| 5 Changes between 0.9.6c and 0.9.6d [9 May 2002]
6
7 *) Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not
8 encoded as NULL) with id-dsa-with-sha1.
9 [Nils Larsch <nla@trustcenter.de>; problem pointed out by Bodo Moeller]
10
11 *) Check various X509_...() return values in apps/req.c.
12 [Nils Larsch <nla@trustcenter.de>]
13
14 *) Fix BASE64 decode (EVP_DecodeUpdate) for data with CR/LF ended lines:
15 an end-of-file condition would erronously be flagged, when the CRLF
16 was just at the end of a processed block. The bug was discovered when
17 processing data through a buffering memory BIO handing the data to a
18 BASE64-decoding BIO. Bug fund and patch submitted by Pavel Tsekov
19 <ptsekov@syntrex.com> and Nedelcho Stanev.
20 [Lutz Jaenicke]
21
22 *) Implement a countermeasure against a vulnerability recently found
23 in CBC ciphersuites in SSL 3.0/TLS 1.0: Send an empty fragment
24 before application data chunks to avoid the use of known IVs
25 with data potentially chosen by the attacker.
26 [Bodo Moeller]
27
28 *) Fix length checks in ssl3_get_client_hello().
29 [Bodo Moeller]
30
31 *) TLS/SSL library bugfix: use s->s3->in_read_app_data differently
32 to prevent ssl3_read_internal() from incorrectly assuming that
33 ssl3_read_bytes() found application data while handshake
34 processing was enabled when in fact s->s3->in_read_app_data was
35 merely automatically cleared during the initial handshake.
36 [Bodo Moeller; problem pointed out by Arne Ansper <arne@ats.cyber.ee>]
37
38 *) Fix object definitions for Private and Enterprise: they were not
39 recognized in their shortname (=lowercase) representation. Extend
40 obj_dat.pl to issue an error when using undefined keywords instead
41 of silently ignoring the problem (Svenning Sorensen
42 <sss@sss.dnsalias.net>).
43 [Lutz Jaenicke]
44
45 *) Fix DH_generate_parameters() so that it works for 'non-standard'
46 generators, i.e. generators other than 2 and 5. (Previously, the
47 code did not properly initialise the 'add' and 'rem' values to
48 BN_generate_prime().)
49
50 In the new general case, we do not insist that 'generator' is
51 actually a primitive root: This requirement is rather pointless;
52 a generator of the order-q subgroup is just as good, if not
53 better.
54 [Bodo Moeller]
55
56 *) Map new X509 verification errors to alerts. Discovered and submitted by
57 Tom Wu <tom@arcot.com>.
58 [Lutz Jaenicke]
59
60 *) Fix ssl3_pending() (ssl/s3_lib.c) to prevent SSL_pending() from
61 returning non-zero before the data has been completely received
62 when using non-blocking I/O.
63 [Bodo Moeller; problem pointed out by John Hughes]
64
65 *) Some of the ciphers missed the strength entry (SSL_LOW etc).
66 [Ben Laurie, Lutz Jaenicke]
67
68 *) Fix bug in SSL_clear(): bad sessions were not removed (found by
69 Yoram Zahavi <YoramZ@gilian.com>).
70 [Lutz Jaenicke]
71
72 *) Add information about CygWin 1.3 and on, and preserve proper
73 configuration for the versions before that.
74 [Corinna Vinschen <vinschen@redhat.com> and Richard Levitte]
75
76 *) Make removal from session cache (SSL_CTX_remove_session()) more robust:
77 check whether we deal with a copy of a session and do not delete from
78 the cache in this case. Problem reported by "Izhar Shoshani Levi"
79 <izhar@checkpoint.com>.
80 [Lutz Jaenicke]
81
82 *) Do not store session data into the internal session cache, if it
83 is never intended to be looked up (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
84 flag is set). Proposed by Aslam <aslam@funk.com>.
85 [Lutz Jaenicke]
86
87 *) Have ASN1_BIT_STRING_set_bit() really clear a bit when the requested
88 value is 0.
89 [Richard Levitte]
90
91 *) [In 0.9.6c-engine release:]
92 Fix a crashbug and a logic bug in hwcrhk_load_pubkey()
93 [Toomas Kiisk <vix@cyber.ee> via Richard Levitte]
94
95 *) Add the configuration target linux-s390x.
96 [Neale Ferguson <Neale.Ferguson@SoftwareAG-USA.com> via Richard Levitte]
97
98 *) The earlier bugfix for the SSL3_ST_SW_HELLO_REQ_C case of
99 ssl3_accept (ssl/s3_srvr.c) incorrectly used a local flag
100 variable as an indication that a ClientHello message has been
101 received. As the flag value will be lost between multiple
102 invocations of ssl3_accept when using non-blocking I/O, the
103 function may not be aware that a handshake has actually taken
104 place, thus preventing a new session from being added to the
105 session cache.
106
107 To avoid this problem, we now set s->new_session to 2 instead of
108 using a local variable.
109 [Lutz Jaenicke, Bodo Moeller]
110
111 *) Bugfix: Return -1 from ssl3_get_server_done (ssl3/s3_clnt.c)
112 if the SSL_R_LENGTH_MISMATCH error is detected.
113 [Geoff Thorpe, Bodo Moeller]
114
115 *) New 'shared_ldflag' column in Configure platform table.
116 [Richard Levitte]
117
118 *) Fix EVP_CIPHER_mode macro.
119 ["Dan S. Camper" <dan@bti.net>]
120
121 *) Fix ssl3_read_bytes (ssl/s3_pkt.c): To ignore messages of unknown
122 type, we must throw them away by setting rr->length to 0.
123 [D P Chang <dpc@qualys.com>]
124
|
5 Changes between 0.9.6b and 0.9.6c [21 dec 2001]
6
7 *) Fix BN_rand_range bug pointed out by Dominikus Scherkl
8 <Dominikus.Scherkl@biodata.com>. (The previous implementation
9 worked incorrectly for those cases where range = 10..._2 and
10 3*range is two bits longer than range.)
11 [Bodo Moeller]
12
--- 4152 unchanged lines hidden --- | 125 Changes between 0.9.6b and 0.9.6c [21 dec 2001]
126
127 *) Fix BN_rand_range bug pointed out by Dominikus Scherkl
128 <Dominikus.Scherkl@biodata.com>. (The previous implementation
129 worked incorrectly for those cases where range = 10..._2 and
130 3*range is two bits longer than range.)
131 [Bodo Moeller]
132
--- 4152 unchanged lines hidden --- |