Compare commits
8 Commits
OpenSSL_0_
...
OpenSSL_0_
| Author | SHA1 | Date | |
|---|---|---|---|
|
bfa33c7e91 | ||
|
|
2808478899 | ||
|
|
98d2eee05e | ||
|
|
13e8459dea | ||
|
|
8c447031ad | ||
|
|
4875e097f1 | ||
|
|
9083142ace | ||
|
|
9f2f46ba02 |
9
CHANGES
9
CHANGES
@@ -2,9 +2,14 @@
|
||||
OpenSSL CHANGES
|
||||
_______________
|
||||
|
||||
Changes between 0.9.8f and 0.9.8g [xx XXX xxxx]
|
||||
Changes between 0.9.8f and 0.9.8g [19 Oct 2007]
|
||||
|
||||
*)
|
||||
*) Fix various bugs:
|
||||
+ Binary incompatibility of ssl_ctx_st structure
|
||||
+ DTLS interoperation with non-compliant servers
|
||||
+ Don't call get_session_cb() without proposed session
|
||||
+ Fix ia64 assembler code
|
||||
[Andy Polyakov, Steve Henson]
|
||||
|
||||
Changes between 0.9.8e and 0.9.8f [11 Oct 2007]
|
||||
|
||||
|
||||
2
FAQ
2
FAQ
@@ -75,7 +75,7 @@ OpenSSL - Frequently Asked Questions
|
||||
* Which is the current version of OpenSSL?
|
||||
|
||||
The current version is available from <URL: http://www.openssl.org>.
|
||||
OpenSSL 0.9.8f was released on October 11th, 2007.
|
||||
OpenSSL 0.9.8g was released on October 19th, 2007.
|
||||
|
||||
In addition to the current stable release, you can also access daily
|
||||
snapshots of the OpenSSL development version at <URL:
|
||||
|
||||
4
NEWS
4
NEWS
@@ -5,6 +5,10 @@
|
||||
This file gives a brief overview of the major changes between each OpenSSL
|
||||
release. For more details please read the CHANGES file.
|
||||
|
||||
Major changes between OpenSSL 0.9.8f and OpenSSL 0.9.8g:
|
||||
|
||||
o Fixes for bugs introduced with 0.9.8f.
|
||||
|
||||
Major changes between OpenSSL 0.9.8e and OpenSSL 0.9.8f:
|
||||
|
||||
o Add gcc 4.2 support.
|
||||
|
||||
2
README
2
README
@@ -1,5 +1,5 @@
|
||||
|
||||
OpenSSL 0.9.8g-dev
|
||||
OpenSSL 0.9.8g
|
||||
|
||||
Copyright (c) 1998-2007 The OpenSSL Project
|
||||
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
|
||||
|
||||
3
STATUS
3
STATUS
@@ -1,10 +1,11 @@
|
||||
|
||||
OpenSSL STATUS Last modified at
|
||||
______________ $Date: 2007/10/11 14:58:14 $
|
||||
______________ $Date: 2007/10/19 08:25:14 $
|
||||
|
||||
DEVELOPMENT STATE
|
||||
|
||||
o OpenSSL 0.9.9: Under development...
