Loading CHANGES +16 −16 Original line number Original line Diff line number Diff line Loading @@ -51,7 +51,7 @@ (part of SSL_OP_ALL). This option used to disable the (part of SSL_OP_ALL). This option used to disable the countermeasure against man-in-the-middle protocol-version countermeasure against man-in-the-middle protocol-version rollback in the SSL 2.0 server implementation, which is a bad rollback in the SSL 2.0 server implementation, which is a bad idea. (CAN-2005-2969) idea. (CVE-2005-2969) [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center for Information Security, National Institute of Advanced Industrial for Information Security, National Institute of Advanced Industrial Loading Loading @@ -916,7 +916,7 @@ (part of SSL_OP_ALL). This option used to disable the (part of SSL_OP_ALL). This option used to disable the countermeasure against man-in-the-middle protocol-version countermeasure against man-in-the-middle protocol-version rollback in the SSL 2.0 server implementation, which is a bad rollback in the SSL 2.0 server implementation, which is a bad idea. (CAN-2005-2969) idea. (CVE-2005-2969) [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center for Information Security, National Institute of Advanced Industrial for Information Security, National Institute of Advanced Industrial Loading Loading @@ -1078,11 +1078,11 @@ Changes between 0.9.7c and 0.9.7d [17 Mar 2004] Changes between 0.9.7c and 0.9.7d [17 Mar 2004] *) Fix null-pointer assignment in do_change_cipher_spec() revealed *) Fix null-pointer assignment in do_change_cipher_spec() revealed by using the Codenomicon TLS Test Tool (CAN-2004-0079) by using the Codenomicon TLS Test Tool (CVE-2004-0079) [Joe Orton, Steve Henson] [Joe Orton, Steve Henson] *) Fix flaw in SSL/TLS handshaking when using Kerberos ciphersuites *) Fix flaw in SSL/TLS handshaking when using Kerberos ciphersuites (CAN-2004-0112) (CVE-2004-0112) [Joe Orton, Steve Henson] [Joe Orton, Steve Henson] *) Make it possible to have multiple active certificates with the same *) Make it possible to have multiple active certificates with the same Loading Loading @@ -1125,9 +1125,9 @@ *) Fix various bugs revealed by running the NISCC test suite: *) Fix various bugs revealed by running the NISCC test suite: Stop out of bounds reads in the ASN1 code when presented with Stop out of bounds reads in the ASN1 code when presented with invalid tags (CAN-2003-0543 and CAN-2003-0544). invalid tags (CVE-2003-0543 and CVE-2003-0544). Free up ASN1_TYPE correctly if ANY type is invalid (CAN-2003-0545). Free up ASN1_TYPE correctly if ANY type is invalid (CVE-2003-0545). If verify callback ignores invalid public key errors don't try to check If verify callback ignores invalid public key errors don't try to check certificate signature with the NULL public key. certificate signature with the NULL public key. Loading Loading @@ -1212,7 +1212,7 @@ via timing by performing a MAC computation even if incorrrect via timing by performing a MAC computation even if incorrrect block cipher padding has been found. This is a countermeasure block cipher padding has been found. This is a countermeasure against active attacks where the attacker has to distinguish against active attacks where the attacker has to distinguish between bad padding and a MAC verification error. (CAN-2003-0078) between bad padding and a MAC verification error. (CVE-2003-0078) [Bodo Moeller; problem pointed out by Brice Canvel (EPFL), [Bodo Moeller; problem pointed out by Brice Canvel (EPFL), Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and Loading Loading @@ -1429,7 +1429,7 @@ Remote buffer overflow in SSL3 protocol - an attacker could Remote buffer overflow in SSL3 protocol - an attacker could supply an oversized master key in Kerberos-enabled versions. supply an oversized master key in Kerberos-enabled versions. (CAN-2002-0657) (CVE-2002-0657) [Ben Laurie (CHATS)] [Ben Laurie (CHATS)] *) Change the SSL kerb5 codes to match RFC 2712. *) Change the SSL kerb5 codes to match RFC 2712. Loading Loading @@ -3113,7 +3113,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k Changes between 0.9.6l and 0.9.6m [17 Mar 2004] Changes between 0.9.6l and 0.9.6m [17 Mar 