OpenSSL CHANGES
_______________
- Changes between 0.9.7c and 0.9.7d [xx XXX XXXX]
+ Changes between 0.9.7d and 0.9.7e [XX xxx XXXX]
+
+ *)
+
+ Changes between 0.9.7c and 0.9.7d [17 Mar 2004]
+
+ *) Fix null-pointer assignment in do_change_cipher_spec() revealed
+ by using the Codenomicon TLS Test Tool (CAN-2004-0079)
+ [Joe Orton, Steve Henson]
+
+ *) Fix flaw in SSL/TLS handshaking when using Kerberos ciphersuites
+ (CAN-2004-0112)
+ [Joe Orton, Steve Henson]
*) Make it possible to have multiple active certificates with the same
subject in the CA index file. This is done only if the keyword
* Which is the current version of OpenSSL?
The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.7c was released on September 30, 2003.
+OpenSSL 0.9.7d was released on March 17, 2004.
In addition to the current stable release, you can also access daily
snapshots of the OpenSSL development version at <URL:
---------------
/* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
- ( WHOLELIB="-all lib$$i.a -noall"; \
+ ( WHOLELIB="-all lib$$i.a -notall"; \
(${CC} -v 2>&1 | grep gcc) > /dev/null && WHOLELIB="-Wl,-all,lib$$i.a,-notall"; \
set -x; ${CC} ${SHARED_LDFLAGS} \
-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d:
+
+ o Security: Fix Kerberos ciphersuite SSL/TLS handshaking bug
+ o Security: Fix null-pointer assignment in do_change_cipher_spec()
+ o Allow multiple active certificates with same subject in CA index
+ o Multiple X590 verification fixes
+ o Speed up HMAC and other operations
+
Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c:
o Security: fix various ASN1 parsing bugs.
- OpenSSL 0.9.7c 30 Sep 2003
+ OpenSSL 0.9.7d 17 Mar 2004
- Copyright (c) 1998-2003 The OpenSSL Project
+ Copyright (c) 1998-2004 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.
OpenSSL STATUS Last modified at
- ______________ $Date: 2003/10/02 10:55:20 $
+ ______________ $Date: 2004/03/23 15:00:59 $
DEVELOPMENT STATE
o OpenSSL 0.9.8: Under development...
+ o OpenSSL 0.9.7d: Released on March 17th, 2004
o OpenSSL 0.9.7c: Released on September 30th, 2003
o OpenSSL 0.9.7b: Released on April 10th, 2003
o OpenSSL 0.9.7a: Released on February 19th, 2003
o OpenSSL 0.9.7: Released on December 31st, 2002
+ o OpenSSL 0.9.6m: Released on March 17th, 2004
+ o OpenSSL 0.9.6l: Released on November 4th, 2003
o OpenSSL 0.9.6k: Released on September 30th, 2003
o OpenSSL 0.9.6j: Released on April 10th, 2003
o OpenSSL 0.9.6i: Released on February 19th, 2003
void free_index(CA_DB *db)
{
- TXT_DB_free(db->db);
- OPENSSL_free(db);
+ if (db)
+ {
+ if (db->db) TXT_DB_free(db->db);
+ OPENSSL_free(db);
+ }
}
static ASN1_INTEGER *x509_load_serial(char *CAfile, char *serialfile, int create)
{
char *buf = NULL, *p;
- MS_STATIC char buf2[1024];
ASN1_INTEGER *bs = NULL;
BIGNUM *serial = NULL;
size_t len;
multiplying by a factor of 10 */
fracpart = roundv((pow10(max)) * (ufvalue - intpart));
- if (fracpart >= pow10(max)) {
+ if (fracpart >= (long)pow10(max)) {
intpart++;
fracpart -= (long)pow10(max);
}
b->shutdown=(int)num&BIO_CLOSE;
b->ptr=(char *)ptr;
b->init=1;
+ {
+ int fd = fileno((FILE*)ptr);
#if defined(OPENSSL_SYS_WINDOWS)
if (num & BIO_FP_TEXT)
- _setmode(fileno((FILE *)ptr),_O_TEXT);
+ _setmode(fd,_O_TEXT);
else
- _setmode(fileno((FILE *)ptr),_O_BINARY);
+ _setmode(fd,_O_BINARY);
#elif defined(OPENSSL_SYS_MSDOS)
- {
- int fd = fileno((FILE*)ptr);
/* Set correct text/binary mode */
if (num & BIO_FP_TEXT)
_setmode(fd,_O_TEXT);
else
_setmode(fd,_O_BINARY);
}
- }
#elif defined(OPENSSL_SYS_OS2)
if (num & BIO_FP_TEXT)
- setmode(fileno((FILE *)ptr), O_TEXT);
+ setmode(fd, O_TEXT);
else
- setmode(fileno((FILE *)ptr), O_BINARY);
+ setmode(fd, O_BINARY);
#endif
+ }
break;
case BIO_C_SET_FILENAME:
file_free(b);
}
form = buf[0];
y_bit = form & 1;
- form = form & ~1;
+ form = form & ~1U;
if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED)
&& (form != POINT_CONVERSION_UNCOMPRESSED)
&& (form != POINT_CONVERSION_HYBRID))
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-#define OPENSSL_VERSION_NUMBER 0x00907040L
-#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7d-dev [fips] xx XXX XXXX"
+#define OPENSSL_VERSION_NUMBER 0x00907050L
+#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7e-dev [fips] XX xxx XXXX"
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
=head1 RETURN CODES
The read routines return either a pointer to the structure read or NULL
-is an error occurred.
+if an error occurred.
The write routines return 1 for success or 0 for failure.
%define libmaj 0
%define libmin 9
%define librel 7
-%define librev c
+%define librev d
Release: 1
%define openssldir /var/ssl
printf("%s, authdata==0\n", label);
return;
}
- printf("%s [%p]\n", label, adata);
+ printf("%s [%p]\n", label, (void *)adata);
#if 0
{
int i;
return;
}
else
- printf("%p\n", kssl_ctx);
+ printf("%p\n", (void *)kssl_ctx);
printf("\tservice:\t%s\n",
(kssl_ctx->service_name)? kssl_ctx->service_name: "NULL");
goto err;
}
+ /* Check we have a cipher to change to */
+ if (s->s3->tmp.new_cipher == NULL)
+ {
+ i=SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY);
+ goto err;
+ }
+
rr->length=0;
if (s->msg_callback)
n2s(p,i);
enc_ticket.length = i;
+
+ if (n < enc_ticket.length + 6)
+ {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_R_DATA_LENGTH_TOO_LONG);
+ goto err;
+ }
+
enc_ticket.data = (char *)p;
p+=enc_ticket.length;
n2s(p,i);
authenticator.length = i;
+
+ if (n < enc_ticket.length + authenticator.length + 6)
+ {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_R_DATA_LENGTH_TOO_LONG);
+ goto err;
+ }
+
authenticator.data = (char *)p;
p+=authenticator.length;
for i in $*
do
n=`openssl x509 -issuer -noout -in $i`
- echo "$i\t$n"
+ echo "$i $n"
done
projects / oweals / openssl.git / commitdiff