|Tags||ssl tls cryptography security libraries aes rsa sha1 communications|
2.5.103 Feb 2017 05:05 cleanup: X509_cmp_time() now passes a malformed GeneralizedTime field as an error. Reported by Theofilos Petsios. Detect zero-length encrypted session data early, instead of when malloc(0) fails or the HMAC check fails. Noted independently by jsing@ and Kurt Cancemi. Check for and handle failure of HMAC_ Update,Final or EVP_DecryptUpdate(). Massive update and normalization of manpages, conversion to mandoc format. Many pages were rewritten for clarity and accuracy. Portable doc links are up-to-date with a new conversion tool. Curve25519 Key Exchange support. Support for alternate chains for certificate verification. Code cleanups, CBB conversions, further unification of DTLS/SSL handshake code, further ASN1 macro expansion and removal. Private symbol are now hidden in libssl and libcryto. Friendly certificate verification error messages in libtls, peer verification is now always enabled. Added OCSP stapling support to libtls and netcat. Added ocspcheck utility to validate a certificate against its OCSP responder and save the reply for stapling. Enhanced regression tests and error handling for libtls. Added explicit constant and non-constant time BN functions, defaulting to constant time wherever possible. Moved many leaked implementation details in public structs behind opaque pointers. Added support to libtls. Added support for setting the supported EC curves via SSL _CTX _set1_groups _list () - also provide defines for the previous SSL _CTX _set1_curves _list names. This also changes the default list of curves to be X25519, P-256 and P-384. All other curves must be manually enabled. Added -groups option to openssl(1) s_client for specifying the curves to be used in a colon-separated list. Merged client/server version negotiation code paths into one, reducing much duplicate code. Removed error function codes from libssl and libcrypto. an where a truncated packet could crash via an OOB read. Added SSL_OP_NO_CLIENT_RENEGOTIATION option that disallows client-initiated renego
2.5.028 Sep 2016 12:25 : libtls now supports ALPN and SNI. libtls adds a new callback interface for integrating custom IO functions. Thanks to Tobias Pape. libtls now handles 4 cipher suite groups: secure" (TLSv1.2+AEAD+PFS). compat" (HIGH:!aNULL). legacy" (HIGH:MEDIUM:!aNULL). insecure" (ALL:!aNULL:!eNULL). This allows for flexibility and finer grained control, rather than having two extremes (an raised by Marko Kreen some time ago). Tightened error handling for tls_config_set_ciphers(). libtls now always loads CA, key and certificate files at the time the configuration function is called. This simplifies code and results in a single memory based code path being used to provide data to libssl. Add support for OCSP intermediate certificates. Added functions used by stunnel and exim from BoringSSL - this brings in X509_check_host, X509_check_email, X509_check_ip, and X509_check_ip_asc. Added initial support for iOS, thanks to Jacob Berkman. Improved behavior of arc4random on Windows when using memory leak analysis software. Correctly handle an EOF that occurs prior to the TLS handshake completing. Reported by Vasily Kolobkov, based on a diff from Marko Kreen. Limit the support of the "backward compatible" ssl2 handshake to only be used if TLS 1.0 is enabled. incorrect results in certain cases on 64-bit systems when BN_mod_word() can return incorrect results. BN_mod_word() now can return an error condition. Thanks to Brian Smith. Added constant-time updates to address CVE-2016-0702. undefined behavior in BN_GF2m_mod_arr(). Removed unused Cryptographic Message Support (CMS). More conversions of long long idioms to time_t. Improved compatibility by avoiding printing NULL strings with printf. Reverted change that cleans up the EVP cipher context in EVP_EncryptFinal() and EVP_DecryptFinal(). Some software relies on the previous behaviour. Avoid unbounded memory growth in libssl, which can be triggered by a TLS client repeatedly renegotiating and sending OCSP Status Request TLS extensions. Avoid f
