Add article libressl 3.3.3
This commit is contained in:
parent
7e6229715b
commit
582b31ffe9
|
@ -0,0 +1,287 @@
|
|||
---
|
||||
categories: ['LibreSSL']
|
||||
date: 2021-05-04T12:36:47+02:00
|
||||
description: "Sortie de LibreSSL: 3.3.3 (2021/05/04)"
|
||||
draft: false
|
||||
tags: ['LibreSSL','3.3']
|
||||
title: "LibreSSL : 3.3.3"
|
||||
---
|
||||
|
||||
## Description
|
||||
|
||||
L'équipe d'OpenBSD dévoile la nouvelle version stable de LibreSSL, basée
|
||||
sur OpenBSD 6.9.
|
||||
|
||||
Cette version inclut les changements suivants :
|
||||
|
||||
⇒ De nouvelles fonctionnalités :
|
||||
|
||||
```
|
||||
* Support for DTLSv1.2.
|
||||
* Continued rewrite of the record layer for the legacy stack.
|
||||
* Numerous bugs and interoperability issues were fixed in the new verifier. A
|
||||
few bugs and incompatibilities remain, so this release uses the old verifier
|
||||
by default.
|
||||
* The OpenSSL 1.1 TLSv1.3 API is not yet available.
|
||||
```
|
||||
|
||||
⇒ Des améliorations pour la version portable :
|
||||
|
||||
```
|
||||
* Added '--enable-libtls-only' build option, which builds and installs a
|
||||
statically-linked libtls, skipping libcrypto and libssl. This is useful for
|
||||
systems that ship with OpenSSL but wish to also package libtls.
|
||||
* Update getentropy on Windows to use Cryptography Next Generation (CNG).
|
||||
wincrypt is deprecated and no longer works with newer Windows environments,
|
||||
such as in Windows Store apps.
|
||||
```
|
||||
|
||||
⇒ Des améliorations de l'API et de la Documentation :
|
||||
|
||||
```
|
||||
* Add a number of RPKI OIDs from RFC 6482, 6484, 6493, 8182, 8360,
|
||||
draft-ietf-sidrops-rpki-rta, and draft-ietf-opsawg-finding-geofeeds.
|
||||
* Add support for SSL_get_shared_ciphers(3) with TLSv1.3.
|
||||
* Add DTLSv1.2 methods.
|
||||
* Implement SSL_is_dtls(3) and use it internally in place of the SSL_IS_DTLS
|
||||
macro.
|
||||
* Provide EVP_PKEY_new_CMAC_KEY(3).
|
||||
* Add missing prototype for d2i_DSAPrivateKey_fp(3) to x509.h.
|
||||
* Add DTLSv1.2 to openssl(1) s_server and s_client protocol message logging.
|
||||
* Provide SSL_use_certificate_chain_file(3).
|
||||
* Provide SSL_set_hostflags(3) and SSL_get0_peername(3).
|
||||
* Provide various DTLSv1.2 specific functions and defines.
|
||||
* Document meaning of '*' in the genrsa output.
|
||||
* Updated documentation for SSL_get_shared_ciphers(3).
|
||||
* Add documentation for SSL_get_finished(3).
|
||||
* Document EVP_PKEY_new_CMAC_key(3).
|
||||
* Document SSL_use_certificate_chain_file(3).
|
||||
* Document SSL_set_hostflags(3) and SSL_get0_peername(3).
|
||||
* Update SSL_get_version(3) manual for DTLSv.1.2 support.
|
||||
* Make supported protocols and options for DHE params more prominent in
|
||||
tls_config_set_protocols(3).
|
||||
* Various documentation improvements around TLS methods.
|
||||
```
|
||||
|
||||
⇒ Des changements de compatibilités :
|
||||
|
||||
```
|
||||
* Make openssl(1) s_server ignore -4 and -6 for compatibility with OpenSSL.
|
||||
* Set SO_REUSEADDR on the server socket in the openssl(1) ocsp command.
|
||||
* Send a host header with OCSP queries to make openssl(1) ocsp work with some
|
||||
widely used OCSP responders.
|
||||
* Add ability to ocspcheck(8) to parse a port in the specified OCSP URL.
|
||||
* Implement auto chain for the TLSv1.3 server since some software relies on
|
||||
this.
|
||||
* Implement key exporter for TLSv1.3.
|
||||
* Align SSL_get_shared_ciphers(3) with OpenSSL. This takes into account that
|
||||
it never returned server ciphers, so now it will fail when called from the
|
||||
client side.
