products:openssl:history_1.1.1
Table of Contents
YuOpenSSL-1.1.1: Version History
YuOpenSSL is a Delphi port of the OpenSSL cryptography and SSL/TSL library. All code is statically compiled into applications. OpenSSL DLLs are not needed. Over 5000 functions, procedures, constants, and types are ready to use in a single Delphi unit.
YuOpenSSL-1.1.1 v1.2.1 – 24 Aug 2024
- Rename from YuOpenSSL to YuOpenSSL-1.1.1.
- New common folder for all 3rd-party components' info and code.
YuOpenSSL-1.1.1 v1.2.0 – 22 Nov 2023
- Support Delphi 12 Athens Win32 and Win64.
YuOpenSSL-1.1.1 v1.1.11 – 11 Sep 2023
- Update to OpenSSL 1.1.1w.
- Fix null pointer dereference, possible memory leaks, and error handling.
YuOpenSSL-1.1.1 v1.1.10 – 1 Aug 2023
- Update to OpenSSL 1.1.1v.
- Fix CVE-2023-3817: Excessive time spent checking DH q parameter value.
YuOpenSSL-1.1.1 v1.1.9 – 22 Jul 2023
- Fix CVE-2023-3446: Excessive time spent checking DH keys and parameters.
YuOpenSSL-1.1.1 v1.1.8 – 31 May 2023
- Update to OpenSSL 1.1.1u.
- Low Severity:
- Fixed processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Applications that use
OBJ_obj2txt
directly, or displaying diverse objects, such as X.509 certificates, may experience notable to very long delays when processing those messages, which may lead to a Denial of Service (CVE-2023-2650).
- Fixed handling of invalid certificate policies in leaf certificates (CVE-2023-0465).
- Limited the number of nodes created in a policy tree (CVE-2023-0464).
YuOpenSSL-1.1.1 v1.1.7 – 8 Feb 2023
- Update to OpenSSL 1.1.1t.
- High Severity:
- Fixed X.400 address type confusion in X.509 GeneralName (CVE-2023-0286).
- Moderate Severity:
- Fixed Timing Oracle in RSA Decryption (CVE-2022-4304).
- Fixed Use-after-free following
BIO_new_NDEF
(CVE-2023-0215). - Fixed Double free after calling
PEM_read_bio_ex
(CVE-2022-4450).
- Add some new API declarations.
YuOpenSSL-1.1.1 v1.1.6 – 2 Nov 2022
- Update to OpenSSL 1.1.1s (OpenSSL 1.1.1r was withdrawn by the OpenSSL developers).
- Bug fixes.
YuOpenSSL-1.1.1 v1.1.5 – 5 Jul 2022
- Update to OpenSSL 1.1.1q.
- Fix
BN_gcd
to check return value when testing for 1. - Add a check for the return of
i2s_ASN1_INTEGER
. - Fix
X509v3_addr_add_range
to return the correct result. - Fix memory leak in
EC_GROUP_new_from_ecparameters
.
YuOpenSSL-1.1.1 v1.1.4 – 21 Jun 2022
- Update to OpenSSL 1.1.1p.
- Minor bug fixes.
YuOpenSSL-1.1.1 v1.1.3 – 3 May 2022
- Update to OpenSSL 1.1.1o.
- Minor bug fixes.
YuOpenSSL-1.1.1 v1.1.2 – 15 Mar 2022
- Update to OpenSSL 1.1.1n:
- Fixed a bug in the
BN_mod_sqrt
function that can cause it to loop forever for non-prime moduli (CVE-2022-0778). Vulnerable situations include:- TLS clients consuming server certificates
- TLS servers consuming client certificates
- Hosting providers taking certificates or private keys from customers
- Certificate authorities parsing certification requests from subscribers
- Anything else which parses ASN.1 elliptic curve parameters
- Also any other applications that use the
BN_mod_sqrt
where the attacker can control the parameter values are vulnerable to this DoS issue.
- Add ciphersuites based on DHE_PSK (RFC 4279) and ECDHE_PSK (RFC 5489) to the list of ciphersuites providing Perfect Forward Secrecy as required by SECLEVEL >= 3.
