Recent changes from 0.9.7-stable.

This commit is contained in:
Richard Levitte 2004-03-23 15:01:13 +00:00
parent e51f113ad8
commit 2fb2e00d94
19 changed files with 77 additions and 28 deletions

14
CHANGES
View File

@ -2,7 +2,19 @@
OpenSSL CHANGES OpenSSL CHANGES
_______________ _______________
Changes between 0.9.7c and 0.9.7d [xx XXX XXXX] Changes between 0.9.7d and 0.9.7e [XX xxx XXXX]
*)
Changes between 0.9.7c and 0.9.7d [17 Mar 2004]
*) Fix null-pointer assignment in do_change_cipher_spec() revealed
by using the Codenomicon TLS Test Tool (CAN-2004-0079)
[Joe Orton, Steve Henson]
*) Fix flaw in SSL/TLS handshaking when using Kerberos ciphersuites
(CAN-2004-0112)
[Joe Orton, Steve Henson]
*) Make it possible to have multiple active certificates with the same *) Make it possible to have multiple active certificates with the same
subject in the CA index file. This is done only if the keyword subject in the CA index file. This is done only if the keyword

2
FAQ
View File

@ -68,7 +68,7 @@ OpenSSL - Frequently Asked Questions
* Which is the current version of OpenSSL? * Which is the current version of OpenSSL?
The current version is available from <URL: http://www.openssl.org>. The current version is available from <URL: http://www.openssl.org>.
OpenSSL 0.9.7c was released on September 30, 2003. OpenSSL 0.9.7d was released on March 17, 2004.
In addition to the current stable release, you can also access daily In addition to the current stable release, you can also access daily
snapshots of the OpenSSL development version at <URL: snapshots of the OpenSSL development version at <URL:

View File

@ -12,7 +12,7 @@
--------------- ---------------
/* ==================================================================== /* ====================================================================
* Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions

View File

@ -476,7 +476,7 @@ do_irix-shared:
if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \ libs="$(LIBKRB5) $$libs"; \
fi; \ fi; \
( WHOLELIB="-all lib$$i.a -noall"; \ ( WHOLELIB="-all lib$$i.a -notall"; \
(${CC} -v 2>&1 | grep gcc) > /dev/null && WHOLELIB="-Wl,-all,lib$$i.a,-notall"; \ (${CC} -v 2>&1 | grep gcc) > /dev/null && WHOLELIB="-Wl,-all,lib$$i.a,-notall"; \
set -x; ${CC} ${SHARED_LDFLAGS} \ set -x; ${CC} ${SHARED_LDFLAGS} \
-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \

8
NEWS
View File

@ -5,6 +5,14 @@
This file gives a brief overview of the major changes between each OpenSSL This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file. release. For more details please read the CHANGES file.
Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d:
o Security: Fix Kerberos ciphersuite SSL/TLS handshaking bug
o Security: Fix null-pointer assignment in do_change_cipher_spec()
o Allow multiple active certificates with same subject in CA index
o Multiple X590 verification fixes
o Speed up HMAC and other operations
Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c: Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c:
o Security: fix various ASN1 parsing bugs. o Security: fix various ASN1 parsing bugs.

4
README
View File

@ -1,7 +1,7 @@
OpenSSL 0.9.7c 30 Sep 2003 OpenSSL 0.9.7d 17 Mar 2004
Copyright (c) 1998-2003 The OpenSSL Project Copyright (c) 1998-2004 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved. All rights reserved.

