Commit 3e8b6485 authored by Bodo Möller's avatar Bodo Möller
Browse files

Fix for "Record of death" vulnerability CVE-2010-0740. 

Also, add missing CHANGES entry for CVE-2009-3245 (code changes submitted to this branch on 23 Feb 2010),
and further harmonize this version of CHANGES with the versions in the current branches.
parent f2e8488b

CHANGES

+17 −8
Original line number Diff line number Diff line
@@ -99,7 +99,7 @@ 
     whose return value is often ignored. 

     [Steve Henson]



 Changes between 0.9.8m and 1.0.0  [25 Feb 2010]

 Changes between 0.9.8n and 1.0.0  [xx XXX xxxx]



  *) Add "missing" function EVP_CIPHER_CTX_copy(). This copies a cipher

     context. The operation can be customised via the ctrl mechanism in
@@ -118,10 +118,6 @@ 
     it from client hello again. Don't allow server to change algorithm.

     [Steve Henson]



  *) Constify crypto/cast (i.e., <openssl/cast.h>): a CAST_KEY doesn't

     change when encrypting or decrypting.

     [Bodo Moeller]



  *) Add load_crls() function to apps tidying load_certs() too. Add option

     to verify utility to allow additional CRLs to be included.

     [Steve Henson]
@@ -944,7 +940,16 @@ 
  *) Change 'Configure' script to enable Camellia by default.

     [NTT]

  

   Changes between 0.9.8m and 0.9.8n [xx XXX xxxx]

 Changes between 0.9.8m and 0.9.8n [24 Mar 2010]



  *) When rejecting SSL/TLS records due to an incorrect version number, never

     update s->server with a new major version number.  As of

     - OpenSSL 0.9.8m if 'short' is a 16-bit type,

     - OpenSSL 0.9.8f if 'short' is longer than 16 bits,

     the previous behavior could result in a read attempt at NULL when

     receiving specific incorrect SSL/TLS records once record payload

     protection is active.  (CVE-2010-####)

     [Bodo Moeller, Adam Langley]



  *) Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL 

     could be crashed if the relevant tables were not present (e.g. chrooted).
@@ -986,6 +991,10 @@ 
     CVE-2009-4355.

     [Steve Henson]



  *) Constify crypto/cast (i.e., <openssl/cast.h>): a CAST_KEY doesn't

     change when encrypting or decrypting.

     [Bodo Moeller]



  *) Add option SSL_OP_LEGACY_SERVER_CONNECT which will allow clients to

     connect and renegotiate with servers which do not support RI.

     Until RI is more widely deployed this option is enabled by default.

ssl/s3_pkt.c

+3 −3
Original line number Diff line number Diff line
@@ -337,9 +337,9 @@ fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length); 
			if (version != s->version)

				{

				SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);

				/* Send back error using their

				 * version number :-) */

				s->version=version;

                                if ((s->version & 0xFF00) == (version & 0xFF00))

                                	/* Send back error using their minor version number :-) */

					s->version = (unsigned short)version;

				al=SSL_AD_PROTOCOL_VERSION;

				goto f_err;

				}