generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add additional explanation to CHANGES entry.

Browse Source 
Reviewed-by: Tim Hudson <tjh@openssl.org>
This commit is contained in:
Dr. Stephen Henson 2014-09-29 12:06:27 +01:00
parent 1cfd255c91
commit 7c4776251e
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
CHANGES
View File

@ -625,18 +625,20 @@
X509_CINF_set_modified, X509_CINF_get_issuer, X509_CINF_get_extensions and X509_CINF_set_modified, X509_CINF_get_issuer, X509_CINF_get_extensions and
X509_CINF_get_signature were reverted post internal team review. X509_CINF_get_signature were reverted post internal team review.
Changes between 1.0.1g and 1.0.1h [5 Jun 2014] Changes between 1.0.1i and 1.0.1j [xx XXX xxxx]
*) Add additional DigestInfo checks. *) Add additional DigestInfo checks.
Reencode DigestInto in DER and check against the original: this Reencode DigestInto in DER and check against the original when
will reject any improperly encoded DigestInfo structures. verifying RSA signature: this will reject any improperly encoded
DigestInfo structures.
Note: this is a precautionary measure OpenSSL and no attacks Note: this is a precautionary measure and no attacks are currently known.
are currently known.
[Steve Henson] [Steve Henson]
Changes between 1.0.1g and 1.0.1h [5 Jun 2014]
*) Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted *) Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted
handshake can force the use of weak keying material in OpenSSL handshake can force the use of weak keying material in OpenSSL
SSL/TLS clients and servers. SSL/TLS clients and servers.