OpenSSL CHANGES
_______________
- Changes between 0.9.7b and 0.9.7c [xx XXX 2003]
+ Changes between 0.9.7c and 0.9.7d [xx XXX XXXX]
+
+ *)
+
+ Changes between 0.9.7b and 0.9.7c [30 Sep 2003]
+
+ *) Fix various bugs revealed by running the NISCC test suite:
+
+ Stop out of bounds reads in the ASN1 code when presented with
+ invalid tags (CAN-2003-0543 and CAN-2003-0544).
+
+ Free up ASN1_TYPE correctly if ANY type is invalid (CAN-2003-0545).
+
+ If verify callback ignores invalid public key errors don't try to check
+ certificate signature with the NULL public key.
+
+ [Steve Henson]
*) New -ignore_err option in ocsp application to stop the server
exiting on the first error in a request.
*) Clean old EAY MD5 hack from e_os.h.
[Richard Levitte]
- Changes between 0.9.6j and 0.9.6k [xx XXX 2003]
+ Changes between 0.9.6j and 0.9.6k [30 Sep 2003]
+
+ *) Fix various bugs revealed by running the NISCC test suite:
+
+ Stop out of bounds reads in the ASN1 code when presented with
+ invalid tags (CAN-2003-0543 and CAN-2003-0544).
+
+ If verify callback ignores invalid public key errors don't try to check
+ certificate signature with the NULL public key.
+
+ [Steve Henson]
*) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
if the server requested one: as stated in TLS 1.0 and SSL 3.0
* Which is the current version of OpenSSL?
The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.7b was released on April 10, 2003.
+OpenSSL 0.9.7c was released on September 30, 2003.
In addition to the current stable release, you can also access daily
snapshots of the OpenSSL development version at <URL:
fi; \
done;
cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/openssl.pc
install_docs:
@$(PERL) $(TOP)/util/mkdir-p.pl \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
$(PERL) util/extract-names.pl < $$i | \
grep -v $$filecase "^$$fn\$$" | \
+ grep -v "[ ]" | \
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
while read n; do \
$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
$(PERL) util/extract-names.pl < $$i | \
grep -v $$filecase "^$$fn\$$" | \
+ grep -v "[ ]" | \
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
while read n; do \
$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c:
+
+ o Security: fix various ASN1 parsing bugs.
+ o New -ignore_err option to OCSP utility.
+ o Various interop and bug fixes in S/MIME code.
+ o SSL/TLS protocol fix for unrequested client certificates.
+
Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b:
o Security: counter the Klima-Pokorny-Rosa extension of
o SSL/TLS: add callback to retrieve SSL/TLS messages.
o SSL/TLS: support AES cipher suites (RFC3268).
+ Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k:
+
+ o Security: fix various ASN1 parsing bugs.
+ o SSL/TLS protocol fix for unrequested client certificates.
+
Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j:
o Security: counter the Klima-Pokorny-Rosa extension of
- OpenSSL 0.9.7c-dev xx XXX 2003
+ OpenSSL 0.9.7c 30 Sep 2003
Copyright (c) 1998-2003 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
OpenSSL STATUS Last modified at
- ______________ $Date: 2003/04/10 20:22:12 $
+ ______________ $Date: 2003/10/02 10:55:20 $
DEVELOPMENT STATE
o OpenSSL 0.9.8: Under development...
