Update for 0.9.8s and 1.0.0f, and for 1.0.1 branch.

(While the 1.0.0f CHANGES entry on VOS PRNG seeding was missing in HEAD, the actual code is here already.)

Update for 0.9.8s and 1.0.0f, and for 1.0.1 branch.
(While the 1.0.0f CHANGES entry on VOS PRNG seeding was missing in HEAD, the actual code is here already.)
8e855452 · Bodo Möller · 6620bf34 · 8e855452
隐藏空白更改
内联并排

Showing with 35 addition and 6 deletion

CHANGES CHANGES +35 -6

未找到文件。
--- a/CHANGES
+++ b/CHANGES
@@ -279,9 +279,6 @@
     (removal of unnecessary code)
     [Peter Sylvester <peter.sylvester@edelweb.fr>]

-  *) Add -attime option to openssl utilities.
-     [Peter Eckersley <pde@eff.org>, Ben Laurie and Steve Henson]
-
  *) Add TLS key material exporter from RFC 5705.
     [Eric Rescorla]

@@ -407,8 +404,8 @@
     keep original code iff non-FIPS operations are allowed.
     [Steve Henson]

-  *) Add -attime option to openssl verify.
-     [Peter Eckersley <pde@eff.org> and Ben Laurie]
+  *) Add -attime option to openssl utilities.
+     [Peter Eckersley <pde@eff.org>, Ben Laurie and Steve Henson]

  *) Redirect DSA and DH operations to FIPS module in FIPS mode.
     [Steve Henson]
@@ -552,6 +549,9 @@
     and Rob Austein <sra@hactrn.net> for fixing it. (CVE-2011-4577)
     [Rob Austein <sra@hactrn.net>]

+  *) Improved PRNG seeding for VOS.
+     [Paul Green <Paul.Green@stratus.com>]
+
  *) Fix ssl_ciph.c set-up race.
     [Adam Langley (Google)]

@@ -1480,7 +1480,36 @@
  *) Change 'Configure' script to enable Camellia by default.
     [NTT]
  
- Changes between 0.9.8r and 0.9.8s [xx XXX xxxx]
+ Changes between 0.9.8r and 0.9.8s [4 Jan 2012]
+
+  *) Nadhem Alfardan and Kenny Paterson have discovered an extension
+     of the Vaudenay padding oracle attack on CBC mode encryption
+     which enables an efficient plaintext recovery attack against
+     the OpenSSL implementation of DTLS. Their attack exploits timing
+     differences arising during decryption processing. A research
+     paper describing this attack can be found at:
+                  http://www.isg.rhul.ac.uk/~kp/dtls.pdf
+     Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
+     Security Group at Royal Holloway, University of London
+     (www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann
+     <seggelmann@fh-muenster.de> and Michael Tuexen <tuexen@fh-muenster.de>
+     for preparing the fix. (CVE-2011-4108)
+     [Robin Seggelmann, Michael Tuexen]
+
+  *) Stop policy check failure freeing same buffer twice. (CVE-2011-4109)
+     [Ben Laurie, Kasper <ekasper@google.com>]
+
+  *) Clear bytes used for block padding of SSL 3.0 records.
+     (CVE-2011-4576)
+     [Adam Langley (Google)]
+
+  *) Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619)
+     [Adam Langley (Google)]
+ 
+  *) Prevent malformed RFC3779 data triggering an assertion failure.
+     Thanks to Andrew Chi, BBN Technologies, for discovering the flaw
+     and Rob Austein <sra@hactrn.net> for fixing it. (CVE-2011-4577)
+     [Rob Austein <sra@hactrn.net>]

  *) Fix ssl_ciph.c set-up race.
     [Adam Langley (Google)]