimizations; + - s390x: z196 support; + - `*`: GHASH and GF(2^m) multiplication implementations; *Andy Polyakov* @@ -6500,7 +6491,7 @@ OpenSSL 1.0.1 *Eric Rescorla* * Add Next Protocol Negotiation, - http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-00. Can be + . Can be disabled with a no-npn flag to config or Configure. Code donated by Google. @@ -6608,7 +6599,7 @@ OpenSSL 1.0.1 * Add GCM support to TLS library. Some custom code is needed to split the IV between the fixed (from PRF) and explicit (from TLS record) portions. This adds all GCM ciphersuites supported by RFC5288 and - RFC5289. Generalise some AES* cipherstrings to include GCM and + RFC5289. Generalise some `AES*` cipherstrings to include GCM and add a special AESGCM string for GCM only. *Steve Henson* @@ -6670,7 +6661,7 @@ OpenSSL 1.0.1 * Low level digest APIs are not approved in FIPS mode: any attempt to use these will cause a fatal error. Applications that *really* want - to use them can use the private_* version instead. + to use them can use the `private_*` version instead. *Steve Henson* @@ -6782,7 +6773,7 @@ OpenSSL 1.0.1 OpenSSL 1.0.0 ------------- -### Changes between 1.0.0s and 1.0.0t [3 Dec 2015] ### +### Changes between 1.0.0s and 1.0.0t [3 Dec 2015] * X509_ATTRIBUTE memory leak @@ -6807,7 +6798,7 @@ OpenSSL 1.0.0 *Stephen Henson* -### Changes between 1.0.0r and 1.0.0s [11 Jun 2015] ### +### Changes between 1.0.0r and 1.0.0s [11 Jun 2015] * Malformed ECParameters causes infinite loop @@ -6880,7 +6871,7 @@ OpenSSL 1.0.0 *Matt Caswell* -### Changes between 1.0.0q and 1.0.0r [19 Mar 2015] ### +### Changes between 1.0.0q and 1.0.0r [19 Mar 2015] * Segmentation fault in ASN1_TYPE_cmp fix @@ -6964,13 +6955,13 @@ OpenSSL 1.0.0 *Kurt Roeckx* -### Changes between 1.0.0p and 1.0.0q [15 Jan 2015] ### +### Changes between 1.0.0p and 1.0.0q [15 Jan 2015] * Build fixes for the Windows and OpenVMS platforms *Matt Caswell and Richard Levitte* -### Changes between 1.0.0o and 1.0.0p [8 Jan 2015] ### +### Changes between 1.0.0o and 1.0.0p [8 Jan 2015] * Fix DTLS segmentation fault in dtls1_get_record. A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due to a NULL pointer @@ -7041,7 +7032,7 @@ OpenSSL 1.0.0 *Andy Polyakov* - * Fix various certificate fingerprint issues. + *) Fix various certificate fingerprint issues. By using non-DER or invalid encodings outside the signed portion of a certificate the fingerprint can be changed without breaking the signature. @@ -7079,7 +7070,7 @@ OpenSSL 1.0.0 *Steve Henson* -### Changes between 1.0.0n and 1.0.0o [15 Oct 2014] ### +### Changes between 1.0.0n and 1.0.0o [15 Oct 2014] * Session Ticket Memory Leak. @@ -7117,10 +7108,9 @@ OpenSSL 1.0.0 Note: this is a precautionary measure and no attacks are currently known. - *Steve Henson* -### Changes between 1.0.0m and 1.0.0n [6 Aug 2014] ### +### Changes between 1.0.0m and 1.0.0n [6 Aug 2014] * OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a denial of service attack. A malicious server can crash the client @@ -7183,7 +7173,7 @@ OpenSSL 1.0.0 *Bodo Moeller* -### Changes between 1.0.0l and 1.0.0m [5 Jun 2014] ### +### Changes between 1.0.0l and 1.0.0m [5 Jun 2014] * Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL @@ -7237,14 +7227,14 @@ OpenSSL 1.0.0 * Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" by Yuval Yarom and Naomi Benger. Details can be obtained from: - http://eprint.iacr.org/2014/140 + Thanks to Yuval Yarom and Naomi Benger for discovering this flaw and to Yuval Yarom for supplying a fix [CVE-2014-0076][] *Yuval Yarom and Naomi Benger* -### Changes between 1.0.0k and 1.0.0l [6 Jan 2014] ### +### Changes between 1.0.0k and 1.0.0l [6 Jan 2014] * Keep original DTLS digest and encryption contexts in retransmission structures so we can use the previous session parameters if they need @@ -7261,13 +7251,13 @@ OpenSSL 1.0.0 *Rob Stradling, Adam Langley* -### Changes between 1.0.0j and 1.0.0k [5 Feb 2013] ### +### Changes between 1.0.0j and 1.0.0k [5 Feb 2013] * Make the decoding of SSLv3, TLS and DTLS CBC records constant time. This addresses the flaw in CBC record processing discovered by Nadhem Alfardan and Kenny Paterson. Details of this attack can be found - at: http://www.isg.rhul.ac.uk/tls/ + at: Thanks go to Nadhem Alfardan and Kenny Paterson of the Information Security Group at Royal Holloway, University of London @@ -7285,7 +7275,7 @@ OpenSSL 1.0.0 * Call OCSP Stapling callback after ciphersuite has been chosen, so the right response is stapled. Also change SSL_get_certificate() so it returns the certificate actually sent. - See http://rt.openssl.org/Ticket/Display.html?id=2836. + See . (This is a backport) *Rob Stradling * @@ -7294,7 +7284,7 @@ OpenSSL 1.0.0 *Steve Henson* -### Changes between 1.0.0i and 1.0.0j [10 May 2012] ### +### Changes between 1.0.0i and 1.0.0j [10 May 2012] [NB: OpenSSL 1.0.0i and later 1.0.0 patch levels were released after OpenSSL 1.0.1.] @@ -7313,7 +7303,7 @@ OpenSSL 1.0.1.] *Steve Henson* -### Changes between 1.0.0h and 1.0.0i [19 Apr 2012] ### +### Changes between 1.0.0h and 1.0.0i [19 Apr 2012] * Check for potentially exploitable overflows in asn1_d2i_read_bio BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer @@ -7325,7 +7315,7 @@ OpenSSL 1.0.1.] *Adam Langley (Google), Tavis Ormandy, Google Security Team* -### Changes between 1.0.0g and 1.0.0h [12 Mar 2012] ### +### Changes between 1.0.0g and 1.0.0h [12 Mar 2012] * Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness in CMS and PKCS7 code. When RSA decryption fails use a random key for @@ -7345,7 +7335,7 @@ OpenSSL 1.0.1.] *Steve Henson* -### Changes between 1.0.0f and 1.0.0g [18 Jan 2012] ### +### Changes between 1.0.0f and 1.0.0g [18 Jan 2012] * Fix for DTLS DoS issue introduced by fix for CVE-2011-4109. Thanks to Antonio Martin, Enterprise Secure Access Research and @@ -7354,7 +7344,7 @@ OpenSSL 1.0.1.] *Antonio Martin* -### Changes between 1.0.0e and 1.0.0f [4 Jan 2012] ### +### Changes between 1.0.0e and 1.0.0f [4 Jan 2012] * Nadhem Alfardan and Kenny Paterson have discovered an extension of the Vaudenay padding oracle attack on CBC mode encryption @@ -7362,7 +7352,7 @@ OpenSSL 1.0.1.] the OpenSSL implementation of DTLS. Their attack exploits timing differences arising during decryption processing. A research paper describing this attack can be found at: - http://www.isg.rhul.ac.uk/~kp/dtls.pdf + Thanks go to Nadhem Alfardan and Kenny Paterson of the Information Security Group at Royal Holloway, University of London (www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann @@ -7405,7 +7395,7 @@ OpenSSL 1.0.1.] *Emilia Käsper (Google)* * Fix the BIO_f_buffer() implementation (which was mixing different - interpretations of the '..._len' fields). + interpretations of the `..._len` fields). *Adam Langley (Google)* @@ -7424,7 +7414,7 @@ OpenSSL 1.0.1.] *Bob Buckholz (Google)* -### Changes between 1.0.0d and 1.0.0e [6 Sep 2011] ### +### Changes between 1.0.0d and 1.0.0e [6 Sep 2011] * Fix bug where CRLs with nextUpdate in the past are sometimes accepted by initialising X509_STORE_CTX properly. [CVE-2011-3207][] @@ -7448,13 +7438,11 @@ OpenSSL 1.0.1.] * Add protection against ECDSA timing attacks as mentioned in the paper by Billy Bob Brumley and Nicola Tuveri, see: - - http://eprint.iacr.org/2011/232.pdf - + *Billy Bob Brumley and Nicola Tuveri* -### Changes between 1.0.0c and 1.0.0d [8 Feb 2011] ### +### Changes between 1.0.0c and 1.0.0d [8 Feb 2011] * Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014 @@ -7466,7 +7454,7 @@ OpenSSL 1.0.1.] *Steve Henson* -### Changes between 1.0.0b and 1.0.0c [2 Dec 2010] ### +### Changes between 1.0.0b and 1.0.0c [2 Dec 2010] * Disable code workaround for ancient and obsolete Netscape browsers and servers: an attacker can use it in a ciphersuite downgrade attack. @@ -7480,7 +7468,7 @@ OpenSSL 1.0.1.] *Ben Laurie* -### Changes between 1.0.0a and 1.0.0b [16 Nov 2010] ### +### Changes between 1.0.0a and 1.0.0b [16 Nov 2010] * Fix extension code to avoid race conditions which can result in a buffer overrun vulnerability: resumed sessions must not be modified as they can @@ -7493,14 +7481,14 @@ OpenSSL 1.0.1.] *Steve Henson* -### Changes between 1.0.0 and 1.0.0a [01 Jun 2010] ### +### Changes between 1.0.0 and 1.0.0a [01 Jun 2010] * Check return value of int_rsa_verify in pkey_rsa_verifyrecover [CVE-2010-1633][] *Steve Henson, Peter-Michael Hager * -### Changes between 0.9.8n and 1.0.0 [29 Mar 2010] ### +### Changes between 0.9.8n and 1.0.0 [29 Mar 2010] * Add "missing" function EVP_CIPHER_CTX_copy(). This copies a cipher context. The operation can be customised via the ctrl mechanism in @@ -7576,7 +7564,7 @@ OpenSSL 1.0.1.] * Add "missing" function EVP_MD_flags() (without this the only way to retrieve a digest flags is by accessing the structure directly. Update - EVP_MD_do_all*() and EVP_CIPHER_do_all*() to include the name a digest + `EVP_MD_do_all*()` and `EVP_CIPHER_do_all*()` to include the name a digest or cipher is registered as in the "from" argument. Print out all registered digests in the dgst usage message instead of manually attempting to work them out. @@ -7610,7 +7598,6 @@ OpenSSL 1.0.1.] and this works for ENGINE based algorithms too. - *Steve Henson* * Update Gost ENGINE to support parameter files. @@ -7663,7 +7650,7 @@ OpenSSL 1.0.1.] * New function OPENSSL_gmtime_adj() to add a specific number of days and seconds to a tm structure directly, instead of going through OS specific date routines. This avoids any issues with OS routines such - as the year 2038 bug. New *_adj() functions for ASN1 time structures + as the year 2038 bug. New `*_adj()` functions for ASN1 time structures and X509_time_adj_ex() to cover the extended range. The existing X509_time_adj() is still usable and will no longer have any date issues. @@ -7881,13 +7868,11 @@ OpenSSL 1.0.1.] SSL_set_options(ssl, SSL_OP_NO_SSLv2) is especially recommended for applications that need to enforce opaque PRF input. - *Bodo Moeller* * Update ssl code to support digests other than SHA1+MD5 for handshake MAC. - *Victor B. Wagner * * Add RFC4507 support to OpenSSL. This includes the corrections in @@ -7931,7 +7916,7 @@ OpenSSL 1.0.1.] *Steve Henson* * Experimental support for use of HMAC via EVP_PKEY interface. This - allows HMAC to be handled via the EVP_DigestSign*() interface. The + allows HMAC to be handled via the `EVP_DigestSign*()` interface. The EVP_PKEY "key" in this case is the HMAC key, potentially allowing ENGINE support for HMAC keys which are unextractable. New -mac and -macopt options to dgst utility. @@ -7939,7 +7924,7 @@ OpenSSL 1.0.1.] *Steve Henson* * New option -sigopt to dgst utility. Update dgst to use - EVP_Digest{Sign,Verify}*. These two changes make it possible to use + `EVP_Digest{Sign,Verify}*`. These two changes make it possible to use alternative signing parameters such as X9.31 or PSS in the dgst utility. @@ -8148,7 +8133,6 @@ OpenSSL 1.0.1.] AECDH - anonymous ECDH EECDH - non-anonymous ephemeral ECDH (equivalent to "kEECDH:-AECDH") - *Bodo Moeller* * Add additional S/MIME capabilities for AES and GOST ciphers if supported. @@ -8167,8 +8151,8 @@ OpenSSL 1.0.1.] *Steve Henson* - * New functions EVP_Digest{Sign,Verify)*. These are enhanced versions of - EVP_{Sign,Verify}* which allow an application to customise the signature + * New functions `EVP_Digest{Sign,Verify)*`. These are enhanced versions of + `EVP_{Sign,Verify}*` which allow an application to customise the signature process. *Steve Henson* @@ -8276,8 +8260,8 @@ OpenSSL 1.0.1.] *Steve Henson* * Add functions for main EVP_PKEY_method operations. The undocumented - functions EVP_PKEY_{encrypt,decrypt} have been renamed to - EVP_PKEY_{encrypt,decrypt}_old. + functions `EVP_PKEY_{encrypt,decrypt}` have been renamed to + `EVP_PKEY_{encrypt,decrypt}_old`. *Steve Henson* @@ -8343,7 +8327,6 @@ OpenSSL 1.0.1.] SSL_get_psk_identity SSL_use_psk_identity_hint - *Mika Kousa and Pasi Eronen of Nokia Corporation* * Add RFC 3161 compliant time stamp request creation, response generation @@ -8354,7 +8337,7 @@ OpenSSL 1.0.1.] * Add initial support for TLS extensions, specifically for the server_name extension so far. The SSL_SESSION, SSL_CTX, and SSL data structures now have new members for a host name. The SSL data structure has an - additional member SSL_CTX *initial_ctx so that new sessions can be + additional member `SSL_CTX *initial_ctx` so that new sessions can be stored in that context to allow for session resumption, even after the SSL has been switched to a new SSL_CTX in reaction to a client's server_name extension. @@ -8383,7 +8366,6 @@ OpenSSL 1.0.1.] default is a warning; it becomes fatal with the '-servername_fatal' option. - *Peter Sylvester, Remy Allais, Christophe Renou* * Whirlpool hash implementation is added. @@ -8468,7 +8450,7 @@ OpenSSL 1.0.1.] OpenSSL 0.9.x ------------- -### Changes between 0.9.8m and 0.9.8n [24 Mar 2010] ### +### Changes between 0.9.8m and 0.9.8n [24 Mar 2010] * When rejecting SSL/TLS records due to an incorrect version number, never update s->server with a new major version number. As of @@ -8485,7 +8467,7 @@ OpenSSL 0.9.x *Tomas Hoger * -### Changes between 0.9.8l and 0.9.8m [25 Feb 2010] ### +### Changes between 0.9.8l and 0.9.8m [25 Feb 2010] * Always check bn_wexpand() return values for failure. [CVE-2009-3245][] @@ -8669,11 +8651,11 @@ OpenSSL 0.9.x *Darryl Miles * - * Add 2.5.4.* OIDs + * Add `2.5.4.*` OIDs *Ilya O. * -### Changes between 0.9.8k and 0.9.8l [5 Nov 2009] ### +### Changes between 0.9.8k and 0.9.8l [5 Nov 2009] * Disable renegotiation completely - this fixes a severe security problem [CVE-2009-3555][] at the cost of breaking all @@ -8684,10 +8666,10 @@ OpenSSL 0.9.x *Ben Laurie* -### Changes between 0.9.8j and 0.9.8k [25 Mar 2009] ### +### Changes between 0.9.8j and 0.9.8k [25 Mar 2009] * Don't set val to NULL when freeing up structures, it is freed up by - underlying code. If sizeof(void *) > sizeof(long) this can result in + underlying code. If `sizeof(void *) > sizeof(long)` this can result in zeroing past the valid field. [CVE-2009-0789][] *Paolo Ganci * @@ -8738,7 +8720,7 @@ OpenSSL 0.9.x *Ben Laurie* -### Changes between 0.9.8i and 0.9.8j [07 Jan 2009] ### +### Changes between 0.9.8i and 0.9.8j [07 Jan 2009] * Properly check EVP_VerifyFinal() and similar return values [CVE-2008-5077][]. @@ -8785,7 +8767,7 @@ OpenSSL 0.9.x *Bodo Moeller* -### Changes between 0.9.8h and 0.9.8i [15 Sep 2008] ### +### Changes between 0.9.8h and 0.9.8i [15 Sep 2008] * Fix NULL pointer dereference if a DTLS server received ChangeCipherSpec as first record [CVE-2009-1386][]. @@ -8793,7 +8775,7 @@ OpenSSL 0.9.x *PR #1679* * Fix a state transition in s3_srvr.c and d1_srvr.c - (was using SSL3_ST_CW_CLNT_HELLO_B, should be ..._ST_SW_SRVR_...). + (was using SSL3_ST_CW_CLNT_HELLO_B, should be `..._ST_SW_SRVR_...`). *Nagendra Modadugu* @@ -8805,7 +8787,6 @@ OpenSSL 0.9.x So now fix this for real by retiring the MONT_HELPER macro in crypto/rsa/rsa_eay.c. - *Bodo Moeller; problem pointed out by Marius Schilder* * Various precautionary measures: @@ -8822,7 +8803,6 @@ OpenSSL 0.9.x - Enforce the 'num' check in BN_div() (bn_div.c) for non-BN_DEBUG builds. - *Neel Mehta, Bodo Moeller* * Allow engines to be "soft loaded" - i.e. optionally don't die if @@ -8859,7 +8839,7 @@ OpenSSL 0.9.x *Steve Henson* -### Changes between 0.9.8g and 0.9.8h [28 May 2008] ### +### Changes between 0.9.8g and 0.9.8h [28 May 2008] * Fix flaw if 'Server Key exchange message' is omitted from a TLS handshake which could lead to a client crash as found using the @@ -8914,7 +8894,6 @@ OpenSSL 0.9.x namely BN_from_montgomery_word. (To enable this otherwise, e.g. x86_64, try `-DMONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD`.) - *Andy Polyakov (backport partially by Bodo Moeller)* * Add TLS session ticket callback. This allows an application to set @@ -9011,7 +8990,7 @@ OpenSSL 0.9.x *Steve Henson* -### Changes between 0.9.8f and 0.9.8g [19 Oct 2007] ### +### Changes between 0.9.8f and 0.9.8g [19 Oct 2007] * Fix various bugs: + Binary incompatibility of ssl_ctx_st structure @@ -9021,7 +9000,7 @@ OpenSSL 0.9.x *Andy Polyakov, Steve Henson* -### Changes between 0.9.8e and 0.9.8f [11 Oct 2007] ### +### Changes between 0.9.8e and 0.9.8f [11 Oct 2007] * DTLS Handshake overhaul. There were longstanding issues with OpenSSL DTLS implementation, which were making it impossible for @@ -9065,7 +9044,7 @@ OpenSSL 0.9.x * Add initial support for TLS extensions, specifically for the server_name extension so far. The SSL_SESSION, SSL_CTX, and SSL data structures now have new members for a host name. The SSL data structure has an - additional member SSL_CTX *initial_ctx so that new sessions can be + additional member `SSL_CTX *initial_ctx` so that new sessions can be stored in that context to allow for session resumption, even after the SSL has been switched to a new SSL_CTX in reaction to a client's server_name extension. @@ -9094,7 +9073,6 @@ OpenSSL 0.9.x default is a warning; it becomes fatal with the '-servername_fatal' option. - *Peter Sylvester, Remy Allais, Christophe Renou, Steve Henson* * Add AES and SSE2 assembly language support to VC++ build. @@ -9119,7 +9097,7 @@ OpenSSL 0.9.x *Dean Gaudet (Google)* * Add the Korean symmetric 128-bit cipher SEED (see - http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp) and + ) and add SEED ciphersuites from RFC 4162: TLS_RSA_WITH_SEED_CBC_SHA = "SEED-SHA" @@ -9136,7 +9114,7 @@ OpenSSL 0.9.x * Mitigate branch prediction attacks, which can be practical if a single processor is shared, allowing a spy process to extract information. For detailed background information, see - http://eprint.iacr.org/2007/039 (O. Aciicmez, S. Gueron, + (O. Aciicmez, S. Gueron, J.