Lines Matching +full:2013 +full:- +full:2023
8 ----------------
10 - [OpenSSL 3.0](#openssl-30)
11 - [OpenSSL 1.1.1](#openssl-111)
12 - [OpenSSL 1.1.0](#openssl-110)
13 - [OpenSSL 1.0.2](#openssl-102)
14 - [OpenSSL 1.0.1](#openssl-101)
15 - [OpenSSL 1.0.0](#openssl-100)
16 - [OpenSSL 0.9.x](#openssl-09x)
19 -----------
28 * Fixed timing side-channel in ECDSA signature computation.
29 ([CVE-2024-13176])
31 * Fixed possible OOB memory access with invalid low-level GF(2^m) elliptic
33 ([CVE-2024-9143])
43 ([CVE-2024-6119])
46 ([CVE-2024-5535])
51 ([CVE-2024-4741])
55 ([CVE-2024-4603])
58 ([CVE-2024-2511])
63 ([CVE-2024-0727])
65 ([CVE-2023-6237])
68 ([CVE-2023-6129])
70 value ([CVE-2023-5678])
72 ### Major changes between OpenSSL 3.0.11 and OpenSSL 3.0.12 [24 Oct 2023]
75 ([CVE-2023-5363])
77 ### Major changes between OpenSSL 3.0.10 and OpenSSL 3.0.11 [19 Sep 2023]
80 ([CVE-2023-4807])
82 ### Major changes between OpenSSL 3.0.9 and OpenSSL 3.0.10 [1 Aug 2023]
84 * Fix excessive time spent checking DH q parameter value ([CVE-2023-3817])
85 * Fix DH_check() excessive time with over sized modulus ([CVE-2023-3446])
86 * Do not ignore empty associated data entries with AES-SIV ([CVE-2023-2975])
88 ### Major changes between OpenSSL 3.0.8 and OpenSSL 3.0.9 [30 May 2023]
91 IDENTIFIER sub-identities. ([CVE-2023-2650])
92 * Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms
93 ([CVE-2023-1255])
94 * Fixed documentation of X509_VERIFY_PARAM_add0_policy() ([CVE-2023-0466])
96 ([CVE-2023-0465])
97 * Limited the number of nodes created in a policy tree ([CVE-2023-0464])
99 ### Major changes between OpenSSL 3.0.7 and OpenSSL 3.0.8 [7 Feb 2023]
101 * Fixed NULL dereference during PKCS7 data verification ([CVE-2023-0401])
102 * Fixed X.400 address type confusion in X.509 GeneralName ([CVE-2023-0286])
103 * Fixed NULL dereference validating DSA public key ([CVE-2023-0217])
104 * Fixed Invalid pointer dereference in d2i_PKCS7 functions ([CVE-2023-0216])
105 * Fixed Use-after-free following BIO_new_NDEF ([CVE-2023-0215])
106 * Fixed Double free after calling PEM_read_bio_ex ([CVE-2022-4450])
107 * Fixed Timing Oracle in RSA Decryption ([CVE-2022-4304])
108 * Fixed X.509 Name Constraints Read Buffer Overflow ([CVE-2022-4203])
109 * Fixed X.509 Policy Constraints Double Locking ([CVE-2022-3996])
116 ([CVE-2022-3786]) and ([CVE-2022-3602])
121 ([CVE-2022-3358])
126 ([CVE-2022-2274])
127 * Fixed AES OCB failure to encrypt some bytes on 32-bit x86 platforms
128 ([CVE-2022-2097])
134 ([CVE-2022-2068])
139 metacharacters to prevent command injection ([CVE-2022-1292])
141 certificate on an OCSP response ([CVE-2022-1343])
142 * Fixed a bug where the RC4-MD5 ciphersuite incorrectly used the
143 AAD data as the MAC key ([CVE-2022-1434])
145 occuppied by the removed hash table entries ([CVE-2022-1473])
150 for non-prime moduli ([CVE-2022-0778])
155 ([CVE-2021-4044])
168 * Moved the EVP digests MD2, MD4, MDC2, WHIRLPOOL and RIPEMD-160 to the legacy
181 a non-default `OSSL_LIB_CTX`.
189 * enable-crypto-mdebug and enable-crypto-mdebug-backtrace were mostly
190 disabled; the project uses address sanitize/leak-detect instead.
197 connections via HTTP(s) proxies, connections and exchange via user-defined
199 * Added util/check-format.pl for checking adherence to the coding guidelines.
