Import OpenSSL-1.0.0f.
[dragonfly.git] / crypto / openssl / CHANGES
CommitLineData
56276539
SS
1
2 OpenSSL CHANGES
3 _______________
4
9e80567f
PA
5 Changes between 1.0.0e and 1.0.0f [4 Jan 2012]
6
7 *) Nadhem Alfardan and Kenny Paterson have discovered an extension
8 of the Vaudenay padding oracle attack on CBC mode encryption
9 which enables an efficient plaintext recovery attack against
10 the OpenSSL implementation of DTLS. Their attack exploits timing
11 differences arising during decryption processing. A research
12 paper describing this attack can be found at:
13 http://www.isg.rhul.ac.uk/~kp/dtls.pdf
14 Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
15 Security Group at Royal Holloway, University of London
16 (www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann
17 <seggelmann@fh-muenster.de> and Michael Tuexen <tuexen@fh-muenster.de>
18 for preparing the fix. (CVE-2011-4108)
19 [Robin Seggelmann, Michael Tuexen]
20
21 *) Clear bytes used for block padding of SSL 3.0 records.
22 (CVE-2011-4576)
23 [Adam Langley (Google)]
24
25 *) Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619)
26 [Adam Langley (Google)]
27
28 *) Check parameters are not NULL in GOST ENGINE. (CVE-2012-0027)
29 [Andrey Kulikov <amdeich@gmail.com>]
30
31 *) Prevent malformed RFC3779 data triggering an assertion failure.
32 Thanks to Andrew Chi, BBN Technologies, for discovering the flaw
33 and Rob Austein <sra@hactrn.net> for fixing it. (CVE-2011-4577)
34 [Rob Austein <sra@hactrn.net>]
35
36 *) Improved PRNG seeding for VOS.
37 [Paul Green <Paul.Green@stratus.com>]
38
39 *) Fix ssl_ciph.c set-up race.
40 [Adam Langley (Google)]
41
42 *) Fix spurious failures in ecdsatest.c.
43