openssl-1.0.0-20.AXS4

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.
Security issues fixed with this release:
CVE-2011-3207
crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past.
Fixed bugs:
- Loading and unloading the CHIL engine repeatedly caused the calling program to terminate unexpectedly. This has been fixed.
- The missing initialization of a variable could prevcent the CHIL engine to load. This has been fixed.
Enhancements:
- Improved the performance of the AES encryption algorithm on CPUs with the AES-NI instruction set, and of the SHA-1 and RC4 algorithms on 32-bit and 64-bit x86 architectures.
- The OpenSSL source package can now be built without additional patches (for testing purposes).
- Partial RELRO is now enabled during the build of the OpenSSL libraries: this improves security.
- The AEX-NI instruction acceleration can nowbe disabled by setting the OPENSSL_DISABLE_AES_NI environment variable to any value.
- Implemented the direct KAT self-test for SHA-2 algorithms in FIPS mode.
- Updated the manual and help pages with the instruction to run openssl dgst -h to list all available digest algorithms.