| CHANGES (72613) | CHANGES (76866) |
|---|---|
| 1 2 OpenSSL CHANGES 3 _______________ 4 | 1 2 OpenSSL CHANGES 3 _______________ 4 |
| 5 Changes between 0.9.6 and 0.9.6a [xx XXX 2001] | 5 Changes between 0.9.6 and 0.9.6a [5 Apr 2001] |
| 6 | 6 |
| 7 *) Fix a couple of memory leaks in PKCS7_dataDecode() 8 [Steve Henson, reported by Heyun Zheng <hzheng@atdsprint.com>] 9 10 *) Change Configure and Makefiles to provide EXE_EXT, which will contain 11 the default extension for executables, if any. Also, make the perl 12 scripts that use symlink() to test if it really exists and use "cp" 13 if it doesn't. All this made OpenSSL compilable and installable in 14 CygWin. 15 [Richard Levitte] 16 17 *) Fix for asn1_GetSequence() for indefinite length constructed data. 18 If SEQUENCE is length is indefinite just set c->slen to the total 19 amount of data available. 20 [Steve Henson, reported by shige@FreeBSD.org] 21 [This change does not apply to 0.9.7.] 22 23 *) Change bctest to avoid here-documents inside command substitution 24 (workaround for FreeBSD /bin/sh bug). 25 For compatibility with Ultrix, avoid shell functions (introduced 26 in the bctest version that searches along $PATH). 27 [Bodo Moeller] 28 29 *) Rename 'des_encrypt' to 'des_encrypt1'. This avoids the clashes 30 with des_encrypt() defined on some operating systems, like Solaris 31 and UnixWare. 32 [Richard Levitte] 33 34 *) Check the result of RSA-CRT (see D. Boneh, R. DeMillo, R. Lipton: 35 On the Importance of Eliminating Errors in Cryptographic 36 Computations, J. Cryptology 14 (2001) 2, 101-119, 37 http://theory.stanford.edu/~dabo/papers/faults.ps.gz). 38 [Ulf Moeller] 39 40 *) MIPS assembler BIGNUM division bug fix. 41 [Andy Polyakov] 42 43 *) Disabled incorrect Alpha assembler code. 44 [Richard Levitte] 45 46 *) Fix PKCS#7 decode routines so they correctly update the length 47 after reading an EOC for the EXPLICIT tag. 48 [Steve Henson] 49 [This change does not apply to 0.9.7.] 50 51 *) Fix bug in PKCS#12 key generation routines. This was triggered 52 if a 3DES key was generated with a 0 initial byte. Include 53 PKCS12_BROKEN_KEYGEN compilation option to retain the old 54 (but broken) behaviour. 55 [Steve Henson] 56 57 *) Enhance bctest to search for a working bc along $PATH and print 58 it when found. 59 [Tim Rice <tim@multitalents.net> via Richard Levitte] 60 61 *) Fix memory leaks in err.c: free err_data string if necessary; 62 don't write to the wrong index in ERR_set_error_data. 63 [Bodo Moeller] 64 65 *) Implement ssl23_peek (analogous to ssl23_read), which previously 66 did not exist. 67 [Bodo Moeller] 68 69 *) Replace rdtsc with _emit statements for VC++ version 5. 70 [Jeremy Cooper <jeremy@baymoo.org>] 71 72 *) Make it possible to reuse SSLv2 sessions. 73 [Richard Levitte] 74 75 *) In copy_email() check for >= 0 as a return value for 76 X509_NAME_get_index_by_NID() since 0 is a valid index. 77 [Steve Henson reported by Massimiliano Pala <madwolf@opensca.org>] 78 79 *) Avoid coredump with unsupported or invalid public keys by checking if 80 X509_get_pubkey() fails in PKCS7_verify(). Fix memory leak when 81 PKCS7_verify() fails with non detached data. 82 [Steve Henson] 83 84 *) Don't use getenv in library functions when run as setuid/setgid. 85 New function OPENSSL_issetugid(). 86 [Ulf Moeller] 87 88 *) Avoid false positives in memory leak detection code (crypto/mem_dbg.c) 89 due to incorrect handling of multi-threading: 90 91 1. Fix timing glitch in the MemCheck_off() portion of CRYPTO_mem_ctrl(). 92 93 2. Fix logical glitch in is_MemCheck_on() aka CRYPTO_is_mem_check_on(). 94 95 3. Count how many times MemCheck_off() has been called so that 96 nested use can be treated correctly. This also avoids 97 inband-signalling in the previous code (which relied on the 98 assumption that thread ID 0 is impossible). 99 [Bodo Moeller] 100 101 *) Add "-rand" option also to s_client and s_server. 102 [Lutz Jaenicke] 103 104 *) Fix CPU detection on Irix 6.x. 105 [Kurt Hockenbury <khockenb@stevens-tech.edu> and 106 "Bruce W. Forsberg" <bruce.forsberg@baesystems.com>] 107 108 *) Fix X509_NAME bug which produced incorrect encoding if X509_NAME 109 was empty. 110 [Steve Henson] 111 [This change does not apply to 0.9.7.] 112 113 *) Use the cached encoding of an X509_NAME structure rather than 114 copying it. This is apparently the reason for the libsafe "errors" 115 but the code is actually correct. 116 [Steve Henson] 117 |
