From 64932f9e4aab568f758ad8318ea99774bbcfbbbd Mon Sep 17 00:00:00 2001
From: "Mark J. Cox" <mark@openssl.org>
Date: Tue, 11 Oct 2005 10:16:21 +0000
Subject: Add fixes for CAN-2005-2969 Bump release ready for OpenSSL_0_9_8a tag

---
 CHANGES                         | 27 +++++++++++++++++++++++++--
 FAQ                             |  2 +-
 NEWS                            |  5 +++++
 README                          |  2 +-
 STATUS                          |  4 +++-
 crypto/opensslv.h               |  6 +++---
 doc/ssl/SSL_CTX_set_options.pod |  2 +-
 ssl/s23_srvr.c                  |  7 +------
 ssl/ssl.h                       |  2 +-
 9 files changed, 41 insertions(+), 16 deletions(-)

diff --git a/CHANGES b/CHANGES
index 4125b9daa6..a84cebf5fc 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,7 +2,17 @@
  OpenSSL CHANGES
  _______________
 
- Changes between 0.9.8 and 0.9.8a  [XX xxx XXXX]
+ Changes between 0.9.8 and 0.9.8a  [11 Oct 2005]
+
+  *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING
+     (part of SSL_OP_ALL).  This option used to disable the
+     countermeasure against man-in-the-middle protocol-version
+     rollback in the SSL 2.0 server implementation, which is a bad
+     idea.  (CAN-2005-2969)
+
+     [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center
+     for Information Security, National Institute of Advanced Industrial
+     Science and Technology [AIST], Japan)]
 
   *) Add two function to clear and return the verify parameter flags.
      [Steve Henson]
@@ -848,7 +858,17 @@
      differing sizes.
      [Richard Levitte]
 
- Changes between 0.9.7g and 0.9.7h  [XX xxx XXXX]
+ Changes between 0.9.7g and 0.9.7h  [11 Oct 2005]
+
+  *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING
+     (part of SSL_OP_ALL).  This option used to disable the
+     countermeasure against man-in-the-middle protocol-version
+     rollback in the SSL 2.0 server implementation, which is a bad
+     idea.
+
+     [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center
+     for Information Security, National Institute of Advanced Industrial
+     Science and Technology [AIST], Japan)]
 
   *) Minimal support for X9.31 signatures and PSS padding modes. This is
      mainly for FIPS compliance and not fully integrated at this stage.
@@ -899,6 +919,9 @@
 
  Changes between 0.9.7f and 0.9.7g  [11 Apr 2005]
 
+  [NB: OpenSSL 0.9.7h and later 0.9.7 patch levels were released after
+  OpenSSL 0.9.8.]
+
   *) Fixes for newer kerberos headers. NB: the casts are needed because
      the 'length' field is signed on one version and unsigned on another
      with no (?) obvious way to tell the difference, without these VC++
diff --git a/FAQ b/FAQ
index 82d8a6f887..0755cb24eb 100644
--- a/FAQ
+++ b/FAQ
@@ -72,7 +72,7 @@ OpenSSL  -  Frequently Asked Questions
 * Which is the current version of OpenSSL?
 
 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.8 was released on July 5th, 2005.
+OpenSSL 0.9.8a was released on October 11th, 2005.
 
 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
diff --git a/NEWS b/NEWS
index f205b05e42..4fb708bc1f 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,11 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a:
+
+      o Fix potential SSL 2.0 rollback, CAN-2005-2969
+      o Extended Windows CE support
+
   Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8:
 
       o Major work on the BIGNUM library for higher efficiency and to
diff --git a/README b/README
index a26131b464..2d1236afb9 100644
--- a/README
+++ b/README
@@ -1,5 +1,5 @@
 
- OpenSSL 0.9.8a XX xxx XXXX
+ OpenSSL 0.9.8a 11 Oct 2005
 
  Copyright (c) 1998-2005 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
diff --git a/STATUS b/STATUS
index 18d3ed13b9..a99b3e0292 100644
--- a/STATUS
+++ b/STATUS
@@ -1,11 +1,13 @@
 
   OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2005/07/05 18:49:43 $
+  ______________                           $Date: 2005/10/11 10:16:06 $
 
   DEVELOPMENT STATE
 
     o  OpenSSL 0.9.9:  Under development...
+    o  OpenSSL 0.9.8a: Released on October   11th, 2005
     o  OpenSSL 0.9.8:  Released on July       5th, 2005
+    o  OpenSSL 0.9.7h: Released on October   11th, 2005
     o  OpenSSL 0.9.7g: Released on April     11th, 2005
     o  OpenSSL 0.9.7f: Released on March     22nd, 2005
     o  OpenSSL 0.9.7e: Released on October   25th, 2004
diff --git a/crypto/opensslv.h b/crypto/opensslv.h
index bb3eac7b83..e056bffc72 100644
--- a/crypto/opensslv.h
+++ b/crypto/opensslv.h
@@ -25,11 +25,11 @@
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-#define OPENSSL_VERSION_NUMBER	0x00908010L
+#define OPENSSL_VERSION_NUMBER	0x0090801fL
 #ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.8a-fips-dev XX xxx XXXX"
+#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.8a-fips 11 Oct 2005"
 #else
-#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.8a-dev XX xxx XXXX"
+#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.8a 11 Oct 2005"
 #endif
 #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
 
diff --git a/doc/ssl/SSL_CTX_set_options.pod b/doc/ssl/SSL_CTX_set_options.pod
index 5ab1b32f93..fa63263601 100644
--- a/doc/ssl/SSL_CTX_set_options.pod
+++ b/doc/ssl/SSL_CTX_set_options.pod
@@ -86,7 +86,7 @@ doing a re-connect, always takes the first cipher in the cipher list.
 
 =item SSL_OP_MSIE_SSLV2_RSA_PADDING
 
-...
+As of OpenSSL 0.9.7h and 0.9.8a, this option has no effect.
 
 =item SSL_OP_SSLEAY_080_CLIENT_DH_BUG
 
diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c
index 945a2c9872..5cd00f850e 100644
--- a/ssl/s23_srvr.c
+++ b/ssl/s23_srvr.c
@@ -250,9 +250,6 @@ int ssl23_get_client_hello(SSL *s)
 	int n=0,j;
 	int type=0;
 	int v[2];
-#ifndef OPENSSL_NO_RSA
-	int use_sslv2_strong=0;
-#endif
 
 	if (s->state ==	SSL23_ST_SR_CLNT_HELLO_A)
 		{
@@ -501,9 +498,7 @@ int ssl23_get_client_hello(SSL *s)
 			}
 
 		s->state=SSL2_ST_GET_CLIENT_HELLO_A;
-		if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) ||
-			use_sslv2_strong ||
-			(s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3))
+		if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)
 			s->s2->ssl2_rollback=0;
 		else
 			/* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0
diff --git a/ssl/ssl.h b/ssl/ssl.h
index ab4626b2e7..1a96f04df0 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -480,7 +480,7 @@ typedef struct ssl_session_st
 #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG		0x00000008L
 #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG		0x00000010L
 #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER		0x00000020L
-#define SSL_OP_MSIE_SSLV2_RSA_PADDING			0x00000040L
+#define SSL_OP_MSIE_SSLV2_RSA_PADDING			0x00000040L /* no effect since 0.9.7h and 0.9.8b */
 #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG			0x00000080L
 #define SSL_OP_TLS_D5_BUG				0x00000100L
 #define SSL_OP_TLS_BLOCK_PADDING_BUG			0x00000200L
-- 
cgit v1.2.3