-P. Seifert, "New Branch Prediction Vulnerabilities in OpenSSL and Necessary Software Countermeasures"). The core of the change are new versions BN_div_no_branch() and @@ -9161,14 +9139,13 @@ OpenSSL 0.9.x BN_BLINDING_new() will now use BN_dup() for the modulus so that the BN_BLINDING structure gets an independent copy of the - modulus. This means that the previous "BIGNUM *m" argument to + modulus. This means that the previous `BIGNUM *m` argument to BN_BLINDING_new() and to BN_BLINDING_create_param() now - essentially becomes "const BIGNUM *m", although we can't actually + essentially becomes `const BIGNUM *m`, although we can't actually change this in the header file before 0.9.9. It allows RSA_setup_blinding() to use BN_with_flags() on the modulus to enable BN_FLG_CONSTTIME. - *Matthew D Wood (Intel Corp)* * In the SSL/TLS server implementation, be strict about session ID @@ -9193,7 +9170,7 @@ OpenSSL 0.9.x not complete and could lead to a possible single byte overflow [CVE-2007-5135][] [Ben Laurie] -### Changes between 0.9.8d and 0.9.8e [23 Feb 2007] ### +### Changes between 0.9.8d and 0.9.8e [23 Feb 2007] * Since AES128 and AES256 (and similarly Camellia128 and Camellia256) share a single mask bit in the logic of @@ -9235,7 +9212,7 @@ OpenSSL 0.9.x *Goetz Babin-Ebell* -### Changes between 0.9.8c and 0.9.8d [28 Sep 2006] ### +### Changes between 0.9.8c and 0.9.8d [28 Sep 2006] * Introduce limits to prevent malicious keys being able to cause a denial of service. [CVE-2006-2940][] @@ -9278,10 +9255,9 @@ OpenSSL 0.9.x definition to split the single 'unsigned long mask' bitmap into multiple values to extend the available space. - *Bodo Moeller* -### Changes between 0.9.8b and 0.9.8c [05 Sep 2006] ### +### Changes between 0.9.8b and 0.9.8c [05 Sep 2006] * Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher [CVE-2006-4339][] [Ben Laurie and Google Security Team] @@ -9308,9 +9284,9 @@ OpenSSL 0.9.x * Disable rogue ciphersuites: - - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5") - - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5") - - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5") + - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5") + - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5") + - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5") The latter two were purportedly from draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really @@ -9329,7 +9305,7 @@ OpenSSL 0.9.x * Add the symmetric cipher Camellia (128-bit, 192-bit, 256-bit key versions), which is now available for royalty-free use - (see http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html). + (see ). Also, add Camellia TLS ciphersuites from RFC 4132. To minimize changes between patchlevels in the OpenSSL 0.9.8 @@ -9347,7 +9323,7 @@ OpenSSL 0.9.x *Steve Henson* -### Changes between 0.9.8a and 0.9.8b [04 May 2006] ### +### Changes between 0.9.8a and 0.9.8b [04 May 2006] * When applying a cipher rule check to see if string match is an explicit cipher suite and only match that one cipher suite if it is. @@ -9373,7 +9349,7 @@ OpenSSL 0.9.x * Fixes and enhancements to zlib compression code. We now only use "zlib1.dll" and use the default `__cdecl` calling convention on Win32 to conform with the standards mentioned here: - http://www.zlib.net/DLL_FAQ.txt + Static zlib linking now works on Windows and the new --with-zlib-include --with-zlib-lib options to Configure can be used to supply the location of the headers and library. Gracefully handle case where zlib library @@ -9398,7 +9374,7 @@ OpenSSL 0.9.x *Richard Levitte* -### Changes between 0.9.8 and 0.9.8a [11 Oct 2005] ### +### Changes between 0.9.8 and 0.9.8a [11 Oct 2005] * Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING (part of SSL_OP_ALL). This option used to disable the @@ -9408,7 +9384,7 @@ OpenSSL 0.9.x *Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center for Information Security, National Institute of Advanced Industrial - Science and Technology [AIST*, Japan)] + Science and Technology [AIST], Japan)* * Add two function to clear and return the verify parameter flags. @@ -9442,7 +9418,7 @@ OpenSSL 0.9.x *Steve Henson* -### Changes between 0.9.7h and 0.9.8 [05 Jul 2005] ### +### Changes between 0.9.7h and 0.9.8 [05 Jul 2005] [NB: OpenSSL 0.9.7i and later 0.9.7 patch levels were released after OpenSSL 0.9.8.] @@ -9532,7 +9508,6 @@ OpenSSL 0.9.8.] fee for non-commercial use. As before, "no-idea" can be used to avoid this algorithm.) - *Bodo Moeller* * Add processing of proxy certificates (see RFC 3820). This work was @@ -9555,7 +9530,6 @@ OpenSSL 0.9.8.] The blank line is mandatory. - *Steve Henson* * New arguments -certform, -keyform and -pass for s_client and s_server @@ -9579,7 +9553,7 @@ OpenSSL 0.9.8.] *Michal Ludvig , with help from Andy Polyakov* - * Deprecate BN_[get|set]_params() functions (they were ignored internally). + * Deprecate `BN_[get|set]_params()` functions (they were ignored internally). *Geoff Thorpe* @@ -9728,7 +9702,7 @@ OpenSSL 0.9.8.] to clean up those corresponding objects before destroying the hash table (and losing the object pointers). So some over-zealous constifications in LHASH have been relaxed so that lh_insert() does not take (nor store) the - objects as "const" and the lh_doall[_arg] callback wrappers are not + objects as "const" and the `lh_doall[_arg]` callback wrappers are not prototyped to have "const" restrictions on the object pointers they are given (and so aren't required to cast them away any more). @@ -9737,8 +9711,9 @@ OpenSSL 0.9.8.] * The tmdiff.h API was so ugly and minimal that our own timing utility (speed) prefers to use its own implementation. The two implementations haven't been consolidated as yet (volunteers?) but the tmdiff API has had - its object type properly exposed (MS_TM) instead of casting to/from "char - *". This may still change yet if someone realises MS_TM and "ms_time_***" + its object type properly exposed (MS_TM) instead of casting to/from + `char *`. This may still change yet if someone realises MS_TM and + `ms_time_***` aren't necessarily the greatest nomenclatures - but this is what was used internally to the implementation so I've used that for now. @@ -9971,7 +9946,7 @@ OpenSSL 0.9.8.] * Change the "progress" mechanism used in key-generation and primality testing to functions that take a new BN_GENCB pointer in - place of callback/argument pairs. The new API functions have "_ex" + place of callback/argument pairs. The new API functions have `_ex` postfixes and the older functions are reimplemented as wrappers for the new ones. The OPENSSL_NO_DEPRECATED symbol can be used to hide declarations of the old functions to help (graceful) attempts to @@ -10132,8 +10107,7 @@ OpenSSL 0.9.8.] * Add named elliptic curves over binary fields from X9.62, SECG, and WAP/WTLS; add OIDs that were still missing. - *Sheueling Chang Shantz and Douglas Stebila - (Sun Microsystems Laboratories)* + *Sheueling Chang Shantz and Douglas Stebila (Sun Microsystems Laboratories)* * Extend the EC library for elliptic curves over binary fields (new files ec2_smpl.c, ec2_smpt.c, ec2_mult.c in crypto/ec/). @@ -10157,16 +10131,15 @@ OpenSSL 0.9.8.] As binary polynomials are represented as BIGNUMs, various members of the EC_GROUP and EC_POINT data structures can be shared between the implementations for prime fields and binary fields; - the above ..._GF2m functions (except for EX_GROUP_new_curve_GF2m) - are essentially identical to their ..._GFp counterparts. - (For simplicity, the '..._GFp' prefix has been dropped from + the above `..._GF2m functions` (except for EX_GROUP_new_curve_GF2m) + are essentially identical to their `..._GFp` counterparts. + (For simplicity, the `..._GFp` prefix has been dropped from various internal method names.) An internal 'field_div' method (similar to 'field_mul' and 'field_sqr') has been added; this is used only for binary fields. - *Sheueling Chang Shantz and Douglas Stebila - (Sun Microsystems Laboratories)* + *Sheueling Chang Shantz and Douglas Stebila (Sun Microsystems Laboratories)* * Optionally dispatch EC_POINT_mul(), EC_POINT_precompute_mult() through methods ('mul', 'precompute_mult'). @@ -10175,21 +10148,18 @@ OpenSSL 0.9.8.] and 'ec_wNAF_precomputed_mult') remain the default if these methods are undefined. - *Sheueling Chang Shantz and Douglas Stebila - (Sun Microsystems Laboratories)* + *Sheueling Chang Shantz and Douglas Stebila (Sun Microsystems Laboratories)* * New function EC_GROUP_get_degree, which is defined through EC_METHOD. For curves over prime fields, this returns the bit length of the modulus. - *Sheueling Chang Shantz and Douglas Stebila - (Sun Microsystems Laboratories)* + *Sheueling Chang Shantz and Douglas Stebila (Sun Microsystems Laboratories)* * New functions EC_GROUP_dup, EC_POINT_dup. (These simply call ..._new and ..._copy). - *Sheueling Chang Shantz and Douglas Stebila - (Sun Microsystems Laboratories)* + *Sheueling Chang Shantz and Douglas Stebila (Sun Microsystems Laboratories)* * Add binary polynomial arithmetic software in crypto/bn/bn_gf2m.c. Polynomials are represented as BIGNUMs (where the sign bit is not @@ -10242,8 +10212,7 @@ OpenSSL 0.9.8.] if OPENSSL_SUN_GF2M_DIV is defined (patent pending; read the copyright notice in crypto/bn/bn_gf2m.c before enabling it). - *Sheueling Chang Shantz and Douglas Stebila - (Sun Microsystems Laboratories)* + *Sheueling Chang Shantz and Douglas Stebila (Sun Microsystems Laboratories)* * Add new error code 'ERR_R_DISABLED' that can be used when some functionality is disabled at compile-time. @@ -10366,7 +10335,7 @@ OpenSSL 0.9.8.] *Richard Levitte* -### Changes between 0.9.7l and 0.9.7m [23 Feb 2007] ### +### Changes between 0.9.7l and 0.9.7m [23 Feb 2007] * Cleanse PEM buffers before freeing them since they may contain sensitive data. @@ -10416,7 +10385,7 @@ OpenSSL 0.9.8.] *Steve Henson* -### Changes between 0.9.7k and 0.9.7l [28 Sep 2006] ### +### Changes between 0.9.7k and 0.9.7l [28 Sep 2006] * Introduce limits to prevent malicious keys being able to cause a denial of service. [CVE-2006-2940][] @@ -10444,7 +10413,7 @@ OpenSSL 0.9.8.] *Bodo Moeller* -### Changes between 0.9.7j and 0.9.7k [05 Sep 2006] ### +### Changes between 0.9.7j and 0.9.7k [05 Sep 2006] * Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher [CVE-2006-4339][] [Ben Laurie and Google Security Team] @@ -10457,9 +10426,9 @@ OpenSSL 0.9.8.] * Disable rogue ciphersuites: - - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5") - - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5") - - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5") + - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5") + - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5") + - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5") The latter two were purportedly from draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really @@ -10476,7 +10445,7 @@ OpenSSL 0.9.8.] *Bodo Moeller* -### Changes between 0.9.7i and 0.9.7j [04 May 2006] ### +### Changes between 0.9.7i and 0.9.7j [04 May 2006] * Adapt fipsld and the build system to link against the validated FIPS module in FIPS mode. @@ -10494,7 +10463,7 @@ OpenSSL 0.9.8.] *Steve Henson* -### Changes between 0.9.7h and 0.9.7i [14 Oct 2005] ### +### Changes between 0.9.7h and 0.9.7i [14 Oct 2005] * Wrapped the definition of EVP_MAX_MD_SIZE in a #ifdef OPENSSL_FIPS. The value now differs depending on if you build for FIPS or not. @@ -10504,7 +10473,7 @@ OpenSSL 0.9.8.] *Andy Polyakov* -### Changes between 0.9.7g and 0.9.7h [11 Oct 2005] ### +### Changes between 0.9.7g and 0.9.7h [11 Oct 2005] * Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING (part of SSL_OP_ALL). This option used to disable the @@ -10514,7 +10483,7 @@ OpenSSL 0.9.8.] *Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center for Information Security, National Institute of Advanced Industrial - Science and Technology [AIST*, Japan)] + Science and Technology [AIST, Japan)]* * Minimal support for X9.31 signatures and PSS padding modes. This is mainly for FIPS compliance and not fully integrated at this stage. @@ -10542,7 +10511,6 @@ OpenSSL 0.9.8.] RSA_FLAG_NO_EXP_CONSTTIME, DSA_FLAG_NO_EXP_CONSTTIME, or DH_FLAG_NO_EXP_CONSTTIME, respectively, is set. - *Matthew D Wood (Intel Corp), with some changes by Bodo Moeller* * Change the client implementation for SSLv23_method() and @@ -10570,7 +10538,7 @@ OpenSSL 0.9.8.] *Steve Henson* -### Changes between 0.9.7f and 0.9.7g [11 Apr 2005] ### +### Changes between 0.9.7f and 0.9.7g [11 Apr 2005] [NB: OpenSSL 0.9.7h and later 0.9.7 patch levels were released after OpenSSL 0.9.8.] @@ -10595,7 +10563,7 @@ OpenSSL 0.9.8.] *Richard Levitte* -### Changes between 0.9.7e and 0.9.7f [22 Mar 2005] ### +### Changes between 0.9.7e and 0.9.7f [22 Mar 2005] * Use (SSL_RANDOM_VALUE - 4) bytes of pseudo random data when generating server and client random values. Previously @@ -10658,15 +10626,15 @@ OpenSSL 0.9.8.] side effect always do the following basic checks on extensions, not just when there's an associated purpose to the check: - - if there is an unhandled critical extension (unless the user - has chosen to ignore this fault) - - if the path length has been exceeded (if one is set at all) - - that certain extensions fit the associated purpose (if one has - been given) + - if there is an unhandled critical extension (unless the user + has chosen to ignore this fault) + - if the path length has been exceeded (if one is set at all) + - that certain extensions fit the associated purpose (if one has + been given) *Richard Levitte* -### Changes between 0.9.7d and 0.9.7e [25 Oct 2004] ### +### Changes between 0.9.7d and 0.9.7e [25 Oct 2004] * Avoid a race condition when CRLs are checked in a multi threaded environment. This would happen due to the reordering of the revoked @@ -10694,7 +10662,7 @@ OpenSSL 0.9.8.] *Steve Henson* -### Changes between 0.9.7c and 0.9.7d [17 Mar 2004] ### +### Changes between 0.9.7c and 0.9.7d [17 Mar 2004] * Fix null-pointer assignment in do_change_cipher_spec() revealed by using the Codenomicon TLS Test Tool [CVE-2004-0079][] @@ -10747,7 +10715,7 @@ OpenSSL 0.9.8.] *Steve Henson* -### Changes between 0.9.7b and 0.9.7c [30 Sep 2003] ### +### Changes between 0.9.7b and 0.9.7c [30 Sep 2003] * Fix various bugs revealed by running the NISCC test suite: @@ -10759,7 +10727,6 @@ OpenSSL 0.9.8.] If verify callback ignores invalid public key errors don't try to check certificate signature with the NULL public key. - *Steve Henson* * New -ignore_err option in ocsp application to stop the server @@ -10806,7 +10773,7 @@ OpenSSL 0.9.8.] *Steve Henson* -### Changes between 0.9.7a and 0.9.7b [10 Apr 2003] ### +### Changes between 0.9.7a and 0.9.7b [10 Apr 2003] * Countermeasure against the Klima-Pokorny-Rosa extension of Bleichbacher's attack on PKCS #1 v1.5 padding: treat @@ -10846,7 +10813,7 @@ OpenSSL 0.9.8.] *Ulf Moeller* -### Changes between 0.9.7 and 0.9.7a [19 Feb 2003] ### +### Changes between 0.9.7 and 0.9.7a [19 Feb 2003] * In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked via timing by performing a MAC computation even if incorrect @@ -10937,7 +10904,7 @@ OpenSSL 0.9.8.] *Richard Levitte & Kris Kennaway * -### Changes between 0.9.6h and 0.9.7 [31 Dec 2002] ### +### Changes between 0.9.6h and 0.9.7 [31 Dec 2002] [NB: OpenSSL 0.9.6i and later 0.9.6 patch levels were released after OpenSSL 0.9.7.] @@ -11181,7 +11148,7 @@ OpenSSL 0.9.7.] * Remove most calls to EVP_CIPHER_CTX_cleanup() in evp_enc.c, this allows existing EVP_CIPHER_CTX structures to be reused after - calling EVP_*Final(). This behaviour is used by encryption + calling `EVP_*Final()`. This behaviour is used by encryption BIOs and some applications. This has the side effect that applications must explicitly clean up cipher contexts with EVP_CIPHER_CTX_cleanup() or they will leak memory. @@ -11436,12 +11403,12 @@ OpenSSL 0.9.7.] *Massimiliano Pala madwolf@openca.org* - * Change all functions with names starting with des_ to be starting - with DES_ instead. Add wrappers that are compatible with libdes, - but are named _ossl_old_des_*. Finally, add macros that map the - des_* symbols to the corresponding _ossl_old_des_* if libdes + * Change all functions with names starting with `des_` to be starting + with `DES_` instead. Add wrappers that are compatible with libdes, + but are named `_ossl_old_des_*`. Finally, add macros that map the + `des_*` symbols to the corresponding `_ossl_old_des_*` if libdes compatibility is desired. If OpenSSL 0.9.6c compatibility is - desired, the des_* symbols will be mapped to DES_*, with one + desired, the `des_*` symbols will be mapped to `DES_*`, with one exception. Since we provide two compatibility mappings, the user needs to @@ -11459,7 +11426,7 @@ OpenSSL 0.9.7.] won't work. NOTE: This is a major break of an old API into a new one. Software - authors are encouraged to switch to the DES_ style functions. Some + authors are encouraged to switch to the `DES_` style functions. Some time in the future, des_old.h and the libdes compatibility functions will be disable (i.e. OPENSSL_DISABLE_OLD_DES_SUPPORT will be the default), and then completely removed. @@ -11519,7 +11486,7 @@ OpenSSL 0.9.7.] deal more passive and at run-time, operations deal directly with RSA_METHODs, DSA_METHODs (etc) as they did before, rather than dereferencing through an ENGINE pointer any more. Also, the ENGINE - functions dealing with BN_MOD_EXP[_CRT] handlers have been removed - + functions dealing with `BN_MOD_EXP[_CRT]` handlers have been removed - they were not being used by the framework as there is no concept of a BIGNUM_METHOD and they could not be generalised to the new 'ENGINE_TABLE' mechanism that underlies the new code. Similarly, @@ -11533,7 +11500,7 @@ OpenSSL 0.9.7.] *Steve Henson* * Change mkdef.pl to sort symbols that get the same entry number, - and make sure the automatically generated functions ERR_load_* + and make sure the automatically generated functions `ERR_load_*` become part of libeay.num as well. *Richard Levitte* @@ -11565,7 +11532,7 @@ OpenSSL 0.9.7.] *Steve Henson* * Make maximum certificate chain size accepted from the peer application - settable (SSL*_get/set_max_cert_list()), as proposed by + settable (`SSL*_get/set_max_cert_list()`), as proposed by "Douglas E. Engert" . *Lutz Jaenicke* @@ -11659,7 +11626,7 @@ OpenSSL 0.9.7.] *Geoff Thorpe* - * Give DH, DSA, and RSA types their own "**_up_ref()" function to increment + * Give DH, DSA, and RSA types their own `*_up_ref()` function to increment reference counts. This performs normal REF_PRINT/REF_CHECK macros on the operation, and provides a more encapsulated way for external code (crypto/evp/ and ssl/) to do this. Also changed the evp and ssl code @@ -11707,7 +11674,6 @@ OpenSSL 0.9.7.] EVP_DigestFinal(&md, out, NULL); EVP_MD_CTX_cleanup(&md); /* new function call */ - *Ben Laurie* * Make DES key schedule conform to the usual scheme, as well as @@ -11738,8 +11704,8 @@ OpenSSL 0.9.7.] *Ben Laurie* - * Change historical references to {NID,SN,LN}_des_ede and ede3 to add the - correct _ecb suffix. + * Change historical references to `{NID,SN,LN}_des_ede` and ede3 to add the + correct `_ecb suffix`. *Ben Laurie* @@ -11756,17 +11722,16 @@ OpenSSL 0.9.7.] *Richard Levitte* * Changes to Kerberos SSL for RFC 2712 compliance: - 1. Implemented real KerberosWrapper, instead of just using - KRB5 AP_REQ message. [Thanks to Simon Wilkinson ] - 2. Implemented optional authenticator field of KerberosWrapper. + 1. Implemented real KerberosWrapper, instead of just using + KRB5 AP_REQ message. [Thanks to Simon Wilkinson ] + 2. Implemented optional authenticator field of KerberosWrapper. Added openssl-style ASN.1 macros for Kerberos ticket, ap_req, and authenticator structs; see crypto/krb5/. Generalized Kerberos calls to support multiple Kerberos libraries. - *Vern Staats , - Jeffrey Altman - via Richard Levitte* + *Vern Staats , Jeffrey Altman + via Richard Levitte* * Cause 'openssl speed' to use fully hard-coded DSA keys as it already does with RSA. testdsa.h now has 'priv_key/pub_key' @@ -12108,7 +12073,7 @@ s-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *Bodo Moeller* - * Modify EVP_Digest*() routines so they now return values. Although the + * Modify `EVP_Digest*()` routines so they now return values. Although the internal software routines can never fail additional hardware versions might. @@ -12254,14 +12219,14 @@ s-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k * Make all configuration macros available for application by making sure they are available in opensslconf.h, by giving them names starting - with "OPENSSL_" to avoid conflicts with other packages and by making + with `OPENSSL_` to avoid conflicts with other packages and by making sure e_os2.h will cover all platform-specific cases together with opensslconf.h. Additionally, it is now possible to define configuration/platform- specific names (called "system identities"). In the C code, these - are prefixed with "OPENSSL_SYSNAME_". e_os2.h will create another - macro with the name beginning with "OPENSSL_SYS_", which is determined - from "OPENSSL_SYSNAME_*" or compiler-specific macros depending on + are prefixed with `OPENSSL_SYSNAME_`. e_os2.h will create another + macro with the name beginning with `OPENSSL_SYS_`, which is determined + from `OPENSSL_SYSNAME_*` or compiler-specific macros depending on what is available. *Richard Levitte* @@ -12310,7 +12275,7 @@ s-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k * Disable stdin buffering in load_cert (apps/apps.c) so that no certs are skipped when using openssl x509 multiple times on a single input file, - e.g. "(openssl x509 -out cert1; openssl x509 -out cert2) ' prints the status of the cert with + `openssl ca -status ` prints the status of the cert with the given serial number (according to the index file). - 'openssl ca -updatedb' updates the expiry status of certificates + `openssl ca -updatedb` updates the expiry status of certificates in the index file. *Massimiliano Pala * @@ -12504,7 +12469,7 @@ s-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k * Allowing defining memory allocation callbacks that will be given file name and line number information in additional arguments - (a const char* and an int). The basic functionality remains, as + (a `const char*` and an int). The basic functionality remains, as well as the original possibility to just replace malloc(), realloc() and free() by functions that do not know about these additional arguments. To register and find out the current @@ -12517,9 +12482,9 @@ s-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k CRYPTO_get_locked_mem_ex_functions These work the same way as CRYPTO_set_mem_functions and friends. - CRYPTO_get_[locked_]mem_functions now writes 0 where such an + `CRYPTO_get_[locked_]mem_functions` now writes 0 where such an extended allocation function is enabled. - Similarly, CRYPTO_get_[locked_]mem_ex_functions writes 0 where + Similarly, `CRYPTO_get_[locked_]mem_ex_functions` writes 0 where a conventional allocation function is enabled. *Richard Levitte, Bodo Moeller* @@ -12627,7 +12592,7 @@ s-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k * New functions or ASN1_item_d2i_fp() and ASN1_item_d2i_bio(). These replace the old function pointer based I/O routines. Change most of - the *_d2i_bio() and *_d2i_fp() functions to use these. + the `*_d2i_bio()` and `*_d2i_fp()` functions to use these. *Steve Henson* @@ -12754,7 +12719,7 @@ s-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k * Added Kerberos Cipher Suites to be used with TLS, as written in RFC 2712. *Veers Staats , - Jeffrey Altman , via Richard Levitte* + Jeffrey Altman , via Richard Levitte* * Reformat the FAQ so the different questions and answers can be divided in sections depending on the subject. @@ -12820,7 +12785,7 @@ s-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *Bodo Moeller* - * Move BN_mod_... functions into new file crypto/bn/bn_mod.c + * Move `BN_mod_...