210 * Add OPENSSL_info() and 'openssl info' to get built-in data.
222 * All of the low-level MD2, MD4, MD5, MDC2, RIPEMD160, SHA1, SHA224,
225 * All of the low-level AES, Blowfish, Camellia, CAST, DES, IDEA, RC2,
227 * All of the low-level DH, DSA, ECDH, ECDSA and RSA public key functions
235 -------------
239 * Fixed an SM2 Decryption Buffer Overflow ([CVE-2021-3711])
240 * Fixed various read buffer overruns processing ASN.1 strings ([CVE-2021-3712])
245 X509_V_FLAG_X509_STRICT flag ([CVE-2021-3450])
247 crafted renegotiation ClientHello message from a client ([CVE-2021-3449])
252 function ([CVE-2021-23841])
256 EVP_DecryptUpdate functions ([CVE-2021-23840])
261 * Fixed NULL pointer deref in GENERAL_NAME_cmp ([CVE-2020-1971])
273 * Fixed segmentation fault in SSL_check_chain() ([CVE-2020-1967])
282 used in exponentiation with 512-bit moduli ([CVE-2019-1551])
286 * Fixed a fork protection issue ([CVE-2019-1549])
288 ([CVE-2019-1563])
289 * For built-in EC curves, ensure an EC_GROUP built from the curve name is
292 ([CVE-2019-1547])
296 * Use Windows installation paths in the mingw builds ([CVE-2019-1552])
303 * Prevent over long nonces in ChaCha20-Poly1305 ([CVE-2019-1543])
307 * Change the info callback signals for the start and end of a post-handshake
314 * Timing vulnerability in DSA signature generation ([CVE-2018-0734])
315 * Timing vulnerability in ECDSA signature generation ([CVE-2018-0735])
321 * Early data (0-RTT)
322 * Post-handshake authentication and key update
326 * RSA-PSS signature algorithms (backported to TLSv1.2)
336 * The default RAND method now utilizes an AES-CTR DRBG according to
337 NIST standard SP 800-90Ar1.
340 * The DRBG instances are fork-safe.
349 * Multi-prime RSA
355 * Significant Side-Channel attack security improvements
368 -------------
373 ([CVE-2019-1563])
374 * For built-in EC curves, ensure an EC_GROUP built from the curve name is
377 ([CVE-2019-1547])
378 * Use Windows installation paths in the mingw builds ([CVE-2019-1552])
382 * Prevent over long nonces in ChaCha20-Poly1305 ([CVE-2019-1543])
386 * Timing vulnerability in DSA signature generation ([CVE-2018-0734])
387 * Timing vulnerability in ECDSA signature generation ([CVE-2018-0735])
391 * Client DoS due to large DH parameter ([CVE-2018-0732])
392 * Cache timing vulnerability in RSA Key Generation ([CVE-2018-0737])
397 stack ([CVE-2018-0739])
398 * Incorrect CRYPTO_memcmp on HP-UX PA-RISC ([CVE-2018-0733])
399 * rsaz_1024_mul_avx2 overflow bug on x86_64 ([CVE-2017-3738])
403 * bn_sqrx8x_internal carry bug on x86_64 ([CVE-2017-3736])
404 * Malformed X.509 IPAddressFamily could cause OOB read ([CVE-2017-3735])
408 * config now recognises 64-bit mingw and chooses mingw64 instead of mingw
412 * Encrypt-Then-Mac renegotiation crash ([CVE-2017-3733])
416 * Truncated packet could crash via OOB read ([CVE-2017-3731])
417 * Bad (EC)DHE parameters cause a client crash ([CVE-2017-3730])
418 * BN_mod_exp may produce incorrect results on x86_64 ([CVE-2017-3732])
422 * ChaCha20/Poly1305 heap-buffer-overflow ([CVE-2016-7054])
423 * CMS Null dereference ([CVE-2016-7053])
424 * Montgomery multiplication may produce incorrect results ([CVE-2016-7055])
428 * Fix Use After Free for large message sizes ([CVE-2016-6309])
432 * OCSP Status Request extension unbounded memory growth ([CVE-2016-6304])
433 * SSL_peek() hang on empty record ([CVE-2016-6305])
435 ([CVE-2016-6307])
437 ([CVE-2016-6308])
469 relative to the latest release via the "no-deprecated" Configure
470 argument, or via the "--api=1.1.0|1.0.0|0.9.8" option.
