generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Recent changes from 0.9.7-stable

Browse Source
This commit is contained in:
Richard Levitte
2003-10-02 10:55:25 +00:00
parent 80be2f484f
commit 95a64aa4b8
19 changed files with 104 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
CHANGES
View File

@@ -2,7 +2,23 @@
OpenSSL CHANGES OpenSSL CHANGES
_______________ _______________
Changes between 0.9.7b and 0.9.7c [xx XXX 2003] Changes between 0.9.7c and 0.9.7d [xx XXX XXXX]
*)
Changes between 0.9.7b and 0.9.7c [30 Sep 2003]
*) Fix various bugs revealed by running the NISCC test suite:
Stop out of bounds reads in the ASN1 code when presented with
invalid tags (CAN-2003-0543 and CAN-2003-0544).
Free up ASN1_TYPE correctly if ANY type is invalid (CAN-2003-0545).
If verify callback ignores invalid public key errors don't try to check
certificate signature with the NULL public key.
[Steve Henson]
*) New -ignore_err option in ocsp application to stop the server *) New -ignore_err option in ocsp application to stop the server
exiting on the first error in a request. exiting on the first error in a request.
@@ -1980,7 +1996,17 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
*) Clean old EAY MD5 hack from e_os.h. *) Clean old EAY MD5 hack from e_os.h.
[Richard Levitte] [Richard Levitte]
Changes between 0.9.6j and 0.9.6k [xx XXX 2003] Changes between 0.9.6j and 0.9.6k [30 Sep 2003]
*) Fix various bugs revealed by running the NISCC test suite:
Stop out of bounds reads in the ASN1 code when presented with
invalid tags (CAN-2003-0543 and CAN-2003-0544).
If verify callback ignores invalid public key errors don't try to check
certificate signature with the NULL public key.
[Steve Henson]
*) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
if the server requested one: as stated in TLS 1.0 and SSL 3.0 if the server requested one: as stated in TLS 1.0 and SSL 3.0

2
FAQ
View File

@@ -68,7 +68,7 @@ OpenSSL - Frequently Asked Questions
* Which is the current version of OpenSSL? * Which is the current version of OpenSSL?
The current version is available from <URL: http://www.openssl.org>. The current version is available from <URL: http://www.openssl.org>.
OpenSSL 0.9.7b was released on April 10, 2003. OpenSSL 0.9.7c was released on September 30, 2003.
In addition to the current stable release, you can also access daily In addition to the current stable release, you can also access daily
snapshots of the OpenSSL development version at <URL: snapshots of the OpenSSL development version at <URL:

4
Makefile.org
View File

@@ -860,7 +860,7 @@ install: all install_docs
fi; \ fi; \
done; done;
cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/openssl.pc
install_docs: install_docs:
@$(PERL) $(TOP)/util/mkdir-p.pl \ @$(PERL) $(TOP)/util/mkdir-p.pl \
@@ -885,6 +885,7 @@ install_docs:
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
$(PERL) util/extract-names.pl < $$i | \ $(PERL) util/extract-names.pl < $$i | \
grep -v $$filecase "^$$fn\$$" | \ grep -v $$filecase "^$$fn\$$" | \
grep -v "[ ]" | \
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \ (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
while read n; do \ while read n; do \
$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \ $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
@@ -901,6 +902,7 @@ install_docs:
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
$(PERL) util/extract-names.pl < $$i | \ $(PERL) util/extract-names.pl < $$i | \
grep -v $$filecase "^$$fn\$$" | \ grep -v $$filecase "^$$fn\$$" | \
grep -v "[ ]" | \
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \ (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
while read n; do \ while read n; do \
$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \ $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \

12
NEWS
View File

@@ -5,6 +5,13 @@
This file gives a brief overview of the major changes between each OpenSSL This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file. release. For more details please read the CHANGES file.
Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c:
o Security: fix various ASN1 parsing bugs.
o New -ignore_err option to OCSP utility.
o Various interop and bug fixes in S/MIME code.
o SSL/TLS protocol fix for unrequested client certificates.
Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b: Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b:
o Security: counter the Klima-Pokorny-Rosa extension of o Security: counter the Klima-Pokorny-Rosa extension of
@@ -73,6 +80,11 @@
o SSL/TLS: add callback to retrieve SSL/TLS messages. o SSL/TLS: add callback to retrieve SSL/TLS messages.
o SSL/TLS: support AES cipher suites (RFC3268). o SSL/TLS: support AES cipher suites (RFC3268).
Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k:
o Security: fix various ASN1 parsing bugs.
o SSL/TLS protocol fix for unrequested client certificates.
Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j: Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j:
o Security: counter the Klima-Pokorny-Rosa extension of o Security: counter the Klima-Pokorny-Rosa extension of

2
README
View File

@@ -1,5 +1,5 @@
OpenSSL 0.9.7c-dev xx XXX 2003 OpenSSL 0.9.7c 30 Sep 2003
Copyright (c) 1998-2003 The OpenSSL Project Copyright (c) 1998-2003 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