|
||||
* Sync cert.pem with Mozilla NSS root CAs except "GeoTrust Global CA".
|
||||
* Make SSL{_CTX,}_get_{min,max}_proto_version(3) return a version of zero if
|
||||
the minimum or maximum has been set to zero to match OpenSSL's behavior.
|
||||
* Add DTLSv1.2 support to openssl(1) s_client/s_server.
|
||||
* Testing and Proactive Security
|
||||
* Malformed ASN.1 in a certificate revocation list or a timestamp response
|
||||
token can lead to a NULL pointer dereference.
|
||||
* Pull in fix for EVP_CipherUpdate(3) overflow from OpenSSL.
|
||||
* Use EXFLAG_INVALID to handle out of memory and parse errors in
|
||||
x509v3_cache_extensions().
|
||||
* Refactor and clean up ocspcheck(8) and add regression tests.
|
||||
* Internal Improvements
|
||||
* Further cleanup of the DTLS record handling.
|
||||
* Continue the replacement of the TLSv1.2 record layer by reimplementing the
|
||||
read side of the TLSv1.2 record handling.
|
||||
* Replace DTLSv1_enc_data() with TLSv1_1_enc_data().
|
||||
* Merge d1_{clnt,srvr}.c into ssl_{clnt,srvr}.c.
|
||||
* Add const to ssl_ciphers and tls1[23]_sigalgs* to push them into
|
||||
.data.rel.ro and .rodata, respectively.
|
||||
* Add a const qualifier to srtp_known_profiles.
|
||||
* Simplify TLS method by removing the client and server specific methods
|
||||
internally.
|
||||
* Avoid casting away const in ssl_ctx_make_profiles().
|
||||
* Avoid explicitly conditioning an assert on DTLS1_VERSION to make the assert
|
||||
work for newer DTLS versions.
|
||||
* Merge SSL_ENC_METHOD into SSL_METHOD_INTERNAL.
|
||||
* Add a flag to mark DTLS methods as DTLS to have an easy way to recognize
|
||||
DTLS methods that avoids inspecting the version number.
|
||||
* Mark a few more internal static tables const.
|
||||
* Switch finish{,_peer}_md_len from an int to a size_t.
|
||||
* Use EVP_MD_MAX_MD_SIZE instead of 2 * EVP_MD_MAX_MD_SIZE as size for
|
||||
cert_verify_md[], finish_md[] and peer_finish_md[]. The factor 2 was a
|
||||
historical artefact.
|
||||
* Free struct members in tls13_record_layer_free() in their natural order for
|
||||
reviewability.
|
||||
* Use consistent names in tls13_{client,server}_finished_{recv,send}().
|
||||
* Add tls13_secret_{init,cleanup}() and use them throughout the TLSv1.3 code
|
||||
base.
|
||||
* Move the read MAC key into the TLSv1.2 record layer.
|
||||
* Make tls12_record_layer_free() NULL safe.
|
||||
* Split the record protection from the TLSv1.2 record layer.
|
||||
* Clean up sequence number handling in the new TLSv1.2 record layer.
|
||||
* Clean up sequence number handling in DTLS.
|
||||
* Clean up dtls1_reset_seq_numbers().
|
||||
* Factor out code for explicit IV length, block size and MAC length from
|
||||
tls12_record_layer_open_record_protected_cipher().
|
||||
* Provide record layer overhead for DTLS.
|
||||
* Provide functions to determine if TLSv1.2 record protection is engaged.
|
||||
* Add code to handle change of cipher state in the new TLSv1.2 record layer.
|
||||
* Mop up now unused dtls1_build_sequence_numbers() function.
|
||||
* Allow setting a keypair on a tls context without specifying the private key,
|
||||
and fake it internally in libtls. This removes the need for privsep engines
|
||||
like relayd to use bogus keys.
|
||||
* Skip the private key check for fake private keys.
|
||||
* Move the private key setup from tls_configure_ssl_keypair() to a helper
|
||||
function with proper error checking.
|
||||
* Change the internal tls_configure_ssl_keypair() function to return -1
|
||||
instead of 1 on failure.
|
||||
* Move sequence numbers into the new TLSv1.2 record layer.
|
||||
* Move AEAD handling into the new TLSv1.2 record layer.
|
||||
* Factor out legacy stack version checks.
|
||||
* Correct handshake MAC/PRF for various TLSv1.2 cipher suites which were
|
||||
originally added with the default handshake MAC and PRF rather than the
|
||||
SHA256 handshake MAC and PRF.
