Yunqa • The Delphi Inspiration

Delphi Components and Applications

User Tools

Site Tools

You are here: Yunqa • The Delphi Inspiration » Delphi Components » YuOpenSSL » YuOpenSSL: Version History
products:openssl:history_3
New YuPng released!
YuPng brings libpng to Delphi, with its complete API, but no DLLs. Its TYuPngImage TPicture class reads and paints PNG images with ICC color profile conversion, gamma correction, and chromaticities. Learn more …

Table of Contents

YuOpenSSL: Version History

YuOpenSSL-3 Demo YuOpenSSL Demo Buy License

YuOpenSSL is a Delphi port of the OpenSSL cryptography and SSL/TSL library. All code is statically compiled into applications. OpenSSL DLLs are not needed. Over 5000 functions, procedures, constants, and types are ready to use in a single Delphi unit.

YuOpenSSL-3 v1.2.6 – 18 Dec 2022

  • Add APIs for YuXmlSec v1.0.3.

YuOpenSSL-3 v1.2.5 – 2 Nov 2022

  • Update OpenSSL to 3.0.7 (OpenSSL 3.0.6 was withdrawn by the OpenSSL developers).
    • Fixed two high vulnerability buffer overflows in punycode decoding functions, CVE-2022-3786 and CVE-2022-3602.
    • Added RIPEMD160 to the default provider.
    • Other minor bug fixes.

YuOpenSSL-3 v1.2.4 – 5 Jul 2022

  • Update OpenSSL to 3.0.5.
    • Fix BN_gcd to check return value when calling BN_one.
    • Add a check for the return of i2s_ASN1_INTEGER.
    • Fix X509v3_addr_add_range, X509v3_addr_canonize, and X509v3_addr_is_canonical to return the correct result.
    • Fix memory leak in EC_GROUP_new_from_ecparameters.
    • Add and improve various checks.

YuOpenSSL-3 v1.2.3 – 21 Jun 2022

  • Update OpenSSL to 3.0.4.
    • Minor bug fixes.
    • Add some constants and functions, mainly related to EVP_KEYEXCH… and X509v3_addr….

YuOpenSSL-3 v1.2.2 – 6 May 2022

  • Fix OpenSSL version reported by OpenSSL_version…() functions and constants like OPENSSL_FULL_VERSION_STR.

YuOpenSSL-3 v1.2.1 – 3 May 2022

  • Update OpenSSL to 3.0.3.
    • Fixed a bug in the function OCSP_basic_verify that verifies the signer certificate on an OCSP response. The bug caused the function in the case where the (non-default) flag OCSP_NOCHECKS is used to return a postivie response (meaning a successful verification) even in the case where the response signing certificate fails to verify.
    • Fixed a bug where the RC4-MD5 ciphersuite incorrectly used the AAD data as the MAC key. This made the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipient such that the modified data would still pass the MAC integrity check.
    • Fix a bug in the OPENSSL_LH_flush function that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will expand without bounds and the process might be terminated by the operating system causing a denial of service. Also traversing the empty hash table entries will take increasingly more time.

YuOpenSSL-3 v1.2.0 – 15 Mar 2022

  • Update OpenSSL to 3.0.2:
    • Fixed a bug in the BN_mod_sqrt function that can cause it to loop forever for non-prime moduli (CVE-2022-0778). Vulnerable situations include:
      • TLS clients consuming server certificates
      • TLS servers consuming client certificates
      • Hosting providers taking certificates or private keys from customers
      • Certificate authorities parsing certification requests from subscribers
      • Anything else which parses ASN.1 elliptic curve parameters
      • Also any other applications that use the BN_mod_sqrt where the attacker can control the parameter values are vulnerable to this DoS issue.
    • Add ciphersuites based on DHE_PSK (RFC 4279) and ECDHE_PSK (RFC 5489) to the list of ciphersuites providing Perfect Forward Secrecy as required by SECLEVEL >= 3.
    • Fixed PEM_write_bio_PKCS8PrivateKey to make it possible to use empty passphrase strings.
    • The negative return value handling of the certificate verification callback was reverted. The replacement is to set the verification retry state with the SSL_set_retry_verify function.
  • Add OCSP API functions for Internet Component Suite (ICS).

YuOpenSSL-3 v1.1.0 – 4 Feb 2022

  • Add HTTP APIs like OSSL_HTTP_get. They allow to obtain data from HTTP or secure HTTPS using just YuOpenSSL-3 and no additional 3-rd party Internet components. See YuOpenSSL_HTTP_get.dpr demo for usage.
  • Add APIs required for YuXMLSec.

YuOpenSSL-3 v1.0.1 – 14 Dec 2021

  • Update to OpenSSL 3.0.1:
    • Fixed invalid handling of X509_verify_cert internal errors (CVE-2021-4044).
    • Fixed EVP_PKEY_eq to make it possible to use it with strictly private keys.
    • Fixed PVK encoder to properly query for the passphrase.
    • Multiple fixes in the OSSL_HTTP API functions.
    • Allow sign extension in OSSL_PARAM_allocate_from_text for the OSSL_PARAM_INTEGER_ data type and return error on negative numbers used with the OSSL_PARAM_UNSIGNED_INTEGER_ data type. Make OSSL_PARAM_BLD_push_BN and OSSL_PARAM_BLD_push_BN_pad return an error on negative numbers.
    • Allow copying uninitialized digest contexts with EVP_MD_CTX_copy_ex.
    • Multiple threading fixes.
    • Added NULL digest implementation to keep compatibility with 1.1.1 version.
    • Allow fetching an operation from the provider that owns an unexportable key as a fallback if that is still allowed by the property query.
  • Update Indy IOHandler with latest new features and bug fixes.

YuOpenSSL-3 v1.0.0 – 17 Nov 2021

  • Initial release, based on OpenSSL 3.0.0.
products/openssl/history_3.txt · Last modified: 2022/12/18 12:25 by 127.0.0.1
Copyright (c) 2000-2023 Ralf Junkerhttps://www.yunqa.de/delphi/Imprint / Privacy