[ANNOUNCEMENT] OpenSSL 0.9.6a Beta 3 released
Perry E. Metzger
perry at piermont.com
Mon Apr 2 16:24:59 EDT 2001
------- Start of forwarded message -------
Received: from opensource.ee.ethz.ch (opensource-01.ee.ethz.ch [129.132.7.153]) by blacklodge.c2.net (8.8.8/8.7.3) with ESMTP id MAA11964 for <cryptography at c2.net>; Fri, 30 Mar 2001 12:43:24 -0800 (PST)
Received: by en5.engelschall.com (Sendmail 8.9.2/smtpfeed 1.06)
id WAA02289; Fri, 30 Mar 2001 22:45:07 +0200 (MET DST)
Date: Fri, 30 Mar 2001 22:45:06 +0200
From: Richard Levitte <levitte at openssl.org>
To: openssl-announce at openssl.org, openssl-users at openssl.org,
openssl-dev at openssl.org, coderpunks at toad.com, cypherpunks at openpgp.net,
cryptography at c2.net, VMS-SSH at ALPHA.SGGW.WAW.PL, INFO-VAX at MVB.SAIC.COM,
VMS-WEB-DAEMON at KJSL.COM, info-wasd at vsm.com.au
Subject: [ANNOUNCEMENT] OpenSSL 0.9.6a Beta 3 released
Message-ID: <20010330224505.A28644 at openssl.org>
Reply-To: levitte at openssl.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.95i
Organization: OpenSSL Project
X-Web-Homepage: http://www.openssl.org/~levitte/
The third beta release of OpenSSL 0.9.6a is now available from the
OpenSSL FTP site <URL: ftp://ftp.openssl.org/source/>.
OpenSSL 0.9.6a is a bug-fix release of version 0.9.6, and currently
contains 52 documented changes. Among others, this release should build
on all Windows platforms, which 0.9.6 failed to do. Just as for version
0.9.6, this one comes in two variants, one containing the now well-known
ENGINE code and one that doesn't. The tar files are:
openssl-0.9.6a-beta3.tar.gz
openssl-engine-0.9.6a-beta3.tar.gz
The news section for 0.9.6a gives the following:
o Security fix: change behavior of OpenSSL to avoid using
environment variables when running as root.
o Security fix: check the result of RSA-CRT to reduce the
possibility of deducing the private key from an incorrectly
calculated signature.
o Security fix: prevent Bleichenbacher's DSA attack.
o Security fix: Zero the premaster secret after deriving the
master secret in DH ciphersuites.
o Reimplement SSL_peek(), which had various problems.
o Compatibility fix: the function des_encrypt() renamed to
des_encrypt1() to avoid clashes with some Unixen libc.
o Bug fixes for Win32, HP/UX and Irix.
o Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and
memory checking routines.
o Bug fixes for RSA operations in threaded enviroments.
o Bug fixes in misc. openssl applications.
o Remove a few potential memory leaks.
o Add tighter checks of BIGNUM routines.
o Shared library support has been reworked for generality.
o More documentation.
o New function BN_rand_range().
o Add "-rand" option to openssl s_client and s_server.
The next (hopefully real) release is scheduled for Tuesday 2001-04-03. To make
sure that it will work correctly, please test this version (especially on less
common platforms), and report any problems to <openssl-bugs at openssl.org>.
--
Richard Levitte levitte at openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
Software Engineer, Celo Communications: http://www.celocom.com/
------- End of forwarded message -------
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list