Import OpenSSL-1.0.0g.
[dragonfly.git] / crypto / openssl / CHANGES
CommitLineData
56276539
SS
1
2 OpenSSL CHANGES
3 _______________
4
599e5fcd
PA
5 Changes between 1.0.0f and 1.0.0g [18 Jan 2012]
6
7 *) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
8 Thanks to Antonio Martin, Enterprise Secure Access Research and
9 Development, Cisco Systems, Inc. for discovering this bug and
10 preparing a fix. (CVE-2012-0050)
11 [Antonio Martin]
12
9e80567f
PA
13 Changes between 1.0.0e and 1.0.0f [4 Jan 2012]
14
15 *) Nadhem Alfardan and Kenny Paterson have discovered an extension
16 of the Vaudenay padding oracle attack on CBC mode encryption
17 which enables an efficient plaintext recovery attack against
18 the OpenSSL implementation of DTLS. Their attack exploits timing
19 differences arising during decryption processing. A research
20 paper describing this attack can be found at:
21 http://www.isg.rhul.ac.uk/~kp/dtls.pdf
22 Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
23 Security Group at Royal Holloway, University of London
24 (www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann
25 <seggelmann@fh-muenster.de> and Michael Tuexen <tuexen@fh-muenster.de>
26 for preparing the fix. (CVE-2011-4108)
27 [Robin Seggelmann, Michael Tuexen]
28
29 *) Clear bytes used for block padding of SSL 3.0 records.
30 (CVE-2011-4576)
31 [Adam Langley (Google)]
32
599e5fcd
PA
33 *) Only allow one SGC handshake restart for SSL/TLS. Thanks to George
34 Kadianakis <desnacked@gmail.com> for discovering this issue and
35 Adam Langley for preparing the fix. (CVE-2011-4619)
9e80567f
PA
36 [Adam Langley (Google)]
37
38 *) Check parameters are not NULL in GOST ENGINE. (CVE-2012-0027)
39 [Andrey Kulikov <amdeich@gmail.com>]
40
41 *) Prevent malformed RFC3779 data triggering an assertion failure.
42 Thanks to Andrew Chi, BBN Technologies, for discovering the flaw
43 and Rob Austein <sra@hactrn.net> for fixing it. (CVE-2011-4577)
44 [Rob Austein <sra@hactrn.net>]
45
46 *) Improved PRNG seeding for VOS.
47 [Paul Green <Paul.Green@stratus.com>]
48
49 *) Fix ssl_ciph.c set-up race.
50 [Adam Langley (Google)]
51
52 *) Fix spurious failures in ecdsatest.c.
53