Yunqa • The Delphi Inspiration

Delphi Components and Applications

User Tools

Site Tools

You are here: Yunqa • The Delphi Inspiration » Delphi Components » YuOpenSSL » YuOpenSSL: Version History
products:openssl:history_3
New: YuZip adds ZIP archive manipulation to DIZipWriter!
YuZip supersedes DIZipWriter and adds libzip to Delphi. The new YuZip.pas unit can open, extract from, and modify ZIP archives, as well as create new ones. With deflate, bzip2, LZMA, XZ, and ZStandard de/compression and AES de/encryption. Learn more …

Table of Contents

YuOpenSSL: Version History

YuOpenSSL-3 Demo YuOpenSSL Demo Buy License

YuOpenSSL is a Delphi port of the OpenSSL cryptography and SSL/TSL library. All code is statically compiled into applications. OpenSSL DLLs are not needed. Over 5000 functions, procedures, constants, and types are ready to use in a single Delphi unit.

YuOpenSSL-3 v1.2.12 – 19 Sep 2023

  • Update OpenSSL to 3.0.11.

YuOpenSSL-3 v1.2.11 – 1 Aug 2023

  • Update OpenSSL to 3.0.10.
    • Fix CVE-2023-3817: Excessive time spent checking DH q parameter value.

YuOpenSSL-3 v1.2.10 – 22 Jun 2023

  • Fix CVE-2023-2975: AES-SIV implementation ignores empty associated data entries.
  • Fix CVE-2023-3446: Excessive time spent checking DH keys and parameters.

YuOpenSSL-3 v1.2.9 – 31 May 2023

  • Update OpenSSL to 3.0.9.
    • Moderate Severity:
      • Fixed processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Applications that use OBJ_obj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience notable to very long delays when processing those messages, which may lead to a Denial of Service.
    • Other, non critical bug fixes.

YuOpenSSL-3 v1.2.8 – 26 Apr 2023

  • Add APIs for YuXMLSec v1.1.0.
  • Cherry pick low severity CVE fixes:
    • Fixed handling of invalid certificate policies in leaf certificates (CVE-2023-0465).
    • Limited the number of nodes created in a policy tree (CVE-2023-0464).

YuOpenSSL-3 v1.2.7 – 8 Feb 2023

  • Update OpenSSL to 3.0.8.
    • High Severity:
      • Fixed X.400 address type confusion in X.509 GeneralName (CVE-2023-0286).
    • Moderate Severity:
      • Fixed Timing Oracle in RSA Decryption (CVE-2022-4304).
      • Fixed X.509 Name Constraints Read Buffer Overflow (CVE-2022-4203).
      • Fixed Use-after-free following BIO_new_NDEF (CVE-2023-0215).
      • Fixed Double free after calling PEM_read_bio_ex (CVE-2022-4450).
      • Fixed Invalid pointer dereference in d2i_PKCS7 functions (CVE-2023-0216).
      • Fixed NULL dereference validating DSA public key (CVE-2023-0217).
      • Fixed NULL dereference during PKCS7 data verification (CVE-2023-0401).
      • Fixed X.509 Policy Constraints Double Locking (CVE-2022-3996).
  • Added dozens new API declarations.

YuOpenSSL-3 v1.2.6 – 18 Dec 2022

  • Add APIs for YuXmlSec v1.0.3.

YuOpenSSL-3 v1.2.5 – 2 Nov 2022

  • Update OpenSSL to 3.0.7 (OpenSSL 3.0.6 was withdrawn by the OpenSSL developers).
    • Fixed two high vulnerability buffer overflows in punycode decoding functions, CVE-2022-3786 and CVE-2022-3602.
    • Added RIPEMD160 to the default provider.
    • Other minor bug fixes.

YuOpenSSL-3 v1.2.4 – 5 Jul 2022

  • Update OpenSSL to 3.0.5.
    • Fix BN_gcd to check return value when calling BN_one.
    • Add a check for the return of i2s_ASN1_INTEGER.
    • Fix X509v3_addr_add_range, X509v3_addr_canonize, and X509v3_addr_is_canonical to return the correct result.
    • Fix memory leak in EC_GROUP_new_from_ecparameters.
    • Add and improve various checks.