2.4.203 Aug 2016 04:05 documentation: LibreSSL 2.4.2 is based on the OpenBSD 6.0 release branch, and is now the Newest stable version. With it, support for LibreSSL 2.2.x ends. Loading default certificate locations with openssl s_client. Ensured OSCP only uses and compares GENERALIZEDTIME values as per RFC6960. Also added for OCSP to work with intermediate. Certificates provided in responses. Improved behavior of arc4random on Windows to not appear to leak. Memory in detools, reduced privileges of allocated memory. Incorrect results from BN_mod_word() when the modulus is too. Large, thanks to Brian Smith from BoringSSL. Correctly handle an EOF prior to completing the TLS handshake in. Libtls. Improved libtls ceritificate loading and cipher string validation. Updated libtls cipher group suites into four categories: secure" (TLSv1.2+AEAD+PFS). compat" (HIGH:!aNULL). legacy" (HIGH:MEDIUM:!aNULL). insecure" (ALL:!aNULL:!eNULL) This allows for flexibility and finer grained control, rather than. Having two extremes. Limited support for 'backward compatible' SSLv2 handshake packets to. When TLS 1.0 is enabled, providing more restricted compatibility With TLS 1.0 clients. Openssl(1) and other documentation improvements. Removed flags for disabling constant-time operations. This removes support for DSA_FLAG_NO_EXP_CONSTTIME, DH_FLAG_NO_EXP_CONSTTIME, and RSA_FLAG_NO_CONSTTIME flags, making. All of these operations unconditionally constant-time. The LibreSSL project continues improvement of the codebase to reflect modern. Safe programming practices. We welcome feedback and improvements from the Broader community. Thanks to all of the contributors who helped make this Release possible.
2.4.110 Jun 2016 16:05 : This release is based on the development OpenBSD 6.0 branch. Correct a problem that prevents the DSA signing algorithm from running in constant time even if the flag BN_FLG_CONSTTIME is set. This was reported by Cesar Pereida (Aalto University), Billy Brumley (Tampere University of Technology), and Yuval Yarom (The University of Adelaide and NICTA). The was developed by Cesar Pereida. The LibreSSL project continues improvement of the codebase to reflect modern. safe programming practices. We welcome feedback and improvements from the broader community. Thanks to all of the contributors who helped make this release possible.
2.4.001 Jun 2016 22:45 : This release is the first snapshot based on the development OpenBSD 6.0 branch. As such, it is likely to change more compared to the 2.3.x and 2.2.x branches. See http://www.libressl.org/releases.html for more details. LibreSSL 2.4.0 contains the following changes: Many improvements to the CMake build infrastructure, including Solaris, mingw-w64, Cygwin, and HP-UX support. Thanks to Kinichiro Inoguchi for this work. Added missing error handling around bn_wexpand() calls. Added explicit_bzero calls for freed ASN.1 objects. X509_*set_object functions to return 0 on allocation failure. Implemented the IETF ChaCha20-Poly1305 cipher suites. Changed default EVP_aead_chacha20_poly1305() implementation to the IETF version, which is now the default. password prompts from openssl(1) to properly handle C. Reworked error handling in libtls so that configuration errors are visible. Deprecated internal use of EVP_ Cipher Encrypt Decrypt _Final. The LibreSSL project continues improvement of the codebase to reflect modern. safe programming practices. We welcome feedback and improvements from the broader community. Thanks to all of the contributors who helped make this release possible.
2.3.405 May 2016 08:25 minor: This release is based on the stable OpenBSD 5.9 branch. Multiple vulnerabilities in libcrypto relating to ASN.1 and encoding. From OpenSSL. Minor build. The LibreSSL project continues improvement of the codebase to reflect modern, Safe programming practices. We welcome feedback and improvements from the Broader community. Thanks to all of the contributors who helped make this Release possible.
