OpenSSL CHANGES
_______________
- Changes between 0.9.7 and 0.9.8 [xx XXX 2002]
+ Changes between 0.9.6h and 0.9.7 [XX xxx 2002]
- *) Change default behaviour of 'openssl asn1parse' so that more
- information is visible when viewing, e.g., a certificate:
+ *) Change from security patch (see 0.9.6e below) that did not affect
+ the 0.9.6 release series:
- Modify asn1_parse2 (crypto/asn1/asn1_par.c) so that in non-'dump'
- mode the content of non-printable OCTET STRINGs is output in a
- style similar to INTEGERs, but with '[HEX DUMP]' prepended to
- avoid the appearance of a printable string.
- [Nils Larsch <nla@trustcenter.de>]
-
- *) Add 'asn1_flag' and 'asn1_form' member to EC_GROUP with access
- functions
- EC_GROUP_set_asn1_flag()
- EC_GROUP_get_asn1_flag()
- EC_GROUP_set_point_conversion_form()
- EC_GROUP_get_point_conversion_form()
- These control ASN1 encoding details:
- - Curves (i.e., groups) are encoded explicitly unless asn1_flag
- has been set to OPENSSL_EC_NAMED_CURVE.
- - Points are encoded in uncompressed form by default; options for
- asn1_for are as for point2oct, namely
- POINT_CONVERSION_COMPRESSED
- POINT_CONVERSION_UNCOMPRESSED
- POINT_CONVERSION_HYBRID
-
- Also add 'seed' and 'seed_len' members to EC_GROUP with access
- functions
- EC_GROUP_set_seed()
- EC_GROUP_get0_seed()
- EC_GROUP_get_seed_len()
- This is used only for ASN1 purposes (so far).
- [Nils Larsch <nla@trustcenter.de>]
-
- *) Add 'field_type' member to EC_METHOD, which holds the NID
- of the appropriate field type OID. The new function
- EC_METHOD_get_field_type() returns this value.
- [Nils Larsch <nla@trustcenter.de>]
-
- *) Add functions
- EC_POINT_point2bn()
- EC_POINT_bn2point()
- EC_POINT_point2hex()
- EC_POINT_hex2point()
- providing useful interfaces to EC_POINT_point2oct() and
- EC_POINT_oct2point().
- [Nils Larsch <nla@trustcenter.de>]
-
- *) Change internals of the EC library so that the functions
- EC_GROUP_set_generator()
- EC_GROUP_get_generator()
- EC_GROUP_get_order()
- EC_GROUP_get_cofactor()
- are implemented directly in crypto/ec/ec_lib.c and not dispatched
- to methods, which would lead to unnecessary code duplication when
- adding different types of curves.
- [Nils Larsch <nla@trustcenter.de> with input by Bodo Moeller]
-
- *) Implement compute_wNAF (crypto/ec/ec_mult.c) without BIGNUM
- arithmetic, and such that modified wNAFs are generated
- (which avoid length expansion in many cases).
- [Bodo Moeller]
-
- *) Add a function EC_GROUP_check_discriminant() (defined via
- EC_METHOD) that verifies that the curve discriminant is non-zero.
-
- Add a function EC_GROUP_check() that makes some sanity tests
- on a EC_GROUP, its generator and order. This includes
- EC_GROUP_check_discriminant().
- [Nils Larsch <nla@trustcenter.de>]
-
- *) Add ECDSA in new directory crypto/ecdsa/.
+ Remote buffer overflow in SSL3 protocol - an attacker could
+ supply an oversized master key in Kerberos-enabled versions.
+ (CAN-2002-0657)
+ [Ben Laurie (CHATS)]
- Add applications 'openssl ecparam' and 'openssl ecdsa'
- (these are based on 'openssl dsaparam' and 'openssl dsa').
+ *) Change the SSL kerb5 codes to match RFC 2712.
+ [Richard Levitte]
- ECDSA support is also included in various other files across the
- library. Most notably,
- - 'openssl req' now has a '-newkey ecdsa:file' option;
- - EVP_PKCS82PKEY (crypto/evp/evp_pkey.c) now can handle ECDSA;
- - X509_PUBKEY_get (crypto/asn1/x_pubkey.c) and
- d2i_PublicKey (crypto/asn1/d2i_pu.c) have been modified to make
- them suitable for ECDSA where domain parameters must be
- extracted before the specific public key.
- [Nils Larsch <nla@trustcenter.de>]
+ *) Make -nameopt work fully for req and add -reqopt switch.
+ [Michael Bell <michael.bell@rz.hu-berlin.de>, Steve Henson]
- *) Include some named elliptic curves, and add OIDs from X9.62,
- SECG, and WAP/WTLS. The curves can be obtained from the new
- functions
- EC_GROUP_new_by_nid()
- EC_GROUP_new_by_name()
- Also add a 'curve_name' member to EC_GROUP objects, which can be
- accessed via
- EC_GROUP_set_nid()
- EC_GROUP_get_nid()
- [Nils Larsch <nla@trustcenter.de, Bodo Moeller]
-
- Changes between 0.9.6e and 0.9.7 [XX xxx 2002]
+ *) The "block size" for block ciphers in CFB and OFB mode should be 1.