471 * Application software can be compiled with -DOPENSSL_API_COMPAT=version
474 * Change of Configure to use --prefix as the main installation
475 directory location rather than --openssldir. The latter becomes
488 -------------
493 ([CVE-2019-1563])
494 * For built-in EC curves, ensure an EC_GROUP built from the curve name is
497 ([CVE-2019-1547])
499 ([CVE-2019-1552])
507 * 0-byte record padding oracle ([CVE-2019-1559])
511 * Microarchitecture timing vulnerability in ECC scalar multiplication ([CVE-2018-5407])
512 * Timing vulnerability in DSA signature generation ([CVE-2018-0734])
516 * Client DoS due to large DH parameter ([CVE-2018-0732])
517 * Cache timing vulnerability in RSA Key Generation ([CVE-2018-0737])
522 stack ([CVE-2018-0739])
526 * Read/write after SSL object in error state ([CVE-2017-3737])
527 * rsaz_1024_mul_avx2 overflow bug on x86_64 ([CVE-2017-3738])
531 * bn_sqrx8x_internal carry bug on x86_64 ([CVE-2017-3736])
532 * Malformed X.509 IPAddressFamily could cause OOB read ([CVE-2017-3735])
536 * config now recognises 64-bit mingw and chooses mingw64 instead of mingw
540 * Truncated packet could crash via OOB read ([CVE-2017-3731])
541 * BN_mod_exp may produce incorrect results on x86_64 ([CVE-2017-3732])
542 * Montgomery multiplication may produce incorrect results ([CVE-2016-7055])
546 * Missing CRL sanity check ([CVE-2016-7052])
550 * OCSP Status Request extension unbounded memory growth ([CVE-2016-6304])
551 * SWEET32 Mitigation ([CVE-2016-2183])
552 * OOB write in MDC2_Update() ([CVE-2016-6303])
553 * Malformed SHA512 ticket DoS ([CVE-2016-6302])
554 * OOB write in BN_bn2dec() ([CVE-2016-2182])
555 * OOB read in TS_OBJ_print_bio() ([CVE-2016-2180])
556 * Pointer arithmetic undefined behaviour ([CVE-2016-2177])
557 * Constant time flag not preserved in DSA signing ([CVE-2016-2178])
558 * DTLS buffered message DoS ([CVE-2016-2179])
559 * DTLS replay protection DoS ([CVE-2016-2181])
560 * Certificate message OOB reads ([CVE-2016-6306])
564 * Prevent padding oracle in AES-NI CBC MAC check ([CVE-2016-2107])
565 * Fix EVP_EncodeUpdate overflow ([CVE-2016-2105])
566 * Fix EVP_EncryptUpdate overflow ([CVE-2016-2106])
567 * Prevent ASN.1 BIO excessive memory allocation ([CVE-2016-2109])
568 * EBCDIC overread ([CVE-2016-2176])
573 * Only remove the SSLv2 methods with the no-ssl2-method option.
579 ([CVE-2016-0800])
580 * Fix a double-free in DSA code ([CVE-2016-0705])
582 ([CVE-2016-0798])
584 ([CVE-2016-0797])
585 * Fix memory issues in BIO_*printf functions ([CVE-2016-0799])
586 * Fix side channel attack on modular exponentiation ([CVE-2016-0702])
590 * DH small subgroups ([CVE-2016-0701])
591 * SSLv2 doesn't block disabled ciphers ([CVE-2015-3197])
595 * BN_mod_exp may produce incorrect results on x86_64 ([CVE-2015-3193])
596 * Certificate verify crash with missing PSS parameter ([CVE-2015-3194])
597 * X509_ATTRIBUTE memory leak ([CVE-2015-3195])
604 * Alternate chains certificate forgery ([CVE-2015-1793])
605 * Race condition handling PSK identify hint ([CVE-2015-3196])
613 * Malformed ECParameters causes infinite loop ([CVE-2015-1788])
614 * Exploitable out-of-bounds read in X509_cmp_time ([CVE-2015-1789])
615 * PKCS7 crash with missing EnvelopedContent ([CVE-2015-1790])
616 * CMS verify infinite loop with unknown hash function ([CVE-2015-1792])
617 * Race condition handling NewSessionTicket ([CVE-2015-1791])
621 * OpenSSL 1.0.2 ClientHello sigalgs DoS fix ([CVE-2015-0291])
622 * Multiblock corrupted pointer fix ([CVE-2015-0290])
623 * Segmentation fault in DTLSv1_listen fix ([CVE-2015-0207])
624 * Segmentation fault in ASN1_TYPE_cmp fix ([CVE-2015-0286])
625 * Segmentation fault for invalid PSS parameters fix ([CVE-2015-0208])
626 * ASN.1 structure reuse memory corruption fix ([CVE-2015-0287])
627 * PKCS7 NULL pointer dereferences fix ([CVE-2015-0289])
628 * DoS via reachable assert in SSLv2 servers fix ([CVE-2015-0293])
629 * Empty CKE with client auth and DHE fix ([CVE-2015-1787])
630 * Handshake with unseeded PRNG fix ([CVE-2015-0285])
631 * Use After Free following d2i_ECPrivatekey error fix ([CVE-2015-0209])
632 * X509_to_X509_REQ NULL pointer deref fix ([CVE-2015-0288])
644 * CMS support for RSA-PSS, RSA-OAEP, ECDH and X9.42 DH.