2.3.324 Mar 2016 19:05 : This release marks the beginning of stable development of the 2.3.x branch. LibreSSL 2.3.3 is identical to the version that will be shipped with OpenBSD 5.9 in May 2016. At that time, LibreSSL 2.1.x support will also end. LibreSSL 2.3.3 has the following changes: Reworked build scripts to better sync with OpenNTPD-portable. broken manpage links. an nginx compatibility by adding an 'install_sw' make alias. HP-UX builds. Changed the default configuration directory to c: LibreSSL ssl on Windows binary builds. cert.pem has been reorganized and synced with Mozilla's certificate store.
2.2.601 Feb 2016 20:05 : This release is based on the stable OpenBSD 5.8 branch. Deprecated the SSL_OP_SINGLE_DH_USE flag. The LibreSSL project continues improvement of the codebase to reflect modern. Safe programming practices. We welcome feedback and improvements from the Broader community. Thanks to all of the contributors who helped make this Release possible.
2.2.508 Dec 2015 14:45 : This release is based on the stable OpenBSD 5.8 branch. from OpenSSL 1.0.1q. CVE-2015-3194 - NULL pointer dereference in client side certificate validation. CVE-2015-3195 - Memory leak in PKCS7 - not reachable from TLS/SSL. The following OpenSSL CVEs did not apply to LibreSSL. CVE-2015-3193 - Carry propagating in the x86_64 Montgomery squaring procedure. CVE-2015-3196 - Double free race condition of the identify hint data. See https://marc.info/?l=openbsd-announce m=144925068504102 for details. The LibreSSL project continues improvement of the codebase to reflect modern. safe programming practices. We welcome feedback and improvements from the broader community. Thanks to all of the contributors who helped make this release possible.
2.3.104 Nov 2015 00:25 cleanup: This release is the second snapshot based on the development OpenBSD 5.9 Branch. It is still likely to change more compared to the 2.2.x and 2.1.x Branches. The ABI/API for the LibreSSL 2.3.x series will be declared stable Around March 2016. See http://www.libressl.org/releases.html for more details. LibreSSL 2.3.1 has the following notable changes: ASN.1 cleanups and RFC5280 compliance. Time representations switched from 'unsigned long' to 'time_t'. LibreSSL. Now checks if the host OS supports 64-bit time_t. a leak in SSL_new in the error path. Support always extracting the peer cipher and version with libtls. Added ability to check certificate validity times with libtls. Tls_peer_cert_notbefore and tls_peer_cert_notafter. Changed tls_connect_servername to use the first address that resolves with. Getaddrinfo(). Remove broken conditional EVP_CHECK_DES_KEY code (non-functional since. Initial commit in 2004). a memory leak and out-of-bounds access in OBJ_obj2txt, reported by Qualys Security. an up-to 7 byte overflow in RC4 when len is not a multiple of. Sizeof(RC4_CHUNK), reported by Pascal Cuoq. Reject too small bits value in BN_generate_prime_ex(), so that it does. Not risk becoming negative in probable_prime_dh_safe(), reported by Franck Denis. Enable nc(1) builds on more platforms. The LibreSSL project continues improvement of the codebase to reflect modern. Safe programming practices. We welcome feedback and improvements from the Broader community. Thanks to all of the contributors who helped make this Release possible.
