Loading CHANGES +34 −2 Original line number Diff line number Diff line Loading @@ -555,7 +555,19 @@ differing sizes. [Richard Levitte] Changes between 0.9.7b and 0.9.7c [xx XXX 2003] Changes between 0.9.7b and 0.9.7c [30 Sep 2003] *) Fix various bugs revealed by running the NISCC test suite: Stop out of bounds reads in the ASN1 code when presented with invalid tags (CAN-2003-0543 and CAN-2003-0544). Free up ASN1_TYPE correctly if ANY type is invalid (CAN-2003-0545). If verify callback ignores invalid public key errors don't try to check certificate signature with the NULL public key. [Steve Henson] *) New -ignore_err option in ocsp application to stop the server exiting on the first error in a request. Loading Loading @@ -2530,7 +2542,27 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Clean old EAY MD5 hack from e_os.h. [Richard Levitte] Changes between 0.9.6j and 0.9.6k [xx XXX 2003] Changes between 0.9.6j and 0.9.6k [30 Sep 2003] *) Fix various bugs revealed by running the NISCC test suite: Stop out of bounds reads in the ASN1 code when presented with invalid tags (CAN-2003-0543 and CAN-2003-0544). If verify callback ignores invalid public key errors don't try to check certificate signature with the NULL public key. [Steve Henson] *) Fix various bugs revealed by running the NISCC test suite: Stop out of bounds reads in the ASN1 code when presented with invalid tags (CAN-2003-0543 and CAN-2003-0544). If verify callback ignores invalid public key errors don't try to check certificate signature with the NULL public key. [Steve Henson] *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate if the server requested one: as stated in TLS 1.0 and SSL 3.0 Loading FAQ +1 −1 Original line number Diff line number Diff line Loading @@ -68,7 +68,7 @@ OpenSSL - Frequently Asked Questions * Which is the current version of OpenSSL? The current version is available from <URL: http://www.openssl.org>. OpenSSL 0.9.7a was released on February 19, 2003. OpenSSL 0.9.7c was released on September 30, 2003. In addition to the current stable release, you can also access daily snapshots of the OpenSSL development version at <URL: Loading NEWS +16 −1 Original line number Diff line number Diff line Loading @@ -5,6 +5,13 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c: o Security: fix various ASN1 parsing bugs. o New -ignore_err option to OCSP utility. o Various interop and bug fixes in S/MIME code. o SSL/TLS protocol fix for unrequested client certificates. Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b: o Security: counter the Klima-Pokorny-Rosa extension of Loading Loading @@ -40,11 +47,14 @@ o New elliptic curve library section. o New AES (Rijndael) library section. o Support for new platforms: Windows CE, Tandem OSS, A/UX, AIX 64-bit, Linux x86_64 Linux x86_64, Linux 64-bit on Sparc v9 o Extended support for some platforms: VxWorks o Enhanced support for shared libraries. o Now only builds PIC code when shared library support is requested. o Support for pkg-config. o Lots of new manuals. o Makes symbolic links to or copies of manuals to cover all described functions. o Change DES API to clean up the namespace (some applications link also against libdes providing similar functions having the same name). Provide macros for backward compatibility (will be removed in the Loading @@ -70,6 +80,11 @@ o SSL/TLS: add callback to retrieve SSL/TLS messages. o SSL/TLS: support AES cipher suites (RFC3268). Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k: o Security: fix various ASN1 parsing bugs. o SSL/TLS protocol fix for unrequested client certificates. Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j: o Security: counter the Klima-Pokorny-Rosa extension of Loading crypto/asn1/asn1_lib.c +2 −0 Original line number Diff line number Diff line Loading @@ -104,10 +104,12 @@ int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass, l<<=7L; l|= *(p++)&0x7f; if (--max == 0) goto err; if (l > (INT_MAX >> 7L)) goto err; } l<<=7L; l|= *(p++)&0x7f; tag=(int)l; if (--max == 0) goto err; } else { Loading crypto/asn1/tasn_dec.c +8 −1 Original line number Diff line number Diff line Loading @@ -692,6 +692,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long inl int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it) { ASN1_VALUE **opval = NULL; ASN1_STRING *stmp; ASN1_TYPE *typ = NULL; int ret = 0; Loading @@ -706,6 +707,7 @@ int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *pval = (ASN1_VALUE *)typ; } else typ = (ASN1_TYPE *)*pval; if(utype != typ->type) ASN1_TYPE_set(typ, utype, NULL); opval = pval; pval = (ASN1_VALUE **)&typ->value.ptr; } switch(utype) { Loading Loading @@ -797,7 +799,12 @@ int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char ret = 1; err: if(!ret) ASN1_TYPE_free(typ); if(!ret) { ASN1_TYPE_free(typ); if (opval) *opval = NULL; } return ret; } Loading Loading
