1 2 OpenSSL CHANGES 3 _______________ 4
| 1 2 OpenSSL CHANGES 3 _______________ 4
|
| 5 Changes between 0.9.6d and 0.9.6e [30 Jul 2002] 6 7 *) Fix cipher selection routines: ciphers without encryption had no flags 8 for the cipher strength set and where therefore not handled correctly 9 by the selection routines (PR #130). 10 [Lutz Jaenicke] 11 12 *) Fix EVP_dsa_sha macro. 13 [Nils Larsch] 14 15 *) New option 16 SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 17 for disabling the SSL 3.0/TLS 1.0 CBC vulnerability countermeasure 18 that was added in OpenSSL 0.9.6d. 19 20 As the countermeasure turned out to be incompatible with some 21 broken SSL implementations, the new option is part of SSL_OP_ALL. 22 SSL_OP_ALL is usually employed when compatibility with weird SSL 23 implementations is desired (e.g. '-bugs' option to 's_client' and 24 's_server'), so the new option is automatically set in many 25 applications. 26 [Bodo Moeller] 27 28 *) Changes in security patch: 29 30 Changes marked "(CHATS)" were sponsored by the Defense Advanced 31 Research Projects Agency (DARPA) and Air Force Research Laboratory, 32 Air Force Materiel Command, USAF, under agreement number 33 F30602-01-2-0537. 34 35 *) Add various sanity checks to asn1_get_length() to reject 36 the ASN1 length bytes if they exceed sizeof(long), will appear 37 negative or the content length exceeds the length of the 38 supplied buffer. 39 [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>] 40 41 *) Assertions for various potential buffer overflows, not known to 42 happen in practice. 43 [Ben Laurie (CHATS)] 44 45 *) Various temporary buffers to hold ASCII versions of integers were 46 too small for 64 bit platforms. (CAN-2002-0655) 47 [Matthew Byng-Maddick <mbm@aldigital.co.uk> and Ben Laurie (CHATS)> 48 49 *) Remote buffer overflow in SSL3 protocol - an attacker could 50 supply an oversized session ID to a client. (CAN-2002-0656) 51 [Ben Laurie (CHATS)] 52 53 *) Remote buffer overflow in SSL2 protocol - an attacker could 54 supply an oversized client master key. (CAN-2002-0656) 55 [Ben Laurie (CHATS)] 56
|
5 Changes between 0.9.6c and 0.9.6d [9 May 2002] 6 7 *) Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not 8 encoded as NULL) with id-dsa-with-sha1. 9 [Nils Larsch <nla@trustcenter.de>; problem pointed out by Bodo Moeller] 10 11 *) Check various X509_...() return values in apps/req.c. 12 [Nils Larsch <nla@trustcenter.de>]
--- 4272 unchanged lines hidden --- | 57 Changes between 0.9.6c and 0.9.6d [9 May 2002] 58 59 *) Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not 60 encoded as NULL) with id-dsa-with-sha1. 61 [Nils Larsch <nla@trustcenter.de>; problem pointed out by Bodo Moeller] 62 63 *) Check various X509_...() return values in apps/req.c. 64 [Nils Larsch <nla@trustcenter.de>]
--- 4272 unchanged lines hidden --- |