Recent Releases

3.8.311 Mar 2024 15:45 : It includes the following changes from LibreSSL 3.8.2 Portable changes. Removed assert pop-ups with Windows debuilds. Crashes and hangs in Windows ARM64 builds. Improved control-flow enforcement (CET) support. The LibreSSL project continues improvement of the codebase to reflect modern. Safe programming practices. We welcome feedback and improvements from the Broader community. Thanks to all of the contributors who helped make this Release possible.
3.8.203 Nov 2023 11:05 documentation, cleanup: It includes the following changes from LibreSSL 3.8.1 Portable changes. processor detection for CMake targets. Thanks to @jiegec from github. Enabled building oscpcheck with MSVC. Thanks to @FtZPetruska from github. Improve CMake package detection and installation. Thanks to @mark-groundctl from github. assembly optimizations on x64 Windows targets. Allow disabling warnings about WINCRYPT overrides. Use system arc4random on FreeBSD 12 and newer. Documentation improvements. Documented the RFC 3779 API. Compatibility changes. Restrict the RFC 3779 code to IPv4 and IPv6. It was not written to be able to deal with anything else. EVP_CIPHER_CTX_iv_length() to return what was set with EVP_CTRL_AEAD_SET_IVLEN or one of its aliases. EVP_PKEY_get 0,1 _RSA for RSA-PSS. Plug a potential memory leak in ASN1_TIME_normalize(). Avoid memory leak in EVP_CipherInit(). Redirect EVP_PKEY_get1_ through their get0 siblings. a use of uninitialized in i2r_IPAddrBlocks(). Rewrote CMS_SignerInfo_ sign,verify (). Further cleanup and refactoring in the EC code. Allow IP addresses to be specified in a URI. a copy-paste error in ASN1_TIME_compare() that could lead to two UTCTimes or two GeneralizedTimes incorrectly being compared as equal. The LibreSSL project continues improvement of the codebase to reflect modern. safe programming practices. We welcome feedback and improvements from the broader community. Thanks to all of the contributors who helped make this release possible.
3.7.328 May 2023 11:45 : It includes the following : Hostflags in the verify parameters would not propagate from an SSL_CTX to newly created SSL. Reliability - A double free or use after free could occur after SSL_clear(3). The LibreSSL project continues improvement of the codebase to reflect modern. Safe programming practices. We welcome feedback and improvements from the Broader community. Thanks to all of the contributors who helped make this Release possible.
3.7.209 Apr 2023 20:05 cleanup, cleanup, cleanup, cle: It includes the following changes from the 3.6.x series Portable changes. Moved official Github project to https://github.com/libressl/. Build support for Apple Silicon. Installed opensslconf.h is now architecture-specific. Removed internal defines from opensslconf.h. Support reproducible builds on tagged commits in main branch. Internal improvements. Initial overhaul of the BIGNUM code: Added a new framework that allows architecture-dependent replacement implementations for bignum primitives. Imported various s2n-bignum's constant time assembly primitives and switched amd64 to them. Lots of cleanup, simplification and. Changed Perl assembly generators to move constants into.rodata, allowing code to run with execute-only permissions. Capped the number of iterations in DSA and ECDSA signing (avoiding infinite loops), added additional sanity checks to DSA. ASN.1 parsing improvements. Made UI_destroy_method() NULL safe. Various improvements to nc(1). Always clear EC groups and points on free. Cleanup and improvements in EC code. Various openssl(1) improvements. Remove dependency on system timegm() and gmtime() by replacing traditional Julian date conversion with POSIX epoch-seconds date conversion from BoringSSL. Clean old and unused BN code dealing with primes. Start rewriting name constraints code using CBS. Remove support for the HMAC PRIVATE KEY. Rework DSA signing and verifying internals. Internal headers coming from OpenSSL are all called *_local.h now. Rewrite TLSv1.2 key exporter. Cleaned up and refactored various aspects of the legacy TLS stack. a memory leak, a double free and various other in BIO_new_NDEF(). various crashes in the openssl(1) testing utility. Do not check policies by default in the new X.509 verifier. Added missing error checking in PKCS7. Call CRYPTO_cleanup_all_ex_data() from OPENSSL_cleanup(). Add EVP_chacha20_poly1305() to the list of all ciphers. potential leaks of EVP_PKEY in various printing functions. potential leak in OBJ_NAME_add().
3.6.208 Feb 2023 07:45 : It includes the following security : A malicious certificate revocation list or timestamp response token. Would allow an attacker to read arbitrary memory. The LibreSSL project continues improvement of the codebase to reflect modern. Safe programming practices. We welcome feedback and improvements from the Broader community. Thanks to all of the contributors who helped make this Release possible.
3.6.101 Nov 2022 10:45 : It includes the following : Custom verification callbacks could cause the X.509 verifier to fail to store errors resulting from leaf certificate verification. Reported by Ilya Shipitsin. Unbreak ASN.1 indefinite length encoding. Reported by Niklas Hallqvist. endian detection on macOS Reported by jiegec on Github. The LibreSSL project continues improvement of the codebase to reflect modern. safe programming practices. We welcome feedback and improvements from the broader community. Thanks to all of the contributors who helped make this release possible.
3.5.319 May 2022 07:05 : It includes the following reliability : D2i_ASN1_OBJECT(). A confusion of two CBS resulted in advancing. The passed *der_in pointer incorrectly. Thanks to Aram Sargsyan for Reporting the and testing the. The LibreSSL project continues improvement of the codebase to reflect modern. Safe programming practices. We welcome feedback and improvements from the Broader community. Thanks to all of the contributors who helped make this Release possible.
3.5.224 Apr 2022 13:25 minor, cleanup, cleanup, docum: It includes the following changes from LibreSSL 3.4.x New Features. The RFC 3779 API was ported from OpenSSL. Many were, regression tests were added and the code was cleaned up. Certificate Transparency was ported from OpenSSL. Many internal improvements were made, resulting in cleaner and safer code. Regress coverage was added. libssl does not yet make use of it. Avoid single byte overread in asn1_parse2(). Allow name constraints with a leading dot. From Alex Wilson. Relax a check in x509_constraints_dirname() to allow pre. From Alex Wilson. NULL dereferences in openssl(1) cms option parsing. Do not zero the computed cofactor on ec_guess_cofactor() success. Bound cofactor in EC_GROUP_set_generator() to reduce the number of bogus groups that can be described with nonsensical parameters. Avoid various potential segfaults in EVP_PKEY_CTX_free() in low memory conditions. Reported for HMAC by Masaru Masuda. Plug leak in ASN1_TIME_adj_internal(). Avoid infinite loop for custom curves of order 1. reported by Hanno Boeck, comments by David Benjamin. Avoid an infinite loop on parsing DSA private keys by validating that the provided parameters conform to FIPS 186-4. reported by Hanno Boeck, comments by David Benjamin. In some situations, the verifier would discard the error on an unvalidated certificate chain. This would happen when the verification callback was in use, instructing the verifier to continue unconditionally. This could lead to incorrect decisions being made in software. Avoid an infinite loop in SSL_shutdown(). another return 0 in SSL_shutdown(). Handle zero byte reads/writes that trigger handshakes in the TLSv1.3 stack. A long standing memleak in libtls CRL handling was Compatibility improvements. Allow non-standard name constraints of the form @domain.com. Most structs that were previously defined in the following headers are now opaque as they are in OpenSSL 1.1: bio.h, bn.h, comp.h, dh.h, dsa.h, evp.h, hmac.h, ocsp.h, rsa.h, x509.h, x509v3.h, x509_vfy.h.
3.4.316 Mar 2022 14:25 : It includes the following security : A malicious certificate can cause an infinite loop. Reported by and from Tavis Ormandy and David Benjamin, Google. The LibreSSL project continues improvement of the codebase to reflect modern. Safe programming practices. We welcome feedback and improvements from the Broader community. Thanks to all of the contributors who helped make this Release possible.
