YuOpenSSL is a Delphi port of the OpenSSL cryptography and SSL/TSL library. All code is statically compiled into applications. OpenSSL DLLs are not needed. Over 5000 functions, procedures, constants, and types are ready to use in a single Delphi unit.
OpenSSL_version…()
functions and constants like OPENSSL_FULL_VERSION_STR
.OCSP_basic_verify
that verifies the signer certificate on an OCSP response. The bug caused the function in the case where the (non-default) flag OCSP_NOCHECKS
is used to return a postivie response (meaning a successful verification) even in the case where the response signing certificate fails to verify.OPENSSL_LH_flush
function that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will expand without bounds and the process might be terminated by the operating system causing a denial of service. Also traversing the empty hash table entries will take increasingly more time.BN_mod_sqrt
function that can cause it to loop forever for non-prime moduli (CVE-2022-0778). Vulnerable situations include:BN_mod_sqrt
where the attacker can control the parameter values are vulnerable to this DoS issue.PEM_write_bio_PKCS8PrivateKey
to make it possible to use empty passphrase strings.SSL_set_retry_verify
function.OSSL_HTTP_get
. They allow to obtain data from HTTP or secure HTTPS using just YuOpenSSL-3 and no additional 3-rd party Internet components. See YuOpenSSL_HTTP_get.dpr
demo for usage.X509_verify_cert
internal errors (CVE-2021-4044).EVP_PKEY_eq
to make it possible to use it with strictly private keys.OSSL_PARAM_allocate_from_text
for the OSSL_PARAM_INTEGER_
data type and return error on negative numbers used with the OSSL_PARAM_UNSIGNED_INTEGER_
data type. Make OSSL_PARAM_BLD_push_BN
and OSSL_PARAM_BLD_push_BN_pad
return an error on negative numbers.EVP_MD_CTX_copy_ex
.