Fix for "Record of death" vulnerability CVE-2010-0740.

[openssl.git] / CHANGES

diff --git a/CHANGES b/CHANGES
index 3caa7c7296fd609235012fc38a5f59e06263df56..79ef46254ff78bf912e8c1c2357ca31596747844 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,11 @@
 
  Changes between 1.0.0 and 1.1.0  [xx XXX xxxx]
 
+  *) New -sigopt option to the ca, req and x509 utilities. Additional
+     signature parameters can be passed using this option and in
+     particular PSS. 
+     [Steve Henson]
+
   *) Add RSA PSS signing function. This will generate and set the
      appropriate AlgorithmIdentifiers for PSS based on those in the
      corresponding EVP_MD_CTX structure. No application support yet.
@@ -94,7 +99,7 @@
      whose return value is often ignored. 
      [Steve Henson]
 
- Changes between 0.9.8m and 1.0.0  [25 Feb 2010]
+ Changes between 0.9.8n and 1.0.0  [xx XXX xxxx]
 
   *) Add "missing" function EVP_CIPHER_CTX_copy(). This copies a cipher
      context. The operation can be customised via the ctrl mechanism in
@@ -113,10 +118,6 @@
      it from client hello again. Don't allow server to change algorithm.
      [Steve Henson]
 
-  *) Constify crypto/cast (i.e., <openssl/cast.h>): a CAST_KEY doesn't
-     change when encrypting or decrypting.
-     [Bodo Moeller]
-
   *) Add load_crls() function to apps tidying load_certs() too. Add option
      to verify utility to allow additional CRLs to be included.
      [Steve Henson]
@@ -939,13 +940,25 @@
   *) Change 'Configure' script to enable Camellia by default.
      [NTT]
   
-   Changes between 0.9.8m and 0.9.8n [xx XXX xxxx]
-  
+ Changes between 0.9.8m and 0.9.8n [24 Mar 2010]
+
+  *) When rejecting SSL/TLS records due to an incorrect version number, never
+     update s->server with a new major version number.  As of
+     - OpenSSL 0.9.8m if 'short' is a 16-bit type,
+     - OpenSSL 0.9.8f if 'short' is longer than 16 bits,
+     the previous behavior could result in a read attempt at NULL when
+     receiving specific incorrect SSL/TLS records once record payload
+     protection is active.  (CVE-2010-####)
+     [Bodo Moeller, Adam Langley]
+
   *) Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL 
      could be crashed if the relevant tables were not present (e.g. chrooted).
      [Tomas Hoger <thoger@redhat.com>]
 
- Changes between 0.9.8l and 0.9.8m  [xx XXX xxxx]
+ Changes between 0.9.8l and 0.9.8m [25 Feb 2010]
+
+  *) Always check bn_wexpend() return values for failure.  (CVE-2009-3245)
+     [Martin Olsson, Neel Mehta]
 
   *) Fix X509_STORE locking: Every 'objs' access requires a lock (to
      accommodate for stack sorting, always a write lock!).
@@ -978,6 +991,10 @@
      CVE-2009-4355.
      [Steve Henson]
 
+  *) Constify crypto/cast (i.e., <openssl/cast.h>): a CAST_KEY doesn't
+     change when encrypting or decrypting.
+     [Bodo Moeller]
+
   *) Add option SSL_OP_LEGACY_SERVER_CONNECT which will allow clients to
      connect and renegotiate with servers which do not support RI.
      Until RI is more widely deployed this option is enabled by default.