3.4.226 Nov 2021 03:20 : It includes the following security In some situations the X.509 verifier would discard an error on an. Unverified certificate chain, resulting in an authentication bypass. Thanks to Ilya Shipitsin and Timo Steinlein for reporting. The LibreSSL project continues improvement of the codebase to reflect modern. Safe programming practices. We welcome feedback and improvements from the Broader community. Thanks to all of the contributors who helped make this Release possible.
3.4.115 Oct 2021 14:05 documentation: It includes the following changes from LibreSSL 3.3.x New Features. Added support for OpenSSL 1.1.1 TLSv1.3 APIs. Enabled the new X.509 validator to allow verification of modern certificate chains. Portable Improvements. Added Universal Windows Platform (UWP) build support. mingw-w64 builds on newer versions with missing SSP support. API and Documentation Enhancements. Added the following APIs from OpenSSL BN_bn2binpad BN_bn2lebinpad BN_lebin2bn EC_GROUP_get_curve EC_GROUP_order_bits EC_GROUP_set_curve EC_POINT_get_affine_coordinates EC_POINT_set_affine_coordinates EC_POINT_set_compressed_coordinates EVP_DigestSign EVP_DigestVerify SSL_CIPHER_find SSL_CTX_get0_privatekey SSL_CTX_get_max_early_data SSL_CTX_get_ssl_method SSL_CTX_set_ciphersuites SSL_CTX_set_max_early_data SSL_CTX_set_post_handshake_auth SSL_SESSION_get0_cipher SSL_SESSION_get_max_early_data SSL_SESSION_is_resumable SSL_SESSION_set_max_early_data SSL_get_early_data_status SSL_get_max_early_data SSL_read_early_data SSL_set0_rbio SSL_set_ciphersuites SSL_set_max_early_data SSL_set_post_handshake_auth SSL_set_psk_use_session_callback SSL_verify_client_post_handshake SSL_write_early_data. Added AES-GCM constants from RFC 7714 for SRTP. Compatibility Changes. Implement flushing for TLSv1.3 handshakes behavior, needed for Apache. Call the info callback on connect/accept exit in TLSv1.3, needed for p5-Net-SSLeay. Default to using named curve parameter encoding from pre-OpenSSL 1.1.0, adding OPENSSL_EC_EXPLICIT_CURVE. Do not ignore SSL_TLSEXT_ERR_FATAL from the ALPN callback. Testing and Proactive Security. Added additional state machine test coverage. Improved integration test support with ruby/openssl tests. Error codes and callback support in new X.509 validator made compatible with p5-Net_SSLeay tests. Internal Improvements. Numerous and improvements to the new X.509 validator to ensure compatible error codes and callback support compatible with the legacy OpenSSL validator. The LibreSSL project continues
3.3.503 Oct 2021 07:45 : It includes the following : A stack overread could occur when checking X.509 name constraints. From GoldBinocle on GitHub. Enable X509_V_FLAG_TRUSTED_FIRST by default in the legacy verifier. This compensates for the expiry of the DST Root X3 certificate. The LibreSSL project continues improvement of the codebase to reflect modern. safe programming practices. We welcome feedback and improvements from the broader community. Thanks to all of the contributors who helped make this release possible.
3.3.426 Aug 2021 06:25 : It includes the following : In LibreSSL, printing a certificate can result in a crash in X509_CERT_AUX_print(). Thanks to Ingo Schwarze. Ensure GNU-stack is set on ELF platforms when building with CMake to. Enable non-executable stack annotations for the GNU toolchain. Thanks to Tobias Heider. The LibreSSL project continues improvement of the codebase to reflect modern. Safe programming practices. We welcome feedback and improvements from the Broader community. Thanks to all of the contributors who helped make this Release possible.
3.3.304 May 2021 23:45 documentation, documentation,: Other than the version number, it is identical to LibreSSL 3.3.2. It includes the following changes from LibreSSL 3.2.2: New Features. Support for DTLSv1.2. Continued rewrite of the record layer for the legacy stack. Numerous and interoperability were in the new verifier. A few and incompatibilities remain, so this release uses the old verifier by default. The OpenSSL 1.1 TLSv1.3 API is not yet available. Portable Improvements. Added '--enable-libtls-only' build option, which builds and installs a statically-linked libtls, skipping libcrypto and libssl. This is useful for systems that ship with OpenSSL but wish to also package libtls. Update getentropy on Windows to use Cryptography Next Generation (CNG). wincrypt is deprecated and no longer works with newer Windows environments, such as in Windows Store apps. API and Documentation Enhancements. Add a number of RPKI OIDs from RFC 6482, 6484, 6493, 8182, 8360, draft-ietf-sidrops-rpki-rta, and draft-ietf-opsawg-finding-geofeeds. Add support for SSL_get_shared_ciphers(3) with TLSv1.3. Add DTLSv1.2 methods. Implement SSL_is_dtls(3) and use it internally in place of the SSL_IS_DTLS macro. Provide EVP_PKEY_new_CMAC_KEY(3). Add missing prototype for d2i_DSAPrivateKey_fp(3) to x509.h. Add DTLSv1.2 to openssl(1) s_server and s_client protocol message logging. Provide SSL_use_certificate_chain_file(3). Provide SSL_set_hostflags(3) and SSL_get0_peername(3). Provide various DTLSv1.2 specific functions and defines. Document meaning of '*' in the genrsa output. Updated documentation for SSL_get_shared_ciphers(3). Add documentation for SSL_get_finished(3). Document EVP_PKEY_new_CMAC_key(3). Document SSL_use_certificate_chain_file(3). Document SSL_set_hostflags(3) and SSL_get0_peername(3). Update SSL_get_version(3) manual for DTLSv.1.2 support. Make supported protocols and options for DHE params more prominent in tls_config_set_protocols(3). Various documentation improvements around TLS methods. Compatibility Changes. Make openssl(
3.2.518 Mar 2021 11:25 : It includes the following : A TLS client using session resumption may cause a use-after-free. The LibreSSL project continues improvement of the codebase to reflect modern. Safe programming practices. We welcome feedback and improvements from the Broader community. Thanks to all of the contributors who helped make this Release possible.
3.2.413 Feb 2021 10:45 : It includes the following and interoperability : Switch back to certificate verification code from LibreSSL 3.1.x. The new verifier is not compatible with the old verifier causing with applications expecting behavior of the old verifier. Unbreak DTLS retransmissions for flights that include a CCS. Only check BIO_should_read() on read and BIO_should_write() on write. Implement autochain for the TLSv1.3 server. Use the legacy verifier for autochain. Implement exporter for TLSv1.3. Free alert_data and phh_data in tls13_record_layer_free(). Plug leak in x509_verify_chain_dup(). Free the policy tree in x509_vfy_check_policy(). The LibreSSL project continues improvement of the codebase to reflect modern. safe programming practices. We welcome feedback and improvements from the broader community. Thanks to all of the contributors who helped make this release possible.
3.2.310 Dec 2020 08:25 : It includes the following security : Malformed ASN.1 in a certificate revocation list or a timestamp. Response token can lead to a NULL pointer dereference. The LibreSSL project continues improvement of the codebase to reflect modern. Safe programming practices. We welcome feedback and improvements from the Broader community. Thanks to all of the contributors who helped make this Release possible.