4
STATUS
View File

@@ -1,13 +1,15 @@
OpenSSL STATUS Last modified at OpenSSL STATUS Last modified at
______________ $Date: 2003/04/10 20:22:12 $ ______________ $Date: 2003/10/02 10:55:20 $
DEVELOPMENT STATE DEVELOPMENT STATE
o OpenSSL 0.9.8: Under development... o OpenSSL 0.9.8: Under development...
o OpenSSL 0.9.7c: Released on September 30th, 2003
o OpenSSL 0.9.7b: Released on April 10th, 2003 o OpenSSL 0.9.7b: Released on April 10th, 2003
o OpenSSL 0.9.7a: Released on February 19th, 2003 o OpenSSL 0.9.7a: Released on February 19th, 2003
o OpenSSL 0.9.7: Released on December 31st, 2002 o OpenSSL 0.9.7: Released on December 31st, 2002
o OpenSSL 0.9.6k: Released on September 30th, 2003
o OpenSSL 0.9.6j: Released on April 10th, 2003 o OpenSSL 0.9.6j: Released on April 10th, 2003
o OpenSSL 0.9.6i: Released on February 19th, 2003 o OpenSSL 0.9.6i: Released on February 19th, 2003
o OpenSSL 0.9.6h: Released on December 5th, 2002 o OpenSSL 0.9.6h: Released on December 5th, 2002

27
TABLE
View File

@@ -4275,6 +4275,31 @@ $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
$ranlib = $ranlib =
$arflags = $arflags =
*** vxworks-mipsle
$cc = ccmips
$cflags = -B$(WIND_BASE)/host/$(WIND_HOST_TYPE)/lib/gcc-lib/ -DL_ENDIAN -EL -Wl,-EL -mips2 -mno-branch-likely -G 0 -fno-builtin -msoft-float -DCPU=MIPS32 -DMIPSEL -DNO_STRINGS_H -I$(WIND_BASE)/target/h
$unistd =
$thread_cflag =
$sys_id = VXWORKS
$lflags = -r
$bn_ops =
$bn_obj =
$des_obj =
$bf_obj =
$md5_obj =
$sha1_obj =
$cast_obj =
$rc4_obj =
$rmd160_obj =
$rc5_obj =
$dso_scheme =
$shared_target=
$shared_cflag =
$shared_ldflag =
$shared_extension =
$ranlib = ranlibmips
$arflags =
*** vxworks-ppc405 *** vxworks-ppc405
$cc = ccppc $cc = ccppc
$cflags = -g -msoft-float -mlongcall -DCPU=PPC405 -I$(WIND_BASE)/target/h $cflags = -g -msoft-float -mlongcall -DCPU=PPC405 -I$(WIND_BASE)/target/h
@@ -4377,7 +4402,7 @@ $arflags =
*** vxworks-ppc860 *** vxworks-ppc860
$cc = ccppc $cc = ccppc
$cflags = -g -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I$(WIND_BASE)/target/h $cflags = -nostdinc -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I$(WIND_BASE)/target/h
$unistd = $unistd =
$thread_cflag = $thread_cflag =
$sys_id = VXWORKS $sys_id = VXWORKS

2
crypto/asn1/asn1_lib.c
View File

@@ -104,10 +104,12 @@ int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass,
l<<=7L; l<<=7L;
l|= *(p++)&0x7f; l|= *(p++)&0x7f;
if (--max == 0) goto err; if (--max == 0) goto err;
if (l > (INT_MAX >> 7L)) goto err;
} }
l<<=7L; l<<=7L;
l|= *(p++)&0x7f; l|= *(p++)&0x7f;
tag=(int)l; tag=(int)l;
if (--max == 0) goto err;
} }
else else
{ {

9
crypto/asn1/tasn_dec.c
View File

@@ -691,6 +691,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long inl
int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it) int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it)
{ {
ASN1_VALUE **opval = NULL;
ASN1_STRING *stmp; ASN1_STRING *stmp;
ASN1_TYPE *typ = NULL; ASN1_TYPE *typ = NULL;
int ret = 0; int ret = 0;
@@ -705,6 +706,7 @@ int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char
*pval = (ASN1_VALUE *)typ; *pval = (ASN1_VALUE *)typ;
} else typ = (ASN1_TYPE *)*pval; } else typ = (ASN1_TYPE *)*pval;
if(utype != typ->type) ASN1_TYPE_set(typ, utype, NULL); if(utype != typ->type) ASN1_TYPE_set(typ, utype, NULL);
opval = pval;
pval = (ASN1_VALUE **)&typ->value.ptr; pval = (ASN1_VALUE **)&typ->value.ptr;
} }
switch(utype) { switch(utype) {
@@ -796,7 +798,12 @@ int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char
ret = 1; ret = 1;
err: err:
if(!ret) ASN1_TYPE_free(typ); if(!ret)
{
ASN1_TYPE_free(typ);
if (opval)
*opval = NULL;
}
return ret; return ret;
} }

1
crypto/des/cfb_enc.c
View File

@@ -56,6 +56,7 @@
* [including the GNU Public Licence.] * [including the GNU Public Licence.]
*/ */
#include "e_os.h"
#include "des_locl.h" #include "des_locl.h"
/* The input and output are loaded in multiples of 8 bits. /* The input and output are loaded in multiples of 8 bits.