2004] *) Fix null-pointer assignment in do_change_cipher_spec() revealed *) Fix null-pointer assignment in do_change_cipher_spec() revealed by using the Codenomicon TLS Test Tool (CAN-2004-0079) by using the Codenomicon TLS Test Tool (CVE-2004-0079) [Joe Orton, Steve Henson] [Joe Orton, Steve Henson] Changes between 0.9.6k and 0.9.6l [04 Nov 2003] Changes between 0.9.6k and 0.9.6l [04 Nov 2003] Loading @@ -3121,7 +3121,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Fix additional bug revealed by the NISCC test suite: *) Fix additional bug revealed by the NISCC test suite: Stop bug triggering large recursion when presented with Stop bug triggering large recursion when presented with certain ASN.1 tags (CAN-2003-0851) certain ASN.1 tags (CVE-2003-0851) [Steve Henson] [Steve Henson] Changes between 0.9.6j and 0.9.6k [30 Sep 2003] Changes between 0.9.6j and 0.9.6k [30 Sep 2003] Loading @@ -3129,7 +3129,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Fix various bugs revealed by running the NISCC test suite: *) Fix various bugs revealed by running the NISCC test suite: Stop out of bounds reads in the ASN1 code when presented with Stop out of bounds reads in the ASN1 code when presented with invalid tags (CAN-2003-0543 and CAN-2003-0544). invalid tags (CVE-2003-0543 and CVE-2003-0544). If verify callback ignores invalid public key errors don't try to check If verify callback ignores invalid public key errors don't try to check certificate signature with the NULL public key. certificate signature with the NULL public key. Loading Loading @@ -3181,7 +3181,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k via timing by performing a MAC computation even if incorrrect via timing by performing a MAC computation even if incorrrect block cipher padding has been found. This is a countermeasure block cipher padding has been found. This is a countermeasure against active attacks where the attacker has to distinguish against active attacks where the attacker has to distinguish between bad padding and a MAC verification error. (CAN-2003-0078) between bad padding and a MAC verification error. (CVE-2003-0078) [Bodo Moeller; problem pointed out by Brice Canvel (EPFL), [Bodo Moeller; problem pointed out by Brice Canvel (EPFL), Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and Loading Loading @@ -3314,7 +3314,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Add various sanity checks to asn1_get_length() to reject *) Add various sanity checks to asn1_get_length() to reject the ASN1 length bytes if they exceed sizeof(long), will appear the ASN1 length bytes if they exceed sizeof(long), will appear negative or the content length exceeds the length of the negative or the content length exceeds the length of the supplied buffer. (CAN-2002-0659) supplied buffer. (CVE-2002-0659) [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>] [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>] *) Assertions for various potential buffer overflows, not known to *) Assertions for various potential buffer overflows, not known to Loading @@ -3322,15 +3322,15 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Ben Laurie (CHATS)] [Ben Laurie (CHATS)] *) Various temporary buffers to hold ASCII versions of integers were *) Various temporary buffers to hold ASCII versions of integers were too small for 64 bit platforms. (CAN-2002-0655) too small for 64 bit platforms. (CVE-2002-0655) [Matthew Byng-Maddick <mbm@aldigital.co.uk> and Ben Laurie (CHATS)> [Matthew Byng-Maddick <mbm@aldigital.co.uk> and Ben Laurie (CHATS)> *) Remote buffer overflow in SSL3 protocol - an attacker could *) Remote buffer overflow in SSL3 protocol - an attacker could supply an oversized session ID to a client. (CAN-2002-0656) supply an oversized session ID to a client. (CVE-2002-0656) [Ben Laurie (CHATS)] [Ben Laurie (CHATS)] *) Remote buffer overflow in SSL2 protocol - an attacker could *) Remote buffer overflow in SSL2 protocol - an attacker could supply an oversized client master key. (CAN-2002-0656) supply an oversized client master key. (CVE-2002-0656) [Ben Laurie (CHATS)] [Ben Laurie (CHATS)] Changes between 0.9.6c and 0.9.6d [9 May 2002] Changes between 0.9.6c and 0.9.6d [9 May 2002] Loading Loading
