]>
Commit | Line | Data |
---|---|---|
81a6c781 | 1 | |
f1c236f8 | 2 | OpenSSL CHANGES |
651d0aff RE |
3 | _______________ |
4 | ||
a9d2bc49 | 5 | Changes between 0.9.6 and 0.9.7 [xx XXX 2001] |
a43cf9fa | 6 | |
e9ad0d2c | 7 | OpenSSL 0.9.6a/0.9.6b (bugfix releases, 5 Apr 2001 and 9 July 2001) |
e3fefbfd | 8 | and OpenSSL 0.9.7 were developed in parallel, based on OpenSSL 0.9.6. |
e9ad0d2c | 9 | |
a9d2bc49 | 10 | Change log entries are tagged as follows: |
daba492c BM |
11 | -) applies to 0.9.6a/0.9.6b/0.9.6c only |
12 | *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7 | |
a9d2bc49 BM |
13 | +) applies to 0.9.7 only |
14 | ||
d46c1a81 DSH |
15 | +) Change ASN1_GENERALIZEDTIME_check() to allow fractional seconds. |
16 | [Steve Henson] | |
17 | ||
89eeccac RL |
18 | +) Change mkdef.pl to sort symbols that get the same entry number, |
19 | and make sure the automatically generated functions ERR_load_* | |
20 | become part of libeay.num as well. | |
21 | [Richard Levitte] | |
22 | ||
3b0b5aba BM |
23 | *) Avoid infinite loop in ssl3_get_message (ssl/s3_both.c) if a |
24 | client receives HelloRequest while in a handshake. | |
25 | [Bodo Moeller; bug noticed by Andy Schneider <andy.schneider@bjss.co.uk>] | |
26 | ||
6b0e9fac BM |
27 | +) New function SSL_renegotiate_pending(). This returns true once |
28 | renegotiation has been requested (either SSL_renegotiate() call | |
29 | or HelloRequest/ClientHello receveived from the peer) and becomes | |
30 | false once a handshake has been completed. | |
31 | (For servers, SSL_renegotiate() followed by SSL_do_handshake() | |
32 | sends a HelloRequest, but does not ensure that a handshake takes | |
33 | place. SSL_renegotiate_pending() is useful for checking if the | |
34 | client has followed the request.) | |
35 | [Bodo Moeller] | |
36 | ||
37 | +) New SSL option SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION. | |
38 | By default, clients may request session resumption even during | |
39 | renegotiation (if session ID contexts permit); with this option, | |
40 | session resumption is possible only in the first handshake. | |
41 | [Bodo Moeller] | |
42 | ||
2260ad21 BM |
43 | *) Bugfix in ssl3_accept (ssl/s3_srvr.c): Case SSL3_ST_SW_HELLO_REQ_C |
44 | should end in 'break', not 'goto end' which circuments various | |
b49124f6 BM |
45 | cleanups done in state SSL_ST_OK. But session related stuff |
46 | must be disabled for SSL_ST_OK in the case that we just sent a | |
47 | HelloRequest. | |
2260ad21 BM |
48 | |
49 | Also avoid some overhead by not calling ssl_init_wbio_buffer() | |
50 | before just sending a HelloRequest. | |
b49124f6 | 51 | [Bodo Moeller, Eric Rescorla <ekr@rtfm.com>] |
8e2f6b79 | 52 | |
ee60d9fb BM |
53 | *) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't |
54 | reveal whether illegal block cipher padding was found or a MAC | |
55 | verification error occured. (Neither SSLerr() codes nor alerts | |
56 | are directly visible to potential attackers, but the information | |
57 | may leak via logfiles.) | |
58 | ||
59 | Similar changes are not required for the SSL 2.0 implementation | |
60 | because the number of padding bytes is sent in clear for SSL 2.0, | |
61 | and the extra bytes are just ignored. However ssl/s2_pkt.c | |
62 | failed to verify that the purported number of padding bytes is in | |
63 | the legal range. | |
64 | [Bodo Moeller] | |
65 | ||
96bd6f73 DSH |
66 | +) Add some demos for certificate and certificate request creation. |
67 | [Steve Henson] | |
68 | ||
c0f5dd07 LJ |
69 | +) Make maximum certificate chain size accepted from the peer application |
70 | settable (SSL*_get/set_max_cert_list()), as proposed by | |
71 | "Douglas E. Engert" <deengert@anl.gov>. | |
72 | [Lutz Jaenicke] | |
73 | ||
6c36f7a9 LJ |
74 | +) Add support for shared libraries for Unixware-7 and support including |
75 | shared libraries for OpenUNIX-8 (Boyd Lynn Gerber <gerberb@zenez.com>). | |
76 | [Lutz Jaenicke] | |
77 | ||
a9ed4da8 BM |
78 | *) Improve RSA_padding_check_PKCS1_OAEP() check again to avoid |
79 | 'wristwatch attack' using huge encoding parameters (cf. | |
80 | James H. Manger's CRYPTO 2001 paper). Note that the | |
81 | RSA_PKCS1_OAEP_PADDING case of RSA_private_decrypt() does not use | |
e3fefbfd | 82 | encoding parameters and hence was not vulnerable. |
a9ed4da8 BM |
83 | [Bodo Moeller] |
84 | ||
4450107a | 85 | +) Add a "destroy" handler to ENGINEs that allows structural cleanup to |
908efd3b GT |
86 | be done prior to destruction. Use this to unload error strings from |
87 | ENGINEs that load their own error strings. NB: This adds two new API | |
88 | functions to "get" and "set" this destroy handler in an ENGINE. | |
a9ed4da8 | 89 | [Geoff Thorpe] |
908efd3b | 90 | |
4450107a | 91 | +) Alter all existing ENGINE implementations (except "openssl" and |
541814c4 GT |
92 | "openbsd") to dynamically instantiate their own error strings. This |
93 | makes them more flexible to be built both as statically-linked ENGINEs | |
94 | and self-contained shared-libraries loadable via the "dynamic" ENGINE. | |
95 | Also, add stub code to each that makes building them as self-contained | |
96 | shared-libraries easier (see README.ENGINE). | |
97 | [Geoff Thorpe] | |
98 | ||
4450107a | 99 | +) Add a "dynamic" ENGINE that provides a mechanism for binding ENGINE |
541814c4 GT |
100 | implementations into applications that are completely implemented in |
101 | self-contained shared-libraries. The "dynamic" ENGINE exposes control | |
102 | commands that can be used to configure what shared-library to load and | |
103 | to control aspects of the way it is handled. Also, made an update to | |
104 | the README.ENGINE file that brings its information up-to-date and | |
105 | provides some information and instructions on the "dynamic" ENGINE | |
106 | (ie. how to use it, how to build "dynamic"-loadable ENGINEs, etc). | |
107 | [Geoff Thorpe] | |
108 | ||
d98a4b73 UM |
109 | *) BN_sqr() bug fix. |
110 |