Recent changes from 0.9.7-stable.

19 files changed, 75 insertions, 26 deletions

diff --git a/CHANGES b/CHANGES
index c2ad5a196b..d388a528c2 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,7 +2,19 @@
  OpenSSL CHANGES
  _______________
 
- Changes between 0.9.7c and 0.9.7d  [xx XXX XXXX]
+ Changes between 0.9.7d and 0.9.7e  [XX xxx XXXX]
+
+  *)
+
+ Changes between 0.9.7c and 0.9.7d  [17 Mar 2004]
+
+  *) Fix null-pointer assignment in do_change_cipher_spec() revealed           
+     by using the Codenomicon TLS Test Tool (CAN-2004-0079)                    
+     [Joe Orton, Steve Henson]   
+
+  *) Fix flaw in SSL/TLS handshaking when using Kerberos ciphersuites
+     (CAN-2004-0112)
+     [Joe Orton, Steve Henson]   
 
   *) Make it possible to have multiple active certificates with the same
      subject in the CA index file.  This is done only if the keyword
diff --git a/FAQ b/FAQ
index 01e2ccf18a..0b40039ef8 100644
--- a/FAQ
+++ b/FAQ
@@ -68,7 +68,7 @@ OpenSSL  -  Frequently Asked Questions
 * Which is the current version of OpenSSL?
 
 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.7c was released on September 30, 2003.
+OpenSSL 0.9.7d was released on March 17, 2004.
 
 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
diff --git a/LICENSE b/LICENSE
index dddb07842b..40277883a5 100644
--- a/LICENSE
+++ b/LICENSE
@@ -12,7 +12,7 @@
   ---------------
 
 /* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2004 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
diff --git a/Makefile.org b/Makefile.org
index 4752c635f5..72d32eb0b4 100644
--- a/Makefile.org
+++ b/Makefile.org
@@ -476,7 +476,7 @@ do_irix-shared:
 		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
 			libs="$(LIBKRB5) $$libs"; \
 		fi; \
-		( WHOLELIB="-all lib$$i.a -noall"; \
+		( WHOLELIB="-all lib$$i.a -notall"; \
 		  (${CC} -v 2>&1 | grep gcc) > /dev/null && WHOLELIB="-Wl,-all,lib$$i.a,-notall"; \
 		  set -x; ${CC} ${SHARED_LDFLAGS} \
 			-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
diff --git a/NEWS b/NEWS
index f0282ebb87..4c1ba0a241 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,14 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d:
+
+      o Security: Fix Kerberos ciphersuite SSL/TLS handshaking bug
+      o Security: Fix null-pointer assignment in do_change_cipher_spec()
+      o Allow multiple active certificates with same subject in CA index
+      o Multiple X590 verification fixes
+      o Speed up HMAC and other operations
+
   Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c:
 
       o Security: fix various ASN1 parsing bugs.
diff --git a/README b/README
index 65e3a12426..f72a21036f 100644
--- a/README
+++ b/README
@@ -1,7 +1,7 @@
 
- OpenSSL 0.9.7c 30 Sep 2003
+ OpenSSL 0.9.7d 17 Mar 2004
 
- Copyright (c) 1998-2003 The OpenSSL Project
+ Copyright (c) 1998-2004 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
  All rights reserved.
 
diff --git a/STATUS b/STATUS
index 7f3b29eb60..4951a464fc 100644
--- a/STATUS
+++ b/STATUS
@@ -1,14 +1,17 @@
 
   OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2003/10/02 10:55:20 $
+  ______________                           $Date: 2004/03/23 15:00:59 $
 
