1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
Version 1.10.6, 2013-11-10
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* The device reading entropy source now attempts to read from all
available devices. Previously it would break out early if a partial
read from a blocking source occured, not continuing to read from a
non-blocking device. This would cause the library to fall back on
slower and less reliable techniques for collecting PRNG seed
material. Reported by Rickard Bellgrim.
* HMAC_RNG (the default PRNG implementation) now automatically reseeds
itself periodically. Previously reseeds only occured on explicit
application request.
* Fix an encoding error in EC_Group when encoding using EC_DOMPAR_ENC_OID.
Reported by fxdupont on github.
* In EMSA2 and Randpool, avoid calling name() on objects after deleting them if
the provided algorithm objects are not suitable for use. Found by Clang
analyzer, reported by Jeffrey Walton.
* If X509_Store was copied, the u32bit containing how long to cache validation
results was not initialized, potentially causing results to be cached for
significant amounts of time. This could allow a certificate to be considered
valid after its issuing CA's cert expired. Expiration of the end-entity cert
is always checked, and reading a CRL always causes the status to be reset, so
this issue does not affect revocation. Found by Coverity scanner.
* Avoid off by one causing a potentially unterminated string to be passed to
the connect system call if the library was configured to use a very long path
name for the EGD socket. Found by Coverity Scanner.
* In PK_Encryptor_EME, PK_Decryptor_EME, PK_Verifier, and PK_Key_Agreement,
avoid dereferencing an unitialized pointer if no engine supported operations
on the key object given. Found by Coverity scanner.
* Avoid leaking a file descriptor in the /dev/random and EGD entropy sources if
stdin (file descriptor 0) was closed. Found by Coverity scanner.
* Avoid a potentially undefined operation in the bit rotation operations. Not
known to have caused problems under any existing compiler, but might have
caused problems in the future. Caught by Clang sanitizer, reported by Jeffrey
Walton.
* Increase default hash iterations from 10000 to 50000 in PBES1 and PBES2
* Add a fix for mips64el builds from Brad Smith.
|
