Compare commits
5 Commits
OpenSSL_1_
...
OpenSSL_1_
| Author | SHA1 | Date | |
|---|---|---|---|
|
2a8c2799e1 | ||
|
|
2ad310ffde | ||
|
|
6cbc78906b | ||
|
|
fffcf87a55 | ||
|
|
3adca975dc |
6
CHANGES
6
CHANGES
@@ -2,6 +2,12 @@
|
||||
OpenSSL CHANGES
|
||||
_______________
|
||||
|
||||
Changes between 1.0.1n and 1.0.1o [12 Jun 2015]
|
||||
|
||||
*) Fix HMAC ABI incompatibility. The previous version introduced an ABI
|
||||
incompatibility in the handling of HMAC. The previous ABI has now been
|
||||
restored.
|
||||
|
||||
Changes between 1.0.1m and 1.0.1n [11 Jun 2015]
|
||||
|
||||
*) Malformed ECParameters causes infinite loop
|
||||
|
||||
4
NEWS
4
NEWS
@@ -5,6 +5,10 @@
|
||||
This file gives a brief overview of the major changes between each OpenSSL
|
||||
release. For more details please read the CHANGES file.
|
||||
|
||||
Major changes between OpenSSL 1.0.1n and OpenSSL 1.0.1o [12 Jun 2015]
|
||||
|
||||
o Fix HMAC ABI incompatibility
|
||||
|
||||
Major changes between OpenSSL 1.0.1m and OpenSSL 1.0.1n [11 Jun 2015]
|
||||
|
||||
o Malformed ECParameters causes infinite loop (CVE-2015-1788)
|
||||
|
||||
2
README
2
README
@@ -1,5 +1,5 @@
|
||||
|
||||
OpenSSL 1.0.1n 11 Jun 2015
|
||||
OpenSSL 1.0.1o 12 Jun 2015
|
||||
|
||||
Copyright (c) 1998-2011 The OpenSSL Project
|
||||
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
|
||||
|
||||
@@ -87,6 +87,9 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
|
||||
return FIPS_hmac_init_ex(ctx, key, len, md, NULL);
|
||||
}
|
||||
#endif
|
||||
/* If we are changing MD then we must have a key */
|
||||
if (md != NULL && md != ctx->md && (key == NULL || len < 0))
|
||||
return 0;
|
||||
|
||||
if (md != NULL) {
|
||||
reset = 1;
|
||||
@@ -97,9 +100,6 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (!ctx->key_init && key == NULL)
|
||||
return 0;
|
||||
|
||||
if (key != NULL) {
|
||||
reset = 1;
|
||||
j = EVP_MD_block_size(md);
|
||||
@@ -121,7 +121,6 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
|
||||
if (ctx->key_length != HMAC_MAX_MD_CBLOCK)
|
||||
memset(&ctx->key[ctx->key_length], 0,
|
||||
HMAC_MAX_MD_CBLOCK - ctx->key_length);
|
||||
ctx->key_init = 1;
|
||||
}
|
||||
|
||||
if (reset) {
|
||||
@@ -159,7 +158,7 @@ int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
|
||||
if (FIPS_mode() && !ctx->i_ctx.engine)
|
||||
return FIPS_hmac_update(ctx, data, len);
|
||||
#endif
|
||||
if (!ctx->key_init)
|
||||
if (!ctx->md)
|
||||
return 0;
|
||||
|
||||
return EVP_DigestUpdate(&ctx->md_ctx, data, len);
|
||||
@@ -174,7 +173,7 @@ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
|
||||
return FIPS_hmac_final(ctx, md, len);
|
||||
#endif
|
||||
|
||||
if (!ctx->key_init)
|
||||
if (!ctx->md)
|
||||
goto err;
|
||||
|
||||
if (!EVP_DigestFinal_ex(&ctx->md_ctx, buf, &i))
|
||||
@@ -195,7 +194,6 @@ void HMAC_CTX_init(HMAC_CTX *ctx)
|
||||
EVP_MD_CTX_init(&ctx->i_ctx);
|
||||
EVP_MD_CTX_init(&ctx->o_ctx);
|
||||
