Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 21 Apr 2002 06:02:08 -0700 (PDT)
From:      Dirk Meyer <dinoex@FreeBSD.org>
To:        cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   cvs commit: ports/security/openssl Makefile distinfo ports/security/openssl/files patch-ac
Message-ID:  <200204211302.g3LD29c36454@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help
dinoex      2002/04/21 06:02:08 PDT

  Modified files:
    security/openssl     Makefile distinfo 
    security/openssl/files patch-ac 
  Log:
  - Update to 0.9.6c
  - more manpages
  - shift FORBIDDEN
  
   Excerpt of Changes between 0.9.6b and 0.9.6c  [21 dec 2001]
    *) Fix BN_rand_range bug pointed out by Dominikus Scherkl
    *) Only add signing time to PKCS7 structures if it is not already present.
    *) Fix crypto/objects/objects.h: "ld-ce" should be "id-ce", OBJ_ld_ce
       should be OBJ_id_ce.  Also some ip-pda OIDs in crypto/objects/objects.txt
       were incorrect (cf. RFC 3039).
    *) Release CRYPTO_LOCK_DYNLOCK when CRYPTO_destroy_dynlockid()
       returns early because it has nothing to do.
    *) Fix mutex callback return values in crypto/engine/hw_ncipher.c.
    *) Change ssl/s2_clnt.c and ssl/s2_srvr.c so that received handshake
       messages are stored in a single piece (fixed-length part and
       variable-length part combined) and fix various bugs found on the way.
    *) Disable caching in BIO_gethostbyname(), directly use gethostbyname()
       instead.  BIO_gethostbyname() does not know what timeouts are
       appropriate, so entries would stay in cache even when they have
       become invalid.
    *) Change ssl23_get_client_hello (ssl/s23_srvr.c) behaviour when
       faced with a pathologically small ClientHello fragment that does
       not contain client_version: Instead of aborting with an error,
       simply choose the highest available protocol version (i.e.,
       TLS 1.0 unless it is disabled).
    *) Fix SSL handshake functions and SSL_clear() such that SSL_clear()
       never resets s->method to s->ctx->method when called from within
       one of the SSL handshake functions.
    *) In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert
       (sent using the client's version number) if client_version is
       smaller than the protocol version in use.  Also change
       ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0 if
       the client demanded SSL 3.0 but only TLS 1.0 is enabled; then
       the client will at least see that alert.
    *) Fix ssl3_get_message (ssl/s3_both.c) to handle message fragmentation
       correctly.
    *) Avoid infinite loop in ssl3_get_message (ssl/s3_both.c) if a
       client receives HelloRequest while in a handshake.
    *) Bugfix in ssl3_accept (ssl/s3_srvr.c): Case SSL3_ST_SW_HELLO_REQ_C
       should end in 'break', not 'goto end' which circuments various
       cleanups done in state SSL_ST_OK.   But session related stuff
       must be disabled for SSL_ST_OK in the case that we just sent a
       HelloRequest.  Also avoid some overhead by not calling
       ssl_init_wbio_buffer() before just sending a HelloRequest.
    *) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't
       reveal whether illegal block cipher padding was found or a MAC
       verification error occured.  (Neither SSLerr() codes nor alerts
       are directly visible to potential attackers, but the information
       may leak via logfiles.) ssl/s2_pkt.c failed to verify that the
       purported number of padding bytes is in the legal range.
    *) Improve RSA_padding_check_PKCS1_OAEP() check again to avoid
       'wristwatch attack' using huge encoding parameters (cf.
       James H. Manger's CRYPTO 2001 paper).  Note that the
       RSA_PKCS1_OAEP_PADDING case of RSA_private_decrypt() does not use
       encoding parameters and hence was not vulnerable.
    *) BN_sqr() bug fix.
    *) Rabin-Miller test analyses assume uniformly distributed witnesses,
       so use BN_pseudo_rand_range() instead of using BN_pseudo_rand()
       followed by modular reduction.
    *) Add BN_pseudo_rand_range() with obvious functionality: BN_rand_range()
       equivalent based on BN_pseudo_rand() instead of BN_rand().
    *) s3_srvr.c: allow sending of large client certificate lists (> 16 kB).
       This function was broken, as the check for a new client hello message
       to handle SGC did not allow these large messages.
    *) Add alert descriptions for TLSv1 to SSL_alert_desc_string[_long]().
    *) Fix buggy behaviour of BIO_get_num_renegotiates() and BIO_ctrl()
       for BIO_C_GET_WRITE_BUF_SIZE ("Stephen Hinton" <shinton@netopia.com>).
    *) In ssl3_get_key_exchange (ssl/s3_clnt.c), call ssl3_get_message()
       with the same message size as in ssl3_get_certificate_request().
       Otherwise, if no ServerKeyExchange message occurs, CertificateRequest
       messages might inadvertently be reject as too long.
    *) Modified SSL library such that the verify_callback that has been set
       specificly for an SSL object with SSL_set_verify() is actually being
       used. Before the change, a verify_callback set with this function was
       ignored and the verify_callback() set in the SSL_CTX at the time of
       the call was used. New function X509_STORE_CTX_set_verify_cb() introduced
       to allow the necessary settings.
    *) In OpenSSL 0.9.6a and 0.9.6b, crypto/dh/dh_key.c ignored
       dh->length and always used
            BN_rand_range(priv_key, dh->p).
       So switch back to
            BN_rand(priv_key, l, ...)
       where 'l' is dh->length if this is defined, or BN_num_bits(dh->p)-1
       otherwise.
    *) In RSA_eay_public_encrypt, RSA_eay_private_decrypt, RSA_eay_private_encrypt
       RSA_eay_public_decrypt always reject numbers >= n.
    *) In crypto/rand/md_rand.c, use a new short-time lock CRYPTO_LOCK_RAND2
       to synchronize access to 'locking_thread'.
    *) In crypto/rand/md_rand.c, set 'locking_thread' to current thread's ID
       *before* setting the 'crypto_lock_rand' flag.  The previous code had
       a race condition if 0 is a valid thread ID.
  
  Revision  Changes    Path
  1.57      +22 -17    ports/security/openssl/Makefile
  1.20      +1 -1      ports/security/openssl/distinfo
  1.9       +9 -8      ports/security/openssl/files/patch-ac

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200204211302.g3LD29c36454>