BSDSec

deadsimple BSD Security Advisories and Announcements

LibreSSL 2.1.4 released

We have released LibreSSL 2.1.4, which will be arriving in the LibreSSL
directory of your local OpenBSD mirror soon.

This release adds a number of new security features, makes building
privilege-separated programs simpler, and improves the libtls API.

This release also includes a binary package for convenience integrating
LibreSSL on Windows platforms, and the latest source tarball is signed
with GPG and signify for easier integration into existing build systems.

Feedback is welcome. Bugs, patches, and features requests can be
reported to tech@openbsd.org or at
https://github.com/libressl-portable/portable/issues

As the OpenBSD 5.7 development effort comes to a close, so does the
LibreSSL 2.1.x branch. The next release will begin the 2.2.x development
branch.

User-visible features:

  * Improvements to libtls:
    - a new API for loading CA chains directly from memory instead of a
      file, allowing verification with privilege separation in a chroot
      without direct access to CA certificate files.

    - Ciphers default to TLSv1.2 with AEAD and PFS.

    - Improved error handling and message generation

    - New APIs and improved documentation

  * Added X509_STORE_load_mem API for loading certificates from memory.
    This facilitates accessing certificates from a chrooted environment.

  * New AEAD "MAC alias" allows configuring TLSv1.2 AEAD ciphers by
    using 'TLSv1.2+AEAD' as the cipher selection string.

  * New openssl(1) command 'certhash' replaces the c_rehash script.

  * Server-side support for TLS_FALLBACK_SCSV for compatibility with
    various auditor and vulnerability scanners.

Code improvements:

  * Dead and disabled code removal including MD5, Netscape workarounds,
    non-POSIX IO, SCTP, RFC 3779 support, "#if 0" sections, and more.

  * The ASN1 macros are expanded to aid readability and maintainability.

  * Various NULL pointer asserts removed in favor of letting the OS/signal
    handler catch them.

  * Refactored argument handling in openssl(1) for consistency and
    maintainability.

  * Support for building with OPENSSL_NO_DEPRECATED

  * Dozens of issues found with the Coverity scanner fixed.

Security updates:

    - Fix a minor information leak that was introduced in t1_lib.c
      r1.71, whereby an additional 28 bytes of .rodata (or .data) is
      provided to the network. In most cases this is a non-issue since
      the memory content is already public. Issue found and reported by
      Felix Groebert of the Google Security Team.

    - Fixes for the following low-severity issues were integrated into
      LibreSSL from OpenSSL 1.0.1k:

       CVE-2015-0205 - DH client certificates accepted without
                       verification
       CVE-2014-3570 - Bignum squaring may produce incorrect results
       CVE-2014-8275 - Certificate fingerprints can be modified
       CVE-2014-3572 - ECDHE silently downgrades to ECDH [Client]
       Reported by Karthikeyan Bhargavan of the PROSECCO team at INRIA.

      The following CVEs were fixed in earlier LibreSSL releases:
       CVE-2015-0206 - Memory leak handling repeated DLTS records
       CVE-2014-3510 - Flaw handling DTLS anonymous EC(DH) ciphersuites.

      The following CVEs did not apply to LibreSSL:
       CVE-2014-3571 - DTLS segmentation fault in dtls1_get_record
       CVE-2014-3569 - no-ssl3 configuration sets method to NULL
       CVE-2015-0204 - RSA silently downgrades to EXPORT_RSA

The LibreSSL project continues improvement of the codebase to reflect
modern, safe programming practices. We welcome feedback and improvements
from the broader community. Thanks to all of the contributors who helped
make this release possible.