4
crypto/opensslv.h
View File

@@ -25,8 +25,8 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta) * major minor fix final patch/beta)
*/ */
#define OPENSSL_VERSION_NUMBER 0x00907030L #define OPENSSL_VERSION_NUMBER 0x00907040L
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7c-dev xx XXX 2003" #define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7d-dev [fips] xx XXX XXXX"
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT

2
crypto/x509/x509_vfy.c
View File

@@ -674,7 +674,7 @@ static int internal_verify(X509_STORE_CTX *ctx)
ok=(*cb)(0,ctx); ok=(*cb)(0,ctx);
if (!ok) goto end; if (!ok) goto end;
} }
if (X509_verify(xs,pkey) <= 0) else if (X509_verify(xs,pkey) <= 0)
/* XXX For the final trusted self-signed cert, /* XXX For the final trusted self-signed cert,
* this is a waste of time. That check should * this is a waste of time. That check should
* optional so that e.g. 'openssl x509' can be * optional so that e.g. 'openssl x509' can be

2
doc/crypto/EVP_BytesToKey.pod
View File

@@ -2,7 +2,7 @@
=head1 NAME =head1 NAME
EVP_BytesToKey - password based encryption routine EVP_BytesToKey - password based encryption routine
=head1 SYNOPSIS =head1 SYNOPSIS

2
doc/crypto/EVP_DigestInit.pod
View File

@@ -4,7 +4,7 @@
EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate, EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate,
EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE, EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE,
EVP_MD_CTX_copy_ex EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, EVP_MD_CTX_copy_ex, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size,
EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type, EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type,
EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2, EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2,
EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj - EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj -

2
doc/crypto/des.pod
View File

@@ -283,7 +283,7 @@ DES_cbc_encrypt is used.
=head1 NOTES =head1 NOTES
Single-key DES is insecure due to its short key size. ECB mode is Single-key DES is insecure due to its short key size. ECB mode is
not suitable for most applications; see L<DES_modes(7)|DES_modes(7)>. not suitable for most applications; see L<des_modes(7)|des_modes(7)>.
The L<evp(3)|evp(3)> library provides higher-level encryption functions. The L<evp(3)|evp(3)> library provides higher-level encryption functions.

2
doc/crypto/ui.pod
View File

@@ -5,7 +5,7 @@
UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string, UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string,
UI_add_verify_string, UI_dup_verify_string, UI_add_input_boolean, UI_add_verify_string, UI_dup_verify_string, UI_add_input_boolean,
UI_dup_input_boolean, UI_add_info_string, UI_dup_info_string, UI_dup_input_boolean, UI_add_info_string, UI_dup_info_string,
UI_add_error_string, UI_dup_error_string, UI_construct_prompt UI_add_error_string, UI_dup_error_string, UI_construct_prompt,
UI_add_user_data, UI_get0_user_data, UI_get0_result, UI_process, UI_add_user_data, UI_get0_user_data, UI_get0_result, UI_process,
UI_ctrl, UI_set_default_method, UI_get_default_method, UI_get_method, UI_ctrl, UI_set_default_method, UI_get_default_method, UI_get_method,
UI_set_method, UI_OpenSSL, ERR_load_UI_strings - New User Interface UI_set_method, UI_OpenSSL, ERR_load_UI_strings - New User Interface

4
ssl/ssl_ciph.c
View File

@@ -1129,11 +1129,11 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
{ {
MemCheck_on(); MemCheck_on();
SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE); SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE);
return(0); return(1);
} }
else else
{ {
MemCheck_on(); MemCheck_on();
return(1); return(0);
} }
} }

9
ssl/ssltest.c
View File

@@ -596,7 +596,14 @@ bad:
if (cm != NULL) if (cm != NULL)
{ {
if (cm->type != NID_undef) if (cm->type != NID_undef)
SSL_COMP_add_compression_method(comp, cm); {
if (SSL_COMP_add_compression_method(comp, cm) != 0)
{
fprintf(stderr,
"Failed to add compression method\n");
ERR_print_errors_fp(stderr);
}
}
else else
{ {
fprintf(stderr, fprintf(stderr,

2
util/extract-names.pl
View File

@@ -10,6 +10,8 @@ while(<STDIN>) {
if (/ - /) { if (/ - /) {
s/ - .*//; s/ - .*//;
s/,[ \t]+/,/g; s/,[ \t]+/,/g;
s/^[ \t]+//g;
s/[ \t]+$//g;
push @words, split ','; push @words, split ',';
} }
} }