diff options
author | tpashkin <tpashkin@yandex-team.ru> | 2022-02-10 16:46:41 +0300 |
---|---|---|
committer | Daniil Cherednik <dcherednik@yandex-team.ru> | 2022-02-10 16:46:41 +0300 |
commit | 5475379a04e37df30085bd1724f1c57e3f40996f (patch) | |
tree | 95d77e29785a3bd5be6260b1c9d226a551376ecf /contrib/libs/openssl/CHANGES | |
parent | c3d34b9b40eb534dfd2c549342274f3d61844688 (diff) | |
download | ydb-5475379a04e37df30085bd1724f1c57e3f40996f.tar.gz |
Restoring authorship annotation for <tpashkin@yandex-team.ru>. Commit 1 of 2.
Diffstat (limited to 'contrib/libs/openssl/CHANGES')
-rw-r--r-- | contrib/libs/openssl/CHANGES | 230 |
1 files changed, 115 insertions, 115 deletions
diff --git a/contrib/libs/openssl/CHANGES b/contrib/libs/openssl/CHANGES index 824f421b8d..f3507a032e 100644 --- a/contrib/libs/openssl/CHANGES +++ b/contrib/libs/openssl/CHANGES @@ -216,112 +216,112 @@ *) The Oracle Developer Studio compiler will start reporting deprecated APIs - Changes between 1.1.1f and 1.1.1g [21 Apr 2020] - - *) Fixed segmentation fault in SSL_check_chain() - Server or client applications that call the SSL_check_chain() function - during or after a TLS 1.3 handshake may crash due to a NULL pointer - dereference as a result of incorrect handling of the - "signature_algorithms_cert" TLS extension. The crash occurs if an invalid - or unrecognised signature algorithm is received from the peer. This could - be exploited by a malicious peer in a Denial of Service attack. - (CVE-2020-1967) - [Benjamin Kaduk] - - *) Added AES consttime code for no-asm configurations - an optional constant time support for AES was added - when building openssl for no-asm. - Enable with: ./config no-asm -DOPENSSL_AES_CONST_TIME - Disable with: ./config no-asm -DOPENSSL_NO_AES_CONST_TIME - At this time this feature is by default disabled. - It will be enabled by default in 3.0. - [Bernd Edlinger] - - Changes between 1.1.1e and 1.1.1f [31 Mar 2020] - - *) Revert the change of EOF detection while reading in libssl to avoid - regressions in applications depending on the current way of reporting - the EOF. As the existing method is not fully accurate the change to - reporting the EOF via SSL_ERROR_SSL is kept on the current development - branch and will be present in the 3.0 release. - [Tomas Mraz] - - *) Revised BN_generate_prime_ex to not avoid factors 3..17863 in p-1 - when primes for RSA keys are computed. - Since we previously always generated primes == 2 (mod 3) for RSA keys, - the 2-prime and 3-prime RSA modules were easy to distinguish, since - N = p*q = 1 (mod 3), but N = p*q*r = 2 (mod 3). Therefore fingerprinting - 2-prime vs. 3-prime RSA keys was possible by computing N mod 3. - This avoids possible fingerprinting of newly generated RSA modules. - [Bernd Edlinger] - - Changes between 1.1.1d and 1.1.1e [17 Mar 2020] - *) Properly detect EOF while reading in libssl. Previously if we hit an EOF - while reading in libssl then we would report an error back to the - application (SSL_ERROR_SYSCALL) but errno would be 0. We now add - an error to the stack (which means we instead return SSL_ERROR_SSL) and - therefore give a hint as to what went wrong. - [Matt Caswell] - - *) Check that ed25519 and ed448 are allowed by the security level. Previously - signature algorithms not using an MD were not being checked that they were - allowed by the security level. - [Kurt Roeckx] - - *) Fixed SSL_get_servername() behaviour. The behaviour of SSL_get_servername() - was not quite right. The behaviour was not consistent between resumption - and normal handshakes, and also not quite consistent with historical - behaviour. The behaviour in various scenarios has been clarified and - it has been updated to make it match historical behaviour as closely as - possible. - [Matt Caswell] - - *) [VMS only] The header files that the VMS compilers include automatically, - __DECC_INCLUDE_PROLOGUE.H and __DECC_INCLUDE_EPILOGUE.H, use pragmas that - the C++ compiler doesn't understand. This is a shortcoming in the - compiler, but can be worked around with __cplusplus guards. - - C++ applications that use OpenSSL libraries must be compiled using the - qualifier '/NAMES=(AS_IS,SHORTENED)' to be able to use all the OpenSSL - functions. Otherwise, only functions with symbols of less than 31 - characters can be used, as the linker will not be able to successfully - resolve symbols with longer names. - [Richard Levitte] - - *) Corrected the documentation of the return values from the EVP_DigestSign* - set of functions. The documentation mentioned negative values for some - errors, but this was never the case, so the mention of negative values - was removed. - - Code that followed the documentation and thereby check with something - like 'EVP_DigestSignInit(...) <= 0' will continue to work undisturbed. - [Richard Levitte] - - *) Fixed an an overflow bug in the x64_64 Montgomery squaring procedure - used in exponentiation with 512-bit moduli. No EC algorithms are - affected. Analysis