|
||||
o OpenSSL 0.9.8g: Released on October 19th, 2007
|
||||
o OpenSSL 0.9.8f: Released on October 11th, 2007
|
||||
o OpenSSL 0.9.8e: Released on February 23rd, 2007
|
||||
o OpenSSL 0.9.8d: Released on September 28th, 2006
|
||||
|
||||
@@ -182,9 +182,10 @@ bn_add_words:
|
||||
mov r3=ar.lc
|
||||
brp.loop.imp .L_bn_add_words_ctop,.L_bn_add_words_cend-16
|
||||
}
|
||||
.body
|
||||
{ .mib; ADDP r14=0,r32 // rp
|
||||
.save pr,r9
|
||||
mov r9=pr };;
|
||||
.body
|
||||
{ .mii; ADDP r15=0,r33 // ap
|
||||
mov ar.lc=r10
|
||||
mov ar.ec=6 }
|
||||
@@ -234,9 +235,10 @@ bn_sub_words:
|
||||
mov r3=ar.lc
|
||||
brp.loop.imp .L_bn_sub_words_ctop,.L_bn_sub_words_cend-16
|
||||
}
|
||||
.body
|
||||
{ .mib; ADDP r14=0,r32 // rp
|
||||
.save pr,r9
|
||||
mov r9=pr };;
|
||||
.body
|
||||
{ .mii; ADDP r15=0,r33 // ap
|
||||
mov ar.lc=r10
|
||||
mov ar.ec=6 }
|
||||
@@ -294,6 +296,7 @@ bn_mul_words:
|
||||
{ .mii; sub r10=r34,r0,1
|
||||
.save ar.lc,r3
|
||||
mov r3=ar.lc
|
||||
.save pr,r9
|
||||
mov r9=pr };;
|
||||
|
||||
.body
|
||||
@@ -403,12 +406,12 @@ bn_mul_add_words:
|
||||
sub r10=r34,r0,1
|
||||
(p6) br.ret.spnt.many b0 };;
|
||||
|
||||
.body
|
||||
{ .mib; setf.sig f8=r35 // w
|
||||
.save pr,r9
|
||||
mov r9=pr
|
||||
brp.loop.imp .L_bn_mul_add_words_ctop,.L_bn_mul_add_words_cend-16
|
||||
}
|
||||
.body
|
||||
{ .mmi; ADDP r14=0,r32 // rp
|
||||
ADDP r15=0,r33 // ap
|
||||
mov ar.lc=r10 }
|
||||
@@ -1407,6 +1410,7 @@ bn_div_words:
|
||||
{ .mii; alloc r2=ar.pfs,3,5,0,8
|
||||
.save b0,r3
|
||||
mov r3=b0
|
||||
.save pr,r10
|
||||
mov r10=pr };;
|
||||
{ .mmb; cmp.eq p6,p0=r34,r0
|
||||
mov r8=-1
|
||||
|
||||
@@ -25,11 +25,11 @@
|
||||
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
|
||||
* major minor fix final patch/beta)
|
||||
*/
|
||||
#define OPENSSL_VERSION_NUMBER 0x00908070L
|
||||
#define OPENSSL_VERSION_NUMBER 0x0090807fL
|
||||
#ifdef OPENSSL_FIPS
|
||||
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8f-fips 11 Oct 2007"
|
||||
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8g-fips 19 Oct 2007"
|
||||
#else
|
||||
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8f 11 Oct 2007"
|
||||
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8g 19 Oct 2007"
|
||||
#endif
|
||||
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
|
||||
|
||||
|
||||
@@ -297,9 +297,9 @@ int dtls1_do_write(SSL *s, int type)
|
||||
{
|
||||
/* should not be done for 'Hello Request's, but in that case
|
||||
* we'll ignore the result anyway */
|
||||
unsigned char *p = &s->init_buf->data[s->init_off];
|
||||
unsigned char *p = (unsigned char *)&s->init_buf->data[s->init_off];
|
||||
const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
|
||||
int len;
|
||||
int xlen;
|
||||
|
||||
if (frag_off == 0 && s->client_version != DTLS1_BAD_VER)
|
||||
{
|
||||
@@ -311,15 +311,15 @@ int dtls1_do_write(SSL *s, int type)
|
||||
l2n3(0,p);
|
||||
l2n3(msg_hdr->msg_len,p);
|
||||
p -= DTLS1_HM_HEADER_LENGTH;
|
||||
len = ret;
|
||||
xlen = ret;
|
||||
}
|
||||
else
|
||||
{
|
||||
p += DTLS1_HM_HEADER_LENGTH;
|
||||
len = ret - DTLS1_HM_HEADER_LENGTH;
|
||||
xlen = ret - DTLS1_HM_HEADER_LENGTH;
|
||||
}
|
||||
|
||||
ssl3_finish_mac(s, p, len);
|
||||
ssl3_finish_mac(s, p, xlen);
|
||||
}
|
||||
|
||||
if (ret == s->init_num)
|
||||
@@ -398,7 +398,7 @@ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
|
||||
* the potential damage caused by malformed overlaps. */
|
||||
if ((unsigned int)s->init_num >= msg_hdr->msg_len)
|
||||
{
|
||||
unsigned char *p = s->init_buf->data;
|
||||
unsigned char *p = (unsigned char *)s->init_buf->data;
|
||||
unsigned long msg_len = msg_hdr->msg_len;
|
||||
|
||||