647 -------------
651 * OCSP Status Request extension unbounded memory growth ([CVE-2016-6304])
652 * SWEET32 Mitigation ([CVE-2016-2183])
653 * OOB write in MDC2_Update() ([CVE-2016-6303])
654 * Malformed SHA512 ticket DoS ([CVE-2016-6302])
655 * OOB write in BN_bn2dec() ([CVE-2016-2182])
656 * OOB read in TS_OBJ_print_bio() ([CVE-2016-2180])
657 * Pointer arithmetic undefined behaviour ([CVE-2016-2177])
658 * Constant time flag not preserved in DSA signing ([CVE-2016-2178])
659 * DTLS buffered message DoS ([CVE-2016-2179])
660 * DTLS replay protection DoS ([CVE-2016-2181])
661 * Certificate message OOB reads ([CVE-2016-6306])
665 * Prevent padding oracle in AES-NI CBC MAC check ([CVE-2016-2107])
666 * Fix EVP_EncodeUpdate overflow ([CVE-2016-2105])
667 * Fix EVP_EncryptUpdate overflow ([CVE-2016-2106])
668 * Prevent ASN.1 BIO excessive memory allocation ([CVE-2016-2109])
669 * EBCDIC overread ([CVE-2016-2176])
674 * Only remove the SSLv2 methods with the no-ssl2-method option.
680 ([CVE-2016-0800])
681 * Fix a double-free in DSA code ([CVE-2016-0705])
683 ([CVE-2016-0798])
685 ([CVE-2016-0797])
686 * Fix memory issues in BIO_*printf functions ([CVE-2016-0799])
687 * Fix side channel attack on modular exponentiation ([CVE-2016-0702])
692 * SSLv2 doesn't block disabled ciphers ([CVE-2015-3197])
696 * Certificate verify crash with missing PSS parameter ([CVE-2015-3194])
697 * X509_ATTRIBUTE memory leak ([CVE-2015-3195])
704 * Alternate chains certificate forgery ([CVE-2015-1793])
705 * Race condition handling PSK identify hint ([CVE-2015-3196])
713 * Malformed ECParameters causes infinite loop ([CVE-2015-1788])
714 * Exploitable out-of-bounds read in X509_cmp_time ([CVE-2015-1789])
715 * PKCS7 crash with missing EnvelopedContent ([CVE-2015-1790])
716 * CMS verify infinite loop with unknown hash function ([CVE-2015-1792])
717 * Race condition handling NewSessionTicket ([CVE-2015-1791])
721 * Segmentation fault in ASN1_TYPE_cmp fix ([CVE-2015-0286])
722 * ASN.1 structure reuse memory corruption fix ([CVE-2015-0287])
723 * PKCS7 NULL pointer dereferences fix ([CVE-2015-0289])
724 * DoS via reachable assert in SSLv2 servers fix ([CVE-2015-0293])
725 * Use After Free following d2i_ECPrivatekey error fix ([CVE-2015-0209])
726 * X509_to_X509_REQ NULL pointer deref fix ([CVE-2015-0288])
735 * Fix for [CVE-2014-3571]
736 * Fix for [CVE-2015-0206]
737 * Fix for [CVE-2014-3569]
738 * Fix for [CVE-2014-3572]
739 * Fix for [CVE-2015-0204]
740 * Fix for [CVE-2015-0205]
741 * Fix for [CVE-2014-8275]
742 * Fix for [CVE-2014-3570]
746 * Fix for [CVE-2014-3513]
747 * Fix for [CVE-2014-3567]
748 * Mitigation for [CVE-2014-3566] (SSL protocol vulnerability)
749 * Fix for [CVE-2014-3568]
753 * Fix for [CVE-2014-3512]
754 * Fix for [CVE-2014-3511]
755 * Fix for [CVE-2014-3510]
756 * Fix for [CVE-2014-3507]
757 * Fix for [CVE-2014-3506]
758 * Fix for [CVE-2014-3505]
759 * Fix for [CVE-2014-3509]
760 * Fix for [CVE-2014-5139]
761 * Fix for [CVE-2014-3508]
765 * Fix for [CVE-2014-0224]
766 * Fix for [CVE-2014-0221]
767 * Fix for [CVE-2014-0198]
768 * Fix for [CVE-2014-0195]
769 * Fix for [CVE-2014-3470]