suggests that attacks against 2-prime RSA1024, - 3-prime RSA1536, and DSA1024 as a result of this defect would be very - difficult to perform and are not believed likely. Attacks against DH512 - are considered just feasible. However, for an attack the target would - have to re-use the DH512 private key, which is not recommended anyway. - Also applications directly using the low level API BN_mod_exp may be - affected if they use BN_FLG_CONSTTIME. - (CVE-2019-1551) - [Andy Polyakov] - - *) Added a new method to gather entropy on VMS, based on SYS$GET_ENTROPY. - The presence of this system service is determined at run-time. - [Richard Levitte] - - *) Added newline escaping functionality to a filename when using openssl dgst. - This output format is to replicate the output format found in the '*sum' - checksum programs. This aims to preserve backward compatibility. - [Matt Eaton, Richard Levitte, and Paul Dale] - - *) Print all values for a PKCS#12 attribute with 'openssl pkcs12', not just - the first value. - [Jon Spillett] - + Changes between 1.1.1f and 1.1.1g [21 Apr 2020] + + *) Fixed segmentation fault in SSL_check_chain() + Server or client applications that call the SSL_check_chain() function + during or after a TLS 1.3 handshake may crash due to a NULL pointer + dereference as a result of incorrect handling of the + "signature_algorithms_cert" TLS extension. The crash occurs if an invalid + or unrecognised signature algorithm is received from the peer. This could + be exploited by a malicious peer in a Denial of Service attack. + (CVE-2020-1967) + [Benjamin Kaduk] + + *) Added AES consttime code for no-asm configurations + an optional constant time support for AES was added + when building openssl for no-asm. + Enable with: ./config no-asm -DOPENSSL_AES_CONST_TIME + Disable with: ./config no-asm -DOPENSSL_NO_AES_CONST_TIME + At this time this feature is by default disabled. + It will be enabled by default in 3.0. + [Bernd Edlinger] + + Changes between 1.1.1e and 1.1.1f [31 Mar 2020] + + *) Revert the change of EOF detection while reading in libssl to avoid + regressions in applications depending on the current way of reporting + the EOF. As the existing method is not fully accurate the change to + reporting the EOF via SSL_ERROR_SSL is kept on the current development + branch and will be present in the 3.0 release. + [Tomas Mraz] + + *) Revised BN_generate_prime_ex to not avoid factors 3..17863 in p-1 + when primes for RSA keys are computed. + Since we previously always generated primes == 2 (mod 3) for RSA keys, + the 2-prime and 3-prime RSA modules were easy to distinguish, since + N = p*q = 1 (mod 3), but N = p*q*r = 2 (mod 3). Therefore fingerprinting + 2-prime vs. 3-prime RSA keys was possible by computing N mod 3. + This avoids possible fingerprinting of newly generated RSA modules. + [Bernd Edlinger] + + Changes between 1.1.1d and 1.1.1e [17 Mar 2020] + *) Properly detect EOF while reading in libssl. Previously if we hit an EOF + while reading in libssl then we would report an error back to the + application (SSL_ERROR_SYSCALL) but errno would be 0. We now add + an error to the stack (which means we instead return SSL_ERROR_SSL) and + therefore give a hint as to what went wrong. + [Matt Caswell] + + *) Check that ed25519 and ed448 are allowed by the security level. Previously + signature algorithms not using an MD were not being checked that they were + allowed by the security level. + [Kurt Roeckx] + + *) Fixed SSL_get_servername() behaviour. The behaviour of SSL_get_servername() + was not quite right. The behaviour was not consistent between resumption + and normal handshakes, and also not quite consistent with historical + behaviour. The behaviour in various scenarios has been clarified and + it has been updated to make it match historical behaviour as closely as + possible. + [Matt Caswell] + + *) [VMS only] The header files that the VMS compilers include automatically, + __DECC_INCLUDE_PROLOGUE.H and __DECC_INCLUDE_EPILOGUE.H, use pragmas that + the C++ compiler doesn't understand. This is a shortcoming in the + compiler, but can be worked around with __cplusplus guards. + + C++ applications that use OpenSSL libraries must be compiled using the + qualifier '/NAMES=(AS_IS,SHORTENED)' to be able to use all the OpenSSL + functions. Otherwise, only functions with symbols of less than 31 + characters can be used, as the linker will not be able to successfully + resolve symbols with longer names. + [Richard Levitte] + + *) Corrected the documentation of the return values from the EVP_DigestSign* + set of functions. The documentation mentioned negative values for some + errors, but this was never the case, so the mention of negative values + was removed. + + Code that followed the documentation and thereby check with something + like 'EVP_DigestSignInit(...) <= 0' will continue to work undisturbed. + [Richard Levitte] + + *) Fixed an an overflow bug in the x64_64 Montgomery squaring procedure + used in