Lines Matching +full:2010 +full:- +full:2013
8 ----------------
10 - [OpenSSL 3.0](#openssl-30)
11 - [OpenSSL 1.1.1](#openssl-111)
12 - [OpenSSL 1.1.0](#openssl-110)
13 - [OpenSSL 1.0.2](#openssl-102)
14 - [OpenSSL 1.0.1](#openssl-101)
15 - [OpenSSL 1.0.0](#openssl-100)
16 - [OpenSSL 0.9.x](#openssl-09x)
19 -----------
29 ([CVE-2024-6119])
32 ([CVE-2024-5535])
37 ([CVE-2024-4741])
41 ([CVE-2024-4603])
44 ([CVE-2024-2511])
49 ([CVE-2024-0727])
51 ([CVE-2023-6237])
54 ([CVE-2023-6129])
56 value ([CVE-2023-5678])
61 ([CVE-2023-5363])
66 ([CVE-2023-4807])
70 * Fix excessive time spent checking DH q parameter value ([CVE-2023-3817])
71 * Fix DH_check() excessive time with over sized modulus ([CVE-2023-3446])
72 * Do not ignore empty associated data entries with AES-SIV ([CVE-2023-2975])
77 IDENTIFIER sub-identities. ([CVE-2023-2650])
78 * Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms
79 ([CVE-2023-1255])
80 * Fixed documentation of X509_VERIFY_PARAM_add0_policy() ([CVE-2023-0466])
82 ([CVE-2023-0465])
83 * Limited the number of nodes created in a policy tree ([CVE-2023-0464])
87 * Fixed NULL dereference during PKCS7 data verification ([CVE-2023-0401])
88 * Fixed X.400 address type confusion in X.509 GeneralName ([CVE-2023-0286])
89 * Fixed NULL dereference validating DSA public key ([CVE-2023-0217])
90 * Fixed Invalid pointer dereference in d2i_PKCS7 functions ([CVE-2023-0216])
91 * Fixed Use-after-free following BIO_new_NDEF ([CVE-2023-0215])
92 * Fixed Double free after calling PEM_read_bio_ex ([CVE-2022-4450])
93 * Fixed Timing Oracle in RSA Decryption ([CVE-2022-4304])
94 * Fixed X.509 Name Constraints Read Buffer Overflow ([CVE-2022-4203])
95 * Fixed X.509 Policy Constraints Double Locking ([CVE-2022-3996])
102 ([CVE-2022-3786]) and ([CVE-2022-3602])
107 ([CVE-2022-3358])
112 ([CVE-2022-2274])
113 * Fixed AES OCB failure to encrypt some bytes on 32-bit x86 platforms
114 ([CVE-2022-2097])
120 ([CVE-2022-2068])
125 metacharacters to prevent command injection ([CVE-2022-1292])
127 certificate on an OCSP response ([CVE-2022-1343])
128 * Fixed a bug where the RC4-MD5 ciphersuite incorrectly used the
129 AAD data as the MAC key ([CVE-2022-1434])
131 occuppied by the removed hash table entries ([CVE-2022-1473])
136 for non-prime moduli ([CVE-2022-0778])
141 ([CVE-2021-4044])
154 * Moved the EVP digests MD2, MD4, MDC2, WHIRLPOOL and RIPEMD-160 to the legacy
167 a non-default `OSSL_LIB_CTX`.
175 * enable-crypto-mdebug and enable-crypto-mdebug-backtrace were mostly
176 disabled; the project uses address sanitize/leak-detect instead.
183 connections via HTTP(s) proxies, connections and exchange via user-defined
185 * Added util/check-format.pl for checking adherence to the coding guidelines.
196 * Add OPENSSL_info() and 'openssl info' to get built-in data.