/* reconstruct message header as if it was
|
||||
@@ -525,7 +525,7 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
|
||||
|
||||
if (al==0) /* no alert */
|
||||
{
|
||||
unsigned char *p = s->init_buf->data+DTLS1_HM_HEADER_LENGTH;
|
||||
unsigned char *p = (unsigned char *)s->init_buf->data+DTLS1_HM_HEADER_LENGTH;
|
||||
memcpy(&p[frag->msg_header.frag_off],
|
||||
frag->fragment,frag->msg_header.frag_len);
|
||||
}
|
||||
@@ -683,7 +683,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
|
||||
|
||||
if ( frag_len > 0)
|
||||
{
|
||||
unsigned char *p=s->init_buf->data+DTLS1_HM_HEADER_LENGTH;
|
||||
unsigned char *p=(unsigned char *)s->init_buf->data+DTLS1_HM_HEADER_LENGTH;
|
||||
|
||||
i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
|
||||
&p[frag_off],frag_len,0);
|
||||
@@ -777,11 +777,11 @@ int dtls1_send_change_cipher_spec(SSL *s, int a, int b)
|
||||
p=(unsigned char *)s->init_buf->data;
|
||||
*p++=SSL3_MT_CCS;
|
||||
s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
|
||||
s->d1->next_handshake_write_seq++;
|
||||
s->init_num=DTLS1_CCS_HEADER_LENGTH;
|
||||
|
||||
if (s->client_version == DTLS1_BAD_VER)
|
||||
{
|
||||
s->d1->next_handshake_write_seq++;
|
||||
s2n(s->d1->handshake_write_seq,p);
|
||||
s->init_num+=2;
|
||||
}
|
||||
@@ -974,6 +974,7 @@ dtls1_buffer_message(SSL *s, int is_ccs)
|
||||
pitem *item;
|
||||
hm_fragment *frag;
|
||||
PQ_64BIT seq64;
|
||||
unsigned int epoch = s->d1->w_epoch;
|
||||
|
||||
/* this function is called immediately after a message has
|
||||
* been serialized */
|
||||
@@ -987,6 +988,7 @@ dtls1_buffer_message(SSL *s, int is_ccs)
|
||||
{
|
||||
OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
|
||||
DTLS1_CCS_HEADER_LENGTH <= (unsigned int)s->init_num);
|
||||
epoch++;
|
||||
}
|
||||
else
|
||||
{
|
||||
@@ -1002,7 +1004,7 @@ dtls1_buffer_message(SSL *s, int is_ccs)
|
||||
frag->msg_header.is_ccs = is_ccs;
|
||||
|
||||
pq_64bit_init(&seq64);
|
||||
pq_64bit_assign_word(&seq64, frag->msg_header.seq);
|
||||
pq_64bit_assign_word(&seq64, epoch<<16 | frag->msg_header.seq);
|
||||
|
||||
item = pitem_new(seq64, frag);
|
||||
pq_64bit_free(&seq64);
|
||||
|
||||
@@ -1006,8 +1006,8 @@ start:
|
||||
/* do this whenever CCS is processed */
|
||||
dtls1_reset_seq_numbers(s, SSL3_CC_READ);
|
||||
|
||||
/* handshake read seq is reset upon handshake completion */
|
||||
s->d1->handshake_read_seq++;
|
||||
if (s->client_version == DTLS1_BAD_VER)
|
||||
s->d1->handshake_read_seq++;
|
||||
|
||||
goto start;
|
||||
}
|
||||
|
||||
@@ -990,7 +990,6 @@ struct ssl_st
|
||||
int first_packet;
|
||||
int client_version; /* what was passed, used for
|
||||
* SSLv3/TLS rollback check */
|
||||
unsigned int max_send_fragment;
|
||||
#ifndef OPENSSL_NO_TLSEXT
|
||||
/* TLS extension debug callback */
|
||||
void (*tlsext_debug_cb)(SSL *s, int client_server, int type,
|
||||
|
||||
@@ -320,10 +320,12 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
|
||||
fatal = 1;
|
||||
goto err;
|
||||
}
|
||||
else if (r == 0)
|
||||
else if (r == 0 || (!ret && !len))
|
||||
goto err;
|
||||
else if (!ret && !(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
|
||||
#else
|
||||
if (len == 0)
|
||||
goto err;
|
||||
if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
|
||||
#endif
|
||||
{
|
||||
|
||||
@@ -617,6 +617,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
|
||||
memcpy(sess->session_id, sess_id, sesslen);
|
||||
sess->session_id_length = sesslen;
|
||||
*psess = sess;
|
||||
s->tlsext_ticket_expected = 0;
|
||||
return 1;
|
||||
}
|
||||
/* If session decrypt failure indicate a cache miss and set state to
|
||||
|
||||
Reference in New Issue
Block a user