diff options
author | Bodo Möller <bodo@openssl.org> | 2011-02-08 17:10:47 +0000 |
---|---|---|
committer | Bodo Möller <bodo@openssl.org> | 2011-02-08 17:10:47 +0000 |
commit | 957ebe98fb0c66bf1fb241efd96a1160cd8cf5ce (patch) | |
tree | b3c619aa38846614953cc8879dfec240282d5909 | |
parent | 9d09fc8485479a38c37a1de1378a0ded22492f7e (diff) |
OCSP stapling fix (OpenSSL 0.9.8r/1.0.0d)OpenSSL_0_9_8r
Submitted by: Neel Mehta, Adam Langley, Bodo Moeller
-rw-r--r-- | CHANGES | 5 | ||||
-rw-r--r-- | FAQ | 2 | ||||
-rw-r--r-- | LICENSE | 2 | ||||
-rw-r--r-- | NEWS | 4 | ||||
-rw-r--r-- | README | 4 | ||||
-rw-r--r-- | STATUS | 6 | ||||
-rw-r--r-- | crypto/opensslv.h | 6 | ||||
-rw-r--r-- | ssl/t1_lib.c | 8 | ||||
-rw-r--r-- | util/mkerr.pl | 2 |
9 files changed, 28 insertions, 11 deletions
@@ -2,7 +2,10 @@ OpenSSL CHANGES _______________ - Changes between 0.9.8q and 0.9.8r [xx XXX xxxx] + Changes between 0.9.8q and 0.9.8r [8 Feb 2011] + + *) Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014 + [Neel Mehta, Adam Langley, Bodo Moeller (Google)] *) Fix bug in string printing code: if *any* escaping is enabled we must escape the escape character (backslash) or the resulting string is @@ -82,7 +82,7 @@ OpenSSL - Frequently Asked Questions * Which is the current version of OpenSSL? The current version is available from <URL: http://www.openssl.org>. -OpenSSL 1.0.0c was released on Dec 2nd, 2010. +OpenSSL 1.0.0d was released on Feb 8th, 2011. In addition to the current stable release, you can also access daily snapshots of the OpenSSL development version at <URL: @@ -12,7 +12,7 @@ --------------- /* ==================================================================== - * Copyright (c) 1998-2008 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -5,6 +5,10 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r: + + o Fix for security issue CVE-2011-0014 + Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q: o Fix for security issue CVE-2010-4180 @@ -1,7 +1,7 @@ - OpenSSL 0.9.8r-dev + OpenSSL 0.9.8r - Copyright (c) 1998-2009 The OpenSSL Project + Copyright (c) 1998-2011 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson All rights reserved. @@ -1,13 +1,17 @@ OpenSSL STATUS Last modified at - ______________ $Date: 2010/12/02 18:53:51 $ + ______________ $Date: 2011/02/08 17:10:45 $ DEVELOPMENT STATE o OpenSSL 1.1.0: Under development... + o OpenSSL 1.0.1: Under development... + o OpenSSL 1.0.0d: Released on February 8nd, 2011 + o OpenSSL 1.0.0c: Released on December 2nd, 2010 o OpenSSL 1.0.0b: Released on November 16th, 2010 o OpenSSL 1.0.0a: Released on June 1st, 2010 o OpenSSL 1.0.0: Released on March 29th, 2010 + o OpenSSL 0.9.8r: Released on February 8nd, 2011 o OpenSSL 0.9.8q: Released on December 2nd, 2010 o OpenSSL 0.9.8p: Released on November 16th, 2010 o OpenSSL 0.9.8o: Released on June 1st, 2010 diff --git a/crypto/opensslv.h b/crypto/opensslv.h index c41652765c..385e1f6865 100644 --- a/crypto/opensslv.h +++ b/crypto/opensslv.h @@ -25,11 +25,11 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x00908120L +#define OPENSSL_VERSION_NUMBER 0x0090812fL #ifdef OPENSSL_FIPS -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8r-fips-dev xx XXX xxxx" +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8r-fips 8 Feb 2011" #else -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8r-dev xx XXX xxxx" +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8r 8 Feb 2011" #endif #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 0cc8320e17..92cac13002 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -521,6 +521,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in } n2s(data, idsize); dsize -= 2 + idsize; + size -= 2 + idsize; if (dsize < 0) { *al = SSL_AD_DECODE_ERROR; @@ -559,9 +560,14 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in } /* Read in request_extensions */ + if (size < 2) + { + *al = SSL_AD_DECODE_ERROR; + return 0; + } n2s(data,dsize); size -= 2; - if (dsize > size) + if (dsize != size) { *al = SSL_AD_DECODE_ERROR; return 0; diff --git a/util/mkerr.pl b/util/mkerr.pl index 5d2f2188c1..7a13130d24 100644 --- a/util/mkerr.pl +++ b/util/mkerr.pl @@ -313,7 +313,7 @@ foreach $lib (keys %csrc) } else { push @out, "/* ====================================================================\n", -" * Copyright (c) 2001-2010 The OpenSSL Project. All rights reserved.\n", +" * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved.\n", " *\n", " * Redistribution and use in source and binary forms, with or without\n", " * modification, are permitted provided that the following conditions\n", |