version 1.79, 2017/04/08 14:53:35 |
version 1.80, 2017/04/08 15:07:07 |
|
|
<a href="http://man.openbsd.org/vio.4">vio(4)</a> and |
<a href="http://man.openbsd.org/vio.4">vio(4)</a> and |
<a href="http://man.openbsd.org/vioblk.4">vioblk(4)</a> devices. |
<a href="http://man.openbsd.org/vioblk.4">vioblk(4)</a> devices. |
<li>Support VMs with > 2GB RAM. |
<li>Support VMs with > 2GB RAM. |
<li><a href="http://man.openbsd.org/amd64/vmd.8">vmd(8)</a> uses |
<li><a href="http://man.openbsd.org/amd64/vmd.8">vmd(8)</a> uses |
<a href="http://man.openbsd.org/pledge.2">pledge(2)</a> and the |
<a href="http://man.openbsd.org/pledge.2">pledge(2)</a> and the |
fork+exec model. |
fork+exec model. |
<li><a href="http://man.openbsd.org/amd64/vm.conf.5">vm.conf(5)</a> |
<li><a href="http://man.openbsd.org/amd64/vm.conf.5">vm.conf(5)</a> |
|
|
<li>Fix vis/unvis of strings in |
<li>Fix vis/unvis of strings in |
<a href="http://man.openbsd.org/dhclient.8">dhclient(8)</a> leases files. |
<a href="http://man.openbsd.org/dhclient.8">dhclient(8)</a> leases files. |
</ul> |
</ul> |
<p> |
<p> |
|
|
<li>Assorted improvements: |
<li>Assorted improvements: |
<ul> |
<ul> |
|
|
to permit OCSP responses to be stapled to the tls handshake |
to permit OCSP responses to be stapled to the tls handshake |
<li><a href="http://man.openbsd.org/nc.1">nc(1)</a> now also |
<li><a href="http://man.openbsd.org/nc.1">nc(1)</a> now also |
supports OCSP stapling server side, and will show the stapling information |
supports OCSP stapling server side, and will show the stapling information |
client side. |
client side. |
<li>Both <a href="http://man.openbsd.org/relayd.8">relayd(8)</a> and |
<li>Both <a href="http://man.openbsd.org/relayd.8">relayd(8)</a> and |
<a href="http://man.openbsd.org/httpd.8">httpd(8)</a> support now |
<a href="http://man.openbsd.org/httpd.8">httpd(8)</a> support now |
TLS session resumption using TLS session tickets. |
TLS session resumption using TLS session tickets. |
|
|
possibly resulting in granting access where it was not intended. |
possibly resulting in granting access where it was not intended. |
<li>ssh(1), sshd(8): Fix weakness in CBC padding oracle countermeasures |
<li>ssh(1), sshd(8): Fix weakness in CBC padding oracle countermeasures |
that allowed a variant of the attack fixed in OpenSSH 7.3 to proceed. |
that allowed a variant of the attack fixed in OpenSSH 7.3 to proceed. |
<li>sftp-client(1): [portable OpenSSH only] On Cygwin, a client making |
|
a recursive file transfer could be maniuplated by a hostile server to |
|
perform a path-traversal attack. creating or modifying files outside |
|
of the intended target directory. |
|
</ul> |
</ul> |
<li>New/changed features: |
<li>New/changed features: |
<ul> |
<ul> |
|
|
<p> |
<p> |
|
|
<li>LibreSSL 2.5.3 |
<li>LibreSSL 2.5.3 |
<ul> |
<ul> |
|
<li>libtls now supports ALPN and SNI |
<li> libtls now supports ALPN and SNI |
<li>libtls adds a new callback interface for integrating custom IO |
|
functions. Thanks to Tobias Pape. |
<li> libtls adds a new callback interface for integrating custom IO |
<li>libtls now handles 4 cipher suite groups: |
functions. Thanks to Tobias Pape. |
<ul> |
|
<li>"secure" (TLSv1.2+AEAD+PFS) |
<li> libtls now handles 4 cipher suite groups: |
<li>"compat" (HIGH:!aNULL) |
<Ul> |
<li>"legacy" (HIGH:MEDIUM:!aNULL) |
<li> "secure" (TLSv1.2+AEAD+PFS) |
<li>"insecure" (ALL:!aNULL:!eNULL) |
<li> "compat" (HIGH:!aNULL) |
</ul> |
<li> "legacy" (HIGH:MEDIUM:!aNULL) |
This allows for flexibility and finer grained control, rather than |
<li> "insecure" (ALL:!aNULL:!eNULL) |
having two extremes (an issue raised by Marko Kreen some time ago). |
</ul> |
<li>Tightened error handling for tls_config_set_ciphers(). |
This allows for flexibility and finer grained control, rather than |
<li>libtls now always loads CA, key and certificate files at the time the |
having two extremes (an issue raised by Marko Kreen some time ago). |
configuration function is called. This simplifies code and results in |
|
a single memory based code path being used to provide data to libssl. |
