OSDN -- Open-Source-Software-Entwicklung und Downloads
Übersetzungsstatus von Deutsch translation status for de
  • R/O
  • HTTP
  • SSH
  • HTTPS
Fork

Commit

Tags
Keine Tags

Frequently used words (click to add to your profile)

javac++androidlinuxc#windowsobjective-ccocoa誰得qtpythonphprubygameguibathyscaphec計画中(planning stage)翻訳omegatframeworktwitterdomtestvb.netdirectxゲームエンジンbtronarduinopreviewer

TLS/SSL and crypto library


Commit MetaInfo

Revisiona40916cbba82e54f632c5312b4c02248ba49760e (tree)
Zeit2005-10-11 19:10:05
AutorMark J. Cox <mark@open...>
CommiterMark J. Cox

Log Message

Add fixes for CAN-2005-2969
Bump release ready for OpenSSL_0_9_7h tag

Ändern Zusammenfassung

Diff

--- a/CHANGES
+++ b/CHANGES
@@ -2,7 +2,17 @@
22 OpenSSL CHANGES
33 _______________
44
5- Changes between 0.9.7g and 0.9.7h [XX xxx XXXX]
5+ Changes between 0.9.7g and 0.9.7h [11 Oct 2005]
6+
7+ *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING
8+ (part of SSL_OP_ALL). This option used to disable the
9+ countermeasure against man-in-the-middle protocol-version
10+ rollback in the SSL 2.0 server implementation, which is a bad
11+ idea. (CAN-2005-2969)
12+
13+ [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center
14+ for Information Security, National Institute of Advanced Industrial
15+ Science and Technology [AIST], Japan)]
616
717 *) Minimal support for X9.31 signatures and PSS padding modes. This is
818 mainly for FIPS compliance and not fully integrated at this stage.
@@ -53,6 +63,9 @@
5363
5464 Changes between 0.9.7f and 0.9.7g [11 Apr 2005]
5565
66+ [NB: OpenSSL 0.9.7h and later 0.9.7 patch levels were released after
67+ OpenSSL 0.9.8.]
68+
5669 *) Fixes for newer kerberos headers. NB: the casts are needed because
5770 the 'length' field is signed on one version and unsigned on another
5871 with no (?) obvious way to tell the difference, without these VC++
--- a/FAQ
+++ b/FAQ
@@ -70,7 +70,7 @@ OpenSSL - Frequently Asked Questions
7070 * Which is the current version of OpenSSL?
7171
7272 The current version is available from <URL: http://www.openssl.org>.
73-OpenSSL 0.9.7g was released on April 11, 2005.
73+OpenSSL 0.9.7h was released on October 11, 2005.
7474
7575 In addition to the current stable release, you can also access daily
7676 snapshots of the OpenSSL development version at <URL:
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,12 @@
55 This file gives a brief overview of the major changes between each OpenSSL
66 release. For more details please read the CHANGES file.
77
8+ Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h:
9+
10+ o Fix SSL 2.0 Rollback, CAN-2005-2969
11+ o Allow use of fixed-length exponent on DSA signing
12+ o Default fixed-window RSA, DSA, DH private-key operations
13+
814 Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g:
915
1016 o More compilation issues fixed.
--- a/README
+++ b/README
@@ -1,5 +1,5 @@
11
2- OpenSSL 0.9.7h-dev XX xxx XXXX
2+ OpenSSL 0.9.7h 11 Oct 2005
33
44 Copyright (c) 1998-2005 The OpenSSL Project
55 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
--- a/STATUS
+++ b/STATUS
@@ -1,10 +1,13 @@
11
22 OpenSSL STATUS Last modified at
3- ______________ $Date: 2005/04/11 15:10:06 $
3+ ______________ $Date: 2005/10/11 10:10:03 $
44
55 DEVELOPMENT STATE
66
7- o OpenSSL 0.9.8: Under development...
7+ o OpenSSL 0.9.9: Under development...
8+ o OpenSSL 0.9.8a: Released on October 11th, 2005
9+ o OpenSSL 0.9.8: Released on July 5th, 2005
10+ o OpenSSL 0.9.7h: Released on October 11th, 2005
811 o OpenSSL 0.9.7g: Released on April 11th, 2005
912 o OpenSSL 0.9.7f: Released on March 22nd, 2005
1013 o OpenSSL 0.9.7e: Released on October 25th, 2004
--- a/crypto/opensslv.h
+++ b/crypto/opensslv.h
@@ -25,11 +25,11 @@
2525 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
2626 * major minor fix final patch/beta)
2727 */
28-#define OPENSSL_VERSION_NUMBER 0x00907080L
28+#define OPENSSL_VERSION_NUMBER 0x0090708fL
2929 #ifdef OPENSSL_FIPS
30-#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7h-fips-dev XX xxx XXXX"
30+#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7h-fips 11 Oct 2005"
3131 #else
32-#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7h-dev XX xxx XXXX"
32+#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7h 11 Oct 2005"
3333 #endif
3434 #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
3535
--- a/doc/ssl/SSL_CTX_set_options.pod
+++ b/doc/ssl/SSL_CTX_set_options.pod
@@ -86,7 +86,7 @@ doing a re-connect, always takes the first cipher in the cipher list.
8686
8787 =item SSL_OP_MSIE_SSLV2_RSA_PADDING
8888
89-...
89+As of OpenSSL 0.9.7h and 0.9.8a, this option has no effect.
9090
9191 =item SSL_OP_SSLEAY_080_CLIENT_DH_BUG
9292
--- a/ssl/s23_srvr.c
+++ b/ssl/s23_srvr.c
@@ -268,9 +268,6 @@ int ssl23_get_client_hello(SSL *s)
268268 int n=0,j;
269269 int type=0;
270270 int v[2];
271-#ifndef OPENSSL_NO_RSA
272- int use_sslv2_strong=0;
273-#endif
274271
275272 if (s->state == SSL23_ST_SR_CLNT_HELLO_A)
276273 {
@@ -528,9 +525,7 @@ int ssl23_get_client_hello(SSL *s)
528525 }
529526
530527 s->state=SSL2_ST_GET_CLIENT_HELLO_A;
531- if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) ||
532- use_sslv2_strong ||
533- (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3))
528+ if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)
534529 s->s2->ssl2_rollback=0;
535530 else
536531 /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -467,7 +467,7 @@ typedef struct ssl_session_st
467467 #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L
468468 #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L
469469 #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L
470-#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L
470+#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L /* no effect since 0.9.7h and 0.9.8b */
471471 #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L
472472 #define SSL_OP_TLS_D5_BUG 0x00000100L
473473 #define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L