Loading CHANGES +15 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,21 @@ Changes between 0.9.6g and 0.9.6h [xx XXX xxxx] *) New function OPENSSL_cleanse(), which is used to cleanse a section of memory from it's contents. This is done with a counter that will place alternating values in each byte. This can be used to solve two issues: 1) the removal of calls to memset() by highly optimizing compilers, and 2) cleansing with other values than 0, since those can be read through on certain media, for example a swap space on disk. [Geoff Thorpe] *) Bugfix: client side session caching did not work with external caching, because the session->cipher setting was not restored when reloading from the external cache. This problem was masked, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (part of SSL_OP_ALL) was set. (Found by Steve Haslam <steve@araqnid.ddts.net>.) [Lutz Jaenicke] *) Fix client_certificate (ssl/s2_clnt.c): The permissible total length of the REQUEST-CERTIFICATE message is 18 .. 34, not 17 .. 33. [Zeev Lieber <zeev-l@yahoo.com>] Loading STATUS +13 −1 Original line number Diff line number Diff line OpenSSL STATUS Last modified at ______________ $Date: 2002/08/09 11:49:13 $ ______________ $Date: 2002/11/28 12:26:04 $ DEVELOPMENT STATE Loading @@ -23,6 +23,18 @@ RELEASE SHOWSTOPPERS o [2002-11-21] PR 343 mentions that scrubbing memory with 'memset(ptr, 0, n)' may be optimized away in modern compilers. This is definitely not good and needs to be fixed immediately. The formula to use is presented in: http://online.securityfocus.com/archive/82/297918/2002-10-27/2002-11-02/0 The problem report that mentions this is: https://www.aet.TU-Cottbus.DE/rt2/Ticket/Display.html?id=343 AVAILABLE PATCHES o Loading TABLE +1 −1 Original line number Diff line number Diff line Loading @@ -71,7 +71,7 @@ $ranlib = *** Cygwin $cc = gcc $cflags = -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -march=486 -Wall $cflags = -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -march=i486 -Wall $unistd = $thread_cflag = $lflags = Loading apps/ca.c +1 −1 Original line number Diff line number Diff line Loading @@ -570,7 +570,7 @@ bad: goto err; } pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,key); if(key) memset(key,0,strlen(key)); if(key) OPENSSL_cleanse(key,strlen(key)); if (pkey == NULL) { BIO_printf(bio_err,"unable to load CA private key\n"); Loading apps/dgst.c +1 −1 Original line number Diff line number Diff line Loading @@ -354,7 +354,7 @@ int MAIN(int argc, char **argv) end: if (buf != NULL) { memset(buf,0,BUFSIZE); OPENSSL_cleanse(buf,BUFSIZE); OPENSSL_free(buf); } if (in != NULL) BIO_free(in); Loading Loading
CHANGES +15 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,21 @@ Changes between 0.9.6g and 0.9.6h [xx XXX xxxx] *) New function OPENSSL_cleanse(), which is used to cleanse a section of memory from it's contents. This is done with a counter that will place alternating values in each byte. This can be used to solve two issues: 1) the removal of calls to memset() by highly optimizing compilers, and 2) cleansing with other values than 0, since those can be read through on certain media, for example a swap space on disk. [Geoff Thorpe] *) Bugfix: client side session caching did not work with external caching, because the session->cipher setting was not restored when reloading from the external cache. This problem was masked, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (part of SSL_OP_ALL) was set. (Found by Steve Haslam <steve@araqnid.ddts.net>.) [Lutz Jaenicke] *) Fix client_certificate (ssl/s2_clnt.c): The permissible total length of the REQUEST-CERTIFICATE message is 18 .. 34, not 17 .. 33. [Zeev Lieber <zeev-l@yahoo.com>] Loading
STATUS +13 −1 Original line number Diff line number Diff line OpenSSL STATUS Last modified at ______________ $Date: 2002/08/09 11:49:13 $ ______________ $Date: 2002/11/28 12:26:04 $ DEVELOPMENT STATE Loading @@ -23,6 +23,18 @@ RELEASE SHOWSTOPPERS o [2002-11-21] PR 343 mentions that scrubbing memory with 'memset(ptr, 0, n)' may be optimized away in modern compilers. This is definitely not good and needs to be fixed immediately. The formula to use is presented in: http://online.securityfocus.com/archive/82/297918/2002-10-27/2002-11-02/0 The problem report that mentions this is: https://www.aet.TU-Cottbus.DE/rt2/Ticket/Display.html?id=343 AVAILABLE PATCHES o Loading
TABLE +1 −1 Original line number Diff line number Diff line Loading @@ -71,7 +71,7 @@ $ranlib = *** Cygwin $cc = gcc $cflags = -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -march=486 -Wall $cflags = -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -march=i486 -Wall $unistd = $thread_cflag = $lflags = Loading
apps/ca.c +1 −1 Original line number Diff line number Diff line Loading @@ -570,7 +570,7 @@ bad: goto err; } pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,key); if(key) memset(key,0,strlen(key)); if(key) OPENSSL_cleanse(key,strlen(key)); if (pkey == NULL) { BIO_printf(bio_err,"unable to load CA private key\n"); Loading
apps/dgst.c +1 −1 Original line number Diff line number Diff line Loading @@ -354,7 +354,7 @@ int MAIN(int argc, char **argv) end: if (buf != NULL) { memset(buf,0,BUFSIZE); OPENSSL_cleanse(buf,BUFSIZE); OPENSSL_free(buf); } if (in != NULL) BIO_free(in); Loading