2.3.024 Sep 2015 08:25 bugfix: This release is the first snapshot based on the development OpenBSD 5.9 branch. As such, it is likely to change more compared to the 2.2.x and 2.1.x branches. The ABI/API for the LibreSSL 2.3.x series will be declared stable around March 2016. See http://www.libressl.org/releases.html for more details. SSLv3 is now permanently removed from the tree. The libtls API is changed from the 2.2.x series. The read/write functions work correctly with external event libraries. See the tls_init man page for examples of using libtls correctly in asynchronous mode. Client-side verification is now supported, with the client supplying the certificate to the server. Also, when using tls_connect_fds, tls_connect_socket or tls_accept_fds, libtls no longer implicitly the passed in sockets. The caller is responsible for closing them in this case. When loading a DSA key from an raw (without DH parameters) ASN.1 serialization, perform some consistency checks on its `p' and `q' values, and return an error if the checks failed. Thanks for Georgi Guninski (guninski at guninski dot com) for mentioning the possibility of a weak (non prime) q value and providing a test case. See https://cpunks.org/pipermail/cypherpunks/2015-September/009007.html for a longer discussion. a in ECDH_compute_key that can lead to silent truncation of the result key without error. A coding error could cause software to use much shorter keys than intended. Removed support for DTLS_BAD_VER. Pre-DTLSv1 implementations are no longer supported. The engine command and parameters are removed from the openssl(1). Previous releases removed dynamic and builtin engine support already. SHA-0 is removed, which was withdrawn shortly after publication 20 years ago. Added Certplus CA root certificate to the default cert.pem file. New interface OPENSSL_cpu_caps is provided that does not allow software to inadvertently modify cpu capability flags. OPENSSL_ia32cap and OPENSSL_ia32cap_loc are removed. The out_len argument of AEAD chang
2.2.330 Aug 2015 22:05 : This release is based on the stable OpenBSD 5.8 branch, ing a that affects interoperability with some SSL clients. LibreSSL 2.2.2 incorrectly handles ClientHello messages that do not include TLS extensions, resulting in such handshakes being aborted. This release corrects the handling of such messages. Thanks to Ligushka from github for reporting the. Added install target for cmake builds. Thanks to TheNietsnie from github. Updated pkgconfig files to correctly report the release version number, not the individual library ABI version numbers. Thanks to Jan Engelhardt for reporting the. The LibreSSL project continues improvement of the codebase to reflect modern. safe programming practices. We welcome feedback and improvements from the broader community. Thanks to all of the contributors who helped make this release possible.
2.2.209 Aug 2015 09:50 minor bugfix: SSLv3 deprecation continues with its removal from openssl(1) and new linker warnings on supported platforms, indicating if a program is still using the SSLv3-only methods. We are working with upstream software providers to update programs that were not ready for SSLv3 support to be removed entirely yet. * Switched 'openssl dhparam' default from 512 to 2048 bits * Reworked openssl(1) option handling * More CRYPTO ByteString (CBC) packet parsing conversions * Fixed 'openssl pkeyutl -verify' to exit with a 0 on success * Fixed dozens of Coverity issues including dead code, memory leaks, logic errors and more. * Ensure that openssl(1) restores terminal echo state after reading a password. * Incorporated fix for OpenSSL Issue #3683 * LibreSSL version define LIBRESSL_VERSION_NUMBER will now be bumped for each portable release. * Removed workarounds for TLS client padding bugs. * No longer disable ECDHE-ECDSA on OS X * Removed SSLv3 support from openssl(1) * Removed IE 6 SSLv3 workarounds. * Modified tls_write in libtls to allow partial writes, clarified with examples in the documentation. * Removed RSAX engine * Tested SSLv3 removal with the OpenBSD ports tree and found several applications that were not ready to build without SSLv3 yet. For now, building a program that intentionally uses SSLv3 will result in a linker warning. * Added TLS_method, TLS_client_method and TLS_server_method as a replacement for the SSLv23_*method calls. * Added initial cmake build support, including support for building with Visual Studio, currently tested with Visual Studio 2013 Community Edition.
