OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows
remote attackers to cause a denial of service (inifnite loop
and memory consumption) via malformed ASN.1 structures that
trigger an improperly handled error condition.
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier
versions allows attackers to cause a denial of service (CPU
consumption) via certain public keys that require extra time
to process.
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
Buffer overflow in the SSL_get_shared_ciphers function in
OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier
versions has unspecified impact and remote attack vectors
involving a long list of ciphers.
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
Unspecified vulnerability in the SSLv2 client code in OpenSSL
0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions
allows remote servers to cause a denial of service (client
crash) via unknown vectors.
- Rollback the updates for rsa.h, rsa_eay.c and rsa_err.c as they were
not necessary to address this vulnerability.
- Small update to the patch for rsa_sign.c for backward compatability so
the same patch can be applied to 0.9.[6-9]
Daniel Bleichenbacher recently described an attack on PKCS #1 v1.5
signatures. If an RSA key with exponent 3 is used it may be possible
to forge a PKCS #1 v1.5 signature signed by that key. Implementations
may incorrectly verify the certificate if they are not checking for
excess data in the RSA exponentiation result of the signature.
Since there are CAs using exponent 3 in wide use, and PKCS #1 v1.5 is
used in X.509 certificates, all software that uses OpenSSL to verify
X.509 certificates is potentially vulnerable, as well as any other use
of PKCS #1 v1.5. This includes software that uses OpenSSL for SSL or
TLS.
> use explicitly sized types for U_LLONG U_LONG and LONG; otherwise bn
> breaks on 64 bit platforms. The "LONG" openssl wants is really a 32 bit int.
Instead define SIXTY_FOUR_BIT_LONG where apropriate.
Regression tests still pass on sparc64 and i386. Furthermore this allows
us to finaly close PR 28935 (thanks to christos for removing the local
hacks on last import).
1. Instead of trying to cleanup the ugly ifdefs, we leave them alone so that
there are going to be fewer conflicts in the future.
2. Where we make changes to override things #ifdef __NetBSD__ around them
so that it is clear what we are changing. This is still missing in some
places, notably in opensslconf.h because it would make things messier.
christos