mirror of
https://github.com/openssl/openssl.git
synced 2024-11-23 01:54:39 +08:00
Fix various typos, repeated words, align some spelling to LDP.
Partially revamped from #16712 - fall thru -> fall through - time stamp -> timestamp - host name -> hostname - ipv6 -> IPv6 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19059)
This commit is contained in:
parent
c734058309
commit
d7f3a2cc86
@ -1,5 +1,5 @@
|
||||
Acknowlegements
|
||||
===============
|
||||
Acknowledgements
|
||||
================
|
||||
|
||||
Please see our [Thanks!][] page for the current acknowledgements.
|
||||
|
||||
|
76
CHANGES.md
76
CHANGES.md
@ -338,7 +338,7 @@ breaking changes, and mappings for the large list of deprecated functions.
|
||||
*Matt Caswell*
|
||||
|
||||
* Fix a bug in the OPENSSL_LH_flush() function that breaks reuse of the memory
|
||||
occuppied by the removed hash table entries.
|
||||
occupied by the removed hash table entries.
|
||||
|
||||
This function is used when decoding certificates or keys. If a long lived
|
||||
process periodically decodes certificates or keys its memory usage will
|
||||
@ -535,7 +535,7 @@ breaking changes, and mappings for the large list of deprecated functions.
|
||||
|
||||
* The EVP_get_cipherbyname() function will return NULL for algorithms such as
|
||||
"AES-128-SIV", "AES-128-CBC-CTS" and "CAMELLIA-128-CBC-CTS" which were
|
||||
previously only accessible via low level interfaces. Use EVP_CIPHER_fetch()
|
||||
previously only accessible via low-level interfaces. Use EVP_CIPHER_fetch()
|
||||
instead to retrieve these algorithms from a provider.
|
||||
|
||||
*Shane Lontis*
|
||||
@ -882,7 +882,7 @@ breaking changes, and mappings for the large list of deprecated functions.
|
||||
|
||||
*David von Oheimb*
|
||||
|
||||
* All of the low level EC_KEY functions have been deprecated.
|
||||
* All of the low-level EC_KEY functions have been deprecated.
|
||||
|
||||
*Shane Lontis, Paul Dale, Richard Levitte, and Tomáš Mráz*
|
||||
|
||||
@ -1163,7 +1163,7 @@ breaking changes, and mappings for the large list of deprecated functions.
|
||||
|
||||
*David von Oheimb*
|
||||
|
||||
* All of the low level RSA functions have been deprecated.
|
||||
* All of the low-level RSA functions have been deprecated.
|
||||
|
||||
*Paul Dale*
|
||||
|
||||
@ -1188,11 +1188,11 @@ breaking changes, and mappings for the large list of deprecated functions.
|
||||
|
||||
*Paul Dale*
|
||||
|
||||
* All of the low level DH functions have been deprecated.
|
||||
* All of the low-level DH functions have been deprecated.
|
||||
|
||||
*Paul Dale and Matt Caswell*
|
||||
|
||||
* All of the low level DSA functions have been deprecated.
|
||||
* All of the low-level DSA functions have been deprecated.
|
||||
|
||||
*Paul Dale*
|
||||
|
||||
@ -1201,7 +1201,7 @@ breaking changes, and mappings for the large list of deprecated functions.
|
||||
|
||||
*Richard Levitte*
|
||||
|
||||
* Deprecated low level ECDH and ECDSA functions.
|
||||
* Deprecated low-level ECDH and ECDSA functions.
|
||||
|
||||
*Paul Dale*
|
||||
|
||||
@ -1220,7 +1220,7 @@ breaking changes, and mappings for the large list of deprecated functions.
|
||||
|
||||
*Paul Dale*
|
||||
|
||||
* All of the low level HMAC functions have been deprecated.
|
||||
* All of the low-level HMAC functions have been deprecated.
|
||||
|
||||
*Paul Dale and David von Oheimb*
|
||||
|
||||
@ -1236,7 +1236,7 @@ breaking changes, and mappings for the large list of deprecated functions.
|
||||
|
||||
*Rich Salz*
|
||||
|
||||
* All of the low level CMAC functions have been deprecated.
|
||||
* All of the low-level CMAC functions have been deprecated.
|
||||
|
||||
*Paul Dale*
|
||||
|
||||
@ -1255,7 +1255,7 @@ breaking changes, and mappings for the large list of deprecated functions.
|
||||
|
||||
*Richard Levitte*
|
||||
|
||||
* All of the low level cipher functions have been deprecated.