CHANGES +16 −16 Original line number Original line Diff line number Diff line Loading @@ -51,7 +51,7 @@ (part of SSL_OP_ALL). This option used to disable the (part of SSL_OP_ALL). This option used to disable the countermeasure against man-in-the-middle protocol-version countermeasure against man-in-the-middle protocol-version rollback in the SSL 2.0 server implementation, which is a bad rollback in the SSL 2.0 server implementation, which is a bad idea. (CAN-2005-2969) idea. (CVE-2005-2969) [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center for Information Security, National Institute of Advanced Industrial for Information Security, National Institute of Advanced Industrial Loading Loading @@ -916,7 +916,7 @@ (part of SSL_OP_ALL). This option used to disable the (part of SSL_OP_ALL). This option used to disable the countermeasure against man-in-the-middle protocol-version countermeasure against man-in-the-middle protocol-version rollback in the SSL 2.0 server implementation, which is a bad rollback in the SSL 2.0 server implementation, which is a bad idea. (CAN-2005-2969) idea. (CVE-2005-2969) [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center for Information Security, National Institute of Advanced Industrial for Information Security, National Institute of Advanced Industrial Loading Loading @@ -1078,11 +1078,11 @@ Changes between 0.9.7c and 0.9.7d [17 Mar 2004] Changes between 0.9.7c and 0.9.7d [17 Mar 2004] *) Fix null-pointer assignment in do_change_cipher_spec() revealed *) Fix null-pointer assignment in do_change_cipher_spec() revealed by using the Codenomicon TLS Test Tool (CAN-2004-0079) by using the Codenomicon TLS Test Tool (CVE-2004-0079) [Joe Orton, Steve Henson] [Joe Orton, Steve Henson] *) Fix flaw in SSL/TLS handshaking when using Kerberos ciphersuites *) Fix flaw in SSL/TLS handshaking when using Kerberos ciphersuites (CAN-2004-0112) (CVE-2004-0112) [Joe Orton, Steve Henson] [Joe Orton, Steve Henson] *) Make it possible to have multiple active certificates with the same *) Make it possible to have multiple active certificates with the same Loading Loading @@ -1125,9 +1125,9 @@ *) Fix various bugs revealed by running the NISCC test suite: *) Fix various bugs revealed by running the NISCC test suite: Stop out of bounds reads in the ASN1 code when presented with Stop out of bounds reads in the ASN1 code when presented with invalid tags (CAN-2003-0543 and CAN-2003-0544). invalid tags (CVE-2003-0543 and CVE-2003-0544). Free up ASN1_TYPE correctly if ANY type is invalid (CAN-2003-0545). Free up ASN1_TYPE correctly if ANY type is invalid (CVE-2003-0545). If verify callback ignores invalid public key errors don't try to check If verify callback ignores invalid public key errors don't try to check certificate signature with the NULL public key. certificate signature with the NULL public key. Loading Loading @@ -1212,7 +1212,7 @@ via timing by performing a MAC computation even if incorrrect via timing by performing a MAC computation even if incorrrect block cipher padding has been found. This is a countermeasure block cipher padding has been found. This is a countermeasure against active attacks where the attacker has to distinguish against active attacks where the attacker has to distinguish between bad padding and a MAC verification error. (CAN-2003-0078) between bad padding and a MAC verification error. (CVE-2003-0078) [Bodo Moeller; problem pointed out by Brice Canvel (EPFL), [Bodo Moeller; problem pointed out by Brice Canvel (EPFL), Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and Loading Loading @@ -1429,7 +1429,7 @@ Remote buffer overflow in SSL3 protocol - an attacker could Remote buffer overflow in SSL3 protocol - an attacker could supply an oversized master key in Kerberos-enabled versions. supply an oversized master key in Kerberos-enabled versions. (CAN-2002-0657) (CVE-2002-0657) [Ben Laurie (CHATS)] [Ben Laurie (CHATS)] *) Change the SSL kerb5 codes to match RFC 2712. *) Change the SSL kerb5 codes to match RFC 2712. Loading Loading @@ -3113,7 +3113,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k Changes between 0.9.6l and 0.9.6m [17 Mar 2004] Changes between 0.9.6l and 0.9.6m [17 Mar 