208 * All of the low-level MD2, MD4, MD5, MDC2, RIPEMD160, SHA1, SHA224,
211 * All of the low-level AES, Blowfish, Camellia, CAST, DES, IDEA, RC2,
213 * All of the low-level DH, DSA, ECDH, ECDSA and RSA public key functions
221 -------------
225 * Fixed an SM2 Decryption Buffer Overflow ([CVE-2021-3711])
226 * Fixed various read buffer overruns processing ASN.1 strings ([CVE-2021-3712])
231 X509_V_FLAG_X509_STRICT flag ([CVE-2021-3450])
233 crafted renegotiation ClientHello message from a client ([CVE-2021-3449])
238 function ([CVE-2021-23841])
242 EVP_DecryptUpdate functions ([CVE-2021-23840])
247 * Fixed NULL pointer deref in GENERAL_NAME_cmp ([CVE-2020-1971])
259 * Fixed segmentation fault in SSL_check_chain() ([CVE-2020-1967])
268 used in exponentiation with 512-bit moduli ([CVE-2019-1551])
272 * Fixed a fork protection issue ([CVE-2019-1549])
274 ([CVE-2019-1563])
275 * For built-in EC curves, ensure an EC_GROUP built from the curve name is
278 ([CVE-2019-1547])
282 * Use Windows installation paths in the mingw builds ([CVE-2019-1552])
289 * Prevent over long nonces in ChaCha20-Poly1305 ([CVE-2019-1543])
293 * Change the info callback signals for the start and end of a post-handshake
300 * Timing vulnerability in DSA signature generation ([CVE-2018-0734])
301 * Timing vulnerability in ECDSA signature generation ([CVE-2018-0735])
307 * Early data (0-RTT)
308 * Post-handshake authentication and key update
312 * RSA-PSS signature algorithms (backported to TLSv1.2)
322 * The default RAND method now utilizes an AES-CTR DRBG according to
323 NIST standard SP 800-90Ar1.
326 * The DRBG instances are fork-safe.
335 * Multi-prime RSA
341 * Significant Side-Channel attack security improvements
354 -------------
359 ([CVE-2019-1563])
360 * For built-in EC curves, ensure an EC_GROUP built from the curve name is
363 ([CVE-2019-1547])
364 * Use Windows installation paths in the mingw builds ([CVE-2019-1552])
368 * Prevent over long nonces in ChaCha20-Poly1305 ([CVE-2019-1543])
372 * Timing vulnerability in DSA signature generation ([CVE-2018-0734])
373 * Timing vulnerability in ECDSA signature generation ([CVE-2018-0735])
377 * Client DoS due to large DH parameter ([CVE-2018-0732])
378 * Cache timing vulnerability in RSA Key Generation ([CVE-2018-0737])
383 stack ([CVE-2018-0739])
384 * Incorrect CRYPTO_memcmp on HP-UX PA-RISC ([CVE-2018-0733])
385 * rsaz_1024_mul_avx2 overflow bug on x86_64 ([CVE-2017-3738])
389 * bn_sqrx8x_internal carry bug on x86_64 ([CVE-2017-3736])
390 * Malformed X.509 IPAddressFamily could cause OOB read ([CVE-2017-3735])
394 * config now recognises 64-bit mingw and chooses mingw64 instead of mingw
398 * Encrypt-Then-Mac renegotiation crash ([CVE-2017-3733])
402 * Truncated packet could crash via OOB read ([CVE-2017-3731])
403 * Bad (EC)DHE parameters cause a client crash ([CVE-2017-3730])
404 * BN_mod_exp may produce incorrect results on x86_64 ([CVE-2017-3732])
408 * ChaCha20/Poly1305 heap-buffer-overflow ([CVE-2016-7054])
409 * CMS Null dereference ([CVE-2016-7053])
410 * Montgomery multiplication may produce incorrect results ([CVE-2016-7055])
414 * Fix Use After Free for large message sizes ([CVE-2016-6309])
418 * OCSP Status Request extension unbounded memory growth ([CVE-2016-6304])
419 * SSL_peek() hang on empty record ([CVE-2016-6305])
421 ([CVE-2016-6307])
423 ([CVE-2016-6308])
455 relative to the latest release via the "no-deprecated" Configure
456 argument, or via the "--api=1.1.0|1.0.0|0.9.8" option.
