diff options
author | nectar <nectar@FreeBSD.org> | 2002-07-30 13:38:06 +0000 |
---|---|---|
committer | nectar <nectar@FreeBSD.org> | 2002-07-30 13:38:06 +0000 |
commit | 2f13e0916590f8488178999aec4874ed5662a031 (patch) | |
tree | f3c141823975717e132c7687cf833f6378cc87d4 /crypto/openssl/CHANGES | |
parent | 0aed2eea83b351d68092e43b5a9496ce3dd5043d (diff) | |
download | FreeBSD-src-2f13e0916590f8488178999aec4874ed5662a031.zip FreeBSD-src-2f13e0916590f8488178999aec4874ed5662a031.tar.gz |
Import of OpenSSL 0.9.6e.
Diffstat (limited to 'crypto/openssl/CHANGES')
-rw-r--r-- | crypto/openssl/CHANGES | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/crypto/openssl/CHANGES b/crypto/openssl/CHANGES index 9dec277..be4d128 100644 --- a/crypto/openssl/CHANGES +++ b/crypto/openssl/CHANGES @@ -2,6 +2,58 @@ OpenSSL CHANGES _______________ + Changes between 0.9.6d and 0.9.6e [30 Jul 2002] + + *) Fix cipher selection routines: ciphers without encryption had no flags + for the cipher strength set and where therefore not handled correctly + by the selection routines (PR #130). + [Lutz Jaenicke] + + *) Fix EVP_dsa_sha macro. + [Nils Larsch] + + *) New option + SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS + for disabling the SSL 3.0/TLS 1.0 CBC vulnerability countermeasure + that was added in OpenSSL 0.9.6d. + + As the countermeasure turned out to be incompatible with some + broken SSL implementations, the new option is part of SSL_OP_ALL. + SSL_OP_ALL is usually employed when compatibility with weird SSL + implementations is desired (e.g. '-bugs' option to 's_client' and + 's_server'), so the new option is automatically set in many + applications. + [Bodo Moeller] + + *) Changes in security patch: + + Changes marked "(CHATS)" were sponsored by the Defense Advanced + Research Projects Agency (DARPA) and Air Force Research Laboratory, + Air Force Materiel Command, USAF, under agreement number + F30602-01-2-0537. + + *) Add various sanity checks to asn1_get_length() to reject + the ASN1 length bytes if they exceed sizeof(long), will appear + negative or the content length exceeds the length of the + supplied buffer. + [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>] + + *) Assertions for various potential buffer overflows, not known to + happen in practice. + [Ben Laurie (CHATS)] + + *) Various temporary buffers to hold ASCII versions of integers were + too small for 64 bit platforms. (CAN-2002-0655) + [Matthew Byng-Maddick <mbm@aldigital.co.uk> and Ben Laurie (CHATS)> + + *) Remote buffer overflow in SSL3 protocol - an attacker could + supply an oversized session ID to a client. (CAN-2002-0656) + [Ben Laurie (CHATS)] + + *) Remote buffer overflow in SSL2 protocol - an attacker could + supply an oversized client master key. (CAN-2002-0656) + [Ben Laurie (CHATS)] + Changes between 0.9.6c and 0.9.6d [9 May 2002] *) Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not |