diff options
author | Andy Polyakov <appro@openssl.org> | 2012-03-31 18:55:41 +0000 |
---|---|---|
committer | Andy Polyakov <appro@openssl.org> | 2012-03-31 18:55:41 +0000 |
commit | d2f950c9843d9c5e30fd13d495f75561fd1512ea (patch) | |
tree | 30fe0aac79a61bd195f9bb2aab441e17f30e9a22 /CHANGES | |
parent | 63e8f167370880504e27ec8773641f4c5196e9f8 (diff) |
CHANGES: mention vpaes fix and harmonize with 1.0.0.
PR: 2775
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 18 |
1 files changed, 17 insertions, 1 deletions
@@ -6,6 +6,11 @@ *) + Changes between 1.0.1 and 1.0.1a [xx XXX xxxx] + + *) Fix SEGV in Vector Permutation AES module observed in OpenSSH. + [Andy Polyakov] + Changes between 1.0.0h and 1.0.1 [14 Mar 2012] *) Add compatibility with old MDC2 signatures which use an ASN1 OCTET @@ -289,7 +294,18 @@ Add command line options to s_client/s_server. [Steve Henson] - Changes between 1.0.0g and 1.0.0h [xx XXX xxxx] + Changes between 1.0.0g and 1.0.0h [12 Mar 2012] + + *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness + in CMS and PKCS7 code. When RSA decryption fails use a random key for + content decryption and always return the same error. Note: this attack + needs on average 2^20 messages so it only affects automated senders. The + old behaviour can be reenabled in the CMS code by setting the + CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where + an MMA defence is not necessary. + Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering + this issue. (CVE-2012-0884) + [Steve Henson] *) Fix CVE-2011-4619: make sure we really are receiving a client hello before rejecting multiple SGC restarts. Thanks to |