Loading NEWS +18 −0 Original line number Original line Diff line number Diff line Loading @@ -5,6 +5,12 @@ This file gives a brief overview of the major changes between each OpenSSL This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. release. For more details please read the CHANGES file. Major changes between OpenSSL 1.0.1 and OpenSSL 1.0.1a: o Fix for ASN1 overflow bug CVE-2012-2110 o Workarounds for some servers that hang on long client hellos. o Fix SEGV in AES code. Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1: Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1: o TLS/DTLS heartbeat support. o TLS/DTLS heartbeat support. Loading @@ -18,6 +24,10 @@ o Preliminary FIPS capability for unvalidated 2.0 FIPS module. o Preliminary FIPS capability for unvalidated 2.0 FIPS module. o SRP support. o SRP support. Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.0i: o Fix for ASN1 overflow bug CVE-2012-2110 Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h: Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h: o Fix for CMS/PKCS#7 MMA CVE-2012-0884 o Fix for CMS/PKCS#7 MMA CVE-2012-0884 Loading Loading @@ -90,6 +100,14 @@ o Opaque PRF Input TLS extension support. o Opaque PRF Input TLS extension support. o Updated time routines to avoid OS limitations. o Updated time routines to avoid OS limitations. Major changes between OpenSSL 0.9.8v and OpenSSL 0.9.8w: o Fix for CVE-2012-2131 (corrected fix for 0.9.8 and CVE-2012-2110) Major changes between OpenSSL 0.9.8u and OpenSSL 0.9.8v: o Fix for ASN1 overflow bug CVE-2012-2110 Major changes between OpenSSL 0.9.8t and OpenSSL 0.9.8u: Major changes between OpenSSL 0.9.8t and OpenSSL 0.9.8u: o Fix for CMS/PKCS#7 MMA CVE-2012-0884 o Fix for CMS/PKCS#7 MMA CVE-2012-0884 Loading apps/s_cb.c +13 −0 Original line number Original line Diff line number Diff line Loading @@ -285,6 +285,19 @@ int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key, return 1; return 1; } } typedef struct { X509 *cert; EVP_PKEY *key; STACK_OF(X509) *chain; struct ssl_excert_st *next; } SSL_EXCERT; static int set_cert_cb(SSL *ssl, void *arg) { return 1; } int ssl_print_sigalgs(BIO *out, SSL *s) int ssl_print_sigalgs(BIO *out, SSL *s) { { int i, nsig; int i, nsig; Loading ssl/s3_clnt.c +7 −0 Original line number Original line Diff line number Diff line Loading @@ -3161,6 +3161,13 @@ int ssl3_send_client_certificate(SSL *s) if (s->state == SSL3_ST_CW_CERT_A) if (s->state == SSL3_ST_CW_CERT_A) { { /* Let cert callback update client certificates if required */ if (s->cert->cert_cb && s->cert->cert_cb(s, s->cert->cert_cb_arg) <= 0) { ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INTERNAL_ERROR); return 0; } if (ssl3_check_client_certificate(s)) if (ssl3_check_client_certificate(s)) s->state=SSL3_ST_CW_CERT_C; s->state=SSL3_ST_CW_CERT_C; else else Loading ssl/s3_srvr.c +8 −0 Original line number Original line Diff line number Diff line Loading @@ -1341,6 +1341,14 @@ int ssl3_get_client_hello(SSL *s) SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_PASSED); SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_PASSED); goto f_err; goto f_err; } } /* Let cert callback update server certificates if required */ if (s->cert->cert_cb && s->cert->cert_cb(s, s->cert->cert_cb_arg) <= 0) { al=SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CERT_CB_ERROR); goto f_err; } ciphers=NULL; ciphers=NULL; c=ssl3_choose_cipher(s,s->session->ciphers, c=ssl3_choose_cipher(s,s->session->ciphers, SSL_get_ciphers(s)); SSL_get_ciphers(s)); Loading ssl/ssl.h +4 −0 Original line number Original line Diff line number Diff line Loading @@ -1759,6 +1759,7 @@ int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *); void SSL_set_verify(SSL *s, int mode, void SSL_set_verify(SSL *s, int mode, int (*callback)(int ok,X509_STORE_CTX *ctx)); int (*callback)(int ok,X509_STORE_CTX *ctx)); void SSL_set_verify_depth(SSL *s, int depth); void SSL_set_verify_depth(SSL *s, int depth); void SSL_set_cert_cb(SSL *s, int (*cb)(SSL *ssl, void *arg), void *arg); #ifndef OPENSSL_NO_RSA #ifndef OPENSSL_NO_RSA int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); #endif #endif Loading Loading @@ -1837,6 +1838,7 @@ void SSL_CTX_set_verify(SSL_CTX *ctx,int mode, int (*callback)(int, X509_STORE_CTX *)); int (*callback)(int, X509_STORE_CTX *)); void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth); void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth); void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg); void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg); void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb)(SSL *ssl, void *arg), void *arg); #ifndef OPENSSL_NO_RSA #ifndef OPENSSL_NO_RSA int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); #endif #endif Loading Loading @@ -1892,6 +1894,7 @@ char *SSL_get_srp_username(SSL *s); char *SSL_get_srp_userinfo(SSL *s); char *SSL_get_srp_userinfo(SSL *s); #endif #endif void SSL_certs_clear(SSL *s); void SSL_free(SSL *ssl); void SSL_free(SSL *ssl); int SSL_accept(SSL *ssl); int SSL_accept(SSL *ssl); int SSL_connect(SSL *ssl); int SSL_connect(SSL *ssl); Loading Loading @@ -2387,6 +2390,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_CA_DN_TOO_LONG 132 #define SSL_R_CA_DN_TOO_LONG 132 #define SSL_R_CCS_RECEIVED_EARLY 133 #define SSL_R_CCS_RECEIVED_EARLY 133 #define SSL_R_CERTIFICATE_VERIFY_FAILED 134 #define SSL_R_CERTIFICATE_VERIFY_FAILED 134 #define SSL_R_CERT_CB_ERROR 371 #define SSL_R_CERT_LENGTH_MISMATCH 135 #define SSL_R_CERT_LENGTH_MISMATCH 135 #define SSL_R_CHALLENGE_IS_DIFFERENT 136 #define SSL_R_CHALLENGE_IS_DIFFERENT 136 #define SSL_R_CIPHER_CODE_WRONG_LENGTH 137 #define SSL_R_CIPHER_CODE_WRONG_LENGTH 137 Loading Loading
NEWS +18 −0 Original line number Original line Diff line number Diff line Loading @@ -5,6 +5,12 @@ This file gives a brief overview of the major changes between each OpenSSL This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. release. For more details please read the CHANGES file. Major changes between OpenSSL 1.0.1 and OpenSSL 1.0.1a: o Fix for ASN1 overflow bug CVE-2012-2110 o Workarounds for some servers that hang on long client hellos. o Fix SEGV in AES code. Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1: Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1: o TLS/DTLS heartbeat support. o TLS/DTLS heartbeat support. Loading @@ -18,6 +24,10 @@ o Preliminary FIPS capability for unvalidated 2.0 FIPS module. o Preliminary FIPS capability for unvalidated 2.0 FIPS module. o SRP support. o SRP support. Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.0i: o Fix for ASN1 overflow bug CVE-2012-2110 Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h: Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h: o Fix for CMS/PKCS#7 MMA CVE-2012-0884 o Fix for CMS/PKCS#7 MMA CVE-2012-0884 Loading Loading @@ -90,6 +100,14 @@ o Opaque PRF Input TLS extension support. o Opaque PRF Input TLS extension support. o Updated time routines to avoid OS limitations. o Updated time routines to avoid OS limitations. Major changes between OpenSSL 0.9.8v and OpenSSL 0.9.8w: o Fix for CVE-2012-2131 (corrected fix for 0.9.8 and CVE-2012-2110) Major changes between OpenSSL 0.9.8u and OpenSSL 0.9.8v: o Fix for ASN1 overflow bug CVE-2012-2110 Major changes between OpenSSL 0.9.8t and OpenSSL 0.9.8u: Major changes between OpenSSL 0.9.8t and OpenSSL 0.9.8u: o Fix for CMS/PKCS#7 MMA CVE-2012-0884 o Fix for CMS/PKCS#7 MMA CVE-2012-0884 Loading
