blob: 9bbeb1ba4878ecf3b023bc9c687d3d1b216a9ce5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
Version 1.11.9, 2014-04-10
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Fix a bug in primality testing introduced in 1.8.3 which caused
only a single random base, rather than a sequence of random bases,
to be used in the Miller-Rabin test. This increased the probability
that a non-prime would be accepted, for instance a 1024 bit number
would be incorrectly classed as prime with probability around
2^-40. Reported by Jeff Marrison.
* X.509 path validation now returns a set of all errors that occurred
during validation, rather than immediately returning the first
detected error. This prevents a seemingly innocuous error (such as
an expired certificate) from hiding an obviously serious error
(such as an invalid signature). The Certificate_Status_Code enum is
now ordered by severity, and the most severe error is returned by
Path_Validation_Result::result(). The entire set of status codes is
available with the new all_statuses call.
* Fixed a bug in OCSP response decoding which would cause an error
when attempting to decode responses from some widely used
responders.
* An implementation of HMAC_DRBG RNG from NIST SP800-90A has been
added. Like the X9.31 PRNG implementation, it uses another
underlying RNG for seeding material.
* An implementation of the RFC 6979 deterministic nonce generator has
been added.
* Fix a bug in certificate path validation which prevented successful
validation if intermediate certificates were presented out of order.
* Fix a bug introduced in 1.11.5 which could cause crashes or other
incorrect behavior when a cipher mode filter was followed in the
pipe by another filter, and that filter had a non-empty start_msg.
* The types.h header now uses stdint.h rather than cstdint to avoid
problems with Clang on OS X.
|
