diff options
author | Bodo Möller <bodo@openssl.org> | 2012-01-05 13:46:27 +0000 |
---|---|---|
committer | Bodo Möller <bodo@openssl.org> | 2012-01-05 13:46:27 +0000 |
commit | 767d3e00541655faf192406daf5d3575ffb37d73 (patch) | |
tree | 40d62cd9ddca625ede378fb09a94e73db39a016b | |
parent | 409d2a1b71894f7ef72c4ee9a2db552e4d067858 (diff) |
Update for 0.9.8s and 1.0.0f.
(While the 1.0.0f CHANGES entry on VOS PRNG seeding was missing
in the 1.0.1 branch, the actual code is here already.)
-rw-r--r-- | CHANGES | 34 | ||||
-rw-r--r-- | apps/cms.c | 2 |
2 files changed, 34 insertions, 2 deletions
@@ -298,6 +298,9 @@ and Rob Austein <sra@hactrn.net> for fixing it. (CVE-2011-4577) [Rob Austein <sra@hactrn.net>] + *) Improved PRNG seeding for VOS. + [Paul Green <Paul.Green@stratus.com>] + *) Fix ssl_ciph.c set-up race. [Adam Langley (Google)] @@ -1226,7 +1229,36 @@ *) Change 'Configure' script to enable Camellia by default. [NTT] - Changes between 0.9.8r and 0.9.8s [xx XXX xxxx] + Changes between 0.9.8r and 0.9.8s [4 Jan 2012] + + *) Nadhem Alfardan and Kenny Paterson have discovered an extension + of the Vaudenay padding oracle attack on CBC mode encryption + which enables an efficient plaintext recovery attack against + the OpenSSL implementation of DTLS. Their attack exploits timing + differences arising during decryption processing. A research + paper describing this attack can be found at: + http://www.isg.rhul.ac.uk/~kp/dtls.pdf + Thanks go to Nadhem Alfardan and Kenny Paterson of the Information + Security Group at Royal Holloway, University of London + (www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann + <seggelmann@fh-muenster.de> and Michael Tuexen <tuexen@fh-muenster.de> + for preparing the fix. (CVE-2011-4108) + [Robin Seggelmann, Michael Tuexen] + + *) Stop policy check failure freeing same buffer twice. (CVE-2011-4109) + [Ben Laurie, Kasper <ekasper@google.com>] + + *) Clear bytes used for block padding of SSL 3.0 records. + (CVE-2011-4576) + [Adam Langley (Google)] + + *) Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619) + [Adam Langley (Google)] + + *) Prevent malformed RFC3779 data triggering an assertion failure. + Thanks to Andrew Chi, BBN Technologies, for discovering the flaw + and Rob Austein <sra@hactrn.net> for fixing it. (CVE-2011-4577) + [Rob Austein <sra@hactrn.net>] *) Fix ssl_ciph.c set-up race. [Adam Langley (Google)] diff --git a/apps/cms.c b/apps/cms.c index ee5445de29..d754140987 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -626,7 +626,7 @@ int MAIN(int argc, char **argv) BIO_printf (bio_err, "-certsout file certificate output file\n"); BIO_printf (bio_err, "-signer file signer certificate file\n"); BIO_printf (bio_err, "-recip file recipient certificate file for decryption\n"); - BIO_printf (bio_err, "-keyid use subject key identifier\n"); + BIO_printf (bio_err, "-keyid use subject key identifier\n"); BIO_printf (bio_err, "-in file input file\n"); BIO_printf (bio_err, "-inform arg input format SMIME (default), PEM or DER\n"); BIO_printf (bio_err, "-inkey file input private key (if not signer or recipient)\n"); |