1
2 OpenSSL CHANGES
3 _______________
4
| 1
2 OpenSSL CHANGES
3 _______________
4
|
| 5 Changes between 0.9.6d and 0.9.6e [30 Jul 2002]
6
7 *) Fix cipher selection routines: ciphers without encryption had no flags
8 for the cipher strength set and where therefore not handled correctly
9 by the selection routines (PR #130).
10 [Lutz Jaenicke]
11
12 *) Fix EVP_dsa_sha macro.
13 [Nils Larsch]
14
15 *) New option
16 SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
17 for disabling the SSL 3.0/TLS 1.0 CBC vulnerability countermeasure
18 that was added in OpenSSL 0.9.6d.
19
20 As the countermeasure turned out to be incompatible with some
21 broken SSL implementations, the new option is part of SSL_OP_ALL.
22 SSL_OP_ALL is usually employed when compatibility with weird SSL
23 implementations is desired (e.g. '-bugs' option to 's_client' and
24 's_server'), so the new option is automatically set in many
25 applications.
26 [Bodo Moeller]
27
28 *) Changes in security patch:
29
30 Changes marked "(CHATS)" were sponsored by the Defense Advanced
31 Research Projects Agency (DARPA) and Air Force Research Laboratory,
32 Air Force Materiel Command, USAF, under agreement number
33 F30602-01-2-0537.
34
35 *) Add various sanity checks to asn1_get_length() to reject
36 the ASN1 length bytes if they exceed sizeof(long), will appear
37 negative or the content length exceeds the length of the
38 supplied buffer.
39 [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
40
41 *) Assertions for various potential buffer overflows, not known to
42 happen in practice.
43 [Ben Laurie (CHATS)]
44
45 *) Various temporary buffers to hold ASCII versions of integers were
46 too small for 64 bit platforms. (CAN-2002-0655)
47 [Matthew Byng-Maddick <mbm@aldigital.co.uk> and Ben Laurie (CHATS)>
48
49 *) Remote buffer overflow in SSL3 protocol - an attacker could
50 supply an oversized session ID to a client. (CAN-2002-0656)
51 [Ben Laurie (CHATS)]
52
53 *) Remote buffer overflow in SSL2 protocol - an attacker could
54 supply an oversized client master key. (CAN-2002-0656)
55 [Ben Laurie (CHATS)]
56
|
5 Changes between 0.9.6c and 0.9.6d [9 May 2002]
6
7 *) Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not
8 encoded as NULL) with id-dsa-with-sha1.
9 [Nils Larsch <nla@trustcenter.de>; problem pointed out by Bodo Moeller]
10
11 *) Check various X509_...() return values in apps/req.c.
12 [Nils Larsch <nla@trustcenter.de>]
--- 4272 unchanged lines hidden --- | 57 Changes between 0.9.6c and 0.9.6d [9 May 2002]
58
59 *) Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not
60 encoded as NULL) with id-dsa-with-sha1.
61 [Nils Larsch <nla@trustcenter.de>; problem pointed out by Bodo Moeller]
62
63 *) Check various X509_...() return values in apps/req.c.
64 [Nils Larsch <nla@trustcenter.de>]
--- 4272 unchanged lines hidden --- |