457 * Application software can be compiled with -DOPENSSL_API_COMPAT=version
460 * Change of Configure to use --prefix as the main installation
461 directory location rather than --openssldir. The latter becomes
474 -------------
479 ([CVE-2019-1563])
480 * For built-in EC curves, ensure an EC_GROUP built from the curve name is
483 ([CVE-2019-1547])
485 ([CVE-2019-1552])
493 * 0-byte record padding oracle ([CVE-2019-1559])
497 * Microarchitecture timing vulnerability in ECC scalar multiplication ([CVE-2018-5407])
498 * Timing vulnerability in DSA signature generation ([CVE-2018-0734])
502 * Client DoS due to large DH parameter ([CVE-2018-0732])
503 * Cache timing vulnerability in RSA Key Generation ([CVE-2018-0737])
508 stack ([CVE-2018-0739])
512 * Read/write after SSL object in error state ([CVE-2017-3737])
513 * rsaz_1024_mul_avx2 overflow bug on x86_64 ([CVE-2017-3738])
517 * bn_sqrx8x_internal carry bug on x86_64 ([CVE-2017-3736])
518 * Malformed X.509 IPAddressFamily could cause OOB read ([CVE-2017-3735])
522 * config now recognises 64-bit mingw and chooses mingw64 instead of mingw
526 * Truncated packet could crash via OOB read ([CVE-2017-3731])
527 * BN_mod_exp may produce incorrect results on x86_64 ([CVE-2017-3732])
528 * Montgomery multiplication may produce incorrect results ([CVE-2016-7055])
532 * Missing CRL sanity check ([CVE-2016-7052])
536 * OCSP Status Request extension unbounded memory growth ([CVE-2016-6304])
537 * SWEET32 Mitigation ([CVE-2016-2183])
538 * OOB write in MDC2_Update() ([CVE-2016-6303])
539 * Malformed SHA512 ticket DoS ([CVE-2016-6302])
540 * OOB write in BN_bn2dec() ([CVE-2016-2182])
541 * OOB read in TS_OBJ_print_bio() ([CVE-2016-2180])
542 * Pointer arithmetic undefined behaviour ([CVE-2016-2177])
543 * Constant time flag not preserved in DSA signing ([CVE-2016-2178])
544 * DTLS buffered message DoS ([CVE-2016-2179])
545 * DTLS replay protection DoS ([CVE-2016-2181])
546 * Certificate message OOB reads ([CVE-2016-6306])
550 * Prevent padding oracle in AES-NI CBC MAC check ([CVE-2016-2107])
551 * Fix EVP_EncodeUpdate overflow ([CVE-2016-2105])
552 * Fix EVP_EncryptUpdate overflow ([CVE-2016-2106])
553 * Prevent ASN.1 BIO excessive memory allocation ([CVE-2016-2109])
554 * EBCDIC overread ([CVE-2016-2176])
559 * Only remove the SSLv2 methods with the no-ssl2-method option.
565 ([CVE-2016-0800])
566 * Fix a double-free in DSA code ([CVE-2016-0705])
568 ([CVE-2016-0798])
570 ([CVE-2016-0797])
571 * Fix memory issues in BIO_*printf functions ([CVE-2016-0799])
572 * Fix side channel attack on modular exponentiation ([CVE-2016-0702])
576 * DH small subgroups ([CVE-2016-0701])
577 * SSLv2 doesn't block disabled ciphers ([CVE-2015-3197])
581 * BN_mod_exp may produce incorrect results on x86_64 ([CVE-2015-3193])
582 * Certificate verify crash with missing PSS parameter ([CVE-2015-3194])
583 * X509_ATTRIBUTE memory leak ([CVE-2015-3195])
590 * Alternate chains certificate forgery ([CVE-2015-1793])
591 * Race condition handling PSK identify hint ([CVE-2015-3196])
599 * Malformed ECParameters causes infinite loop ([CVE-2015-1788])
600 * Exploitable out-of-bounds read in X509_cmp_time ([CVE-2015-1789])
601 * PKCS7 crash with missing EnvelopedContent ([CVE-2015-1790])
602 * CMS verify infinite loop with unknown hash function ([CVE-2015-1792])
603 * Race condition handling NewSessionTicket ([CVE-2015-1791])
607 * OpenSSL 1.0.2 ClientHello sigalgs DoS fix ([CVE-2015-0291])
608 * Multiblock corrupted pointer fix ([CVE-2015-0290])
609 * Segmentation fault in DTLSv1_listen fix ([CVE-2015-0207])
610 * Segmentation fault in ASN1_TYPE_cmp fix ([CVE-2015-0286])
611 * Segmentation fault for invalid PSS parameters fix ([CVE-2015-0208])
612 * ASN.1 structure reuse memory corruption fix ([CVE-2015-0287])
613 * PKCS7 NULL pointer dereferences fix ([CVE-2015-0289])
614 * DoS via reachable assert in SSLv2 servers fix ([CVE-2015-0293])
615 * Empty CKE with client auth and DHE fix ([CVE-2015-1787])
616 * Handshake with unseeded PRNG fix ([CVE-2015-0285])
617 * Use After Free following d2i_ECPrivatekey error fix ([CVE-2015-0209])
618 * X509_to_X509_REQ NULL pointer deref fix ([CVE-2015-0288])
630 * CMS support for RSA-PSS, RSA-OAEP, ECDH and X9.42 DH.