|
||||
* All of the low-level cipher functions have been deprecated.
|
||||
|
||||
*Matt Caswell and Paul Dale*
|
||||
|
||||
@ -1525,7 +1525,7 @@ breaking changes, and mappings for the large list of deprecated functions.
|
||||
used and the recipient will not notice the attack.
|
||||
As a work around for this potential attack the length of the decrypted
|
||||
key must be equal to the cipher default key length, in case the
|
||||
certifiate is not given and all recipientInfo are tried out.
|
||||
certificate is not given and all recipientInfo are tried out.
|
||||
The old behaviour can be re-enabled in the CMS code by setting the
|
||||
CMS_DEBUG_DECRYPT flag.
|
||||
|
||||
@ -1545,7 +1545,7 @@ breaking changes, and mappings for the large list of deprecated functions.
|
||||
when primes for RSA keys are computed.
|
||||
Since we previously always generated primes == 2 (mod 3) for RSA keys,
|
||||
the 2-prime and 3-prime RSA modules were easy to distinguish, since
|
||||
`N = p*q = 1 (mod 3)`, but `N = p*q*r = 2 (mod 3)`. Therefore fingerprinting
|
||||
`N = p*q = 1 (mod 3)`, but `N = p*q*r = 2 (mod 3)`. Therefore, fingerprinting
|
||||
2-prime vs. 3-prime RSA keys was possible by computing N mod 3.
|
||||
This avoids possible fingerprinting of newly generated RSA modules.
|
||||
|
||||
@ -1966,7 +1966,7 @@ OpenSSL 1.1.1
|
||||
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING
|
||||
structure which contains a buffer holding the string data and a field
|
||||
holding the buffer length. This contrasts with normal C strings which
|
||||
are repesented as a buffer for the string data which is terminated
|
||||
are represented as a buffer for the string data which is terminated
|
||||
with a NUL (0) byte.
|
||||
|
||||
Although not a strict requirement, ASN.1 strings that are parsed using
|
||||
@ -2054,7 +2054,7 @@ OpenSSL 1.1.1
|
||||
|
||||
* Fixed the X509_issuer_and_serial_hash() function. It attempts to
|
||||
create a unique hash value based on the issuer and serial number data
|
||||
contained within an X509 certificate. However it was failing to correctly
|
||||
contained within an X509 certificate. However, it was failing to correctly
|
||||
handle any errors that may occur while parsing the issuer field (which might
|
||||
occur if the issuer field is maliciously constructed). This may subsequently
|
||||
result in a NULL pointer deref and a crash leading to a potential denial of
|
||||
@ -2072,7 +2072,7 @@ OpenSSL 1.1.1
|
||||
|
||||
Fixed the EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate
|
||||
functions. Previously they could overflow the output length argument in some
|
||||
cases where the input length is close to the maximum permissable length for
|
||||
cases where the input length is close to the maximum permissible length for
|
||||
an integer on the platform. In such cases the return value from the function
|
||||
call would be 1 (indicating success), but the output length value would be
|
||||
negative. This could cause applications to behave incorrectly or crash.
|
||||
@ -2174,7 +2174,7 @@ OpenSSL 1.1.1
|
||||
when primes for RSA keys are computed.
|
||||
Since we previously always generated primes == 2 (mod 3) for RSA keys,
|
||||
the 2-prime and 3-prime RSA modules were easy to distinguish, since
|
||||
N = p*q = 1 (mod 3), but N = p*q*r = 2 (mod 3). Therefore fingerprinting
|
||||
N = p*q = 1 (mod 3), but N = p*q*r = 2 (mod 3). Therefore, fingerprinting
|
||||
2-prime vs. 3-prime RSA keys was possible by computing N mod 3.
|
||||
This avoids possible fingerprinting of newly generated RSA modules.
|
||||
|
||||
@ -2233,7 +2233,7 @@ OpenSSL 1.1.1
|
||||
* Fixed a fork protection issue. OpenSSL 1.1.1 introduced a rewritten random
|
||||
number generator (RNG). This was intended to include protection in the
|
||||
event of a fork() system call in order to ensure that the parent and child
|
||||
processes did not share the same RNG state. However this protection was not
|
||||
processes did not share the same RNG state. However, this protection was not
|
||||
being used in the default case.
|
||||
|
||||
A partial mitigation for this issue is that the output from a high
|
||||
@ -2275,7 +2275,7 @@ OpenSSL 1.1.1
|
||||
used and the recipient will not notice the attack.