3.2.219 Oct 2020 15:05 : This is the first stable release from the 3.2 series, which is included with OpenBSD 6.8. It includes the following changes from LibreSSL 3.2.1 This is the first stable release with the new TLSv1.3 implementation enabled by default for both client and server. The OpenSSL 1.1 TLSv1.3 API is not yet available and will be provided in an upcoming release. New X509 certificate chain validator that correctly handles multiple paths through intermediate certificates. Loosely based on Go's X509 validator. New name constraints verification implementation which passes the bettertls.com certificate validation check suite. Improve the handling of BIO_read()/BIO_write() failures in the TLSv1.3 stack. Start replacing the existing TLSv1.2 record layer. Define OPENSSL_NO_SSL_TRACE in opensslfeatures.h. Make SSL_CTX_get_ciphers(NULL) return NULL rather than crash. Send alert on ssl_get_prev_session() failure. Zero out variable on the stack to avoid leaving garbage in the tail of short session IDs. Move state initialization from SSL_clear() to ssl3_clear() to ensure that it gets correctly reinitialized across a SSL_set_ssl_method() call. Avoid an out-of-bounds write in BN_rand(). numerous leaks in the UI_dup_ functions. Simplify and tidy up the code in ui_lib.c. Correctly track selected ALPN length to avoid a potential segmentation fault with SSL_get0_alpn_selected() when alpn_selected is NULL. Include machine/endian.h gost2814789.c in order to pick up the __STRICT_ALIGNMENT define. Simplify SSL method lookups. Clean up and simplify SSL_get_ciphers(), SSL_set_session(), SSL_set_ssl_method() and several internal functions. Correctly handle ssl_cert_dup() failure in SSL_set_SSL_CTX(). Refactor dtls1_new(), dtls1_hm_fragment_new(), dtls1_drain_fragments(), dtls1_clear_queues(). Copy the session ID directly in ssl_get_prev_session() instead of handing it through several functions for copying. Clean up and refactor ssl_get_prev_session(); simplify tls_decrypt_() and tls1_process_() exit pa
3.1.418 Aug 2020 22:45 : It includes the following interoperability and for the TLSv1.3 client: Improve client certificate selection to allow EC certificates. Instead of only RSA certificates. Do not error out if a TLSv1.3 server requests an OCSP response as. Part of a certificate request. SSL_shutdown behavior to match the legacy stack. The previous. Behaviour could cause a hang. a memory leak and add a missing error check in the handling of. The key update message. a memory leak in tls13_record_layer_set_traffic_key. Avoid calling freezero with a negative size if a server sends a. Malformed plaintext of all zeroes. Ensure that only PSS may be used with RSA in TLSv1.3 in order to avoid using PKCS1-based signatures. Add the P-521 curve to the list of curves supported by default in the client. The LibreSSL project continues improvement of the codebase to reflect modern. Safe programming practices. We welcome feedback and improvements from the Broader community. Thanks to all of the contributors who helped make this Release possible.
3.1.317 Jun 2020 00:05 : It includes the following : Libcrypto may fail to build a valid certificate chain due to. Expired untrusted r certificates. The LibreSSL project continues improvement of the codebase to reflect modern. Safe programming practices. We welcome feedback and improvements from the Broader community. Thanks to all of the contributors who helped make this Release possible.
3.1.223 May 2020 09:45 : It includes the following : A TLS client with peer verification disabled may crash when. Contacting a server that sends an empty certificate list. The LibreSSL project continues improvement of the codebase to reflect modern. Safe programming practices. We welcome feedback and improvements from the Broader community. Thanks to all of the contributors who helped make this Release possible.
3.1.110 May 2020 04:05 documentation, documentation,: This is the first stable release from the 3.1 series, which is included with OpenBSD 6.7. It includes the following changes from 3.0: New Features. Completed initial TLS 1.3 implementation with a completely new state machine and record layer. TLS 1.3 is now enabled by default for the client side, with the server side to be enabled in a future release. Note that the OpenSSL TLS 1.3 API is not yet visible/available. Improved cipher suite handling to automatically include TLSv1.3 cipher suites when they are not explicitly referred to in the cipher string. Provided TLSv1.3 cipher suite aliases to match the names used in RFC 8446. Added cms subcommand to openssl(1). Added -addext option to openssl(1) req subcommand. Added -groups option to openssl(1) s_server subcommand. Added TLSv1.3 extension types to openssl(1) -tlsextde. API and Documentation Enhancements. Added RSA-PSS and RSA-OAEP methods from OpenSSL 1.1.1. Ported Cryptographic Message Syntax (CMS) implementation from OpenSSL 1.1.1 and enabled by default. Compatibility Changes. Improved compatibility by backporting functionality and documentation from OpenSSL 1.1.1. Adjusted EVP_chacha20()'s behavior to match OpenSSL's semantics. Testing and Proactive Security: Added many new additional crypto test vectors. to disallow setting the AES-GCM IV length to zero. Internal Improvements. Many more code cleanups,, and improvements to memory handling and protocol parsing. Portable Improvements. Default CA bundle location is now configurable in portable builds. Improved portable builds to support for use of static MSVC runtimes. portable builds to avoid exporting a sleep() symbol. printing the serialNumber with X509_print_ex() fall back to the colon separated hex bytes in case greater than int value. The LibreSSL project continues improvement of the codebase to reflect modern. safe programming practices. We welcome feedback and improvements from the broader community. Thanks to all of the contributors who helped make this re
3.0.220 Oct 2019 07:45 documentation: This is the first stable release from the 3.0 series, which is included with OpenBSD 6.6. It includes the following changes: Use a valid curve when constructing an EC_KEY that looks like X25519. The recent EC group cofactor change results in stricter validation, which causes the EC_GROUP_set_generator() call to fail. reported and tested by rsadowski@. a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey. Note that the CMS code is currently disabled) Port of Edlinger's for CVE-2019-1563 from OpenSSL 1.1.1 (old license). Avoid a path traversal in s_server on Windows when run with the -WWW or -HTTP options, due to incomplete path check logic. reported and tested by Jobert Abma. It includes the following changes and improvements from LibreSSL 2.9.x: API and Documentation Enhancements. Completed the port of RSA_METHOD accessors from the OpenSSL 1.1 API. Documented undescribed options and removed unfunctional options description in openssl(1) manual. Testing and Proactive Security. A plethora of small due to regular oss-fuzz testing. Various side channels in DSA and ECDSA were addressed. These are some of the many found in an extensive systematic analysis of bignum usage by Samuel Weiser, David Schrammel et al. Try to compute the cofactor if a nonsensical value was provided for ECC parameters. from Billy Brumley. Portable Improvements. Enabled performance optimizations when building with Visual Studio on Windows. Enabled openssl(1) speed subcommand on Windows platform. where SRTP extension would not be sent by server. incorrect carry operation in 512 addition for Streebog. modulus option with openssl(1) dsa subcommand. PVK format output with openssl(1) dsa and rsa subcommand. a padding oracle attack in PKCS7_dataDecode() and CMS_decrypt_set1_pkey() (CMS is currently disabled). From Bernd Edlinger. The LibreSSL project continues improvement of the codebase to reflect modern. safe programming practices. We welcome feedback and improvements from the broader communi
2.9.221 May 2019 11:25 : It includes the following changes: Portable builds with older versions of MacOS, Android targets API 21, and Solaris 10. SRTP profile advertisement for DTLS servers. The LibreSSL project continues improvement of the codebase to reflect modern. Safe programming practices. We welcome feedback and improvements from the Broader community. Thanks to all of the contributors who helped make this Release possible.
2.9.122 Apr 2019 09:45 documentation: It includes the following changes and improvements from LibreSSL 2.8.x: API and Documentation Enhancements. CRYPTO_LOCK is now automatically initialized, with the legacy callbacks stubbed for compatibility. Added the SM3 hash function from the Chinese standard GB/T 32905-2016. Added the SM4 block cipher from the Chinese standard GB/T 32907-2016. Added more OPENSSL_NO_ macros for compatibility with OpenSSL. Partial port of the OpenSSL EC_KEY_METHOD API for use by OpenSSH. Implemented further missing OpenSSL 1.1 API. Added support for XChaCha20 and XChaCha20-Poly1305. Added support for AES key wrap constructions via the EVP interface. Compatibility Changes. Added pbkdf2 key derivation support to openssl(1) enc. Changed the default digest type of openssl(1) enc to sha256. Changed the default digest type of openssl(1) dgst to sha256. Changed the default digest type of openssl(1) x509 -fingerprint to sha256. Changed the default digest type of openssl(1) crl -fingerprint to sha256. Testing and Proactive Security. Added extensive interoperability tests between LibreSSL and OpenSSL 1.0 and 1.1. Added additional Wycheproof tests and related. Internal Improvements. Simplified sigalgs option processing and handshake signing algorithm selection. Added the ability to use the RSA PSS algorithm for handshake signatures. Added bn_rand_interval() and use it in code needing ranges of random bn values. Added functionality to derive early, handshake, and application secrets as per RFC8446. Added handshake state machine from RFC8446. Removed some ASN.1 related code from libcrypto that had not been used since around 2000. Unexported internal symbols and internalized more record layer structs. Removed SHA224 based handshake signatures from consideration for use in a TLS 1.2 handshake. Portable Improvements. Added support for assembly optimizations on 32-bit ARM ELF targets. Added support for assembly optimizations on Mingw-w64 targets. Improved Android compatibility. Improved protection a
2.8.317 Dec 2018 09:05 : It includes the following changes: Warnings about clock_gettime on Windows Visual Studio builds. CMake builds on systems where getpagesize is defined as an. Inline function. Implemented coordinate blinding for EC_POINT as an additional. Mitigation for the portsmash vulnerability. a non-uniformity in getentropy(2) emulation where a block of. All zeroes would be discarded. The LibreSSL project continues improvement of the codebase to reflect modern. Safe programming practices. We welcome feedback and improvements from the Broader community. Thanks to all of the contributors who helped make this Release possible.
