Loading CHANGES +24 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,30 @@ Changes between 0.9.6c and 0.9.6d [XX xxx XXXX] *) Fix BASE64 decode (EVP_DecodeUpdate) for data with CR/LF ended lines: an end-of-file condition would erronously be flagged, when the CRLF was just at the end of a processed block. The bug was discovered when processing data through a buffering memory BIO handing the data to a BASE64-decoding BIO. Bug fund and patch submitted by Pavel Tsekov <ptsekov@syntrex.com> and Nedelcho Stanev. [Lutz Jaenicke] *) Implement a countermeasure against a vulnerability recently found in CBC ciphersuites in SSL 3.0/TLS 1.0: Send an empty fragment before application data chunks to avoid the use of known IVs with data potentially chosen by the attacker. [Bodo Moeller] *) Fix length checks in ssl3_get_client_hello(). [Bodo Moeller] *) TLS/SSL library bugfix: use s->s3->in_read_app_data differently to prevent ssl3_read_internal() from incorrectly assuming that ssl3_read_bytes() found application data while handshake processing was enabled when in fact s->s3->in_read_app_data was merely automatically cleared during the initial handshake. [Bodo Moeller; problem pointed out by Arne Ansper <arne@ats.cyber.ee>] *) Fix object definitions for Private and Enterprise: they were not recognized in their shortname (=lowercase) representation. Extend obj_dat.pl to issue an error when using undefined keywords instead Loading NEWS +5 −0 Original line number Diff line number Diff line Loading @@ -5,6 +5,11 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. Changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d: o Various SSL/TLS library bugfixes. o Fix DH parameter generation for 'non-standard' generators. Changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c: o Various SSL/TLS library bugfixes. Loading apps/smime.c +2 −2 Original line number Diff line number Diff line Loading @@ -481,9 +481,9 @@ int MAIN(int argc, char **argv) } else if(operation == SMIME_VERIFY) { STACK_OF(X509) *signers; if(PKCS7_verify(p7, other, store, indata, out, flags)) { BIO_printf(bio_err, "Verification Successful\n"); BIO_printf(bio_err, "Verification successful\n"); } else { BIO_printf(bio_err, "Verification Failure\n"); BIO_printf(bio_err, "Verification failure\n"); goto end; } signers = PKCS7_get0_signers(p7, other, flags); Loading crypto/evp/encode.c +7 −0 Original line number Diff line number Diff line Loading @@ -277,6 +277,13 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, eof++; } if (v == B64_CR) { ln = 0; if (exp_nl) continue; } /* eoln */ if (v == B64_EOLN) { Loading crypto/objects/obj_dat.c +2 −0 Original line number Diff line number Diff line Loading @@ -645,6 +645,8 @@ int OBJ_create(char *oid, char *sn, char *ln) return(0); } i=a2d_ASN1_OBJECT(buf,i,oid,-1); if (i == 0) goto err; op=(ASN1_OBJECT *)ASN1_OBJECT_create(OBJ_new_nid(1),buf,i,sn,ln); if (op == NULL) goto err; Loading Loading
CHANGES +24 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,30 @@ Changes between 0.9.6c and 0.9.6d [XX xxx XXXX] *) Fix BASE64 decode (EVP_DecodeUpdate) for data with CR/LF ended lines: an end-of-file condition would erronously be flagged, when the CRLF was just at the end of a processed block. The bug was discovered when processing data through a buffering memory BIO handing the data to a BASE64-decoding BIO. Bug fund and patch submitted by Pavel Tsekov <ptsekov@syntrex.com> and Nedelcho Stanev. [Lutz Jaenicke] *) Implement a countermeasure against a vulnerability recently found in CBC ciphersuites in SSL 3.0/TLS 1.0: Send an empty fragment before application data chunks to avoid the use of known IVs with data potentially chosen by the attacker. [Bodo Moeller] *) Fix length checks in ssl3_get_client_hello(). [Bodo Moeller] *) TLS/SSL library bugfix: use s->s3->in_read_app_data differently to prevent ssl3_read_internal() from incorrectly assuming that ssl3_read_bytes() found application data while handshake processing was enabled when in fact s->s3->in_read_app_data was merely automatically cleared during the initial handshake. [Bodo Moeller; problem pointed out by Arne Ansper <arne@ats.cyber.ee>] *) Fix object definitions for Private and Enterprise: they were not recognized in their shortname (=lowercase) representation. Extend obj_dat.pl to issue an error when using undefined keywords instead Loading
NEWS +5 −0 Original line number Diff line number Diff line Loading @@ -5,6 +5,11 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. Changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d: o Various SSL/TLS library bugfixes. o Fix DH parameter generation for 'non-standard' generators. Changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c: o Various SSL/TLS library bugfixes. Loading
apps/smime.c +2 −2 Original line number Diff line number Diff line Loading @@ -481,9 +481,9 @@ int MAIN(int argc, char **argv) } else if(operation == SMIME_VERIFY) { STACK_OF(X509) *signers; if(PKCS7_verify(p7, other, store, indata, out, flags)) { BIO_printf(bio_err, "Verification Successful\n"); BIO_printf(bio_err, "Verification successful\n"); } else { BIO_printf(bio_err, "Verification Failure\n"); BIO_printf(bio_err, "Verification failure\n"); goto end; } signers = PKCS7_get0_signers(p7, other, flags); Loading
crypto/evp/encode.c +7 −0 Original line number Diff line number Diff line Loading @@ -277,6 +277,13 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, eof++; } if (v == B64_CR) { ln = 0; if (exp_nl) continue; } /* eoln */ if (v == B64_EOLN) { Loading
crypto/objects/obj_dat.c +2 −0 Original line number Diff line number Diff line Loading @@ -645,6 +645,8 @@ int OBJ_create(char *oid, char *sn, char *ln) return(0); } i=a2d_ASN1_OBJECT(buf,i,oid,-1); if (i == 0) goto err; op=(ASN1_OBJECT *)ASN1_OBJECT_create(OBJ_new_nid(1),buf,i,sn,ln); if (op == NULL) goto err; Loading