|
||||
As a work around for this potential attack the length of the decrypted
|
||||
key must be equal to the cipher default key length, in case the
|
||||
certifiate is not given and all recipientInfo are tried out.
|
||||
certificate is not given and all recipientInfo are tried out.
|
||||
The old behaviour can be re-enabled in the CMS code by setting the
|
||||
CMS_DEBUG_DECRYPT flag.
|
||||
([CVE-2019-1563])
|
||||
@ -3045,7 +3045,7 @@ OpenSSL 1.1.0
|
||||
used and the recipient will not notice the attack.
|
||||
As a work around for this potential attack the length of the decrypted
|
||||
key must be equal to the cipher default key length, in case the
|
||||
certifiate is not given and all recipientInfo are tried out.
|
||||
certificate is not given and all recipientInfo are tried out.
|
||||
The old behaviour can be re-enabled in the CMS code by setting the
|
||||
CMS_DEBUG_DECRYPT flag.
|
||||
([CVE-2019-1563])
|
||||
@ -3280,7 +3280,7 @@ OpenSSL 1.1.0
|
||||
|
||||
OpenSSL 1.0.2 and below had the ability to disable renegotiation using the
|
||||
(undocumented) SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS flag. Due to the opacity
|
||||
changes this is no longer possible in 1.1.0. Therefore the new
|
||||
changes this is no longer possible in 1.1.0. Therefore, the new
|
||||
SSL_OP_NO_RENEGOTIATION option from 1.1.1-dev has been backported to
|
||||
1.1.0 to provide equivalent functionality.
|
||||
|
||||
@ -3371,7 +3371,7 @@ OpenSSL 1.1.0
|
||||
|
||||
During a renegotiation handshake if the Encrypt-Then-Mac extension is
|
||||
negotiated where it was not in the original handshake (or vice-versa) then
|
||||
this can cause OpenSSL to crash (dependant on ciphersuite). Both clients
|
||||
this can cause OpenSSL to crash (dependent on ciphersuite). Both clients
|
||||
and servers are affected.
|
||||
|
||||
This issue was reported to OpenSSL by Joe Orton (Red Hat).
|
||||
@ -3543,7 +3543,7 @@ OpenSSL 1.1.0
|
||||
place, and this would cause the connection to immediately fail. Assuming
|
||||
that the application calls SSL_free() on the failed connection in a timely
|
||||
manner then the 21Mb of allocated memory will then be immediately freed
|
||||
again. Therefore the excessive memory allocation will be transitory in
|
||||
again. Therefore, the excessive memory allocation will be transitory in
|
||||
nature. This then means that there is only a security impact if:
|
||||
|
||||
1) The application does not call SSL_free() in a timely manner in the event
|
||||
@ -4310,7 +4310,7 @@ OpenSSL 1.1.0
|
||||
* Given the pervasive nature of TLS extensions it is inadvisable to run
|
||||
OpenSSL without support for them. It also means that maintaining
|
||||
the OPENSSL_NO_TLSEXT option within the code is very invasive (and probably
|
||||
not well tested). Therefore the OPENSSL_NO_TLSEXT option has been removed.
|
||||
not well tested). Therefore, the OPENSSL_NO_TLSEXT option has been removed.
|
||||
|
||||
*Matt Caswell*
|
||||
|
||||
@ -4388,7 +4388,7 @@ OpenSSL 1.1.0
|
||||
|
||||
*Matt Caswell*
|
||||
|
||||
* SSLv2 support has been removed. It still supports receiving a SSLv2
|
||||
* SSLv2 support has been removed. It still supports receiving an SSLv2
|
||||
compatible client hello.
|
||||
|
||||
*Kurt Roeckx*
|
||||
@ -4842,7 +4842,7 @@ OpenSSL 1.0.2
|
||||
used and the recipient will not notice the attack.
|
||||
As a work around for this potential attack the length of the decrypted
|
||||
key must be equal to the cipher default key length, in case the
|
||||
certifiate is not given and all recipientInfo are tried out.
|
||||
certificate is not given and all recipientInfo are tried out.
|
||||
The old behaviour can be re-enabled in the CMS code by setting the
|
||||
CMS_DEBUG_DECRYPT flag.
|
||||
([CVE-2019-1563])
|
||||
@ -5318,8 +5318,8 @@ OpenSSL 1.0.2
|
||||
has been completed. An attacker could force up to approx. 15 messages to
|
||||
remain in the buffer when they are no longer required. These messages will
|
||||
be cleared when the DTLS connection is closed. The default maximum size for
|
||||
a message is 100k. Therefore the attacker could force an additional 1500k
|
||||
to be consumed per connection. By opening many simulataneous connections an
|
||||
a message is 100k. Therefore, the attacker could force an additional 1500k
|
||||
to be consumed per connection. By opening many simultaneous connections an
|
||||
attacker could cause a DoS attack through memory exhaustion.
