products:openssl:history
Table of Contents
YuOpenSSL: Version History
YuOpenSSL v1.1.11 – 11 Sep 2023
- Update OpenSSL to 1.1.1w.
- Fix null pointer dereference, possible memory leaks, and error handling.
YuOpenSSL v1.1.10 – 1 Aug 2023
- Update OpenSSL to 1.1.1v.
- Fix CVE-2023-3817: Excessive time spent checking DH q parameter value.
YuOpenSSL v1.1.9 – 22 Jul 2023
- Fix CVE-2023-3446: Excessive time spent checking DH keys and parameters.
YuOpenSSL v1.1.8 – 31 May 2023
- Update OpenSSL to 1.1.1u.
- Low Severity:
- Fixed processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Applications that use
OBJ_obj2txtdirectly, or displaying diverse objects, such as X.509 certificates, may experience notable to very long delays when processing those messages, which may lead to a Denial of Service (CVE-2023-2650).
- Fixed handling of invalid certificate policies in leaf certificates (CVE-2023-0465).
- Limited the number of nodes created in a policy tree (CVE-2023-0464).
YuOpenSSL v1.1.7 – 8 Feb 2023
- Update OpenSSL to 1.1.1t.
- High Severity:
- Fixed X.400 address type confusion in X.509 GeneralName (CVE-2023-0286).
- Moderate Severity:
- Fixed Timing Oracle in RSA Decryption (CVE-2022-4304).
- Fixed Use-after-free following
BIO_new_NDEF(CVE-2023-0215). - Fixed Double free after calling
PEM_read_bio_ex(CVE-2022-4450).
- Add some new API declarations.
YuOpenSSL v1.1.6 – 2 Nov 2022
- Update OpenSSL to 1.1.1s (OpenSSL 1.1.1r was withdrawn by the OpenSSL developers).
- Bug fixes.
YuOpenSSL v1.1.5 – 5 Jul 2022
- Update OpenSSL to 1.1.1q.
- Fix
BN_gcdto check return value when testing for 1. - Add a check for the return of
i2s_ASN1_INTEGER. - Fix
X509v3_addr_add_rangeto return the correct result. - Fix memory leak in
EC_GROUP_new_from_ecparameters.
YuOpenSSL v1.1.4 – 21 Jun 2022
- Update OpenSSL to 1.1.1p.
- Minor bug fixes.
YuOpenSSL v1.1.3 – 3 May 2022
- Update OpenSSL to 1.1.1o.
- Minor bug fixes.
YuOpenSSL v1.1.2 – 15 Mar 2022
- Update OpenSSL to 1.1.1n:
- Fixed a bug in the
BN_mod_sqrtfunction that can cause it to loop forever for non-prime moduli (CVE-2022-0778). Vulnerable situations include:- TLS clients consuming server certificates
- TLS servers consuming client certificates
- Hosting providers taking certificates or private keys from customers
- Certificate authorities parsing certification requests from subscribers
- Anything else which parses ASN.1 elliptic curve parameters
- Also any other applications that use the
BN_mod_sqrtwhere the attacker can control the parameter values are vulnerable to this DoS issue.
- Add ciphersuites based on DHE_PSK (RFC 4279) and ECDHE_PSK (RFC 5489) to the list of ciphersuites providing Perfect Forward Secrecy as required by SECLEVEL >= 3.
YuOpenSSL v1.1.1 – 14 Dec 2021
- Update to OpenSSL 1.1.1m:
- Avoid loading of a dynamic engine twice.
- Prioritise DANE TLSA issuer certs over peer certs.
- Update Indy IOHandler with latest new features and bug fixes.
YuOpenSSL 1.1.0 – 16 Sep 2021
- Support Delphi 11 Alexandria Win32 and Win64.
YuOpenSSL 1.0.2 – 24 Aug 2021
- Update to OpenSSL 1.1.1l:
- Fixed an SM2 Decryption Buffer Overflow.
- Fixed various read buffer overruns processing ASN.1 strings.
- Update Indy (Internet Direct) OpenSSL 1.1.1 support.
- Update Synapse TCP/IP and serial library OpenSSL 1.1.1 support.
YuOpenSSL 1.0.1 – 25 Mar 2021
- Update to OpenSSL 1.1.1k.
- Add identifiers used by ICS (Internet Component Suite):
- Some Pascal functions for C macros.
- Some
ENGINE_…constants. - Some
PKCS7_…types.
YuOpenSSL 1.0.0 – 17 Feb 2021
- Update to OpenSSL 1.1.1j.
YuOpenSSL 0.5.0 Beta – 30 Jan 2021
- Convert some C macros to Pascal for better ICS (Internet Component Suite) support.
- Fix wrong type in Indy (Internet Direct). It caused a compiler error because YuOpenSS types are more strict than Indy types.
- Add Synapse thread demo to illustrate thread memory cleanup.
YuOpenSSL 0.4.0 Beta – 29 Dec 2020
- Add ICS 8.65 files modified to use YuOpenSSL instead of the OpenSSL DLLs.
- Add some new OpenSSL API functions required for ICS 8.65.
YuOpenSSL 0.3.0 Beta – 9 Dec 2020
- Update to OpenSSL 1.1.1i.
- Fix a high risk potential NULL pointer de-reference in
GENERAL_NAME_cmp(CVE-2020-1971).
- Add more than 150 new OpenSSL API functions:
- AES_*() functions.
- OBJ_*() functions.
- PKCS8*() and PKCS12*() functions.
- *_method() functions.
- New Synapse TCP/IP and serial library support, plus basic demos.
- Small update to the Indy (Internet Direct) OpenSSL 1.1.1 IOHandler.
YuOpenSSL 0.2.1 Alpha – 25 Nov 2020
- Add
EVP_VerifyInit,EVP_VerifyInit_ex, andEVP_VerifyUpdate, ported from OpenSSL macros. - Fix memory leaks in ICS (Internet Component Suite). They surfaced after the OverbyteIcsSslWebServ.dpr sample project was linked against YuOpenSSL. A total of > 10k memory allocations reported not freed, adding up to > 500k bytes of leaked memory. The leaks were easy to spot because YuOpenSSL does not use the OpenSSL DLLs but compiles all OpenSSL code into the application binary. As a side effect, YuOpenSSL uses the Delphi memory manager and by default allows memory trackers to see OpenSSL memory allocations. Otherwise this does normally not happen when the OpenSSL DLLs employ their own memory management. The leaks then sum up in the DLLs' memory space, and out of sight of Delphi's memory trackers.
YuOpenSSL 0.2.0 Alpha – 16 Nov 2020
- Update to OpenSSL 1.1.1h.
- Add hundreds of OpenSSL API functions, procedures, types, and constants.
- New Indy (Internet Direct) support, plus basic demos. The Indy OpenSSL 1.1.1 IOHandler is still in development. Until stable, consider this a proof of concept and use with great care.
- New demos to create certificates.
YuOpenSSL 0.1.0 Alpha – 30 Jul 2020
- Initial public release, based on OpenSSL 1.1.1g.
products/openssl/history.txt · Last modified: 2023/09/20 00:06 by 127.0.0.1