|
||||
* Absorb ssl3_get_algorithm2() into ssl_get_handshake_evp_md().
|
||||
* Use dtls1_record_retrieve_buffered_record() to load buffered application
|
||||
data.
|
||||
* Enforce read ahead with DTLS.
|
||||
* Remove bogus DTLS checks that disabled ECC and OCSP.
|
||||
* Clean up and simplify dtls1_get_cipher().
|
||||
* Group HelloVerifyRequest decoding and add missing check for trailing data.
|
||||
* Revise HelloVerifyRequest handling for DTLSv1.2.
|
||||
* Handle DTLS1_2_VERSION in various places.
|
||||
* Rename the "truncated" label into "decode_err" and the "f_err" label into
|
||||
"fatal_err".
|
||||
* Factor out and change some of the legacy client version code.
|
||||
* Simplify version checks in the TLSv1.3 client. Ensure that the server
|
||||
announced TLSv1.3 and nothing higher and check that the legacy_version is
|
||||
set to TLSv1.2 as required by RFC 8446.
|
||||
* Only use TLS versions internally rather than both TLS and DTLS versions
|
||||
since the latter are the one's complement of the human readable version
|
||||
numbers, which means that newer versions decrease in value.
|
||||
* Identify DTLS based on the version major value.
|
||||
* Move handling of cipher/hash based cipher suites into the new record layer.
|
||||
* Add tls12_record_protection_unused() and call it from CCS functions.
|
||||
* Move key/IV length checks closer to usage sites. Also add explicit checks
|
||||
against EVP_CIPHER_{iv,key}_length().
|
||||
* Replace two handrolled tls12_record_protection_engaged().
|
||||
* Improve internal version handling: add handshake fields for our minimum
|
||||
version, our maximum version and the TLS version negotiated during the
|
||||
handshake. Convert most of the internal code to use these version fields.
|
||||
* Guard against future internal use of TLS1_get_{client,}_version() macros.
|
||||
* Remove the internal ssl_downgrade_max_version() function which is no longer
|
||||
needed.
|
||||
* Add support for DTLSv1.2 version handling.
|
||||
* Remove no longer needed read ahead workarounds in the s_client and s_server.
|
||||
* Split TLSv1.3 record protection from record layer.
|
||||
* Move the TLSv1.3 handshake struct inside the shared handshake struct.
|
||||
* Fully initialize rrec in tls12_record_layer_open_record_protected() to avoid
|
||||
confusing some static analyzers.
|
||||
* Use tls_set_errorx() on OCSP_basic_verify() failure since the latter does
|
||||
not set errno.
|
||||
* Convert openssl(1) x509 to new option handling and do the usual clean up
|
||||
that goes along with it.
|
||||
* Add SSL_HANDSHAKE_TLS12 for TLSv1.2 specific handshake data.
|
||||
* Rename new_cipher to cipher to align naming with keyblock or other parts of
|
||||
the handshake data.
|
||||
* Move the TLSv1.2 record number increment into the new record layer.
|
||||
* Move finished and peer finished into the handshake struct.
|
||||
* Remove pointless assignment in SSL_get0_alpn_selected().
|
||||
* Add some error checking to openssl(1) x509.
|
||||
```
|
||||
|
||||
⇒ Des correctifs de bogue :
|
||||
|
||||
```
|
||||
* Move point-on-curve check to set_affine_coordinates to avoid verifying ECDSA
|
||||
signatures with unchecked public keys.
|
||||
* Fix SSL_is_server(3) to behave as documented by re-introducing the
|
||||
client-specific methods.
|
||||
* Avoid undefined behavior due to memcpy(NULL, NULL, 0).
|
||||
* Make SSL_get{,_peer}_finished() work when used with TLSv1.3.
|
||||
* Correct the return value type from ERR_peek_error() to a long.
|
||||
* Avoid use of uninitialized in ASN1_time_parse() which could happen on
|
||||
parsing UTCTime if the caller did not initialize the passed struct tm.
|
||||
* Destroy the mutex in a tls_config object on tls_config_free().
|
||||
* Free alert_data and phh_data in tls13_record_layer_free(). These could leak
|
||||
if SSL_shutdown(3) or tls_close(3) were called after closing the underlying
|
||||
socket().
|
||||
* Gracefully handle root certificates being both trusted and untrusted.
|
||||
* Handle X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE in the new verifier.
|
||||
* Use the legacy verifier when building auto chains for TLS.
|
||||
* Search the intermediates only after searching the root certs in the new
|
||||
verifier to avoid problems with the legacy callback.