770 * Fix for [CVE-2010-5298]
774 * Fix for [CVE-2014-0160]
776 * Fix for [CVE-2014-0076]
781 * Fix for TLS record tampering bug ([CVE-2013-4353])
782 * Fix for TLS version checking bug ([CVE-2013-6449])
783 * Fix for DTLS retransmission bug ([CVE-2013-6450])
785 ### Major changes between OpenSSL 1.0.1d and OpenSSL 1.0.1e [11 Feb 2013]
787 * Corrected fix for ([CVE-2013-0169])
789 ### Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d [4 Feb 2013]
793 * Fix OCSP bad key DoS attack ([CVE-2013-0166])
794 * Fix for SSL/TLS/DTLS CBC plaintext recovery attack ([CVE-2013-0169])
795 * Fix for TLS AESNI record handling flaw ([CVE-2012-2686])
799 * Fix TLS/DTLS record length checking bug ([CVE-2012-2333])
800 * Don't attempt to use non-FIPS composite ciphers in FIPS mode.
804 * Fix compilation error on non-x86 platforms.
805 * Make FIPS capable OpenSSL ciphers work in non-FIPS mode.
810 * Fix for ASN1 overflow bug ([CVE-2012-2110])
819 * RFC 5764 DTLS-SRTP negotiation.
828 -------------
832 * X509_ATTRIBUTE memory leak (([CVE-2015-3195]))
833 * Race condition handling PSK identify hint ([CVE-2015-3196])
837 * Malformed ECParameters causes infinite loop ([CVE-2015-1788])
838 * Exploitable out-of-bounds read in X509_cmp_time ([CVE-2015-1789])
839 * PKCS7 crash with missing EnvelopedContent ([CVE-2015-1790])
840 * CMS verify infinite loop with unknown hash function ([CVE-2015-1792])
841 * Race condition handling NewSessionTicket ([CVE-2015-1791])
845 * Segmentation fault in ASN1_TYPE_cmp fix ([CVE-2015-0286])
846 * ASN.1 structure reuse memory corruption fix ([CVE-2015-0287])
847 * PKCS7 NULL pointer dereferences fix ([CVE-2015-0289])
848 * DoS via reachable assert in SSLv2 servers fix ([CVE-2015-0293])
849 * Use After Free following d2i_ECPrivatekey error fix ([CVE-2015-0209])
850 * X509_to_X509_REQ NULL pointer deref fix ([CVE-2015-0288])
859 * Fix for [CVE-2014-3571]
860 * Fix for [CVE-2015-0206]
861 * Fix for [CVE-2014-3569]
862 * Fix for [CVE-2014-3572]
863 * Fix for [CVE-2015-0204]
864 * Fix for [CVE-2015-0205]
865 * Fix for [CVE-2014-8275]
866 * Fix for [CVE-2014-3570]
870 * Fix for [CVE-2014-3513]
871 * Fix for [CVE-2014-3567]
872 * Mitigation for [CVE-2014-3566] (SSL protocol vulnerability)
873 * Fix for [CVE-2014-3568]
877 * Fix for [CVE-2014-3510]
878 * Fix for [CVE-2014-3507]
879 * Fix for [CVE-2014-3506]
880 * Fix for [CVE-2014-3505]
881 * Fix for [CVE-2014-3509]
882 * Fix for [CVE-2014-3508]
886 * EAP-FAST and other applications using tls_session_secret_cb
887 won't resume sessions. Fixed in 1.0.0n-dev
889 `<limits.h>` include. Fixed in 1.0.0n-dev
893 * Fix for [CVE-2014-0224]
894 * Fix for [CVE-2014-0221]
895 * Fix for [CVE-2014-0198]
896 * Fix for [CVE-2014-0195]
897 * Fix for [CVE-2014-3470]
898 * Fix for [CVE-2014-0076]
899 * Fix for [CVE-2010-5298]
903 * Fix for DTLS retransmission bug ([CVE-2013-6450])
905 ### Major changes between OpenSSL 1.0.0j and OpenSSL 1.0.0k [5 Feb 2013]
907 * Fix for SSL/TLS/DTLS CBC plaintext recovery attack ([CVE-2013-0169])
908 * Fix OCSP bad key DoS attack ([CVE-2013-0166])
912 * Fix DTLS record length checking bug ([CVE-2012-2333])
916 * Fix for ASN1 overflow bug ([CVE-2012-2110])