2004] *) Fix null-pointer assignment in do_change_cipher_spec() revealed *) Fix null-pointer assignment in do_change_cipher_spec() revealed by using the Codenomicon TLS Test Tool (CAN-2004-0079) by using the Codenomicon TLS Test Tool (CVE-2004-0079) [Joe Orton, Steve Henson] [Joe Orton, Steve Henson] Changes between 0.9.6k and 0.9.6l [04 Nov 2003] Changes between 0.9.6k and 0.9.6l [04 Nov 2003] Loading @@ -3121,7 +3121,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Fix additional bug revealed by the NISCC test suite: *) Fix additional bug revealed by the NISCC test suite: Stop bug triggering large recursion when presented with Stop bug triggering large recursion when presented with certain ASN.1 tags (CAN-2003-0851) certain ASN.1 tags (CVE-2003-0851) [Steve Henson] [Steve Henson] Changes between 0.9.6j and 0.9.6k [30 Sep 2003] Changes between 0.9.6j and 0.9.6k [30 Sep 2003] Loading @@ -3129,7 +3129,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Fix various bugs revealed by running the NISCC test suite: *) Fix various bugs revealed by running the NISCC test suite: Stop out of bounds reads in the ASN1 code when presented with Stop out of bounds reads in the ASN1 code when presented with invalid tags (CAN-2003-0543 and CAN-2003-0544). invalid tags (CVE-2003-0543 and CVE-2003-0544). If verify callback ignores invalid public key errors don't try to check If verify callback ignores invalid public key errors don't try to check certificate signature with the NULL public key. certificate signature with the NULL public key. Loading Loading @@ -3181,7 +3181,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k via timing by performing a MAC computation even if incorrrect via timing by performing a MAC computation even if incorrrect block cipher padding has been found. This is a countermeasure block cipher padding has been found. This is a countermeasure against active attacks where the attacker has to distinguish against active attacks where the attacker has to distinguish between bad padding and a MAC verification error. (CAN-2003-0078) between bad padding and a MAC verification error. (CVE-2003-0078) [Bodo Moeller; problem pointed out by Brice Canvel (EPFL), [Bodo Moeller; problem pointed out by Brice Canvel (EPFL), Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and Loading Loading @@ -3314,7 +3314,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Add various sanity checks to asn1_get_length() to reject *) Add various sanity checks to asn1_get_length() to reject the ASN1 length bytes if they exceed sizeof(long), will appear the ASN1 length bytes if they exceed sizeof(long), will appear negative or the content length exceeds the length of the negative or the content length exceeds the length of the supplied buffer. (CAN-2002-0659) supplied buffer. (CVE-2002-0659) [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>] [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>] *) Assertions for various potential buffer overflows, not known to *) Assertions for various potential buffer overflows, not known to Loading @@ -3322,15 +3322,15 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Ben Laurie (CHATS)] [Ben Laurie (CHATS)] *) Various temporary buffers to hold ASCII versions of integers were *) Various temporary buffers to hold ASCII versions of integers were too small for 64 bit platforms. (CAN-2002-0655) too small for 64 bit platforms. (CVE-2002-0655) [Matthew Byng-Maddick <mbm@aldigital.co.uk> and Ben Laurie (CHATS)> [Matthew Byng-Maddick <mbm@aldigital.co.uk> and Ben Laurie (CHATS)> *) Remote buffer overflow in SSL3 protocol - an attacker could *) Remote buffer overflow in SSL3 protocol - an attacker could supply an oversized session ID to a client. (CAN-2002-0656) supply an oversized session ID to a client. (CVE-2002-0656) [Ben Laurie (CHATS)] [Ben Laurie (CHATS)] *) Remote buffer overflow in SSL2 protocol - an attacker could *) Remote buffer overflow in SSL2 protocol - an attacker could supply an oversized client master key. (CAN-2002-0656) supply an oversized client master key. (CVE-2002-0656) [Ben Laurie (CHATS)] [Ben Laurie (CHATS)] Changes between 0.9.6c and 0.9.6d [9 May 2002] Changes between 0.9.6c and 0.9.6d [9 May 2002] Loading