EVP_MD_CTX_init(&ctx->md_ctx);
|
||||
ctx->key_init = 0;
|
||||
ctx->md = NULL;
|
||||
}
|
||||
|
||||
@@ -207,11 +205,8 @@ int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx)
|
||||
goto err;
|
||||
if (!EVP_MD_CTX_copy(&dctx->md_ctx, &sctx->md_ctx))
|
||||
goto err;
|
||||
dctx->key_init = sctx->key_init;
|
||||
if (sctx->key_init) {
|
||||
memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK);
|
||||
dctx->key_length = sctx->key_length;
|
||||
}
|
||||
memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK);
|
||||
dctx->key_length = sctx->key_length;
|
||||
dctx->md = sctx->md;
|
||||
return 1;
|
||||
err:
|
||||
|
||||
@@ -79,7 +79,6 @@ typedef struct hmac_ctx_st {
|
||||
EVP_MD_CTX o_ctx;
|
||||
unsigned int key_length;
|
||||
unsigned char key[HMAC_MAX_MD_CBLOCK];
|
||||
int key_init;
|
||||
} HMAC_CTX;
|
||||
|
||||
# define HMAC_size(e) (EVP_MD_size((e)->md))
|
||||
|
||||
@@ -233,7 +233,12 @@ test5:
|
||||
err++;
|
||||
goto test6;
|
||||
}
|
||||
if (!HMAC_Init_ex(&ctx, NULL, 0, EVP_sha256(), NULL)) {
|
||||
if (HMAC_Init_ex(&ctx, NULL, 0, EVP_sha256(), NULL)) {
|
||||
printf("Should disallow changing MD without a new key (test 5)\n");
|
||||
err++;
|
||||
goto test6;
|
||||
}
|
||||
if (!HMAC_Init_ex(&ctx, test[4].key, test[4].key_len, EVP_sha256(), NULL)) {
|
||||
printf("Failed to reinitialise HMAC (test 5)\n");
|
||||
err++;
|
||||
goto test6;
|
||||
|
||||
@@ -30,11 +30,11 @@ extern "C" {
|
||||
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
|
||||
* major minor fix final patch/beta)
|
||||
*/
|
||||
# define OPENSSL_VERSION_NUMBER 0x100010efL
|
||||
# define OPENSSL_VERSION_NUMBER 0x100010ffL
|
||||
# ifdef OPENSSL_FIPS
|
||||
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1n-fips 11 Jun 2015"
|
||||
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1o-fips 12 Jun 2015"
|
||||
# else
|
||||
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1n 11 Jun 2015"
|
||||
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1o 12 Jun 2015"
|
||||
# endif
|
||||
# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
|
||||
|
||||
|
||||
@@ -7,7 +7,7 @@ Release: 1
|
||||
Summary: Secure Sockets Layer and cryptography libraries and tools
|
||||
Name: openssl
|
||||
#Version: %{libmaj}.%{libmin}.%{librel}
|
||||
Version: 1.0.1n
|
||||
Version: 1.0.1o
|
||||
Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
|
||||
License: OpenSSL
|
||||
Group: System Environment/Libraries
|
||||
|
||||
12
ssl/t1_lib.c
12
ssl/t1_lib.c
@@ -1016,12 +1016,12 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
|
||||
|
||||
s->srtp_profile = NULL;
|
||||
|
||||
if (data >= (d + n - 2)) {
|
||||
if (data != d + n)
|
||||
goto err;
|
||||
else
|
||||
goto ri_check;
|
||||
}
|
||||
if (data == d + n)
|
||||
goto ri_check;
|
||||
|
||||
if (data > (d + n - 2))
|
||||
goto err;
|
||||
|
||||
n2s(data, len);
|
||||
|
||||
if (data > (d + n - len))
|
||||
|
||||
Reference in New Issue
Block a user