Version 1.10.6, 2013-11-10 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * The device reading entropy source now attempts to read from all available devices. Previously it would break out early if a partial read from a blocking source occured, not continuing to read from a non-blocking device. This would cause the library to fall back on slower and less reliable techniques for collecting PRNG seed material. Reported by Rickard Bellgrim. * HMAC_RNG (the default PRNG implementation) now automatically reseeds itself periodically. Previously reseeds only occured on explicit application request. * Fix an encoding error in EC_Group when encoding using EC_DOMPAR_ENC_OID. Reported by fxdupont on github. * In EMSA2 and Randpool, avoid calling name() on objects after deleting them if the provided algorithm objects are not suitable for use. Found by Clang analyzer, reported by Jeffrey Walton. * If X509_Store was copied, the u32bit containing how long to cache validation results was not initialized, potentially causing results to be cached for significant amounts of time. This could allow a certificate to be considered valid after its issuing CA's cert expired. Expiration of the end-entity cert is always checked, and reading a CRL always causes the status to be reset, so this issue does not affect revocation. Found by Coverity scanner. * Avoid off by one causing a potentially unterminated string to be passed to the connect system call if the library was configured to use a very long path name for the EGD socket. Found by Coverity Scanner. * In PK_Encryptor_EME, PK_Decryptor_EME, PK_Verifier, and PK_Key_Agreement, avoid dereferencing an unitialized pointer if no engine supported operations on the key object given. Found by Coverity scanner. * Avoid leaking a file descriptor in the /dev/random and EGD entropy sources if stdin (file descriptor 0) was closed. Found by Coverity scanner. * Avoid a potentially undefined operation in the bit rotation operations. Not known to have caused problems under any existing compiler, but might have caused problems in the future. Caught by Clang sanitizer, reported by Jeffrey Walton. * Increase default hash iterations from 10000 to 50000 in PBES1 and PBES2 * Add a fix for mips64el builds from Brad Smith.