LibreSSL 2.5.0/2.4.3/2.3.8 Released
28 September, 2016 by firstname.lastname@example.org | openbsd
LibreSSL portable versions 2.3.7 and 2.4.3 are now released, along with the newest development version 2.5.0, and will be available at a mirror near you. The following issues were fixed in all of the releases: * Avoid unbounded memory growth in libssl, which can be triggered by a TLS client repeatedly renegotiating and sending OCSP Status Request TLS extensions. (CVE-2016-6304) * Avoid falling back to a weak digest for (EC)DH when using SNI with libssl. * Issues related to recent CVE-2016-6306, "Certificate message OOB reads", were fixed in the first LibreSSL releases two years ago, which were reported to us by David Ramos of Stanford using the UC-KLEE tool developed there. * Other recently-announced issues including recent CVE-2016-6305, CVE-2016-6307, CVE-2016-6308, CVE-2016-6309 did not apply. LibreSSL 2.4.3 contains an additional fix: * Reverted change that cleans up the EVP cipher context in EVP_EncryptFinal() and EVP_DecryptFinal(). Some software relies on the previous behaviour. LibreSSL 2.5.0 also contains the following improvements and fixes: * libtls now supports ALPN and SNI * libtls adds a new callback interface for integrating custom IO functions. Thanks to Tobias Pape. * libtls now handles 4 cipher suite groups: "secure" (TLSv1.2+AEAD+PFS) "compat" (HIGH:!aNULL) "legacy" (HIGH:MEDIUM:!aNULL) "insecure" (ALL:!aNULL:!eNULL) This allows for flexibility and finer grained control, rather than having two extremes (an issue raised by Marko Kreen some time ago). * Tightened error handling for tls_config_set_ciphers(). * libtls now always loads CA, key and certificate files at the time the configuration function is called. This simplifies code and results in a single memory based code path being used to provide data to libssl. * Add support for OCSP intermediate certificates. * Added functions used by stunnel and exim from BoringSSL - this brings in X509_check_host, X509_check_email, X509_check_ip, and X509_check_ip_asc. * Added initial support for iOS, thanks to Jacob Berkman. * Improved behavior of arc4random on Windows when using memory leak analysis software. * Correctly handle an EOF that occurs prior to the TLS handshake completing. Reported by Vasily Kolobkov, based on a diff from Marko Kreen. * Limit the support of the "backward compatible" ssl2 handshake to only be used if TLS 1.0 is enabled. * Fix incorrect results in certain cases on 64-bit systems when BN_mod_word() can return incorrect results. BN_mod_word() now can return an error condition. Thanks to Brian Smith. * Added constant-time updates to address CVE-2016-0702 * Fixed undefined behavior in BN_GF2m_mod_arr() * Removed unused Cryptographic Message Support (CMS) * More conversions of long long idioms to time_t * Improved compatibility by avoiding printing NULL strings with printf.