2.8.219 Oct 2018 13:05 documentation, documentation: It includes the following changes from 2.8.1 Added Wycheproof support for ECDH and ECDSA Web Crypto test vectors, along with test harness. memory leak in nc(1). LibreSSL 2.8.2 also includes: Added Wycheproof support for ECDH, RSASSA-PSS, AES-GCM, AES-CMAC, AES-CCM, AES-CBC-PKCS5, DSA, ChaCha20-Poly1305, ECDSA, and X25519 test vectors. Applied appropriate for errors uncovered by tests. Simplified key exchange signature generation and verification. a one-byte buffer overrun in callers of EVP_read_pw_string. Converted more code paths to use CBB/CBS. All handshake messages are now created by CBB. various memory leaks found by Coverity. Simplified session parsing and handling, inspired by BoringSSL. Modified signature of CRYPTO_mem_leaks_ to return -1. This function is a no-op in LibreSSL, so this function returns an error to not indicate the (non-)existence of memory leaks. SSL_copy_session_id, PEM_Sign, EVP_EncodeUpdate, BIO_set_cipher, X509_OBJECT_up_ref_count now return an int for error handling, matching OpenSSL. Converted a number of #defines into proper functions, matching OpenSSL's ABI. Added X509_get0_serialNumber from OpenSSL. Removed EVP_PKEY2PKCS8_broken and PKCS8_set_broken, while adding PKCS8_pkey_add1_attr_by_NID and PKCS8_pkey_get0_attrs, matching OpenSSL. Removed broken pkcs8 formats from openssl(1). Converted more functions in public API to use const arguments. Stopped handing AES-GCM in ssl_cipher_get_evp, since they use the EVP_AEAD interface. Stopped using composite EVP_CIPHER AEADs. Added timing-safe compares for checking results of signature verification. There are no known attacks, this is just inexpensive prudence. Correctly clear the current cipher state, when changing cipher state. This an where renegotiation of cipher suites would fail when switched from AEAD to non-AEAD or vice-versa. reported by Bernard Spil. Added more cipher tests to appstest.sh, including all TLSv1.2 ciphers. Added RSA_meth_get_finish() RSA_meth_set1_name() from OpenSSL.
2.7.414 Jun 2018 10:25 : Avoid a timing side-channel leak when generating DSA and ECDSA. Signatures. This is caused by an attempt to do fast modular Arithmetic, which introduces branches that leak information Regarding secret values. identified and reported by Keegan Ryan of NCC Group. Reject excessively large primes in DH key generation. Problem. Reported by Guido Vranken to OpenSSL https://github.com/openssl/openssl/pull/6457) and based on his. Diff. The LibreSSL project continues improvement of the codebase to reflect modern. Safe programming practices. We welcome feedback and improvements from the Broader community. Thanks to all of the contributors who helped make this Release possible.
2.7.306 May 2018 15:45 bugfix: Removed incorrect NULL checks in DH_set0_key(). Reported by Ondrej Sury. Limited tls_config_clear_keys() to only clear private keys. This was inadvertently clearing the keypair, which includes the OCSP staple. And pubkey hash - if an application called tls_configure() followed by Tls_config_clear_keys(), this would prevent OCSP staples from working. an normalizing CPU architecture in the configure script. Which disabled assembly optimizations on platforms that get detected as 'amd64', opposed to 'x86_64'. The LibreSSL project continues improvement of the codebase to reflect modern. Safe programming practices. We welcome feedback and improvements from the Broader community. Thanks to all of the contributors who helped make this Release possible.
2.7.202 Apr 2018 06:45 documentation, documentation: It includes the following changes from 2.7.1 Updated and added extensive new HISTORY sections to API manuals. Added support for shared library builds with CMake on all supported. Platforms. Note that some of the CMake options have changed, consult The README for details. LibreSSL 2.7.2 also includes: Added support for many OpenSSL 1.0.2 and 1.1 APIs, based on. Observations of real-world usage in applications. These are Implemented in parallel with existing OpenSSL 1.0.1 APIs - visibility Changes have not been made to existing structs, allowing code written For older OpenSSL APIs to continue working. Extensive corrections, improvements, and additions to the API documentation, including new public APIs from OpenSSL that had no pre-existing documentation. Added support for automatic library initialization in libcrypto. Libssl, and libtls. Support for pthread_once or a compatible Equivalent is now required of the target operating system. As a Side-effect, minimum Windows support is Vista or higher. Converted more packet handling methods to CBB, which improves. Resiliency when generating TLS messages. Completed TLS extension handling rewrite, improving consistency of. Checks for malformed and duplicate extensions. Rewrote ASN1_TYPE_ get,set _octetstring() using templated ASN.1. This removes the last remaining use of the old M_ASN1_ macros. asn1_mac.h) from API that needs to continue to exist. Added support for client-side session resumption in libtls. A libtls client can specify a session file descriptor (a regular. File with appropriate ownership and permissions) and libtls will Manage reading and writing of session data across TLS handshakes. Improved support for strict alignment on ARMv7 architectures. Conditionally enabling assembly in those cases. a memory leak in libtls when reusing a tls_config. Merged more DTLS support into the regular TLS code path, removing. Duplicated code. Many improvements to Windows Cmake-based builds and tests. Especially when targeting Vi
2.7.127 Mar 2018 14:05 documentation, documentation: It includes the following changes from 2.7.0 a in int_x509_param_set_hosts, calling strlen() if name. Length provided is 0 to match the OpenSSL behaviour. noticed by Christian Heimes. Builds macOS 10.11 and older. LibreSSL 2.7.1 also includes: Added support for many OpenSSL 1.0.2 and 1.1 APIs, based on. Observations of real-world usage in applications. These are Implemented in parallel with existing OpenSSL 1.0.1 APIs - visibility Changes have not been made to existing structs, allowing code written For older OpenSSL APIs to continue working. Extensive corrections, improvements, and additions to the API documentation, including new public APIs from OpenSSL that had no pre-existing documentation. Added support for automatic library initialization in libcrypto. Libssl, and libtls. Support for pthread_once or a compatible Equivalent is now required of the target operating system. As a Side-effect, minimum Windows support is Vista or higher. Converted more packet handling methods to CBB, which improves. Resiliency when generating TLS messages. Completed TLS extension handling rewrite, improving consistency of. Checks for malformed and duplicate extensions. Rewrote ASN1_TYPE_ get,set _octetstring() using templated ASN.1. This removes the last remaining use of the old M_ASN1_ macros. asn1_mac.h) from API that needs to continue to exist. Added support for client-side session resumption in libtls. A libtls client can specify a session file descriptor (a regular. File with appropriate ownership and permissions) and libtls will Manage reading and writing of session data across TLS handshakes. Improved support for strict alignment on ARMv7 architectures. Conditionally enabling assembly in those cases. a memory leak in libtls when reusing a tls_config. Merged more DTLS support into the regular TLS code path, removing. Duplicated code. Many improvements to Windows Cmake-based builds and tests. Especially when targeting Visual Studio. The LibreSSL project continues improvement of
2.7.023 Mar 2018 06:05 documentation, documentation: Added support for many OpenSSL 1.0.2 and 1.1 APIs, based on. Observations of real-world usage in applications. These are Implemented in parallel with existing OpenSSL 1.0.1 APIs - visibility Changes have not been made to existing structs, allowing code written For older OpenSSL APIs to continue working. Extensive corrections, improvements, and additions to the API documentation, including new public APIs from OpenSSL that had no pre-existing documentation. Added support for automatic library initialization in libcrypto. Libssl, and libtls. Support for pthread_once or a compatible Equivalent is now required of the target operating system. As a Side-effect, minimum Windows support is Vista or higher. Converted more packet handling methods to CBB, which improves. Resiliency when generating TLS messages. Completed TLS extension handling rewrite, improving consistency of. Checks for malformed and duplicate extensions. Rewrote ASN1_TYPE_ get,set _octetstring() using templated ASN.1. This removes the last remaining use of the old M_ASN1_ macros. asn1_mac.h) from API that needs to continue to exist. Added support for client-side session resumption in libtls. A libtls client can specify a session file descriptor (a regular. File with appropriate ownership and permissions) and libtls will Manage reading and writing of session data across TLS handshakes. Improved support for strict alignment on ARMv7 architectures. Conditionally enabling assembly in those cases. a memory leak in libtls when reusing a tls_config. Merged more DTLS support into the regular TLS code path, removing. Duplicated code. Many improvements to Windows Cmake-based builds and tests. Especially when targeting Visual Studio. The LibreSSL project continues improvement of the codebase to reflect modern. Safe programming practices. We welcome feedback and improvements from the Broader community. Thanks to all of the contributors who helped make this Release possible.