<li> Tightened error handling for tls_config_set_ciphers(). |
<li>Add support for OCSP intermediate certificates. |
|
<li>Added functions used by stunnel and exim from BoringSSL - this |
<li> libtls now always loads CA, key and certificate files at the time the |
brings in X509_check_host, X509_check_email, X509_check_ip, and |
configuration function is called. This simplifies code and results in |
X509_check_ip_asc. |
a single memory based code path being used to provide data to libssl. |
<li>Added initial support for iOS, thanks to Jacob Berkman. |
|
<li>Improved behavior of arc4random on Windows when using memory leak |
<li> Add support for OCSP intermediate certificates. |
analysis software. |
|
<li>Correctly handle an EOF that occurs prior to the TLS handshake |
<li> Added functions used by stunnel and exim from BoringSSL - this |
completing. Reported by Vasily Kolobkov, based on a diff from Marko |
brings in X509_check_host, X509_check_email, X509_check_ip, and |
Kreen. |
X509_check_ip_asc. |
<li>Limit the support of the "backward compatible" ssl2 handshake to |
|
only be used if TLS 1.0 is enabled. |
<li> Added initial support for iOS, thanks to Jacob Berkman. |
<li>Fix incorrect results in certain cases on 64-bit systems when |
|
BN_mod_word() can return incorrect results. BN_mod_word() now can |
<li> Improved behavior of arc4random on Windows when using memory leak |
return an error condition. Thanks to Brian Smith. |
analysis software. |
<li>Added constant-time updates to address CVE-2016-0702 |
|
<li>Fixed undefined behavior in BN_GF2m_mod_arr() |
<li> Correctly handle an EOF that occurs prior to the TLS handshake |
<li>Removed unused Cryptographic Message Support (CMS) |
completing. Reported by Vasily Kolobkov, based on a diff from Marko |
<li>More conversions of long long idioms to time_t |
Kreen. |
<li>Improved compatibility by avoiding printing NULL strings with |
|
printf. |
<li> Limit the support of the "backward compatible" ssl2 handshake to |
<li>Reverted change that cleans up the EVP cipher context in |
only be used if TLS 1.0 is enabled. |
EVP_EncryptFinal() and EVP_DecryptFinal(). Some software relies on the |
|
previous behaviour. |
<li> Fix incorrect results in certain cases on 64-bit systems when |
<li>Avoid unbounded memory growth in libssl, which can be triggered |
BN_mod_word() can return incorrect results. BN_mod_word() now can |
by a TLS client repeatedly renegotiating and sending OCSP Status |
return an error condition. Thanks to Brian Smith. |
Request TLS extensions. |
|
<li>Avoid falling back to a weak digest for (EC)DH when using SNI |
<li> Added constant-time updates to address CVE-2016-0702 |
with libssl. |
|
<li>X509_cmp_time() now passes a malformed GeneralizedTime field as |
<li> Fixed undefined behavior in BN_GF2m_mod_arr() |
an error. Reported by Theofilos Petsios. |
|
<li>Detect zero-length encrypted session data early, instead of when |
<li> Removed unused Cryptographic Message Support (CMS) |
malloc(0) fails or the HMAC check fails. |
|
<li>Check for and handle failure of HMAC_{Update,Final} or |
<li> More conversions of long long idioms to time_t |
EVP_DecryptUpdate(). |
|
<li>Massive update and normalization of manpages, conversion to |
<li> Improved compatibility by avoiding printing NULL strings with |
mandoc format. Many pages were rewritten for clarity and accuracy. |
printf. |
Portable doc links are up-to-date with a new conversion tool. |
|
<li>Curve25519 Key Exchange support. |
<li> Reverted change that cleans up the EVP cipher context in |
<li>Support for alternate chains for certificate verification. |
EVP_EncryptFinal() and EVP_DecryptFinal(). Some software relies on the |
<li>Code cleanups, CBB conversions, further unification of DTLS/SSL |
previous behaviour. |
handshake code, further ASN1 macro expansion and removal. |
|
<li>Private symbols are now hidden in libssl and libcrypto. |
<li> Avoid unbounded memory growth in libssl, which can be triggered |
<li>Friendly certificate verification error messages in libtls, peer |
by a TLS client repeatedly renegotiating and sending OCSP Status |
verification is now always enabled. |