|
||||
|
||||
This issue was reported to OpenSSL by Quan Luo.
|
||||
@ -6483,7 +6483,7 @@ OpenSSL 1.0.1
|
||||
message).
|
||||
|
||||
The rules of C pointer arithmetic are such that "p + len" is only well
|
||||
defined where len <= SIZE. Therefore the above idiom is actually
|
||||
defined where len <= SIZE. Therefore, the above idiom is actually
|
||||
undefined behaviour.
|
||||
|
||||
For example this could cause problems if some malloc implementation
|
||||
@ -6519,8 +6519,8 @@ OpenSSL 1.0.1
|
||||
has been completed. An attacker could force up to approx. 15 messages to
|
||||
remain in the buffer when they are no longer required. These messages will
|
||||
be cleared when the DTLS connection is closed. The default maximum size for
|
||||
a message is 100k. Therefore the attacker could force an additional 1500k
|
||||
to be consumed per connection. By opening many simulataneous connections an
|
||||
a message is 100k. Therefore, the attacker could force an additional 1500k
|
||||
to be consumed per connection. By opening many simultaneous connections an
|
||||
attacker could cause a DoS attack through memory exhaustion.
|
||||
|
||||
This issue was reported to OpenSSL by Quan Luo.
|
||||
@ -6586,7 +6586,7 @@ OpenSSL 1.0.1
|
||||
amounts of input data then a length check can overflow resulting in a heap
|
||||
corruption.
|
||||
|
||||
Internally to OpenSSL the EVP_EncodeUpdate() function is primarly used by
|
||||
Internally to OpenSSL the EVP_EncodeUpdate() function is primarily used by
|
||||
the `PEM_write_bio*` family of functions. These are mainly used within the
|
||||
OpenSSL command line applications, so any application which processes data
|
||||
from an untrusted source and outputs it as a PEM file should be considered
|
||||
@ -7252,7 +7252,7 @@ OpenSSL 1.0.1
|
||||
* Build option no-ssl3 is incomplete.
|
||||
|
||||
When OpenSSL is configured with "no-ssl3" as a build option, servers
|
||||
could accept and complete a SSL 3.0 handshake, and clients could be
|
||||
could accept and complete an SSL 3.0 handshake, and clients could be
|
||||
configured to send them.
|
||||
([CVE-2014-3568])
|
||||
|
||||
@ -8269,7 +8269,7 @@ OpenSSL 1.0.0
|
||||
* Build option no-ssl3 is incomplete.
|
||||
|
||||
When OpenSSL is configured with "no-ssl3" as a build option, servers
|
||||
could accept and complete a SSL 3.0 handshake, and clients could be
|
||||
could accept and complete an SSL 3.0 handshake, and clients could be
|
||||
configured to send them.
|
||||
([CVE-2014-3568])
|
||||
|
||||
@ -9518,7 +9518,7 @@ OpenSSL 1.0.1.]
|
||||
|
||||
* Add initial support for TLS extensions, specifically for the server_name
|
||||
extension so far. The SSL_SESSION, SSL_CTX, and SSL data structures now
|
||||
have new members for a host name. The SSL data structure has an
|
||||
have new members for a hostname. The SSL data structure has an
|
||||
additional member `SSL_CTX *initial_ctx` so that new sessions can be
|
||||
stored in that context to allow for session resumption, even after the
|
||||
SSL has been switched to a new SSL_CTX in reaction to a client's
|
||||
@ -9542,7 +9542,7 @@ OpenSSL 1.0.1.]
|
||||
|
||||
openssl s_server has new options '-servername_host ...', '-cert2 ...',
|
||||
'-key2 ...', '-servername_fatal' (subject to change). This allows
|
||||
testing the HostName extension for a specific single host name ('-cert'
|
||||
testing the HostName extension for a specific single hostname ('-cert'
|
||||
and '-key' remain fallbacks for handshakes without HostName
|
||||
negotiation). If the unrecognized_name alert has to be sent, this by
|
||||
default is a warning; it becomes fatal with the '-servername_fatal'
|
||||
@ -10045,7 +10045,7 @@ OpenSSL 0.9.x
|
||||
|
||||
The OpenSSL project does not recommend any specific CA and does not
|
||||
have any policy with respect to including or excluding any CA.