2.6.420 Dec 2017 20:05 : Made tls_config_parse_protocols() work correctly when passed a NULL. Pointer for a protocol string. found by semarie@, who also Provided the diff. Corrected TLS extensions handling when no extensions are present. If no TLS extensions are present in a client hello or server hello. Omit the entire extensions block, rather than including it with a Length of zero. Thanks to Eric Elena for Providing packet captures and testing the. Portable builds on older Android systems, and systems without IPV6_TCLASS support. The LibreSSL project continues improvement of the codebase to reflect modern. Safe programming practices. We welcome feedback and improvements from the Broader community. Thanks to all of the contributors who helped make this Release possible.
2.6.307 Nov 2017 09:05 : Added support for providing CRLs to libtls - once a CRL is provided via tls_config_set_crl_file(3) or tls_config_set_crl_mem(3), CRL checking is enabled and required for the full certificate chain. Reworked TLS certificate name verification code to more strictly follow RFC 6125. Cleaned up and simplified server key exchange EC point handling. Removed inconsistent IPv6 handling from BIO_get_accept_socket(), simplified BIO_get_host_ip() and BIO_accept(). Added definitions for three OIDs used in EV certificates. Relaxed SNI validation to allow non-RFC-compliant clients using literal IP addresses with SNI to connect to a libtls-based TLS server. Added tls_peer_cert_chain_pem() to libtls, useful in private certificate validation callbacks such as those in relayd. Converted explicit clear/free sequences to use freezero(3). the openssl(1) ca command so that it generates certificates with RFC 5280-conformant time. Added ASN1_TIME_set_tm(3) to set an ASN.1 time from a struct tm *. Added SSL ,_CTX _set_ min,max _proto_version(3) functions. Imported HKDF (HMAC Key Derivation Function) from BoringSSL. Provided a tls_unload_file(3) function that frees the memory returned from a tls_load_file(3) call, ensuring that the contents become inaccessible. Implemented reference counting for libtls tls_config, allowing tls_config_free(3) to be called as soon as it has been passed to the final tls_configure(3) call, simplifying lifetime tracking for the application. Dropped cipher suites using DSS authentication. Removed support for DSS/DSA from libssl. Distinguish between self-d certificates and self-signed certificates. The certificate verification code has special cases for self-signed certificates and without this change, self-d certificates (which it seems are common place with openvpn/easyrsa) were also being included in this category. Added a new TLS extension handling framework and converted all TLS extensions to use it. Improved and added many new manpages. Updated SSL_ CTX_, chec
2.5.513 Jul 2017 14:25 : Distinguish between self-d certificates and self-signed. Certificates. The certificate verification code has special cases For self-signed certificates and without this change, self-d Certificates (which it seems are common place with Openvpn/easyrsa) were also being included in this category. Added getpagesize fallback, needed for Android bionic libc. The LibreSSL project continues improvement of the codebase to reflect modern. Safe programming practices. We welcome feedback and improvements from the Broader community. Thanks to all of the contributors who helped make this Release possible.
2.5.404 May 2017 11:25 : Reverted a previous change that forced consistency between return. Value and error code when specifing a certificate verification Callback, since this breaks the documented API. When a user supplied Callback always returns 1, and later code checks the error code to Potentially abort post verification, this will result in incorrect Successul certificate verification. Switched Linux getrandom() usage to non-blocking mode, continuing to. Use fallback mechanims if unsuccessful. This works around a design Flaw in Linux getrandom(2) where early boot usage in a library makes it impossible to recover if getrandom(2) is not yet initialized. a caused by the return value being set early to signal. Successful DTLS cookie validation. This can mask a later failure and Result in a positive return value being returned from Ssl3_get_client_hello(), when it should return a negative value to Propagate the error. a build error on non-x86/x86_64 systems running Solaris. The LibreSSL project continues improvement of the codebase to reflect modern. Safe programming practices. We welcome feedback and improvements from the Broader community. Thanks to all of the contributors who helped make this Release possible.
2.5.312 Apr 2017 21:05 cleanup: libtls now supports ALPN and SNI. libtls adds a new callback interface for integrating custom IO functions. Thanks to Tobias Pape. libtls now handles 4 cipher suite groups: secure" (TLSv1.2+AEAD+PFS). compat" (HIGH:!aNULL). legacy" (HIGH:MEDIUM:!aNULL). insecure" (ALL:!aNULL:!eNULL) This allows for flexibility and finer grained control, rather than having two extremes (an raised by Marko Kreen some time ago). Tightened error handling for tls_config_set_ciphers(). libtls now always loads CA, key and certificate files at the time the configuration function is called. This simplifies code and results in a single memory based code path being used to provide data to libssl. Added support for OCSP intermediate certificates. Added functions used by stunnel and exim from BoringSSL - this brings in X509_check_host, X509_check_email, X509_check_ip, and X509_check_ip_asc. Added initial support for iOS, thanks to Jacob Berkman. Improved behavior of arc4random on Windows when using memory leak analysis software. Correctly handle an EOF that occurs prior to the TLS handshake completing. Reported by Vasily Kolobkov, based on a diff from Marko Kreen. Limit the support of the "backward compatible" ssl2 handshake to only be used if TLS 1.0 is enabled. incorrect results in certain cases on 64-bit systems when BN_mod_word() can return incorrect results. BN_mod_word() now can return an error condition. Thanks to Brian Smith. Added constant-time updates to address CVE-2016-0702. undefined behavior in BN_GF2m_mod_arr(). Removed unused Cryptographic Message Support (CMS). More conversions of long long idioms to time_t. Improved compatibility by avoiding printing NULL strings with printf. Reverted change that cleans up the EVP cipher context in EVP_EncryptFinal() and EVP_DecryptFinal(). Some software relies on the previous behaviour. Avoid unbounded memory growth in libssl, which can be triggered by a TLS client repeatedly renegotiating and sending OCSP Status Request TLS extensions. Avoid
2.5.228 Mar 2017 02:25 : Added the recallocarray(3) memory allocation function, and converted. Various places in the library to use it, such as CBB and BUF_MEM_grow. Recallocarray(3) is similar to reallocarray. Newly allocated memory is cleared similar to calloc(3). Memory that becomes unallocated. While shrinking or moving existing allocations is explicitly Discarded by unmapping or clearing to 0. Added new root CAs from SECOM Trust Systems / Security Communication of Japan. Added EVP interface for MD5+SHA1 hashes. DTLS client failures when the server sends a certificate. Request. Correct handling of padding when upgrading an SSLv2 challenge into an SSLv3/TLS connection. Allow protocols and ciphers to be set on a TLS config object in. Libtls. Improved nc(1) TLS handshake CPU usage and server-side error. Reporting. The LibreSSL project continues improvement of the codebase to reflect modern. Safe programming practices. We welcome feedback and improvements from the Broader community. Thanks to all of the contributors who helped make this Release possible.