|
| 7 *) Add new function BN_rand_range(), and fix DSA_sign_setup() to prevent 8 Bleichenbacher's DSA attack. | 118 *) Add new function BN_rand_range(), and fix DSA_sign_setup() to prevent 119 Bleichenbacher's DSA attack. |
| 9 [Ulf Moeller] | 120 Extend BN_[pseudo_]rand: As before, top=1 forces the highest two bits 121 to be set and top=0 forces the highest bit to be set; top=-1 is new 122 and leaves the highest bit random. 123 [Ulf Moeller, Bodo Moeller] |
| 10 11 *) In the NCONF_...-based implementations for CONF_... queries 12 (crypto/conf/conf_lib.c), if the input LHASH is NULL, avoid using 13 a temporary CONF structure with the data component set to NULL 14 (which gives segmentation faults in lh_retrieve). 15 Instead, use NULL for the CONF pointer in CONF_get_string and 16 CONF_get_number (which may use environment variables) and directly 17 return NULL from CONF_get_section. --- 12 unchanged lines hidden (view full) --- 30 sure BIO's that break lines after each write do not create invalid 31 headers. 32 [Richard Levitte] 33 34 *) Make the CRL encoding routines work with empty SEQUENCE OF. The 35 macros previously used would not encode an empty SEQUENCE OF 36 and break the signature. 37 [Steve Henson] | 124 125 *) In the NCONF_...-based implementations for CONF_... queries 126 (crypto/conf/conf_lib.c), if the input LHASH is NULL, avoid using 127 a temporary CONF structure with the data component set to NULL 128 (which gives segmentation faults in lh_retrieve). 129 Instead, use NULL for the CONF pointer in CONF_get_string and 130 CONF_get_number (which may use environment variables) and directly 131 return NULL from CONF_get_section. --- 12 unchanged lines hidden (view full) --- 144 sure BIO's that break lines after each write do not create invalid 145 headers. 146 [Richard Levitte] 147 148 *) Make the CRL encoding routines work with empty SEQUENCE OF. The 149 macros previously used would not encode an empty SEQUENCE OF 150 and break the signature. 151 [Steve Henson] |
| 152 [This change does not apply to 0.9.7.] |
|
| 38 39 *) Zero the premaster secret after deriving the master secret in 40 DH ciphersuites. 41 [Steve Henson] 42 43 *) Add some EVP_add_digest_alias registrations (as found in 44 OpenSSL_add_all_digests()) to SSL_library_init() 45 aka OpenSSL_add_ssl_algorithms(). This provides improved --- 36 unchanged lines hidden (view full) --- 82 by CRYPTO_LOCK_RSA [see rsa_lib.c, s3_srvr.c, ssl_cert.c, ssl_rsa.c], 83 so they are meant to be shared between threads.) 84 [Bodo Moeller, Geoff Thorpe; original patch submitted by 85 "Reddie, Steven" <Steven.Reddie@ca.com>] 86 87 *) Fix a deadlock in CRYPTO_mem_leaks(). 88 [Bodo Moeller] 89 | 153 154 *) Zero the premaster secret after deriving the master secret in 155 DH ciphersuites. 156 [Steve Henson] 157 158 *) Add some EVP_add_digest_alias registrations (as found in 159 OpenSSL_add_all_digests()) to SSL_library_init() 160 aka OpenSSL_add_ssl_algorithms(). This provides improved --- 36 unchanged lines hidden (view full) --- 197 by CRYPTO_LOCK_RSA [see rsa_lib.c, s3_srvr.c, ssl_cert.c, ssl_rsa.c], 198 so they are meant to be shared between threads.) 199 [Bodo Moeller, Geoff Thorpe; original patch submitted by 200 "Reddie, Steven" <Steven.Reddie@ca.com>] 201 202 *) Fix a deadlock in CRYPTO_mem_leaks(). 203 [Bodo Moeller] 204 |
| 205 *) Use better test patterns in bntest. 206 [Ulf M�ller] 207 |
|
| 90 *) rand_win.c fix for Borland C. 91 [Ulf M�ller] 92 93 *) BN_rshift bugfix for n == 0. 94 [Bodo Moeller] 95 | 208 *) rand_win.c fix for Borland C. 209 [Ulf M�ller] 210 211 *) BN_rshift bugfix for n == 0. 212 [Bodo Moeller] 213 |
| 214 *) Add a 'bctest' script that checks for some known 'bc' bugs 215 so that 'make test' does not abort just because 'bc' is broken. 216 [Bodo Moeller] 217 |
|
