diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2014-09-25 23:28:48 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2014-09-29 12:01:05 +0100 |
commit | 1cfd255c9123cdb4637cc9a65c6665fe4a06c6d5 (patch) | |
tree | 86e26adccb01a6f970de107123649ea51c055d91 /CHANGES | |
parent | 3d81ec5b92e1141762eb72caf2aeb9b2cd019a78 (diff) |
Add additional DigestInfo checks.
Reencode DigestInto in DER and check against the original: this
will reject any improperly encoded DigestInfo structures.
Note: this is a precautionary measure, there is no known attack
which can exploit this.
Thanks to Brian Smith for reporting this issue.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 10 |
1 files changed, 10 insertions, 0 deletions
@@ -627,6 +627,16 @@ Changes between 1.0.1g and 1.0.1h [5 Jun 2014] + *) Add additional DigestInfo checks. + + Reencode DigestInto in DER and check against the original: this + will reject any improperly encoded DigestInfo structures. + + Note: this is a precautionary measure OpenSSL and no attacks + are currently known. + + [Steve Henson] + *) Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. |