diff --git a/OpenSSL.Light/OpenSSL.Light.nuspec b/OpenSSL.Light/OpenSSL.Light.nuspec index e2be2f5..fc08eae 100644 --- a/OpenSSL.Light/OpenSSL.Light.nuspec +++ b/OpenSSL.Light/OpenSSL.Light.nuspec @@ -3,11 +3,11 @@ OpenSSL.Light OpenSSL - The Open Source SSL and TLS toolkit - 1.0.1.20140824 + 1.0.1.20141015 Shining Light Productions Ethan Brown Open Source SSL v2/v3 and TLS v1 toolkit - This is really 1.0.1i, but the Nuget spec doesn't allow such version identifiers, so the file versions are used. + This is really 1.0.1j, but the Nuget spec doesn't allow such version identifiers, so the file versions are used. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation. @@ -20,308 +20,142 @@ https://github.com/Iristyle/ChocolateyPackages/raw/master/OpenSSL.Light/OpenSSL.Light.png https://www.openssl.org/news/changelog.html - Changes between 1.0.1h and 1.0.2 [xx XXX xxxx] - - *) Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.) - for corner cases. (Certain input points at infinity could lead to - bogus results, with non-infinity inputs mapped to infinity too.) - [Bodo Moeller] - - *) Initial support for PowerISA 2.0.7, first implemented in POWER8. - This covers AES, SHA256/512 and GHASH. "Initial" means that most - common cases are optimized and there still is room for further - improvements. Vector Permutation AES for Altivec is also added. - [Andy Polyakov] - - *) Add support for little-endian ppc64 Linux target. - [Marcelo Cerri (IBM)] - - *) Initial support for AMRv8 ISA crypto extensions. This covers AES, - SHA1, SHA256 and GHASH. "Initial" means that most common cases - are optimized and there still is room for further improvements. - Both 32- and 64-bit modes are supported. - [Andy Polyakov, Ard Biesheuvel (Linaro)] - - *) Improved ARMv7 NEON support. - [Andy Polyakov] - - *) Support for SPARC Architecture 2011 crypto extensions, first - implemented in SPARC T4. This covers AES, DES, Camellia, SHA1, - SHA256/512, MD5, GHASH and modular exponentiation. - [Andy Polyakov, David Miller] - - *) Accelerated modular exponentiation for Intel processors, a.k.a. - RSAZ. - [Shay Gueron (Intel Corp)] - - *) Support for new and upcoming Intel processors, including AVX2, - BMI and SHA ISA extensions. This includes additional "stitched" - implementations, AESNI-SHA256 and GCM, and multi-buffer support - for TLS encrypt. - - This work was sponsored by Intel Corp. - [Andy Polyakov] - - *) Use algorithm specific chains in SSL_CTX_use_certificate_chain_file(): - this fixes a limiation in previous versions of OpenSSL. - [Steve Henson] - - *) Extended RSA OAEP support via EVP_PKEY API. Options to specify digest, - MGF1 digest and OAEP label. - [Steve Henson] - - *) Add EVP support for key wrapping algorithms, to avoid problems with - existing code the flag EVP_CIPHER_CTX_WRAP_ALLOW has to be set in - the EVP_CIPHER_CTX or an error is returned. Add AES and DES3 wrap - algorithms and include tests cases. - [Steve Henson] - - *) Add functions to allocate and set the fields of an ECDSA_METHOD - structure. - [Douglas E. Engert, Steve Henson] - - *) New functions OPENSSL_gmtime_diff and ASN1_TIME_diff to find the - difference in days and seconds between two tm or ASN1_TIME structures. - [Steve Henson] - - *) Add -rev test option to s_server to just reverse order of characters - received by client and send back to server. Also prints an abbreviated - summary of the connection parameters. - [Steve Henson] - - *) New option -brief for s_client and s_server to print out a brief summary - of connection parameters. - [Steve Henson] - - *) Add callbacks for arbitrary TLS extensions. - [Trevor Perrin (trevp@trevp.net) and Ben Laurie] - - *) New option -crl_download in several openssl utilities to download CRLs - from CRLDP extension in certificates. - [Steve Henson] - - *) New options -CRL and -CRLform for s_client and s_server for CRLs. - [Steve Henson] - - *) New function X509_CRL_diff to generate a delta CRL from the difference - of two full CRLs. Add support to "crl" utility. - [Steve Henson] - - *) New functions to set lookup_crls function and to retrieve - X509_STORE from X509_STORE_CTX. - [Steve Henson] - - *) Print out deprecated issuer and subject unique ID fields in - certificates. - [Steve Henson] - - *) Extend OCSP I/O functions so they can be used for simple general purpose - HTTP as well as OCSP. New wrapper function which can be used to download - CRLs using the OCSP API. - [Steve Henson] - - *) Delegate command line handling in s_client/s_server to SSL_CONF APIs. - [Steve Henson] - - *) SSL_CONF* functions. These provide a common framework for application - configuration using configuration files or command lines. - [Steve Henson] - - *) SSL/TLS tracing code. This