generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

CHANGES: harmonize with 1.0.0 and 1.0.1.

Browse Source
This commit is contained in:
Andy Polyakov 2012-03-31 18:56:07 +00:00
parent 5e2187f7ee
commit 54543b954c
1 changed files with 17 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
CHANGES
View File

@ -6,6 +6,11 @@
*) *)
Changes between 1.0.1 and 1.0.1a [xx XXX xxxx]
*) Fix SEGV in Vector Permutation AES module observed in OpenSSH.
[Andy Polyakov]
Changes between 1.0.0h and 1.0.1 [14 Mar 2012] Changes between 1.0.0h and 1.0.1 [14 Mar 2012]
*) Add compatibility with old MDC2 signatures which use an ASN1 OCTET *) Add compatibility with old MDC2 signatures which use an ASN1 OCTET
@ -289,7 +294,18 @@
Add command line options to s_client/s_server. Add command line options to s_client/s_server.
[Steve Henson] [Steve Henson]
Changes between 1.0.0g and 1.0.0h [xx XXX xxxx] Changes between 1.0.0g and 1.0.0h [12 Mar 2012]
*) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness
in CMS and PKCS7 code. When RSA decryption fails use a random key for
content decryption and always return the same error. Note: this attack
needs on average 2^20 messages so it only affects automated senders. The
old behaviour can be reenabled in the CMS code by setting the
CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where
an MMA defence is not necessary.
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
this issue. (CVE-2012-0884)
[Steve Henson]
*) Fix CVE-2011-4619: make sure we really are receiving a *) Fix CVE-2011-4619: make sure we really are receiving a
client hello before rejecting multiple SGC restarts. Thanks to client hello before rejecting multiple SGC restarts. Thanks to