+ [Steve Henson, reported by Yngve Nysaeter Pettersen <yngve@opera.com>]
*) Make sure tests can be performed even if the corresponding algorithms
have been removed entirely. This was also the last step to make
# Place yourself outside of the OpenSSL source tree. In
# this example, the environment variable OPENSSL_SOURCE
# is assumed to contain the absolute OpenSSL source directory.
- mkdir -p objtree/`uname -s`-`uname -r`-`uname -m`
- cd objtree/`uname -s`-`uname -r`-`uname -m`
+ mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`"
+ cd objtree/"`uname -s`-`uname -r`-`uname -m`"
(cd $OPENSSL_SOURCE; find . -type f -o -type l) | while read F; do
mkdir -p `dirname $F`
ln -s $OPENSSL_SOURCE/$F $F
*) Clean old EAY MD5 hack from e_os.h.
[Richard Levitte]
+ Changes between 0.9.6g and 0.9.6h [xx XXX xxxx]
+
+ *) Don't impose a 16-byte length minimum on session IDs in ssl/s3_clnt.c
+ (the SSL 3.0 and TLS 1.0 specifications allow any length up to 32 bytes).
+ [Bodo Moeller]
+
+ *) Fix initialization code race conditions in
+ SSLv23_method(), SSLv23_client_method(), SSLv23_server_method(),
+ SSLv2_method(), SSLv2_client_method(), SSLv2_server_method(),
+ SSLv3_method(), SSLv3_client_method(), SSLv3_server_method(),
+ TLSv1_method(), TLSv1_client_method(), TLSv1_server_method(),
+ ssl2_get_cipher_by_char(),
+ ssl3_get_cipher_by_char().
+ [Patrick McCormick <patrick@tellme.com>, Bodo Moeller]
+
+ *) Reorder cleanup sequence in SSL_CTX_free(): only remove the ex_data after
+ the cached sessions are flushed, as the remove_cb() might use ex_data
+ contents. Bug found by Sam Varshavchik <mrsam@courier-mta.com>
+ (see [openssl.org #212]).
+ [Geoff Thorpe, Lutz Jaenicke]
+
+ *) Fix typo in OBJ_txt2obj which incorrectly passed the content
+ length, instead of the encoding length to d2i_ASN1_OBJECT.
+ [Steve Henson]
+
+ Changes between 0.9.6f and 0.9.6g [9 Aug 2002]
+
+ *) [In 0.9.6g-engine release:]
+ Fix crypto/engine/vendor_defns/cswift.h for WIN32 (use '_stdcall').
+ [Lynn Gazis <lgazis@rainbow.com>]
+
+ Changes between 0.9.6e and 0.9.6f [8 Aug 2002]
+
+ *) Fix ASN1 checks. Check for overflow by comparing with LONG_MAX
+ and get fix the header length calculation.
+ [Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>,
+ Alon Kantor <alonk@checkpoint.com> (and others),
+ Steve Henson]
+
+ *) Use proper error handling instead of 'assertions' in buffer
+ overflow checks added in 0.9.6e. This prevents DoS (the
+ assertions could call abort()).
+ [Arne Ansper <arne@ats.cyber.ee>, Bodo Moeller]
+
Changes between 0.9.6d and 0.9.6e [30 Jul 2002]
*) Add various sanity checks to asn1_get_length() to reject
too small for 64 bit platforms. (CAN-2002-0655)
[Matthew Byng-Maddick <mbm@aldigital.co.uk> and Ben Laurie (CHATS)>
- *) Remote buffer overflow in SSL3 protocol - an attacker could
- supply an oversized master key in Kerberos-enabled versions.
- (CAN-2002-0657)
- [Ben Laurie (CHATS)]
-
*) Remote buffer overflow in SSL3 protocol - an attacker could
supply an oversized session ID to a client. (CAN-2002-0656)
[Ben Laurie (CHATS)]
value is 0.
[Richard Levitte]
- *) Add the configuration target linux-s390x.
- [Neale Ferguson <Neale.Ferguson@SoftwareAG-USA.com> via Richard Levitte]
-
*) [In 0.9.6d-engine release:]
Fix a crashbug and a logic bug in hwcrhk_load_pubkey().
[Toomas Kiisk <vix@cyber.ee> via Richard Levitte]
+ *) Add the configuration target linux-s390x.
+ [Neale Ferguson <Neale.Ferguson@SoftwareAG-USA.com> via Richard Levitte]
+
*) The earlier bugfix for the SSL3_ST_SW_HELLO_REQ_C case of
ssl3_accept (ssl/s3_srvr.c) incorrectly used a local flag
variable as an indication that a ClientHello message has been