YuOpenSSL-1.1.1 v1.1.1 – 14 Dec 2021
- Update to OpenSSL 1.1.1m:
- Avoid loading of a dynamic engine twice.
- Prioritise DANE TLSA issuer certs over peer certs.
- Update Indy IOHandler with latest new features and bug fixes.
YuOpenSSL-1.1.1 1.1.0 – 16 Sep 2021
- Support Delphi 11 Alexandria Win32 and Win64.
YuOpenSSL-1.1.1 1.0.2 – 24 Aug 2021
- Update to OpenSSL 1.1.1l:
- Fixed an SM2 Decryption Buffer Overflow.
- Fixed various read buffer overruns processing ASN.1 strings.
- Update Indy (Internet Direct) OpenSSL 1.1.1 support.
- Update Synapse TCP/IP and serial library OpenSSL 1.1.1 support.
YuOpenSSL-1.1.1 1.0.1 – 25 Mar 2021
- Update to OpenSSL 1.1.1k.
- Add identifiers used by ICS (Internet Component Suite):
- Some Pascal functions for C macros.
- Some
ENGINE_…
constants. - Some
PKCS7_…
types.
YuOpenSSL-1.1.1 1.0.0 – 17 Feb 2021
- Update to OpenSSL 1.1.1j.
YuOpenSSL-1.1.1 0.5.0 Beta – 30 Jan 2021
- Convert some C macros to Pascal for better ICS (Internet Component Suite) support.
- Fix wrong type in Indy (Internet Direct). It caused a compiler error because YuOpenSS types are more strict than Indy types.
- Add Synapse thread demo to illustrate thread memory cleanup.
YuOpenSSL-1.1.1 0.4.0 Beta – 29 Dec 2020
- Add ICS 8.65 files modified to use YuOpenSSL instead of the OpenSSL DLLs.
- Add some new OpenSSL API functions required for ICS 8.65.
YuOpenSSL-1.1.1 0.3.0 Beta – 9 Dec 2020
- Update to OpenSSL 1.1.1i.
- Fix a high risk potential NULL pointer de-reference in
GENERAL_NAME_cmp
(CVE-2020-1971).
- Add more than 150 new OpenSSL API functions:
- AES_*() functions.
- OBJ_*() functions.
- PKCS8*() and PKCS12*() functions.
- *_method() functions.
- New Synapse TCP/IP and serial library support, plus basic demos.
- Small update to the Indy (Internet Direct) OpenSSL 1.1.1 IOHandler.
YuOpenSSL-1.1.1 0.2.1 Alpha – 25 Nov 2020
- Add
EVP_VerifyInit
,EVP_VerifyInit_ex
, andEVP_VerifyUpdate
, ported from OpenSSL macros. - Fix memory leaks in ICS (Internet Component Suite). They surfaced after the OverbyteIcsSslWebServ.dpr sample project was linked against YuOpenSSL. A total of > 10k memory allocations reported not freed, adding up to > 500k bytes of leaked memory. The leaks were easy to spot because YuOpenSSL does not use the OpenSSL DLLs but compiles all OpenSSL code into the application binary. As a side effect, YuOpenSSL uses the Delphi memory manager and by default allows memory trackers to see OpenSSL memory allocations. Otherwise this does normally not happen when the OpenSSL DLLs employ their own memory management. The leaks then sum up in the DLLs' memory space, and out of sight of Delphi's memory trackers.
YuOpenSSL-1.1.1 0.2.0 Alpha – 16 Nov 2020
- Update to OpenSSL 1.1.1h.
- Add hundreds of OpenSSL API functions, procedures, types, and constants.
- New Indy (Internet Direct) support, plus basic demos. The Indy OpenSSL 1.1.1 IOHandler is still in development. Until stable, consider this a proof of concept and use with great care.
- New demos to create certificates.
YuOpenSSL-1.1.1 0.1.0 Alpha – 30 Jul 2020
- Initial public release, based on OpenSSL 1.1.1g.
products/openssl/history_1.1.1.txt · Last modified: 2024/11/21 22:04 by 127.0.0.1