|
||||
Therefore it does not make any sense to ship an arbitrary selection
|
||||
Therefore, it does not make any sense to ship an arbitrary selection
|
||||
of root CA certificates with the OpenSSL software.
|
||||
|
||||
*Lutz Jaenicke*
|
||||
@ -10225,7 +10225,7 @@ OpenSSL 0.9.x
|
||||
|
||||
* Add initial support for TLS extensions, specifically for the server_name
|
||||
extension so far. The SSL_SESSION, SSL_CTX, and SSL data structures now
|
||||
have new members for a host name. The SSL data structure has an
|
||||
have new members for a hostname. The SSL data structure has an
|
||||
additional member `SSL_CTX *initial_ctx` so that new sessions can be
|
||||
stored in that context to allow for session resumption, even after the
|
||||
SSL has been switched to a new SSL_CTX in reaction to a client's
|
||||
@ -10249,7 +10249,7 @@ OpenSSL 0.9.x
|
||||
|
||||
openssl s_server has new options '-servername_host ...', '-cert2 ...',
|
||||
'-key2 ...', '-servername_fatal' (subject to change). This allows
|
||||
testing the HostName extension for a specific single host name ('-cert'
|
||||
testing the HostName extension for a specific single hostname ('-cert'
|
||||
and '-key' remain fallbacks for handshakes without HostName
|
||||
negotiation). If the unrecognized_name alert has to be sent, this by
|
||||
default is a warning; it becomes fatal with the '-servername_fatal'
|
||||
|
4
NEWS.md
4
NEWS.md
@ -64,7 +64,7 @@ OpenSSL 3.0
|
||||
* Enhanced 'openssl list' with many new options.
|
||||
* Added migration guide to man7.
|
||||
* Implemented support for fully "pluggable" TLSv1.3 groups.
|
||||
* Added suport for Kernel TLS (KTLS).
|
||||
* Added support for Kernel TLS (KTLS).
|
||||
* Changed the license to the Apache License v2.0.
|
||||
* Moved all variations of the EVP ciphers CAST5, BF, IDEA, SEED, RC2,
|
||||
RC4, RC5, and DES to the legacy provider.
|
||||
@ -107,7 +107,7 @@ OpenSSL 3.0
|
||||
* Deprecated ERR_put_error(), ERR_get_error_line(), ERR_get_error_line_data(),
|
||||
ERR_peek_error_line_data(), ERR_peek_last_error_line_data() and
|
||||
ERR_func_error_string().
|
||||
* Added OSSL_PROVIDER_available(), to check provider availibility.
|
||||
* Added OSSL_PROVIDER_available(), to check provider availability.
|
||||
* Added 'openssl mac' that uses the EVP_MAC API.
|
||||
* Added 'openssl kdf' that uses the EVP_KDF API.
|
||||
* Add OPENSSL_info() and 'openssl info' to get built-in data.
|
||||
|
@ -117,7 +117,7 @@ descriptions below, `Text::Template` will serve as an example.
|
||||
|
||||
$ cpan -f -i Text::Template
|
||||
|
||||
Note: on VMS, you must quote any argument that contains upper case
|
||||
Note: on VMS, you must quote any argument that contains uppercase
|
||||
characters, so the lines above would be:
|
||||
|
||||
$ cpan -i "Text::Template"
|
||||
|
@ -89,7 +89,7 @@ die "--type argument must be equal to 'lib' or 'dso'"
|
||||
# 0x0000000000000001 (NEEDED) Shared library: [libcrypto-opt.so.1.1]
|
||||
# 0x000000000000000e (SONAME) Library soname: [libssl-opt.so.1.1]
|
||||
#
|
||||
# We case-fold the variant tag to upper case and replace all non-alnum
|
||||
# We case-fold the variant tag to uppercase and replace all non-alnum
|
||||
# characters with "_". This yields the following symbol versions:
|
||||
#
|
||||
# $ nm libcrypto.so | grep -w A
|
||||
|
@ -248,7 +248,7 @@ if ( ! $reindex && $statefile ) {
|
||||
|
||||
# Scan each C source file and look for reason codes. This is done by
|
||||
# looking for strings that "look like" reason codes: basically anything
|
||||
# consisting of all upper case and numerics which _R_ in it and which has
|
||||
# consisting of all uppercase and numerics which _R_ in it and which has
|
||||
# the name of an error library at the start. Should there be anything else,
|
||||
# such as a type name, we add exceptions here.
|
||||
# If a code doesn't exist in list compiled from headers then mark it
|
||||
|
Loading…
Reference in New Issue
Block a user