projects / oweals / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
AES CTR-DRGB: performance improvement
[oweals/openssl.git] / CHANGES
diff --git a/CHANGES b/CHANGES
index 6239fa41390a844f3686fafbae78a7cac37e1582..228408d9f053a7d6e84cc3b5a1a2c779168d4d98 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -7,7 +7,21 @@
  https://github.com/openssl/openssl/commits/ and pick the appropriate
  release branch.
 
- Changes between 1.1.1f and 1.1.1g [xx XXX xxxx]
+ Changes between 1.1.1g and 1.1.1h [xx XXX xxxx]
+
+  *)
+
+ Changes between 1.1.1f and 1.1.1g [21 Apr 2020]
+
+  *) Fixed segmentation fault in SSL_check_chain()
+     Server or client applications that call the SSL_check_chain() function
+     during or after a TLS 1.3 handshake may crash due to a NULL pointer
+     dereference as a result of incorrect handling of the
+     "signature_algorithms_cert" TLS extension. The crash occurs if an invalid
+     or unrecognised signature algorithm is received from the peer. This could
+     be exploited by a malicious peer in a Denial of Service attack.
+     (CVE-2020-1967)
+     [Benjamin Kaduk]
 
   *) Added AES consttime code for no-asm configurations
      an optional constant time support for AES was added
Unnamed repository; edit this file 'description' to name the repository.