633 -------------
637 * OCSP Status Request extension unbounded memory growth ([CVE-2016-6304])
638 * SWEET32 Mitigation ([CVE-2016-2183])
639 * OOB write in MDC2_Update() ([CVE-2016-6303])
640 * Malformed SHA512 ticket DoS ([CVE-2016-6302])
641 * OOB write in BN_bn2dec() ([CVE-2016-2182])
642 * OOB read in TS_OBJ_print_bio() ([CVE-2016-2180])
643 * Pointer arithmetic undefined behaviour ([CVE-2016-2177])
644 * Constant time flag not preserved in DSA signing ([CVE-2016-2178])
645 * DTLS buffered message DoS ([CVE-2016-2179])
646 * DTLS replay protection DoS ([CVE-2016-2181])
647 * Certificate message OOB reads ([CVE-2016-6306])
651 * Prevent padding oracle in AES-NI CBC MAC check ([CVE-2016-2107])
652 * Fix EVP_EncodeUpdate overflow ([CVE-2016-2105])
653 * Fix EVP_EncryptUpdate overflow ([CVE-2016-2106])
654 * Prevent ASN.1 BIO excessive memory allocation ([CVE-2016-2109])
655 * EBCDIC overread ([CVE-2016-2176])
660 * Only remove the SSLv2 methods with the no-ssl2-method option.
666 ([CVE-2016-0800])
667 * Fix a double-free in DSA code ([CVE-2016-0705])
669 ([CVE-2016-0798])
671 ([CVE-2016-0797])
672 * Fix memory issues in BIO_*printf functions ([CVE-2016-0799])
673 * Fix side channel attack on modular exponentiation ([CVE-2016-0702])
678 * SSLv2 doesn't block disabled ciphers ([CVE-2015-3197])
682 * Certificate verify crash with missing PSS parameter ([CVE-2015-3194])
683 * X509_ATTRIBUTE memory leak ([CVE-2015-3195])
690 * Alternate chains certificate forgery ([CVE-2015-1793])
691 * Race condition handling PSK identify hint ([CVE-2015-3196])
699 * Malformed ECParameters causes infinite loop ([CVE-2015-1788])
700 * Exploitable out-of-bounds read in X509_cmp_time ([CVE-2015-1789])
701 * PKCS7 crash with missing EnvelopedContent ([CVE-2015-1790])
702 * CMS verify infinite loop with unknown hash function ([CVE-2015-1792])
703 * Race condition handling NewSessionTicket ([CVE-2015-1791])
707 * Segmentation fault in ASN1_TYPE_cmp fix ([CVE-2015-0286])
708 * ASN.1 structure reuse memory corruption fix ([CVE-2015-0287])
709 * PKCS7 NULL pointer dereferences fix ([CVE-2015-0289])
710 * DoS via reachable assert in SSLv2 servers fix ([CVE-2015-0293])
711 * Use After Free following d2i_ECPrivatekey error fix ([CVE-2015-0209])
712 * X509_to_X509_REQ NULL pointer deref fix ([CVE-2015-0288])
721 * Fix for [CVE-2014-3571]
722 * Fix for [CVE-2015-0206]
723 * Fix for [CVE-2014-3569]
724 * Fix for [CVE-2014-3572]
725 * Fix for [CVE-2015-0204]
726 * Fix for [CVE-2015-0205]
727 * Fix for [CVE-2014-8275]
728 * Fix for [CVE-2014-3570]
732 * Fix for [CVE-2014-3513]
733 * Fix for [CVE-2014-3567]
734 * Mitigation for [CVE-2014-3566] (SSL protocol vulnerability)
735 * Fix for [CVE-2014-3568]
739 * Fix for [CVE-2014-3512]
740 * Fix for [CVE-2014-3511]
741 * Fix for [CVE-2014-3510]
742 * Fix for [CVE-2014-3507]
743 * Fix for [CVE-2014-3506]
744 * Fix for [CVE-2014-3505]
745 * Fix for [CVE-2014-3509]
746 * Fix for [CVE-2014-5139]
747 * Fix for [CVE-2014-3508]
751 * Fix for [CVE-2014-0224]
752 * Fix for [CVE-2014-0221]
753 * Fix for [CVE-2014-0198]
754 * Fix for [CVE-2014-0195]
755 * Fix for [CVE-2014-3470]
756 * Fix for [CVE-2010-5298]
760 * Fix for [CVE-2014-0160]
762 * Fix for [CVE-2014-0076]
767 * Fix for TLS record tampering bug ([CVE-2013-4353])
768 * Fix for TLS version checking bug ([CVE-2013-6449])
769 * Fix for DTLS retransmission bug ([CVE-2013-6450])
771 ### Major changes between OpenSSL 1.0.1d and OpenSSL 1.0.1e [11 Feb 2013]
773 * Corrected fix for ([CVE-2013-0169])
775 ### Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d [4 Feb 2013]
779 * Fix OCSP bad key DoS attack ([CVE-2013-0166])
780 * Fix for SSL/TLS/DTLS CBC plaintext recovery attack ([CVE-2013-0169])
781 * Fix for TLS AESNI record handling flaw ([CVE-2012-2686])
785 * Fix TLS/DTLS record length checking bug ([CVE-2012-2333])
786 * Don't attempt to use non-FIPS composite ciphers in FIPS mode.