5
STATUS
View File

@ -1,14 +1,17 @@
OpenSSL STATUS Last modified at OpenSSL STATUS Last modified at
______________ $Date: 2003/10/02 10:55:20 $ ______________ $Date: 2004/03/23 15:00:59 $
DEVELOPMENT STATE DEVELOPMENT STATE
o OpenSSL 0.9.8: Under development... o OpenSSL 0.9.8: Under development...
o OpenSSL 0.9.7d: Released on March 17th, 2004
o OpenSSL 0.9.7c: Released on September 30th, 2003 o OpenSSL 0.9.7c: Released on September 30th, 2003
o OpenSSL 0.9.7b: Released on April 10th, 2003 o OpenSSL 0.9.7b: Released on April 10th, 2003
o OpenSSL 0.9.7a: Released on February 19th, 2003 o OpenSSL 0.9.7a: Released on February 19th, 2003
o OpenSSL 0.9.7: Released on December 31st, 2002 o OpenSSL 0.9.7: Released on December 31st, 2002
o OpenSSL 0.9.6m: Released on March 17th, 2004
o OpenSSL 0.9.6l: Released on November 4th, 2003
o OpenSSL 0.9.6k: Released on September 30th, 2003 o OpenSSL 0.9.6k: Released on September 30th, 2003
o OpenSSL 0.9.6j: Released on April 10th, 2003 o OpenSSL 0.9.6j: Released on April 10th, 2003
o OpenSSL 0.9.6i: Released on February 19th, 2003 o OpenSSL 0.9.6i: Released on February 19th, 2003

View File

@ -1944,6 +1944,9 @@ int rotate_index(char *dbfile, char *new_suffix, char *old_suffix)
void free_index(CA_DB *db) void free_index(CA_DB *db)
{ {
TXT_DB_free(db->db); if (db)
{
if (db->db) TXT_DB_free(db->db);
OPENSSL_free(db); OPENSSL_free(db);
} }
}

View File

@ -1025,7 +1025,6 @@ end:
static ASN1_INTEGER *x509_load_serial(char *CAfile, char *serialfile, int create) static ASN1_INTEGER *x509_load_serial(char *CAfile, char *serialfile, int create)
{ {
char *buf = NULL, *p; char *buf = NULL, *p;
MS_STATIC char buf2[1024];
ASN1_INTEGER *bs = NULL; ASN1_INTEGER *bs = NULL;
BIGNUM *serial = NULL; BIGNUM *serial = NULL;
size_t len; size_t len;

View File

@ -641,7 +641,7 @@ fmtfp(
multiplying by a factor of 10 */ multiplying by a factor of 10 */
fracpart = roundv((pow10(max)) * (ufvalue - intpart)); fracpart = roundv((pow10(max)) * (ufvalue - intpart));
if (fracpart >= pow10(max)) { if (fracpart >= (long)pow10(max)) {
intpart++; intpart++;
fracpart -= (long)pow10(max); fracpart -= (long)pow10(max);
} }

View File

@ -213,14 +213,14 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
b->shutdown=(int)num&BIO_CLOSE; b->shutdown=(int)num&BIO_CLOSE;
b->ptr=(char *)ptr; b->ptr=(char *)ptr;
b->init=1; b->init=1;
#if defined(OPENSSL_SYS_WINDOWS)
if (num & BIO_FP_TEXT)
_setmode(fileno((FILE *)ptr),_O_TEXT);
else
_setmode(fileno((FILE *)ptr),_O_BINARY);
#elif defined(OPENSSL_SYS_MSDOS)
{ {
int fd = fileno((FILE*)ptr); int fd = fileno((FILE*)ptr);
#if defined(OPENSSL_SYS_WINDOWS)
if (num & BIO_FP_TEXT)
_setmode(fd,_O_TEXT);
else
_setmode(fd,_O_BINARY);
#elif defined(OPENSSL_SYS_MSDOS)
/* Set correct text/binary mode */ /* Set correct text/binary mode */
if (num & BIO_FP_TEXT) if (num & BIO_FP_TEXT)
_setmode(fd,_O_TEXT); _setmode(fd,_O_TEXT);
@ -235,13 +235,13 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
else else
_setmode(fd,_O_BINARY); _setmode(fd,_O_BINARY);
} }
}
#elif defined(OPENSSL_SYS_OS2) #elif defined(OPENSSL_SYS_OS2)
if (num & BIO_FP_TEXT) if (num & BIO_FP_TEXT)
setmode(fileno((FILE *)ptr), O_TEXT); setmode(fd, O_TEXT);
else else
setmode(fileno((FILE *)ptr), O_BINARY); setmode(fd, O_BINARY);
#endif #endif
}
break; break;
case BIO_C_SET_FILENAME: case BIO_C_SET_FILENAME:
file_free(b); file_free(b);