920 * Fix for CMS/PKCS#7 MMA ([CVE-2012-0884])
921 * Corrected fix for ([CVE-2011-4619])
926 * Fix for DTLS DoS issue ([CVE-2012-0050])
930 * Fix for DTLS plaintext recovery attack ([CVE-2011-4108])
931 * Clear block padding bytes of SSL 3.0 records ([CVE-2011-4576])
932 * Only allow one SGC handshake restart for SSL/TLS ([CVE-2011-4619])
933 * Check parameters are not NULL in GOST ENGINE ([CVE-2012-0027])
934 * Check for malformed RFC3779 data ([CVE-2011-4577])
938 * Fix for CRL vulnerability issue ([CVE-2011-3207])
939 * Fix for ECDH crashes ([CVE-2011-3210])
946 * Fix for security issue ([CVE-2011-0014])
950 * Fix for security issue ([CVE-2010-4180])
951 * Fix for ([CVE-2010-4252])
954 * Corrected fix for security issue ([CVE-2010-3864]).
958 * Fix for security issue ([CVE-2010-3864]).
959 * Fix for ([CVE-2010-2939])
964 * Fix for security issue ([CVE-2010-1633]).
985 * ecdsa-with-SHA224/256/384/512 signature types.
986 * dsa-with-SHA224 and dsa-with-SHA256 signature types.
991 -------------
996 * Fix security issues [CVE-2010-0740] and [CVE-2010-0433].
1012 * Temporary work around for [CVE-2009-3555]: disable renegotiation.
1017 * Fix security issues [CVE-2009-0590], [CVE-2009-0591], [CVE-2009-0789]
1021 * Fix security issue ([CVE-2008-5077])
1022 * Merge FIPS 140-2 branch code.
1054 * Introduce limits to prevent malicious key DoS ([CVE-2006-2940])
1055 * Fix security issues [CVE-2006-2937], [CVE-2006-3737], [CVE-2006-4343]
1060 * Fix Daniel Bleichenbacher forged signature attack, [CVE-2006-4339]
1075 * Fix potential SSL 2.0 rollback ([CVE-2005-2969])
1087 * New ASN.1 mini-compiler that's usable through the OpenSSL
1099 * Changed the key-generation and primality testing "progress"
1109 * Added support for multi-valued AVAs in the OpenSSL
1113 * Make it possible to create self-signed certificates using
1114 'openssl ca -selfsign'.
1116 'openssl ca -create_serial'.
1125 * Changed the PKCS#7 library to support one-pass S/MIME
1129 'no-deprecated' argument to the config and Configure scripts.
1133 * New FIPS 180-2 algorithms (SHA-224, -256, -384 and -512).
1136 * Major overhaul of RC4 performance on Intel P4, IA-64 and
1140 argument form 'enable-xxx'.
1142 SHA-1.
1145 * Added support for the RSA-PSS encryption scheme
1150 * Added alternate pkg-config files.
1159 * Introduce limits to prevent malicious key DoS ([CVE-2006-2940])
1160 * Fix security issues [CVE-2006-2937], [CVE-2006-3737], [CVE-2006-4343]
1164 * Fix Daniel Bleichenbacher forged signature attack, [CVE-2006-4339]
1177 * Fix SSL 2.0 Rollback ([CVE-2005-2969])
1178 * Allow use of fixed-length exponent on DSA signing
1179 * Default fixed-window RSA, DSA, DH private-key operations
1206 * Security: Fix null-pointer assignment in do_change_cipher_spec()
1214 * New -ignore_err option to OCSP utility.
1220 * Security: counter the Klima-Pokorny-Rosa extension of
1224 * Support for new platforms: linux-ia64-ecc.
1236 * Configuration: the no-err option now works properly.
1252 * Support for new platforms: Windows CE, Tandem OSS, A/UX, AIX 64-bit,
1253 Linux x86_64, Linux 64-bit on Sparc v9
1257 * Support for pkg-config.
