=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/74.html,v retrieving revision 1.110 retrieving revision 1.111 diff -c -r1.110 -r1.111 *** www/74.html 2023/10/16 12:52:19 1.110 --- www/74.html 2023/10/16 13:40:30 1.111 *************** *** 1050,1056 ****

Disabled TLSv1.0 and TLSv1.1 in libssl so that they may no longer be selected for use. !
BN_is_prime{,_fasttest}_ex() refuse to check numbers larger than 32 kbits for primality. This mitigates various DoS vectors.
Restricted the RFC 3779 code to IPv4 and IPv6. It was not written to be able to deal with anything else. --- 1050,1057 ----
- Disabled TLSv1.0 and TLSv1.1 in libssl so that they may no longer be selected for use. !
- BN_is_prime_ex(3) ! and BN_is_prime_fasttest_ex(3) refuse to check numbers larger than 32 kbits for primality. This mitigates various DoS vectors.
- Restricted the RFC 3779 code to IPv4 and IPv6. It was not written to be able to deal with anything else. *************** *** 1061,1068 ****
- Adapted more tests to the portable framework.
- Internal tools are now statically linked.
- Applications bundled as part of the LibreSSL package internally, ! nc(1) and openssl(1), now are linked statically if static libraries ! are built.
- Internal compatibility function symbols are no longer exported from libcrypto. Instead, the libcompat library is linked to libcrypto, libssl, and libtls separately. This increases size a little, but --- 1062,1070 ----
- Adapted more tests to the portable framework.
- Internal tools are now statically linked.
- Applications bundled as part of the LibreSSL package internally, ! nc(1) and ! openssl(1), ! now are linked statically if static libraries are built.
- Internal compatibility function symbols are no longer exported from libcrypto. Instead, the libcompat library is linked to libcrypto, libssl, and libtls separately. This increases size a little, but *************** *** 1085,1096 ****
New features
- Added support for truncated SHA-2 and for SHA-3.
- The BPSW primality test performs additional Miller-Rabin rounds with random bases to reduce the likelihood of composites passing.
- Allow testing of ciphers and digests using badly aligned buffers in openssl speed using -unalign. !
- Ed25519 certificates are now supported in openssl(1) ca and req. Prepared Ed25519 support in libssl.
- Add branch target information (BTI) support to amd64 and arm64 assembly. --- 1087,1102 ----
New features
- Added support for ! truncated SHA-2 ! and for SHA-3.
- The BPSW primality test performs additional Miller-Rabin rounds with random bases to reduce the likelihood of composites passing.
- Allow testing of ciphers and digests using badly aligned buffers in openssl speed using -unalign. !
- Ed25519 certificates are now supported in openssl(1) ! ca and ! req. Prepared Ed25519 support in libssl.
- Add branch target information (BTI) support to amd64 and arm64 assembly. *************** *** 1117,1134 **** of this, some stub functions are provided to avoid patching some applications that do not honor OPENSSL_NO_ENGINE.
- The POLICY_TREE and its related structures and API were removed. !
- In X509_VERIFY_PARAM_inherit() copy hostflags independently of the host list. !
- Made CRYPTO_get_ex_new_index() not return 0 to allow applications to use *_{get,set}_app_data() and *_{get,set}_ex_data() alongside each other. !
- X509_NAME_get_text_by_{NID,OBJ}() now only succeed if they contain valid UTF-8 without embedded NUL.
- The explicitText user notice uses UTF8String instead of VisibleString to reduce the risk of emitting certificates with invalid DER-encoding.
- Initial fixes for RSA-PSS support to make the TLSv1.3 stack more compliant with RFC 8446. !
- Fixed EVP_CIPHER_CTX_iv_length() to return what was set with EVP_CTRL_AEAD_SET_IVLEN or one of its aliases.
Internal improvements --- 1123,1146 ---- of this, some stub functions are provided to avoid patching some applications that do not honor OPENSSL_NO_ENGINE.
The POLICY_TREE and its related structures and API were removed. !
In X509_VERIFY_PARAM_inherit(3), copy hostflags independently of the host list. !
Made CRYPTO_get_ex_new_index(3) not return 0 to allow applications to use *_{get,set}_app_data() and *_{get,set}_ex_data() alongside each other. !
X509_NAME_get_text_by_NID(3) and ! X509_NAME_get_text_by_OBJ(3) now only succeed if they contain valid UTF-8 without embedded NUL.
The explicitText user notice uses UTF8String instead of VisibleString to reduce the risk of emitting certificates with invalid DER-encoding.
Initial fixes for RSA-PSS support to make the TLSv1.3 stack more compliant with RFC 8446. !
Fixed EVP_CIPHER_CTX_iv_length(3) to return what was set with EVP_CTRL_AEAD_SET_IVLEN or one of its aliases.

Internal improvements *************** *** 1145,1195 **** are now less confused.

Improved BIGNUM internals and performance.

Significantly simplified the BN_BLINDING internals used in RSA. !

Made BN_num_bits() independent of bn->top.

Rewrote and simplified bn_sqr().

Significantly improved Montgomery multiplication performance. !

Rewrote and improved BN_exp() and BN_copy(). !

Changed ASN1_item_sign_ctx() and ASN1_item_verify() to work with Ed25519 and fixed a few bugs in there.

Lots of cleanup for DH, DSA, EC, RSA internals. Plugged numerous memory leaks, fixed logic errors and inconsistencies.

