1
Only in openssl7: .CHANGES.swp
2
diff -ur openssl7/CHANGES ossl7/CHANGES
3
--- openssl7/CHANGES Thu Sep 4 12:52:10 2003
4
+++ ossl7/CHANGES Fri Sep 26 13:53:53 2003
9
- Changes between 0.9.7b and 0.9.7c [xx XXX 2003]
10
+ Changes between 0.9.7b and 0.9.7c [30 Sep 2003]
12
+ *) Fix various ASN1 parsing bugs revealed by running the NISCC test
13
+ suite. These cause the ASN1 code to perform an out of bounds read
14
+ when presented with an invalid tag (CAN-2003-0543 and CAN-2003-0544)
15
+ or corrupt the stack when presented with an invalid ANY type
19
+ *) If verify callback ignores invalid public key errors don't try to check
20
+ certificate signature with the NULL public key.
23
*) New -ignore_err option in ocsp application to stop the server
24
exiting on the first error in a request.
25
@@ -1980,7 +1991,16 @@
26
*) Clean old EAY MD5 hack from e_os.h.
29
- Changes between 0.9.6j and 0.9.6k [xx XXX 2003]
30
+ Changes between 0.9.6j and 0.9.6k [30 Sep 2003]
32
+ *) Fix various ASN1 parsing bugs revealed by running the NISCC test
33
+ suite. These cause the ASN1 code to perform an out of bounds read
34
+ when presented with an invalid tag (CAN-2003-0543 and CAN-2003-0544).
37
+ *) If verify callback ignores invalid public key errors don't try to check
38
+ certificate signature with the NULL public key.
41
*) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
42
if the server requested one: as stated in TLS 1.0 and SSL 3.0
43
diff -ur openssl7/NEWS ossl7/NEWS
44
--- openssl7/NEWS Thu Apr 10 20:37:53 2003
45
+++ ossl7/NEWS Fri Sep 26 13:49:51 2003
47
This file gives a brief overview of the major changes between each OpenSSL
48
release. For more details please read the CHANGES file.
50
+ Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c:
52
+ o Security: fix various ASN1 parsing bugs.
53
+ o New -ignore_err option to OCSP utility.
54
+ o Various interop and bug fixes in S/MIME code.
55
+ o SSL/TLS protocol fix for unrequested client certificates.
57
Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b:
59
o Security: counter the Klima-Pokorny-Rosa extension of
61
o SSL/TLS: add callback to retrieve SSL/TLS messages.
62
o SSL/TLS: support AES cipher suites (RFC3268).
64
+ Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k:
66
+ o Security: fix various ASN1 parsing bugs.
67
+ o SSL/TLS protocol fix for unrequested client certificates.
69
Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j:
71
o Security: counter the Klima-Pokorny-Rosa extension of
72
diff -ur openssl7/crypto/asn1/asn1_lib.c ossl7/crypto/asn1/asn1_lib.c
73
--- openssl7/crypto/asn1/asn1_lib.c Fri Aug 2 19:03:41 2002
74
+++ ossl7/crypto/asn1/asn1_lib.c Fri Sep 26 13:51:38 2003
78
if (--max == 0) goto err;
79
+ if (l > (INT_MAX >> 7L)) goto err;
84
+ if (--max == 0) goto err;
88
diff -ur openssl7/crypto/asn1/tasn_dec.c ossl7/crypto/asn1/tasn_dec.c
89
--- openssl7/crypto/asn1/tasn_dec.c Tue Nov 12 13:21:26 2002
90
+++ ossl7/crypto/asn1/tasn_dec.c Fri Sep 26 13:51:38 2003
93
int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it)
95
+ ASN1_VALUE **opval = NULL;
97
ASN1_TYPE *typ = NULL;
100
*pval = (ASN1_VALUE *)typ;
101
} else typ = (ASN1_TYPE *)*pval;
102
if(utype != typ->type) ASN1_TYPE_set(typ, utype, NULL);
104
pval = (ASN1_VALUE **)&typ->value.ptr;
111
- if(!ret) ASN1_TYPE_free(typ);
114
+ ASN1_TYPE_free(typ);
121
diff -ur openssl7/crypto/opensslv.h ossl7/crypto/opensslv.h
122
--- openssl7/crypto/opensslv.h Thu Apr 10 20:40:19 2003
123
+++ ossl7/crypto/opensslv.h Fri Sep 26 13:39:07 2003
125
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
126
* major minor fix final patch/beta)
128
-#define OPENSSL_VERSION_NUMBER 0x00907030L
129
-#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7c-dev xx XXX 2003"
130
+#define OPENSSL_VERSION_NUMBER 0x0090703fL
131
+#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7c 30 Sep 2003"
132
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
135
diff -ur openssl7/crypto/x509/x509_vfy.c ossl7/crypto/x509/x509_vfy.c
136
--- openssl7/crypto/x509/x509_vfy.c Wed Jun 4 00:40:47 2003
137
+++ ossl7/crypto/x509/x509_vfy.c Fri Sep 26 13:51:38 2003
142
- if (X509_verify(xs,pkey) <= 0)
143
+ else if (X509_verify(xs,pkey) <= 0)
144
/* XXX For the final trusted self-signed cert,
145
* this is a waste of time. That check should
146
* optional so that e.g. 'openssl x509' can be