2.2.012 Jun 2015 16:45 major feature: This release is the first from the OpenBSD 5.8 development tree and features mainly on build system improvements and new OS support. * AIX Support - thanks to Michael Felt * Cygwin Support - thanks to Corinna Vinschen * Refactored build macros, support packaging libtls independently. There are more pieces required to support building and using OpenSSL with libtls, but this is an initial start at providing an independent package for people to start hacking on. * Removal of OPENSSL_issetugid and all library getenv calls. Applications can and should no longer rely on environment variables for changing library behavior. OPENSSL_CONF/SSLEAY_CONF is still supported with the openssl(1) command. * libtls API and documentation additions * Various bug fixes and simplifications to libssl and libcrypto * Fixes for the following issues are integrated into LibreSSL 2.1.7 and 2.2.0: - CVE-2015-1788 - Malformed ECParameters causes infinite loop - CVE-2015-1789 - Exploitable out-of-bounds read in X509_cmp_time - CVE-2015-1792 - CMS verify infinite loop with unknown hash function (this code is not enabled by default) * The following CVEs did not apply to LibreSSL or were fixed in earlier releases: - CVE-2015-4000 - DHE man-in-the-middle protection (Logjam) - CVE-2015-1790 - PKCS7 crash with missing EnvelopedContent - CVE-2014-8176 - Invalid free in DTLS * Fixes for the following CVEs are still in review for LibreSSL - CVE-2015-1791 - Race condition handling NewSessionTicket
2.1.619 Mar 2015 21:05 major security bugfix: This release primarily addresses a number of security issues in coordination with the OpenSSL project. This release also enables the building of libtls by default, as the API and ABI are declared stable within the LibreSSL 2.1.x series. Further changes to libtls will resume with LibreSSL 2.2.x. Incorporated fixes: CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp. CVE-2015-0287 - ASN.1 structure reuse memory corruption. CVE-2015-0289 - PKCS7 NULL pointer dereferences. CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error. CVE-2015-0288 - X509_to_X509_REQ NULL pointer deref. Additional patch for CVE-2015-0207 - Segmentation fault in DTLSv1_listen (LibreSSL is not vulnerable, but the fix was safe to merge). Fixes for CVE-2015-0204, CVE-2015-0292, CVE-2015-1787 were addressed in earlier LibreSSL releases: Issues CVE-2015-0291, CVE-2015-0290, CVE-2015-0208, CVE-2015-0293, CVE-2015-0285 did not apply to LibreSSL.
2.1.517 Mar 2015 14:45 : This release is relatively small, fixing a few bugs found in the last release before before opening development on 2.2.x. Fix incorrect comparison function in openssl(1) certhash command. Thanks to Christian Neukirchen / Void Linux. Windows port improvements and bug fixes. Removed a dynamic dependency on libgcc Correct a hang in openssl(1) reading from stdin after a connection. Correct a network initialization issue with the 'openssl ocsp' command. Reject server ephemeral DH keys smaller than 1024 bits. The LibreSSL project continues improvement of the codebase to reflect modern, safe programming practices. We welcome feedback and improvements from the broader community. Thanks to all of the contributors who helped make this release possible.
2.1.423 Feb 2015 04:45 documentation: Improvements to libtls: a new API for loading CA chains directly from memory instead of a file, allowing verification with privilege separation in a chroot without direct access to CA certificate files. Ciphers default to TLSv1.2 with AEAD and PFS. Improved error handling and message generation New APIs and improved documentation Added X509_STORE_load_mem API for loading certificates from memory. This facilitates accessing certificates from a chrooted environment. New AEAD "MAC alias" allows configuring TLSv1.2 AEAD ciphers by using 'TLSv1.2+AEAD' as the cipher selection string. Dead and disabled code removal including MD5, Netscape workarounds, non-POSIX IO, SCTP, RFC 3779 support, many #if 0 sections, and more. ASN1 macro maze expanded to aid reading and searching the code. NULL pointer asserts removed in favor of letting the OS/signal handler catch them. Refactored argument handling in openssl for consistency and maintainability. New openssl command 'certhash' replaces the c_rehash script. Support for building with OPENSSL_NO_DEPRECATED Dozens of issues found with the Coverity scanner fixed. Server-side support for TLS_FALLBACK_SCSV for compatibility with various auditor and vulnerability scanners.