   DEVELOPMENT STATE
 
     o  OpenSSL 0.9.8:  Under development...
+    o  OpenSSL 0.9.7d: Released on March     17th, 2004
     o  OpenSSL 0.9.7c: Released on September 30th, 2003
     o  OpenSSL 0.9.7b: Released on April     10th, 2003
     o  OpenSSL 0.9.7a: Released on February  19th, 2003
     o  OpenSSL 0.9.7:  Released on December  31st, 2002
+    o  OpenSSL 0.9.6m: Released on March     17th, 2004
+    o  OpenSSL 0.9.6l: Released on November   4th, 2003
     o  OpenSSL 0.9.6k: Released on September 30th, 2003
     o  OpenSSL 0.9.6j: Released on April     10th, 2003
     o  OpenSSL 0.9.6i: Released on February  19th, 2003
diff --git a/apps/apps.c b/apps/apps.c
index 77fa39d273..ec5f5c1c90 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -1944,6 +1944,9 @@ int rotate_index(char *dbfile, char *new_suffix, char *old_suffix)
 
 void free_index(CA_DB *db)
 	{
-	TXT_DB_free(db->db);
-	OPENSSL_free(db);
+	if (db)
+		{
+		if (db->db) TXT_DB_free(db->db);
+		OPENSSL_free(db);
+		}
 	}
diff --git a/apps/x509.c b/apps/x509.c
index 58f89de588..9b95f7bd3f 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -1025,7 +1025,6 @@ end:
 static ASN1_INTEGER *x509_load_serial(char *CAfile, char *serialfile, int create)
 	{
 	char *buf = NULL, *p;
-	MS_STATIC char buf2[1024];
 	ASN1_INTEGER *bs = NULL;
 	BIGNUM *serial = NULL;
 	size_t len;
diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c
index fbff331796..c2bb357b4c 100644
--- a/crypto/bio/b_print.c
+++ b/crypto/bio/b_print.c
@@ -641,7 +641,7 @@ fmtfp(
        multiplying by a factor of 10 */
     fracpart = roundv((pow10(max)) * (ufvalue - intpart));
 
-    if (fracpart >= pow10(max)) {
+    if (fracpart >= (long)pow10(max)) {
         intpart++;
         fracpart -= (long)pow10(max);
     }
diff --git a/crypto/bio/bss_file.c b/crypto/bio/bss_file.c
index 9cdf159f82..554474733f 100644
--- a/crypto/bio/bss_file.c
+++ b/crypto/bio/bss_file.c
@@ -213,14 +213,14 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
 		b->shutdown=(int)num&BIO_CLOSE;
 		b->ptr=(char *)ptr;
 		b->init=1;
+		{
+		int fd = fileno((FILE*)ptr);
 #if defined(OPENSSL_SYS_WINDOWS)
 		if (num & BIO_FP_TEXT)
-			_setmode(fileno((FILE *)ptr),_O_TEXT);
+			_setmode(fd,_O_TEXT);
 		else
-			_setmode(fileno((FILE *)ptr),_O_BINARY);
+			_setmode(fd,_O_BINARY);
 #elif defined(OPENSSL_SYS_MSDOS)
-		{
-		int fd = fileno((FILE*)ptr);
 		/* Set correct text/binary mode */
 		if (num & BIO_FP_TEXT)
 			_setmode(fd,_O_TEXT);
@@ -235,13 +235,13 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
 			else
 				_setmode(fd,_O_BINARY);
 			}
-		}
 #elif defined(OPENSSL_SYS_OS2)
 		if (num & BIO_FP_TEXT)
-			setmode(fileno((FILE *)ptr), O_TEXT);
+			setmode(fd, O_TEXT);
 		else
-			setmode(fileno((FILE *)ptr), O_BINARY);
+			setmode(fd, O_BINARY);
 #endif
+		}
 		break;
 	case BIO_C_SET_FILENAME:
 		file_free(b);
diff --git a/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c
index 4666a052bf..e9a51fb87a 100644
--- a/crypto/ec/ecp_smpl.c
+++ b/crypto/ec/ecp_smpl.c
@@ -896,7 +896,7 @@ int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
 		}
 	form = buf[0];
 	y_bit = form & 1;
-	form = form & ~1;
+	form = form & ~1U;
 	if ((form != 0)	&& (form != POINT_CONVERSION_COMPRESSED)
 		&& (form != POINT_CONVERSION_UNCOMPRESSED)
 		&& (form != POINT_CONVERSION_HYBRID))
diff --git a/crypto/opensslv.h b/crypto/opensslv.h
index 102f114541..64337d9e7f 100644
--- a/crypto/opensslv.h
+++ b/crypto/opensslv.h
@@ -25,8 +25,8 @@
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-#define OPENSSL_VERSION_NUMBER	0x00907040L
-#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.7d-dev [fips] xx XXX XXXX"
+#define OPENSSL_VERSION_NUMBER	0x00907050L
+#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.7e-dev [fips] XX xxx XXXX"
 #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
 
