Changes between 1.0.1 and 1.1.0 [xx XXX xxxx]
+ *) New flag in ciphers: EVP_CIPH_FLAG_CUSTOM_CIPHER. This means the
+ underlying do_cipher function handles all cipher semantics itself
+ including padding and finalisation. This is useful if (for example)
+ an ENGINE cipher handles block padding itself. The behaviour of
+ do_cipher is subtly changed if this flag is set: the return value
+ is the number of characters written to the output buffer (zero is
+ no longer an error code) or a negative error code. Also if the
+ input buffer is NULL and length -1 finalisation should be performed.
+ [Steve Henson]
+
+ *) If a candidate issuer certificate is already part of the constructed
+ path ignore it: new debug notification X509_V_ERR_PATH_LOOP for this case.
+ [Steve Henson]
+
*) Improve forward-security support: add functions
void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx, int (*cb)(SSL *ssl, int is_forward_secure))
whose return value is often ignored.
[Steve Henson]
- Changes between 1.0.0b and 1.0.1 [xx XXX xxxx]
+ Changes between 1.0.0c and 1.0.1 [xx XXX xxxx]
+
+ *) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id.
+ [Steve Henson]
*) Add EC_GFp_nistp224_method(), a 64-bit optimized implementation for
elliptic curve NIST-P224 with constant-time single point multiplication on
Add command line options to s_client/s_server.
[Steve Henson]
- Changes between 1.0.0a and 1.0.0b [xx XXX xxxx]
+ Changes between 1.0.0c and 1.0.0d [xx XXX xxxx]
+
+ *) Fix bug in string printing code: if *any* escaping is enabled we must
+ escape the escape character (backslash) or the resulting string is
+ ambiguous.
+ [Steve Henson]
+
+ Changes between 1.0.0b and 1.0.0c [2 Dec 2010]
+
+ *) Disable code workaround for ancient and obsolete Netscape browsers
+ and servers: an attacker can use it in a ciphersuite downgrade attack.
+ Thanks to Martin Rex for discovering this bug. CVE-2010-4180
+ [Steve Henson]
+
+ *) Fixed J-PAKE implementation error, originally discovered by
+ Sebastien Martini, further info and confirmation from Stefan
+ Arentz and Feng Hao. Note that this fix is a security fix. CVE-2010-4252
+ [Ben Laurie]
+
+ Changes between 1.0.0a and 1.0.0b [16 Nov 2010]
+
+ *) Fix extension code to avoid race conditions which can result in a buffer
+ overrun vulnerability: resumed sessions must not be modified as they can
+ be shared by multiple threads. CVE-2010-3864
+ [Steve Henson]
*) Fix WIN32 build system to correctly link an ENGINE directory into
a DLL.
Changes between 0.9.8o and 0.9.8p [xx XXX xxxx]
+ *) Fix extension code to avoid race conditions which can result in a buffer
+ overrun vulnerability: resumed sessions must not be modified as they can
+ be shared by multiple threads. CVE-2010-3864
+
+ *) Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939
+ [Steve Henson]
+
*) Don't reencode certificate when calculating signature: cache and use
the original encoding instead. This makes signature verification of
some broken encodings work correctly.
projects / openssl.git / blobdiff