En ny version av OpenSSL finns nu ute att tanka hem från openssl.org som innehåller en mycket viktig säkerhetsfix:

Several functions inside OpenSSL incorrectly checked the result after
calling the EVP_VerifyFinal function, allowing a malformed signature
to be treated as a good signature rather than as an error.  This issue
affected the signature checks on DSA and ECDSA keys used with
SSL/TLS.

Läs den fullständiga varningen: openssl.org/news/secadv_20090107.txt

Intressant att notera är även att det är Googles säkerhetsteam som hittat denna säkerhetsbugg.

Det omåttligt populära kryptobiblioteket OpenSSL har nu kommit ut i en ny version, nämligen 0.9.8i.

Några av de många förändringar och förbättringar är:

*) Delta CRL support

*) Support for CRLs partitioned by reason code

*) Support for freshest CRL extension.

*) Initial indirect CRL support.

*) Add support for distinct certificate and CRL paths.

*) Add support for policy mappings extension.

*) Fixes to pathlength constraint, self issued certificate handling,
policy processing to align with RFC3280 and PKITS tests.
*) Support for name constraints certificate extension. DN, email, DNS
and URI types are currently supported.

*) To cater for systems that provide a pointer-based thread ID rather
than numeric, deprecate the current numeric thread ID mechanism and
replace it with a structure and associated callback type

*) Initial support for different CRL issuing certificates.

*) Removed effectively defunct crypto/store from the build.

*) Revamp of STACK to provide stronger type-checking.

*) Add a new SSL_MODE_RELEASE_BUFFERS mode flag to release unused buffer

RAM on SSL connections.

*) Revamp of LHASH to provide stronger type-checking.

*) Initial support for Cryptographic Message Syntax (aka CMS) based
on RFC3850, RFC3851 and RFC3852.

*) Add options to enc utility to support use of zlib compression BIO.

Några av dessa förändringar är sponsrade av Google. För att se samtliga ändringar:

http://www.openssl.org/source/exp/CHANGES