View File

@ -896,7 +896,7 @@ int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
} }
form = buf[0]; form = buf[0];
y_bit = form & 1; y_bit = form & 1;
form = form & ~1; form = form & ~1U;
if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED) if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED)
&& (form != POINT_CONVERSION_UNCOMPRESSED) && (form != POINT_CONVERSION_UNCOMPRESSED)
&& (form != POINT_CONVERSION_HYBRID)) && (form != POINT_CONVERSION_HYBRID))

View File

@ -25,8 +25,8 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta) * major minor fix final patch/beta)
*/ */
#define OPENSSL_VERSION_NUMBER 0x00907040L #define OPENSSL_VERSION_NUMBER 0x00907050L
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7d-dev [fips] xx XXX XXXX" #define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7e-dev [fips] XX xxx XXXX"
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT

View File

@ -471,6 +471,6 @@ is guaranteed to work.
=head1 RETURN CODES =head1 RETURN CODES
The read routines return either a pointer to the structure read or NULL The read routines return either a pointer to the structure read or NULL
is an error occurred. if an error occurred.
The write routines return 1 for success or 0 for failure. The write routines return 1 for success or 0 for failure.

View File

@ -1,7 +1,7 @@
%define libmaj 0 %define libmaj 0
%define libmin 9 %define libmin 9
%define librel 7 %define librel 7
%define librev c %define librev d
Release: 1 Release: 1
%define openssldir /var/ssl %define openssldir /var/ssl

View File

@ -953,7 +953,7 @@ print_krb5_authdata(char *label, krb5_authdata **adata)
printf("%s, authdata==0\n", label); printf("%s, authdata==0\n", label);
return; return;
} }
printf("%s [%p]\n", label, adata); printf("%s [%p]\n", label, (void *)adata);
#if 0 #if 0
{ {
int i; int i;
@ -1725,7 +1725,7 @@ kssl_ctx_show(KSSL_CTX *kssl_ctx)
return; return;
} }
else else
printf("%p\n", kssl_ctx); printf("%p\n", (void *)kssl_ctx);
printf("\tservice:\t%s\n", printf("\tservice:\t%s\n",
(kssl_ctx->service_name)? kssl_ctx->service_name: "NULL"); (kssl_ctx->service_name)? kssl_ctx->service_name: "NULL");

View File

@ -1085,6 +1085,14 @@ start:
goto err; goto err;
} }
/* Check we have a cipher to change to */
if (s->s3->tmp.new_cipher == NULL)
{
i=SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY);
goto err;
}
rr->length=0; rr->length=0;
if (s->msg_callback) if (s->msg_callback)

View File

@ -1597,11 +1597,27 @@ static int ssl3_get_client_key_exchange(SSL *s)
n2s(p,i); n2s(p,i);
enc_ticket.length = i; enc_ticket.length = i;
if (n < enc_ticket.length + 6)
{
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_R_DATA_LENGTH_TOO_LONG);
goto err;
}
enc_ticket.data = (char *)p; enc_ticket.data = (char *)p;
p+=enc_ticket.length; p+=enc_ticket.length;
n2s(p,i); n2s(p,i);
authenticator.length = i; authenticator.length = i;
if (n < enc_ticket.length + authenticator.length + 6)
{
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_R_DATA_LENGTH_TOO_LONG);
goto err;
}
authenticator.data = (char *)p; authenticator.data = (char *)p;
p+=authenticator.length; p+=authenticator.length;

View File

@ -6,5 +6,5 @@
for i in $* for i in $*
do do
n=`openssl x509 -issuer -noout -in $i` n=`openssl x509 -issuer -noout -in $i`
echo "$i\t$n" echo "$i $n"
done done