790 * Fix compilation error on non-x86 platforms.
791 * Make FIPS capable OpenSSL ciphers work in non-FIPS mode.
796 * Fix for ASN1 overflow bug ([CVE-2012-2110])
805 * RFC 5764 DTLS-SRTP negotiation.
814 -------------
818 * X509_ATTRIBUTE memory leak (([CVE-2015-3195]))
819 * Race condition handling PSK identify hint ([CVE-2015-3196])
823 * Malformed ECParameters causes infinite loop ([CVE-2015-1788])
824 * Exploitable out-of-bounds read in X509_cmp_time ([CVE-2015-1789])
825 * PKCS7 crash with missing EnvelopedContent ([CVE-2015-1790])
826 * CMS verify infinite loop with unknown hash function ([CVE-2015-1792])
827 * Race condition handling NewSessionTicket ([CVE-2015-1791])
831 * Segmentation fault in ASN1_TYPE_cmp fix ([CVE-2015-0286])
832 * ASN.1 structure reuse memory corruption fix ([CVE-2015-0287])
833 * PKCS7 NULL pointer dereferences fix ([CVE-2015-0289])
834 * DoS via reachable assert in SSLv2 servers fix ([CVE-2015-0293])
835 * Use After Free following d2i_ECPrivatekey error fix ([CVE-2015-0209])
836 * X509_to_X509_REQ NULL pointer deref fix ([CVE-2015-0288])
845 * Fix for [CVE-2014-3571]
846 * Fix for [CVE-2015-0206]
847 * Fix for [CVE-2014-3569]
848 * Fix for [CVE-2014-3572]
849 * Fix for [CVE-2015-0204]
850 * Fix for [CVE-2015-0205]
851 * Fix for [CVE-2014-8275]
852 * Fix for [CVE-2014-3570]
856 * Fix for [CVE-2014-3513]
857 * Fix for [CVE-2014-3567]
858 * Mitigation for [CVE-2014-3566] (SSL protocol vulnerability)
859 * Fix for [CVE-2014-3568]
863 * Fix for [CVE-2014-3510]
864 * Fix for [CVE-2014-3507]
865 * Fix for [CVE-2014-3506]
866 * Fix for [CVE-2014-3505]
867 * Fix for [CVE-2014-3509]
868 * Fix for [CVE-2014-3508]
872 * EAP-FAST and other applications using tls_session_secret_cb
873 won't resume sessions. Fixed in 1.0.0n-dev
875 `<limits.h>` include. Fixed in 1.0.0n-dev
879 * Fix for [CVE-2014-0224]
880 * Fix for [CVE-2014-0221]
881 * Fix for [CVE-2014-0198]
882 * Fix for [CVE-2014-0195]
883 * Fix for [CVE-2014-3470]
884 * Fix for [CVE-2014-0076]
885 * Fix for [CVE-2010-5298]
889 * Fix for DTLS retransmission bug ([CVE-2013-6450])
891 ### Major changes between OpenSSL 1.0.0j and OpenSSL 1.0.0k [5 Feb 2013]
893 * Fix for SSL/TLS/DTLS CBC plaintext recovery attack ([CVE-2013-0169])
894 * Fix OCSP bad key DoS attack ([CVE-2013-0166])
898 * Fix DTLS record length checking bug ([CVE-2012-2333])
902 * Fix for ASN1 overflow bug ([CVE-2012-2110])
906 * Fix for CMS/PKCS#7 MMA ([CVE-2012-0884])
907 * Corrected fix for ([CVE-2011-4619])
912 * Fix for DTLS DoS issue ([CVE-2012-0050])
916 * Fix for DTLS plaintext recovery attack ([CVE-2011-4108])
917 * Clear block padding bytes of SSL 3.0 records ([CVE-2011-4576])
918 * Only allow one SGC handshake restart for SSL/TLS ([CVE-2011-4619])
919 * Check parameters are not NULL in GOST ENGINE ([CVE-2012-0027])
920 * Check for malformed RFC3779 data ([CVE-2011-4577])
924 * Fix for CRL vulnerability issue ([CVE-2011-3207])
925 * Fix for ECDH crashes ([CVE-2011-3210])
932 * Fix for security issue ([CVE-2011-0014])
934 ### Major changes between OpenSSL 1.0.0b and OpenSSL 1.0.0c [2 Dec 2010]
936 * Fix for security issue ([CVE-2010-4180])
937 * Fix for ([CVE-2010-4252])
940 * Corrected fix for security issue ([CVE-2010-3864]).