2.1.322 Jan 2015 03:15 feature: Fixed various memory leaks in DTLS, including fixes for CVE-2015-0206. Added Application-Layer Protocol Negotiation support. Removed GOST R 34.10-94 signature authentication. Removed nonfunctional Netscape browser-hang workaround code. Simplfied and refactored SSL/DTLS handshake code. Added SHA256 Camellia cipher suites for TLS 1.2 from RFC 5932. Hide timing info about padding errors during handshakes. Improved libtls support for non-blocking sockets, added randomized session ID contexts. Work is ongoing with this library - feedback and potential use-cases are welcome. Support building Windows DLLs. Thanks to Jan Engelhard. Packaged config wrapper for better compatibility with OpenSSL-based build systems. Thanks to @technion from github Ensure the stack is marked non-executable for assembly sections. Thanks to Anthony G. Bastile. Enable extra compiler hardening flags by default, where applicable. The default set of hardening features can vary by OS to OS, so feedback is welcome on this. To disable the default hardening flags, specify '--disable-hardening' during configure. Thanks to Jim Barlow Initial HP-UX support, tested with HP-UX 11.31 ia64 Thanks to Kinichiro Inoguchi Initial NetBSD support, tested with NetBSD 6.1.5 x86_64 Imported from OpenNTPD, thanks to @gitisihara from github
2.1.205 Dec 2014 07:25 cleanup: Added reworked GOST cipher suite support thanks to Dmitry Eremin-Solenikov Enabled Camellia ciphers due to improved patent situation Use builtin arc4random implementation on OS X and FreeBSD addresses some deficiencies in the native implementations, see commit logs for more information. Added initial Windows mingw-w64 support thanks to Song Dongsheng for code and comments Added no_ssl3/no_tls1_1/no_tls1_2 options to openssl Many cleanups
2.1.116 Oct 2014 22:32 security: Address POODLE attack by disabling SSLv3 by default. Fix Eliptical Curve cipher selection bug.
2.1.013 Oct 2014 15:52 major bugfix: When verifying whether an IP address is in the commonName of a certificate, do not perform wildcard matching. Allow "auto" to be specified as an ECDH curve name and make this the default. This enables automatic handling of ephemeral EC keys. Move cipher configuration handling to the shared SSL configuration function so that applies to both the ressl client and server. Add an option that allows the enabled SSL protocols to be explicitly configured. Add a new API function SSL_CTX_use_certificate_chain() that allows to read the PEM-encoded certificate chain from memory instead of a file. Implement ressl_accept_socket, which allocates a new server connection context (if necessary) and handles the TLS/SSL handshake over the given socket. Improve ressl_ read,write handling of non-blocking reads/writes. Man page fixes. Remove a few stray .Pp macros. Use preferred license form. Can't trust that doug guy with anything...
2.0.509 Aug 2014 13:45 security: This version forward-ports security fixes from OpenSSL 1.0.1i, including fixes for CVE-2014-3506, CVE-2014-3507, CVE-2014-3508 (partially vulnerable), CVE-2014-3509, CVE-2014-3510, CVE-2014-3511. LibreSSL 2.0.4 however wasn't found to be vulnerable to CVE-2014-5139, CVE-2014-3512 and CVE-2014-3505.
2.0.405 Aug 2014 22:32 minor bugfix: This version includes more portability changes, as well as other work. Most noticable may be the deletion of the of the SRP code (which has not been enabled in any LibreSSL release).
2.0.324 Jul 2014 02:12 minor bugfix: This release includes a number of portability fixes based on feedback from the BSD/Linux community. It also includes some improvements to the fork detection support.
2.0.216 Jul 2014 23:32 minor bugfix: An atfork hook handler addresses the PRNG bug for possibly wrapping PIDs after forking. And a build problem for absent getauxval(3) has been eschewed with an ifdef precompiler directive. An unneeded locking variable has been removed.
2.0.114 Jul 2014 05:28 minor bugfix: This release includes a number of portability fixes based on initial community feedback. Among other things new configure options to set OPENSSLDIR and ENGINESDIR. Some hardcoded compiler options like -Werror were disabled. There was also a baseline re-sync with the latest OpenBSD upstream changes, like pkg-config support.
2.0.012 Jul 2014 11:36 cleanup: First release of LibreSSL portable
ManageYou can also help out here by:
← Update project
or flagging this entry for moderator attention.