|
||||
* Bail out early after finding a single chain in the new verifier, if we have
|
||||
been called via the legacy verifier API.
|
||||
* Set (invalid and likely incomplete) chain on the xsc on chain build failure
|
||||
prior to calling the callback. This is required by various callers, including
|
||||
auto chain.
|
||||
* Remove direct assignment of aead_ctx to avoid a leak.
|
||||
* Fail early in legacy exporter if the master secret is not available to avoid
|
||||
a segfault if it is called when the handshake is not completed.
|
||||
* Only print the certificate file once on verification failure.
|
||||
* Fix an off-by-one in x509_verify_set_xsc_chain() to make sure that the new
|
||||
validator checks for EXFLAG_CRITICAL in x509_vfy_check_chain_extension() for
|
||||
all untrusted certs in the chain. Take into account that the root is not
|
||||
necessarily trusted.
|
||||
* Avoid passing last and depth to x509_verify_cert_error() on ENOMEM.
|
||||
* Fix two bugs in the legacy verifier that resulted from refactoring of
|
||||
X509_verify_cert(3) for the new verifier: a return value was incorrectly
|
||||
treated as boolean, making it insufficient to decide whether validation
|
||||
should carry on or not.
|
||||
* Fix checks for memory caps of constraints names. There are internal caps on
|
||||
the number of name constraints and other names, that the new name constraints
|
||||
code allocates per cert chain. These limits were checked too late, making
|
||||
them only partially effective.
|
||||
* Fix a copy-paste error - skid was confused with an akid when checking for
|
||||
EXFLAG_INVALID. This broke OCSP validation with certain mirrors.
|
||||
* Avoid a use-after-scope in tls13_cert_add().
|
||||
* Avoid mangled output in BIO_debug_callback().
|
||||
* Fix client initiated renegotiation by replacing use of s->internal-type with
|
||||
s->server.
|
||||
* Avoid transcript initialization when sending a TLS HelloRequest, fixing
|
||||
server initiated renegotiation.
|
||||
* Avoid leaking param->name in x509_verify_param_zero().
|
||||
* Avoid a leak in an error path in openssl(1) x509.
|
||||
* When sending an alert in TLSv1.3, only set its error code when no other
|
||||
error was set previously. Certain clients rely on specific SSL_R_ error
|
||||
codes to identify that they are dealing with a self signed cert.
|
||||
* When switching from the TLSv1.3 stack to the legacy stack include a TLS
|
||||
record header. This is necessary if there is more than one handshake message
|
||||
in the TLS plaintext record.
|
||||
* Fix resource handling on error in OCSP_request_add0_id().
|
||||
* Make sure there is enough room for stashing the handshake message when
|
||||
switching to the legacy TLS stack.
|
||||
* Fix a memory leak in the openssl(1) s_client.
|
||||
* Unbreak DTLS retransmissions for flights that include a CCS.
|
||||
* If x509_verify() fails, ensure that the error is set on both the
|
||||
x509_verify_ctx() and its store context to make some failures visible from
|
||||
SSL_get_verify_result().
|
||||
* Use the X509_STORE_CTX get_issuer() callback from the new X.509 verifier to
|
||||
fix hashed certificate directories.
|
||||
* Only check BIO_should_read(3) on read and BIO_should_write(3) on write.
|
||||
Previously, BIO_should_write(3) was also checked after read and
|
||||
BIO_should_read(3) after write which could cause stalls in software that
|
||||
uses the same BIO for read and write.
|
||||
* In openssl(1) verify, also check for error on the store context since the
|
||||
return value of X509_verify_cert(3) is unreliable in presence of a callback
|
||||
that returns 1 too often.
|
||||
* Handle additional certificate error cases in the new X.509 verifier. Keep
|
||||
track of the errors encountered if a verify callback tells the verifier to
|
||||
continue and report them back via the error on the store context. This
|
||||
mimics the behavior of the old verifier that would persist the first error
|
||||
encountered while building the chain.
|
||||
* Report specific failures for "self signed certificates" in a way compatible
|
||||
with the old verifier since software relies on the error code.
|
||||
* Plug a large memory leak in the new verifier caused by calling
|
||||
X509_policy_check(3) repeatedly.
|
||||
* Avoid leaking memory in x509_verify_chain_dup().
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
Retrouvez la note de version :
|
||||
|
||||
- [3.3.3](https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.3.3-relnotes.txt)
|
||||
|
||||
---
|
Reference in New Issue