942 ### Major changes between OpenSSL 1.0.0a and OpenSSL 1.0.0b [16 Nov 2010]
944 * Fix for security issue ([CVE-2010-3864]).
945 * Fix for ([CVE-2010-2939])
948 ### Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a [1 Jun 2010]
950 * Fix for security issue ([CVE-2010-1633]).
953 ### Major changes between OpenSSL 0.9.8n and OpenSSL 1.0.0 [29 Mar 2010]
971 * ecdsa-with-SHA224/256/384/512 signature types.
972 * dsa-with-SHA224 and dsa-with-SHA256 signature types.
977 -------------
979 ### Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n [24 Mar 2010]
982 * Fix security issues [CVE-2010-0740] and [CVE-2010-0433].
984 ### Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m [25 Feb 2010]
998 * Temporary work around for [CVE-2009-3555]: disable renegotiation.
1003 * Fix security issues [CVE-2009-0590], [CVE-2009-0591], [CVE-2009-0789]
1007 * Fix security issue ([CVE-2008-5077])
1008 * Merge FIPS 140-2 branch code.
1040 * Introduce limits to prevent malicious key DoS ([CVE-2006-2940])
1041 * Fix security issues [CVE-2006-2937], [CVE-2006-3737], [CVE-2006-4343]
1046 * Fix Daniel Bleichenbacher forged signature attack, [CVE-2006-4339]
1061 * Fix potential SSL 2.0 rollback ([CVE-2005-2969])
1073 * New ASN.1 mini-compiler that's usable through the OpenSSL
1085 * Changed the key-generation and primality testing "progress"
1095 * Added support for multi-valued AVAs in the OpenSSL
1099 * Make it possible to create self-signed certificates using
1100 'openssl ca -selfsign'.
1102 'openssl ca -create_serial'.
1111 * Changed the PKCS#7 library to support one-pass S/MIME
1115 'no-deprecated' argument to the config and Configure scripts.
1119 * New FIPS 180-2 algorithms (SHA-224, -256, -384 and -512).
1122 * Major overhaul of RC4 performance on Intel P4, IA-64 and
1126 argument form 'enable-xxx'.
1128 SHA-1.
1131 * Added support for the RSA-PSS encryption scheme
1136 * Added alternate pkg-config files.
1145 * Introduce limits to prevent malicious key DoS ([CVE-2006-2940])
1146 * Fix security issues [CVE-2006-2937], [CVE-2006-3737], [CVE-2006-4343]
1150 * Fix Daniel Bleichenbacher forged signature attack, [CVE-2006-4339]
1163 * Fix SSL 2.0 Rollback ([CVE-2005-2969])
1164 * Allow use of fixed-length exponent on DSA signing
1165 * Default fixed-window RSA, DSA, DH private-key operations
1192 * Security: Fix null-pointer assignment in do_change_cipher_spec()
1200 * New -ignore_err option to OCSP utility.
1206 * Security: counter the Klima-Pokorny-Rosa extension of
1210 * Support for new platforms: linux-ia64-ecc.
1222 * Configuration: the no-err option now works properly.
1238 * Support for new platforms: Windows CE, Tandem OSS, A/UX, AIX 64-bit,
1239 Linux x86_64, Linux 64-bit on Sparc v9
1243 * Support for pkg-config.
