1
diff -ru openssl7/CHANGES ossl7/CHANGES
2
--- openssl7/CHANGES Thu Sep 4 12:52:10 2003
3
+++ ossl7/CHANGES Fri Sep 26 14:06:35 2003
8
- Changes between 0.9.7b and 0.9.7c [xx XXX 2003]
9
+ Changes between 0.9.7b and 0.9.7c [30 Sep 2003]
11
+ *) Fix various bugs revealed by running the NISCC test suite:
13
+ Stop out of bounds reads in the ASN1 code when presented with
14
+ invalid tags (CAN-2003-0543 and CAN-2003-0544).
16
+ Free up ASN1_TYPE correctly if ANY type is invalid (CAN-2003-0545).
18
+ If verify callback ignores invalid public key errors don't try to check
19
+ certificate signature with the NULL public key.
23
*) New -ignore_err option in ocsp application to stop the server
24
exiting on the first error in a request.
25
@@ -1980,7 +1992,17 @@
26
*) Clean old EAY MD5 hack from e_os.h.
29
- Changes between 0.9.6j and 0.9.6k [xx XXX 2003]
30
+ Changes between 0.9.6j and 0.9.6k [30 Sep 2003]
32
+ *) Fix various bugs revealed by running the NISCC test suite:
34
+ Stop out of bounds reads in the ASN1 code when presented with
35
+ invalid tags (CAN-2003-0543 and CAN-2003-0544).
37
+ If verify callback ignores invalid public key errors don't try to check
38
+ certificate signature with the NULL public key.
42
*) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
43
if the server requested one: as stated in TLS 1.0 and SSL 3.0
44
diff -ru openssl7/NEWS ossl7/NEWS
45
--- openssl7/NEWS Thu Apr 10 20:37:53 2003
46
+++ ossl7/NEWS Fri Sep 26 13:49:51 2003
48
This file gives a brief overview of the major changes between each OpenSSL
49
release. For more details please read the CHANGES file.
51
+ Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c:
53
+ o Security: fix various ASN1 parsing bugs.
54
+ o New -ignore_err option to OCSP utility.
55
+ o Various interop and bug fixes in S/MIME code.
56
+ o SSL/TLS protocol fix for unrequested client certificates.
58
Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b:
60
o Security: counter the Klima-Pokorny-Rosa extension of
62
o SSL/TLS: add callback to retrieve SSL/TLS messages.
63
o SSL/TLS: support AES cipher suites (RFC3268).
65
+ Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k:
67
+ o Security: fix various ASN1 parsing bugs.
68
+ o SSL/TLS protocol fix for unrequested client certificates.
70
Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j:
72
o Security: counter the Klima-Pokorny-Rosa extension of
73
diff -ru openssl7/crypto/asn1/asn1_lib.c ossl7/crypto/asn1/asn1_lib.c
74
--- openssl7/crypto/asn1/asn1_lib.c Fri Aug 2 19:03:41 2002
75
+++ ossl7/crypto/asn1/asn1_lib.c Fri Sep 26 13:51:38 2003
79
if (--max == 0) goto err;
80
+ if (l > (INT_MAX >> 7L)) goto err;
85
+ if (--max == 0) goto err;
89
diff -ru openssl7/crypto/asn1/tasn_dec.c ossl7/crypto/asn1/tasn_dec.c
90
--- openssl7/crypto/asn1/tasn_dec.c Tue Nov 12 13:21:26 2002
91
+++ ossl7/crypto/asn1/tasn_dec.c Fri Sep 26 13:51:38 2003
94
int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it)
96
+ ASN1_VALUE **opval = NULL;
98
ASN1_TYPE *typ = NULL;
101
*pval = (ASN1_VALUE *)typ;
102
} else typ = (ASN1_TYPE *)*pval;
103
if(utype != typ->type) ASN1_TYPE_set(typ, utype, NULL);
105
pval = (ASN1_VALUE **)&typ->value.ptr;
112
- if(!ret) ASN1_TYPE_free(typ);
115
+ ASN1_TYPE_free(typ);
122
diff -ru openssl7/crypto/opensslv.h ossl7/crypto/opensslv.h
123
--- openssl7/crypto/opensslv.h Thu Apr 10 20:40:19 2003
124
+++ ossl7/crypto/opensslv.h Fri Sep 26 13:39:07 2003
126
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
127
* major minor fix final patch/beta)
129
-#define OPENSSL_VERSION_NUMBER 0x00907030L
130
-#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7c-dev xx XXX 2003"
131
+#define OPENSSL_VERSION_NUMBER 0x0090703fL
132
+#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7c 30 Sep 2003"
133
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
136
diff -ru openssl7/crypto/x509/x509_vfy.c ossl7/crypto/x509/x509_vfy.c
137
--- openssl7/crypto/x509/x509_vfy.c Wed Jun 4 00:40:47 2003
138
+++ ossl7/crypto/x509/x509_vfy.c Fri Sep 26 13:51:38 2003
143
- if (X509_verify(xs,pkey) <= 0)
144
+ else if (X509_verify(xs,pkey) <= 0)
145
/* XXX For the final trusted self-signed cert,
146
* this is a waste of time. That check should
147
* optional so that e.g. 'openssl x509' can be