+ o OpenSSL 0.9.7c: Released on September 30th, 2003
o OpenSSL 0.9.7b: Released on April 10th, 2003
o OpenSSL 0.9.7a: Released on February 19th, 2003
o OpenSSL 0.9.7: Released on December 31st, 2002
+ o OpenSSL 0.9.6k: Released on September 30th, 2003
o OpenSSL 0.9.6j: Released on April 10th, 2003
o OpenSSL 0.9.6i: Released on February 19th, 2003
o OpenSSL 0.9.6h: Released on December 5th, 2002
$ranlib =
$arflags =
+*** vxworks-mipsle
+$cc = ccmips
+$cflags = -B$(WIND_BASE)/host/$(WIND_HOST_TYPE)/lib/gcc-lib/ -DL_ENDIAN -EL -Wl,-EL -mips2 -mno-branch-likely -G 0 -fno-builtin -msoft-float -DCPU=MIPS32 -DMIPSEL -DNO_STRINGS_H -I$(WIND_BASE)/target/h
+$unistd =
+$thread_cflag =
+$sys_id = VXWORKS
+$lflags = -r
+$bn_ops =
+$bn_obj =
+$des_obj =
+$bf_obj =
+$md5_obj =
+$sha1_obj =
+$cast_obj =
+$rc4_obj =
+$rmd160_obj =
+$rc5_obj =
+$dso_scheme =
+$shared_target=
+$shared_cflag =
+$shared_ldflag =
+$shared_extension =
+$ranlib = ranlibmips
+$arflags =
+
*** vxworks-ppc405
$cc = ccppc
$cflags = -g -msoft-float -mlongcall -DCPU=PPC405 -I$(WIND_BASE)/target/h
*** vxworks-ppc860
$cc = ccppc
-$cflags = -g -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I$(WIND_BASE)/target/h
+$cflags = -nostdinc -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I$(WIND_BASE)/target/h
$unistd =
$thread_cflag =
$sys_id = VXWORKS
l<<=7L;
l|= *(p++)&0x7f;
if (--max == 0) goto err;
+ if (l > (INT_MAX >> 7L)) goto err;
}
l<<=7L;
l|= *(p++)&0x7f;
tag=(int)l;
+ if (--max == 0) goto err;
}
else
{
int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it)
{
+ ASN1_VALUE **opval = NULL;
ASN1_STRING *stmp;
ASN1_TYPE *typ = NULL;
int ret = 0;
*pval = (ASN1_VALUE *)typ;
} else typ = (ASN1_TYPE *)*pval;
if(utype != typ->type) ASN1_TYPE_set(typ, utype, NULL);
+ opval = pval;
pval = (ASN1_VALUE **)&typ->value.ptr;
}
switch(utype) {
ret = 1;
err:
- if(!ret) ASN1_TYPE_free(typ);
+ if(!ret)
+ {
+ ASN1_TYPE_free(typ);
+ if (opval)
+ *opval = NULL;
+ }
return ret;
}
* [including the GNU Public Licence.]
*/
+#include "e_os.h"
#include "des_locl.h"
/* The input and output are loaded in multiples of 8 bits.
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-#define OPENSSL_VERSION_NUMBER 0x00907030L
-#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7c-dev xx XXX 2003"
+#define OPENSSL_VERSION_NUMBER 0x00907040L
+#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7d-dev [fips] xx XXX XXXX"
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
ok=(*cb)(0,ctx);
if (!ok) goto end;
}
- if (X509_verify(xs,pkey) <= 0)
+ else if (X509_verify(xs,pkey) <= 0)
/* XXX For the final trusted self-signed cert,
* this is a waste of time. That check should
* optional so that e.g. 'openssl x509' can be
=head1 NAME
- EVP_BytesToKey - password based encryption routine
+EVP_BytesToKey - password based encryption routine
=head1 SYNOPSIS
EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate,
EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE,
-EVP_MD_CTX_copy_ex EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size,
+EVP_MD_CTX_copy_ex, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size,
EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type,
EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2,
EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj -
=head1 NOTES
Single-key DES is insecure due to its short key size. ECB mode is
-not suitable for most applications; see L<DES_modes(7)|DES_modes(7)>.
+not suitable for most applications; see L<des_modes(7)|des_modes(7)>.
The L<evp(3)|evp(3)> library provides higher-level encryption functions.
UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string,
UI_add_verify_string, UI_dup_verify_string, UI_add_input_boolean,
UI_dup_input_boolean, UI_add_info_string, UI_dup_info_string,
-UI_add_error_string, UI_dup_error_string, UI_construct_prompt
+UI_add_error_string, UI_dup_error_string, UI_construct_prompt,
UI_add_user_data, UI_get0_user_data, UI_get0_result, UI_process,
UI_ctrl, UI_set_default_method, UI_get_default_method, UI_get_method,
UI_set_method, UI_OpenSSL, ERR_load_UI_strings - New User Interface
{
MemCheck_on();
SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE);
- return(0);
+ return(1);
}
else
{
MemCheck_on();
- return(1);
+ return(0);
}
}
if (cm != NULL)
{
if (cm->type != NID_undef)
- SSL_COMP_add_compression_method(comp, cm);
+ {
+ if (SSL_COMP_add_compression_method(comp, cm) != 0)
+ {
+ fprintf(stderr,
+ "Failed to add compression method\n");
+ ERR_print_errors_fp(stderr);
+ }
+ }
else
{
fprintf(stderr,
if (/ - /) {
s/ - .*//;
s/,[ \t]+/,/g;
+ s/^[ \t]+//g;
+ s/[ \t]+$//g;
push @words, split ',';
}
}
projects / oweals / openssl.git / commitdiff