Request TLS extensions. |
<li>Added OCSP stapling support to libtls and nc. |
|
<li>Added ocspcheck utility to validate a certificate against its OCSP |
<li> Avoid falling back to a weak digest for (EC)DH when using SNI |
responder and save the reply for stapling |
with libssl. |
<li>Enhanced regression tests and error handling for libtls. |
|
<li>Added explicit constant and non-constant time BN functions, |
<li> X509_cmp_time() now passes a malformed GeneralizedTime field as |
defaulting to constant time wherever possible. |
an error. Reported by Theofilos Petsios. |
<li>Moved many leaked implementation details in public structs behind |
|
opaque pointers. |
<li> Detect zero-length encrypted session data early, instead of when |
<li>Added ticket support to libtls. |
malloc(0) fails or the HMAC check fails. Noted independently by |
<li>Added support for setting the supported EC curves via |
jsing@ and Kurt Cancemi. |
SSL{_CTX}_set1_groups{_list}() - also provide defines for the |
|
previous SSL{_CTX}_set1_curves{_list} names. This also changes |
<li> Check for and handle failure of HMAC_{Update,Final} or |
the default list of curves to be X25519, P-256 and P-384. All |
EVP_DecryptUpdate(). |
other curves must be manually enabled. |
|
<li>Added -groups option to openssl(1) s_client for specifying the |
<li> Massive update and normalization of manpages, conversion to |
curves to be used in a colon-separated list. |
mandoc format. Many pages were rewritten for clarity and accuracy. |
<li>Merged client/server version negotiation code paths into one, |
Portable doc links are up-to-date with a new conversion tool. |
reducing much duplicate code. |
|
<li>Removed error function codes from libssl and libcrypto. |
<li> Curve25519 Key Exchange support. |
<li>Fixed an issue where a truncated packet could crash via an OOB |
|
read. |
<li> Support for alternate chains for certificate verification. |
<li>Added SSL_OP_NO_CLIENT_RENEGOTIATION option that disallows |
|
client-initiated renegotiation. This is the default for libtls |
<li> Code cleanups, CBB conversions, further unification of DTLS/SSL |
servers. |
handshake code, further ASN1 macro expansion and removal. |
<li>Avoid a side-channel cache-timing attack that can leak the ECDSA |
|
private keys when signing. This is due to BN_mod_inverse() being |
<li> Private symbols are now hidden in libssl and libcrypto. |
used without the constant time flag being set. Reported by Cesar |
|
Pereida Garcia and Billy Brumley (Tampere University of |
<li> Friendly certificate verification error messages in libtls, peer |
Technology). The fix was developed by Cesar Pereida Garcia. |
verification is now always enabled. |
<li>iOS and MacOS compatibility updates from Simone Basso and Jacob |
|
Berkman. |
<li> Added OCSP stapling support to libtls and nc. |
<li>Added the recallocarray(3) memory allocation function, and |
|
converted various places in the library to use it, such as CBB |
<li> Added ocspcheck utility to validate a certificate against its OCSP |
and BUF_MEM_grow. recallocarray(3) is similar to |
responder and save the reply for stapling |
reallocarray. Newly allocated memory is cleared similar to |
|
calloc(3). Memory that becomes unallocated while shrinking or |
<li> Enhanced regression tests and error handling for libtls. |
moving existing allocations is explicitly discarded by unmapping |
|
or clearing to 0. |
<li> Added explicit constant and non-constant time BN functions, |
<li>Added new root CAs from SECOM Trust Systems / Security |
defaulting to constant time wherever possible. |
Communication of Japan. |
|
<li>Added EVP interface for MD5+SHA1 hashes. |
<li> Moved many leaked implementation details in public structs behind |
<li>Fixed DTLS client failures when the server sends a certificate |
opaque pointers. |
request. |
|
<li>Correct handling of padding when upgrading an SSLv2 challenge |
<li> Added ticket support to libtls. |
into an SSLv3/TLS connection. |
|
<li>Allow protocols and ciphers to be set on a TLS config object in |
<li> Added support for setting the supported EC curves via |
