Commit 8e855452 authored by Bodo Möller's avatar Bodo Möller
Browse files

Update for 0.9.8s and 1.0.0f, and for 1.0.1 branch. 

(While the 1.0.0f CHANGES entry on VOS PRNG seeding was missing
in HEAD, the actual code is here already.)
parent 6620bf34

CHANGES

+35 −6
Original line number Diff line number Diff line
@@ -279,9 +279,6 @@ 
     (removal of unnecessary code)

     [Peter Sylvester <peter.sylvester@edelweb.fr>]



  *) Add -attime option to openssl utilities.

     [Peter Eckersley <pde@eff.org>, Ben Laurie and Steve Henson]



  *) Add TLS key material exporter from RFC 5705.

     [Eric Rescorla]
@@ -407,8 +404,8 @@ 
     keep original code iff non-FIPS operations are allowed.

     [Steve Henson]



  *) Add -attime option to openssl verify.

     [Peter Eckersley <pde@eff.org> and Ben Laurie]

  *) Add -attime option to openssl utilities.

     [Peter Eckersley <pde@eff.org>, Ben Laurie and Steve Henson]



  *) Redirect DSA and DH operations to FIPS module in FIPS mode.

     [Steve Henson]
@@ -552,6 +549,9 @@ 
     and Rob Austein <sra@hactrn.net> for fixing it. (CVE-2011-4577)

     [Rob Austein <sra@hactrn.net>]



  *) Improved PRNG seeding for VOS.

     [Paul Green <Paul.Green@stratus.com>]



  *) Fix ssl_ciph.c set-up race.

     [Adam Langley (Google)]
@@ -1480,7 +1480,36 @@ 
  *) Change 'Configure' script to enable Camellia by default.

     [NTT]

  

 Changes between 0.9.8r and 0.9.8s [xx XXX xxxx]

 Changes between 0.9.8r and 0.9.8s [4 Jan 2012]



  *) Nadhem Alfardan and Kenny Paterson have discovered an extension

     of the Vaudenay padding oracle attack on CBC mode encryption

     which enables an efficient plaintext recovery attack against

     the OpenSSL implementation of DTLS. Their attack exploits timing

     differences arising during decryption processing. A research

     paper describing this attack can be found at:

                  http://www.isg.rhul.ac.uk/~kp/dtls.pdf

     Thanks go to Nadhem Alfardan and Kenny Paterson of the Information

     Security Group at Royal Holloway, University of London

     (www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann

     <seggelmann@fh-muenster.de> and Michael Tuexen <tuexen@fh-muenster.de>

     for preparing the fix. (CVE-2011-4108)

     [Robin Seggelmann, Michael Tuexen]



  *) Stop policy check failure freeing same buffer twice. (CVE-2011-4109)

     [Ben Laurie, Kasper <ekasper@google.com>]



  *) Clear bytes used for block padding of SSL 3.0 records.

     (CVE-2011-4576)

     [Adam Langley (Google)]



  *) Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619)

     [Adam Langley (Google)]

 

  *) Prevent malformed RFC3779 data triggering an assertion failure.

     Thanks to Andrew Chi, BBN Technologies, for discovering the flaw

     and Rob Austein <sra@hactrn.net> for fixing it. (CVE-2011-4577)

     [Rob Austein <sra@hactrn.net>]



  *) Fix ssl_ciph.c set-up race.

     [Adam Langley (Google)]