` functions into new file crypto/bn/bn_mod.c (except for exponentiation, which stays in crypto/bn/bn_exp.c, and BN_mod_mul_reciprocal, which stays in crypto/bn/bn_recp.c) and add new functions: @@ -12984,7 +12949,7 @@ ndif * NCONF changes. NCONF_get_number() has no error checking at all. As a replacement, - NCONF_get_number_e() is defined (_e for "error checking") and is + NCONF_get_number_e() is defined (`_e` for "error checking") and is promoted strongly. The old NCONF_get_number is kept around for binary backward compatibility. Make it possible for methods to load from something other than a BIO, @@ -13018,14 +12983,14 @@ ndif *Richard Levitte* -### Changes between 0.9.6l and 0.9.6m [17 Mar 2004] ### +### Changes between 0.9.6l and 0.9.6m [17 Mar 2004] * Fix null-pointer assignment in do_change_cipher_spec() revealed by using the Codenomicon TLS Test Tool [CVE-2004-0079][] *Joe Orton, Steve Henson* -### Changes between 0.9.6k and 0.9.6l [04 Nov 2003] ### +### Changes between 0.9.6k and 0.9.6l [04 Nov 2003] * Fix additional bug revealed by the NISCC test suite: @@ -13034,7 +12999,7 @@ ndif *Steve Henson* -### Changes between 0.9.6j and 0.9.6k [30 Sep 2003] ### +### Changes between 0.9.6j and 0.9.6k [30 Sep 2003] * Fix various bugs revealed by running the NISCC test suite: @@ -13044,7 +13009,6 @@ ndif If verify callback ignores invalid public key errors don't try to check certificate signature with the NULL public key. - *Steve Henson* * In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate @@ -13064,7 +13028,7 @@ ndif *Richard Levitte* -### Changes between 0.9.6i and 0.9.6j [10 Apr 2003] ### +### Changes between 0.9.6i and 0.9.6j [10 Apr 2003] * Countermeasure against the Klima-Pokorny-Rosa extension of Bleichbacher's attack on PKCS #1 v1.5 padding: treat @@ -13092,7 +13056,7 @@ ndif *Bodo Moeller* -### Changes between 0.9.6h and 0.9.6i [19 Feb 2003] ### +### Changes between 0.9.6h and 0.9.6i [19 Feb 2003] * In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked via timing by performing a MAC computation even if incorrect @@ -13104,7 +13068,7 @@ ndif Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and Martin Vuagnoux (EPFL, Ilion)* -### Changes between 0.9.6g and 0.9.6h [5 Dec 2002] ### +### Changes between 0.9.6g and 0.9.6h [5 Dec 2002] * New function OPENSSL_cleanse(), which is used to cleanse a section of memory from its contents. This is done with a counter that will @@ -13184,20 +13148,19 @@ ndif *Steve Henson* -### Changes between 0.9.6f and 0.9.6g [9 Aug 2002] ### +### Changes between 0.9.6f and 0.9.6g [9 Aug 2002] * [In 0.9.6g-engine release:] - Fix crypto/engine/vendor_defns/cswift.h for WIN32 (use '_stdcall'). + Fix crypto/engine/vendor_defns/cswift.h for WIN32 (use `_stdcall`). *Lynn Gazis * -### Changes between 0.9.6e and 0.9.6f [8 Aug 2002] ### +### Changes between 0.9.6e and 0.9.6f [8 Aug 2002] * Fix ASN1 checks. Check for overflow by comparing with LONG_MAX and get fix the header length calculation. *Florian Weimer , - Alon Kantor (and others), - Steve Henson* + Alon Kantor (and others), Steve Henson* * Use proper error handling instead of 'assertions' in buffer overflow checks added in 0.9.6e. This prevents DoS (the @@ -13205,7 +13168,7 @@ ndif *Arne Ansper , Bodo Moeller* -### Changes between 0.9.6d and 0.9.6e [30 Jul 2002] ### +### Changes between 0.9.6d and 0.9.6e [30 Jul 2002] * Add various sanity checks to asn1_get_length() to reject the ASN1 length bytes if they exceed sizeof(long), will appear @@ -13259,7 +13222,7 @@ ndif * Various temporary buffers to hold ASCII versions of integers were too small for 64 bit platforms. [CVE-2002-0655][] - *Matthew Byng-Maddick and Ben Laurie (CHATS)> + *Matthew Byng-Maddick and Ben Laurie (CHATS)>* * Remote buffer overflow in SSL3 protocol - an attacker could supply an oversized session ID to a client. [CVE-2002-0656][] @@ -13271,14 +13234,14 @@ ndif *Ben Laurie (CHATS)* -### Changes between 0.9.6c and 0.9.6d [9 May 2002] ### +### Changes between 0.9.6c and 0.9.6d [9 May 2002] * Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not encoded as NULL) with id-dsa-with-sha1. *Nils Larsch ; problem pointed out by Bodo Moeller* - * Check various X509_...() return values in apps/req.c. + * Check various `X509_...()` return values in apps/req.c. *Nils Larsch * @@ -13414,12 +13377,12 @@ ndif *D P Chang * -### Changes between 0.9.6b and 0.9.6c [21 dec 2001] ### +### Changes between 0.9.6b and 0.9.6c [21 dec 2001] * Fix BN_rand_range bug pointed out by Dominikus Scherkl . (The previous implementation - worked incorrectly for those cases where range = 10..._2 and - 3*range is two bits longer than range.) + worked incorrectly for those cases where range = `10..._2` and + `3*range` is two bits longer than range.) *Bodo Moeller* @@ -13490,7 +13453,7 @@ ndif instead. BIO_gethostbyname() does not know what timeouts are appropriate, so entries would stay in cache even when they have become invalid. - *Bodo Moeller; problem pointed out by Rich Salz + *Bodo Moeller; problem pointed out by Rich Salz * * Change ssl23_get_client_hello (ssl/s23_srvr.c) behaviour when faced with a pathologically small ClientHello fragment that does @@ -13587,7 +13550,7 @@ ndif *Lutz Jaenicke* - * Add alert descriptions for TLSv1 to SSL_alert_desc_string[_long](). + * Add alert descriptions for TLSv1 to `SSL_alert_desc_string[_long]()`. *Lutz Jaenicke* @@ -13693,7 +13656,7 @@ ndif *Richard Levitte* -### Changes between 0.9.6a and 0.9.6b [9 Jul 2001] ### +### Changes between 0.9.6a and 0.9.6b [9 Jul 2001] * Change ssleay_rand_bytes (crypto/rand/md_rand.c) to avoid a SSLeay/OpenSSL PRNG weakness pointed out by @@ -13739,7 +13702,7 @@ ndif *Bodo Moeller* - * Don't change *pointer in CRYPTO_add_lock() is add_lock_callback is + * Don't change `*pointer` in CRYPTO_add_lock() is add_lock_callback is used: it isn't thread safe and the add_lock_callback should handle that itself. @@ -13821,7 +13784,7 @@ ndif *Bodo Moeller* -### Changes between 0.9.6 and 0.9.6a [5 Apr 2001] ### +### Changes between 0.9.6 and 0.9.6a [5 Apr 2001] * Fix a couple of memory leaks in PKCS7_dataDecode() @@ -13859,7 +13822,7 @@ ndif * Check the result of RSA-CRT (see D. Boneh, R. DeMillo, R. Lipton: On the Importance of Eliminating Errors in Cryptographic Computations, J. Cryptology 14 (2001) 2, 101-119, - http://theory.stanford.edu/~dabo/papers/faults.ps.gz). + ). *Ulf Moeller* @@ -13900,7 +13863,7 @@ ndif *Bodo Moeller* - * Replace rdtsc with _emit statements for VC++ version 5. + * Replace rdtsc with `_emit` statements for VC++ version 5. *Jeremy Cooper * @@ -13944,7 +13907,7 @@ ndif * Fix CPU detection on Irix 6.x. *Kurt Hockenbury and - "Bruce W. Forsberg" * + "Bruce W. Forsberg" * * Fix X509_NAME bug which produced incorrect encoding if X509_NAME was empty. @@ -13967,7 +13930,7 @@ ndif *Ulf Moeller, Bodo Moeller* - * In the NCONF_...-based implementations for CONF_... queries + * In the `NCONF_...`-based implementations for `CONF_...` queries (crypto/conf/conf_lib.c), if the input LHASH is NULL, avoid using a temporary CONF structure with the data component set to NULL (which gives segmentation faults in lh_retrieve). @@ -14050,8 +14013,8 @@ ndif *Bodo Moeller; problem reported by Eric Day * - * In RSA_eay_public_{en,ed}crypt and RSA_eay_mod_exp (rsa_eay.c), - obtain lock CRYPTO_LOCK_RSA before setting rsa->_method_mod_{n,p,q}. + * In `RSA_eay_public_{en,ed}crypt` and RSA_eay_mod_exp (rsa_eay.c), + obtain lock CRYPTO_LOCK_RSA before setting `rsa->_method_mod_{n,p,q}`. (RSA objects have a reference count access to which is protected by CRYPTO_LOCK_RSA [see rsa_lib.c, s3_srvr.c, ssl_cert.c, ssl_rsa.c], @@ -14163,7 +14126,7 @@ ndif *Lutz Jaenicke* -### Changes between 0.9.5a and 0.9.6 [24 Sep 2000] ### +### Changes between 0.9.5a and 0.9.6 [24 Sep 2000] * In ssl23_get_client_hello, generate an error message when faced with an initial SSL 3.0/TLS record that is too small to contain the @@ -14283,7 +14246,7 @@ ndif *Ben Laurie* - * Add a few more EBCDIC conditionals that make `req' and `x509' + * Add a few more EBCDIC conditionals that make `req` and `x509` work better on such systems. *Martin Kraemer * @@ -14407,7 +14370,7 @@ ndif *Andreas Schneider * * A demo state-machine implementation was sponsored by - Nuron (http://www.nuron.com/) and is now available in + Nuron () and is now available in demos/state_machine. *Ben Laurie* @@ -14463,13 +14426,12 @@ ndif and as before, if none of those prefixes are present at the beginning of the string, LOG_ERR is chosen. - On Win32, the LOG_* levels are mapped according to this: + On Win32, the `LOG_*` levels are mapped according to this: LOG_EMERG, LOG_ALERT, LOG_CRIT, LOG_ERR => EVENTLOG_ERROR_TYPE LOG_WARNING => EVENTLOG_WARNING_TYPE LOG_NOTICE, LOG_INFO, LOG_DEBUG => EVENTLOG_INFORMATION_TYPE - *Richard Levitte* * Made it possible to reconfigure with just the configuration @@ -14551,8 +14513,8 @@ ndif *Steve Henson* - * crypto/err.c locking bugfix: Use write locks (CRYPTO_w_[un]lock), - not read locks (CRYPTO_r_[un]lock). + * crypto/err.c locking bugfix: Use write locks (`CRYPTO_w_[un]lock`), + not read locks (`CRYPTO_r_[un]lock`). *Bodo Moeller* @@ -14588,7 +14550,7 @@ ndif *Steve Henson* - * New ASN1 functions, i2c_* and c2i_* for INTEGER and BIT + * New ASN1 functions, `i2c_*` and `c2i_*` for INTEGER and BIT STRING types. These convert content octets to and from the underlying type. The actual tag and length octets are already assumed to have been read in and checked. These @@ -14646,7 +14608,7 @@ ndif * Reorganisation of the stack code. The macros are now all collected in safestack.h . Each macro is defined in terms of - a "stack macro" of the form SKM_(type, a, b). The + a "stack macro" of the form `SKM_(type, a, b)`. The DEBUG_SAFESTACK is now handled in terms of function casts, this has the advantage of retaining type safety without the use of additional functions. If DEBUG_SAFESTACK is not defined @@ -14689,7 +14651,7 @@ ndif *Bodo Moeller* - * Increase maximum window size in BN_mod_exp_... to 6 bits instead of 5 + * Increase maximum window size in `BN_mod_exp_...` to 6 bits instead of 5 (meaning that now 2^5 values will be precomputed, which is only 4 KB plus overhead for 1024 bit moduli). This makes exponentiations about 0.5 % faster for 1024 bit @@ -14729,7 +14691,7 @@ ndif also involved a cleanup of sorts in safestack.h to more correctly map type-safe stack functions onto their plain stack counterparts. This work has also resulted in a variety of "const"ifications of - lots of the code, especially "_cmp" operations which should normally + lots of the code, especially `_cmp` operations which should normally be prototyped with "const" parameters anyway. *Geoff Thorpe* @@ -14792,7 +14754,7 @@ ndif *Bodo Moeller* - * Call dh_tmp_cb (set by ..._TMP_DH_CB) with correct 'is_export' flag; + * Call dh_tmp_cb (set by `..._TMP_DH_CB`) with correct 'is_export' flag; i.e. non-zero for export ciphersuites, zero otherwise. Previous versions had this flag inverted, inconsistent with rsa_tmp_cb (..._TMP_RSA_CB). @@ -14882,13 +14844,13 @@ ndif * CONF library reworked to become more general. A new CONF configuration file reader "class" is implemented as well as a - new functions (NCONF_*, for "New CONF") to handle it. The now - old CONF_* functions are still there, but are reimplemented to + new functions (`NCONF_*`, for "New CONF") to handle it. The now + old `CONF_*` functions are still there, but are reimplemented to work in terms of the new functions. Also, a set of functions to handle the internal storage of the configuration data is provided to make it easier to write new configuration file reader "classes" (I can definitely see something reading a - configuration file in XML format, for example), called _CONF_*, + configuration file in XML format, for example), called `_CONF_*`, or "the configuration storage API"... The new configuration file reading functions are: @@ -14903,12 +14865,12 @@ ndif NCONF_default and NCONF_WIN32 are method (or "class") choosers, NCONF_new creates a new CONF object. This works in the same way as other interfaces in OpenSSL, like the BIO interface. - NCONF_dump_* dump the internal storage of the configuration file, + `NCONF_dump_*` dump the internal storage of the configuration file, which is useful for debugging. All other functions take the same - arguments as the old CONF_* functions with the exception of the - first that must be a `CONF *' instead of a `LHASH *'. + arguments as the old `CONF_*` functions with the exception of the + first that must be a `CONF *` instead of a `LHASH *`. - To make it easier to use the new classes with the old CONF_* functions, + To make it easier to use the new classes with the old `CONF_*` functions, the function CONF_set_default_method is provided. *Richard Levitte* @@ -14926,7 +14888,7 @@ ndif *Geoff Thorpe, with contributions from Richard Levitte* -### Changes between 0.9.5 and 0.9.5a [1 Apr 2000] ### +### Changes between 0.9.5 and 0.9.5a [1 Apr 2000] * Make sure _lrotl and _lrotr are only used with MSVC. @@ -14953,7 +14915,7 @@ ndif * des_quad_cksum() byte order bug fix. *Ulf Möller, using the problem description in krb4-0.9.7, where - the solution is attributed to Derrick J Brashear * + the solution is attributed to Derrick J Brashear * * Fix so V_ASN1_APP_CHOOSE works again: however its use is strongly discouraged. @@ -15081,7 +15043,7 @@ ndif *Lutz Behnke * -### Changes between 0.9.4 and 0.9.5 [28 Feb 2000] ### +### Changes between 0.9.4 and 0.9.5 [28 Feb 2000] * PKCS7_encrypt() was adding text MIME headers twice because they were added manually and by SMIME_crlf_copy(). @@ -15114,7 +15076,7 @@ ndif * Change names of new functions to the new get1/get0 naming convention: After 'get1', the caller owns a reference count - and has to call ..._free; 'get0' returns a pointer to some + and has to call `..._free`; 'get0' returns a pointer to some data structure without incrementing reference counters. (Some of the existing 'get' functions increment a reference counter, some don't.) @@ -15130,7 +15092,7 @@ ndif * Fix potential buffer overrun problem in BIO_printf(). *Ulf Möller, using public domain code by Patrick Powell; problem - pointed out by David Sacerdote * + pointed out by David Sacerdote * * Support EGD . New functions RAND_egd() and RAND_status(). In the command line application, @@ -15157,23 +15119,23 @@ ndif *Steve Henson* - * ..._ctrl functions now have corresponding ..._callback_ctrl functions - where the 'void *' argument is replaced by a function pointer argument. - Previously 'void *' was abused to point to functions, which works on + * `..._ctrl` functions now have corresponding `..._callback_ctrl` functions + where the `void *` argument is replaced by a function pointer argument. + Previously `void *` was abused to point to functions, which works on many platforms, but is not correct. As these functions are usually called by macros defined in OpenSSL header files, most source code should work without changes. *Richard Levitte* - * (which is created by Configure) now contains + * `` (which is created by Configure) now contains sections with information on -D... compiler switches used for compiling the library so that applications can see them. To enable - one of these sections, a pre-processor symbol OPENSSL_..._DEFINES + one of these sections, a pre-processor symbol `OPENSSL_..._DEFINES` must be defined. E.g., #define OPENSSL_ALGORITHM_DEFINES #include - defines all pertinent NO_ symbols, such as NO_IDEA, NO_RSA, etc. + defines all pertinent `NO_` symbols, such as NO_IDEA, NO_RSA, etc. *Richard Levitte, Ulf and Bodo Möller* @@ -15248,7 +15210,7 @@ ndif *Andy Polyakov* * Bug fix for BN_div() when the first words of num and divisor are - equal (it gave wrong results if (rem=(n1-q*d0)&BN_MASK2) < d0). + equal (it gave wrong results if `(rem=(n1-q*d0)&BN_MASK2) < d0)`. *Ulf Möller* @@ -15267,7 +15229,7 @@ ndif *Ulf Möller* - * Change the SSLeay_add_all_*() functions to OpenSSL_add_all_*() and + * Change the `SSLeay_add_all_*()` functions to `OpenSSL_add_all_*()` and include a #define from the old name to the new. The original intent was that statically linked binaries could for example just call SSLeay_add_all_ciphers() to just add ciphers to the table and not @@ -15292,7 +15254,7 @@ ndif *Martin Kraemer * * Source code cleanups: use const where appropriate, eliminate casts, - use void * instead of char * in lhash. + use `void *` instead of `char *` in lhash. *Ulf Möller* @@ -15367,7 +15329,7 @@ ndif *Ulf Möller, Bodo Möller* * Clean up CRYPTO_EX_DATA functions, some of these didn't have prototypes - used (char *) instead of (void *) and had casts all over the place. + used `char *` instead of `void *` and had casts all over the place. *Steve Henson* @@ -15432,7 +15394,7 @@ ndif *Steve Henson* * Changes to X509_ATTRIBUTE