OpenSSL CHANGES
_______________
- Changes between 0.9.8j and 0.9.9 [xx XXX xxxx]
+ Changes between 0.9.8k and 1.0 [xx XXX xxxx]
+
+ *) Update OCSP request code to permit adding custom headers to the request:
+ some responders need this.
+ [Steve Henson]
+
+ *) Extensive audit of libcrypto with DEBUG_UNUSED. Fix many cases where
+ return value is ignored. NB. The functions RAND_add(), RAND_seed(),
+ BIO_set_cipher() and some obscure PEM functions were changed so they
+ can now return an error. The RAND changes required a change to the
+ RAND_METHOD structure.
+ [Steve Henson]
+
+ *) New macro __owur for "OpenSSL Warn Unused Result". This makes use of
+ a gcc attribute to warn if the result of a function is ignored. This
+ is enable if DEBUG_UNUSED is set. Add to several functions in evp.h
+ whose return value is often ignored.
+ [Steve Henson]
+
+ *) The function EVP_PKEY_sign() returns <=0 on error: check return code
+ correctly.
+ [Julia Lawall <julia@diku.dk>]
+
+ *) Update verify callback code in apps/s_cb.c and apps/verify.c, it
+ needlessly dereferenced structures, used obsolete functions and
+ didn't handle all updated verify codes correctly.
+ [Steve Henson]
+
+ *) Delete MD2 from algorithm tables. This follows the recommendation in
+ several standards that it is not used in new applications due to
+ several cryptographic weaknesses. The algorithm is also disabled in
+ the default configuration.
+ [Steve Henson]
+
+ *) In BIO_pop() and BIO_push() use the ctrl argument (which was NULL) to
+ indicate the initial BIO being pushed or popped. This makes it possible
+ to determine whether the BIO is the one explicitly called or as a result
+ of the ctrl being passed down the chain. Fix BIO_pop() and SSL BIOs so
+ it handles reference counts correctly and doesn't zero out the I/O bio
+ when it is not being explicitly popped. WARNING: applications which
+ included workarounds for the old buggy behaviour will need to be modified
+ or they could free up already freed BIOs.
+ [Steve Henson]
+
+ *) Rename uni2asc and asc2uni functions to OPENSSL_uni2asc and
+ OPENSSL_asc2uni the original names were too generic and cause name
+ clashes on Netware.
+ [Guenter <lists@gknw.net>]
+
+ *) Add ECDHE and PSK support to DTLS.
+ [Michael Tuexen <tuexen@fh-muenster.de>]
+
+ *) Add CHECKED_STACK_OF macro to safestack.h, otherwise safestack can't
+ be used on C++.
+ [Steve Henson]
+
+ *) Add "missing" function EVP_MD_flags() (without this the only way to
+ retrieve a digest flags is by accessing the structure directly. Update
+ EVP_MD_do_all*() and EVP_CIPHER_do_all*() to include the name a digest
+ or cipher is registered as in the "from" argument. Print out all
+ registered digests in the dgst usage message instead of manually
+ attempting to work them out.
+ [Steve Henson]
+
+ *) If no SSLv2 ciphers are used don't use an SSLv2 compatible client hello:
+ this allows the use of compression and extensions. Change default cipher
+ string to remove SSLv2 ciphersuites. This effectively avoids ancient SSLv2
+ by default unless an application cipher string requests it.
+ [Steve Henson]
+
+ *) Alter match criteria in PKCS12_parse(). It used to try to use local
+ key ids to find matching certificates and keys but some PKCS#12 files
+ don't follow the (somewhat unwritten) rules and this strategy fails.
+ Now just gather all certificates together and the first private key
+ then look for the first certificate that matches the key.
+ [Steve Henson]
+
+ *) Support use of registered digest and cipher names for dgst and cipher
+ commands instead of having to add each one as a special case. So now
+ you can do:
+
+ openssl sha256 foo
+
+ as well as:
+
+ openssl dgst -sha256 foo
+
+ and this works for ENGINE based algorithms too.
+
+ [Steve Henson]
+
+ *) Update Gost ENGINE to support parameter files.
+ [Victor B. Wagner <vitus@cryptocom.ru>]
*) Support GeneralizedTime in ca utility.
[Oliver Martin <oliver@volatilevoid.net>, Steve Henson]
*) Change 'Configure' script to enable Camellia by default.