| 96 *) Store verify_result within SSL_SESSION also for client side to 97 avoid potential security hole. (Re-used sessions on the client side 98 always resulted in verify_result==X509_V_OK, not using the original 99 result of the server certificate verification.) 100 [Lutz Jaenicke] 101 102 *) Fix ssl3_pending: If the record in s->s3->rrec is not of type 103 SSL3_RT_APPLICATION_DATA, return 0. --- 6 unchanged lines hidden (view full) --- 110 implementations of ssl2_read and ssl3_read to ssl2_read_internal 111 and ssl3_read_internal, respectively, and adding 'peek' parameters 112 to them. The new ssl[23]_{read,peek} functions are calls to 113 ssl[23]_read_internal with the 'peek' flag set appropriately. 114 A 'peek' parameter has also been added to ssl3_read_bytes, which 115 does the actual work for ssl3_read_internal. 116 [Bodo Moeller] 117 | 218 *) Store verify_result within SSL_SESSION also for client side to 219 avoid potential security hole. (Re-used sessions on the client side 220 always resulted in verify_result==X509_V_OK, not using the original 221 result of the server certificate verification.) 222 [Lutz Jaenicke] 223 224 *) Fix ssl3_pending: If the record in s->s3->rrec is not of type 225 SSL3_RT_APPLICATION_DATA, return 0. --- 6 unchanged lines hidden (view full) --- 232 implementations of ssl2_read and ssl3_read to ssl2_read_internal 233 and ssl3_read_internal, respectively, and adding 'peek' parameters 234 to them. The new ssl[23]_{read,peek} functions are calls to 235 ssl[23]_read_internal with the 'peek' flag set appropriately. 236 A 'peek' parameter has also been added to ssl3_read_bytes, which 237 does the actual work for ssl3_read_internal. 238 [Bodo Moeller] 239 |
| 240 *) Initialise "ex_data" member of RSA/DSA/DH structures prior to calling 241 the method-specific "init()" handler. Also clean up ex_data after 242 calling the method-specific "finish()" handler. Previously, this was 243 happening the other way round. 244 [Geoff Thorpe] 245 |
|
| 118 *) Increase BN_CTX_NUM (the number of BIGNUMs in a BN_CTX) to 16. 119 The previous value, 12, was not always sufficient for BN_mod_exp(). 120 [Bodo Moeller] 121 | 246 *) Increase BN_CTX_NUM (the number of BIGNUMs in a BN_CTX) to 16. 247 The previous value, 12, was not always sufficient for BN_mod_exp(). 248 [Bodo Moeller] 249 |
| 250 *) Make sure that shared libraries get the internal name engine with 251 the full version number and not just 0. This should mark the 252 shared libraries as not backward compatible. Of course, this should 253 be changed again when we can guarantee backward binary compatibility. 254 [Richard Levitte] 255 |
|
| 122 *) Fix typo in get_cert_by_subject() in by_dir.c 123 [Jean-Marc Desperrier <jean-marc.desperrier@certplus.com>] 124 | 256 *) Fix typo in get_cert_by_subject() in by_dir.c 257 [Jean-Marc Desperrier <jean-marc.desperrier@certplus.com>] 258 |
| 259 *) Rework the system to generate shared libraries: 260 261 - Make note of the expected extension for the shared libraries and 262 if there is a need for symbolic links from for example libcrypto.so.0 263 to libcrypto.so.0.9.7. There is extended info in Configure for 264 that. 265 266 - Make as few rebuilds of the shared libraries as possible. 267 268 - Still avoid linking the OpenSSL programs with the shared libraries. 269 270 - When installing, install the shared libraries separately from the 271 static ones. 272 [Richard Levitte] 273 |
|
| 125 *) Fix SSL_CTX_set_read_ahead macro to actually use its argument. 126 127 Copy SSL_CTX's read_ahead flag to SSL object directly in SSL_new 128 and not in SSL_clear because the latter is also used by the 129 accept/connect functions; previously, the settings made by 130 SSL_set_read_ahead would be lost during the handshake. 131 [Bodo Moeller; problems reported by Anders Gertz <gertz@epact.se>] 132 --- 3531 unchanged lines hidden --- | 274 *) Fix SSL_CTX_set_read_ahead macro to actually use its argument. 275 276 Copy SSL_CTX's read_ahead flag to SSL object directly in SSL_new 277 and not in SSL_clear because the latter is also used by the 278 accept/connect functions; previously, the settings made by 279 SSL_set_read_ahead would be lost during the handshake. 280 [Bodo Moeller; problems reported by Anders Gertz <gertz@epact.se>] 281 --- 3531 unchanged lines hidden --- |