"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "CHANGES" between
openssl-1.1.1f.tar.gz and openssl-1.1.1g.tar.gz

About: OpenSSL is a toolkit implementing the Transport Layer Security (TLS) protocols (including SSLv3) as well as a full-strength general purpose cryptographic library. Long Term Support (LTS) version (includes support for TLSv1.3).

CHANGES  (openssl-1.1.1f):CHANGES  (openssl-1.1.1g)
OpenSSL CHANGES OpenSSL CHANGES
_______________ _______________
This is a high-level summary of the most important changes. This is a high-level summary of the most important changes.
For a full list of changes, see the git commit log; for example, For a full list of changes, see the git commit log; for example,
https://github.com/openssl/openssl/commits/ and pick the appropriate https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch. release branch.
Changes between 1.1.1f and 1.1.1g [21 Apr 2020]
*) Fixed segmentation fault in SSL_check_chain()
Server or client applications that call the SSL_check_chain() function
during or after a TLS 1.3 handshake may crash due to a NULL pointer
dereference as a result of incorrect handling of the
"signature_algorithms_cert" TLS extension. The crash occurs if an invalid
or unrecognised signature algorithm is received from the peer. This could
be exploited by a malicious peer in a Denial of Service attack.
(CVE-2020-1967)
[Benjamin Kaduk]
*) Added AES consttime code for no-asm configurations
an optional constant time support for AES was added
when building openssl for no-asm.
Enable with: ./config no-asm -DOPENSSL_AES_CONST_TIME
Disable with: ./config no-asm -DOPENSSL_NO_AES_CONST_TIME
At this time this feature is by default disabled.
It will be enabled by default in 3.0.
[Bernd Edlinger]
Changes between 1.1.1e and 1.1.1f [31 Mar 2020] Changes between 1.1.1e and 1.1.1f [31 Mar 2020]
*) Revert the change of EOF detection while reading in libssl to avoid *) Revert the change of EOF detection while reading in libssl to avoid
regressions in applications depending on the current way of reporting regressions in applications depending on the current way of reporting
the EOF. As the existing method is not fully accurate the change to the EOF. As the existing method is not fully accurate the change to
reporting the EOF via SSL_ERROR_SSL is kept on the current development reporting the EOF via SSL_ERROR_SSL is kept on the current development
branch and will be present in the 3.0 release. branch and will be present in the 3.0 release.
[Tomas Mraz] [Tomas Mraz]
*) Revised BN_generate_prime_ex to not avoid factors 3..17863 in p-1 *) Revised BN_generate_prime_ex to not avoid factors 3..17863 in p-1
 End of changes. 1 change blocks. 
0 lines changed or deleted 21 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)