OpenSSL v0.9.8.g Release Notes

Release Date: 2008-05-28 // almost 16 years ago
    • Fix flaw if 'Server Key exchange message' is omitted from a TLS handshake which could lead to a client crash as found using the Codenomicon TLS test suite ([CVE-2008-1672])

    Steve Henson, Mark Cox

    • Fix double free in TLS server name extensions which could lead to a remote crash found by Codenomicon TLS test suite ([CVE-2008-0891])

    Joe Orton

    • Clear error queue in SSL_CTX_use_certificate_chain_file()

    Clear the error queue to ensure that error entries left from older function calls do not interfere with the correct operation.

    Lutz Jaenicke, Erik de Castro Lopo

    • Remove root CA certificates of commercial CAs:

    The OpenSSL project does not recommend any specific CA and does not have any policy with respect to including or excluding any CA. Therefore, it does not make any sense to ship an arbitrary selection of root CA certificates with the OpenSSL software.

    Lutz Jaenicke

    • RSA OAEP patches to fix two separate invalid memory reads. The first one involves inputs when 'lzero' is greater than 'SHA_DIGEST_LENGTH' (it would read about SHA_DIGEST_LENGTH bytes before the beginning of from). The second one involves inputs where the 'db' section contains nothing but zeroes (there is a one-byte invalid read after the end of 'db').

    Ivan Nestlerode [email protected]

    • Partial backport from 0.9.9-dev:

    Introduce bn_mul_mont (dedicated Montgomery multiplication procedure) as a candidate for BIGNUM assembler implementation. While 0.9.9-dev uses assembler for various architectures, only x86_64 is available by default here in the 0.9.8 branch, and 32-bit x86 is available through a compile-time setting.

    To try the 32-bit x86 assembler implementation, use Configure option "enable-montasm" (which exists only for this backport).

    As "enable-montasm" for 32-bit x86 disclaims code stability anyway, in this constellation we activate additional code backported from 0.9.9-dev for further performance improvements, namely BN_from_montgomery_word. (To enable this otherwise, e.g. x86_64, try -DMONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD.)

    Andy Polyakov (backport partially by Bodo Moeller)

    • Add TLS session ticket callback. This allows an application to set TLS ticket cipher and HMAC keys rather than relying on hardcoded fixed values. This is useful for key rollover for example where several key sets may exist with different names.

    Steve Henson

    • Reverse ENGINE-internal logic for caching default ENGINE handles. This was broken until now in 0.9.8 releases, such that the only way a registered ENGINE could be used (assuming it initialises successfully on the host) was to explicitly set it as the default for the relevant algorithms. This is in contradiction with 0.9.7 behaviour and the documentation. With this fix, when an ENGINE is registered into a given algorithm's table of implementations, the 'uptodate' flag is reset so that auto-discovery will be used next time a new context for that algorithm attempts to select an implementation.

    Ian Lister (tweaked by Geoff Thorpe)

    • Backport of CMS code to OpenSSL 0.9.8. This differs from the 0.9.9 implementation in the following ways:

    Lack of EVP_PKEY_ASN1_METHOD means algorithm parameters have to be hard coded.

    Lack of BER streaming support means one pass streaming processing is only supported if data is detached: setting the streaming flag is ignored for embedded content.

    CMS support is disabled by default and must be explicitly enabled with the enable-cms configuration option.

    Steve Henson

    • Update the GMP engine glue to do direct copies between BIGNUM and mpz_t when openssl and GMP use the same limb size. Otherwise the existing "conversion via a text string export" trick is still used.

    Paul Sheer [email protected]

    • Zlib compression BIO. This is a filter BIO which compressed and uncompresses any data passed through it.

    Steve Henson

    • Add AES_wrap_key() and AES_unwrap_key() functions to implement RFC3394 compatible AES key wrapping.

    Steve Henson

    • Add utility functions to handle ASN1 structures. ASN1_STRING_set0(): sets string data without copying. X509_ALGOR_set0() and X509_ALGOR_get0(): set and retrieve X509_ALGOR (AlgorithmIdentifier) data. Attribute function X509at_get0_data_by_OBJ(): retrieves data from an X509_ATTRIBUTE structure optionally checking it occurs only once. ASN1_TYPE_set1(): set and ASN1_TYPE structure copying supplied data.

    Steve Henson

    • Fix BN flag handling in RSA_eay_mod_exp() and BN_MONT_CTX_set() to get the expected BN_FLG_CONSTTIME behavior.

    Bodo Moeller (Google)

    • Netware support:

      • fixed wrong usage of ioctlsocket() when build for LIBC BSD sockets
      • fixed do_tests.pl to run the test suite with CLIB builds too (CLIB_OPT)
      • added some more tests to do_tests.pl
      • fixed RunningProcess usage so that it works with newer LIBC NDKs too
      • removed usage of BN_LLONG for CLIB builds to avoid runtime dependency
      • added new Configure targets netware-clib-bsdsock, netware-clib-gcc, netware-clib-bsdsock-gcc, netware-libc-bsdsock-gcc
      • various changes to netware.pl to enable gcc-cross builds on Win32 platform
      • changed crypto/bio/b_sock.c to work with macro functions (CLIB BSD)
      • various changes to fix missing prototype warnings
      • fixed x86nasm.pl to create correct asm files for NASM COFF output
      • added AES, WHIRLPOOL and CPUID assembler code to build files
      • added missing AES assembler make rules to mk1mf.pl
      • fixed order of includes in apps/ocsp.c so that e_os.h settings apply

    Guenter Knauf [email protected]

    • Implement certificate status request TLS extension defined in RFC3546. A client can set the appropriate parameters and receive the encoded OCSP response via a callback. A server can query the supplied parameters and set the encoded OCSP response in the callback. Add simplified examples to s_client and s_server.

    Steve Henson