apps/s_cb.c +13 −0 Original line number Original line Diff line number Diff line Loading @@ -285,6 +285,19 @@ int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key, return 1; return 1; } } typedef struct { X509 *cert; EVP_PKEY *key; STACK_OF(X509) *chain; struct ssl_excert_st *next; } SSL_EXCERT; static int set_cert_cb(SSL *ssl, void *arg) { return 1; } int ssl_print_sigalgs(BIO *out, SSL *s) int ssl_print_sigalgs(BIO *out, SSL *s) { { int i, nsig; int i, nsig; Loading
ssl/s3_clnt.c +7 −0 Original line number Original line Diff line number Diff line Loading @@ -3161,6 +3161,13 @@ int ssl3_send_client_certificate(SSL *s) if (s->state == SSL3_ST_CW_CERT_A) if (s->state == SSL3_ST_CW_CERT_A) { { /* Let cert callback update client certificates if required */ if (s->cert->cert_cb && s->cert->cert_cb(s, s->cert->cert_cb_arg) <= 0) { ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INTERNAL_ERROR); return 0; } if (ssl3_check_client_certificate(s)) if (ssl3_check_client_certificate(s)) s->state=SSL3_ST_CW_CERT_C; s->state=SSL3_ST_CW_CERT_C; else else Loading
ssl/s3_srvr.c +8 −0 Original line number Original line Diff line number Diff line Loading @@ -1341,6 +1341,14 @@ int ssl3_get_client_hello(SSL *s) SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_PASSED); SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_PASSED); goto f_err; goto f_err; } } /* Let cert callback update server certificates if required */ if (s->cert->cert_cb && s->cert->cert_cb(s, s->cert->cert_cb_arg) <= 0) { al=SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CERT_CB_ERROR); goto f_err; } ciphers=NULL; ciphers=NULL; c=ssl3_choose_cipher(s,s->session->ciphers, c=ssl3_choose_cipher(s,s->session->ciphers, SSL_get_ciphers(s)); SSL_get_ciphers(s)); Loading
ssl/ssl.h +4 −0 Original line number Original line Diff line number Diff line Loading @@ -1759,6 +1759,7 @@ int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *); void SSL_set_verify(SSL *s, int mode, void SSL_set_verify(SSL *s, int mode, int (*callback)(int ok,X509_STORE_CTX *ctx)); int (*callback)(int ok,X509_STORE_CTX *ctx)); void SSL_set_verify_depth(SSL *s, int depth); void SSL_set_verify_depth(SSL *s, int depth); void SSL_set_cert_cb(SSL *s, int (*cb)(SSL *ssl, void *arg), void *arg); #ifndef OPENSSL_NO_RSA #ifndef OPENSSL_NO_RSA int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); #endif #endif Loading Loading @@ -1837,6 +1838,7 @@ void SSL_CTX_set_verify(SSL_CTX *ctx,int mode, int (*callback)(int, X509_STORE_CTX *)); int (*callback)(int, X509_STORE_CTX *)); void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth); void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth); void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg); void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg); void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb)(SSL *ssl, void *arg), void *arg); #ifndef OPENSSL_NO_RSA #ifndef OPENSSL_NO_RSA int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); #endif #endif Loading Loading @@ -1892,6 +1894,7 @@ char *SSL_get_srp_username(SSL *s); char *SSL_get_srp_userinfo(SSL *s); char *SSL_get_srp_userinfo(SSL *s); #endif #endif void SSL_certs_clear(SSL *s); void SSL_free(SSL *ssl); void SSL_free(SSL *ssl); int SSL_accept(SSL *ssl); int SSL_accept(SSL *ssl); int SSL_connect(SSL *ssl); int SSL_connect(SSL *ssl); Loading Loading @@ -2387,6 +2390,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_CA_DN_TOO_LONG 132 #define SSL_R_CA_DN_TOO_LONG 132 #define SSL_R_CCS_RECEIVED_EARLY 133 #define SSL_R_CCS_RECEIVED_EARLY 133 #define SSL_R_CERTIFICATE_VERIFY_FAILED 134 #define SSL_R_CERTIFICATE_VERIFY_FAILED 134 #define SSL_R_CERT_CB_ERROR 371 #define SSL_R_CERT_LENGTH_MISMATCH 135 #define SSL_R_CERT_LENGTH_MISMATCH 135 #define SSL_R_CHALLENGE_IS_DIFFERENT 136 #define SSL_R_CHALLENGE_IS_DIFFERENT 136 #define SSL_R_CIPHER_CODE_WRONG_LENGTH 137 #define SSL_R_CIPHER_CODE_WRONG_LENGTH 137 Loading
