diff options
author | Jung-uk Kim <jkim@FreeBSD.org> | 2020-04-21 19:07:46 +0000 |
---|---|---|
committer | Jung-uk Kim <jkim@FreeBSD.org> | 2020-04-21 19:07:46 +0000 |
commit | 65aa3028e51cba07879f3dc4608949c5c6b9fcc0 (patch) | |
tree | 310ff0dc688f5f84a478a310752abb888ac68e4e /CHANGES | |
parent | b6cfecdc04a5a5e42ae4f2b025d8246cc16f3342 (diff) | |
download | src-65aa3028e51cba07879f3dc4608949c5c6b9fcc0.tar.gz src-65aa3028e51cba07879f3dc4608949c5c6b9fcc0.zip |
Import OpenSSL 1.1.1g.vendor/openssl/1.1.1g
Notes
Notes:
svn path=/vendor-crypto/openssl/dist/; revision=360173
svn path=/vendor-crypto/openssl/1.1.1g/; revision=360174; tag=vendor/openssl/1.1.1g
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 21 |
1 files changed, 21 insertions, 0 deletions
@@ -7,6 +7,27 @@ https://github.com/openssl/openssl/commits/ and pick the appropriate release branch. + Changes between 1.1.1f and 1.1.1g [21 Apr 2020] + + *) Fixed segmentation fault in SSL_check_chain() + Server or client applications that call the SSL_check_chain() function + during or after a TLS 1.3 handshake may crash due to a NULL pointer + dereference as a result of incorrect handling of the + "signature_algorithms_cert" TLS extension. The crash occurs if an invalid + or unrecognised signature algorithm is received from the peer. This could + be exploited by a malicious peer in a Denial of Service attack. + (CVE-2020-1967) + [Benjamin Kaduk] + + *) Added AES consttime code for no-asm configurations + an optional constant time support for AES was added + when building openssl for no-asm. + Enable with: ./config no-asm -DOPENSSL_AES_CONST_TIME + Disable with: ./config no-asm -DOPENSSL_NO_AES_CONST_TIME + At this time this feature is by default disabled. + It will be enabled by default in 3.0. + [Bernd Edlinger] + Changes between 1.1.1e and 1.1.1f [31 Mar 2020] *) Revert the change of EOF detection while reading in libssl to avoid |