2.5.103 Feb 2017 05:05 cleanup: X509_cmp_time() now passes a malformed GeneralizedTime field as an error. Reported by Theofilos Petsios. Detect zero-length encrypted session data early, instead of when malloc(0) fails or the HMAC check fails. Noted independently by jsing@ and Kurt Cancemi. Check for and handle failure of HMAC_ Update,Final or EVP_DecryptUpdate(). Massive update and normalization of manpages, conversion to mandoc format. Many pages were rewritten for clarity and accuracy. Portable doc links are up-to-date with a new conversion tool. Curve25519 Key Exchange support. Support for alternate chains for certificate verification. Code cleanups, CBB conversions, further unification of DTLS/SSL handshake code, further ASN1 macro expansion and removal. Private symbol are now hidden in libssl and libcryto. Friendly certificate verification error messages in libtls, peer verification is now always enabled. Added OCSP stapling support to libtls and netcat. Added ocspcheck utility to validate a certificate against its OCSP responder and save the reply for stapling. Enhanced regression tests and error handling for libtls. Added explicit constant and non-constant time BN functions, defaulting to constant time wherever possible. Moved many leaked implementation details in public structs behind opaque pointers. Added support to libtls. Added support for setting the supported EC curves via SSL _CTX _set1_groups _list () - also provide defines for the previous SSL _CTX _set1_curves _list names. This also changes the default list of curves to be X25519, P-256 and P-384. All other curves must be manually enabled. Added -groups option to openssl(1) s_client for specifying the curves to be used in a colon-separated list. Merged client/server version negotiation code paths into one, reducing much duplicate code. Removed error function codes from libssl and libcrypto. an where a truncated packet could crash via an OOB read. Added SSL_OP_NO_CLIENT_RENEGOTIATION option that disallows client-initiated renego
2.5.028 Sep 2016 12:25 : libtls now supports ALPN and SNI. libtls adds a new callback interface for integrating custom IO functions. Thanks to Tobias Pape. libtls now handles 4 cipher suite groups: secure" (TLSv1.2+AEAD+PFS). compat" (HIGH:!aNULL). legacy" (HIGH:MEDIUM:!aNULL). insecure" (ALL:!aNULL:!eNULL). This allows for flexibility and finer grained control, rather than having two extremes (an raised by Marko Kreen some time ago). Tightened error handling for tls_config_set_ciphers(). libtls now always loads CA, key and certificate files at the time the configuration function is called. This simplifies code and results in a single memory based code path being used to provide data to libssl. Add support for OCSP intermediate certificates. Added functions used by stunnel and exim from BoringSSL - this brings in X509_check_host, X509_check_email, X509_check_ip, and X509_check_ip_asc. Added initial support for iOS, thanks to Jacob Berkman. Improved behavior of arc4random on Windows when using memory leak analysis software. Correctly handle an EOF that occurs prior to the TLS handshake completing. Reported by Vasily Kolobkov, based on a diff from Marko Kreen. Limit the support of the "backward compatible" ssl2 handshake to only be used if TLS 1.0 is enabled. incorrect results in certain cases on 64-bit systems when BN_mod_word() can return incorrect results. BN_mod_word() now can return an error condition. Thanks to Brian Smith. Added constant-time updates to address CVE-2016-0702. undefined behavior in BN_GF2m_mod_arr(). Removed unused Cryptographic Message Support (CMS). More conversions of long long idioms to time_t. Improved compatibility by avoiding printing NULL strings with printf. Reverted change that cleans up the EVP cipher context in EVP_EncryptFinal() and EVP_DecryptFinal(). Some software relies on the previous behaviour. Avoid unbounded memory growth in libssl, which can be triggered by a TLS client repeatedly renegotiating and sending OCSP Status Request TLS extensions. Avoid f
2.4.203 Aug 2016 04:05 documentation: LibreSSL 2.4.2 is based on the OpenBSD 6.0 release branch, and is now the Newest stable version. With it, support for LibreSSL 2.2.x ends. Loading default certificate locations with openssl s_client. Ensured OSCP only uses and compares GENERALIZEDTIME values as per RFC6960. Also added for OCSP to work with intermediate. Certificates provided in responses. Improved behavior of arc4random on Windows to not appear to leak. Memory in detools, reduced privileges of allocated memory. Incorrect results from BN_mod_word() when the modulus is too. Large, thanks to Brian Smith from BoringSSL. Correctly handle an EOF prior to completing the TLS handshake in. Libtls. Improved libtls ceritificate loading and cipher string validation. Updated libtls cipher group suites into four categories: secure" (TLSv1.2+AEAD+PFS). compat" (HIGH:!aNULL). legacy" (HIGH:MEDIUM:!aNULL). insecure" (ALL:!aNULL:!eNULL) This allows for flexibility and finer grained control, rather than. Having two extremes. Limited support for 'backward compatible' SSLv2 handshake packets to. When TLS 1.0 is enabled, providing more restricted compatibility With TLS 1.0 clients. Openssl(1) and other documentation improvements. Removed flags for disabling constant-time operations. This removes support for DSA_FLAG_NO_EXP_CONSTTIME, DH_FLAG_NO_EXP_CONSTTIME, and RSA_FLAG_NO_CONSTTIME flags, making. All of these operations unconditionally constant-time. The LibreSSL project continues improvement of the codebase to reflect modern. Safe programming practices. We welcome feedback and improvements from the Broader community. Thanks to all of the contributors who helped make this Release possible.
2.4.110 Jun 2016 16:05 : This release is based on the development OpenBSD 6.0 branch. Correct a problem that prevents the DSA signing algorithm from running in constant time even if the flag BN_FLG_CONSTTIME is set. This was reported by Cesar Pereida (Aalto University), Billy Brumley (Tampere University of Technology), and Yuval Yarom (The University of Adelaide and NICTA). The was developed by Cesar Pereida. The LibreSSL project continues improvement of the codebase to reflect modern. safe programming practices. We welcome feedback and improvements from the broader community. Thanks to all of the contributors who helped make this release possible.
2.4.001 Jun 2016 22:45 : This release is the first snapshot based on the development OpenBSD 6.0 branch. As such, it is likely to change more compared to the 2.3.x and 2.2.x branches. See http://www.libressl.org/releases.html for more details. LibreSSL 2.4.0 contains the following changes: Many improvements to the CMake build infrastructure, including Solaris, mingw-w64, Cygwin, and HP-UX support. Thanks to Kinichiro Inoguchi for this work. Added missing error handling around bn_wexpand() calls. Added explicit_bzero calls for freed ASN.1 objects. X509_*set_object functions to return 0 on allocation failure. Implemented the IETF ChaCha20-Poly1305 cipher suites. Changed default EVP_aead_chacha20_poly1305() implementation to the IETF version, which is now the default. password prompts from openssl(1) to properly handle C. Reworked error handling in libtls so that configuration errors are visible. Deprecated internal use of EVP_ Cipher Encrypt Decrypt _Final. The LibreSSL project continues improvement of the codebase to reflect modern. safe programming practices. We welcome feedback and improvements from the broader community. Thanks to all of the contributors who helped make this release possible.