parses out SSL/TLS records using the - message callback and prints the results. Needs compile time option - "enable-ssl-trace". New options to s_client and s_server to enable - tracing. - [Steve Henson] - - *) New ctrl and macro to retrieve supported points extensions. - Print out extension in s_server and s_client. - [Steve Henson] - - *) New functions to retrieve certificate signature and signature - OID NID. - [Steve Henson] - - *) Add functions to retrieve and manipulate the raw cipherlist sent by a - client to OpenSSL. - [Steve Henson] - - *) New Suite B modes for TLS code. These use and enforce the requirements - of RFC6460: restrict ciphersuites, only permit Suite B algorithms and - only use Suite B curves. The Suite B modes can be set by using the - strings "SUITEB128", "SUITEB192" or "SUITEB128ONLY" for the cipherstring. - [Steve Henson] - - *) New chain verification flags for Suite B levels of security. Check - algorithms are acceptable when flags are set in X509_verify_cert. - [Steve Henson] - - *) Make tls1_check_chain return a set of flags indicating checks passed - by a certificate chain. Add additional tests to handle client - certificates: checks for matching certificate type and issuer name - comparison. - [Steve Henson] - - *) If an attempt is made to use a signature algorithm not in the peer - preference list abort the handshake. If client has no suitable - signature algorithms in response to a certificate request do not - use the certificate. - [Steve Henson] - - *) If server EC tmp key is not in client preference list abort handshake. - [Steve Henson] - - *) Add support for certificate stores in CERT structure. This makes it - possible to have different stores per SSL structure or one store in - the parent SSL_CTX. Include distint stores for certificate chain - verification and chain building. New ctrl SSL_CTRL_BUILD_CERT_CHAIN - to build and store a certificate chain in CERT structure: returing - an error if the chain cannot be built: this will allow applications - to test if a chain is correctly configured. - - Note: if the CERT based stores are not set then the parent SSL_CTX - store is used to retain compatibility with existing behaviour. - - [Steve Henson] - - *) New function ssl_set_client_disabled to set a ciphersuite disabled - mask based on the current session, check mask when sending client - hello and checking the requested ciphersuite. - [Steve Henson] - - *) New ctrls to retrieve and set certificate types in a certificate - request message. Print out received values in s_client. If certificate - types is not set with custom values set sensible values based on - supported signature algorithms. - [Steve Henson] - - *) Support for distinct client and server supported signature algorithms. - [Steve Henson] - - *) Add certificate callback. If set this is called whenever a certificate - is required by client or server. An application can decide which - certificate chain to present based on arbitrary criteria: for example - supported signature algorithms. Add very simple example to s_server. - This fixes many of the problems and restrictions of the existing client - certificate callback: for example you can now clear an existing - certificate and specify the whole chain. - [Steve Henson] - - *) Add new "valid_flags" field to CERT_PKEY structure which determines what - the certificate can be used for (if anything). Set valid_flags field - in new tls1_check_chain function. Simplify ssl_set_cert_masks which used - to have similar checks in it. - - Add new "cert_flags" field to CERT structure and include a "strict mode". - This enforces some TLS certificate requirements (such as only permitting - certificate signature algorithms contained in the supported algorithms - extension) which some implementations ignore: this option should be used - with caution as it could cause interoperability issues. - [Steve Henson] - - *) Update and tidy signature algorithm extension processing. Work out - shared signature algorithms based on preferences and peer algorithms - and print them out in s_client and s_server. Abort handshake if no - shared signature algorithms. - [Steve Henson] - - *) Add new functions to allow customised supported signature algorithms - for SSL and SSL_CTX structures. Add options to s_client and s_server - to support them. - [Steve Henson] - - *) New function SSL_certs_clear() to delete all references to certificates - from an SSL structure. Before this once a certificate had been added - it couldn't be removed. - [Steve Henson] - - *) Integrate hostname, email address and IP address checking with certificate - verification. New verify options supporting checking in opensl utility. - [Steve Henson] - - *) Fixes and