YuOpenSSL-3 v1.2.3 – 21 Jun 2022

  • Update OpenSSL to 3.0.4.
    • Minor bug fixes.
    • Add some constants and functions, mainly related to EVP_KEYEXCH… and X509v3_addr….

YuOpenSSL-3 v1.2.2 – 6 May 2022

  • Fix OpenSSL version reported by OpenSSL_version…() functions and constants like OPENSSL_FULL_VERSION_STR.

YuOpenSSL-3 v1.2.1 – 3 May 2022

  • Update OpenSSL to 3.0.3.
    • Fixed a bug in the function OCSP_basic_verify that verifies the signer certificate on an OCSP response. The bug caused the function in the case where the (non-default) flag OCSP_NOCHECKS is used to return a postivie response (meaning a successful verification) even in the case where the response signing certificate fails to verify.
    • Fixed a bug where the RC4-MD5 ciphersuite incorrectly used the AAD data as the MAC key. This made the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipient such that the modified data would still pass the MAC integrity check.
    • Fix a bug in the OPENSSL_LH_flush function that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will expand without bounds and the process might be terminated by the operating system causing a denial of service. Also traversing the empty hash table entries will take increasingly more time.

YuOpenSSL-3 v1.2.0 – 15 Mar 2022

  • Update OpenSSL to 3.0.2:
    • Fixed a bug in the BN_mod_sqrt function that can cause it to loop forever for non-prime moduli (CVE-2022-0778). Vulnerable situations include:
      • TLS clients consuming server certificates
      • TLS servers consuming client certificates
      • Hosting providers taking certificates or private keys from customers
      • Certificate authorities parsing certification requests from subscribers
      • Anything else which parses ASN.1 elliptic curve parameters
      • Also any other applications that use the BN_mod_sqrt where the attacker can control the parameter values are vulnerable to this DoS issue.
    • Add ciphersuites based on DHE_PSK (RFC 4279) and ECDHE_PSK (RFC 5489) to the list of ciphersuites providing Perfect Forward Secrecy as required by SECLEVEL >= 3.
    • Fixed PEM_write_bio_PKCS8PrivateKey to make it possible to use empty passphrase strings.
    • The negative return value handling of the certificate verification callback was reverted. The replacement is to set the verification retry state with the SSL_set_retry_verify function.
  • Add OCSP API functions for Internet Component Suite (ICS).

YuOpenSSL-3 v1.1.0 – 4 Feb 2022

  • Add HTTP APIs like OSSL_HTTP_get. They allow to obtain data from HTTP or secure HTTPS using just YuOpenSSL-3 and no additional 3-rd party Internet components. See YuOpenSSL_HTTP_get.dpr demo for usage.
  • Add APIs for YuXMLSec v1.0.0.

YuOpenSSL-3 v1.0.1 – 14 Dec 2021

  • Update to OpenSSL 3.0.1:
    • Fixed invalid handling of X509_verify_cert internal errors (CVE-2021-4044).
    • Fixed EVP_PKEY_eq to make it possible to use it with strictly private keys.
    • Fixed PVK encoder to properly query for the passphrase.
    • Multiple fixes in the OSSL_HTTP API functions.
    • Allow sign extension in OSSL_PARAM_allocate_from_text for the OSSL_PARAM_INTEGER_ data type and return error on negative numbers used with the OSSL_PARAM_UNSIGNED_INTEGER_ data type. Make OSSL_PARAM_BLD_push_BN and OSSL_PARAM_BLD_push_BN_pad return an error on negative numbers.
    • Allow copying uninitialized digest contexts with EVP_MD_CTX_copy_ex.
    • Multiple threading fixes.
    • Added NULL digest implementation to keep compatibility with 1.1.1 version.
    • Allow fetching an operation from the provider that owns an unexportable key as a fallback if that is still allowed by the property query.
  • Update Indy IOHandler with latest new features and bug fixes.

YuOpenSSL-3 v1.0.0 – 17 Nov 2021

  • Initial release, based on OpenSSL 3.0.0.
products/openssl/history_3.txt · Last modified: 2023/09/20 00:06 by 127.0.0.1
Copyright (c) 2000-2023 Ralf Junkerhttps://www.yunqa.de/delphi/Imprint / Privacy