1293 * Security: counter the Klima-Pokorny-Rosa extension of
1308 * Better handling of shared libraries in a mixed GNU/non-GNU environment.
1332 * Fix DH parameter generation for 'non-standard' generators.
1342 MIPS Linux; shared library support for Irix, HP-UX.
1345 [in 0.9.6c-engine release].
1357 * Bug fix to make PRNG thread-safe.
1368 * Security fix: check the result of RSA-CRT to reduce the
1387 * Add "-rand" option to openssl s_client and s_server.
1395 * New 'rsautl' application, low-level RSA utility.
1402 distribution. See the file README-Engine.md.
1407 * Shared library support for HPUX and Solaris-gcc
1441 via a per-thread stack
1457 * New pipe-like BIO that allows using the SSL library when actual I/O
1464 * Added "openssl ca -revoke" option for revoking a certificate
1465 * Source cleanups: const correctness, type-safe stacks and ASN.1 SETs
1480 * Support for Triple-DES CBCM cipher
1510 <!-- Links -->
1512 [CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
1513 [CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143
1514 [CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119
1515 [CVE-2024-5535]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-5535
1516 [CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741
1517 [CVE-2024-4603]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4603
1518 [CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511
1519 [CVE-2024-0727]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-0727
1520 [CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237
1521 [CVE-2023-6129]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6129
1522 [CVE-2023-5678]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5678
1523 [CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363
1524 [CVE-2023-4807]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-4807
1525 [CVE-2023-3817]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3817
1526 [CVE-2023-3446]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3446
1527 [CVE-2023-2975]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2975
1528 [CVE-2023-2650]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2650
1529 [CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255
1530 [CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466
1531 [CVE-2023-0465]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0465
1532 [CVE-2023-0464]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0464
1533 [CVE-2023-0401]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0401
1534 [CVE-2023-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0286
1535 [CVE-2023-0217]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0217
1536 [CVE-2023-0216]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0216
1537 [CVE-2023-0215]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0215
1538 [CVE-2022-4450]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4450
1539 [CVE-2022-4304]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4304
1540 [CVE-2022-4203]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4203
1541 [CVE-2022-3996]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-3996
1542 [CVE-2022-2274]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2274
1543 [CVE-2022-2097]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2097
1544 [CVE-2020-1971]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1971
1545 [CVE-2020-1967]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1967
1546 [CVE-2019-1563]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1563
1547 [CVE-2019-1559]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1559
1548 [CVE-2019-1552]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1552
1549 [CVE-2019-1551]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1551
1550 [CVE-2019-1549]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1549
1551 [CVE-2019-1547]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1547
1552 [CVE-2019-1543]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1543
1553 [CVE-2018-5407]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-5407
1554 [CVE-2018-0739]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0739
1555 [CVE-2018-0737]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0737
1556 [CVE-2018-0735]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0735
1557 [CVE-2018-0734]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0734
1558 [CVE-2018-0733]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0733
1559 [CVE-2018-0732]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0732
1560 [CVE-2017-3738]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3738
1561 [CVE-2017-3737]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3737
1562 [CVE-2017-3736]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3736
1563 [CVE-2017-3735]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3735
1564 [CVE-2017-3733]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3733
1565 [CVE-2017-3732]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3732
1566 [CVE-2017-3731]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3731
1567 [CVE-2017-3730]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3730
1568 [CVE-2016-7055]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7055
1569 [CVE-2016-7054]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7054
1570 [CVE-2016-7053]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7053
1571 [CVE-2016-7052]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7052
1572 [CVE-2016-6309]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6309
1573 [CVE-2016-6308]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6308
1574 [CVE-2016-6307]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6307
1575 [CVE-2016-6306]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6306
1576 [CVE-2016-6305]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6305
1577 [CVE-2016-6304]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6304
1578 [CVE-2016-6303]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6303
1579 [CVE-2016-6302]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6302
1580 [CVE-2016-2183]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2183
1581 [CVE-2016-2182]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2182
1582 [CVE-2016-2181]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2181
1583 [CVE-2016-2180]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2180
1584 [CVE-2016-2179]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2179
1585 [CVE-2016-2178]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2178
1586 [CVE-2016-2177]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2177
1587 [CVE-2016-2176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2176
1588 [CVE-2016-2109]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2109
1589 [CVE-2016-2107]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2107
1590 [CVE-2016-2106]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2106
1591 [CVE-2016-2105]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2105
1592 [CVE-2016-0800]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0800
1593 [CVE-2016-0799]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0799
1594 [CVE-2016-0798]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0798