utilities. These have been renamed from - X509_*() to X509at_*() on the grounds that they don't handle X509 + `X509_*()` to `X509at_*()` on the grounds that they don't handle X509 structures and behave in an analogous way to the X509v3 functions: they shouldn't be called directly but wrapper functions should be used instead. @@ -15447,7 +15409,7 @@ ndif * Add missing #ifndefs that caused missing symbols when building libssl as a shared library without RSA. Use #ifndef NO_SSL2 instead of - NO_RSA in ssl/s2*.c. + NO_RSA in `ssl/s2*.c`. *Kris Kennaway , modified by Ulf Möller* @@ -15760,8 +15722,8 @@ ndif There are two big advantages in doing things this way. The extensions can be looked up immediately and no longer need to be "added" using X509V3_add_standard_extensions(): this function now does nothing. - *Side note: I get *lots* of email saying the extension code doesn't - work because people forget to call this function* + Side note: I get *lots* of email saying the extension code doesn't + work because people forget to call this function. Also no dynamic allocation is done unless new extensions are added: so if we don't add custom extensions there is no need to call X509V3_EXT_cleanup(). @@ -15841,10 +15803,10 @@ ndif it clearly returns an error if you try to read the wrong kind of key. Added a -pubkey option to the 'x509' utility to output the public key. - Also rename the EVP_PKEY_get_*() to EVP_PKEY_rget_*() - (renamed to EVP_PKEY_get1_*() in the OpenSSL 0.9.5 release) and add - EVP_PKEY_rset_*() functions (renamed to EVP_PKEY_set1_*()) - that do the same as the EVP_PKEY_assign_*() except they up the + Also rename the `EVP_PKEY_get_*()` to `EVP_PKEY_rget_*()` + (renamed to `EVP_PKEY_get1_*()` in the OpenSSL 0.9.5 release) and add + `EVP_PKEY_rset_*()` functions (renamed to `EVP_PKEY_set1_*()`) + that do the same as the `EVP_PKEY_assign_*()` except they up the reference count of the added key (they don't "swallow" the supplied key). @@ -15979,7 +15941,7 @@ ndif *Steve Henson* - * Fix assembler for Alpha (tested only on DEC OSF not Linux or *BSD). + * Fix assembler for Alpha (tested only on DEC OSF not Linux or `*BSD`). The problem was that one of the replacement routines had not been working since SSLeay releases. For now the offending routine has been replaced with non-optimised assembler. Even so, this now gives around 95% @@ -16070,8 +16032,8 @@ ndif *Steve Henson* * Add function equivalents to the various macros in asn1.h. The old - macros are retained with an M_ prefix. Code inside the library can - use the M_ macros. External code (including the openssl utility) + macros are retained with an `M_` prefix. Code inside the library can + use the `M_` macros. External code (including the openssl utility) should *NOT* in order to be "shared library friendly". *Steve Henson* @@ -16090,7 +16052,7 @@ ndif *Steve Henson* - * New X509V3_{X509,CRL,REVOKED}_get_d2i() functions. These will search + * New `X509V3_{X509,CRL,REVOKED}_get_d2i()` functions. These will search for, obtain and decode and extension and obtain its critical flag. This allows all the necessary extension code to be handled in a single function call. @@ -16152,7 +16114,7 @@ ndif usual with these problems it takes *ages* to find and the fix is trivial: move one line. - *Steve Henson, reported by ian@uns.ns.ac.yu (Ivan Nejgebauer) * + *Steve Henson, reported by ian@uns.ns.ac.yu (Ivan Nejgebauer)* * Ugly workaround to get s_client and s_server working under Windows. The old code wouldn't work because it needed to select() on sockets and the @@ -16329,13 +16291,13 @@ ndif *Bodo Moeller* -### Changes between 0.9.3a and 0.9.4 [09 Aug 1999] ### +### Changes between 0.9.3a and 0.9.4 [09 Aug 1999] * Install libRSAglue.a when OpenSSL is built with RSAref. *Ralf S. Engelschall* - * A few more ``#ifndef NO_FP_API / #endif'' pairs for consistency. + * A few more `#ifndef NO_FP_API / #endif` pairs for consistency. *Andrija Antonijevic * @@ -16350,7 +16312,7 @@ ndif For 1024-bit p, DSA_generate_parameters followed by DSA_dup_DH is much faster than DH_generate_parameters (which creates parameters - where p = 2*q + 1), and also the smaller q makes DH computations + where `p = 2*q + 1`), and also the smaller q makes DH computations much more efficient (160-bit exponentiation instead of 1024-bit exponentiation); so this provides a convenient way to support DHE ciphersuites in SSL/TLS servers (see ssl/ssltest.c). It is of @@ -16398,7 +16360,7 @@ ndif to ....(char *buf, int size, int rwflag, void *userdata); so that applications can pass data to their callbacks: - The PEM[_ASN1]_{read,write}... functions and macros now take an + The `PEM[_ASN1]_{read,write}...` functions and macros now take an additional void * argument, which is just handed through whenever the password callback is called. @@ -16455,7 +16417,7 @@ ndif 1. Casts to avoid "loss of data" warnings in p5_crpt2.c 2. Change unsigned int to int in b_dump.c to avoid "signed/unsigned comparison" warnings. - 3. Add sk__sort to DEF file generator and do make update. + 3. Add `sk__sort` to DEF file generator and do make update. *Steve Henson* @@ -16548,8 +16510,7 @@ ndif store the length when it is first determined and use it later, rather than trying to keep track of where data is copied and updating it to point to the end. - *Steve Henson, reported by Brien Wheeler - * + *Steve Henson, reported by Brien Wheeler * * Add a new function PKCS7_signatureVerify. This allows the verification of a PKCS#7 signature but with the signing certificate passed to the @@ -16560,7 +16521,7 @@ ndif *Steve Henson* - * Complete the PEM_* macros with DECLARE_PEM versions to replace the + * Complete the `PEM_*` macros with DECLARE_PEM versions to replace the function prototypes in pem.h, also change util/mkdef.pl to add the necessary function names. @@ -16618,7 +16579,7 @@ ndif *Steve Henson* * Fix determination of Perl interpreter: A perl or perl5 - _directory_ in $PATH was also accepted as the interpreter. + *directory* in $PATH was also accepted as the interpreter. *Ralf S. Engelschall* @@ -16647,7 +16608,6 @@ ndif *Bodo Moeller* -f 0 * DES CBC did not update the IV. Weird. *Ben Laurie* @@ -16728,7 +16688,7 @@ ndif *Martin Kraemer * - * Make callbacks for key generation use void * instead of char *. + * Make callbacks for key generation use `void *` instead of `char *`. *Ben Laurie* @@ -16744,8 +16704,7 @@ ndif *Bodo Moeller* - -### Changes between 0.9.3 and 0.9.3a [29 May 1999] ### +### Changes between 0.9.3 and 0.9.3a [29 May 1999] * New configuration variant "sco5-gcc". @@ -16778,8 +16737,7 @@ ndif *Richard Levitte* - -### Changes between 0.9.2b and 0.9.3 [24 May 1999] ### +### Changes between 0.9.2b and 0.9.3 [24 May 1999] * Bignum library bug fix. IRIX 6 passes "make test" now! This also avoids the problems with SC4.2 and unpatched SC5. @@ -16846,8 +16804,8 @@ ndif *Steve Henson* * Make SSL library a little more fool-proof by not requiring any longer - that SSL_set_{accept,connect}_state be called before - SSL_{accept,connect} may be used (SSL_set_..._state is omitted + that `SSL_set_{accept,connect}_state` be called before + `SSL_{accept,connect}` may be used (`SSL_set_..._state` is omitted in many applications because usually everything *appeared* to work as intended anyway -- now it really works as intended). @@ -16857,9 +16815,9 @@ ndif *Ulf Möller* - * Fix various things to let OpenSSL even pass ``egcc -pipe -O2 -Wall + * Fix various things to let OpenSSL even pass "egcc -pipe -O2 -Wall -Wshadow -Wpointer-arith -Wcast-align -Wmissing-prototypes - -Wmissing-declarations -Wnested-externs -Winline'' with EGCS 1.1.2+ + -Wmissing-declarations -Wnested-externs -Winline" with EGCS 1.1.2+ *Ralf S. Engelschall* @@ -16871,7 +16829,7 @@ ndif * Create a duplicate of the SSL_CTX's CERT in SSL_new instead of copying pointers. The cert_st handling is changed by this in various ways (and thus what used to be known as ctx->default_cert - is now called ctx->cert, since we don't resort to s->ctx->[default_]cert + is now called ctx->cert, since we don't resort to `s->ctx->[default_]cert` any longer when s->cert does not give us what we need). ssl_cert_instantiate becomes obsolete by this change. As soon as we've got the new code right (possibly it already is?), @@ -16880,7 +16838,7 @@ ndif Note that using the SSL API in certain dirty ways now will result in different behaviour than observed with earlier library versions: - Changing settings for an SSL_CTX *ctx after having done s = SSL_new(ctx) + Changing settings for an `SSL_CTX *ctx` after having done s = SSL_new(ctx) does not influence s as it used to. In order to clean up things more thoroughly, inside SSL_SESSION @@ -16942,7 +16900,7 @@ ndif *Anonymous* - * Add missing sk__unshift() function to safestack.h + * Add missing `sk__unshift()` function to safestack.h *Ralf S. Engelschall* @@ -17002,7 +16960,7 @@ ndif *Niels Poppe * - * New Configure option no- (rsa, idea, rc5, ...). + * New Configure option `no-` (rsa, idea, rc5, ...). *Ulf Möller* @@ -17037,7 +16995,7 @@ ndif *Steve Henson* - * Change #include filenames from to . + * Change #include filenames from `` to ``. *Bodo Moeller* @@ -17157,16 +17115,16 @@ ndif *Ben Laurie* - * Add `openssl ca -revoke ' facility which revokes a certificate - specified in by updating the entry in the index.txt file. + * Add `openssl ca -revoke ` facility which revokes a certificate + specified in `` by updating the entry in the index.txt file. This way one no longer has to edit the index.txt file manually for revoking a certificate. The -revoke option does the gory details now. *Massimiliano Pala , Ralf S. Engelschall* - * Fix `openssl crl -noout -text' combination where `-noout' killed the - `-text' option at all and this way the `-noout -text' combination was - inconsistent in `openssl crl' with the friends in `openssl x509|rsa|dsa'. + * Fix `openssl crl -noout -text` combination where `-noout` killed the + `-text` option at all and this way the `-noout -text` combination was + inconsistent in `openssl crl` with the friends in `openssl x509|rsa|dsa`. *Ralf S. Engelschall* @@ -17176,12 +17134,12 @@ ndif *Ralf S. Engelschall* - * Bugfix: In test/testenc, don't test "openssl " for + * Bugfix: In test/testenc, don't test `openssl ` for ciphers that were excluded, e.g. by -DNO_IDEA. Also, test all available ciphers including rc5, which was forgotten until now. In order to let the testing shell script know which algorithms are available, a new (up to now undocumented) command - "openssl list-cipher-commands" is used. + `openssl list-cipher-commands` is used. *Bodo Moeller* @@ -17270,8 +17228,7 @@ ndif *Soren S. Jorvang * - -### Changes between 0.9.1c and 0.9.2b [22 Mar 1999] ### +### Changes between 0.9.1c and 0.9.2b [22 Mar 1999] * Make SSL_get_peer_cert_chain() work in servers. Unfortunately, it still doesn't work when the session is reused. Coming soon! @@ -17401,13 +17358,14 @@ ndif * Add a useful kludge to allow package maintainers to specify compiler and other platforms details on the command line without having to patch the - Configure script every time: One now can use ``perl Configure - :
'', i.e. platform ids are allowed to have details appended + Configure script every time: One now can use + `perl Configure :
`, + i.e. platform ids are allowed to have details appended to them (separated by colons). This is treated as there would be a static - pre-configured entry in Configure's %table under key with value -
and ``perl Configure '' is called. So, when you want to + pre-configured entry in Configure's %table under key `` with value + `
` and `perl Configure ` is called. So, when you want to perform a quick test-compile under FreeBSD 3.1 with pgcc and without - assembler stuff you can use ``perl Configure "FreeBSD-elf:pgcc:-O6:::"'' + assembler stuff you can use `perl Configure "FreeBSD-elf:pgcc:-O6:::"` now, which overrides the FreeBSD-elf entry on-the-fly. *Ralf S. Engelschall* @@ -17468,7 +17426,7 @@ ndif *Steve Henson* - * Added the new `Includes OpenSSL Cryptography Software' button as + * Added the new 'Includes OpenSSL Cryptography Software' button as doc/openssl_button.{gif,html} which is similar in style to the old SSLeay button and can be used by applications based on OpenSSL to show the relationship to the OpenSSL project. @@ -17504,7 +17462,7 @@ ndif * Experiment with doxygen documentation. Currently only partially applied to ssl/ssl_lib.c. - See http://www.stack.nl/~dimitri/doxygen/index.html, and run doxygen with + See , and run doxygen with openssl.doxy as the configuration file. *Ben Laurie* @@ -17550,13 +17508,13 @@ ndif *Richard Levitte * - * Fix 'port' variable from `int' to `unsigned int' in crypto/bio/b_sock.c + * Fix `port` variable from `int` to `unsigned int` in crypto/bio/b_sock.c *Richard Levitte * * Change type of another md_len variable in pk7_doit.c:PKCS7_dataFinal() - from `int' to `unsigned int' because it's a length and initialized by - EVP_DigestFinal() which expects an `unsigned int *'. + from `int` to `unsigned int` because it is a length and initialized by + EVP_DigestFinal() which expects an `unsigned int *`. *Richard Levitte * @@ -17628,7 +17586,7 @@ ndif foundations than the ad-hoc padding used in PKCS #1 v1.5. It is secure against Bleichbacher's attack on RSA. *Ulf Moeller , reformatted, corrected and integrated by - Ben Laurie* + Ben Laurie* * Updates to the new SSL compression code @@ -17708,7 +17666,7 @@ ndif *Steve Henson* - * Overhauled the Perl interface (perl/*): + * Overhauled the Perl interface: - ported BN stuff to OpenSSL's different BN library - made the perl/ source tree CVS-aware - renamed the package from SSLeay to OpenSSL (the files still contain @@ -17747,7 +17705,7 @@ ndif *Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)* - * Make sure `make rehash' target really finds the `openssl' program. + * Make sure `make rehash` target really finds the `openssl` program. *Ralf S. Engelschall, Matthias Loepfe * @@ -17760,7 +17718,7 @@ ndif *Alan Batie * - * Fixed ms/32all.bat script: `no_asm' -> `no-asm' + * Fixed ms/32all.bat script: `no_asm` -> `no-asm` *Rainer W. Gerling * @@ -17913,7 +17871,7 @@ ndif *Steve Henson* - * Make _all_ *_free functions accept a NULL pointer. + * Make *all* `*_free` functions accept a NULL pointer. *Frans Heymans * @@ -17976,10 +17934,10 @@ ndif *Steve Henson and Ben Laurie* - * First cut of a cleanup for apps/. First the `ssleay' program is now named - `openssl' and second, the shortcut symlinks for the `openssl ' + * First cut of a cleanup for apps/. First the `ssleay` program is now named + `openssl` and second, the shortcut symlinks for the `openssl ` are no longer created. This way we have a single and consistent command - line interface `openssl ', similar to `cvs '. + line interface `openssl `, similar to `cvs `. *Ralf S. Engelschall, Paul Sutton and Ben Laurie* @@ -18072,8 +18030,7 @@ ndif *Ben Laurie* - -### Changes between 0.9.1b and 0.9.1c [23-Dec-1998] ### +### Changes between 0.9.1b and 0.9.1c [23-Dec-1998] * Added OPENSSL_VERSION_NUMBER to crypto/crypto.h and changed SSLeay to OpenSSL in version strings. @@ -18094,7 +18051,7 @@ ndif *Andrew Cooke / Interrader Ldt., Ralf S. Engelschall* - * Fixed nasty rehash problem under `make -f Makefile.ssl links' + * Fixed nasty rehash problem under `make -f Makefile.ssl links` when "ssleay" is still not found. *Ralf S. Engelschall* @@ -18146,8 +18103,7 @@ ndif *The OpenSSL Project* - -### Changes between 0.9.0b and 0.9.1b [not released] ### +### Changes between 0.9.0b and 0.9.1b [not released] * Updated a few CA certificates under certs/ @@ -18278,7 +18234,6 @@ ndif *Edward Bishop * - [CVE-2019-1563]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1563 diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 7a9fa2b4ec..23756a5d4a 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -5,7 +5,6 @@ Please visit our [Getting Started][gs] page for other ideas about how to contrib [gs]: https://www.openssl.org/community/getting-started.html - Development is done on GitHub in the [openssl/openssl][gh] repository. [gh]: https://github.com/openssl/openssl @@ -30,14 +29,17 @@ guidelines: [CLA]: https://www.openssl.org/policies/cla.html To amend a missing "`CLA: trivial`" line after submission, do the following: + ``` git commit --amend [add the line, save and quit the editor] git push -f ``` + 2. All source files should start with the following text (with appropriate comment characters at the start of each line and the year(s) updated): + ``` Copyright 20xx-20yy The OpenSSL Project Authors. All Rights Reserved. diff --git a/INSTALL.md b/INSTALL.md index e19f6693dd..d4da50c7f7 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -1,4 +1,3 @@ - Build and Install ================= @@ -12,36 +11,35 @@ Table of Contents - [Prerequisites](#prerequisites) - [Notational Conventions](#notational-conventions) - [Quick Installation Guide](#quick-installation-guide) - - [Building OpenSSL](#building-openssl) - - [Installing OpenSSL](#installing-openssl) + - [Building OpenSSL](#building-openssl) + - [Installing OpenSSL](#installing-openssl) - [Configuration Options](#configuration-options) - - [API Level](#api-level) - - [Cross Compile Prefix](#cross-compile-prefix) - - [Build Type](#build-type) - - [Directories](#directories) - - [Compiler Warnings](#compiler-warnings) - - [ZLib Flags](#zlib-flags) - - [Seeding the Random Generator](#seeding-the-random-generator) - - [Enable and Disable Features](#enable-and-disable-features) - - [Displaying configuration data](#displaying-configuration-data) + - [API Level](#api-level) + - [Cross Compile Prefix](#cross-compile-prefix) + - [Build Type](#build-type) + - [Directories](#directories) + - [Compiler Warnings](#compiler-warnings) + - [ZLib Flags](#zlib-flags) + - [Seeding the Random Generator](#seeding-the-random-generator) + - [Enable and Disable Features](#enable-and-disable-features) + - [Displaying configuration data](#displaying-configuration-data) - [Installation Steps in Detail](#installation-steps-in-detail) - - [Configure](#configure-openssl) - - [Build](#build-openssl) - - [Test](#test-openssl) - - [Install](#install-openssl) + - [Configure](#configure-openssl) + - [Build](#build-openssl) + - [Test](#test-openssl) + - [Install](#install-openssl) - [Advanced Build Options](#advanced-build-options) - - [Environment Variables](#environment-variables) - - [Makefile Targets](#makefile-targets) - - [Running Selected Tests](#running-selected-tests) + - [Environment Variables](#environment-variables) + - [Makefile Targets](#makefile-targets) + - [Running Selected Tests](#running-selected-tests) - [Troubleshooting](#troubleshooting) - - [Configuration Problems](#configuration-problems) - - [Build Failures](#build-failures) - - [Test Failures](#test-failures) + - [Configuration Problems](#configuration-problems) + - [Build Failures](#build-failures) + - [Test Failures](#test-failures) - [Notes](#notes) - - [Notes on multi-threading](#notes-on-multi-threading) - - [Notes on shared libraries](#notes-on-shared-libraries) - - [Notes on random number generation](#notes-on-random-number-generation) - + - [Notes on multi-threading](#notes-on-multi-threading) + - [Notes on shared libraries](#notes-on-shared-libraries) + - [Notes on random number generation](#notes-on-random-number-generation) Prerequisites ============= @@ -67,7 +65,6 @@ issues and other details, please read one of these: * [NOTES.VALGRIND](NOTES.VALGRIND) - testing with Valgrind * [NOTES.PERL](NOTES.PERL) - some notes on Perl - Notational conventions ====================== @@ -129,7 +126,6 @@ A simple example would be which is to be understood to use the command `type` on some file name determined by the user. - **Optional Arguments** are enclosed in double square brackets. [[ options ]] @@ -138,7 +134,6 @@ Note that the notation assumes spaces around {, }, [, ], {{, }} and [[, ]]. This is to differentiate from OpenVMS directory specifications, which also use [ and ], but without spaces. - Quick Installation Guide ======================== @@ -154,13 +149,13 @@ Use the following commands to configure, build and test OpenSSL. The testing is optional, but recommended if you intend to install OpenSSL for production use. -### Unix / Linux / macOS ### +### Unix / Linux / macOS $ ./config $ make $ make test -### OpenVMS ### +### OpenVMS Use the following commands to build OpenSSL: @@ -168,7 +163,7 @@ Use the following commands to build OpenSSL: $ mms $ mms test -### Windows ### +### Windows If you are using Visual Studio, open a Developer Command Prompt and and issue the following commands to build OpenSSL. @@ -210,7 +205,7 @@ the global search path for system libraries. Finally, if you plan on using the FIPS module, you need to read the [Post-installation Notes](#post-installation-notes) further down. -### Unix / Linux / macOS ### +### Unix / Linux / macOS Depending on your distribution, you need to run the following command as root user or prepend `sudo` to the command: @@ -230,7 +225,7 @@ More precisely, the files will be installed into the subdirectories depending on the file type, as it is custom on Unix-like operating systems. -### OpenVMS ### +### OpenVMS Use the following command to install OpenSSL. @@ -243,7 +238,7 @@ By default, OpenSSL will be installed to where 'version' is the OpenSSL version number with underscores instead of periods. -### Windows ### +### Windows If you are using Visual Studio, open the Developer Command Prompt _elevated_ and issue the following command. @@ -264,8 +259,7 @@ for native binaries, or for 32bit binaries on 64bit Windows (WOW64). - -#### Installing to a different location #### +#### Installing to a different location To install OpenSSL to a different location (for example into your home directory for testing purposes) run config like this: @@ -279,11 +273,10 @@ directory for testing purposes) run config like this: $ @config --prefix=PROGRAM:[INSTALLS] --openssldir=SYS$MANAGER:[OPENSSL] Note: if you do add options to the configuration command, please make sure -you've read more than just this Quick Start, such as relevant NOTES.