diff options
author | Bodo Möller <bodo@openssl.org> | 2011-02-08 18:48:57 +0100 |
---|---|---|
committer | Bodo Möller <bodo@openssl.org> | 2011-02-08 18:48:57 +0100 |
commit | 9770924f9bd6de3d64041f4a725dea7c958721b7 (patch) | |
tree | b5f4423e7098b1ca8c291c03b1d0e4304a216e32 | |
parent | Link GCM into FIPS module. Check return value in EVP gcm. (diff) | |
download | openssl-9770924f9bd6de3d64041f4a725dea7c958721b7.tar.xz openssl-9770924f9bd6de3d64041f4a725dea7c958721b7.zip |
OCSP stapling fix (OpenSSL 0.9.8r/1.0.0d)
Submitted by: Neel Mehta, Adam Langley, Bodo Moeller
-rw-r--r-- | FAQ | 2 | ||||
-rw-r--r-- | LICENSE | 2 | ||||
-rw-r--r-- | NEWS | 8 | ||||
-rw-r--r-- | README | 4 | ||||
-rw-r--r-- | STATUS | 9 | ||||
-rw-r--r-- | ssl/t1_lib.c | 8 | ||||
-rw-r--r-- | util/mkerr.pl | 2 |
7 files changed, 28 insertions, 7 deletions
@@ -82,7 +82,7 @@ OpenSSL - Frequently Asked Questions * Which is the current version of OpenSSL? The current version is available from <URL: http://www.openssl.org>. -OpenSSL 1.0.0c was released on Dec 2nd, 2010. +OpenSSL 1.0.0d was released on Feb 8th, 2011. In addition to the current stable release, you can also access daily snapshots of the OpenSSL development version at <URL: @@ -12,7 +12,7 @@ --------------- /* ==================================================================== - * Copyright (c) 1998-2008 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -5,6 +5,10 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.0.0c and OpenSSL 1.0.0d: + + o Fix for security issue CVE-2011-0014 + Major changes between OpenSSL 1.0.0b and OpenSSL 1.0.0c: o Fix for security issue CVE-2010-4180 @@ -47,6 +51,10 @@ o Opaque PRF Input TLS extension support. o Updated time routines to avoid OS limitations. + Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r: + + o Fix for security issue CVE-2011-0014 + Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q: o Fix for security issue CVE-2010-4180 @@ -1,7 +1,7 @@ - OpenSSL 1.1.0-dev XX xxx XXXX + OpenSSL 1.1.0-dev - Copyright (c) 1998-2009 The OpenSSL Project + Copyright (c) 1998-2011 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson All rights reserved. @@ -1,13 +1,20 @@ OpenSSL STATUS Last modified at - ______________ $Date: 2010/11/16 14:18:51 $ + ______________ $Date: 2011/02/08 17:48:56 $ DEVELOPMENT STATE o OpenSSL 1.1.0: Under development... + o OpenSSL 1.0.1: Under development... + o OpenSSL 1.0.0d: Released on February 8nd, 2011 + o OpenSSL 1.0.0c: Released on December 2nd, 2010 o OpenSSL 1.0.0b: Released on November 16th, 2010 o OpenSSL 1.0.0a: Released on June 1st, 2010 o OpenSSL 1.0.0: Released on March 29th, 2010 + o OpenSSL 0.9.8r: Released on February 8nd, 2011 + o OpenSSL 0.9.8q: Released on December 2nd, 2010 + o OpenSSL 0.9.8p: Released on November 16th, 2010 + o OpenSSL 0.9.8o: Released on June 1st, 2010 o OpenSSL 0.9.8n: Released on March 24th, 2010 o OpenSSL 0.9.8m: Released on February 25th, 2010 o OpenSSL 0.9.8l: Released on November 5th, 2009 diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 277280865b..4f8199f0cf 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -954,6 +954,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in } n2s(data, idsize); dsize -= 2 + idsize; + size -= 2 + idsize; if (dsize < 0) { *al = SSL_AD_DECODE_ERROR; @@ -992,9 +993,14 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in } /* Read in request_extensions */ + if (size < 2) + { + *al = SSL_AD_DECODE_ERROR; + return 0; + } n2s(data,dsize); size -= 2; - if (dsize > size) + if (dsize != size) { *al = SSL_AD_DECODE_ERROR; return 0; diff --git a/util/mkerr.pl b/util/mkerr.pl index 5dd89582c5..43b3af6555 100644 --- a/util/mkerr.pl +++ b/util/mkerr.pl @@ -392,7 +392,7 @@ foreach $lib (keys %csrc) } else { push @out, "/* ====================================================================\n", -" * Copyright (c) 2001-2010 The OpenSSL Project. All rights reserved.\n", +" * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved.\n", " *\n", " * Redistribution and use in source and binary forms, with or without\n", " * modification, are permitted provided that the following conditions\n", |