wildcard matching support to hostname and email checking - functions. Add manual page. - [Florian Weimer (Red Hat Product Security Team)] - - *) New functions to check a hostname email or IP address against a - certificate. Add options x509 utility to print results of checks against - a certificate. - [Steve Henson] - - *) Fix OCSP checking. - [Rob Stradling (rob.stradling@comodo.com) and Ben Laurie] - - *) Initial experimental support for explicitly trusted non-root CAs. - OpenSSL still tries to build a complete chain to a root but if an - intermediate CA has a trust setting included that is used. The first - setting is used: whether to trust (e.g., -addtrust option to the x509 - utility) or reject. - [Steve Henson] - - *) Add -trusted_first option which attempts to find certificates in the - trusted store even if an untrusted chain is also supplied. - [Steve Henson] - - *) MIPS assembly pack updates: support for MIPS32r2 and SmartMIPS ASE, - platform support for Linux and Android. - [Andy Polyakov] - - *) Support for linux-x32, ILP32 environment in x86_64 framework. - [Andy Polyakov] - - *) Experimental multi-implementation support for FIPS capable OpenSSL. - When in FIPS mode the approved implementations are used as normal, - when not in FIPS mode the internal unapproved versions are used instead. - This means that the FIPS capable OpenSSL isn't forced to use the - (often lower performance) FIPS implementations outside FIPS mode. - [Steve Henson] - - *) Transparently support X9.42 DH parameters when calling - PEM_read_bio_DHparameters. This means existing applications can handle - the new parameter format automatically. - [Steve Henson] - - *) Initial experimental support for X9.42 DH parameter format: mainly - to support use of 'q' parameter for RFC5114 parameters. - [Steve Henson] - - *) Add DH parameters from RFC5114 including test data to dhtest. - [Steve Henson] - - *) Support for automatic EC temporary key parameter selection. If enabled - the most preferred EC parameters are automatically used instead of - hardcoded fixed parameters. Now a server just has to call: - SSL_CTX_set_ecdh_auto(ctx, 1) and the server will automatically - support ECDH and use the most appropriate parameters. - [Steve Henson] - - *) Enhance and tidy EC curve and point format TLS extension code. Use - static structures instead of allocation if default values are used. - New ctrls to set curves we wish to support and to retrieve shared curves. - Print out shared curves in s_server. New options to s_server and s_client - to set list of supported curves. - [Steve Henson] - - *) New ctrls to retrieve supported signature algorithms and - supported curve values as an array of NIDs. Extend openssl utility - to print out received values. - [Steve Henson] - - *) Add new APIs EC_curve_nist2nid and EC_curve_nid2nist which convert - between NIDs and the more common NIST names such as "P-256". Enhance - ecparam utility and ECC method to recognise the NIST names for curves. - [Steve Henson] - - *) Enhance SSL/TLS certificate chain handling to support different - chains for each certificate instead of one chain in the parent SSL_CTX. - [Steve Henson] - - *) Support for fixed DH ciphersuite client authentication: where both - server and client use DH certificates with common parameters. - [Steve Henson] - - *) Support for fixed DH ciphersuites: those requiring DH server - certificates. - [Steve Henson] + Changes between 1.0.1i and 1.0.1j [15 Oct 2014] + + *) SRTP Memory Leak. + + A flaw in the DTLS SRTP extension parsing code allows an attacker, who + sends a carefully crafted handshake message, to cause OpenSSL to fail + to free up to 64k of memory causing a memory leak. This could be + exploited in a Denial Of Service attack. This issue affects OpenSSL + 1.0.1 server implementations for both SSL/TLS and DTLS regardless of + whether SRTP is used or configured. Implementations of OpenSSL that + have been compiled with OPENSSL_NO_SRTP defined are not affected. + + The fix was developed by the OpenSSL team. + (CVE-2014-3513) + [OpenSSL team] + + *) Session Ticket Memory Leak. + + When an OpenSSL SSL/TLS/DTLS server receives a session ticket the + integrity of that ticket is first verified. In the event of a session + ticket integrity check failing, OpenSSL will fail to free memory + causing a memory leak. By sending a large number of invalid session + tickets an attacker could exploit this issue in a Denial Of Service + attack. + (CVE-2014-3567) + [Steve Henson] + + *) Build option no-ssl3 is incomplete. + + When OpenSSL is configured with "no-ssl3" as a build option, servers + could accept and complete a SSL 3.0 handshake, and clients could be + configured to send them. + (CVE-2014-3568) + [Akamai