[NTT]
- Changes between 0.9.8j and 0.9.8k [xx XXX xxxx]
+ Changes between 0.9.8k and 0.9.8l [xx XXX xxxx]
+
+ *) Fixes to stateless session resumption handling. Use initial_ctx when
+ issuing and attempting to decrypt tickets in case it has changed during
+ servername handling. Use a non-zero length session ID when attempting
+ stateless session resumption: this makes it possible to determine if
+ a resumption has occurred immediately after receiving server hello
+ (several places in OpenSSL subtly assume this) instead of later in
+ the handshake.
+ [Steve Henson]
+
+ *) The functions ENGINE_ctrl(), OPENSSL_isservice(),
+ CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error
+ fixes for a few places where the return code is not checked
+ correctly.
+ [Julia Lawall <julia@diku.dk>]
+
+ *) Add --strict-warnings option to Configure script to include devteam
+ warnings in other configurations.
+ [Steve Henson]
+
+ *) Add support for --libdir option and LIBDIR variable in makefiles. This
+ makes it possible to install openssl libraries in locations which
+ have names other than "lib", for example "/usr/lib64" which some
+ systems need.
+ [Steve Henson, based on patch from Jeremy Utley]
+
+ *) Don't allow the use of leading 0x80 in OIDs. This is a violation of
+ X690 8.9.12 and can produce some misleading textual output of OIDs.
+ [Steve Henson, reported by Dan Kaminsky]
+
+ *) Add compression id to {d2i,i2d}_SSL_SESSION so it is correctly saved
+ and restored.
+ [Steve Henson]
+
+ *) Fix the server certificate chain building code to use X509_verify_cert(),
+ it used to have an ad-hoc builder which was unable to cope with anything
+ other than a simple chain.
+ [David Woodhouse <dwmw2@infradead.org>, Steve Henson]
+
+ *) Don't check self signed certificate signatures in X509_verify_cert()
+ by default (a flag can override this): it just wastes time without
+ adding any security. As a useful side effect self signed root CAs
+ with non-FIPS digests are now usable in FIPS mode.
+ [Steve Henson]
+
+ *) In dtls1_process_out_of_seq_message() the check if the current message
+ is already buffered was missing. For every new message was memory
+ allocated, allowing an attacker to perform an denial of service attack
+ with sending out of seq handshake messages until there is no memory
+ left. Additionally every future messege was buffered, even if the
+ sequence number made no sense and would be part of another handshake.
+ So only messages with sequence numbers less than 10 in advance will be
+ buffered.
+ [Robin Seggelmann, discovered by Daniel Mentz]
+
+ *) Records are buffered if they arrive with a future epoch to be
+ processed after finishing the corresponding handshake. There is
+ currently no limitation to this buffer allowing an attacker to perform
+ a DOS attack with sending records with future epochs until there is no
+ memory left. This patch adds the pqueue_size() function to detemine
+ the size of a buffer and limits the record buffer to 100 entries.
+ [Robin Seggelmann, discovered by Daniel Mentz]
+
+ *) Keep a copy of frag->msg_header.frag_len so it can be used after the
+ parent structure is freed.
+ [Daniel Mentz]
+
+ *) Handle non-blocking I/O properly in SSL_shutdown() call.
+ [Darryl Miles <darryl-mailinglists@netbauds.net>]
+
+ *) Add 2.5.4.* OIDs
+ [Ilya O. <vrghost@gmail.com>]
+
+ Changes between 0.9.8j and 0.9.8k [25 Mar 2009]
+
+ *) Don't set val to NULL when freeing up structures, it is freed up by
+ underlying code. If sizeof(void *) > sizeof(long) this can result in
+ zeroing past the valid field. (CVE-2009-0789)
+ [Paolo Ganci <Paolo.Ganci@AdNovum.CH>]
+
+ *) Fix bug where return value of CMS_SignerInfo_verify_content() was not
+ checked correctly. This would allow some invalid signed attributes to
+ appear to verify correctly. (CVE-2009-0591)
+ [Ivan Nestlerode <inestlerode@us.ibm.com>]
+
+ *) Reject UniversalString and BMPString types with invalid lengths. This
+ prevents a crash in ASN1_STRING_print_ex() which assumes the strings have
+ a legal length. (CVE-2009-0590)
+ [Steve Henson]
+
+ *) Set S/MIME signing as the default purpose rather than setting it
+ unconditionally. This allows applications to override it at the store
+ level.
+ [Steve Henson]
+
+ *) Permit restricted recursion of ASN1 strings. This is needed in practice
+ to handle some structures.
+ [Steve Henson]
*) Improve efficiency of mem_gets: don't search whole buffer each time
for a '\n'
projects / openssl.git / blobdiff