2.3.405 May 2016 08:25 minor: This release is based on the stable OpenBSD 5.9 branch. Multiple vulnerabilities in libcrypto relating to ASN.1 and encoding. From OpenSSL. Minor build. The LibreSSL project continues improvement of the codebase to reflect modern, Safe programming practices. We welcome feedback and improvements from the Broader community. Thanks to all of the contributors who helped make this Release possible.
2.3.324 Mar 2016 19:05 : This release marks the beginning of stable development of the 2.3.x branch. LibreSSL 2.3.3 is identical to the version that will be shipped with OpenBSD 5.9 in May 2016. At that time, LibreSSL 2.1.x support will also end. LibreSSL 2.3.3 has the following changes: Reworked build scripts to better sync with OpenNTPD-portable. broken manpage links. an nginx compatibility by adding an 'install_sw' make alias. HP-UX builds. Changed the default configuration directory to c: LibreSSL ssl on Windows binary builds. cert.pem has been reorganized and synced with Mozilla's certificate store.
2.2.601 Feb 2016 20:05 : This release is based on the stable OpenBSD 5.8 branch. Deprecated the SSL_OP_SINGLE_DH_USE flag. The LibreSSL project continues improvement of the codebase to reflect modern. Safe programming practices. We welcome feedback and improvements from the Broader community. Thanks to all of the contributors who helped make this Release possible.
2.2.508 Dec 2015 14:45 : This release is based on the stable OpenBSD 5.8 branch. from OpenSSL 1.0.1q. CVE-2015-3194 - NULL pointer dereference in client side certificate validation. CVE-2015-3195 - Memory leak in PKCS7 - not reachable from TLS/SSL. The following OpenSSL CVEs did not apply to LibreSSL. CVE-2015-3193 - Carry propagating in the x86_64 Montgomery squaring procedure. CVE-2015-3196 - Double free race condition of the identify hint data. See https://marc.info/?l=openbsd-announce m=144925068504102 for details. The LibreSSL project continues improvement of the codebase to reflect modern. safe programming practices. We welcome feedback and improvements from the broader community. Thanks to all of the contributors who helped make this release possible.
2.3.104 Nov 2015 00:25 cleanup: This release is the second snapshot based on the development OpenBSD 5.9 Branch. It is still likely to change more compared to the 2.2.x and 2.1.x Branches. The ABI/API for the LibreSSL 2.3.x series will be declared stable Around March 2016. See http://www.libressl.org/releases.html for more details. LibreSSL 2.3.1 has the following notable changes: ASN.1 cleanups and RFC5280 compliance. Time representations switched from 'unsigned long' to 'time_t'. LibreSSL. Now checks if the host OS supports 64-bit time_t. a leak in SSL_new in the error path. Support always extracting the peer cipher and version with libtls. Added ability to check certificate validity times with libtls. Tls_peer_cert_notbefore and tls_peer_cert_notafter. Changed tls_connect_servername to use the first address that resolves with. Getaddrinfo(). Remove broken conditional EVP_CHECK_DES_KEY code (non-functional since. Initial commit in 2004). a memory leak and out-of-bounds access in OBJ_obj2txt, reported by Qualys Security. an up-to 7 byte overflow in RC4 when len is not a multiple of. Sizeof(RC4_CHUNK), reported by Pascal Cuoq. Reject too small bits value in BN_generate_prime_ex(), so that it does. Not risk becoming negative in probable_prime_dh_safe(), reported by Franck Denis. Enable nc(1) builds on more platforms. The LibreSSL project continues improvement of the codebase to reflect modern. Safe programming practices. We welcome feedback and improvements from the Broader community. Thanks to all of the contributors who helped make this Release possible.
2.3.024 Sep 2015 08:25 bugfix: This release is the first snapshot based on the development OpenBSD 5.9 branch. As such, it is likely to change more compared to the 2.2.x and 2.1.x branches. The ABI/API for the LibreSSL 2.3.x series will be declared stable around March 2016. See http://www.libressl.org/releases.html for more details. SSLv3 is now permanently removed from the tree. The libtls API is changed from the 2.2.x series. The read/write functions work correctly with external event libraries. See the tls_init man page for examples of using libtls correctly in asynchronous mode. Client-side verification is now supported, with the client supplying the certificate to the server. Also, when using tls_connect_fds, tls_connect_socket or tls_accept_fds, libtls no longer implicitly the passed in sockets. The caller is responsible for closing them in this case. When loading a DSA key from an raw (without DH parameters) ASN.1 serialization, perform some consistency checks on its `p' and `q' values, and return an error if the checks failed. Thanks for Georgi Guninski (guninski at guninski dot com) for mentioning the possibility of a weak (non prime) q value and providing a test case. See https://cpunks.org/pipermail/cypherpunks/2015-September/009007.html for a longer discussion. a in ECDH_compute_key that can lead to silent truncation of the result key without error. A coding error could cause software to use much shorter keys than intended. Removed support for DTLS_BAD_VER. Pre-DTLSv1 implementations are no longer supported. The engine command and parameters are removed from the openssl(1). Previous releases removed dynamic and builtin engine support already. SHA-0 is removed, which was withdrawn shortly after publication 20 years ago. Added Certplus CA root certificate to the default cert.pem file. New interface OPENSSL_cpu_caps is provided that does not allow software to inadvertently modify cpu capability flags. OPENSSL_ia32cap and OPENSSL_ia32cap_loc are removed. The out_len argument of AEAD chang
2.2.330 Aug 2015 22:05 : This release is based on the stable OpenBSD 5.8 branch, ing a that affects interoperability with some SSL clients. LibreSSL 2.2.2 incorrectly handles ClientHello messages that do not include TLS extensions, resulting in such handshakes being aborted. This release corrects the handling of such messages. Thanks to Ligushka from github for reporting the. Added install target for cmake builds. Thanks to TheNietsnie from github. Updated pkgconfig files to correctly report the release version number, not the individual library ABI version numbers. Thanks to Jan Engelhardt for reporting the. The LibreSSL project continues improvement of the codebase to reflect modern. safe programming practices. We welcome feedback and improvements from the broader community. Thanks to all of the contributors who helped make this release possible.
2.2.209 Aug 2015 09:50 minor bugfix: SSLv3 deprecation continues with its removal from openssl(1) and new linker warnings on supported platforms, indicating if a program is still using the SSLv3-only methods. We are working with upstream software providers to update programs that were not ready for SSLv3 support to be removed entirely yet. * Switched 'openssl dhparam' default from 512 to 2048 bits * Reworked openssl(1) option handling * More CRYPTO ByteString (CBC) packet parsing conversions * Fixed 'openssl pkeyutl -verify' to exit with a 0 on success * Fixed dozens of Coverity issues including dead code, memory leaks, logic errors and more. * Ensure that openssl(1) restores terminal echo state after reading a password. * Incorporated fix for OpenSSL Issue #3683 * LibreSSL version define LIBRESSL_VERSION_NUMBER will now be bumped for each portable release. * Removed workarounds for TLS client padding bugs. * No longer disable ECDHE-ECDSA on OS X * Removed SSLv3 support from openssl(1) * Removed IE 6 SSLv3 workarounds. * Modified tls_write in libtls to allow partial writes, clarified with examples in the documentation. * Removed RSAX engine * Tested SSLv3 removal with the OpenBSD ports tree and found several applications that were not ready to build without SSLv3 yet. For now, building a program that intentionally uses SSLv3 will result in a linker warning. * Added TLS_method, TLS_client_method and TLS_server_method as a replacement for the SSLv23_*method calls. * Added initial cmake build support, including support for building with Visual Studio, currently tested with Visual Studio 2013 Community Edition.
