version 1.56, 2022/04/16 21:45:53 |
version 1.57, 2022/04/17 17:02:12 |
|
|
Various interoperability problems with stacks that validate |
Various interoperability problems with stacks that validate |
certificates more strictly than OpenSSL can be avoided this way. |
certificates more strictly than OpenSSL can be avoided this way. |
<li>Attempt to opportunistically use the host name for SNI in s_client |
<li>Attempt to opportunistically use the host name for SNI in s_client |
|
<li>Allow non-standard name constraints of the form @domain.com. |
</ul> |
</ul> |
|
|
<li>Bug fixes |
<li>Bug fixes |
|
|
<li>Handle zero byte reads/writes that trigger handshakes in the |
<li>Handle zero byte reads/writes that trigger handshakes in the |
TLSv1.3 stack |
TLSv1.3 stack |
<li>A long standing memleak in libtls CRL handling was fixed |
<li>A long standing memleak in libtls CRL handling was fixed |
|
<li>Avoid single byte overread in asn1_parse2(). |
|
<li>Allow name constraints with a leading dot. |
|
<li>Relax a check in x509_constraints_dirname() to allow prefixes. |
|
<li>Fix NULL dereferences in openssl(1) cms option parsing. |
|
<li>Do not zero the computed cofactor on ec_guess_cofactor() success. |
|
<li>Bound cofactor in EC_GROUP_set_generator() to reduce the number of |
|
bogus groups that can be described with nonsensical parameters. |
|
<li>Avoid various potential segfaults in EVP_PKEY_CTX_free() in low |
|
memory conditions. |
|
<li>Plug leak in ASN1_TIME_adj_internal(). |
</ul> |
</ul> |
|
|
<li>Internal Improvements |
<li>Internal Improvements |
|
|
<li>Convert {i2d,d2i}_{,EC_,DSA_,RSA_}PUBKEY{,_bio,_fp}() to templated |
<li>Convert {i2d,d2i}_{,EC_,DSA_,RSA_}PUBKEY{,_bio,_fp}() to templated |
ASN1 |
ASN1 |
<li>Convert ASN1_OBJECT_new(), ASN1_STRING_type_new(), ASN1_PCTX_new(), |
<li>Convert ASN1_OBJECT_new(), ASN1_STRING_type_new(), ASN1_PCTX_new(), |
and X509_CRL_METHOD_new() to using calloc() instead of malloc() |
X509_CRL_METHOD_new(), and pkey_hmac_init() to using calloc() instead |
|
of malloc() |
<li>Rewrite ASN1_STRING_cmp() |
<li>Rewrite ASN1_STRING_cmp() |
<li>Replace asn1_tlc_clear and asn1_tlc_clear_nc macros with a function |
<li>Replace asn1_tlc_clear and asn1_tlc_clear_nc macros with a function |
<li>Consolidate {d2i,i2d}_{pr,pu}.c |
<li>Consolidate {d2i,i2d}_{pr,pu}.c |
|
|
<li>The S3I macro was removed |
<li>The S3I macro was removed |
<li>The openssl(1) cms, smime and ts subcommands option handling was |
<li>The openssl(1) cms, smime and ts subcommands option handling was |
converted and the C source was cleaned up. |
converted and the C source was cleaned up. |
|
<li>Limit OID text conversion to 64 bits per arc. |
|
<li>Clean up and simplify memory BIO code. |
|
<li>Reduce number of memmove() calls in memory BIOs. |
|
<li>Factor out alert handling code in the legacy stack. |
|
<li>Add sanity checks on p and q in old_dsa_priv_decode() |
|
<li>Cache the SHA-512 hash instead of the SHA-1 for CRLs. |
|
<li>Suppress various compiler warnings for old gcc versions. |
|
<li>Remove free_cont from asn1_d2i_ex_primitive()/asn1_ex_c2i(). |
|
<li>Rework ownership handling in x509_constraints_validate(). |
|
<li>Rework ASN1_STRING_set(). |
|
<li>Remove const from tls1_transcript_hash_value(). |
|
<li>Clean up and simplify ssl3_renegotiate{,_check}(). |
|
<li>Rewrite legacy TLS and DTLS unexpected handshake message handling. |
|
<li>Simplify SSL_do_handshake(). |
|
<li>Rewrite ASCII/text to ASN.1 object conversion. |
|
<li>Provide t2i_ASN1_OBJECT_internal() and use it for OBJ_txt2obj(). |
|
<li>Split armv7 and aarch64 code into separate locations. |
|
<li>Provide asn1_get_primitive(). |
|
<li>Convert {c2i,d2i}_ASN1_OBJECT() to CBS. |
|
<li>Remove the minimum record length checks from dtls1_read_bytes(). |
|
<li>Clean up {dtls1,ssl3}_read_bytes(). |
|
<li>Be more careful with embedded and terminating NULs in the new |
|
name constraints code. |
|
<li>Various minor code cleanup in openssl(1) pkcs12. |
|
<li>Simplify priv_key handling in d2i_ECPrivateKey(). |
</ul> |
</ul> |
|
|
<li>Documentation improvements |
<li>Documentation improvements |
|
|
<li>45 new manual pages, most of which were written from scratch.<br> |
<li>45 new manual pages, most of which were written from scratch.<br> |
Documentation coverage of ASN.1 and X.509 code has been |
Documentation coverage of ASN.1 and X.509 code has been |
significantly improved. |
significantly improved. |
|
<li>Update d2i_ASN1_OBJECT(3) documentation to reflect reality after |
|
refactoring and bug fixes. |
|
<li>Fixed numerous minor grammar, spelling, wording, and punctuation |
|
issues. |
</ul> |
</ul> |
</ul> |
</ul> |
|
|