CHANGES +34 −2 Original line number Diff line number Diff line Loading @@ -555,7 +555,19 @@ differing sizes. [Richard Levitte] Changes between 0.9.7b and 0.9.7c [xx XXX 2003] Changes between 0.9.7b and 0.9.7c [30 Sep 2003] *) Fix various bugs revealed by running the NISCC test suite: Stop out of bounds reads in the ASN1 code when presented with invalid tags (CAN-2003-0543 and CAN-2003-0544). Free up ASN1_TYPE correctly if ANY type is invalid (CAN-2003-0545). If verify callback ignores invalid public key errors don't try to check certificate signature with the NULL public key. [Steve Henson] *) New -ignore_err option in ocsp application to stop the server exiting on the first error in a request. Loading Loading @@ -2530,7 +2542,27 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Clean old EAY MD5 hack from e_os.h. [Richard Levitte] Changes between 0.9.6j and 0.9.6k [xx XXX 2003] Changes between 0.9.6j and 0.9.6k [30 Sep 2003] *) Fix various bugs revealed by running the NISCC test suite: Stop out of bounds reads in the ASN1 code when presented with invalid tags (CAN-2003-0543 and CAN-2003-0544). If verify callback ignores invalid public key errors don't try to check certificate signature with the NULL public key. [Steve Henson] *) Fix various bugs revealed by running the NISCC test suite: Stop out of bounds reads in the ASN1 code when presented with invalid tags (CAN-2003-0543 and CAN-2003-0544). If verify callback ignores invalid public key errors don't try to check certificate signature with the NULL public key. [Steve Henson] *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate if the server requested one: as stated in TLS 1.0 and SSL 3.0 Loading
FAQ +1 −1 Original line number Diff line number Diff line Loading @@ -68,7 +68,7 @@ OpenSSL - Frequently Asked Questions * Which is the current version of OpenSSL? The current version is available from <URL: http://www.openssl.org>. OpenSSL 0.9.7a was released on February 19, 2003. OpenSSL 0.9.7c was released on September 30, 2003. In addition to the current stable release, you can also access daily snapshots of the OpenSSL development version at <URL: Loading
NEWS +16 −1 Original line number Diff line number Diff line Loading @@ -5,6 +5,13 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c: o Security: fix various ASN1 parsing bugs. o New -ignore_err option to OCSP utility. o Various interop and bug fixes in S/MIME code. o SSL/TLS protocol fix for unrequested client certificates. Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b: o Security: counter the Klima-Pokorny-Rosa extension of Loading Loading @@ -40,11 +47,14 @@ o New elliptic curve library section. o New AES (Rijndael) library section. o Support for new platforms: Windows CE, Tandem OSS, A/UX, AIX 64-bit, Linux x86_64 Linux x86_64, Linux 64-bit on Sparc v9 o Extended support for some platforms: VxWorks o Enhanced support for shared libraries. o Now only builds PIC code when shared library support is requested. o Support for pkg-config. o Lots of new manuals. o Makes symbolic links to or copies of manuals to cover all described functions. o Change DES API to clean up the namespace (some applications link also against libdes providing similar functions having the same name). Provide macros for backward compatibility (will be removed in the Loading @@ -70,6 +80,11 @@ o SSL/TLS: add callback to retrieve SSL/TLS messages. o SSL/TLS: support AES cipher suites (RFC3268). Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k: o Security: fix various ASN1 parsing bugs. o SSL/TLS protocol fix for unrequested client certificates. Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j: o Security: counter the Klima-Pokorny-Rosa extension of Loading
crypto/asn1/asn1_lib.c +2 −0 Original line number Diff line number Diff line Loading @@ -104,10 +104,12 @@ int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass, l<<=7L; l|= *(p++)&0x7f; if (--max == 0) goto err; if (l > (INT_MAX >> 7L)) goto err; } l<<=7L; l|= *(p++)&0x7f; tag=(int)l; if (--max == 0) goto err; } else { Loading
crypto/asn1/tasn_dec.c +8 −1 Original line number Diff line number Diff line Loading @@ -692,6 +692,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long inl int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it) { ASN1_VALUE **opval = NULL; ASN1_STRING *stmp; ASN1_TYPE *typ = NULL; int ret = 0; Loading @@ -706,6 +707,7 @@ int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *pval = (ASN1_VALUE *)typ; } else typ = (ASN1_TYPE *)*pval; if(utype != typ->type) ASN1_TYPE_set(typ, utype, NULL); opval = pval; pval = (ASN1_VALUE **)&typ->value.ptr; } switch(utype) { Loading Loading @@ -797,7 +799,12 @@ int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char ret = 1; err: if(!ret) ASN1_TYPE_free(typ); if(!ret) { ASN1_TYPE_free(typ); if (opval) *opval = NULL; } return ret; } Loading
