| 5 Changes between 0.9.6c and 0.9.6d [9 May 2002] 6 7 *) Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not 8 encoded as NULL) with id-dsa-with-sha1. 9 [Nils Larsch <nla@trustcenter.de>; problem pointed out by Bodo Moeller] 10 11 *) Check various X509_...() return values in apps/req.c. 12 [Nils Larsch <nla@trustcenter.de>] 13 14 *) Fix BASE64 decode (EVP_DecodeUpdate) for data with CR/LF ended lines: 15 an end-of-file condition would erronously be flagged, when the CRLF 16 was just at the end of a processed block. The bug was discovered when 17 processing data through a buffering memory BIO handing the data to a 18 BASE64-decoding BIO. Bug fund and patch submitted by Pavel Tsekov 19 <ptsekov@syntrex.com> and Nedelcho Stanev. 20 [Lutz Jaenicke] 21 22 *) Implement a countermeasure against a vulnerability recently found 23 in CBC ciphersuites in SSL 3.0/TLS 1.0: Send an empty fragment 24 before application data chunks to avoid the use of known IVs 25 with data potentially chosen by the attacker. 26 [Bodo Moeller] 27 28 *) Fix length checks in ssl3_get_client_hello(). 29 [Bodo Moeller] 30 31 *) TLS/SSL library bugfix: use s->s3->in_read_app_data differently 32 to prevent ssl3_read_internal() from incorrectly assuming that 33 ssl3_read_bytes() found application data while handshake 34 processing was enabled when in fact s->s3->in_read_app_data was 35 merely automatically cleared during the initial handshake. 36 [Bodo Moeller; problem pointed out by Arne Ansper <arne@ats.cyber.ee>] 37 38 *) Fix object definitions for Private and Enterprise: they were not 39 recognized in their shortname (=lowercase) representation. Extend 40 obj_dat.pl to issue an error when using undefined keywords instead 41 of silently ignoring the problem (Svenning Sorensen 42 <sss@sss.dnsalias.net>). 43 [Lutz Jaenicke] 44 45 *) Fix DH_generate_parameters() so that it works for 'non-standard' 46 generators, i.e. generators other than 2 and 5. (Previously, the 47 code did not properly initialise the 'add' and 'rem' values to 48 BN_generate_prime().) 49 50 In the new general case, we do not insist that 'generator' is 51 actually a primitive root: This requirement is rather pointless; 52 a generator of the order-q subgroup is just as good, if not 53 better. 54 [Bodo Moeller] 55 56 *) Map new X509 verification errors to alerts. Discovered and submitted by 57 Tom Wu <tom@arcot.com>. 58 [Lutz Jaenicke] 59 60 *) Fix ssl3_pending() (ssl/s3_lib.c) to prevent SSL_pending() from 61 returning non-zero before the data has been completely received 62 when using non-blocking I/O. 63 [Bodo Moeller; problem pointed out by John Hughes] 64 65 *) Some of the ciphers missed the strength entry (SSL_LOW etc). 66 [Ben Laurie, Lutz Jaenicke] 67 68 *) Fix bug in SSL_clear(): bad sessions were not removed (found by 69 Yoram Zahavi <YoramZ@gilian.com>). 70 [Lutz Jaenicke] 71 72 *) Add information about CygWin 1.3 and on, and preserve proper 73 configuration for the versions before that. 74 [Corinna Vinschen <vinschen@redhat.com> and Richard Levitte] 75 76 *) Make removal from session cache (SSL_CTX_remove_session()) more robust: 77 check whether we deal with a copy of a session and do not delete from 78 the cache in this case. Problem reported by "Izhar Shoshani Levi" 79 <izhar@checkpoint.com>. 80 [Lutz Jaenicke] 81 82 *) Do not store session data into the internal session cache, if it 83 is never intended to be looked up (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 84 flag is set). Proposed by Aslam <aslam@funk.com>. 85 [Lutz Jaenicke] 86 87 *) Have ASN1_BIT_STRING_set_bit() really clear a bit when the requested 88 value is 0. 89 [Richard Levitte] 90 91 *) [In 0.9.6c-engine release:] 92 Fix a crashbug and a logic bug in hwcrhk_load_pubkey() 93 [Toomas Kiisk <vix@cyber.ee> via Richard Levitte] 94 95 *) Add the configuration target linux-s390x. 96 [Neale Ferguson <Neale.Ferguson@SoftwareAG-USA.com> via Richard Levitte] 97 98 *) The earlier bugfix for the SSL3_ST_SW_HELLO_REQ_C case of 99 ssl3_accept (ssl/s3_srvr.c) incorrectly used a local flag 100 variable as an indication that a ClientHello message has been 101 received. As the flag value will be lost between multiple 102 invocations of ssl3_accept when using non-blocking I/O, the 103 function may not be aware that a handshake has actually taken 104 place, thus preventing a new session from being added to the 105 session cache. 106 107 To avoid this problem, we now set s->new_session to 2 instead of 108 using a local variable. 109 [Lutz Jaenicke, Bodo Moeller] 110 111 *) Bugfix: Return -1 from ssl3_get_server_done (ssl3/s3_clnt.c) 112 if the SSL_R_LENGTH_MISMATCH error is detected. 113 [Geoff Thorpe, Bodo Moeller] 114 115 *) New 'shared_ldflag' column in Configure platform table. 116 [Richard Levitte] 117 118 *) Fix EVP_CIPHER_mode macro. 119 ["Dan S. Camper" <dan@bti.net>] 120 121 *) Fix ssl3_read_bytes (ssl/s3_pkt.c): To ignore messages of unknown 122 type, we must throw them away by setting rr->length to 0. 123 [D P Chang <dpc@qualys.com>] 124
|
5 Changes between 0.9.6b and 0.9.6c [21 dec 2001] 6 7 *) Fix BN_rand_range bug pointed out by Dominikus Scherkl 8 <Dominikus.Scherkl@biodata.com>. (The previous implementation 9 worked incorrectly for those cases where range = 10..._2 and 10 3*range is two bits longer than range.) 11 [Bodo Moeller] 12
--- 4152 unchanged lines hidden --- | 125 Changes between 0.9.6b and 0.9.6c [21 dec 2001] 126 127 *) Fix BN_rand_range bug pointed out by Dominikus Scherkl 128 <Dominikus.Scherkl@biodata.com>. (The previous implementation 129 worked incorrectly for those cases where range = 10..._2 and 130 3*range is two bits longer than range.) 131 [Bodo Moeller] 132
--- 4152 unchanged lines hidden --- |