 
diff --git a/doc/crypto/pem.pod b/doc/crypto/pem.pod
index 8613114452..4f9a27df0c 100644
--- a/doc/crypto/pem.pod
+++ b/doc/crypto/pem.pod
@@ -471,6 +471,6 @@ is guaranteed to work.
 =head1 RETURN CODES
 
 The read routines return either a pointer to the structure read or NULL
-is an error occurred.
+if an error occurred.
 
 The write routines return 1 for success or 0 for failure.
diff --git a/openssl.spec b/openssl.spec
index 9ce236e0d2..6a272f6969 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -1,7 +1,7 @@
 %define libmaj 0
 %define libmin 9
 %define librel 7
-%define librev c
+%define librev d
 Release: 1
 
 %define openssldir /var/ssl
diff --git a/ssl/kssl.c b/ssl/kssl.c
index 7c45f8ff4e..51378897f6 100644
--- a/ssl/kssl.c
+++ b/ssl/kssl.c
@@ -953,7 +953,7 @@ print_krb5_authdata(char *label, krb5_authdata **adata)
 		printf("%s, authdata==0\n", label);
 		return;
 		}
-	printf("%s [%p]\n", label, adata);
+	printf("%s [%p]\n", label, (void *)adata);
 #if 0
 	{
         int 	i;
@@ -1725,7 +1725,7 @@ kssl_ctx_show(KSSL_CTX *kssl_ctx)
 		return;
 		}
 	else
-		printf("%p\n", kssl_ctx);
+		printf("%p\n", (void *)kssl_ctx);
 
 	printf("\tservice:\t%s\n",
                 (kssl_ctx->service_name)? kssl_ctx->service_name: "NULL");
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 3f88429e79..9f3e5139ad 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -1085,6 +1085,14 @@ start:
 			goto err;
 			}
 
+		/* Check we have a cipher to change to */
+		if (s->s3->tmp.new_cipher == NULL)
+			{
+			i=SSL_AD_UNEXPECTED_MESSAGE;
+			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY);
+			goto err;
+			}
+
 		rr->length=0;
 
 		if (s->msg_callback)
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 79278680c6..2a87852fde 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1597,11 +1597,27 @@ static int ssl3_get_client_key_exchange(SSL *s)
 
 		n2s(p,i);
 		enc_ticket.length = i;
+
+		if (n < enc_ticket.length + 6)
+			{
+			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+				SSL_R_DATA_LENGTH_TOO_LONG);
+			goto err;
+			}
+
 		enc_ticket.data = (char *)p;
 		p+=enc_ticket.length;
 
 		n2s(p,i);
 		authenticator.length = i;
+
+		if (n < enc_ticket.length + authenticator.length + 6)
+			{
+			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+				SSL_R_DATA_LENGTH_TOO_LONG);
+			goto err;
+			}
+
 		authenticator.data = (char *)p;
 		p+=authenticator.length;
 
diff --git a/tools/c_issuer b/tools/c_issuer
index 4c691201bb..55821ab740 100644
--- a/tools/c_issuer
+++ b/tools/c_issuer
@@ -6,5 +6,5 @@
 for i in $*
 do
 	n=`openssl x509 -issuer -noout -in $i`
-	echo "$i\t$n"
+	echo "$i	$n"
 done