diff options
author | Richard Levitte <levitte@openssl.org> | 2003-02-19 15:04:16 +0300 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2003-02-19 15:04:16 +0300 |
commit | 352df993024ae471c051397d0c41486cbd5ff19e (patch) | |
tree | a9a663cf7cb1d535fb3fd9c620fa3390276db2c1 /CHANGES | |
parent | a3063b37ef4cf703848e71bf9b0eab82ae451f6f (diff) |
Security fix: Vaudenay timing attack on CBC.
An advisory will be posted to the web. Expect a release within the hour.
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 24 |
1 files changed, 23 insertions, 1 deletions
@@ -2,7 +2,17 @@ OpenSSL CHANGES _______________ - Changes between 0.9.7 and 0.9.7a [XX xxx 2003] + Changes between 0.9.7 and 0.9.7a [19 Feb 2003] + + *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked + via timing by performing a MAC computation even if incorrrect + block cipher padding has been found. This is a countermeasure + against active attacks where the attacker has to distinguish + between bad padding and a MAC verification error. (CAN-2003-0078) + + [Bodo Moeller; problem pointed out by Brice Canvel (EPFL), + Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and + Martin Vuagnoux (EPFL, Ilion)] *) Make the no-err option work as intended. The intention with no-err is not to have the whole error stack handling routines removed from @@ -1893,6 +1903,18 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Clean old EAY MD5 hack from e_os.h. [Richard Levitte] + Changes between 0.9.6h and 0.9.6i [19 Feb 2003] + + *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked + via timing by performing a MAC computation even if incorrrect + block cipher padding has been found. This is a countermeasure + against active attacks where the attacker has to distinguish + between bad padding and a MAC verification error. (CAN-2003-0078) + + [Bodo Moeller; problem pointed out by Brice Canvel (EPFL), + Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and + Martin Vuagnoux (EPFL, Ilion)] + Changes between 0.9.6g and 0.9.6h [5 Dec 2002] *) New function OPENSSL_cleanse(), which is used to cleanse a section of |