* files, +you've read more than just this Quick Start, such as relevant `NOTES.*` files, the options outline below, as configuration options may change the outcome in otherwise unexpected ways. - Configuration Options ===================== @@ -310,7 +303,6 @@ If you just intend to remove all deprecated APIs up to the current version entirely, just specify [no-deprecated](#no-deprecated). If `--api` isn't given, it defaults to the current (minor) OpenSSL version. - Cross Compile Prefix -------------------- @@ -333,7 +325,6 @@ mention that you have to invoke `./Configure`, not `./config`, and pass your tar name explicitly. Also, note that `--openssldir` refers to target's file system, not one you are building on. - Build Type ---------- @@ -345,11 +336,10 @@ Build OpenSSL with debugging symbols and zero optimization level. Build OpenSSL without debugging symbols. This is the default. - Directories ----------- -### libdir ### +### libdir --libdir=DIR @@ -359,7 +349,7 @@ this is "lib". Note that on Windows only static libraries (`*.lib`) will be stored in this location. Shared libraries (`*.dll`) will always be installed to the "bin" directory. -### openssldir ### +### openssldir --openssldir=DIR @@ -373,7 +363,7 @@ and key store. Defaults are: For 32bit Windows applications on Windows 64bit (WOW64), always replace `C:\Program Files` by `C:\Program Files (x86)`. -### prefix ### +### prefix --prefix=DIR @@ -383,7 +373,6 @@ The top of the installation directory tree. Defaults are: Windows: C:\Program Files\OpenSSL OpenVMS: SYS$COMMON:[OPENSSL-'version'] - Compiler Warnings ----------------- @@ -397,7 +386,7 @@ this option where possible. ZLib Flags ---------- -### with-zlib-include ### +### with-zlib-include --with-zlib-include=DIR @@ -405,7 +394,7 @@ The directory for the location of the zlib include file. This option is only necessary if [enable-zlib](#enable-zlib) is used and the include file is not already on the system include path. -### with-zlib-lib ### +### with-zlib-lib --with-zlib-lib=LIB @@ -421,7 +410,6 @@ then this flag is optional and defaults to "ZLIB1" if not provided. This flag is optional and if not provided then "GNV$LIBZSHR", "GNV$LIBZSHR32" or "GNV$LIBZSHR64" is used by default depending on the pointer size chosen. - Seeding the Random Generator ---------------------------- @@ -432,18 +420,18 @@ in order to obtain random input (a.k.a "entropy") for seeding its cryptographically secure random number generator (CSPRNG). The current seeding methods are: -### os ### +### os Use a trusted operating system entropy source. This is the default method if such an entropy source exists. -### getrandom ### +### getrandom Use the [getrandom(2)][man-getrandom] or equivalent system call. [man-getrandom]: http://man7.org/linux/man-pages/man2/getrandom.2.html -### devrandom ### +### devrandom Use the first device from the DEVRANDOM list which can be opened to read random bytes. The DEVRANDOM preprocessor constant expands to @@ -452,19 +440,19 @@ random bytes. The DEVRANDOM preprocessor constant expands to on most unix-ish operating systems. -### egd ### +### egd Check for an entropy generating daemon. -### rdcpu ### +### rdcpu Use the RDSEED or RDRAND command if provided by the CPU. -### librandom ### +### librandom Use librandom (not implemented yet). -### none ### +### none Disable automatic seeding. This is the default on some operating systems where no suitable entropy source exists, or no support for it is implemented yet. @@ -474,7 +462,6 @@ at the end of this document. [rng]: #notes-on-random-number-generation - Enable and Disable Features --------------------------- @@ -488,14 +475,13 @@ In the following list, always the non-default variant is documented: if feature xxxx is disabled by default then enable-xxxx is documented and if feature xxxx is enabled by default then no-xxxx is documented. - -### no-afalgeng ### +### no-afalgeng Don't build the AFALG engine. This option will be forced on a platform that does not support AFALG. -### enable-ktls ### +### enable-ktls Build with Kernel TLS support. @@ -505,7 +491,7 @@ TLS sockets. The Kernel may use TLS accelerators if any are available on the system. This option will be forced off on systems that do not support the Kernel TLS data-path. -### enable-asan ### +### enable-asan Build with the Address sanitiser. @@ -514,7 +500,7 @@ never be used in production environments. It will only work when used with gcc or clang and should be used in conjunction with the [no-shared](#no-shared) option. -### no-asm ### +### no-asm Do not use assembler code. @@ -522,11 +508,11 @@ This should be viewed as debugging/troubleshooting option rather than for production use. On some platforms a small amount of assembler code may still be used even with this option. -### no-async ### +### no-async Do not build support for async operations. -### no-autoalginit ### +### no-autoalginit Don't automatically load all supported ciphers and digests. @@ -536,7 +522,7 @@ size is an objective. This only affects libcrypto. Ciphers and digests will have to be loaded manually using EVP_add_cipher() and EVP_add_digest() if this option is used. This option will force a non-shared build. -### no-autoerrinit ### +### no-autoerrinit Don't automatically load all libcrypto/libssl error strings. @@ -544,14 +530,14 @@ Typically OpenSSL will automatically load human readable error strings. For a statically linked application this may be undesirable if small executable size is an objective. -### no-autoload-config ### +### no-autoload-config Don't automatically load the default openssl.cnf file. Typically OpenSSL will automatically load a system config file which configures default SSL options. -### enable-buildtest-c++ ### +### enable-buildtest-c++ While testing, generate C++ buildtest files that simply check that the public OpenSSL header files are usable standalone with C++. @@ -561,76 +547,76 @@ as configuration option, you must ensure that it's valid for both the C and the C++ compiler. If not, the C++ build test will most likely break. As an alternative, you can use the language specific variables, CFLAGS and CXXFLAGS. -### no-capieng ### +### no-capieng Don't build the CAPI engine. This option will be forced if on a platform that does not support CAPI. -### no-cmp ### +### no-cmp Don't build support for Certificate Management Protocol (CMP). -### no-cms ### +### no-cms Don't build support for Cryptographic Message Syntax (CMS). -### no-comp ### +### no-comp Don't build support for SSL/TLS compression. If this option is enabled (the default), then compression will only work if the zlib or zlib-dynamic options are also chosen. -### enable-crypto-mdebug ### +### enable-crypto-mdebug This now only enables the failed-malloc feature. -### enable-crypto-mdebug-backtrace ### +### enable-crypto-mdebug-backtrace This is a no-op; the project uses the compiler's address/leak sanitizer instead. -### no-ct ### +### no-ct Don't build support for Certificate Transparency (CT). -### no-deprecated ### +### no-deprecated Don't build with support for deprecated APIs up until and including the version given with `--api` (or the current version, if `--api` wasn't specified). -### no-dgram ### +### no-dgram Don't build support for datagram based BIOs. Selecting this option will also force the disabling of DTLS. -### no-dso ### +### no-dso Don't build support for loading Dynamic Shared Objects (DSO) -### enable-devcryptoeng ### +### enable-devcryptoeng Build the `/dev/crypto` engine. This option is automatically selected on the BSD platform, in which case it can be disabled with no-devcryptoeng. -### no-dynamic-engine ### +### no-dynamic-engine Don't build the dynamically loaded engines. This only has an effect in a shared build. -### no-ec ### +### no-ec Don't build support for Elliptic Curves. -### no-ec2m ### +### no-ec2m Don't build support for binary Elliptic Curves -### enable-ec_nistp_64_gcc_128 ### +### enable-ec_nistp_64_gcc_128 Enable support for optimised implementations of some commonly used NIST elliptic curves. @@ -643,19 +629,19 @@ This option is only supported on platforms: - supports the non-standard type `__uint128_t` - defines the built-in macro `__SIZEOF_INT128__` -### enable-egd ### +### enable-egd Build support for gathering entropy from the Entropy Gathering Daemon (EGD). -### no-engine ### +### no-engine Don't build support for loading engines. -### no-err ### +### no-err Don't compile in any error strings. -### enable-external-tests ### +### enable-external-tests Enable building of integration with external test suites. @@ -668,16 +654,16 @@ external test suites are currently supported: See the file [test/README.external]/(test/README.external) for further details. -### no-filenames ### +### no-filenames Don't compile in filename and line number information (e.g. for errors and memory allocation). -### no-fips ### +### no-fips Don't compile the FIPS provider -### enable-fuzz-libfuzzer, enable-fuzz-afl ### +### enable-fuzz-libfuzzer, enable-fuzz-afl Build with support for fuzzing using either libfuzzer or AFL. @@ -686,7 +672,7 @@ should never be used in production environments. See the file [fuzz/README.md](fuzz/README.md) for further details. -### no-gost ### +### no-gost Don't build support for GOST based ciphersuites. @@ -694,51 +680,49 @@ Note that if this feature is enabled then GOST ciphersuites are only available if the GOST algorithms are also available through loading an externally supplied engine. -### no-legacy ### +### no-legacy Don't build the legacy provider. Disabling this also disables the legacy algorithms: MD2 (already disabled by default). - -### no-makedepend ### +### no-makedepend Don't generate dependencies. -### no-module ### +### no-module Don't build any dynamically loadable engines. This also implies 'no-dynamic-engine'. -### no-multiblock ### +### no-multiblock Don't build support for writing multiple records in one go in libssl Note: this is a different capability to the pipelining functionality. -### no-nextprotoneg ### +### no-nextprotoneg Don't build support for the Next Protocol Negotiation (NPN) TLS extension. -### no-ocsp ### +### no-ocsp Don't build support for Online Certificate Status Protocol (OCSP). - -### no-padlockeng ### +### no-padlockeng Don't build the padlock engine. -### no-hw-padlock ### +### no-hw-padlock As synonyme for no-padlockeng. Deprecated and should not be used. -### no-pic ### +### no-pic Don't build with support for Position Independent Code. -### no-pinshared ### +### no-pinshared Don't pin the shared libraries. @@ -755,48 +739,47 @@ before libcrypto then a crash is likely to happen. Applications can suppress running of the atexit() handler at run time by using the OPENSSL_INIT_NO_ATEXIT option to OPENSSL_init_crypto(). See the man page for it for further details. -### no-posix-io ### +### no-posix-io Don't use POSIX IO capabilities. -### no-psk ### +### no-psk Don't build support for Pre-Shared Key based ciphersuites. -### no-rdrand ### +### no-rdrand Don't use hardware RDRAND capabilities. -### no-rfc3779 ### +### no-rfc3779 Don't build support for RFC3779, "X.509 Extensions for IP Addresses and AS Identifiers". -### sctp ### +### sctp Build support for Stream Control Transmission Protocol (SCTP). -### no-shared ### +### no-shared Do not create shared libraries, only static ones. - See [Notes on shared libraries](#notes-on-shared-libraries) below. -### no-sock ### +### no-sock Don't build support for socket BIOs. -### no-srp ### +### no-srp Don't build support for Secure Remote Password (SRP) protocol or SRP based ciphersuites. -### no-srtp ### +### no-srtp Don't build Secure Real-Time Transport Protocol (SRTP) support. -### no-sse2 ### +### no-sse2 Exclude SSE2 code paths from 32-bit x86 assembly modules. @@ -810,34 +793,34 @@ disengage SSE2 code paths upon application start-up, but if you aim for wider "audience" running such kernel, consider no-sse2. Both the 386 and no-asm options imply no-sse2. -### enable-ssl-trace ### +### enable-ssl-trace Build with the SSL Trace capabilities. This adds the "-trace" option to s_client and s_server. -### no-static-engine ### +### no-static-engine Don't build the statically linked engines. This only has an impact when not built "shared". -### no-stdio ### +### no-stdio Don't use anything from the C header file "stdio.h" that makes use of the "FILE" type. Only libcrypto and libssl can be built in this way. Using this option will suppress building the command line applications. Additionally, since the OpenSSL tests also use the command line applications, the tests will also be skipped. -### no-tests ### +### no-tests Don't build test programs or run any tests. -### no-threads ### +### no-threads Don't build with support for multi-threaded applications. -### threads ### +### threads Build with support for multi-threaded applications. Most platforms will enable this by default. However if on a platform where this is not the case then this @@ -845,17 +828,17 @@ will usually require additional system-dependent options! See [Notes on multi-threading](#notes-on-multi-threading) below. -### enable-trace ### +### enable-trace Build with support for the integrated tracing api. See manual pages OSSL_trace_set_channel(3) and OSSL_trace_enabled(3) for details. -### no-ts ### +### no-ts Don't build Time Stamping (TS) Authority support. -### enable-ubsan ### +### enable-ubsan Build with the Undefined Behaviour sanitiser (UBSAN). @@ -864,40 +847,40 @@ never be used in production environments. It will only work when used with gcc or clang and should be used in conjunction with the `-DPEDANTIC` option (or the `--strict-warnings` option). -### no-ui-console ### +### no-ui-console Don't build with the User Interface (UI) console method The User Interface console method enables text based console prompts. -### enable-unit-test ### +### enable-unit-test Enable additional unit test APIs. This should not typically be used in production deployments. -### no-uplink ### +### no-uplink Don't build support for UPLINK interface. -### enable-weak-ssl-ciphers ### +### enable-weak-ssl-ciphers Build support for SSL/TLS ciphers that are considered "weak" Enabling this includes for example the RC4 based ciphersuites. -### zlib ### +### zlib Build with support for zlib compression/decompression. -### zlib-dynamic ### +### zlib-dynamic Like the zlib option, but has OpenSSL load the zlib library dynamically when needed. This is only supported on systems where loading of shared libraries is supported. -### 386 ### +### 386 In 32-bit x86 builds, use the 80386 instruction set only in assembly modules @@ -905,7 +888,7 @@ The default x86 code is more efficient, but requires at least an 486 processor. Note: This doesn't affect compiler generated code, so this option needs to be accompanied by a corresponding compiler-specific option. -### no-{protocol} ### +### no-{protocol} no-{ssl|ssl3|tls|tls1|tls1_1|tls1_2|tls1_3|dtls|dtls1|dtls1_2} @@ -917,7 +900,7 @@ synonymous with "no-ssl3". Note this only affects version negotiation. OpenSSL will still provide the methods for applications to explicitly select the individual protocol versions. -### no-{protocol}-method ### +### no-{protocol}-method no-{ssl|ssl3|tls|tls1|tls1_1|tls1_2|tls1_3|dtls|dtls1|dtls1_2}-method @@ -929,13 +912,13 @@ TLSv1.3. Using individual protocol methods directly is deprecated. Applications should use TLS_method() instead. -### enable-{algorithm} ### +### enable-{algorithm} enable-{md2|rc5} Build with support for the specified algorithm. -### no-{algorithm} ### +### no-{algorithm} no-{aria|bf|blake2|camellia|cast|chacha|cmac| des|dh|dsa|ecdh|ecdsa|idea|md4|mdc2|ocb| @@ -946,7 +929,7 @@ Build without support for the specified algorithm. The "ripemd" algorithm is deprecated and if used is synonymous with rmd160. -### Compiler-specific options ### +### Compiler-specific options -Dxxx, -Ixxx, -Wp, -lxxx, -Lxxx, -Wl, -rpath, -R, -framework, -static @@ -977,7 +960,7 @@ encoding. Take note of the [Environment Variables](#environment-variables) documentation below and how these flags interact with those variables. -### Environment Variables ### +### Environment Variables VAR=value @@ -1054,7 +1037,7 @@ If CC is set, it is advisable to also set CXX to ensure both the C and C++ compiler are in the same "family". This becomes relevant with 'enable-external-tests' and 'enable-buildtest-c++'. -### Reconfigure ### +### Reconfigure reconf reconfigure @@ -1093,7 +1076,7 @@ Installation Steps in Detail Configure OpenSSL ----------------- -### Automatic Configuration ### +### Automatic Configuration On some platform a `config` script is available which attempts to guess your operating system (and compiler, if necessary) and calls the `Configure` @@ -1101,15 +1084,15 @@ Perl script with appropriate target based on its guess. Further options can be supplied to the `config` script, which will be passed on to the `Configure` script. -#### Unix / Linux / macOS #### +#### Unix / Linux / macOS $ ./config [[ options ]] -#### OpenVMS #### +#### OpenVMS $ @config [[ options ]] -#### Windows #### +#### Windows Automatic configuration is not available on Windows. @@ -1129,7 +1112,7 @@ On some systems, you can include debugging information as follows: $ ./config -d [[ options ]] -### Manual Configuration ### +### Manual Configuration OpenSSL knows about a range of different operating system, hardware and compiler combinations. To see the ones it knows about, run @@ -1151,8 +1134,7 @@ run: $ ./Configure linux-elf [[ options ]] - -### Creating your own Configuration ### +### Creating your own Configuration If your system isn't listed, you will have to create a configuration file named Configurations/{{ something }}.conf and add the correct @@ -1168,13 +1150,13 @@ and "descrip.mms" on OpenVMS) from a suitable template in Configurations, and defines various macros in include/openssl/configuration.h (generated from include/openssl/configuration.h.in). -### Out of Tree Builds ### +### Out of Tree Builds OpenSSL can be configured to build in a build directory separate from the source code directory. It's done by placing yourself in some other directory and invoking the configuration commands from there. -#### Unix example #### +#### Unix example $ mkdir /var/tmp/openssl-build $ cd /var/tmp/openssl-build @@ -1184,7 +1166,7 @@ or $ /PATH/TO/OPENSSL/SOURCE/Configure {{ target }} [[ options ]] -#### OpenVMS example #### +#### OpenVMS example $ set default sys$login: $ create/dir [.tmp.openssl-build] @@ -1195,7 +1177,7 @@ or $ @[PATH.TO.OPENSSL.SOURCE]Configure {{ target }} [[ options ]] -#### Windows example #### +#### Windows example $ C: $ mkdir \temp-openssl @@ -1205,7 +1187,6 @@ or Paths can be relative just as well as absolute. Configure will do its best to translate them to relative paths whenever possible. - Build OpenSSL ------------- @@ -1239,7 +1220,6 @@ your privileges temporarily if your platform allows it). If some tests fail, take a look at the [Test Failures](#test-failures) subsection of the [Troubleshooting](#troubleshooting) section. - Install OpenSSL --------------- @@ -1256,7 +1236,7 @@ The above commands will install all the software components in this directory tree under PREFIX (the directory given with `--prefix` or its default): -#### Unix / Linux / macOS #### +### Unix / Linux / macOS bin/ Contains the openssl binary and a few other utility scripts. @@ -1278,7 +1258,7 @@ its default): share/doc/openssl/html/man7 Contains the HTML rendition of the man-pages. -#### OpenVMS #### +### OpenVMS 'arch' is replaced with the architecture name, "Alpha" or "ia64", 'sover' is replaced with the shared library version (0101 for 1.1), and @@ -1299,8 +1279,7 @@ its default): [.SYSTEST] Contains the installation verification procedure. [.HTML] Contains the HTML rendition of the manual pages. - -#### Additional Directories #### +### Additional Directories Additionally, install will add the following directories under OPENSSLDIR (the directory given with `--openssldir` or its default) @@ -1328,9 +1307,10 @@ packaged, can use The specified destination directory will be prepended to all installation target paths. -### Compatibility issues with previous OpenSSL versions ### +Compatibility issues with previous OpenSSL versions +--------------------------------------------------- -#### COMPILING existing applications #### +### COMPILING existing applications Starting with version 1.1.0, OpenSSL hides a number of structures that were previously open. This includes all internal libssl structures and a number @@ -1346,7 +1326,6 @@ access a structure's field directly. Some APIs have changed as well. However, older APIs have been preserved when possible. - Post-installation Notes ----------------------- @@ -1358,11 +1337,9 @@ This involves using the following command: See the openssl-fipsinstall(1) manual for details and examples. - Advanced Build Options ====================== - Environment Variables --------------------- @@ -1437,7 +1414,6 @@ platforms. WINDRES See RC. - Makefile Targets ---------------- @@ -1530,7 +1506,7 @@ Also, all tokens except for "alltests" may have wildcards, such as *. (on Unix and Windows, BSD style wildcards are supported, while on VMS, it's VMS style wildcards) -### Examples ### +### Examples Run all tests except for the fuzz tests: @@ -1568,7 +1544,7 @@ Troubleshooting Configuration Problems ---------------------- -### Selecting the correct target ### +### Selecting the correct target The `./config` script tries hard to guess your operating system, but in some cases it does not succeed. You will see a message like the following: @@ -1616,7 +1592,7 @@ you can [raise an issue][] to ask a question yourself. More about our support resources can be found in the [SUPPORT][] file. -### Configuration Errors ### +### Configuration Errors If the `./config` or `./Configure` command fails with an error message, read the error message carefully and try to figure out whether you made @@ -1637,7 +1613,6 @@ Note: To make the output readable, pleace add a 'code fence' (three backquotes ``` - Build Failures -------------- @@ -1668,7 +1643,6 @@ encountered an OpenSSL bug, please [raise an issue][] to file a bug report. Please take the time to review the existing issues first; maybe the bug was already reported or has already been fixed. - Test Failures ------------- @@ -1713,12 +1687,11 @@ compiler optimization flags from the CFLAGS line in Makefile and run "make clean; make" or corresponding. To report a bug please open an issue on GitHub, at -https://github.com/openssl/openssl/issues. +. For more details on how the make variables TESTS can be used, see section [Running Selected Tests](#running-selected-tests) below. - Notes ===== @@ -1803,20 +1776,19 @@ to install additional support software to obtain a random seed and reseed the CSPRNG manually. Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(), and the FAQ for more information. - [openssl-users]: - https://mta.openssl.org/mailman/listinfo/openssl-users + [SUPPORT]: ./SUPPORT.md [GitHub Issues]: - https://github.com/openssl/openssl/issues + [raise an issue]: - https://github.com/openssl/openssl/issues/new/choose + [10-main.conf]: Configurations/10-main.conf diff --git a/NEWS.md b/NEWS.md index 59081b0cdd..ec5e754e0b 100644 --- a/NEWS.md +++ b/NEWS.md @@ -1,4 +1,3 @@ - NEWS ==== @@ -19,7 +18,7 @@ OpenSSL Releases OpenSSL 3.0 ----------- -### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0 [under development] ### +### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0 [under development] * The X25519, X448, Ed25519, Ed448 and SHAKE256 algorithms are included in the FIPS provider. None have the "fips=yes" property set and, as such, @@ -67,16 +66,16 @@ OpenSSL 3.0 OpenSSL 1.1.1 ------------- -### Major changes between OpenSSL 1.1.1e and OpenSSL 1.1.1f [under development] ### +### Major changes between OpenSSL 1.1.1e and OpenSSL 1.1.1f [under development] - * + * -### Major changes between OpenSSL 1.1.1d and OpenSSL 1.1.1e [17 Mar 2020] ### +### Major changes between OpenSSL 1.1.1d and OpenSSL 1.1.1e [17 Mar 2020] * Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli ([CVE-2019-1551][]) -### Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [10 Sep 2019] ### +### Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [10 Sep 2019] * Fixed a fork protection issue ([CVE-2019-1549][]) * Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey @@ -93,36 +92,36 @@ OpenSSL 1.1.1 * Significantly reduce secure memory usage by the randomness pools * Revert the DEVRANDOM_WAIT feature for Linux systems -### Major changes between OpenSSL 1.1.1b and OpenSSL 1.1.1c [28 May 2019] ### +### Major changes between OpenSSL 1.1.1b and OpenSSL 1.1.1c [28 May 2019] * Prevent over long nonces in ChaCha20-Poly1305 ([CVE-2019-1543][]) -### Major changes between OpenSSL 1.1.1a and OpenSSL 1.1.1b [26 Feb 2019] ### +### Major changes between OpenSSL 1.1.1a and OpenSSL 1.1.1b [26 Feb 2019] * Change the info callback signals for the start and end of a post-handshake message exchange in TLSv1.3. * Fix a bug in DTLS over SCTP. This breaks interoperability with older versions of OpenSSL like OpenSSL 1.1.0 and OpenSSL 1.0.2. -### Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.1a [20 Nov 2018] ### +### Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.1a [20 Nov 2018] * Timing vulnerability in DSA signature generation ([CVE-2018-0734][]) * Timing vulnerability in ECDSA signature generation ([CVE-2018-0735][]) -### Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [11 Sep 2018] ### +### Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [11 Sep 2018] * Support for TLSv1.3 added. The TLSv1.3 implementation includes: - * Fully compliant implementation of RFC8446 (TLSv1.3) on by default - * Early data (0-RTT) - * Post-handshake authentication and key update - * Middlebox Compatibility Mode - * TLSv1.3 PSKs - * Support for all five RFC8446 ciphersuites - * RSA-PSS signature algorithms (backported to TLSv1.2) - * Configurable session ticket support - * Stateless server support - * Rewrite of the packet construction code for "safer" packet handling - * Rewrite of the extension handling code + * Fully compliant implementation of RFC8446 (TLSv1.3) on by default + * Early data (0-RTT) + * Post-handshake authentication and key update + * Middlebox Compatibility Mode + * TLSv1.3 PSKs + * Support for all five RFC8446 ciphersuites + * RSA-PSS signature algorithms (backported to TLSv1.2) + * Configurable session ticket support + * Stateless server support + * Rewrite of the packet construction code for "safer" packet handling + * Rewrite of the extension handling code For further important information, see the [TLS1.3 page]( https://wiki.openssl.org/index.php/TLS1.3) in the OpenSSL Wiki. @@ -159,11 +158,10 @@ OpenSSL 1.1.1 * Claim the namespaces OSSL and OPENSSL, represented as symbol prefixes * Rewrite of devcrypto engine - OpenSSL 1.1.0 ------------- -### Major changes between OpenSSL 1.1.0k and OpenSSL 1.1.0l [10 Sep 2019] ### +### Major changes between OpenSSL 1.1.0k and OpenSSL 1.1.0l [10 Sep 2019] * Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey ([CVE-2019-1563][]) @@ -173,57 +171,57 @@ OpenSSL 1.1.0 ([CVE-2019-1547][]) * Use Windows installation paths in the mingw builds ([CVE-2019-1552][]) -### Major changes between OpenSSL 1.1.0j and OpenSSL 1.1.0k [28 May 2019] ### +### Major changes between OpenSSL 1.1.0j and OpenSSL 1.1.0k [28 May 2019] * Prevent over long nonces in ChaCha20-Poly1305 ([CVE-2019-1543][]) -### Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.0j [20 Nov 2018] ### +### Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.0j [20 Nov 2018] * Timing vulnerability in DSA signature generation ([CVE-2018-0734][]) * Timing vulnerability in ECDSA signature generation ([CVE-2018-0735][]) -### Major changes between OpenSSL 1.1.0h and OpenSSL 1.1.0i [14 Aug 2018] ### +### Major changes between OpenSSL 1.1.0h and OpenSSL 1.1.0i [14 Aug 2018] * Client DoS due to large DH parameter ([CVE-2018-0732][]) * Cache timing vulnerability in RSA Key Generation ([CVE-2018-0737][]) -### Major changes between OpenSSL 1.1.0g and OpenSSL 1.1.0h [27 Mar 2018] ### +### Major changes between OpenSSL 1.1.0g and OpenSSL 1.1.0h [27 Mar 2018] * Constructed ASN.1 types with a recursive definition could exceed the stack ([CVE-2018-0739][]) * Incorrect CRYPTO_memcmp on HP-UX PA-RISC ([CVE-2018-0733][]) * rsaz_1024_mul_avx2 overflow bug on x86_64 ([CVE-2017-3738][]) -### Major changes between OpenSSL 1.1.0f and OpenSSL 1.1.0g [2 Nov 2017] ### +### Major changes between OpenSSL 1.1.0f and OpenSSL 1.1.0g [2 Nov 2017] * bn_sqrx8x_internal carry bug on x86_64 ([CVE-2017-3736][]) * Malformed X.509 IPAddressFamily could cause OOB read ([CVE-2017-3735][]) -### Major changes between OpenSSL 1.1.0e and OpenSSL 1.1.0f [25 May 2017] ### +### Major changes between OpenSSL 1.1.0e and OpenSSL 1.1.0f [25 May 2017] * config now recognises 64-bit mingw and chooses mingw64 instead of mingw -### Major changes between OpenSSL 1.1.0d and OpenSSL 1.1.0e [16 Feb 2017] ### +### Major changes between OpenSSL 1.1.0d and OpenSSL 1.1.0e [16 Feb 2017] * Encrypt-Then-Mac renegotiation crash ([CVE-2017-3733][]) -### Major changes between OpenSSL 1.1.0c and OpenSSL 1.1.0d [26 Jan 2017] ### +### Major changes between OpenSSL 1.1.0c and OpenSSL 1.1.0d [26 Jan 2017] * Truncated packet could crash via OOB read ([CVE-2017-3731][]) * Bad (EC)DHE parameters cause a client crash ([CVE-2017-3730][]) * BN_mod_exp may produce incorrect results on x86_64 ([CVE-2017-3732][]) -### Major changes between OpenSSL 1.1.0b and OpenSSL 1.1.0c [10 Nov 2016] ### +### Major changes between OpenSSL 1.1.0b and OpenSSL 1.1.0c [10 Nov 2016] * ChaCha20/Poly1305 heap-buffer-overflow ([CVE-2016-7054][]) * CMS Null dereference ([CVE-2016-7053][]) * Montgomery multiplication may produce incorrect results ([CVE-2016-7055][]) -### Major changes between OpenSSL 1.1.0a and OpenSSL 1.1.0b [26 Sep 2016] ### +### Major changes between OpenSSL 1.1.0a and OpenSSL 1.1.0b [26 Sep 2016] * Fix Use After Free for large message sizes ([CVE-2016-6309][]) -### Major changes between OpenSSL 1.1.0 and OpenSSL 1.1.0a [22 Sep 2016] ### +### Major changes between OpenSSL 1.1.0 and OpenSSL 1.1.0a [22 Sep 2016] * OCSP Status Request extension unbounded memory growth ([CVE-2016-6304][]) * SSL_peek() hang on empty record ([CVE-2016-6305][]) @@ -232,7 +230,7 @@ OpenSSL 1.1.0 * Excessive allocation of memory in dtls1_preprocess_fragment() ([CVE-2016-6308][]) -### Major changes between OpenSSL 1.0.2h and OpenSSL 1.1.0 [25 Aug 2016] ### +### Major changes between OpenSSL 1.0.2h and OpenSSL 1.1.0 [25 Aug 2016] * Copyright text was shrunk to a boilerplate that points to the license * "shared" builds are now the default when possible @@ -280,11 +278,10 @@ OpenSSL 1.1.0 * Support for Certificate Transparency * HKDF support. - OpenSSL 1.0.2 ------------- -### Major changes between OpenSSL 1.0.2s and OpenSSL 1.0.2t [10 Sep 2019] ### +### Major changes between OpenSSL 1.0.2s and OpenSSL 1.0.2t [10 Sep 2019] * Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey ([CVE-2019-1563][]) @@ -295,54 +292,54 @@ OpenSSL 1.0.2 * Document issue with installation paths in diverse Windows builds ([CVE-2019-1552][]) -### Major changes between OpenSSL 1.0.2r and OpenSSL 1.0.2s [28 May 2019] ### +### Major changes between OpenSSL 1.0.2r and OpenSSL 1.0.2s [28 May 2019] * None -### Major changes between OpenSSL 1.0.2q and OpenSSL 1.0.2r [26 Feb 2019] ### +### Major changes between OpenSSL 1.0.2q and OpenSSL 1.0.2r [26 Feb 2019] * 0-byte record padding oracle ([CVE-2019-1559][]) -### Major changes between OpenSSL 1.0.2p and OpenSSL 1.0.2q [20 Nov 2018] ### +### Major changes between OpenSSL 1.0.2p and OpenSSL 1.0.2q [20 Nov 2018] * Microarchitecture timing vulnerability in ECC scalar multiplication ([CVE-2018-5407][]) * Timing vulnerability in DSA signature generation ([CVE-2018-0734][]) -### Major changes between OpenSSL 1.0.2o and OpenSSL 1.0.2p [14 Aug 2018] ### +### Major changes between OpenSSL 1.0.2o and OpenSSL 1.0.2p [14 Aug 2018] * Client DoS due to large DH parameter ([CVE-2018-0732][]) * Cache timing vulnerability in RSA Key Generation ([CVE-2018-0737][]) -### Major changes between OpenSSL 1.0.2n and OpenSSL 1.0.2o [27 Mar 2018] ### +### Major changes between OpenSSL 1.0.2n and OpenSSL 1.0.2o [27 Mar 2018] * Constructed ASN.1 types with a recursive definition could exceed the stack ([CVE-2018-0739][]) -### Major changes between OpenSSL 1.0.2m and OpenSSL 1.0.2n [7 Dec 2017] ### +### Major changes between OpenSSL 1.0.2m and OpenSSL 1.0.2n [7 Dec 2017] * Read/write after SSL object in error state ([CVE-2017-3737][]) * rsaz_1024_mul_avx2 overflow bug on x86_64 ([CVE-2017-3738][]) -### Major changes between OpenSSL 1.0.2l and OpenSSL 1.0.2m [2 Nov 2017] ### +### Major changes between OpenSSL 1.0.2l and OpenSSL 1.0.2m [2 Nov 2017] * bn_sqrx8x_internal carry bug on x86_64 ([CVE-2017-3736][]) * Malformed X.509 IPAddressFamily could cause OOB read ([CVE-2017-3735][]) -### Major changes between OpenSSL 1.0.2k and OpenSSL 1.0.2l [25 May 2017] ### +### Major changes between OpenSSL 1.0.2k and OpenSSL 1.0.2l [25 May 2017] * config now recognises 64-bit mingw and chooses mingw64 instead of mingw -### Major changes between OpenSSL 1.0.2j and OpenSSL 1.0.2k [26 Jan 2017] ### +### Major changes between OpenSSL 1.0.2j and OpenSSL 1.0.2k [26 Jan 2017] * Truncated packet could crash via OOB read ([CVE-2017-3731][]) * BN_mod_exp may produce incorrect results on x86_64 ([CVE-2017-3732][]) * Montgomery multiplication may produce incorrect results ([CVE-2016-7055][]) -### Major changes between OpenSSL 1.0.2i and OpenSSL 1.0.2j [26 Sep 2016] ### +### Major changes between OpenSSL 1.0.2i and OpenSSL 1.0.2j [26 Sep 2016] * Missing CRL sanity check ([CVE-2016-7052][]) -### Major changes between OpenSSL 1.0.2h and OpenSSL 1.0.2i [22 Sep 2016] ### +### Major changes between OpenSSL 1.0.2h and OpenSSL 1.0.2i [22 Sep 2016] * OCSP Status Request extension unbounded memory growth ([CVE-2016-6304][]) * SWEET32 Mitigation ([CVE-2016-2183][]) @@ -356,7 +353,7 @@ OpenSSL 1.0.2 * DTLS replay protection DoS ([CVE-2016-2181][]) * Certificate message OOB reads ([CVE-2016-6306][]) -### Major changes between OpenSSL 1.0.2g and OpenSSL 1.0.2h [3 May 2016] ### +### Major changes between OpenSSL 1.0.2g and OpenSSL 1.0.2h [3 May 2016] * Prevent padding oracle in AES-NI CBC MAC check ([CVE-2016-2107][]) * Fix EVP_EncodeUpdate overflow ([CVE-2016-2105][]) @@ -369,7 +366,7 @@ OpenSSL 1.0.2 the default. * Only remove the SSLv2 methods with the no-ssl2-method option. -### Major changes between OpenSSL 1.0.2f and OpenSSL 1.0.2g [1 Mar 2016] ### +### Major changes between OpenSSL 1.0.2f and OpenSSL 1.0.2g [1 Mar 2016] * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. * Disable SSLv2 default build, default negotiation and weak ciphers @@ -382,12 +379,12 @@ OpenSSL 1.0.2 * Fix memory issues in BIO_*printf functions ([CVE-2016-0799][]) * Fix side channel attack on modular exponentiation ([CVE-2016-0702][]) -### Major changes between OpenSSL 1.0.2e and OpenSSL 1.0.2f [28 Jan 2016] ### +### Major changes between OpenSSL 1.0.2e and OpenSSL 1.0.2f [28 Jan 2016] * DH small subgroups ([CVE-2016-0701][]) * SSLv2 doesn't block disabled ciphers ([CVE-2015-3197][]) -### Major changes between OpenSSL 1.0.2d and OpenSSL 1.0.2e [3 Dec 2015] ### +### Major changes between OpenSSL 1.0.2d and OpenSSL 1.0.2e [3 Dec 2015] * BN_mod_exp may produce incorrect results on x86_64 ([CVE-2015-3193][]) * Certificate verify crash with missing PSS parameter ([CVE-2015-3194][]) @@ -396,16 +393,16 @@ OpenSSL 1.0.2 * In DSA_generate_parameters_ex, if the provided seed is too short, return an error -### Major changes between OpenSSL 1.0.2c and OpenSSL 1.0.2d [9 Jul 2015] ### +### Major changes between OpenSSL 1.0.2c and OpenSSL 1.0.2d [9 Jul 2015] * Alternate chains certificate forgery ([CVE-2015-1793][]) * Race condition handling PSK identify hint ([CVE-2015-3196][]) -### Major changes between OpenSSL 1.0.2b and OpenSSL 1.0.2c [12 Jun 2015] ### +### Major changes between OpenSSL 1.0.2b and OpenSSL 1.0.2c [12 Jun 2015] * Fix HMAC ABI incompatibility -### Major changes between OpenSSL 1.0.2a and OpenSSL 1.0.2b [11 Jun 2015] ### +### Major changes between OpenSSL 1.0.2a and OpenSSL 1.0.2b [11 Jun 2015] * Malformed ECParameters causes infinite loop ([CVE-2015-1788][]) * Exploitable out-of-bounds read in X509_cmp_time ([CVE-2015-1789][]) @@ -413,7 +410,7 @@ OpenSSL 1.0.2 * CMS verify infinite loop with unknown hash function ([CVE-2015-1792][]) * Race condition handling NewSessionTicket ([CVE-2015-1791][]) -### Major changes between OpenSSL 1.0.2 and OpenSSL 1.0.2a [19 Mar 2015] ### +### Major changes between OpenSSL 1.0.2 and OpenSSL 1.0.2a [19 Mar 2015] * OpenSSL 1.0.2 ClientHello sigalgs DoS fix ([CVE-2015-0291][]) * Multiblock corrupted pointer fix ([CVE-2015-0290][]) @@ -429,7 +426,7 @@ OpenSSL 1.0.2 * X509_to_X509_REQ NULL pointer deref fix ([CVE-2015-0288][]) * Removed the export ciphers from the DEFAULT ciphers -### Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.2 [22 Jan 2015] ### +### Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.2 [22 Jan 2015] * Suite B support for TLS 1.2 and DTLS 1.2 * Support for DTLS 1.2 @@ -440,11 +437,10 @@ OpenSSL 1.0.2 * ALPN support. * CMS support for RSA-PSS, RSA-OAEP, ECDH and X9.42 DH. - OpenSSL 1.0.1 ------------- -### Major changes between OpenSSL 1.0.1t and OpenSSL 1.0.1u [22 Sep 2016] ### +### Major changes between OpenSSL 1.0.1t and OpenSSL 1.0.1u [22 Sep 2016] * OCSP Status Request extension unbounded memory growth ([CVE-2016-6304][]) * SWEET32 Mitigation ([CVE-2016-2183][]) @@ -458,7 +454,7 @@ OpenSSL 1.0.1 * DTLS replay protection DoS ([CVE-2016-2181][]) * Certificate message OOB reads ([CVE-2016-6306][]) -### Major changes between OpenSSL 1.0.1s and OpenSSL 1.0.1t [3 May 2016] ### +### Major changes between OpenSSL 1.0.1s and OpenSSL 1.0.1t [3 May 2016] * Prevent padding oracle in AES-NI CBC MAC check ([CVE-2016-2107][]) * Fix EVP_EncodeUpdate overflow ([CVE-2016-2105][]) @@ -471,7 +467,7 @@ OpenSSL 1.0.1 the default. * Only remove the SSLv2 methods with the no-ssl2-method option. -### Major changes between OpenSSL 1.0.1r and OpenSSL 1.0.1s [1 Mar 2016] ### +### Major changes between OpenSSL 1.0.1r and OpenSSL 1.0.1s [1 Mar 2016] * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. * Disable SSLv2 default build, default negotiation and weak ciphers @@ -484,12 +480,12 @@ OpenSSL 1.0.1 * Fix memory issues in BIO_*printf functions ([CVE-2016-0799][]) * Fix side channel attack on modular exponentiation ([CVE-2016-0702][]) -### Major changes between OpenSSL 1.0.1q and OpenSSL 1.0.1r [28 Jan 2016] ### +### Major changes between OpenSSL 1.0.1q and OpenSSL 1.0.1r [28 Jan 2016] * Protection for DH small subgroup attacks * SSLv2 doesn't block disabled ciphers ([CVE-2015-3197][]) -### Major changes between OpenSSL 1.0.1p and OpenSSL 1.0.1q [3 Dec 2015] ### +### Major changes between OpenSSL 1.0.1p and OpenSSL 1.0.1q [3 Dec 2015] * Certificate verify crash with missing PSS parameter ([CVE-2015-3194][]) * X509_ATTRIBUTE memory leak ([CVE-2015-3195][]) @@ -497,16 +493,16 @@ OpenSSL 1.0.1 * In DSA_generate_parameters_ex, if the provided seed is too short, return an error -### Major changes between OpenSSL 1.0.1o and OpenSSL 1.0.1p [9 Jul 2015] ### +### Major changes between OpenSSL 1.0.1o and OpenSSL 1.0.1p [9 Jul 2015] * Alternate chains certificate forgery ([CVE-2015-1793][]) * Race condition handling PSK identify hint ([CVE-2015-3196][]) -### Major changes between OpenSSL 1.0.1n and OpenSSL 1.0.1o [12 Jun 2015] ### +### Major changes between OpenSSL 1.0.1n and OpenSSL 1.0.1o [12 Jun 2015] * Fix HMAC ABI incompatibility -### Major changes between OpenSSL 1.0.1m and OpenSSL 1.0.1n [11 Jun 2015] ### +### Major changes between OpenSSL 1.0.1m and OpenSSL 1.0.1n [11 Jun 2015] * Malformed ECParameters causes infinite loop ([CVE-2015-1788][]) * Exploitable out-of-bounds read in X509_cmp_time ([CVE-2015-1789][]) @@ -514,7 +510,7 @@ OpenSSL 1.0.1 * CMS verify infinite loop with unknown hash function ([CVE-2015-1792][]) * Race condition handling NewSessionTicket ([CVE-2015-1791][]) -### Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.1m [19 Mar 2015] ### +### Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.1m [19 Mar 2015] * Segmentation fault in ASN1_TYPE_cmp fix ([CVE-2015-0286][]) * ASN.1 structure reuse memory corruption fix ([CVE-2015-0287][]) @@ -524,11 +520,11 @@ OpenSSL 1.0.1 * X509_to_X509_REQ NULL pointer deref fix ([CVE-2015-0288][]) * Removed the export ciphers from the DEFAULT ciphers -### Major changes between OpenSSL 1.0.1k and OpenSSL 1.0.1l [15 Jan 2015] ### +### Major changes between OpenSSL 1.0.1k and OpenSSL 1.0.1l [15 Jan 2015] * Build fixes for the Windows and OpenVMS platforms -### Major changes between OpenSSL 1.0.1j and OpenSSL 1.0.1k [8 Jan 2015] ### +### Major changes between OpenSSL 1.0.1j and OpenSSL 1.0.1k [8 Jan 2015] * Fix for [CVE-2014-3571][] * Fix for [CVE-2015-0206][] @@ -539,14 +535,14 @@ OpenSSL 1.0.1 * Fix for [CVE-2014-8275][] * Fix for [CVE-2014-3570][] -### Major changes between OpenSSL 1.0.1i and OpenSSL 1.0.1j [15 Oct 2014] ### +### Major changes between OpenSSL 1.0.1i and OpenSSL 1.0.1j [15 Oct 2014] * Fix for [CVE-2014-3513][] * Fix for [CVE-2014-3567][] * Mitigation for [CVE-2014-3566][] (SSL protocol vulnerability) * Fix for [CVE-2014-3568][] -### Major changes between OpenSSL 1.0.1h and OpenSSL 1.0.1i [6 Aug 2014] ### +### Major changes between OpenSSL 1.0.1h and OpenSSL 1.0.1i [6 Aug 2014] * Fix for [CVE-2014-3512][] * Fix for [CVE-2014-3511][] @@ -558,7 +554,7 @@ OpenSSL 1.0.1 * Fix for [CVE-2014-5139][] * Fix for [CVE-2014-3508][] -### Major changes between OpenSSL 1.0.1g and OpenSSL 1.0.1h [5 Jun 2014] ### +### Major changes between OpenSSL 1.0.1g and OpenSSL 1.0.1h [5 Jun 2014] * Fix for [CVE-2014-0224][] * Fix for [CVE-2014-0221][] @@ -567,24 +563,24 @@ OpenSSL 1.0.1 * Fix for [CVE-2014-3470][] * Fix for [CVE-2010-5298][] -### Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014] ### +### Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014] * Fix for [CVE-2014-0160][] * Add TLS padding extension workaround for broken servers. * Fix for [CVE-2014-0076][] -### Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014] ### +### Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014] * Don't include gmt_unix_time in TLS server and client random values * Fix for TLS record tampering bug [CVE-2013-4353][] * Fix for TLS version checking bug [CVE-2013-6449][] * Fix for DTLS retransmission bug [CVE-2013-6450][] -### Major changes between OpenSSL 1.0.1d and OpenSSL 1.0.1e [11 Feb 2013] ### +### Major changes between OpenSSL 1.0.1d and OpenSSL 1.0.1e [11 Feb 2013] * Corrected fix for [CVE-2013-0169][] -### Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d [4 Feb 2013] ### +### Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d [4 Feb 2013] * Fix renegotiation in TLS 1.1, 1.2 by using the correct TLS version. * Include the fips configuration module. @@ -592,24 +588,24 @@ OpenSSL 1.0.1 * Fix for SSL/TLS/DTLS CBC plaintext recovery attack [CVE-2013-0169][] * Fix for TLS AESNI record handling flaw [CVE-2012-2686][] -### Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c [10 May 2012] ### +### Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c [10 May 2012] * Fix TLS/DTLS record length checking bug [CVE-2012-2333][] * Don't attempt to use non-FIPS composite ciphers in FIPS mode. -### Major changes between OpenSSL 1.0.1a and OpenSSL 1.0.1b [26 Apr 2012] ### +### Major changes between OpenSSL 1.0.1a and OpenSSL 1.0.1b [26 Apr 2012] * Fix compilation error on non-x86 platforms. * Make FIPS capable OpenSSL ciphers work in non-FIPS mode. * Fix SSL_OP_NO_TLSv1_1 clash with SSL_OP_ALL in OpenSSL 1.0.0 -### Major changes between OpenSSL 1.0.1 and OpenSSL 1.0.1a [19 Apr 2012] ### +### Major changes between OpenSSL 1.0.1 and OpenSSL 1.0.1a [19 Apr 2012] * Fix for ASN1 overflow bug [CVE-2012-2110][] * Workarounds for some servers that hang on long client hellos. * Fix SEGV in AES code. -### Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1 [14 Mar 2012] ### +### Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1 [14 Mar 2012] * TLS/DTLS heartbeat support. * SCTP support. @@ -622,16 +618,15 @@ OpenSSL 1.0.1 * Preliminary FIPS capability for unvalidated 2.0 FIPS module. * SRP support. - OpenSSL 1.0.0 ------------- -### Major changes between OpenSSL 1.0.0s and OpenSSL 1.0.0t [3 Dec 2015] ### +### Major changes between OpenSSL 1.0.0s and OpenSSL 1.0.0t [3 Dec 2015] * X509_ATTRIBUTE memory leak ([CVE-2015-3195][]) * Race condition handling PSK identify hint ([CVE-2015-3196][]) -### Major changes between OpenSSL 1.0.0r and OpenSSL 1.0.0s [11 Jun 2015] ### +### Major changes between OpenSSL 1.0.0r and OpenSSL 1.0.0s [11 Jun 2015] * Malformed ECParameters causes infinite loop ([CVE-2015-1788][]) * Exploitable out-of-bounds read in X509_cmp_time ([CVE-2015-1789][]) @@ -639,7 +634,7 @@ OpenSSL 1.0.0 * CMS verify infinite loop with unknown hash function ([CVE-2015-1792][]) * Race condition handling NewSessionTicket ([CVE-2015-1791][]) -### Major changes between OpenSSL 1.0.0q and OpenSSL 1.0.0r [19 Mar 2015] ### +### Major changes between OpenSSL 1.0.0q and OpenSSL 1.0.0r [19 Mar 2015] * Segmentation fault in ASN1_TYPE_cmp fix ([CVE-2015-0286][]) * ASN.1 structure reuse memory corruption fix ([CVE-2015-0287][]) @@ -649,11 +644,11 @@ OpenSSL 1.0.0 * X509_to_X509_REQ NULL pointer deref fix ([CVE-2015-0288][]) * Removed the export ciphers from the DEFAULT ciphers -### Major changes between OpenSSL 1.0.0p and OpenSSL 1.0.0q [15 Jan 2015] ### +### Major changes between OpenSSL 1.0.0p and OpenSSL 1.0.0q [15 Jan 2015] * Build fixes for the Windows and OpenVMS platforms -### Major changes between OpenSSL 1.0.0o and OpenSSL 1.0.0p [8 Jan 2015] ### +### Major changes between OpenSSL 1.0.0o and OpenSSL 1.0.0p [8 Jan 2015] * Fix for [CVE-2014-3571][] * Fix for [CVE-2015-0206][] @@ -664,14 +659,14 @@ OpenSSL 1.0.0 * Fix for [CVE-2014-8275][] * Fix for [CVE-2014-3570][] -### Major changes between OpenSSL 1.0.0n and OpenSSL 1.0.0o [15 Oct 2014] ### +### Major changes between OpenSSL 1.0.0n and OpenSSL 1.0.0o [15 Oct 2014] * Fix for [CVE-2014-3513][] * Fix for [CVE-2014-3567][] * Mitigation for [CVE-2014-3566][] (SSL protocol vulnerability) * Fix for [CVE-2014-3568][] -### Major changes between OpenSSL 1.0.0m and OpenSSL 1.0.0n [6 Aug 2014] ### +### Major changes between OpenSSL 1.0.0m and OpenSSL 1.0.0n [6 Aug 2014] * Fix for [CVE-2014-3510][] * Fix for [CVE-2014-3507][] @@ -685,9 +680,9 @@ OpenSSL 1.0.0 * EAP-FAST and other applications using tls_session_secret_cb wont resume sessions. Fixed in 1.0.0n-dev * Compilation failure of s3_pkt.c on some platforms due to missing - include. Fixed in 1.0.0n-dev + `` include. Fixed in 1.0.0n-dev -### Major changes between OpenSSL 1.0.0l and OpenSSL 1.0.0m [5 Jun 2014] ### +### Major changes between OpenSSL 1.0.0l and OpenSSL 1.0.0m [5 Jun 2014] * Fix for [CVE-2014-0224][] * Fix for [CVE-2014-0221][] @@ -697,35 +692,34 @@ OpenSSL 1.0.0 * Fix for [CVE-2014-0076][] * Fix for [CVE-2010-5298][] -### Major changes between OpenSSL 1.0.0k and OpenSSL 1.0.0l [6 Jan 2014] ### +### Major changes between OpenSSL 1.0.0k and OpenSSL 1.0.0l [6 Jan 2014] * Fix for DTLS retransmission bug [CVE-2013-6450][] -### Major changes between OpenSSL 1.0.0j and OpenSSL 1.0.0k [5 Feb 2013] ### +### Major changes between OpenSSL 1.0.0j and OpenSSL 1.0.0k [5 Feb 2013] * Fix for SSL/TLS/DTLS CBC plaintext recovery attack [CVE-2013-0169][] * Fix OCSP bad key DoS attack [CVE-2013-0166][] -### Major changes between OpenSSL 1.0.0i and OpenSSL 1.0.0j [10 May 2012] ### +### Major changes between OpenSSL 1.0.0i and OpenSSL 1.0.0j [10 May 2012] * Fix DTLS record length checking bug [CVE-2012-2333][] -### Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.0i [19 Apr 2012] ### +### Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.0i [19 Apr 2012] * Fix for ASN1 overflow bug [CVE-2012-2110][] - -### Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h [12 Mar 2012] ### +### Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h [12 Mar 2012] * Fix for CMS/PKCS#7 MMA [CVE-2012-0884][] * Corrected fix for [CVE-2011-4619][] * Various DTLS fixes. -### Major changes between OpenSSL 1.0.0f and OpenSSL 1.0.0g [18 Jan 2012] ### +### Major changes between OpenSSL 1.0.0f and OpenSSL 1.0.0g [18 Jan 2012] * Fix for DTLS DoS issue [CVE-2012-0050][] -### Major changes between OpenSSL 1.0.0e and OpenSSL 1.0.0f [4 Jan 2012] ### +### Major changes between OpenSSL 1.0.0e and OpenSSL 1.0.0f [4 Jan 2012] * Fix for DTLS plaintext recovery attack [CVE-2011-4108][] * Clear block padding bytes of SSL 3.0 records [CVE-2011-4576][] @@ -733,7 +727,7 @@ OpenSSL 1.0.0 * Check parameters are not NULL in GOST ENGINE [CVE-2012-0027][] * Check for malformed RFC3779 data [CVE-2011-4577][] -### Major changes between OpenSSL 1.0.0d and OpenSSL 1.0.0e [6 Sep 2011] ### +### Major changes between OpenSSL 1.0.0d and OpenSSL 1.0.0e [6 Sep 2011] * Fix for CRL vulnerability issue [CVE-2011-3207][] * Fix for ECDH crashes [CVE-2011-3210][] @@ -741,11 +735,11 @@ OpenSSL 1.0.0 * Support ECDH ciphersuites for certificates using SHA2 algorithms. * Various DTLS fixes. -### Major changes between OpenSSL 1.0.0c and OpenSSL 1.0.0d [8 Feb 2011] ### +### Major changes between OpenSSL 1.0.0c and OpenSSL 1.0.0d [8 Feb 2011] * Fix for security issue [CVE-2011-0014][] -### Major changes between OpenSSL 1.0.0b and OpenSSL 1.0.0c [2 Dec 2010] ### +### Major changes between OpenSSL 1.0.0b and OpenSSL 1.0.0c [2 Dec 2010] * Fix for security issue [CVE-2010-4180][] * Fix for [CVE-2010-4252][] @@ -753,18 +747,18 @@ OpenSSL 1.0.0 * Fix various platform compilation issues. * Corrected fix for security issue [CVE-2010-3864][]. -### Major changes between OpenSSL 1.0.0a and OpenSSL 1.0.0b [16 Nov 2010] ### +### Major changes between OpenSSL 1.0.0a and OpenSSL 1.0.0b [16 Nov 2010] * Fix for security issue [CVE-2010-3864][]. * Fix for [CVE-2010-2939][] * Fix WIN32 build system for GOST ENGINE. -### Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a [1 Jun 2010] ### +### Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a [1 Jun 2010] * Fix for security issue [CVE-2010-1633][]. * GOST MAC and CFB fixes. -### Major changes between OpenSSL 0.9.8n and OpenSSL 1.0.0 [29 Mar 2010] ### +### Major changes between OpenSSL 0.9.8n and OpenSSL 1.0.0 [29 Mar 2010] * RFC3280 path validation: sufficient to process PKITS tests. * Integrated support for PVK files and keyblobs. @@ -790,12 +784,12 @@ OpenSSL 1.0.0 OpenSSL 0.9.x ------------- -### Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n [24 Mar 2010] ### +### Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n [24 Mar 2010] * CFB cipher definition fixes. * Fix security issues [CVE-2010-0740][] and [CVE-2010-0433][]. -### Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m [25 Feb 2010] ### +### Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m [25 Feb 2010] * Cipher definition fixes. * Workaround for slow RAND_poll() on some WIN32 versions. @@ -807,33 +801,33 @@ OpenSSL 0.9.x * Ticket and SNI coexistence fixes. * Many fixes to DTLS handling. -### Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l [5 Nov 2009] ### +### Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l [5 Nov 2009] * Temporary work around for [CVE-2009-3555][]: disable renegotiation. -### Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k [25 Mar 2009] ### +### Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k [25 Mar 2009] * Fix various build issues. * Fix security issues ([CVE-2009-0590][], [CVE-2009-0591][], [CVE-2009-0789][]) -### Major changes between OpenSSL 0.9.8i and OpenSSL 0.9.8j [7 Jan 2009] ### +### Major changes between OpenSSL 0.9.8i and OpenSSL 0.9.8j [7 Jan 2009] * Fix security issue ([CVE-2008-5077][]) * Merge FIPS 140-2 branch code. -### Major changes between OpenSSL 0.9.8g and OpenSSL 0.9.8h [28 May 2008] ### +### Major changes between OpenSSL 0.9.8g and OpenSSL 0.9.8h [28 May 2008] * CryptoAPI ENGINE support. * Various precautionary measures. * Fix for bugs affecting certificate request creation. * Support for local machine keyset attribute in PKCS#12 files. -### Major changes between OpenSSL 0.9.8f and OpenSSL 0.9.8g [19 Oct 2007] ### +### Major changes between OpenSSL 0.9.8f and OpenSSL 0.9.8g [19 Oct 2007] * Backport of CMS functionality to 0.9.8. * Fixes for bugs introduced with 0.9.8f. -### Major changes between OpenSSL 0.9.8e and OpenSSL 0.9.8f [11 Oct 2007] ### +### Major changes between OpenSSL 0.9.8e and OpenSSL 0.9.8f [11 Oct 2007] * Add gcc 4.2 support. * Add support for AES and SSE2 assembly language optimization @@ -844,23 +838,23 @@ OpenSSL 0.9.x * RFC4507bis support. * TLS Extensions support. -### Major changes between OpenSSL 0.9.8d and OpenSSL 0.9.8e [23 Feb 2007] ### +### Major changes between OpenSSL 0.9.8d and OpenSSL 0.9.8e [23 Feb 2007] * Various ciphersuite selection fixes. * RFC3779 support. -### Major changes between OpenSSL 0.9.8c and OpenSSL 0.9.8d [28 Sep 2006] ### +### Major changes between OpenSSL 0.9.8c and OpenSSL 0.9.8d [28 Sep 2006] * Introduce limits to prevent malicious key DoS ([CVE-2006-2940][]) * Fix security issues ([CVE-2006-2937][], [CVE-2006-3737][], [CVE-2006-4343][]) * Changes to ciphersuite selection algorithm -### Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c [5 Sep 2006] ### +### Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c [5 Sep 2006] * Fix Daniel Bleichenbacher forged signature attack, [CVE-2006-4339][] * New cipher Camellia -### Major changes between OpenSSL 0.9.8a and OpenSSL 0.9.8b [4 May 2006] ### +### Major changes between OpenSSL 0.9.8a and OpenSSL 0.9.8b [4 May 2006] * Cipher string fixes. * Fixes for VC++ 2005. @@ -870,12 +864,12 @@ OpenSSL 0.9.x * Built in dynamic engine compilation support on Win32. * Fixes auto dynamic engine loading in Win32. -### Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a [11 Oct 2005] ### +### Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a [11 Oct 2005] * Fix potential SSL 2.0 rollback, [CVE-2005-2969][] * Extended Windows CE support -### Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8 [5 Jul 2005] ### +### Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8 [5 Jul 2005] * Major work on the BIGNUM library for higher efficiency and to make operations more streamlined and less contradictory. This @@ -949,36 +943,36 @@ OpenSSL 0.9.x * Added initial support for Win64. * Added alternate pkg-config files. -### Major changes between OpenSSL 0.9.7l and OpenSSL 0.9.7m [23 Feb 2007] ### +### Major changes between OpenSSL 0.9.7l and OpenSSL 0.9.7m [23 Feb 2007] * FIPS 1.1.1 module linking. * Various ciphersuite selection fixes. -### Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l [28 Sep 2006] ### +### Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l [28 Sep 2006] * Introduce limits to prevent malicious key DoS ([CVE-2006-2940][]) * Fix security issues ([CVE-2006-2937][], [CVE-2006-3737][], [CVE-2006-4343][]) -### Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k [5 Sep 2006] ### +### Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k [5 Sep 2006] * Fix Daniel Bleichenbacher forged signature attack, [CVE-2006-4339][] -### Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j [4 May 2006] ### +### Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j [4 May 2006] * Visual C++ 2005 fixes. * Update Windows build system for FIPS. -### Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i [14 Oct 2005] ### +### Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i [14 Oct 2005] * Give EVP_MAX_MD_SIZE its old value, except for a FIPS build. -### Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h [11 Oct 2005] ### +### Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h [11 Oct 2005] * Fix SSL 2.0 Rollback, [CVE-2005-2969][] * Allow use of fixed-length exponent on DSA signing * Default