generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

OCSP stapling fix (OpenSSL 0.9.8r/1.0.0d)

Browse Source 
Submitted by: Neel Mehta, Adam Langley, Bodo Moeller
This commit is contained in:
Bodo Möller 2011-02-08 17:48:41 +00:00
parent 45d63a5408
commit 8c93c4dd42
8 changed files with 29 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
FAQ
View File

@ -82,7 +82,7 @@ OpenSSL - Frequently Asked Questions
* Which is the current version of OpenSSL? * Which is the current version of OpenSSL?
The current version is available from <URL: http://www.openssl.org>. The current version is available from <URL: http://www.openssl.org>.
OpenSSL 1.0.0c was released on Dec 2nd, 2010. OpenSSL 1.0.0d was released on Feb 8th, 2011.
In addition to the current stable release, you can also access daily In addition to the current stable release, you can also access daily
snapshots of the OpenSSL development version at <URL: snapshots of the OpenSSL development version at <URL:

2
LICENSE
View File

@ -12,7 +12,7 @@
--------------- ---------------
/* ==================================================================== /* ====================================================================
* Copyright (c) 1998-2008 The OpenSSL Project. All rights reserved. * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions

8
NEWS
View File

@ -5,6 +5,10 @@
This file gives a brief overview of the major changes between each OpenSSL This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file. release. For more details please read the CHANGES file.
Major changes between OpenSSL 1.0.0c and OpenSSL 1.0.0d:
o Fix for security issue CVE-2011-0014
Major changes between OpenSSL 1.0.0b and OpenSSL 1.0.0c: Major changes between OpenSSL 1.0.0b and OpenSSL 1.0.0c:
o Fix for security issue CVE-2010-4180 o Fix for security issue CVE-2010-4180
@ -47,6 +51,10 @@
o Opaque PRF Input TLS extension support. o Opaque PRF Input TLS extension support.
o Updated time routines to avoid OS limitations. o Updated time routines to avoid OS limitations.
Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r:
o Fix for security issue CVE-2011-0014
Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q: Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q:
o Fix for security issue CVE-2010-4180 o Fix for security issue CVE-2010-4180

2
README
View File

@ -1,7 +1,7 @@
OpenSSL 1.0.1-dev OpenSSL 1.0.1-dev
Copyright (c) 1998-2010 The OpenSSL Project Copyright (c) 1998-2011 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved. All rights reserved.

9
STATUS
View File

@ -1,13 +1,20 @@
OpenSSL STATUS Last modified at OpenSSL STATUS Last modified at
______________ $Date: 2010/06/16 13:47:59 $ ______________ $Date: 2011/02/08 17:48:40 $
DEVELOPMENT STATE DEVELOPMENT STATE
o OpenSSL 1.1.0: Under development... o OpenSSL 1.1.0: Under development...
o OpenSSL 1.0.1: Under development... o OpenSSL 1.0.1: Under development...
o OpenSSL 1.0.0d: Released on February 8nd, 2011
o OpenSSL 1.0.0c: Released on December 2nd, 2010
o OpenSSL 1.0.0b: Released on November 16th, 2010
o OpenSSL 1.0.0a: Released on June 1st, 2010 o OpenSSL 1.0.0a: Released on June 1st, 2010
o OpenSSL 1.0.0: Released on March 29th, 2010 o OpenSSL 1.0.0: Released on March 29th, 2010
o OpenSSL 0.9.8r: Released on February 8nd, 2011
o OpenSSL 0.9.8q: Released on December 2nd, 2010
o OpenSSL 0.9.8p: Released on November 16th, 2010
o OpenSSL 0.9.8o: Released on June 1st, 2010
o OpenSSL 0.9.8n: Released on March 24th, 2010 o OpenSSL 0.9.8n: Released on March 24th, 2010
o OpenSSL 0.9.8m: Released on February 25th, 2010 o OpenSSL 0.9.8m: Released on February 25th, 2010
o OpenSSL 0.9.8l: Released on November 5th, 2009 o OpenSSL 0.9.8l: Released on November 5th, 2009

4
openssl.spec
View File

@ -1,8 +1,8 @@
%define _unpackaged_files_terminate_build 0 %define _unpackaged_files_terminate_build 0
%define libmaj 1 %define libmaj 1
%define libmin 0 %define libmin 0
%define librel 0 %define librel 1
%define librev b #%define librev a
Release: 1 Release: 1
%define openssldir /var/ssl %define openssldir /var/ssl

8
ssl/t1_lib.c
View File

@ -917,6 +917,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
} }
n2s(data, idsize); n2s(data, idsize);
dsize -= 2 + idsize; dsize -= 2 + idsize;
size -= 2 + idsize;
if (dsize < 0) if (dsize < 0)
{ {
*al = SSL_AD_DECODE_ERROR; *al = SSL_AD_DECODE_ERROR;
@ -955,9 +956,14 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
} }
/* Read in request_extensions */ /* Read in request_extensions */
if (size < 2)
{
*al = SSL_AD_DECODE_ERROR;
return 0;
}
n2s(data,dsize); n2s(data,dsize);
size -= 2; size -= 2;
if (dsize > size) if (dsize != size)
{ {
*al = SSL_AD_DECODE_ERROR; *al = SSL_AD_DECODE_ERROR;
return 0; return 0;

2
util/mkerr.pl
View File

@ -391,7 +391,7 @@ foreach $lib (keys %csrc)
} else { } else {
push @out, push @out,
"/* ====================================================================\n", "/* ====================================================================\n",
" * Copyright (c) 2001-2010 The OpenSSL Project. All rights reserved.\n", " * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved.\n",
" *\n", " *\n",
" * Redistribution and use in source and binary forms, with or without\n", " * Redistribution and use in source and binary forms, with or without\n",
" * modification, are permitted provided that the following conditions\n", " * modification, are permitted provided that the following conditions\n",