exponentiation with 512-bit moduli. No EC algorithms are + affected. Analysis suggests that attacks against 2-prime RSA1024, + 3-prime RSA1536, and DSA1024 as a result of this defect would be very + difficult to perform and are not believed likely. Attacks against DH512 + are considered just feasible. However, for an attack the target would + have to re-use the DH512 private key, which is not recommended anyway. + Also applications directly using the low level API BN_mod_exp may be + affected if they use BN_FLG_CONSTTIME. + (CVE-2019-1551) + [Andy Polyakov] + + *) Added a new method to gather entropy on VMS, based on SYS$GET_ENTROPY. + The presence of this system service is determined at run-time. + [Richard Levitte] + + *) Added newline escaping functionality to a filename when using openssl dgst. + This output format is to replicate the output format found in the '*sum' + checksum programs. This aims to preserve backward compatibility. + [Matt Eaton, Richard Levitte, and Paul Dale] + + *) Print all values for a PKCS#12 attribute with 'openssl pkcs12', not just + the first value. + [Jon Spillett] + Changes between 1.1.1c and 1.1.1d [10 Sep 2019] *) Fixed a fork protection issue. OpenSSL 1.1.1 introduced a rewritten random @@ -948,9 +948,9 @@ bytes long. In theory it is permissible in SSLv3 - TLSv1.2 to fragment such alerts across multiple records (some of which could be empty). In practice it make no sense to send an empty alert record, or to fragment one. TLSv1.3 - prohibits this altogether and other libraries (BoringSSL, NSS) do not + prohibits this altogether and other libraries (BoringSSL, NSS) do not support this at all. Supporting it adds significant complexity to the - record layer, and its removal is unlikely to cause interoperability + record layer, and its removal is unlikely to cause interoperability issues. [Matt Caswell] @@ -3967,7 +3967,7 @@ implementations). [Emilia Käsper, Adam Langley, Bodo Moeller (Google)] - *) Use type ossl_ssize_t instead of ssize_t which isn't available on + *) Use type ossl_ssize_t instead of ssize_t which isn't available on all platforms. Move ssize_t definition from e_os.h to the public header file e_os2.h as it now appears in public header file cms.h [Steve Henson] @@ -8688,7 +8688,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) New OCSP utility. Allows OCSP requests to be generated or read. The request can be sent to a responder and the output - parsed, outputted or printed in text form. Not complete yet: + parsed, outputted or printed in text form. Not complete yet: still needs to check the OCSP response validity. [Steve Henson] @@ -9683,7 +9683,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Andy Polyakov] *) Modified SSL library such that the verify_callback that has been set - specifically for an SSL object with SSL_set_verify() is actually being + specifically for an SSL object with SSL_set_verify() is actually being used. Before the change, a verify_callback set with this function was ignored and the verify_callback() set in the SSL_CTX at the time of the call was used. New function X509_STORE_CTX_set_verify_cb() introduced @@ -10800,10 +10800,10 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k as other interfaces in OpenSSL, like the BIO interface. NCONF_dump_* dump the internal storage of the configuration file, which is useful for debugging. All other functions take the same - arguments as the old CONF_* functions with the exception of the + arguments as the old CONF_* functions with the exception of the first that must be a `CONF *' instead of a `LHASH *'. - To make it easier to use the new classes with the old CONF_* functions, + To make it easier to use the new classes with the old CONF_* functions, the function CONF_set_default_method is provided. [Richard Levitte] @@ -12646,7 +12646,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k than the old method: it now uses a modified version of Ulf's parser to read the ANSI prototypes in all header files (thus the old K&R definitions aren't needed for error creation any more) and do a better job of - translating function codes into names. The old 'ASN1 error code embedded + translating function codes into names. The old 'ASN1 error code embedded in a comment' is no longer necessary and it doesn't use .err files which have now been deleted. Also the error code call doesn't have to appear all on one line (which resulted in some large lines...). @@ -12947,7 +12947,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Add a useful kludge to allow package maintainers to specify compiler and other platforms details on the command line without having to patch the - Configure script every time: One now can use ``perl Configure + Configure script every time: One now can use ``perl Configure <id>:<details>'', i.e. platform ids are allowed to have details appended to them (separated by colons). This is treated as there would be a static pre-configured entry in Configure's %table under key <id> with value |