New OpenSSL releases 3.0.16, 3.2.4, 3.3.3 and 3.4.1 and new resource files linked by ICS

[Angus Robertson 608]

OpenSSL has released maintenance versions of the four currently supported versions, 3.0.16, 3.2.4, 3.3.3 and 3.4.1.

 

There is one high security fix for 3.2 and later relating to Raw Public Keys (RPKs), but these are disabled by default and not yet used in ICS, and a low level timing side-channel in ECDSA signature computation fix that needs hardware access to exploit.

 

These OpenSSL versions are included with the final ICS V9.4 release.

 

Windows binary zips are available from https://wiki.overbyte.eu/wiki/index.php/ICS_Download or https://www.magsys.co.uk/delphi/magics.asp

 

In addition to the three DLL files, the zips include compiled RES resource files that contain the same DLLs, text files and version information, see the RC file. The RES file may be linked into application EXE files and code then used to extract the DLLs from the resource to a temporary directory to avoid distributing them separately.

 

ICS V9.1 and later optionally support loading the resource file.

 

Beware OpenSSL 3.4 exposed a minor ICS bug creating X509 certificate requests and creating CA signed certificates, which is fixed in V9.4. or a one line change for earlier versions.   Also note when building the ICS packages for the first time with 3.4, there may be a dialog 'entry point could not be located', because the new DLLs are only extracted from the resource files when the first application is run, but the packages have built OK.

 

ICS V9.4 defaults to using OpenSSL 3.4.1, provided the new OverbyteIcsDefs.inc files is installed, with an earlier version optional by changing the Defs file.

 

Angus