1279 * Security: counter the Klima-Pokorny-Rosa extension of
1294 * Better handling of shared libraries in a mixed GNU/non-GNU environment.
1318 * Fix DH parameter generation for 'non-standard' generators.
1328 MIPS Linux; shared library support for Irix, HP-UX.
1331 [in 0.9.6c-engine release].
1343 * Bug fix to make PRNG thread-safe.
1354 * Security fix: check the result of RSA-CRT to reduce the
1373 * Add "-rand" option to openssl s_client and s_server.
1381 * New 'rsautl' application, low-level RSA utility.
1388 distribution. See the file README-Engine.md.
1393 * Shared library support for HPUX and Solaris-gcc
1427 via a per-thread stack
1443 * New pipe-like BIO that allows using the SSL library when actual I/O
1450 * Added "openssl ca -revoke" option for revoking a certificate
1451 * Source cleanups: const correctness, type-safe stacks and ASN.1 SETs
1466 * Support for Triple-DES CBCM cipher
1496 <!-- Links -->
1498 [CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119
1499 [CVE-2024-5535]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-5535
1500 [CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741
1501 [CVE-2024-4603]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4603
1502 [CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511
1503 [CVE-2024-0727]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-0727
1504 [CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237
1505 [CVE-2023-6129]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6129
1506 [CVE-2023-5678]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5678
1507 [CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363
1508 [CVE-2023-4807]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-4807
1509 [CVE-2023-3817]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3817
1510 [CVE-2023-3446]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3446
1511 [CVE-2023-2975]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2975
1512 [CVE-2023-2650]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2650
1513 [CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255
1514 [CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466
1515 [CVE-2023-0465]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0465
1516 [CVE-2023-0464]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0464
1517 [CVE-2023-0401]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0401
1518 [CVE-2023-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0286
1519 [CVE-2023-0217]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0217
1520 [CVE-2023-0216]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0216
1521 [CVE-2023-0215]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0215
1522 [CVE-2022-4450]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4450
1523 [CVE-2022-4304]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4304
1524 [CVE-2022-4203]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4203
1525 [CVE-2022-3996]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-3996
1526 [CVE-2022-2274]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2274
1527 [CVE-2022-2097]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2097
1528 [CVE-2020-1971]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1971
1529 [CVE-2020-1967]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1967
1530 [CVE-2019-1563]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1563
1531 [CVE-2019-1559]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1559
1532 [CVE-2019-1552]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1552
1533 [CVE-2019-1551]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1551
1534 [CVE-2019-1549]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1549
1535 [CVE-2019-1547]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1547
1536 [CVE-2019-1543]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1543
1537 [CVE-2018-5407]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-5407
1538 [CVE-2018-0739]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0739
1539 [CVE-2018-0737]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0737
1540 [CVE-2018-0735]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0735
1541 [CVE-2018-0734]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0734
1542 [CVE-2018-0733]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0733
1543 [CVE-2018-0732]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0732
1544 [CVE-2017-3738]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3738
1545 [CVE-2017-3737]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3737
1546 [CVE-2017-3736]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3736
1547 [CVE-2017-3735]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3735
1548 [CVE-2017-3733]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3733
1549 [CVE-2017-3732]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3732
1550 [CVE-2017-3731]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3731
1551 [CVE-2017-3730]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3730
1552 [CVE-2016-7055]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7055
1553 [CVE-2016-7054]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7054
1554 [CVE-2016-7053]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7053
1555 [CVE-2016-7052]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7052
1556 [CVE-2016-6309]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6309
1557 [CVE-2016-6308]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6308
1558 [CVE-2016-6307]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6307
1559 [CVE-2016-6306]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6306
1560 [CVE-2016-6305]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6305
1561 [CVE-2016-6304]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6304
1562 [CVE-2016-6303]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6303
1563 [CVE-2016-6302]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6302
1564 [CVE-2016-2183]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2183
1565 [CVE-2016-2182]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2182
1566 [CVE-2016-2181]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2181
1567 [CVE-2016-2180]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2180
1568 [CVE-2016-2179]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2179
1569 [CVE-2016-2178]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2178
1570 [CVE-2016-2177]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2177
1571 [CVE-2016-2176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2176
1572 [CVE-2016-2109]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2109
1573 [CVE-2016-2107]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2107
1574 [CVE-2016-2106]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2106
1575 [CVE-2016-2105]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2105
1576 [CVE-2016-0800]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0800
1577 [CVE-2016-0799]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0799
1578 [CVE-2016-0798]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0798