2.2.012 Jun 2015 16:45 major feature: This release is the first from the OpenBSD 5.8 development tree and features mainly on build system improvements and new OS support. * AIX Support - thanks to Michael Felt * Cygwin Support - thanks to Corinna Vinschen * Refactored build macros, support packaging libtls independently. There are more pieces required to support building and using OpenSSL with libtls, but this is an initial start at providing an independent package for people to start hacking on. * Removal of OPENSSL_issetugid and all library getenv calls. Applications can and should no longer rely on environment variables for changing library behavior. OPENSSL_CONF/SSLEAY_CONF is still supported with the openssl(1) command. * libtls API and documentation additions * Various bug fixes and simplifications to libssl and libcrypto * Fixes for the following issues are integrated into LibreSSL 2.1.7 and 2.2.0: - CVE-2015-1788 - Malformed ECParameters causes infinite loop - CVE-2015-1789 - Exploitable out-of-bounds read in X509_cmp_time - CVE-2015-1792 - CMS verify infinite loop with unknown hash function (this code is not enabled by default) * The following CVEs did not apply to LibreSSL or were fixed in earlier releases: - CVE-2015-4000 - DHE man-in-the-middle protection (Logjam) - CVE-2015-1790 - PKCS7 crash with missing EnvelopedContent - CVE-2014-8176 - Invalid free in DTLS * Fixes for the following CVEs are still in review for LibreSSL - CVE-2015-1791 - Race condition handling NewSessionTicket
2.1.619 Mar 2015 21:05 major security bugfix: This release primarily addresses a number of security issues in coordination with the OpenSSL project. This release also enables the building of libtls by default, as the API and ABI are declared stable within the LibreSSL 2.1.x series. Further changes to libtls will resume with LibreSSL 2.2.x. Incorporated fixes: CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp. CVE-2015-0287 - ASN.1 structure reuse memory corruption. CVE-2015-0289 - PKCS7 NULL pointer dereferences. CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error. CVE-2015-0288 - X509_to_X509_REQ NULL pointer deref. Additional patch for CVE-2015-0207 - Segmentation fault in DTLSv1_listen (LibreSSL is not vulnerable, but the fix was safe to merge). Fixes for CVE-2015-0204, CVE-2015-0292, CVE-2015-1787 were addressed in earlier LibreSSL releases: Issues CVE-2015-0291, CVE-2015-0290, CVE-2015-0208, CVE-2015-0293, CVE-2015-0285 did not apply to LibreSSL.
2.1.517 Mar 2015 14:45 : This release is relatively small, fixing a few bugs found in the last release before before opening development on 2.2.x. Fix incorrect comparison function in openssl(1) certhash command. Thanks to Christian Neukirchen / Void Linux. Windows port improvements and bug fixes. Removed a dynamic dependency on libgcc Correct a hang in openssl(1) reading from stdin after a connection. Correct a network initialization issue with the 'openssl ocsp' command. Reject server ephemeral DH keys smaller than 1024 bits. The LibreSSL project continues improvement of the codebase to reflect modern, safe programming practices. We welcome feedback and improvements from the broader community. Thanks to all of the contributors who helped make this release possible.
2.1.423 Feb 2015 04:45 documentation: Improvements to libtls: a new API for loading CA chains directly from memory instead of a file, allowing verification with privilege separation in a chroot without direct access to CA certificate files. Ciphers default to TLSv1.2 with AEAD and PFS. Improved error handling and message generation New APIs and improved documentation Added X509_STORE_load_mem API for loading certificates from memory. This facilitates accessing certificates from a chrooted environment. New AEAD "MAC alias" allows configuring TLSv1.2 AEAD ciphers by using 'TLSv1.2+AEAD' as the cipher selection string. Dead and disabled code removal including MD5, Netscape workarounds, non-POSIX IO, SCTP, RFC 3779 support, many #if 0 sections, and more. ASN1 macro maze expanded to aid reading and searching the code. NULL pointer asserts removed in favor of letting the OS/signal handler catch them. Refactored argument handling in openssl for consistency and maintainability. New openssl command 'certhash' replaces the c_rehash script. Support for building with OPENSSL_NO_DEPRECATED Dozens of issues found with the Coverity scanner fixed. Server-side support for TLS_FALLBACK_SCSV for compatibility with various auditor and vulnerability scanners.
2.1.322 Jan 2015 03:15 feature: Fixed various memory leaks in DTLS, including fixes for CVE-2015-0206. Added Application-Layer Protocol Negotiation support. Removed GOST R 34.10-94 signature authentication. Removed nonfunctional Netscape browser-hang workaround code. Simplfied and refactored SSL/DTLS handshake code. Added SHA256 Camellia cipher suites for TLS 1.2 from RFC 5932. Hide timing info about padding errors during handshakes. Improved libtls support for non-blocking sockets, added randomized session ID contexts. Work is ongoing with this library - feedback and potential use-cases are welcome. Support building Windows DLLs. Thanks to Jan Engelhard. Packaged config wrapper for better compatibility with OpenSSL-based build systems. Thanks to @technion from github Ensure the stack is marked non-executable for assembly sections. Thanks to Anthony G. Bastile. Enable extra compiler hardening flags by default, where applicable. The default set of hardening features can vary by OS to OS, so feedback is welcome on this. To disable the default hardening flags, specify '--disable-hardening' during configure. Thanks to Jim Barlow Initial HP-UX support, tested with HP-UX 11.31 ia64 Thanks to Kinichiro Inoguchi Initial NetBSD support, tested with NetBSD 6.1.5 x86_64 Imported from OpenNTPD, thanks to @gitisihara from github
2.1.205 Dec 2014 07:25 cleanup: Added reworked GOST cipher suite support thanks to Dmitry Eremin-Solenikov Enabled Camellia ciphers due to improved patent situation Use builtin arc4random implementation on OS X and FreeBSD addresses some deficiencies in the native implementations, see commit logs for more information. Added initial Windows mingw-w64 support thanks to Song Dongsheng for code and comments Added no_ssl3/no_tls1_1/no_tls1_2 options to openssl Many cleanups
2.1.116 Oct 2014 22:32 security: Address POODLE attack by disabling SSLv3 by default. Fix Eliptical Curve cipher selection bug.
2.1.013 Oct 2014 15:52 major bugfix: When verifying whether an IP address is in the commonName of a certificate, do not perform wildcard matching. Allow "auto" to be specified as an ECDH curve name and make this the default. This enables automatic handling of ephemeral EC keys. Move cipher configuration handling to the shared SSL configuration function so that applies to both the ressl client and server. Add an option that allows the enabled SSL protocols to be explicitly configured. Add a new API function SSL_CTX_use_certificate_chain() that allows to read the PEM-encoded certificate chain from memory instead of a file. Implement ressl_accept_socket, which allocates a new server connection context (if necessary) and handles the TLS/SSL handshake over the given socket. Improve ressl_ read,write handling of non-blocking reads/writes. Man page fixes. Remove a few stray .Pp macros. Use preferred license form. Can't trust that doug guy with anything...
2.0.509 Aug 2014 13:45 security: This version forward-ports security fixes from OpenSSL 1.0.1i, including fixes for CVE-2014-3506, CVE-2014-3507, CVE-2014-3508 (partially vulnerable), CVE-2014-3509, CVE-2014-3510, CVE-2014-3511. LibreSSL 2.0.4 however wasn't found to be vulnerable to CVE-2014-5139, CVE-2014-3512 and CVE-2014-3505.
2.0.405 Aug 2014 22:32 minor bugfix: This version includes more portability changes, as well as other work. Most noticable may be the deletion of the of the SRP code (which has not been enabled in any LibreSSL release).
2.0.324 Jul 2014 02:12 minor bugfix: This release includes a number of portability fixes based on feedback from the BSD/Linux community. It also includes some improvements to the fork detection support.
2.0.216 Jul 2014 23:32 minor bugfix: An atfork hook handler addresses the PRNG bug for possibly wrapping PIDs after forking. And a build problem for absent getauxval(3) has been eschewed with an ifdef precompiler directive. An unneeded locking variable has been removed.
2.0.114 Jul 2014 05:28 minor bugfix: This release includes a number of portability fixes based on initial community feedback. Among other things new configure options to set OPENSSLDIR and ENGINESDIR. Some hardcoded compiler options like -Werror were disabled. There was also a baseline re-sync with the latest OpenBSD upstream changes, like pkg-config support.
2.0.012 Jul 2014 11:36 cleanup: First release of LibreSSL portable