Cleaned up and simplified various ECDH and ECDSA internals.

Removed EC_GROUP precomp machinery. !

Fixed various issues with EVP_PKEY_CTX_{new,dup}(). !

Rewrote OBJ_find_sigid_algs() and OBJ_find_sigid_by_algs().

Improved X.509 certificate version checks.

Ensure no X.509v3 extensions appear more than once in certificates.

Replaced ASN1_bn_print with a cleaner internal implementation.

Fix OPENSSL_cpuid_setup() invocations on arm/aarch64.

Improved checks for commonName in libtls. !

Fixed error check for X509_get_ext_d2i() failure in libtls.

Removed code guarded by #ifdef ZLIB. !

Plug a potential memory leak in ASN1_TIME_normalize().

Fixed a use of uninitialized in i2r_IPAddrBlocks(). !

Rewrote CMS_SignerInfo_{sign,verify}().

Bug fixes

Correctly handle negative input to various BIGNUM functions.
Ensure ERR_load_ERR_strings() does not set errno unexpectedly. !
Fix error checking of i2d_ECDSA_SIG() in ossl_ecdsa_sign(). !
Fixed aliasing issue in BN_mod_inverse(). Disallowed aliasing of result and modulus in various BN_mod_* functions.
Fixed detection of extended operations (XOP) on AMD hardware.
Ensure Montgomery exponentiation is used for the initial RSA blinding.
Policy is always checked in X509 validation. Critical policy extensions are no longer silently ignored.
Fixed error handling in tls_check_common_name(). !
Add missing pointer invalidation in SSL_free().
Fixed X509err() and X509V3err() and their internal versions. !
Ensure that OBJ_obj2txt() always returns a C string again. !
Made EVP_PKEY_set1_hkdf_key() fail on a NULL key.
On socket errors in the poll loop, netcat could issue system calls on invalidated file descriptors.
Allow IP addresses to be specified in a URI. !
Fixed a copy-paste error in ASN1_TIME_compare() that could lead ! to two UTCTimes or two GeneralizedTimes incorrectly being compared ! as equal.

Documentation improvements

Improved BIGNUM internals and performance.
Significantly simplified the BN_BLINDING internals used in RSA. !
Made BN_num_bits(3) ! independent of bn->top.
Rewrote and simplified bn_sqr().
Significantly improved Montgomery multiplication performance. !
Rewrote and improved ! BN_exp(3) and ! BN_copy(3). !
Changed ASN1_item_sign_ctx(3) and ! ASN1_item_verify(3) to work with Ed25519 and fixed a few bugs in there.
Lots of cleanup for DH, DSA, EC, RSA internals. Plugged numerous memory leaks, fixed logic errors and inconsistencies.
Cleaned up and simplified various ECDH and ECDSA internals.
Removed EC_GROUP precomp machinery. !
Fixed various issues with ! EVP_PKEY_CTX_new(3) and EVP_PKEY_CTX_dup(3). !
Rewrote OBJ_find_sigid_algs(3) and OBJ_find_sigid_by_algs(3).
Improved X.509 certificate version checks.
Ensure no X.509v3 extensions appear more than once in certificates.
Replaced ASN1_bn_print with a cleaner internal implementation.
Fix OPENSSL_cpuid_setup() invocations on arm/aarch64.
Improved checks for commonName in libtls. !
Fixed error check for ! X509_get_ext_d2i(3) failure in libtls.
Removed code guarded by #ifdef ZLIB. !
Plug a potential memory leak in ! ASN1_TIME_normalize(3).
Fixed a use of uninitialized in i2r_IPAddrBlocks(). !
Rewrote CMS_SignerInfo_sign(3) and CMS_SignerInfo_verify(3).

Bug fixes

Correctly handle negative input to various BIGNUM functions.
Ensure ERR_load_ERR_strings() does not set errno unexpectedly. !
Fix error checking of ! i2d_ECDSA_SIG(3) ! in ossl_ecdsa_sign(). !
Fixed aliasing issue in ! BN_mod_inverse(3). Disallowed aliasing of result and modulus in various BN_mod_* functions.
Fixed detection of extended operations (XOP) on AMD hardware.
Ensure Montgomery exponentiation is used for the initial RSA blinding.
Policy is always checked in X509 validation. Critical policy extensions are no longer silently ignored.
Fixed error handling in tls_check_common_name(). !
Add missing pointer invalidation in ! SSL_free(3).
Fixed X509err() and X509V3err() and their internal versions. !
Ensure that ! OBJ_obj2txt(3) ! always returns a C string again. !
Made EVP_PKEY_CTX_set1_hkdf_key(3) fail on a NULL key.
On socket errors in the poll loop, netcat could issue system calls on invalidated file descriptors.
Allow IP addresses to be specified in a URI. !
Fixed a copy-paste error in ! ASN1_TIME_compare(3) that could lead to two UTCTimes ! or two GeneralizedTimes incorrectly being compared as equal.

Documentation improvements

*************** *** 1203,1209 ****

Testing and Proactive Security

Significantly improved test coverage of BN_mod_sqrt() and GCD.
As always, new test coverage is added as bugs are fixed and subsystems are cleaned up.

--- 1238,1246 ----

Testing and Proactive Security

Significantly improved test coverage of ! BN_mod_sqrt(3) ! and GCD.
As always, new test coverage is added as bugs are fixed and subsystems are cleaned up.