fixed-window RSA, DSA, DH private-key operations -### Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g [11 Apr 2005] ### +### Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g [11 Apr 2005] * More compilation issues fixed. * Adaptation to more modern Kerberos API. @@ -987,7 +981,7 @@ OpenSSL 0.9.x * More constification. * Added processing of proxy certificates (RFC 3820). -### Major changes between OpenSSL 0.9.7e and OpenSSL 0.9.7f [22 Mar 2005] ### +### Major changes between OpenSSL 0.9.7e and OpenSSL 0.9.7f [22 Mar 2005] * Several compilation issues fixed. * Many memory allocation failure checks added. @@ -995,12 +989,12 @@ OpenSSL 0.9.x * Mandatory basic checks on certificates. * Performance improvements. -### Major changes between OpenSSL 0.9.7d and OpenSSL 0.9.7e [25 Oct 2004] ### +### Major changes between OpenSSL 0.9.7d and OpenSSL 0.9.7e [25 Oct 2004] * Fix race condition in CRL checking code. * Fixes to PKCS#7 (S/MIME) code. -### Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d [17 Mar 2004] ### +### Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d [17 Mar 2004] * Security: Fix Kerberos ciphersuite SSL/TLS handshaking bug * Security: Fix null-pointer assignment in do_change_cipher_spec() @@ -1008,14 +1002,14 @@ OpenSSL 0.9.x * Multiple X509 verification fixes * Speed up HMAC and other operations -### Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c [30 Sep 2003] ### +### Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c [30 Sep 2003] * Security: fix various ASN1 parsing bugs. * New -ignore_err option to OCSP utility. * Various interop and bug fixes in S/MIME code. * SSL/TLS protocol fix for unrequested client certificates. -### Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b [10 Apr 2003] ### +### Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b [10 Apr 2003] * Security: counter the Klima-Pokorny-Rosa extension of Bleichbacher's attack @@ -1026,7 +1020,7 @@ OpenSSL 0.9.x * ASN.1: treat domainComponent correctly. * Documentation: fixes and additions. -### Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a [19 Feb 2003] ### +### Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a [19 Feb 2003] * Security: Important security related bugfixes. * Enhanced compatibility with MIT Kerberos. @@ -1037,7 +1031,7 @@ OpenSSL 0.9.x * SSL/TLS: now handles manual certificate chain building. * SSL/TLS: certain session ID malfunctions corrected. -### Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7 [30 Dec 2002] ### +### Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7 [30 Dec 2002] * New library section OCSP. * Complete rewrite of ASN1 code. @@ -1083,23 +1077,23 @@ OpenSSL 0.9.x * SSL/TLS: add callback to retrieve SSL/TLS messages. * SSL/TLS: support AES cipher suites (RFC3268). -### Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k [30 Sep 2003] ### +### Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k [30 Sep 2003] * Security: fix various ASN1 parsing bugs. * SSL/TLS protocol fix for unrequested client certificates. -### Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j [10 Apr 2003] ### +### Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j [10 Apr 2003] * Security: counter the Klima-Pokorny-Rosa extension of Bleichbacher's attack * Security: make RSA blinding default. * Build: shared library support fixes. -### Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i [19 Feb 2003] ### +### Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i [19 Feb 2003] * Important security related bugfixes. -### Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h [5 Dec 2002] ### +### Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h [5 Dec 2002] * New configuration targets for Tandem OSS and A/UX. * New OIDs for Microsoft attributes. @@ -1113,25 +1107,25 @@ OpenSSL 0.9.x * Fixes for smaller building problems. * Updates of manuals, FAQ and other instructive documents. -### Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g [9 Aug 2002] ### +### Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g [9 Aug 2002] * Important building fixes on Unix. -### Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f [8 Aug 2002] ### +### Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f [8 Aug 2002] * Various important bugfixes. -### Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e [30 Jul 2002] ### +### Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e [30 Jul 2002] * Important security related bugfixes. * Various SSL/TLS library bugfixes. -### Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d [9 May 2002] ### +### Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d [9 May 2002] * Various SSL/TLS library bugfixes. * Fix DH parameter generation for 'non-standard' generators. -### Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c [21 Dec 2001] ### +### Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c [21 Dec 2001] * Various SSL/TLS library bugfixes. * BIGNUM library fixes. @@ -1144,7 +1138,7 @@ OpenSSL 0.9.x Broadcom and Cryptographic Appliance's keyserver [in 0.9.6c-engine release]. -### Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b [9 Jul 2001] ### +### Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b [9 Jul 2001] * Security fix: PRNG improvements. * Security fix: RSA OAEP check. @@ -1161,7 +1155,7 @@ OpenSSL 0.9.x * Increase default size for BIO buffering filter. * Compatibility fixes in some scripts. -### Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a [5 Apr 2001] ### +### Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a [5 Apr 2001] * Security fix: change behavior of OpenSSL to avoid using environment variables when running as root. @@ -1186,7 +1180,7 @@ OpenSSL 0.9.x * New function BN_rand_range(). * Add "-rand" option to openssl s_client and s_server. -### Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6 [10 Oct 2000] ### +### Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6 [10 Oct 2000] * Some documentation for BIO and SSL libraries. * Enhanced chain verification using key identifiers. @@ -1201,7 +1195,7 @@ OpenSSL 0.9.x [1] The support for external crypto devices is currently a separate distribution. See the file README.ENGINE. -### Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a [1 Apr 2000] ### +### Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a [1 Apr 2000] * Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8 * Shared library support for HPUX and Solaris-gcc @@ -1210,7 +1204,7 @@ OpenSSL 0.9.x * New 'rand' application * New way to check for existence of algorithms from scripts -### Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5 [25 May 2000] ### +### Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5 [25 May 2000] * S/MIME support in new 'smime' command * Documentation for the OpenSSL command line application @@ -1246,7 +1240,7 @@ OpenSSL 0.9.x * Enhanced support for Alpha Linux * Experimental MacOS support -### Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4 [9 Aug 1999] ### +### Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4 [9 Aug 1999] * Transparent support for PKCS#8 format private keys: these are used by several software packages and are more secure than the standard @@ -1257,7 +1251,7 @@ OpenSSL 0.9.x * New pipe-like BIO that allows using the SSL library when actual I/O must be handled by the application (BIO pair) -### Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3 [24 May 1999] ### +### Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3 [24 May 1999] * Lots of enhancements and cleanups to the Configuration mechanism * RSA OEAP related fixes @@ -1272,7 +1266,7 @@ OpenSSL 0.9.x * Sparc assembler bignum implementation, optimized hash functions * Option to disable selected ciphers -### Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b [22 Mar 1999] ### +### Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b [22 Mar 1999] * Fixed a security hole related to session resumption * Fixed RSA encryption routines for the p < q case @@ -1295,7 +1289,7 @@ OpenSSL 0.9.x * Lots of memory leak fixes. * Lots of bug fixes. -### Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c [23 Dec 1998] ### +### Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c [23 Dec 1998] * Integration of the popular NO_RSA/NO_DSA patches * Initial support for compression inside the SSL record layer @@ -1307,8 +1301,6 @@ OpenSSL 0.9.x * Adjustments of the source tree for CVS * Support for various new platforms - - [CVE-2019-1563]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1563 diff --git a/README.md b/README.md index 98a07f7f70..e566d3161c 100644 --- a/README.md +++ b/README.md @@ -1,13 +1,11 @@ +Welcome to the OpenSSL Project +============================== + [![openssl logo][]][www.openssl.org] [![travis badge][]][travis jobs] [![appveyor badge][]][appveyor jobs] - - -Welcome to the OpenSSL Project -============================== - OpenSSL is a robust, commercial-grade, full-featured Open Source Toolkit for the Transport Layer Security (TLS) protocol formerly known as the Secure Sockets Layer (SSL) protocol. The protocol implementation is based @@ -19,7 +17,6 @@ and Tim J. Hudson. The official Home Page of the OpenSSL Project is [www.openssl.org][]. - Table of Contents ================= @@ -47,13 +44,13 @@ The OpenSSL toolkit includes: - **openssl** the OpenSSL command line tool, a swiss army knife for cryptographic tasks, testing and analyzing. It can be used for - - creation of key parameters - - creation of X.509 certificates, CSRs and CRLs - - calculation of message digests - - encryption and decryption - - SSL/TLS client and server tests - - handling of S/MIME signed or encrypted mail - - and more... + - creation of key parameters + - creation of X.509 certificates, CSRs and CRLs + - calculation of message digests + - encryption and decryption + - SSL/TLS client and server tests + - handling of S/MIME signed or encrypted mail + - and more... Download ======== @@ -70,7 +67,6 @@ of the OpenSSL toolkit are available. In particular on Linux and other Unix operating systems it is normally recommended to link against the precompiled shared libraries provided by the distributor or vendor. - For Testing and Development --------------------------- @@ -86,22 +82,21 @@ which is updated automatically from the former on every commit. A local copy of the Git Repository can be obtained by cloning it from the original OpenSSL repository using - git clone git://git.openssl.org/openssl.git + git clone git://git.openssl.org/openssl.git or from the GitHub mirror using - git clone https://github.com/openssl/openssl.git + git clone https://github.com/openssl/openssl.git If you intend to contribute to OpenSSL, either to fix bugs or contribute new features, you need to fork the OpenSSL repository openssl/openssl on GitHub and clone your public fork instead. - git clone https://github.com/yourname/openssl.git + git clone https://github.com/yourname/openssl.git This is necessary, because all development of OpenSSL nowadays is done via GitHub pull requests. For more details, see [Contributing](#contributing). - Build and Install ================= @@ -166,7 +161,6 @@ platform. The OpenSSL Project Pages at [openssl.github.io][] are a valuable source of information if you want to get familiar with our development process on GitHub. - Legalities ========== @@ -174,7 +168,6 @@ A number of nations restrict the use or export of cryptography. If you are potentially subject to such restrictions you should seek legal advice before attempting to develop or distribute cryptographic code. - Copyright ========= @@ -184,37 +177,34 @@ Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson All rights reserved. - [www.openssl.org]: - https://www.openssl.org + "OpenSSL Homepage" [git.openssl.org]: - https://git.openssl.org + "OpenSSL Git Repository" [git.openssl.org]: - https://git.openssl.org + "OpenSSL Git Repository" [github.com/openssl/openssl]: - https://github.com/openssl/openssl + "OpenSSL GitHub Mirror" [openssl.github.io]: - https://mspncp.github.io + "OpenSSL Project Pages" [wiki.openssl.org]: - https://wiki.openssl.org + "OpenSSL Wiki" - [RFC 8446]: - https://tools.ietf.org/html/rfc8446 - + [mailing lists]: https://www.openssl.org/community/mailinglists.html diff --git a/fuzz/README.md b/fuzz/README.md index eca15886f7..c8dbf454b0 100644 --- a/fuzz/README.md +++ b/fuzz/README.md @@ -1,7 +1,10 @@ -# I Can Haz Fuzz? +Fuzzing OpenSSL +=============== + +OpenSSL can use either LibFuzzer or AFL to do fuzzing. LibFuzzer -========= +--------- How to fuzz OpenSSL with [libfuzzer](http://llvm.org/docs/LibFuzzer.html), starting from a vanilla+OpenSSH server Ubuntu install. @@ -68,7 +71,7 @@ prebuilt fuzzer library. This is represented as `$PATH_TO_LIBFUZZER_DIR` below. --debug AFL -=== +--- This is an alternative to using LibFuzzer. @@ -92,7 +95,7 @@ Run one of the fuzzers: Where $FUZZER is one of the executables in `fuzz/`. Reproducing issues -================== +------------------ If a fuzzer generates a reproducible error, you can reproduce the problem using the fuzz/*-test binaries and the file generated by the fuzzer. They binaries @@ -108,7 +111,7 @@ To reproduce the crash you can run: fuzz/$FUZZER-test $file Random numbers -============== +-------------- The client and server fuzzer normally generate random numbers as part of the TLS connection setup. This results in the coverage of the fuzzing corpus changing @@ -127,16 +130,17 @@ the same client hello with the same random number in it, and so the server, as emulated by the file, can be generated for that client hello. Coverage changes -================ +---------------- Since the corpus depends on the default behaviour of the client and the server, changes in what they send by default will have an impact on the coverage. The corpus will need to be updated in that case. Updating the corpus -=================== +------------------- The client and server corpus is generated with multiple config options: + - The options as documented above - Without enable-ec_nistp_64_gcc_128 and without --debug - With no-asm @@ -147,7 +151,7 @@ The libfuzzer merge option is used to add the additional coverage from each config to the minimal set. Minimizing the corpus -===================== +--------------------- When you have gathered corpus data from more than one fuzzer run or for any other reason want to to minimize the data diff --git a/test/README.ssltest.md b/test/README.ssltest.md index 42a25189a2..6ae10fdc18 100644 --- a/test/README.ssltest.md +++ b/test/README.ssltest.md @@ -1,4 +1,5 @@ -# SSL tests +SSL tests +========= SSL testcases are configured in the `ssl-tests` directory. @@ -14,20 +15,19 @@ corresponding to the default configuration. These testcases live in For more details, see `ssl-tests/01-simple.cnf.in` for an example. -## Configuring the test +Configuring the test +-------------------- First, give your test a name. The names do not have to be unique. An example test input looks like this: -``` { name => "test-default", server => { "CipherString" => "DEFAULT" }, client => { "CipherString" => "DEFAULT" }, test => { "ExpectedResult" => "Success" }, } -``` The test section supports the following options @@ -111,19 +111,18 @@ handshake. If this is "empty" the list is expected to be empty otherwise it is a file of certificates whose subject names form the list. -## Configuring the client and server +Configuring the client and server +--------------------------------- The client and server configurations can be any valid `SSL_CTX` configurations. For details, see the manpages for `SSL_CONF_cmd`. Give your configurations as a dictionary of CONF commands, e.g. -``` -server => { - "CipherString" => "DEFAULT", - "MinProtocol" => "TLSv1", -} -``` + server => { + "CipherString" => "DEFAULT", + "MinProtocol" => "TLSv1", + } The following sections may optionally be defined: @@ -146,14 +145,12 @@ The following sections may optionally be defined: Additional handshake settings can be configured in the `extra` section of each client and server: -``` -client => { - "CipherString" => "DEFAULT", - extra => { - "ServerName" => "server2", + client => { + "CipherString" => "DEFAULT", + extra => { + "ServerName" => "server2", + } } -} -``` #### Supported client-side options @@ -202,21 +199,18 @@ automatically. Server certificate verification is requested by default. You can override these options by redefining them: -``` -client => { - "VerifyCAFile" => "/path/to/custom/file" -} -``` + client => { + "VerifyCAFile" => "/path/to/custom/file" + } or by deleting them -``` -client => { - "VerifyCAFile" => undef -} -``` + client => { + "VerifyCAFile" => undef + } -## Adding a test to the test harness +Adding a test to the test harness +--------------------------------- 1. Add a new test configuration to `test/ssl-tests`, following the examples of existing `*.cnf.in` files (for example, `01-simple.cnf.in`). @@ -224,33 +218,26 @@ client => { 2. Generate the generated `*.cnf` test input file. You can do so by running `generate_ssl_tests.pl`: -``` -$ ./config -$ cd test -$ TOP=.. perl -I ../util/perl/ generate_ssl_tests.pl ssl-tests/my.cnf.in default \ - > ssl-tests/my.cnf -``` + $ ./config + $ cd test + $ TOP=.. perl -I ../util/perl/ generate_ssl_tests.pl \ + ssl-tests/my.cnf.in default > ssl-tests/my.cnf where `my.cnf.in` is your test input file and `default` is the provider to use. For all the pre-generated test files you should use the default provider. For example, to generate the test cases in `ssl-tests/01-simple.cnf.in`, do -``` -$ TOP=.. perl -I ../util/perl/ generate_ssl_tests.pl ssl-tests/01-simple.cnf.in default > ssl-tests/01-simple.cnf -``` + $ TOP=.. perl -I ../util/perl/ generate_ssl_tests.pl \ + ssl-tests/01-simple.cnf.in default > ssl-tests/01-simple.cnf Alternatively (hackish but simple), you can comment out -``` -unlink glob $tmp_file; -``` + unlink glob $tmp_file; in `test/recipes/80-test_ssl_new.t` and run -``` -$ make TESTS=test_ssl_new test -``` + $ make TESTS=test_ssl_new test This will save the generated output in a `*.tmp` file in the build directory. @@ -258,13 +245,13 @@ This will save the generated output in a `*.tmp` file in the build directory. the test suite has any skip conditions, update those too (see `test/recipes/80-test_ssl_new.t` for details). -## Running the tests with the test harness +Running the tests with the test harness +--------------------------------------- -``` -HARNESS_VERBOSE=yes make TESTS=test_ssl_new test -``` + HARNESS_VERBOSE=yes make TESTS=test_ssl_new test -## Running a test manually +Running a test manually +----------------------- These steps are only needed during development. End users should run `make test` or follow the instructions above to run the SSL test suite. @@ -273,17 +260,13 @@ To run an SSL test manually from the command line, the `TEST_CERTS_DIR` environment variable to point to the location of the certs. E.g., from the root OpenSSL directory, do -``` -$ CTLOG_FILE=test/ct/log_list.cnf TEST_CERTS_DIR=test/certs test/ssl_test \ - test/ssl-tests/01-simple.cnf -``` + $ CTLOG_FILE=test/ct/log_list.cnf TEST_CERTS_DIR=test/certs test/ssl_test \ + test/ssl-tests/01-simple.cnf or for shared builds -``` -$ CTLOG_FILE=test/ct/log_list.cnf TEST_CERTS_DIR=test/certs \ - util/wrap.pl test/ssl_test test/ssl-tests/01-simple.cnf -``` + $ CTLOG_FILE=test/ct/log_list.cnf TEST_CERTS_DIR=test/certs \ + util/wrap.pl test/ssl_test test/ssl-tests/01-simple.cnf Note that the test expectations sometimes depend on the Configure settings. For example, the negotiated protocol depends on the set of available (enabled) -- 2.25.1