From: Dr. Stephen Henson Date: Mon, 29 Sep 2014 11:06:27 +0000 (+0100) Subject: Add additional explanation to CHANGES entry. X-Git-Tag: master-post-reformat~357 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=7c4776251e283db7bdaeb416f1d99b78cd622e7a;p=oweals%2Fopenssl.git Add additional explanation to CHANGES entry. Reviewed-by: Tim Hudson --- diff --git a/CHANGES b/CHANGES index 19c9f9c519..e53d186ce2 100644 --- a/CHANGES +++ b/CHANGES @@ -625,18 +625,20 @@ X509_CINF_set_modified, X509_CINF_get_issuer, X509_CINF_get_extensions and X509_CINF_get_signature were reverted post internal team review. - Changes between 1.0.1g and 1.0.1h [5 Jun 2014] + Changes between 1.0.1i and 1.0.1j [xx XXX xxxx] *) Add additional DigestInfo checks. - Reencode DigestInto in DER and check against the original: this - will reject any improperly encoded DigestInfo structures. + Reencode DigestInto in DER and check against the original when + verifying RSA signature: this will reject any improperly encoded + DigestInfo structures. - Note: this is a precautionary measure OpenSSL and no attacks - are currently known. + Note: this is a precautionary measure and no attacks are currently known. [Steve Henson] + Changes between 1.0.1g and 1.0.1h [5 Jun 2014] + *) Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers.