summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBodo Möller <bodo@openssl.org>2011-02-08 18:48:57 +0100
committerBodo Möller <bodo@openssl.org>2011-02-08 18:48:57 +0100
commit9770924f9bd6de3d64041f4a725dea7c958721b7 (patch)
treeb5f4423e7098b1ca8c291c03b1d0e4304a216e32
parentLink GCM into FIPS module. Check return value in EVP gcm. (diff)
downloadopenssl-9770924f9bd6de3d64041f4a725dea7c958721b7.tar.xz
openssl-9770924f9bd6de3d64041f4a725dea7c958721b7.zip
OCSP stapling fix (OpenSSL 0.9.8r/1.0.0d)
Submitted by: Neel Mehta, Adam Langley, Bodo Moeller
-rw-r--r--FAQ2
-rw-r--r--LICENSE2
-rw-r--r--NEWS8
-rw-r--r--README4
-rw-r--r--STATUS9
-rw-r--r--ssl/t1_lib.c8
-rw-r--r--util/mkerr.pl2
7 files changed, 28 insertions, 7 deletions
diff --git a/FAQ b/FAQ
index 50e9314082..0e008cbdd5 100644
--- a/FAQ
+++ b/FAQ
@@ -82,7 +82,7 @@ OpenSSL - Frequently Asked Questions
* Which is the current version of OpenSSL?
The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 1.0.0c was released on Dec 2nd, 2010.
+OpenSSL 1.0.0d was released on Feb 8th, 2011.
In addition to the current stable release, you can also access daily
snapshots of the OpenSSL development version at <URL:
diff --git a/LICENSE b/LICENSE
index a2c4adcbe6..e47d101f10 100644
--- a/LICENSE
+++ b/LICENSE
@@ -12,7 +12,7 @@
---------------
/* ====================================================================
- * Copyright (c) 1998-2008 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
diff --git a/NEWS b/NEWS
index 22d994d8df..a9c9b78032 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,10 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.0.0c and OpenSSL 1.0.0d:
+
+ o Fix for security issue CVE-2011-0014
+
Major changes between OpenSSL 1.0.0b and OpenSSL 1.0.0c:
o Fix for security issue CVE-2010-4180
@@ -47,6 +51,10 @@
o Opaque PRF Input TLS extension support.
o Updated time routines to avoid OS limitations.
+ Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r:
+
+ o Fix for security issue CVE-2011-0014
+
Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q:
o Fix for security issue CVE-2010-4180
diff --git a/README b/README
index 52d678442b..0519834426 100644
--- a/README
+++ b/README
@@ -1,7 +1,7 @@
- OpenSSL 1.1.0-dev XX xxx XXXX
+ OpenSSL 1.1.0-dev
- Copyright (c) 1998-2009 The OpenSSL Project
+ Copyright (c) 1998-2011 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.
diff --git a/STATUS b/STATUS
index 3692c483f4..62c6a86f2f 100644
--- a/STATUS
+++ b/STATUS
@@ -1,13 +1,20 @@
OpenSSL STATUS Last modified at
- ______________ $Date: 2010/11/16 14:18:51 $
+ ______________ $Date: 2011/02/08 17:48:56 $
DEVELOPMENT STATE
o OpenSSL 1.1.0: Under development...
+ o OpenSSL 1.0.1: Under development...
+ o OpenSSL 1.0.0d: Released on February 8nd, 2011
+ o OpenSSL 1.0.0c: Released on December 2nd, 2010
o OpenSSL 1.0.0b: Released on November 16th, 2010
o OpenSSL 1.0.0a: Released on June 1st, 2010
o OpenSSL 1.0.0: Released on March 29th, 2010
+ o OpenSSL 0.9.8r: Released on February 8nd, 2011
+ o OpenSSL 0.9.8q: Released on December 2nd, 2010
+ o OpenSSL 0.9.8p: Released on November 16th, 2010
+ o OpenSSL 0.9.8o: Released on June 1st, 2010
o OpenSSL 0.9.8n: Released on March 24th, 2010
o OpenSSL 0.9.8m: Released on February 25th, 2010
o OpenSSL 0.9.8l: Released on November 5th, 2009
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 277280865b..4f8199f0cf 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -954,6 +954,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
}
n2s(data, idsize);
dsize -= 2 + idsize;
+ size -= 2 + idsize;
if (dsize < 0)
{
*al = SSL_AD_DECODE_ERROR;
@@ -992,9 +993,14 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
}
/* Read in request_extensions */
+ if (size < 2)
+ {
+ *al = SSL_AD_DECODE_ERROR;
+ return 0;
+ }
n2s(data,dsize);
size -= 2;
- if (dsize > size)
+ if (dsize != size)
{
*al = SSL_AD_DECODE_ERROR;
return 0;
diff --git a/util/mkerr.pl b/util/mkerr.pl
index 5dd89582c5..43b3af6555 100644
--- a/util/mkerr.pl
+++ b/util/mkerr.pl
@@ -392,7 +392,7 @@ foreach $lib (keys %csrc)
} else {
push @out,
"/* ====================================================================\n",
-" * Copyright (c) 2001-2010 The OpenSSL Project. All rights reserved.\n",
+" * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved.\n",
" *\n",
" * Redistribution and use in source and binary forms, with or without\n",
" * modification, are permitted provided that the following conditions\n",