[arch-dev-public] [signoff] openssl-0.9.8g

Pierre Schmitz pierre at archlinux.de
Wed May 28 13:21:14 EDT 2008


I just uploaded a new release of openssl to testing. It fixes some security 
issues (see changelog below). So please sign-off.

In addition to this I had to rebuilt ntp and fix its depends to openssl.

Last but not least according to the changelog openssl does not provide any 
root-certs anymore. If there are any apps which rely on those, we should 
think about providing a separate root-certs package.


 Changes between 0.9.8g and 0.9.8h  [28 May 2008]

  *) Fix flaw if 'Server Key exchange message' is omitted from a TLS
     handshake which could lead to a cilent crash as found using the
     Codenomicon TLS test suite (CVE-2008-1672) 
     [Steve Henson, Mark Cox]

  *) Fix double free in TLS server name extensions which could lead to
     a remote crash found by Codenomicon TLS test suite (CVE-2008-0891) 
     [Joe Orton]

  *) Clear error queue in SSL_CTX_use_certificate_chain_file()

     Clear the error queue to ensure that error entries left from
     older function calls do not interfere with the correct operation.
     [Lutz Jaenicke, Erik de Castro Lopo]

  *) Remove root CA certificates of commercial CAs:

     The OpenSSL project does not recommend any specific CA and does not
     have any policy with respect to including or excluding any CA.
     Therefore it does not make any sense to ship an arbitrary selection
     of root CA certificates with the OpenSSL software.
     [Lutz Jaenicke]

  *) RSA OAEP patches to fix two separate invalid memory reads.
     The first one involves inputs when 'lzero' is greater than
     'SHA_DIGEST_LENGTH' (it would read about SHA_DIGEST_LENGTH bytes
     before the beginning of from). The second one involves inputs where
     the 'db' section contains nothing but zeroes (there is a one-byte
     invalid read after the end of 'db').
     [Ivan Nestlerode <inestlerode at us.ibm.com>]

  *) Partial backport from 0.9.9-dev:

     Introduce bn_mul_mont (dedicated Montgomery multiplication
     procedure) as a candidate for BIGNUM assembler implementation.
     While 0.9.9-dev uses assembler for various architectures, only
     x86_64 is available by default here in the 0.9.8 branch, and
     32-bit x86 is available through a compile-time setting.

     To try the 32-bit x86 assembler implementation, use Configure
     option "enable-montasm" (which exists only for this backport).

     As "enable-montasm" for 32-bit x86 disclaims code stability
     anyway, in this constellation we activate additional code
     backported from 0.9.9-dev for further performance improvements,
     namely BN_from_montgomery_word.  (To enable this otherwise,
     e.g. x86_64, try "-DMONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD".)

     [Andy Polyakov (backport partially by Bodo Moeller)]

  *) Add TLS session ticket callback. This allows an application to set
     TLS ticket cipher and HMAC keys rather than relying on hardcoded fixed
     values. This is useful for key rollover for example where several key
     sets may exist with different names.
     [Steve Henson]

  *) Reverse ENGINE-internal logic for caching default ENGINE handles.
     This was broken until now in 0.9.8 releases, such that the only way
     a registered ENGINE could be used (assuming it initialises
     successfully on the host) was to explicitly set it as the default
     for the relevant algorithms. This is in contradiction with 0.9.7
     behaviour and the documentation. With this fix, when an ENGINE is
     registered into a given algorithm's table of implementations, the
     'uptodate' flag is reset so that auto-discovery will be used next
     time a new context for that algorithm attempts to select an
     [Ian Lister (tweaked by Geoff Thorpe)]

  *) Backport of CMS code to OpenSSL 0.9.8. This differs from the 0.9.9
     implemention in the following ways:

     Lack of EVP_PKEY_ASN1_METHOD means algorithm parameters have to be
     hard coded.

     Lack of BER streaming support means one pass streaming processing is
     only supported if data is detached: setting the streaming flag is
     ignored for embedded content.

     CMS support is disabled by default and must be explicitly enabled
     with the enable-cms configuration option.
     [Steve Henson]

  *) Update the GMP engine glue to do direct copies between BIGNUM and
     mpz_t when openssl and GMP use the same limb size. Otherwise the
     existing "conversion via a text string export" trick is still used.
     [Paul Sheer <paulsheer at gmail.com>]

  *) Zlib compression BIO. This is a filter BIO which compressed and
     uncompresses any data passed through it.
     [Steve Henson]

  *) Add AES_wrap_key() and AES_unwrap_key() functions to implement
     RFC3394 compatible AES key wrapping.
     [Steve Henson]

  *) Add utility functions to handle ASN1 structures. ASN1_STRING_set0():
     sets string data without copying. X509_ALGOR_set0() and
     X509_ALGOR_get0(): set and retrieve X509_ALGOR (AlgorithmIdentifier)
     data. Attribute function X509at_get0_data_by_OBJ(): retrieves data
     from an X509_ATTRIBUTE structure optionally checking it occurs only
     once. ASN1_TYPE_set1(): set and ASN1_TYPE structure copying supplied
     [Steve Henson]

  *) Fix BN flag handling in RSA_eay_mod_exp() and BN_MONT_CTX_set()
     to get the expected BN_FLG_CONSTTIME behavior.
     [Bodo Moeller (Google)]
  *) Netware support:

     - fixed wrong usage of ioctlsocket() when build for LIBC BSD sockets
     - fixed do_tests.pl to run the test suite with CLIB builds too (CLIB_OPT)
     - added some more tests to do_tests.pl
     - fixed RunningProcess usage so that it works with newer LIBC NDKs too
     - removed usage of BN_LLONG for CLIB builds to avoid runtime dependency
     - added new Configure targets netware-clib-bsdsock, netware-clib-gcc,
       netware-clib-bsdsock-gcc, netware-libc-bsdsock-gcc
     - various changes to netware.pl to enable gcc-cross builds on Win32
     - changed crypto/bio/b_sock.c to work with macro functions (CLIB BSD)
     - various changes to fix missing prototype warnings
     - fixed x86nasm.pl to create correct asm files for NASM COFF output
     - added AES, WHIRLPOOL and CPUID assembler code to build files
     - added missing AES assembler make rules to mk1mf.pl
     - fixed order of includes in apps/ocsp.c so that e_os.h settings apply
     [Guenter Knauf <eflash at gmx.net>]

  *) Implement certificate status request TLS extension defined in RFC3546.
     A client can set the appropriate parameters and receive the encoded
     OCSP response via a callback. A server can query the supplied parameters
     and set the encoded OCSP response in the callback. Add simplified 
     examples to s_client and s_server.
     [Steve Henson]


More information about the arch-dev-public mailing list