| 5 Changes between 0.9.6 and 0.9.6a [xx XXX 2001]
6
7 *) Add new function BN_rand_range(), and fix DSA_sign_setup() to prevent
8 Bleichenbacher's DSA attack.
9 [Ulf Moeller]
10
11 *) In the NCONF_...-based implementations for CONF_... queries
12 (crypto/conf/conf_lib.c), if the input LHASH is NULL, avoid using
13 a temporary CONF structure with the data component set to NULL
14 (which gives segmentation faults in lh_retrieve).
15 Instead, use NULL for the CONF pointer in CONF_get_string and
16 CONF_get_number (which may use environment variables) and directly
17 return NULL from CONF_get_section.
18 [Bodo Moeller]
19
20 *) Fix potential buffer overrun for EBCDIC.
21 [Ulf Moeller]
22
23 *) Tolerate nonRepudiation as being valid for S/MIME signing and certSign
24 keyUsage if basicConstraints absent for a CA.
25 [Steve Henson]
26
27 *) Make SMIME_write_PKCS7() write mail header values with a format that
28 is more generally accepted (no spaces before the semicolon), since
29 some programs can't parse those values properly otherwise. Also make
30 sure BIO's that break lines after each write do not create invalid
31 headers.
32 [Richard Levitte]
33
34 *) Make the CRL encoding routines work with empty SEQUENCE OF. The
35 macros previously used would not encode an empty SEQUENCE OF
36 and break the signature.
37 [Steve Henson]
38
39 *) Zero the premaster secret after deriving the master secret in
40 DH ciphersuites.
41 [Steve Henson]
42
43 *) Add some EVP_add_digest_alias registrations (as found in
44 OpenSSL_add_all_digests()) to SSL_library_init()
45 aka OpenSSL_add_ssl_algorithms(). This provides improved
46 compatibility with peers using X.509 certificates
47 with unconventional AlgorithmIdentifier OIDs.
48 [Bodo Moeller]
49
50 *) Fix for Irix with NO_ASM.
51 ["Bruce W. Forsberg" <bruce.forsberg@baesystems.com>]
52
53 *) ./config script fixes.
54 [Ulf Moeller, Richard Levitte]
55
56 *) Fix 'openssl passwd -1'.
57 [Bodo Moeller]
58
59 *) Change PKCS12_key_gen_asc() so it can cope with non null
60 terminated strings whose length is passed in the passlen
61 parameter, for example from PEM callbacks. This was done
62 by adding an extra length parameter to asc2uni().
63 [Steve Henson, reported by <oddissey@samsung.co.kr>]
64
65 *) Fix C code generated by 'openssl dsaparam -C': If a BN_bin2bn
66 call failed, free the DSA structure.
67 [Bodo Moeller]
68
69 *) Fix to uni2asc() to cope with zero length Unicode strings.
70 These are present in some PKCS#12 files.
71 [Steve Henson]
72
73 *) Increase s2->wbuf allocation by one byte in ssl2_new (ssl/s2_lib.c).
74 Otherwise do_ssl_write (ssl/s2_pkt.c) will write beyond buffer limits
75 when writing a 32767 byte record.
76 [Bodo Moeller; problem reported by Eric Day <eday@concentric.net>]
77
78 *) In RSA_eay_public_{en,ed}crypt and RSA_eay_mod_exp (rsa_eay.c),
79 obtain lock CRYPTO_LOCK_RSA before setting rsa->_method_mod_{n,p,q}.
80
81 (RSA objects have a reference count access to which is protected
82 by CRYPTO_LOCK_RSA [see rsa_lib.c, s3_srvr.c, ssl_cert.c, ssl_rsa.c],
83 so they are meant to be shared between threads.)
84 [Bodo Moeller, Geoff Thorpe; original patch submitted by
85 "Reddie, Steven" <Steven.Reddie@ca.com>]
86
87 *) Fix a deadlock in CRYPTO_mem_leaks().
88 [Bodo Moeller]
89
90 *) rand_win.c fix for Borland C.
91 [Ulf M�ller]
92
93 *) BN_rshift bugfix for n == 0.
94 [Bodo Moeller]
95
96 *) Store verify_result within SSL_SESSION also for client side to
97 avoid potential security hole. (Re-used sessions on the client side
98 always resulted in verify_result==X509_V_OK, not using the original
99 result of the server certificate verification.)
100 [Lutz Jaenicke]
101
102 *) Fix ssl3_pending: If the record in s->s3->rrec is not of type
103 SSL3_RT_APPLICATION_DATA, return 0.
104 Similarly, change ssl2_pending to return 0 if SSL_in_init(s) is true.
105 [Bodo Moeller]
106
107 *) Fix SSL_peek:
108 Both ssl2_peek and ssl3_peek, which were totally broken in earlier
109 releases, have been re-implemented by renaming the previous
110 implementations of ssl2_read and ssl3_read to ssl2_read_internal
111 and ssl3_read_internal, respectively, and adding 'peek' parameters
112 to them. The new ssl[23]_{read,peek} functions are calls to
113 ssl[23]_read_internal with the 'peek' flag set appropriately.
114 A 'peek' parameter has also been added to ssl3_read_bytes, which
115 does the actual work for ssl3_read_internal.
116 [Bodo Moeller]
117
118 *) Increase BN_CTX_NUM (the number of BIGNUMs in a BN_CTX) to 16.
119 The previous value, 12, was not always sufficient for BN_mod_exp().
120 [Bodo Moeller]
121
122 *) Fix typo in get_cert_by_subject() in by_dir.c
123 [Jean-Marc Desperrier <jean-marc.desperrier@certplus.com>]
124
125 *) Fix SSL_CTX_set_read_ahead macro to actually use its argument.
126
127 Copy SSL_CTX's read_ahead flag to SSL object directly in SSL_new
128 and not in SSL_clear because the latter is also used by the
129 accept/connect functions; previously, the settings made by
130 SSL_set_read_ahead would be lost during the handshake.
131 [Bodo Moeller; problems reported by Anders Gertz <gertz@epact.se>]
132
133 *) Correct util/mkdef.pl to be selective about disabled algorithms.
134 Previously, it would create entries for disableed algorithms no
135 matter what.
136 [Richard Levitte]
137
138 *) Added several new manual pages for SSL_* function.
139 [Lutz Jaenicke]
140
|
5 Changes between 0.9.5a and 0.9.6 [24 Sep 2000]
6
7 *) In ssl23_get_client_hello, generate an error message when faced
8 with an initial SSL 3.0/TLS record that is too small to contain the
9 first two bytes of the ClientHello message, i.e. client_version.
10 (Note that this is a pathologic case that probably has never happened
11 in real life.) The previous approach was to use the version number
12 from the record header as a substitute; but our protocol choice
--- 3515 unchanged lines hidden --- | 141 Changes between 0.9.5a and 0.9.6 [24 Sep 2000]
142
143 *) In ssl23_get_client_hello, generate an error message when faced
144 with an initial SSL 3.0/TLS record that is too small to contain the
145 first two bytes of the ClientHello message, i.e. client_version.
146 (Note that this is a pathologic case that probably has never happened
147 in real life.) The previous approach was to use the version number
148 from the record header as a substitute; but our protocol choice
--- 3515 unchanged lines hidden --- |