and the OpenSSL team] + + *) Add support for TLS_FALLBACK_SCSV. + Client applications doing fallback retries should call + SSL_set_mode(s, SSL_MODE_SEND_FALLBACK_SCSV). + (CVE-2014-3566) + [Adam Langley, Bodo Moeller] + + *) Add additional DigestInfo checks. + + Reencode DigestInto in DER and check against the original when + verifying RSA signature: this will reject any improperly encoded + DigestInfo structures. + + Note: this is a precautionary measure and no attacks are currently known. + + [Steve Henson] + + Changes between 1.0.1h and 1.0.1i [6 Aug 2014] + + *) Fix SRP buffer overrun vulnerability. Invalid parameters passed to the + SRP code can be overrun an internal buffer. Add sanity check that + g, A, B < N to SRP code. + + Thanks to Sean Devlin and Watson Ladd of Cryptography Services, NCC + Group for discovering this issue. + (CVE-2014-3512) + [Steve Henson] + + *) A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate + TLS 1.0 instead of higher protocol versions when the ClientHello message + is badly fragmented. This allows a man-in-the-middle attacker to force a + downgrade to TLS 1.0 even if both the server and the client support a + higher protocol version, by modifying the client's TLS records. + + Thanks to David Benjamin and Adam Langley (Google) for discovering and + researching this issue. + (CVE-2014-3511) + [David Benjamin] + + *) OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject + to a denial of service attack. A malicious server can crash the client + with a null pointer dereference (read) by specifying an anonymous (EC)DH + ciphersuite and sending carefully crafted handshake messages. + + Thanks to Felix Gr�bert (Google) for discovering and researching this + issue. + (CVE-2014-3510) + [Emilia K�sper] + + *) By sending carefully crafted DTLS packets an attacker could cause openssl + to leak memory. This can be exploited through a Denial of Service attack. + Thanks to Adam Langley for discovering and researching this issue. + (CVE-2014-3507) + [Adam Langley] + + *) An attacker can force openssl to consume large amounts of memory whilst + processing DTLS handshake messages. This can be exploited through a + Denial of Service attack. + Thanks to Adam Langley for discovering and researching this issue. + (CVE-2014-3506) + [Adam Langley] + + *) An attacker can force an error condition which causes openssl to crash + whilst processing DTLS packets due to memory being freed twice. This + can be exploited through a Denial of Service attack. + Thanks to Adam Langley and Wan-Teh Chang for discovering and researching + this issue. + (CVE-2014-3505) + [Adam Langley] + + *) If a multithreaded client connects to a malicious server using a resumed + session and the server sends an ec point format extension it could write + up to 255 bytes to freed memory. + + Thanks to Gabor Tyukasz (LogMeIn Inc) for discovering and researching this + issue. + (CVE-2014-3509) + [Gabor Tyukasz] + + *) A malicious server can crash an OpenSSL client with a null pointer + dereference (read) by specifying an SRP ciphersuite even though it was not + properly negotiated with the client. This can be exploited through a + Denial of Service attack. + + Thanks to Joonas Kuorilehto and Riku Hietam�ki (Codenomicon) for + discovering and researching this issue. + (CVE-2014-5139) + [Steve Henson] + + *) A flaw in OBJ_obj2txt may cause pretty printing functions such as + X509_name_oneline, X509_name_print_ex et al. to leak some information + from the stack. Applications may be affected if they echo pretty printing + output to the attacker. + + Thanks to Ivan Fratric (Google) for discovering this issue. + (CVE-2014-3508) + [Emilia K�sper, and Steve Henson] + + *) Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.) + for corner cases. (Certain input points at infinity could lead to + bogus results, with non-infinity inputs mapped to infinity too.) + [Bodo Moeller] Changes between 1.0.1g and 1.0.1h [5 Jun 2014] diff --git a/OpenSSL.Light/tools/chocolateyInstall.ps1 b/OpenSSL.Light/tools/chocolateyInstall.ps1 index c1a5636..599828b 100644 --- a/OpenSSL.Light/tools/chocolateyInstall.ps1 +++ b/OpenSSL.Light/tools/chocolateyInstall.ps1 @@ -11,8 +11,8 @@ try { #InnoSetup - http://unattended.sourceforge.net/InnoSetup_Switches_ExitCodes.html silentArgs = '/silent', '/verysilent', '/sp-', '/suppressmsgboxes', "/DIR=`"$installDir`""; - url = 'https://slproweb.com/download/Win32OpenSSL_Light-1_0_1i.exe' - url64bit = 'https://slproweb.com/download/Win64OpenSSL_Light-1_0_1i.exe' + url = 'https://slproweb.com/download/Win32OpenSSL_Light-1_0_1j.exe' + url64bit = 'https://slproweb.com/download/Win64OpenSSL_Light-1_0_1j.exe' } Install-ChocolateyPackage @params