libtls. |
SSL{_CTX}_set1_groups{_list}() - also provide defines for the |
<li>Improved nc(1) TLS handshake CPU usage and server-side error |
previous SSL{_CTX}_set1_curves{_list} names. This also changes |
reporting. |
the default list of curves to be X25519, P-256 and P-384. All |
<li>Add a constant time version of BN_gcd and use it default for |
other curves must be manually enabled. |
BN_gcd to avoid the possibility of sidechannel timing attacks |
|
against RSA private key generation - Thanks to Alejandro |
<li> Added -groups option to openssl(1) s_client for specifying the |
Cabrera <aldaya@gmail.com> |
curves to be used in a colon-separated list. |
</ul> |
|
|
<li> Merged client/server version negotiation code paths into one, |
|
reducing much duplicate code. |
|
|
|
<li> Removed error function codes from libssl and libcrypto. |
|
|
|
<li> Fixed an issue where a truncated packet could crash via an OOB |
|
read. |
|
|
|
<li> Added SSL_OP_NO_CLIENT_RENEGOTIATION option that disallows |
|
client-initiated renegotiation. This is the default for libtls |
|
servers. |
|
|
|
<li> Avoid a side-channel cache-timing attack that can leak the ECDSA |
|
private keys when signing. This is due to BN_mod_inverse() being |
|
used without the constant time flag being set. Reported by Cesar |
|
Pereida Garcia and Billy Brumley (Tampere University of |
|
Technology). The fix was developed by Cesar Pereida Garcia. |
|
|
|
<li> iOS and MacOS compatibility updates from Simone Basso and Jacob |
|
Berkman. |
|
|
|
<li> Added the recallocarray(3) memory allocation function, and |
|
converted various places in the library to use it, such as CBB |
|
and BUF_MEM_grow. recallocarray(3) is similar to |
|
reallocarray. Newly allocated memory is cleared similar to |
|
calloc(3). Memory that becomes unallocated while shrinking or |
|
moving existing allocations is explicitly discarded by unmapping |
|
or clearing to 0. |
|
|
|
<li> Added new root CAs from SECOM Trust Systems / Security |
|
Communication of Japan. |
|
|
|
<li> Added EVP interface for MD5+SHA1 hashes. |
|
|
|
<li> Fixed DTLS client failures when the server sends a certificate |
|
request. |
|
|
|
<li> Correct handling of padding when upgrading an SSLv2 challenge |
|
into an SSLv3/TLS connection. |
|
|
|
<li> Allow protocols and ciphers to be set on a TLS config object in |
|
libtls. |
|
|
|
<li> Improved nc(1) TLS handshake CPU usage and server-side error |
|
reporting. |
|
|
|
<li> Add a constant time version of BN_gcd and use it default for |
|
BN_gcd to avoid the possibility of sidechannel timing attacks |
|
against RSA private key generation - Thanks to Alejandro |
|
Cabrera <aldaya@gmail.com> |
|
|
|
</ul> |
|
<p> |
<p> |
|
|
<li>mandoc 1.14.1 |
<li>mandoc 1.14.1 |
<ul> |
<ul> |
<li>New <a href="http://man.openbsd.org/mandoc.db.5">mandoc.db(5)</a> |
<li>New <a href="http://man.openbsd.org/mandoc.db.5">mandoc.db(5)</a> |
file format: <a href="http://man.openbsd.org/man.1">man(1)</a>, |
file format: <a href="http://man.openbsd.org/man.1">man(1)</a>, |
<a href="http://man.openbsd.org/apropos.1">apropos(1)</a>, and |
<a href="http://man.openbsd.org/apropos.1">apropos(1)</a>, and |
<a href="http://man.openbsd.org/makewhatis.8">makewhatis(8)</a> |
<a href="http://man.openbsd.org/makewhatis.8">makewhatis(8)</a> |
no longer need SQLite3. |
no longer need SQLite3. |
<li>Much improved HTML output and CSS. |
<li>Much improved HTML output and CSS. |
<li>In <a href="http://man.openbsd.org/man.1">man(1)</a>, internal |
<li>In <a href="http://man.openbsd.org/man.1">man(1)</a>, internal |
searching with <a href="http://man.openbsd.org/less.1">less(1)</a> |
searching with <a href="http://man.openbsd.org/less.1">less(1)</a> |
<code>:t</code> has been improved. |
<code>:t</code> has been improved. |
<li>New <a href="http://man.openbsd.org/mandoc.1">mandoc(1)</a> |
<li>New <a href="http://man.openbsd.org/mandoc.1">mandoc(1)</a> |
<code>-mdoc -T markdown</code> output mode |
<code>-mdoc -T markdown</code> output mode |
(already a post-1.14.1 feature). |
(already a post-1.14.1 feature). |
</ul> |
</ul> |
<p> |
<p> |
|
|