Download Openssl 0.9.8i

The development team of Openssl, a well-known security program that offers encryption functions, has released a new version with 0.9.8i as the version number. Openssl contains an implementation of the tls and ssl protocols, with which data can be sent and received encrypted, for example to prevent eavesdropping. For more information, we refer you to this page. The list of changes since the previous entry in the Meuktracker looks like this:

Changes between 0.9.8h and 0.9.8i:

• Fix a state transitition in s3_srvr.c and d1_srvr.c (was using SSL3_ST_CW_CLNT_HELLO_B, should be …_ST_SW_SRVR_…).
• The fix in 0.9.8c that supposedly got rid of unsafe double-checked locking was incomplete for RSA blinding, addressing just one layer of what turns out to have been doubly unsafe triple-checked locking. So now fix this for real by retiring the MONT_HELPER macro in crypto/rsa/rsa_eay.c.
• Various precautionary measures:
  • Avoid size_t integer overflow in HASH_UPDATE (md32_common.h).
  • Avoid a buffer overflow in d2i_SSL_SESSION() (ssl_asn1.c). (NB: This would require knowledge of the secret session ticket key to exploit, in which case you’d be SOL either way.)
  • Change bn_nist.c so that it will properly handle input BIGNUMs outside the expected range.
  • Enforce the ‘num’ check in BN_div() (bn_div.c) for non-BN_DEBUG builds.
• Allow engines to be “soft loaded” – ie optionally don’t die if the load fails. Useful for distros.
• Add support for Local Machine Keyset attribute in PKCS#12 files.
• Fix BN_GF2m_mod_arr() top-bit cleanup code.
• Expand ENGINE to support engine supplied SSL client certificate functions. This work was sponsored by Logica.
• Add CryptoAPI ENGINE to support use of RSA and DSA keys held in Windows keystores. Support for SSL/TLS client authentication too. Not compiled unless enable-capieng specified to Configure. This work was sponsored by Logica.
• Fix bug in X509_ATTRIBUTE creation: dont set attribute using ASN1_TYPE_set1 if MBSTRING flag set. This bug would crash certain attribute creation routines such as certifcate requests and PKCS#12 files.

Changes between 0.9.8g and 0.9.8h:

• Fix flaw if ‘Server Key exchange message’ is omitted from a TLS handshake which could lead to a cilent crash as found using the Codenomicon TLS test suite (CVE-2008-1672)
• Fix double free in TLS server name extensions which could lead to a remote crash found by Codenomicon TLS test suite (CVE-2008-0891)
• Clear error queue in SSL_CTX_use_certificate_chain_file(). Clear the error queue to ensure that error entries left from older function calls do not interfere with the correct operation.
• Remove root CA certificates of commercial CAs: The OpenSSL project does not recommend any specific CA and does not have any policy with respect to including or excluding any CA. Therefore it does not make any sense to ship an arbitrary selection of root CA certificates with the OpenSSL software.
• RSA OAEP patches to fix two separate invalid memory reads. The first one involves inputs when ‘lzero’ is greater than ‘SHA_DIGEST_LENGTH’ (it would read about SHA_DIGEST_LENGTH bytes before the beginning of from). The second one involves inputs where the ‘db’ section contains nothing but zeroes (there is a one-byte invalid read after the end of ‘db’).
• Partial backport from 0.9.9-dev: Introduce bn_mul_mont (dedicated Montgomery multiplication procedure) as a candidate for BIGNUM assembler implementation. While 0.9.9-dev uses assembler for various architectures, only x86_64 is available by default here in the 0.9.8 branch, and 32-bit x86 is available through a compile-time setting.
  To try the 32-bit x86 assembler implementation, use Configure option “enable-montasm” (which exists only for this backport).
  As “enable-montasm” for 32-bit x86 disclaims code stability anyway, in this constellation we activate additional code backported from 0.9.9-dev for further performance improvements, namely BN_from_montgomery_word. (To enable this otherwise, eg x86_64, try “-DMONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD”.)
• Add TLS session ticket callback. This allows an application to set TLS ticket cipher and HMAC keys rather than relying on hardcoded fixed values. This is useful for key rollover for example where several key sets may exist with different names.
• Reverse ENGINE – internal logic for caching default ENGINE handles. This was broken until now in 0.9.8 releases, such that the only way a registered ENGINE could be used (assuming it initialises successfully on the host) was to explicitly set it as the default for the relevant algorithms. This is in contradiction with 0.9.7 behavior and the documentation. With this fix, when an ENGINE is registered into a given algorithm’s table of implementations, the ‘uptodate’ flag is reset so that auto-discovery will be used next time a new context for that algorithm attempts to select an implementation.
• Backport of CMS code to OpenSSL 0.9.8. This differs from the 0.9.9 implementation in the following ways:
  • Lack of EVP_PKEY_ASN1_METHOD means algorithm parameters have to be hard coded.
  • Lack of BER streaming support means one pass streaming processing is only supported if data is detached: setting the streaming flag is ignored for embedded content.
  • CMS support is disabled by default and must be explicitly enabled with the enable-cms configuration option.
• Update the GMP engine glue to do direct copies between BIGNUM and mpz_t when openssl and GMP use the same limb size. Otherwise the existing “conversion via a text string export” trick is still used.
• Zlib compression BIO. This is a filter BIO which compressed and uncompresses any data passed through it.
• Add AES_wrap_key() and AES_unwrap_key() functions to implement RFC3394 compatible AES key wrapping.
• Add utility functions to handle ASN1 structures. ASN1_STRING_set0(): sets string data without copying. X509_ALGOR_set0() and X509_ALGOR_get0(): set and retrieve X509_ALGOR (AlgorithmIdentifier) ​​data. Attribute function X509at_get0_data_by_OBJ(): retrieves data from an X509_ATTRIBUTE structure optionally checking it occurs only once. ASN1_TYPE_set1(): set and ASN1_TYPE structure copying supplied data.
• Fix BN flag handling in RSA_eay_mod_exp() and BN_MONT_CTX_set() to get the expected BN_FLG_CONSTTIME behavior.
• Network support:
  • fixed wrong usage of ioctlsocket() when build for LIBC BSD sockets
  • fixed do_tests.pl to run the test suite with CLIB builds too (CLIB_OPT)
  • added some more tests to do_tests.pl
  • fixed RunningProcess usage so that it works with newer LIBC NDKs too
  • removed usage of BN_LLONG for CLIB builds to avoid runtime dependency
  • added new Configure targets netware-clib-bsdsock, netware-clib-gcc, netware-clib-bsdsock-gcc, netware-libc-bsdsock-gcc
  • various changes to netware.pl to enable gcc-cross builds on Win32 platform
  • changed crypto/bio/b_sock.c to work with macro functions (CLIB BSD)
  • various changes to fix missing prototype warnings
  • fixed x86nasm.pl to create correct asm files for NASM COFF output
  • added AES, WHIRLPOOL and CPUID assembler code to build files
  • added missing AES assembler make rules to mk1mf.pl
  • fixed order of includes in apps/ocsp.c so that e_os.h settings apply
• Implement certificate status request TLS extension defined in RFC3546. A client can set the appropriate parameters and receive the encoded OCSP response via a callback. A server can query the supplied parameters and set the encoded OCSP response in the callback. Add simplified examples to s_client and s_server.