1579 [CVE-2016-0797]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0797
1580 [CVE-2016-0705]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0705
1581 [CVE-2016-0702]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0702
1582 [CVE-2016-0701]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0701
1583 [CVE-2015-3197]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3197
1584 [CVE-2015-3196]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3196
1585 [CVE-2015-3195]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3195
1586 [CVE-2015-3194]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3194
1587 [CVE-2015-3193]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3193
1588 [CVE-2015-1793]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1793
1589 [CVE-2015-1792]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1792
1590 [CVE-2015-1791]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1791
1591 [CVE-2015-1790]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1790
1592 [CVE-2015-1789]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1789
1593 [CVE-2015-1788]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1788
1594 [CVE-2015-1787]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1787
1595 [CVE-2015-0293]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0293
1596 [CVE-2015-0291]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0291
1597 [CVE-2015-0290]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0290
1598 [CVE-2015-0289]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0289
1599 [CVE-2015-0288]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0288
1600 [CVE-2015-0287]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0287
1601 [CVE-2015-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0286
1602 [CVE-2015-0285]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0285
1603 [CVE-2015-0209]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0209
1604 [CVE-2015-0208]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0208
1605 [CVE-2015-0207]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0207
1606 [CVE-2015-0206]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0206
1607 [CVE-2015-0205]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0205
1608 [CVE-2015-0204]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0204
1609 [CVE-2014-8275]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-8275
1610 [CVE-2014-5139]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-5139
1611 [CVE-2014-3572]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3572
1612 [CVE-2014-3571]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3571
1613 [CVE-2014-3570]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3570
1614 [CVE-2014-3569]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3569
1615 [CVE-2014-3568]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3568
1616 [CVE-2014-3567]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3567
1617 [CVE-2014-3566]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3566
1618 [CVE-2014-3513]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3513
1619 [CVE-2014-3512]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3512
1620 [CVE-2014-3511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3511
1621 [CVE-2014-3510]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3510
1622 [CVE-2014-3509]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3509
1623 [CVE-2014-3508]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3508
1624 [CVE-2014-3507]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3507
1625 [CVE-2014-3506]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3506
1626 [CVE-2014-3505]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3505
1627 [CVE-2014-3470]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3470
1628 [CVE-2014-0224]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0224
1629 [CVE-2014-0221]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0221
1630 [CVE-2014-0198]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0198
1631 [CVE-2014-0195]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0195
1632 [CVE-2014-0160]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0160
1633 [CVE-2014-0076]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0076
1634 [CVE-2013-6450]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-6450
1635 [CVE-2013-6449]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-6449
1636 [CVE-2013-4353]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-4353
1637 [CVE-2013-0169]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-0169
1638 [CVE-2013-0166]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-0166
1639 [CVE-2012-2686]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2686
1640 [CVE-2012-2333]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2333
1641 [CVE-2012-2110]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2110
1642 [CVE-2012-0884]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0884
1643 [CVE-2012-0050]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0050
1644 [CVE-2012-0027]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0027
1645 [CVE-2011-4619]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4619
1646 [CVE-2011-4577]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4577
1647 [CVE-2011-4576]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4576
1648 [CVE-2011-4108]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4108
1649 [CVE-2011-3210]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-3210
1650 [CVE-2011-3207]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-3207
1651 [CVE-2011-0014]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-0014
1652 [CVE-2010-5298]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-5298
1653 [CVE-2010-4252]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-4252
1654 [CVE-2010-4180]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-4180
1655 [CVE-2010-3864]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-3864
1656 [CVE-2010-2939]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-2939
1657 [CVE-2010-1633]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-1633
1658 [CVE-2010-0740]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-0740
1659 [CVE-2010-0433]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-0433
1660 [CVE-2009-3555]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-3555
1661 [CVE-2009-0789]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0789
1662 [CVE-2009-0591]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0591
1663 [CVE-2009-0590]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0590
1664 [CVE-2008-5077]: https://www.openssl.org/news/vulnerabilities.html#CVE-2008-5077
1665 [CVE-2006-4343]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-4343
1666 [CVE-2006-4339]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-4339
1667 [CVE-2006-3737]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-3737
1668 [CVE-2006-2940]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-2940
1669 [CVE-2006-2937]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-2937
1670 [CVE-2005-2969]: https://www.openssl.org/news/vulnerabilities.html#CVE-2005-2969