1595 [CVE-2016-0797]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0797
1596 [CVE-2016-0705]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0705
1597 [CVE-2016-0702]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0702
1598 [CVE-2016-0701]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0701
1599 [CVE-2015-3197]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3197
1600 [CVE-2015-3196]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3196
1601 [CVE-2015-3195]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3195
1602 [CVE-2015-3194]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3194
1603 [CVE-2015-3193]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3193
1604 [CVE-2015-1793]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1793
1605 [CVE-2015-1792]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1792
1606 [CVE-2015-1791]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1791
1607 [CVE-2015-1790]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1790
1608 [CVE-2015-1789]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1789
1609 [CVE-2015-1788]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1788
1610 [CVE-2015-1787]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1787
1611 [CVE-2015-0293]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0293
1612 [CVE-2015-0291]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0291
1613 [CVE-2015-0290]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0290
1614 [CVE-2015-0289]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0289
1615 [CVE-2015-0288]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0288
1616 [CVE-2015-0287]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0287
1617 [CVE-2015-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0286
1618 [CVE-2015-0285]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0285
1619 [CVE-2015-0209]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0209
1620 [CVE-2015-0208]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0208
1621 [CVE-2015-0207]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0207
1622 [CVE-2015-0206]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0206
1623 [CVE-2015-0205]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0205
1624 [CVE-2015-0204]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0204
1625 [CVE-2014-8275]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-8275
1626 [CVE-2014-5139]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-5139
1627 [CVE-2014-3572]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3572
1628 [CVE-2014-3571]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3571
1629 [CVE-2014-3570]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3570
1630 [CVE-2014-3569]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3569
1631 [CVE-2014-3568]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3568
1632 [CVE-2014-3567]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3567
1633 [CVE-2014-3566]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3566
1634 [CVE-2014-3513]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3513
1635 [CVE-2014-3512]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3512
1636 [CVE-2014-3511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3511
1637 [CVE-2014-3510]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3510
1638 [CVE-2014-3509]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3509
1639 [CVE-2014-3508]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3508
1640 [CVE-2014-3507]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3507
1641 [CVE-2014-3506]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3506
1642 [CVE-2014-3505]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3505
1643 [CVE-2014-3470]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3470
1644 [CVE-2014-0224]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0224
1645 [CVE-2014-0221]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0221
1646 [CVE-2014-0198]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0198
1647 [CVE-2014-0195]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0195
1648 [CVE-2014-0160]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0160
1649 [CVE-2014-0076]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0076
1650 [CVE-2013-6450]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-6450
1651 [CVE-2013-6449]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-6449
1652 [CVE-2013-4353]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-4353
1653 [CVE-2013-0169]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-0169
1654 [CVE-2013-0166]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-0166
1655 [CVE-2012-2686]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2686
1656 [CVE-2012-2333]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2333
1657 [CVE-2012-2110]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2110
1658 [CVE-2012-0884]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0884
1659 [CVE-2012-0050]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0050
1660 [CVE-2012-0027]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0027
1661 [CVE-2011-4619]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4619
1662 [CVE-2011-4577]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4577
1663 [CVE-2011-4576]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4576
1664 [CVE-2011-4108]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4108
1665 [CVE-2011-3210]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-3210
1666 [CVE-2011-3207]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-3207
1667 [CVE-2011-0014]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-0014
1668 [CVE-2010-5298]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-5298
1669 [CVE-2010-4252]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-4252
1670 [CVE-2010-4180]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-4180
1671 [CVE-2010-3864]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-3864
1672 [CVE-2010-2939]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-2939
1673 [CVE-2010-1633]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-1633
1674 [CVE-2010-0740]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-0740
1675 [CVE-2010-0433]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-0433
1676 [CVE-2009-3555]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-3555
1677 [CVE-2009-0789]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0789
1678 [CVE-2009-0591]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0591
1679 [CVE-2009-0590]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0590
1680 [CVE-2008-5077]: https://www.openssl.org/news/vulnerabilities.html#CVE-2008-5077
1681 [CVE-2006-4343]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-4343
1682 [CVE-2006-4339]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-4339
1683 [CVE-2006-3737]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-3737
1684 [CVE-2006-2940]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-2940
1685 [CVE-2006-2937]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-2937
1686 [CVE-2005-2969]: https://www.openssl.org/news/vulnerabilities.html#CVE-2005-2969