===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/71.html,v
retrieving revision 1.56
retrieving revision 1.57
diff -c -r1.56 -r1.57
*** www/71.html 2022/04/16 21:45:53 1.56
--- www/71.html 2022/04/17 17:02:12 1.57
***************
*** 972,977 ****
--- 972,978 ----
Various interoperability problems with stacks that validate
certificates more strictly than OpenSSL can be avoided this way.
Attempt to opportunistically use the host name for SNI in s_client
+ Allow non-standard name constraints of the form @domain.com.
Bug fixes
***************
*** 989,994 ****
--- 990,1005 ----
Handle zero byte reads/writes that trigger handshakes in the
TLSv1.3 stack
A long standing memleak in libtls CRL handling was fixed
+ Avoid single byte overread in asn1_parse2().
+ Allow name constraints with a leading dot.
+ Relax a check in x509_constraints_dirname() to allow prefixes.
+ Fix NULL dereferences in openssl(1) cms option parsing.
+ Do not zero the computed cofactor on ec_guess_cofactor() success.
+ Bound cofactor in EC_GROUP_set_generator() to reduce the number of
+ bogus groups that can be described with nonsensical parameters.
+ Avoid various potential segfaults in EVP_PKEY_CTX_free() in low
+ memory conditions.
+ Plug leak in ASN1_TIME_adj_internal().
Internal Improvements
***************
*** 1004,1010 ****
Convert {i2d,d2i}_{,EC_,DSA_,RSA_}PUBKEY{,_bio,_fp}() to templated
ASN1
Convert ASN1_OBJECT_new(), ASN1_STRING_type_new(), ASN1_PCTX_new(),
! and X509_CRL_METHOD_new() to using calloc() instead of malloc()
Rewrite ASN1_STRING_cmp()
Replace asn1_tlc_clear and asn1_tlc_clear_nc macros with a function
Consolidate {d2i,i2d}_{pr,pu}.c
--- 1015,1022 ----
Convert {i2d,d2i}_{,EC_,DSA_,RSA_}PUBKEY{,_bio,_fp}() to templated
ASN1
Convert ASN1_OBJECT_new(), ASN1_STRING_type_new(), ASN1_PCTX_new(),
! X509_CRL_METHOD_new(), and pkey_hmac_init() to using calloc() instead
! of malloc()
Rewrite ASN1_STRING_cmp()
Replace asn1_tlc_clear and asn1_tlc_clear_nc macros with a function
Consolidate {d2i,i2d}_{pr,pu}.c
***************
*** 1063,1068 ****
--- 1075,1105 ----
The S3I macro was removed
The openssl(1) cms, smime and ts subcommands option handling was
converted and the C source was cleaned up.
+ Limit OID text conversion to 64 bits per arc.
+ Clean up and simplify memory BIO code.
+ Reduce number of memmove() calls in memory BIOs.
+ Factor out alert handling code in the legacy stack.
+ Add sanity checks on p and q in old_dsa_priv_decode()
+ Cache the SHA-512 hash instead of the SHA-1 for CRLs.
+ Suppress various compiler warnings for old gcc versions.
+ Remove free_cont from asn1_d2i_ex_primitive()/asn1_ex_c2i().
+ Rework ownership handling in x509_constraints_validate().
+ Rework ASN1_STRING_set().
+ Remove const from tls1_transcript_hash_value().
+ Clean up and simplify ssl3_renegotiate{,_check}().
+ Rewrite legacy TLS and DTLS unexpected handshake message handling.
+ Simplify SSL_do_handshake().
+ Rewrite ASCII/text to ASN.1 object conversion.
+ Provide t2i_ASN1_OBJECT_internal() and use it for OBJ_txt2obj().
+ Split armv7 and aarch64 code into separate locations.
+ Provide asn1_get_primitive().
+ Convert {c2i,d2i}_ASN1_OBJECT() to CBS.
+ Remove the minimum record length checks from dtls1_read_bytes().
+ Clean up {dtls1,ssl3}_read_bytes().
+ Be more careful with embedded and terminating NULs in the new
+ name constraints code.
+ Various minor code cleanup in openssl(1) pkcs12.
+ Simplify priv_key handling in d2i_ECPrivateKey().
Documentation improvements
***************
*** 1070,1075 ****
--- 1107,1116 ----
45 new manual pages, most of which were written from scratch.
Documentation coverage of ASN.1 and X.509 code has been
significantly improved.
+ Update d2i_ASN1_OBJECT(3) documentation to reflect reality after
+ refactoring and bug fixes.
+ Fixed numerous minor grammar, spelling, wording, and punctuation
+ issues.