This version of OpenSSL is exactly the same as the stock 0.9.7b
version, with the following patch to crypto/rsa/rsa_eay.c,
provided by Diarmuid O'Neill:


---------------------------------------------------------------
*** rsa_eay.c   Tue Apr  8 07:32:48 2003
--- rsa_eay.new Tue Apr 15 12:02:33 2003
***************
*** 491,496 ****
--- 491,498 ----
        if (ctx != NULL) BN_CTX_free(ctx);
        BN_clear_free(&f);
        BN_clear_free(&ret);
+       if (local_blinding)
+               BN_BLINDING_free(blinding);
        if (buf != NULL)
                {
                OPENSSL_cleanse(buf,num);
---------------------------------------------------------------

0.9.7b implements RSA blinding to defeat RSA timing attacks.
However due to an oversight, there is a memory leak.  The above
patch frees up the blinding memory that was overlooked.

I have *NOT* changed the version number of OpenSSL for these
DLLs -- this is not an official version, and any version
number change would potentially conflict with a snapshot
version, etc.

Feel free to use these DLLs, however you should definitely
upgrade to 0.9.7c whenever it comes out.



-- Brian Hatch <bri@stunnel.org>