Loading CHANGES +22 −2 Original line number Diff line number Diff line Loading @@ -282,7 +282,16 @@ whose return value is often ignored. [Steve Henson] Changes between 1.0.0f and 1.0.1 [xx XXX xxxx] Changes between 1.0.1 and 1.0.1a [xx XXX xxxx] *) Fix SEGV in Vector Permutation AES module observed in OpenSSH. [Andy Polyakov] Changes between 1.0.0h and 1.0.1 [14 Mar 2012] *) Add compatibility with old MDC2 signatures which use an ASN1 OCTET STRING form instead of a DigestInfo. [Steve Henson] *) The format used for MDC2 RSA signatures is inconsistent between EVP and the RSA_sign/RSA_verify functions. This was made more apparent when Loading Loading @@ -565,7 +574,18 @@ Add command line options to s_client/s_server. [Steve Henson] Changes between 1.0.0g and 1.0.0h [xx XXX xxxx] Changes between 1.0.0g and 1.0.0h [12 Mar 2012] *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness in CMS and PKCS7 code. When RSA decryption fails use a random key for content decryption and always return the same error. Note: this attack needs on average 2^20 messages so it only affects automated senders. The old behaviour can be reenabled in the CMS code by setting the CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where an MMA defence is not necessary. Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering this issue. (CVE-2012-0884) [Steve Henson] *) Fix CVE-2011-4619: make sure we really are receiving a client hello before rejecting multiple SGC restarts. Thanks to Loading Loading
CHANGES +22 −2 Original line number Diff line number Diff line Loading @@ -282,7 +282,16 @@ whose return value is often ignored. [Steve Henson] Changes between 1.0.0f and 1.0.1 [xx XXX xxxx] Changes between 1.0.1 and 1.0.1a [xx XXX xxxx] *) Fix SEGV in Vector Permutation AES module observed in OpenSSH. [Andy Polyakov] Changes between 1.0.0h and 1.0.1 [14 Mar 2012] *) Add compatibility with old MDC2 signatures which use an ASN1 OCTET STRING form instead of a DigestInfo. [Steve Henson] *) The format used for MDC2 RSA signatures is inconsistent between EVP and the RSA_sign/RSA_verify functions. This was made more apparent when Loading Loading @@ -565,7 +574,18 @@ Add command line options to s_client/s_server. [Steve Henson] Changes between 1.0.0g and 1.0.0h [xx XXX xxxx] Changes between 1.0.0g and 1.0.0h [12 Mar 2012] *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness in CMS and PKCS7 code. When RSA decryption fails use a random key for content decryption and always return the same error. Note: this attack needs on average 2^20 messages so it only affects automated senders. The old behaviour can be reenabled in the CMS code by setting the CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where an MMA defence is not necessary. Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering this issue. (CVE-2012-0884) [Steve Henson] *) Fix CVE-2011-4619: make sure we really are receiving a client hello before rejecting multiple SGC restarts. Thanks to Loading
